logoalt Hacker News

drdexebtjltoday at 3:47 PM1 replyview on HN

What isn’t clear to me is how they’re able to say which GDID visited each site and when.

Did the hacker not disable telemetry? Was he using Microsoft Edge? Or is it just a GDID->IP mapping combined with network activity?

It is obvious that Microsoft has an identifier for my device. They enforce license activation.

The problem is that they’re tracking user activity and associating it with this ID, even for a user who, one would assume, rejected all telemetry.

Can they do this in devices owned by companies and governments that are configured with strict no telemetry and no cloud services policies?


Replies

AlOwaintoday at 5:26 PM

It's very naive to assume that they wouldn't collect and report the telemetry regardless. Filtering then bundling and compressing the data while staggering the calls back home. Any outbound traffic to Microsoft could be injected with that data, and redirected once it reaches.