Remix.run Logo
bsian 8 hours ago

>Microsoft’s records showed that at that exact same minute, a Windows device carrying GDID g:6755467234350028 had visited the ngrok signup page. Three hours later, the same GDID visited the retailer’s own website, through the same Tzulo proxy address used to set up the ngrok account.

Can someone explain the mechanism through which Windows sends this information to Microsoft? Did the hacker use Edge, which communicated the web history + the GDID of the user to Microsoft, or is Windows snooping on browsers besides Edge and sending the web history to Microsoft, or is Windows bundling a summary of all connections open and sending it to Microsoft?

burnt-resistor 7 hours ago | parent [-]

It's "Connected Devices Platform" telemetry bullshit.

See https://github.com/SmtimesIWndr/gdid-reversal

drdexebtjl 5 hours ago | parent [-]

None of it says how the GDID was associated with browsing history. It says it’s associated with a Microsoft account.

Why did Microsoft have his browsing history? Was he syncing it from Edge?