Bitcoin Forum
July 10, 2026, 07:45:58 AM *
News: Latest Bitcoin Core release: 31.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Privacy problems with Windows GDID  (Read 78 times)
Italian Panic (OP)
Hero Member
*****
Offline

Activity: 1078
Merit: 663



View Profile WWW
July 09, 2026, 07:41:43 AM
Merited by ABCbits (1)
 #1

The breaking news in April was the arrest of a 19 year old guy in Finland, Peter Stokes as member of the hacker group Scattered Spider. He has now been extradited to the United States, where he will face a federal trial for defrauding American citizens in the fields of cryptocurrency and social engineering/psychology.

The latest update of this days is that Stokes used sophisticated systems for connections he believed to be secure: for example, in addition to a VPN service, he also used a authomatic continuous IP rotation system with three IP addresses constantly appeared and disappeared between Estonia, thailand and the United state, and he also used Ngrok to further encrypt the traffic.

I'm not here to debate about Stoke arrest, if it's right or not, but I talking about the GDID windows system which made possible to identify Stokes and his arrest.

What’s the problem? The problem is the Windows GDID (Global Device Identifier) system and the fact that this guy was using windows systems. Ngrok is not open source it’s proprietary software that’s tied to microsoft.

What is the GDID? It is a unique code that Microsoft assigns to every device on which a Windows operating system (OS) is installed, whether pre installed on the machine or installed at a later date. In effect, it is a system native IP address that transmits complete telemetry (fingerprint) data about the machine to Microsoft servers, including reports on system crashes, unspecified reports, licence checks, traffic, software and hardware. In practice, it’s a complete fingerprint taken without your agree.

What makes GDID dangerous for ours privacy? Its persistence: this system is extremely persistent and deeply embedded in your OS and on your pc or device, disabling it risks compromising the operation of the operating system itself. All the measures taken by Stokes protect the user at the network traffic level, but the operating system remains exposed, which is precisely why GDID has compiled a complete data package containing the PC specifications, timestamps and real IP address, and sent it to Microsoft servers. Consequently, when using ngrok on a Windows OS, the exact moment when a device with a specific GDID code logged into ngrok was recorded, by simply cross controls few data, the FBI was able to track the user down.
WARNING: Uninstalling Windows does not eliminate the persistence of the GDID system. Microsoft states that the GDID system ceases to function upon uninstallation, however, specialists have demonstrated that even after formatting a system and installing another OS, traces of the GDID system remain amongst the remnants of Windows and can potentially still communicate with the servers. Worse still, if any Windows system were to be reinstalled at a later date, this would "officially" bring GDID back to life, and it would send historical data and timestamps to Microsoft servers.

GDID and Bitcoin, it's safe? Of course not, a windows system will never be able to replace a linux system. Linux don't have a dog nose for your data, the data you transmit is the data you want transmit.
Can we be sure that GDID is limited to what Windows claims? Of course not. It could well be another widespread case of large espionage (potentially another Snowden style case).
Can a user with a wallet installed on a Windows system rest safe? Of course not. GDID is native in Win systems since 2015/2016, from win10 onwards.
Could this system communicate with national tax authorities, pass on the details of those with wallets installed, and uncover undeclared bitcoin? Of course they can, it’s already happening. For example in Europe we will have serius problems with law approach and data systems.


I don’t want to sit here debating whether a hacker used Windows systems to do what they did, they have only got themselves into trouble. With a Linux system, no one of this would have happened.

So, guys, use Linux or opensource systems in general to be on the safe side, the open source community has no interest in your data or telemetry or fingerprints, in fact, it fights every day to protect you from these malicious activities associated with Windows.

Linux has a machine identification system too
Code:
/etc/machine-id

but it remains local, it is not communicated externally and can be regenerated or modified by the user. There is no background telemetry system, you can use your wallet safely in linux. Otherwise, for max security, you can use your own wallets on live versions of Linux distributions, or Debian, all with a sandbox which when the system is shut down forgets everything that has been done without leaving a trace. This is ours strenght!!
ABCbits
Legendary
*
Offline

Activity: 3668
Merit: 10186



View Profile
July 09, 2026, 07:58:08 AM
 #2

Could this system communicate with national tax authorities, pass on the details of those with wallets installed, and uncover undeclared bitcoin? Of course they can, it’s already happening. For example in Europe we will have serius problems with law approach and data systems.

What do you mean by "it’s already happening"? Can you share news or article that prove it?

So, guys, use Linux or opensource systems in general to be on the safe side, the open source community has no interest in your data or telemetry or fingerprints, in fact, it fights every day to protect you from these malicious activities associated with Windows.

