• 11 Posts
  • 946 Comments
Joined 3 years ago
cake
Cake day: June 16th, 2023

help-circle





  • So it’s a unique id “stamped” to your Windows install during setup when you sign into a Microsoft account during the OOB setup experience. It gets stored in the machine’s registry, and is used for uniquely identifying your hardware and tying it to a Microsoft account for licensing purposes.

    It does not persist between reinstalls, and it is in a known registry location so therefore viewable and editable now that we know it’s there. We don’t yet know the exact effects of editing it, or how exactly they correlated it in this case with the person’s network activity.


    I expect we’ll have some mitigation plan in the next few months. Obviously starting with the recommendations in the article.

    Completely pulling this from my ass:

    • There should be some ways for researchers to watch what accesses that registry key and when.
    • Hypothetically, one could just randomize their GDID.
      • Could target specific known ones to flood the data collected (everyone uses all zeros)
      • Forge evidence against specific targets (collect the GDID off a target’s machine, then set a VM to that and go nuts)
      • or just randomly generate 1000 then activate Windows on all of them using MASgrave and rotate through them. Would probably need to randomly space out the activations, use generic hardware, and randomly shuffle the ones you used. Would also help to have multiple in use at once generating fake cover data to hide the real stuff in.

    At this point it’s probably easier to just go off grid than to try and make Windows “private”.





  • You’ve got a job waiting for you with Nanotrasen’s finest doctors aboard the illustrious Space Station 13!

    It’s a bunch of slapped together simulation systems in a trench coat, slathered in a layer of spessman slime and clown wigs, and shoved in an ancient diy MMO engine from the mid 2000s solely kept alive by this game.

    More importantly, you can strap someone to an operating table in medbay, slice off their butt with a scalpel. You can then wear it as a hat.

    Alternatively give it to the chef so he can cook a butt burger, or give it to the roboticist who can slap it on a talking roomba that runs around repeating what people say but switching words with “BUTT” (help changeling in BUTT!). People without butts cannot fart emote, and certain illnesses that would cause them to fart instead deal internal damage until they explode in a shower of blood and viscera.










  • Oh 100%.

    Microsoft claimed ages ago when they made updates effectively mandatory (you can turn them off entirely or delay them by 27 day chunks forever on non-enterprise installs) that they would dynamically detect the times your computer wasn’t actively being used and try to target that, but it never really made a difference besides “aim for when the computer is likely powered off anyway”.

    And that still doesn’t hit the basic “is the user presenting in PowerPoint, running a full screen video/program?” sort of common freaking sense stuff you’re talking about.

    In some nicer news, Microsoft finally started trying to release some updates as “live updates” that don’t require a reboot late last year. So maybe in a decade they’ll get close to the Linux update experience.