• How does Microsoft know which GDID is accessing which websites?

    The document adds that Microsoft records also showed the GDID accessing “multiple sites” from servers at Tzulo, a web hosting provider, to help pull off the hack.

    The GDID is one thing, but how is the connection to activities made? Is the GDID sent while making requests to a server (in this case Tzulo), which records it? But then it wouldn’t be microsoft records showing that. But if it isn‘t, how do you know which GDID visits a website? If Microsoft is collecting which website is visited on device and sending it off to their servers then the GDID is the smallest thing to worry about.

  • Poor kid. Seems he was just starting out and didn’t get into the weeds of OpSec.

    He used a personal laptop with his personal information stored on it tied to an identifier. Not great OpSec. A hardware ID spoofer or a partitioned disk with different OS would’ve made wonders.

  • Maybe I’m missing something here but how is that not a logical conclusion for any service where you have a unique identifier? If it can get your IP it can get a general idea (CGNAT can screw with it a bit), if it’s allowed network access it can get nearby APs, which are pretty well mapped at this point, and if you allow it GPS, well that’s a no brainer.

    • The whole point of a lot of these unique identifiers is that they’re anonymous so they can legally collect more data on you.

      The goal is that you can’t reverse the ID to find the person, because then it ceases to be personally identifiable information.