It's not fully true. Some application (such as Firefox) send some telemetry data by default, but AFAIK it's not as insane as what windows does and can be disabled much easier.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits PREDICT..
█████████████████████████
█████████████████████████
███████████▀▀░░░░▀▀██████
██████████░░▄████▄░░████
█████████░░████████░░████
█████████░░████████░░████
█████████▄▀██████▀▄████
████████▀▀░░░▀▀▀▀░░▄█████
██████▀░░░░██▄▄▄▄████████
████▀░░░░▄███████████████
█████▄▄█████████████████
█████████████████████████
█████████████████████████
.
.WHERE EVERYTHING IS A MARKET..
█████
██
██







██
██
██████
Will Bitcoin hit $200,000
before January 1st 2027?

    No @1.15         Yes @6.00    
█████
██
██







██
██
██████

  CHECK MORE > 
Synchronice
Legendary
*
Offline

Activity: 1652
Merit: 1175



View Profile
July 09, 2026, 07:59:45 AM
 #3

It's so insane that person goes far to hide his network activity but does nothing to OS-level and account-level telemetry. I don't understand what's wrong with these people, Windows is my favorite OS too because I've been using it since my childhood and playing lots of PC games on it but once you grow up a little and start to take care of your privacy, this is not the best OS and you should move from Windows to Linux. An uncomfortable month or two worth it.

Can a user with a wallet installed on a Windows system rest safe? Of course not. GDID is native in Win systems since 2015/2016, from win10 onwards.
Could this system communicate with national tax authorities, pass on the details of those with wallets installed, and uncover undeclared bitcoin? Of course they can, it’s already happening. For example in Europe we will have serius problems with law approach and data systems.
Are you telling me that if I use Windows and have a Bitcoin wallet on it and don't pay taxes, they'll get information from Windows by secretly scanning my wallet apps? I don't really think so. They get information through exchanges and crypto-asset service providers.

█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
█████████████████████▀█▀████████████████▀████████████████▀█████████████████████████████▀████████████████████████████████
█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████████████████████████████▀██████▀█████▀████████▀█████
██████████████████████████████████████████████████████████████████████████████████████████████████████████████████
█████████████████████▄█▄████████████████▄████████████████▄█████████████████████████████████▄██████▄█████▄████████████
█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
 
 🍒   ⚽️    IIIIIFASTEST GROWING CASINO & SPORTSBOOK     Play Now    
Italian Panic (OP)
Hero Member
*****
Offline

Activity: 1078
Merit: 663



View Profile WWW
July 09, 2026, 08:45:49 AM
 #4

Could this system communicate with national tax authorities, pass on the details of those with wallets installed, and uncover undeclared bitcoin? Of course they can, it’s already happening. For example in Europe we will have serius problems with law approach and data systems.

What do you mean by "it’s already happening"? Can you share news or article that prove it?


It should be noted that this is one of the first cases in which the use of GDID for cybercrime cases has been explicitly stated. Many cases documented online and on specialist forums suggest that GDID is widely used for this purpose (it exist since 10 years).
For example, there are documented cases of dark web dev operating on win systems, and the arrest warrants state that the FBI and Europol used "traditional techniques" or "tracement techniques". Furthermore, there are many cases in which Microsoft states that it has used hardware identifiers.
This leads me to conclude, with a fair degree of certainty, that this type of data transfer is widely practised.



It's not fully true. Some application (such as Firefox) send some telemetry data by default, but AFAIK it's not as insane as what windows does and can be disabled much easier.

On page 1 of the privacy manual, it says not to use browsers with too much tracking, fingerprints, cookies: Chrome, Firefox and Edge are the worst. Unfortunately, even DuckDuckGo is not doing well either.

If you use Linux with Firefox, it’s like using Edge on Windows… it’s not safe. Mullvad and Brave offer incredible privacy features.

Here’s a link where you can find out about the best browsers: https://privacytests.org/private


It's so insane that person goes far to hide his network activity but does nothing to OS-level and account-level telemetry. I don't understand what's wrong with these people, Windows is my favorite OS too because I've been using it since my childhood and playing lots of PC games on it but once you grow up a little and start to take care of your privacy, this is not the best OS and you should move from Windows to Linux. An uncomfortable month or two worth it.

Can a user with a wallet installed on a Windows system rest safe? Of course not. GDID is native in Win systems since 2015/2016, from win10 onwards.
Could this system communicate with national tax authorities, pass on the details of those with wallets installed, and uncover undeclared bitcoin? Of course they can, it’s already happening. For example in Europe we will have serius problems with law approach and data systems.
Are you telling me that if I use Windows and have a Bitcoin wallet on it and don't pay taxes, they'll get information from Windows by secretly scanning my wallet apps? I don't really think so. They get information through exchanges and crypto-asset service providers.

If you’ve got a few sats to spare, obviously not, after that, it depends on how economic desperate the country you live in is.
A true bitcoiner doesn’t keep funds on CEX, they store them privately (not your keys, not your money rulez). If you live in europe and have your BTC on CEX probably your department of taxes know it. And given the extensive telemetry that GDID provides to those who are much curious, I wouldn’t be surprised if it were possible to identify, using a simple script or search filter, who has installed a software wallet on Windows systems or connected a hardware wallet. Do you find this exagerate? Yeah, maybe it is, but nothing surprises me anymore.


