• placebo@lemmy.zip
    link
    fedilink
    English
    arrow-up
    22
    ·
    4 hours ago

    Now for the version in plain English: Sign into Windows with a Microsoft Account, and a server assigns your installation a permanent ID number. Windows stores it locally, several background services read it, and it gets stamped onto activity your PC reports back to Microsoft.

    Wait. I understand that this ID is used for Windows <> Microsoft communications. How did it escalate them to knowing that this ID was used to visit ngrok and the retailer’s website? Does Windows report website visits? Does it append this ID to HTTP requests? Or what’s the connection here?

    • RainbowBlite@piefed.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 hours ago

      The connection is that Windows records everything you do. So the FBI asks for every Windows user who accessed a specific site around a date/time and Microsoft can provide that.

      You accessed a site over VPN? Your ISP has no idea it was you, , and the VPN didn’t keep records, but Windows recorded that and sent it back to the mothership with your unique identifier.

      • angband@lemmy.world
        link
        fedilink
        arrow-up
        6
        ·
        3 hours ago

        Exactly it, and their claim that it is stored with bitlocker level encryption is obviously meaningless if they have the keys.

        • 4am@lemmy.zip
          link
          fedilink
          arrow-up
          8
          ·
          3 hours ago

          Fun fact, windows 11 backs up your bitlocker private key with Microsoft if you sign in with a Microsoft Account.

          There’s a database somewhere with every bitlocker key to almost every Windows 11 device on earth.

          I’m sure they let the NSA and the FBI right in. The CIA probably has sleeper agents working devops at Microsoft so they don’t even need to access it procedurally. $10 says Israel can access it too, because why the fuck not.