7/15/2026 at 5:26:15 PM
User nashashmi [1]: So this kid uses his home computer at his home, and they trace him down with
the IP address, and the IP address also makes a request for Windows Updates.
And that narrows down the Device ID. The device id is now traced to this kid.
That seems more likely, I hope, than Edge/Windows secretly telemetering your GDID and every URL you visit to Redmond. It's a huge privacy hole still, but they can plausibly deny they set out to track you across the web using their OS.
by hughw
7/15/2026 at 7:06:28 PM
That could be how they initially associated the hacker with his GDID, but the criminal filing explicitly mentions that they were able to use Microsoft records to determine that his computer visited specific webpages:> According to Microsoft records, on or about May 12, 2025, at 19:21 UTC—when, according to ngrok records, the ngrok account was created—the device with the GDID accessed, among other ngrok pages, “https://dashboard.ngrok.com/signup,” the ngrok page to set up an ngrok account.
> Microsoft records also indicate: (1) the user of the device assigned the GDID accessed multiple sites from Tzulo servers in May 2025, including the .168 server (the IP address used to create the ngrok account) on May 12, 2025; and (2) the user of the device assigned the GDID, on May 12, 2025 at 22:47 UTC, a little more than three hours after the ngrok account was created, the user visited “[Company F].com” from the .168 proxy server.
by ndiddy