|
Italian Panic (OP)
|
https://korben.info/en/gdid-windows-cut-tracker-vpn.html This Korben track it's a golden nugget, thanks for sharing it. I still have some doubts about possible system instability issues with proprietary software if the OS were to detect that telemetry has been disabled. The svchost.exe system file is the generic container that, on Windows, hosts telemetry instances of files such as "diagTrack" or "UtcSvc". By running the following command as an administrator in PowerShell tasklist /svc /fi "imagename eq svchost.exe" You will simultaneously see all instances currently running on your win pc in the svchost container (I tryed in win10, but the command it's a standard troubleshooting from win xp to 12) You obtain a list with more than 10 active processes, the factors to be taken into account are as follows (or similar if you use another version of win): Process PID Service ========================= =====================
svchost.exe xxxx DispBrokerDesktopSvc
svchost.exe xxxx DiagTrack
svchost.exe xxxx DoSvc
I voluntarily deleted the Process ID (PID) because, even though they change every time the machine restarts, a tracking system might have logged them. Am I being too cautious? I'm always been that way, and it’s always paid off. These are files of telemetry services: - diagTrack: collects diagnostic data, user habits, and software and hardware information. It is Microsoft tracking and fingerprinting system. - dispBrokerDesktopSvc: manages the monitor resolution, orientation, refresh rate, and layout (very important for fingerprinting, anyone who uses Tor knows this is critical data). - DoSvc: is Windows P2P service designed to optimize the distribution of updates to other PC. It causes spikes in ram usage and constantly scans the disk. Disabling these services may compromise the OS proper functioning in the long run. As soon as I have a reason to use Windows for a certain period of time, I will try disabling them and assessing the OS stability. I tried to force access to the diagTrack file to see what data it contained, but the system categorically blocks access to this file. Even though it is our own data. There’s an app in the Microsoft Store that’s supposed to read the telemetry and show what’s being sent. I have never trusted it because it’s proprietary software rather than open source, so it might have an interest in hiding certain data.
|
KYCNOTLIST.COM | | █████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ █████ | ██████████████████████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████████████████████ | █████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ █████ | | | ▬▬▬✅️▬▬▬ Comprehensive Database ▬▬▬▬▬▬▬ | | ▬▬▬✅️▬▬▬ KYC/AML Levels ▬▬▬▬▬▬▬ | | | ▬▬▬✅️▬▬▬ Independent Analysis ▬▬▬▬▬▬▬ | | | ...CHECK NOW.... ...TOR MIRROR... |
|
|
|
Lucius
Legendary

Activity: 4032
Merit: 7598
|
 |
July 13, 2026, 02:48:00 PM |
|
https://korben.info/en/gdid-windows-cut-tracker-vpn.html This Korben track it's a golden nugget, thanks for sharing it. I still have some doubts about possible system instability issues with proprietary software if the OS were to detect that telemetry has been disabled. ~snip~If what he claims is true, then the OS would still be functional after the GDID is disabled, but I also wonder if they on the other side will realize that the data is no longer coming in and do something about it. By the way, I tried the command with which you can actually see the ID of that tracker on W10 and all I get is an error in PowerShell (of course started as administrator), so I wonder if there is something different between OS 10 and 11 versions? $lid=(Get-ItemProperty 'HKCU:SOFTWAREMicrosoftIdentityCRLExtendedProperties').LID "g:$([Convert]::ToUInt64($lid,16))"
|
|
|
|
|
Italian Panic (OP)
|
https://korben.info/en/gdid-windows-cut-tracker-vpn.html This Korben track it's a golden nugget, thanks for sharing it. I still have some doubts about possible system instability issues with proprietary software if the OS were to detect that telemetry has been disabled. ~snip~If what he claims is true, then the OS would still be functional after the GDID is disabled, but I also wonder if they on the other side will realize that the data is no longer coming in and do something about it. By the way, I tried the command with which you can actually see the ID of that tracker on W10 and all I get is an error in PowerShell (of course started as administrator), so I wonder if there is something different between OS 10 and 11 versions? $lid=(Get-ItemProperty 'HKCU: SOFTWAREMicrosoftIdentityCRLExtendedProperties').LID "g:$([Convert]::ToUInt64($lid,16))" However, you miss some backslash, with this command you can see the local ID which is used to identify the local cache when the machine communicates with Microsoft servers, it is not the GDID. There are no differences between Windows 10 and Windows 11, although some versions of Windows 10 may have a different path. The command for local ID is: Test-Path "HKCU:\SOFTWARE\Microsoft\IdentityCRL\ExtendedProperties" if the answer is "false" probably you never activate windows live or microsoft account related software. If the answer is "true" insert this commans and obtaid the local ID: Get-ItemProperty "HKCU:\SOFTWARE\Microsoft\IdentityCRL\ExtendedProperties" -Name LID -ErrorAction SilentlyContinue there are no direct commands to retrieve the GDID; I found this script in another forum (but it work good): $lid=(Get-ItemProperty 'HKCU:\SOFTWARE\Microsoft\IdentityCRL\ExtendedProperties' -Name LID -ErrorAction SilentlyContinue).LID; if($lid) { "g:$([Convert]::ToUInt64($lid,16))" } else { "Error: LID not found. Check if signed in with Microsoft Account." }
|
KYCNOTLIST.COM | | █████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ █████ | ██████████████████████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████████████████████ | █████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ █████ | | | ▬▬▬✅️▬▬▬ Comprehensive Database ▬▬▬▬▬▬▬ | | ▬▬▬✅️▬▬▬ KYC/AML Levels ▬▬▬▬▬▬▬ | | | ▬▬▬✅️▬▬▬ Independent Analysis ▬▬▬▬▬▬▬ | | | ...CHECK NOW.... ...TOR MIRROR... |
|
|
|
Lucius
Legendary

