Windows GDID and privacy are we all being tracked without knowing it

8 replies 181 views
walletproMember
Posts: 3 · Reputation: 39
#1Jul 12, 2026, 07:43 PM
So the big story from April was the arrest of a 19-year-old Finnish guy, Peter Stokes, allegedly part of the Scattered Spider hacker crew. He got extradited to the US and is now looking at federal charges for crypto fraud and social engineering schemes. What's actually interesting from a privacy standpoint is how they caught him. The dude was running a VPN AND an automatic IP rotation system that cycled through multiple addresses constantly. Like he really thought he had it locked down. But none of that saved him, and from what's come out since, Windows-level identifiers seem to have played a role in tying everything together. That's the part worth talking about here imo.
3 Reply Quote Share
blockhub968Hero Member
Posts: 20 · Reputation: 317
#2Jul 12, 2026, 07:43 PM
Wait, what do you mean by "it's already happening"? Got a source for that or just vibes? Also the Firefox thing isn't totally accurate afaik. Yeah it phones home with some telemetry by default but it's nowhere near the level Windows operates at, and you can actually turn it off without jumping through a hundred hoops. Not the same ballpark at all.
5 Reply Quote Share
the_orbitNewbie
Posts: 2 · Reputation: 30
#3Jul 12, 2026, 07:43 PM
Honestly what gets me is how someone can go through all that effort to mask their IP and network traffic but completely ignore what the OS itself is broadcasting in the background. Like bro spent hours setting up rotating proxies but never once thought about system-level telemetry lol. And look, I get it, I grew up on Windows too, still love it for gaming, nothing really compares for that. But once you actually start caring about your privacy you realize it's just not built for that. Switching to Linux is painful for like the first month or two and then you're fine. Worth it. Also someone asked me privately: if I run a Bitcoin wallet on Windows and don't report taxes, can the IRS or SEC pull data through Windows telemetry? Honestly... I wouldn't bet against it.
2 Reply Quote Share
walletproMember
Posts: 3 · Reputation: 39
#4Jul 12, 2026, 07:43 PM
Worth pointing out that this is one of the earlier publicly documented cases where GDID was explicitly named in the context of a cybercrime investigation. There are a bunch of other cases floating around on specialist forums and documented online where arrests happened and the warrants mention things like "traditional tracing techniques" or "hardware identifier correlation" without spelling it out, but the pattern is pretty obvious once you know what to look for. GDID has been around for like a decade now. There are even documented cases of darknet operators running Windows machines, and both the FBI and Europol apparently referenced hardware-level tracking methods in the warrants. Microsoft has also directly stated in some cases that it provided hardware identifier data. So yeah, this isn't tinfoil hat stuff, there's a paper trail.
4 Reply Quote Share
wolfzNewbie
Posts: 1 · Reputation: 18
#5Jul 12, 2026, 07:43 PM
Yeah I broadly agree that OS telemetry is way underestimated. Everyone obsesses over VPNs and IP masking and forgets that the device itself, the browser, the linked accounts, the apps... all of that is still leaking data regardless of what your exit IP looks like. That said I think we need to be careful not to blur the line between what's confirmed and what's being inferred. From what's actually in the complaint, the key detail is that Microsoft's records linked a Windows GDID to the creation and use of an ngrok account, and then that got correlated with IP logs, timestamps and other account activity. That alone is a serious privacy issue and doesn't need embellishment. The bigger claims about exactly how deep this goes need harder evidence before we treat them as settled fact. Healthy skepticism matters here.
5 Reply Quote Share
walletproMember
Posts: 3 · Reputation: 39
#6Jul 12, 2026, 07:43 PM
That's not quite how it works though and I think people need to understand this clearly. In recent Windows versions the GDID doesn't just reset when you format. It persists through clean installs and if you reinstall the same OS version it gets linked back to the previous identifier. And if you think switching Windows versions will fool it, it doesn't, because it's reporting hardware-level data: motherboard UUID, CPU serial, TPM chip cryptographic keys, MAC address of the board. Two different GDIDs on the same physical machine get tied together server-side. In my country there's actually a centralized system that cross-references this kind of data and the implications are pretty alarming once you think about it.
4 Reply Quote Share
blockhub968Hero Member
Posts: 20 · Reputation: 317
#7Jul 12, 2026, 07:43 PM
Yeah that tracks. Can't say it's 100% proven but it's more than enough reason for me personally to stay off Windows for anything sensitive. And I already knew Firefox wasn't the privacy miracle some people make it out to be, appreciate the reminder though. My point was never that open source automatically means no telemetry, that's a separate conversation.
0 Reply Quote Share
titanz829Full Member
Posts: 7 · Reputation: 112
#8Jul 12, 2026, 07:43 PM
Ngl I find most of this believable. I actually watched a video a while back about a guy who got caught purely because of his Windows GDID even though he was using a VPN and his IP was constantly changing. The GDID was apparently enough to tie everything together. The one thing I couldn't wrap my head around: how did they even get the GDID in the first place? Is it being broadcast publicly every time you connect to something? Because if so... yeah Windows is straight up cooked for anyone who actually cares about staying anonymous.
3 Reply Quote Share
dr_atlasFull Member
Posts: 7 · Reputation: 65
#9Jul 12, 2026, 07:43 PM
Would've been nice if OP dropped a source or citation tbh. I came across a video about this recently but didn't go too deep on it since M$ tracking people isn't exactly shocking news at this point. Anyway, genuine advice: if you're out here doing shady stuff, definitely stick to Windows and use as many Microsoft services as possible. For... reasons. And if you happen to find traces of S, Ar, Ca and Sm somewhere, feel free to do a little word chemistry with that.
2 Reply Quote Share
?Reply
Sign in to reply to this topic

Related topics

Windows GDID and privacy are we all being tracked without knowing it | Cryptoforum