Remix.run Logo
dlenski an hour ago

Yeah, this is what's glaringly missing from the article.

Exactly how does Microsoft's device identifier get associated with the ngrok session (normally initiated via its closed-source CLI)?

I can't tell from the article whether Microsoft is doing something underhanded to inject its device identifiers into network traffic, or whether the ngrok client software (again, closed-source!) grabbed the device identifier… and might well do the same on any other OS, using /etc/machine-id on Linux for example.

Since ngrok uses a "freemium" model, it wouldn't surprise me at all if its clients send machine IDs to try to catch users trying to get around its free limits.

nickphx 29 minutes ago | parent [-]

from the microsoft store. the ngrok app was downloaded via microsoft store...

dlenski 15 minutes ago | parent [-]

And then what?

Does the Microsoft store imprint an identifier into the network traffic of all the binaries downloaded from it?

And if so, how?

All of ngrok's traffic is TLS encrypted which means that only the client software and the server/peer should be able to decrypt or modify it.