Activity: 4032
Merit: 7598
|
 |
July 14, 2026, 01:23:15 PM |
|
However, you miss some backslash, with this command you can see the local ID which is used to identify the local cache when the machine communicates with Microsoft servers, it is not the GDID.
There are no differences between Windows 10 and Windows 11, although some versions of Windows 10 may have a different path. ~snip~
You're right, I managed to get that info with what you posted. For now, I'll refrain from applying the "korben" tutorial in an attempt to disable GDID, but since I'm planning to buy a new computer and use Linux, I'll definitely deal with it later. If GDID could really be disabled in this way, then it would be very useful for those who buy new computers and want to use the Windows OS.
|
|
|
|
Synchronice
Legendary

Activity: 1652
Merit: 1175
|
 |
July 14, 2026, 02:45:23 PM |
|
Windows is my favorite OS too because I've been using it since my childhood If you have kids, do them a favor and give them a Linux installation from the start  That's really a good advice, I'm not kidding. Let kids get good habits from the day one. Personally, I was using windows for playing video games on my pc and I have a nostalgia for Windows XP and 7 too but it doesn't mean that I use windows today. Not yet! The fact that this GDID case was a high-profile case shows it's not something that's very common yet. It feels like they went the extra mile to catch this hacker. But this might as well become a very common thing in the future. I wonder how long it will take for hackers to start spoofing someone else's GDID, so authorities end up with a 96 year suspect who only uses Facebook to see her grandchildren.
Not yet is a good answer. Too many people and too many companies don't pay taxes or fake the amount they have to pay. Using GDID for catching these people feels like planting a nuclear bomb in our computers to explode it one day. I think that if they use GDID for this, they won't be able to arrest everyone. Maybe a few at first but this will immediately be a clear message for absolutely everyone to move from Windows OS. But maybe then they'll make it mandatory to use Windows, who knows... By the way, is Windows the only problem or does motherboard or other part of the computer carries the risk too that we don't know yet?
|
|
|
|
NotATether
Legendary

Activity: 2394
Merit: 9884
┻┻ ︵㇏(°□°㇏)
|
 |
July 15, 2026, 08:05:52 AM |
|
Windows is spyware. I recognize that it's installed on all the computers whose names don't begin with Mac, but you should never be using Windows for any sensitive task. That's just reckless behavior.
Furthermore, Windows is quite unreliable when it comes to uptime (random updates restarting your computer automatically, application freezes & crashes, etc) such that if you can get Linux to not crash on your hardware, that's probably what you should be using going forward.
|
|
|
|
Lucius
Legendary

Activity: 4032
Merit: 7598
|
 |
July 15, 2026, 02:17:58 PM |
|
Furthermore, Windows is quite unreliable when it comes to uptime (random updates restarting your computer automatically, application freezes & crashes, etc) such that if you can get Linux to not crash on your hardware, that's probably what you should be using going forward.
My system has never restarted on its own after downloading updates, because that depends on how you set it in the settings. I've also very rarely experienced the things you're talking about, so as an OS Windows isn't bad, but it's definitely a big spyware that anyone who values their privacy should get rid of. I hope the incompetent EU bureaucrats do something about the blatant spying and data storage of all those who use Windows within the EU, and perhaps they should threaten Microsoft with a ban on using this system if they don't change something about the way they collect user data.
|
|
|
|
Synchronice
Legendary

