

More so that they used the same Windows machine where they were signed in with their real personal Microsoft account as the machine they used for their illicit actions.
VPN only masks your source IP, not any of the other identifiers, of which we now know a new one.


















So it’s a unique id “stamped” to your Windows install during setup when you sign into a Microsoft account during the OOB setup experience. It gets stored in the machine’s registry, and is used for uniquely identifying your hardware and tying it to a Microsoft account for licensing purposes.
It does not persist between reinstalls, and it is in a known registry location so therefore viewable and editable now that we know it’s there. We don’t yet know the exact effects of editing it, or how exactly they correlated it in this case with the person’s network activity.
I expect we’ll have some mitigation plan in the next few months. Obviously starting with the recommendations in the article.
Completely pulling this from my ass:
At this point it’s probably easier to just go off grid than to try and make Windows “private”.