Comment by Terr_

2 days ago

TLDR: Microsoft can (at least) correlate your Windows installation to all website domains you visit while using Windows.

It's unclear what the mechanism is, but I'd wager their "telemetry" is constantly revealing your installation ID, your current IP, and domains that were recently resolved.

The article links to this page, which was shared on HN yesterday. [1]

I feel like using wireshark to look at what's being sent back and forth from Windows telemetry, when using Edge, Chrome & etc should reveal what's being sent and recieved. Using MITM SSL spoofing should be able to intercept the packets.

[1] https://github.com/SmtimesIWndr/gdid-reversal

  • I would be shocked if Microsoft was not using their own layer of certificate-pinning to stop people from doing that, and/or using another layer of encryption separate from the networking layer.

    • Only way to see what's going on is testing to see what's going on. Hopefully, someone who knows more about it than me can take a look at the packets and see what they contain.

      2 replies →

    • But you'd still see some encrypted traffic and it wouldn't fly under a radar

It's Microsoft Defender SmartScreen in Edge.

You can also use the Windows Diagnostic Viewer to check the telemetry data being shipped to Microsoft. I'd be willing to bet that you could use Edge (with defaults) and see the URLs being sent to Microsoft but nothing would come from Brave, Firefox, Chrome etc.

I was under the impression Windows is unreliable for these kind of activities as they are "leakish".

I imagine it's not too difficult to narrow down the potential suspects with how much data points you'd get from ISP, Windows telemetry, and whatever.

"all" would be troubling indeed. I hope that someone can discover the mechanism, and whether it's depending on any settings like "Share browsing data with other Windows features" or any other settings.