Activity: 1652
Merit: 1175
|
 |
July 15, 2026, 06:57:39 PM |
|
I have one interesting question (interesting for me). I don't know well how things work but if someone has installed Windows OS on their computer but uses Tails, booted via USB Flash Drive, will that GDID from Windows still be dangerous or since we are booting it from an USB flash drive, can we consider Windows and its spywares completely disabled?
Just another question: Is it better to use Qubes os VS Tails with its built-in Persistent Storage feature, assuming we want to save things instead of forgetting everything during shutdown? Both are great at anonymity but Tails shines with its amnesic feature, unless we use its persistent storage feature.
|
|
|
|
Cricktor
Legendary

Activity: 1554
Merit: 4159
|
 |
Today at 06:36:33 AM |
|
... From what I know about IT when you boot into Tails or another OS that doesn't interact or use components of the installed Windows, the GDID from Windows shouldn't be a problem in Tails and shouldn't be transmitted in any way. (This assumption is grounded in the believe that Intel ME (Management Engine) doesn't do nasty things on a lower level where even any OS running on the system doesn't have control of; AMD has something similar called AMD Platform Security Processor or AMD Security Technology). It's not likely that this happens as people with good network analysis skills would've spotted such activity. Sure, could be encrypted but network packets can't have their destination encrypted, too. I've no experience so far with Qubes OS. My Tails USB drive uses persistent storage for stuff I don't want it to forget.
|
|
|
|
LoyceV
Legendary

Activity: 4102
Merit: 22306
Thick-Skinned Gang Leader and Golden Feather 2021
|
Is it better to use Qubes os VS Tails with its built-in Persistent Storage feature It depends  Tails isn't really meant to be used as a daily driver. You use it (only) when you want to be anonymous. Qubes is designed to isolate vulnerabilities by virtualizing everything. So it depends on what you're using it for.
|
¡uʍop ǝpᴉsdn pɐǝɥ ɹnoʎ ɥʇᴉʍ ʎuunɟ ʞool no⅄
|
|
|
|
Italian Panic (OP)
|
I have one interesting question (interesting for me). I don't know well how things work but if someone has installed Windows OS on their computer but uses Tails, booted via USB Flash Drive, will that GDID from Windows still be dangerous or since we are booting it from an USB flash drive, can we consider Windows and its spywares completely disabled?
Just another question: Is it better to use Qubes os VS Tails with its built-in Persistent Storage feature, assuming we want to save things instead of forgetting everything during shutdown? Both are great at anonymity but Tails shines with its amnesic feature, unless we use its persistent storage feature.
Absolutely. When you boot an operating system from a USB stick in live mode, it runs entirely in RAM and does not use any other hardware storage, so once you shut it down, it forgets everything and Windows isn’t loaded, so there’s no risk. If the USB version is created with persistence enabled, however, telemetry data begins to be stored on the USB stick. Another issue is the architecture of an operating system: Microsoft is designed to have the vulnerabilities we’re discussing, whilst Linux, and especially Tails, have an architecture geared towards protecting personal data. I hope the incompetent EU bureaucrats do something about the blatant spying and data storage of all those who use Windows within the EU, and perhaps they should threaten Microsoft with a ban on using this system if they don't change something about the way they collect user data.
European bureaucrats are the first to want data surveillance, once they realise they cannot stop the crypto sector, they will want to get their hands on it by taxing it, because european countries have lost their economies, industry and trade, so they will be desperate for money. That is why I am telling you that they will want to know, at all costs, who holds crypto, so that they can tax them. since I'm planning to buy a new computer and use Linux, I'll definitely deal with it later.
I would advise you to buy one PC without an operating system and then install one yourself using a Linux distribution. Alternatively, buy a PC with an HDD and Windows pre installed, buy a blank SSD and replace the hard drive yourself, then install Linux and you can format the HDD. In any case, NEVER INSTALL Linux on a machine that previously had Windows 10 or Windows 11 installed, because the GDID remains as a fragment even after formatting, and it is still unclear whether it is truly inactive or retains some level of activity. Microsoft says it remains 100% inactive, which is why I don’t trust it, and we’re working to understand this.
|
KYCNOTLIST.COM | | █████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ █████ | ██████████████████████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████████████████████ | █████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ █████ | | | ▬▬▬✅️▬▬▬ Comprehensive Database ▬▬▬▬▬▬▬ | | ▬▬▬✅️▬▬▬ KYC/AML Levels ▬▬▬▬▬▬▬ | | | ▬▬▬✅️▬▬▬ Independent Analysis ▬▬▬▬▬▬▬ | | | ...CHECK NOW.... ...TOR MIRROR... |
|
|
|
LoyceV
Legendary

