The FBI used a Microsoft device identifier, dubbed GDID, to link a teenager to a hack attributed to Scattered Spider, raising privacy red flags about Windows' surveillance capabilities.
How does Microsoft know which GDID is accessing which websites?
The document adds that Microsoft records also showed the GDID accessing “multiple sites” from servers at Tzulo, a web hosting provider, to help pull off the hack.
The GDID is one thing, but how is the connection to activities made? Is the GDID sent while making requests to a server (in this case Tzulo), which records it? But then it wouldn’t be microsoft records showing that. But if it isn‘t, how do you know which GDID visits a website? If Microsoft is collecting which website is visited on device and sending it off to their servers then the GDID is the smallest thing to worry about.
How does Microsoft know which GDID is accessing which websites?
The GDID is one thing, but how is the connection to activities made? Is the GDID sent while making requests to a server (in this case Tzulo), which records it? But then it wouldn’t be microsoft records showing that. But if it isn‘t, how do you know which GDID visits a website? If Microsoft is collecting which website is visited on device and sending it off to their servers then the GDID is the smallest thing to worry about.