The breaking news in April was the arrest of a 19 year old guy in Finland, Peter Stokes as member of the hacker group Scattered Spider. He has now been extradited to the United States, where he will face a federal trial for defrauding American citizens in the fields of cryptocurrency and social engineering/psychology.
The latest update of this days is that Stokes used sophisticated systems for connections he believed to be secure: for example, in addition to a VPN service, he also used a authomatic continuous IP rotation system with three IP addresses constantly appeared and disappeared between Estonia, thailand and the United state, and he also used Ngrok to further encrypt the traffic.
I'm not here to debate about Stoke arrest, if it's right or not, but I talking about the GDID windows system which made possible to identify Stokes and his arrest.What’s the problem? The problem is the Windows GDID (Global Device Identifier) system and the fact that this guy was using windows systems. Ngrok is not open source it’s proprietary software that’s tied to microsoft.
What is the GDID? It is a unique code that Microsoft assigns to every device on which a Windows operating system (OS) is installed, whether pre installed on the machine or installed at a later date. In effect, it is a system native IP address that transmits complete telemetry (fingerprint) data about the machine to Microsoft servers, including reports on system crashes, unspecified reports, licence checks, traffic, software and hardware. In practice, it’s a complete fingerprint taken without your agree.
What makes GDID dangerous for ours privacy? Its persistence: this system is extremely persistent and deeply embedded in your OS and on your pc or device, disabling it risks compromising the operation of the operating system itself. All the measures taken by Stokes protect the user at the network traffic level, but the operating system remains exposed, which is precisely why GDID has compiled a complete data package containing the PC specifications, timestamps and real IP address, and sent it to Microsoft servers. Consequently, when using ngrok on a Windows OS, the exact moment when a device with a specific GDID code logged into ngrok was recorded, by simply cross controls few data, the FBI was able to track the user down.
WARNING: Uninstalling Windows does not eliminate the persistence of the GDID system. Microsoft states that the GDID system ceases to function upon uninstallation, however, specialists have demonstrated that even after formatting a system and installing another OS, traces of the GDID system remain amongst the remnants of Windows and can potentially still communicate with the servers. Worse still, if any Windows system were to be reinstalled at a later date, this would "officially" bring GDID back to life, and it would send historical data and timestamps to Microsoft servers.
GDID and Bitcoin, it's safe? Of course not, a windows system will never be able to replace a linux system. Linux don't have a dog nose for your data, the data you transmit is the data you want transmit.
Can we be sure that GDID is limited to what Windows claims? Of course not. It could well be another widespread case of large espionage (potentially another Snowden style case).
Can a user with a wallet installed on a Windows system rest safe? Of course not. GDID is native in Win systems since 2015/2016, from win10 onwards.
Could this system communicate with national tax authorities, pass on the details of those with wallets installed, and uncover undeclared bitcoin? Of course they can, it’s already happening. For example in Europe we will have serius problems with law approach and data systems.
I don’t want to sit here debating whether a hacker used Windows systems to do what they did, they have only got themselves into trouble. With a Linux system, no one of this would have happened.
So, guys, use Linux or opensource systems in general to be on the safe side, the open source community has no interest in your data or telemetry or fingerprints, in fact, it fights every day to protect you from these malicious activities associated with Windows.
Linux has a machine identification system too
but it remains local, it is not communicated externally and can be regenerated or modified by the user. There is no background telemetry system, you can use your wallet safely in linux. Otherwise, for max security, you can use your own wallets on live versions of Linux distributions, or Debian, all with a sandbox which when the system is shut down forgets everything that has been done without leaving a trace.
This is ours strenght!!