| ▲ | lorislab 4 hours ago | ||||||||||||||||||||||||||||||||||||||||
The interesting part is not really the existence of a machine identifier. Almost every modern OS has some equivalent. The bigger question is the boundary: which components can access it, and when does a local identifier become a remote tracking identifier? A machine-id sitting on disk is very different from an OS vendor correlating it with network activity. | |||||||||||||||||||||||||||||||||||||||||
| ▲ | J-Kuhn an hour ago | parent | next [-] | ||||||||||||||||||||||||||||||||||||||||
Systemd (part of many major linux distributions) has for example machine-id[1], readable by anyone on the machine under /etc/machine-id. [1]: https://www.freedesktop.org/software/systemd/man/latest/mach... | |||||||||||||||||||||||||||||||||||||||||
| ▲ | dlenski 37 minutes ago | parent | prev | next [-] | ||||||||||||||||||||||||||||||||||||||||
Yeah, this is what's glaringly missing from the article. Exactly how does Microsoft's device identifier get associated with the ngrok session (normally initiated via its closed-source CLI)? I can't tell from the article whether Microsoft is doing something underhanded to inject its device identifiers into network traffic, or whether the ngrok client software (again, closed-source!) grabbed the device identifier… and might well do the same on any other OS, using /etc/machine-id on Linux for example. Since ngrok uses a "freemium" model, it wouldn't surprise me at all if its clients send machine IDs to try to catch users trying to get around its free limits. | |||||||||||||||||||||||||||||||||||||||||
| ▲ | Bender 23 minutes ago | parent | prev | next [-] | ||||||||||||||||||||||||||||||||||||||||
Adding another example of this is the NetworkID in about:networking#networkid in Firefox. There was a point in time that cause some controversy. Every AI has the wrong information about it's origin and use. | |||||||||||||||||||||||||||||||||||||||||
| ▲ | llm_nerd 2 hours ago | parent | prev [-] | ||||||||||||||||||||||||||||||||||||||||
This is the part that isn't clear and is by far the most interesting. At what stage and what point did the GDID get correlated with a tool/web request. As is it almost sounds like Microsoft "telemetry" gathers everything and they did a bulk search for certain activity, pulling the GDID and correlating it with a user. | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||