Activity: 4102
Merit: 22306
Thick-Skinned Gang Leader and Golden Feather 2021
|
In any case, NEVER INSTALL Linux on a machine that previously had Windows 10 or Windows 11 installed, because the GDID remains as a fragment even after formatting, and it is still unclear whether it is truly inactive or retains some level of activity. Microsoft says it remains 100% inactive, which is why I don’t trust it, and we’re working to understand this. I always install Linux the moment I get my hands on any Windows system  But if what you're saying is true, that would mean the spyware has to be embedded in the hardware, and be able to spy and broadcast what I do under Linux. Based on their track record, I highly doubt Microsoft is able to pull that off.
|
¡uʍop ǝpᴉsdn pɐǝɥ ɹnoʎ ɥʇᴉʍ ʎuunɟ ʞool no⅄
|
|
|
ABCbits
Legendary

Activity: 3668
Merit: 10203
|
 |
Today at 08:42:23 AM |
|
Just another question: Is it better to use Qubes os VS Tails with its built-in Persistent Storage feature, assuming we want to save things instead of forgetting everything during shutdown? Both are great at anonymity but Tails shines with its amnesic feature, unless we use its persistent storage feature.
If you only need to access things occasionally and it's not heavy task (such as creating Bitcoin TX from Electrum), IMO just use Tails. Otherwise, consider using Qubes. But Qubes need better/faster hardware and not as user-friendly as Tails. In any case, NEVER INSTALL Linux on a machine that previously had Windows 10 or Windows 11 installed, because the GDID remains as a fragment even after formatting, and it is still unclear whether it is truly inactive or retains some level of activity. Microsoft says it remains 100% inactive, which is why I don’t trust it, and we’re working to understand this.
Did i miss something? the GDID string probably still exist if you only quick format the SSD/HDD. But based on this thread, GDID string seems to exist only on Windows registry and Windows server.
|
|
|
|
NotATether
Legendary

Activity: 2394
Merit: 9884
┻┻ ︵㇏(°□°㇏)
|
 |
Today at 12:29:47 PM |
|
In any case, NEVER INSTALL Linux on a machine that previously had Windows 10 or Windows 11 installed, because the GDID remains as a fragment even after formatting, and it is still unclear whether it is truly inactive or retains some level of activity. Microsoft says it remains 100% inactive, which is why I don’t trust it, and we’re working to understand this. How? If it's a device level identifier stored in software, then the moment you format the disk it's gone. Maybe it comes back when you reinstall Windows, in which case, what happens if you have two Windows installations on the same disk? They will have the same GDID? That doesn't seem possible, so it leads to the idea that some random GDID being generated per Windows installation is more likely.
|
|
|
|
nc50lc
Legendary

Activity: 3206
Merit: 8915
Self-proclaimed Genius
|
 |
Today at 12:37:48 PM |
|
-snip- because the GDID remains as a fragment even after formatting, and it is still unclear whether it is truly inactive or retains some level of activity. Microsoft says it remains 100% inactive, which is why I don’t trust it, and we’re working to understand this.
How about on a disk that had been zero-filled at multiple passes or random-filled? Surely not since GDID isn't saved elsewhere other than the disk where Windows was installed, no?
|
|
|
|
Lucius
Legendary