WakeUpToCrypto
Newbie
*
Offline

Activity: 2
Merit: 0


View Profile WWW
July 09, 2026, 08:55:10 AM
 #5

I agree with the general warning that OS-level telemetry is often underestimated. Many people focus only on VPNs, proxies and IP rotation, while the device, browser, account and application layers can still reveal a lot.

But I think we should be careful not to mix confirmed facts with assumptions.

From the complaint, the important part seems to be that Microsoft records associated a Windows GDID with the creation/use of the ngrok account and then correlated that with IP activity, accounts and timestamps. That is already a serious privacy concern.

However, the stronger claims need better evidence. For example, saying that Windows can be used to identify everyone who has a Bitcoin wallet installed, or that this data is already being shared with tax authorities, is a much bigger claim. Most tax-related crypto tracking still seems to come from exchanges, KYC providers, blockchain analytics companies and payment records, not from Microsoft secretly scanning wallet software.

Also, if I understand the complaint correctly, a Windows reinstall creates a new GDID. So the claim that GDID survives formatting or keeps communicating after switching to another OS should probably be backed by a technical source.

For Bitcoin users, the practical advice is still valid: don’t run serious funds on a daily-use Windows machine. Use a dedicated environment, preferably Linux, verify wallet software, avoid browser-based hot wallets for large amounts, and use hardware wallets or air-gapped setups when appropriate.

So yes, Windows telemetry is a real privacy problem. But we should separate “Windows telemetry can help correlate activity” from “Windows is automatically reporting all Bitcoin wallet users to tax authorities.”
Italian Panic (OP)
Hero Member
*****
Offline

Activity: 1078
Merit: 663



View Profile WWW
July 09, 2026, 10:24:37 AM
 #6


Also, if I understand the complaint correctly, a Windows reinstall creates a new GDID. So the claim that GDID survives formatting or keeps communicating after switching to another OS should probably be backed by a technical source.


I’m afraid that’s not quite right; in the latest versions of Windows, the GDID remains even after a deep format and is linked back to the previous one in the event of a fresh installation of the same OS.

If you change your version of Windows in the belief that you can trick the GDID, be aware that it reports hardware components to the servers, such as: the motherboard UUID, the CPU serial number, the cryptographic keys of the TPM chip and the motherboard MAC address. This data is then linked between two different GDID for the same machine.



So yes, Windows telemetry is a real privacy problem. But we should separate “Windows telemetry can help correlate activity” from “Windows is automatically reporting all Bitcoin wallet users to tax authorities.”

In my country, there is a centralised system that monitors an individual income and compares it with their real estate and personal assets, it also monitors their expenditure and what they declare to the tax authorities each year. Applied to 60 million people, this is known as "income measurement". It’s not fiction, it really does exist, and you will receive a letter from the tax office at home asking you to pay up or provide an explanation, even for just a few euro or dollar.
Do you think that if a country needed money income, it would be a problem for Microsoft to query a server? In these countries, they have trade agreements to sell their systems, they control the market.

I’m not here to persuade you, let me make it clear that I’m not interested, I’m simply setting out some doubts and deep observations
ABCbits
Legendary
*
Offline

Activity: 3668
Merit: 10186



View Profile
Today at 07:43:23 AM
 #7

This leads me to conclude, with a fair degree of certainty, that this type of data transfer is widely practised.

That makes sense. While it can't be proved for sure, it's enough as another reason not to use windows.


It's not fully true. Some application (such as Firefox) send some telemetry data by default, but AFAIK it's not as insane as what windows does and can be disabled much easier.

On page 1 of the privacy manual, it says not to use browsers with too much tracking, fingerprints, cookies: Chrome, Firefox and Edge are the worst. Unfortunately, even DuckDuckGo is not doing well either.

If you use Linux with Firefox, it’s like using Edge on Windows… it’s not safe. Mullvad and Brave offer incredible privacy features.

Here’s a link where you can find out about the best browsers: https://privacytests.org/private

I already know Firefox isn't as private as some people suggest, but thanks for the reminder. Although my point is not all on open source software avoid using telemetry.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits PREDICT..
█████████████████████████
█████████████████████████
███████████▀▀░░░░▀▀██████
██████████░░▄████▄░░████
█████████░░████████░░████
█████████░░████████░░████
█████████▄▀██████▀▄████
████████▀▀░░░▀▀▀▀░░▄█████
██████▀░░░░██▄▄▄▄████████
████▀░░░░▄███████████████
█████▄▄█████████████████
█████████████████████████
█████████████████████████
.
.WHERE EVERYTHING IS A MARKET..
█████
██
██







██
██
██████
Will Bitcoin hit $200,000
before January 1st 2027?

    No @1.15         Yes @6.00    
█████
██
██







██
██
██████

  CHECK MORE > 
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!