Microsoft Generates Device-Specific ID Linked to User’s Microsoft Account, Telemetry Can Report All Websites Visited to Microsoft

July 15th, 2026

Via: tom’sHARDWARE:

The Internet is buzzing over news that 19-year-old Estonian “hacker” Peter Stokes got nabbed by the authorities and extradited to the U.S. on digital crime charges, mostly thanks to Microsoft Windows’ built-in telemetry. The FBI seemingly subpoenaed Microsoft, which coughed up telemetry logs that contained both Stokes’ GDID (Global Device Identifier) and websites he visited using his main Windows machine.

The existence of GDID isn’t new by itself, as Windows telemetry’s data collection has been extensively analyzed and reported on. It’s also been known, and publicly explained by Microsoft, that the extended telemetry modes (Full/Optional instead of Required/Basic) can upload lists of URLs analyzed by SmartScreen and Defender, together with the GDID. In fact, using the Edge browser in this setup can even send every visited URL. The court documents do not reveal which exact mechanism triggered the telemetry upload, though.

This data collection has long been the source of heated debate and general public disgust. Even though the data is genuinely useful and necessary for debugging (by Microsoft or systems administrators in enterprise environments), the fact that it comes enabled by default in Windows Home and Professional editions is questionable. The fact that those versions don’t have a simple, user-facing “Off” switch to fully disable telemetry also adds insult to injury.

The Peter Stokes arrest appears to be the first public case where these Windows GDIDs were both used as a tracking identifier and contained telemetry data including some of the URLs the defendant visited. The case also prompted a renewed analysis of the GDID by a security researcher that you might want to look into. From what we can ascertain, it’s likely Stokes had his Windows telemetry set to Optional/Full, as Required/Basic doesn’t appear to transmit URLs by default.

Leave a Reply

You must be logged in to post a comment.