Activity: 4032
Merit: 7598
|
 |
Today at 01:16:30 PM |
|
I hope the incompetent EU bureaucrats do something about the blatant spying and data storage of all those who use Windows within the EU, and perhaps they should threaten Microsoft with a ban on using this system if they don't change something about the way they collect user data.
European bureaucrats are the first to want data surveillance, once they realise they cannot stop the crypto sector, they will want to get their hands on it by taxing it, because european countries have lost their economies, industry and trade, so they will be desperate for money. That is why I am telling you that they will want to know, at all costs, who holds crypto, so that they can tax them.Then they will have to change the laws, because currently you only pay profit tax when you sell cryptocurrency, and in some countries that tax is 0% if you sell after 1, 2 or 3 years after the investment. However, I have no doubt that the EU will be on the same side as their friends on the other side of the ocean on this issue. since I'm planning to buy a new computer and use Linux, I'll definitely deal with it later.
I would advise you to buy one PC without an operating system and then install one yourself using a Linux distribution. ~snip~
That's the only option I'm considering, while at the same time researching which brand to choose.
|
|
|
|
|
Italian Panic (OP)
|
 |
Today at 01:45:35 PM |
|
In any case, NEVER INSTALL Linux on a machine that previously had Windows 10 or Windows 11 installed, because the GDID remains as a fragment even after formatting, and it is still unclear whether it is truly inactive or retains some level of activity. Microsoft says it remains 100% inactive, which is why I don’t trust it, and we’re working to understand this. I always install Linux the moment I get my hands on any Windows system  But if what you're saying is true, that would mean the spyware has to be embedded in the hardware, and be able to spy and broadcast what I do under Linux. Based on their track record, I highly doubt Microsoft is able to pull that off. I admit that I’m sometimes a bit too cautious, but whilst exploring computer systems I have come across some truly mind boggling things. I came to trust open source and stopped using proprietary software many years ago, which is why I trust Bitcoin and have very little faith in third parties. Backdoors are everywhere, and they are there on purpose because the sums of money involved in personal data are enormous, and we all know that.
|
KYCNOTLIST.COM | | █████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ █████ | ██████████████████████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████████████████████ | █████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ █████ | | | ▬▬▬✅️▬▬▬ Comprehensive Database ▬▬▬▬▬▬▬ | | ▬▬▬✅️▬▬▬ KYC/AML Levels ▬▬▬▬▬▬▬ | | | ▬▬▬✅️▬▬▬ Independent Analysis ▬▬▬▬▬▬▬ | | | ...CHECK NOW.... ...TOR MIRROR... |
|
|
|
|
Italian Panic (OP)
|
 |
Today at 02:02:23 PM |
|
Did i miss something? the GDID string probably still exist if you only quick format the SSD/HDD. But based on this thread, GDID string seems to exist only on Windows registry and Windows server.
If it's a device level identifier stored in software, then the moment you format the disk it's gone. Maybe it comes back when you reinstall Windows, in which case, what happens if you have two Windows installations on the same disk? They will have the same GDID? That doesn't seem possible, so it leads to the idea that some random GDID being generated per Windows installation is more likely.
Surely not since GDID isn't saved elsewhere other than the disk where Windows was installed, no?
I would like to remind you that if you uninstall Windows, by that point the GDID will already have sent your computer fingerprint and full telemetry data to Microsoft servers. What is the GDID? It is a unique code that Microsoft assigns to every device on which a Windows operating system (OS) is installed, whether pre installed on the machine or installed at a later date. In effect, it is a system native IP address that transmits complete telemetry (fingerprint) data about the machine to Microsoft servers, including reports on system crashes, unspecified reports, licence checks, traffic, software and hardware. In practice, it’s a complete fingerprint taken without your agree.
Then, upon a subsequent reinstallation on the same machine, the GDID will change, but by sending the new data to Microsoft’s servers, they will be able to find a match and recognise that it is the same machine. Obviously, if you have 2, 3, …, n machines, you will also have 2, 3, …, n GDID. My colleagues and I believe that the GDID is much more persistent than Windows claims, and this would not be surprising, however, at the moment it remains merely our assumption.
|
KYCNOTLIST.COM | | █████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ █████ | ██████████████████████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████████████████████ | █████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ █████ | | | ▬▬▬✅️▬▬▬ Comprehensive Database ▬▬▬▬▬▬▬ | | ▬▬▬✅️▬▬▬ KYC/AML Levels ▬▬▬▬▬▬▬ | | | ▬▬▬✅️▬▬▬ Independent Analysis ▬▬▬▬▬▬▬ | | | ...CHECK NOW.... ...TOR MIRROR... |
|
|
|
vapourminer
Legendary

Activity: 5096
Merit: 6506
what is this "brake pedal" you speak of?
|
 |
Today at 02:06:18 PM Last edit: Today at 02:19:43 PM by vapourminer |
|
In any case, NEVER INSTALL Linux on a machine that previously had Windows 10 or Windows 11 installed, because the GDID remains as a fragment even after formatting, and it is still unclear whether it is truly inactive or retains some level of activity. Microsoft says it remains 100% inactive, which is why I don’t trust it, and we’re working to understand this. that would be annoying. many spare drives i would use have generally had some version or another of windows on it. if its on a drive would not a full format (DBAN/secure erase) delete it? or are you (@Italian Panic) implying that the gdid is in firmware somewhere (nvme/hd firmware, BIOS, something else?) edit: just saw your fingerprinting post. like mac address cpu id etc. i remember that years ago with having to reactivate win XP - if you changed too much hardware your windows install flipped out and had to be reactivated. while im sure windows fingerprinting is far more intrusive now than then, i wonder how hard it would be to fool whatever algo microsoft uses.
|
|
|
|
|
|