• Phoenixz@lemmy.ca
    link
    fedilink
    English
    arrow-up
    14
    ·
    5 hours ago

    Microsoft fucked their customers for the #69514026th time, will it be enough to make people switch to Linux, or do they just like being fucked? Who knows.

    • Talcosis@lemmy.zip
      link
      fedilink
      English
      arrow-up
      6
      ·
      3 hours ago

      I legitimately tried to switch to Linux a few days ago. Got virtual ox running, got one of the recommended noob distros (cinnamon?) and then got an error message that I cannot make sense of during install. Even googling it didn’t help

      I’m not a computer guy, and I’m legitimately concerned that if I ask for help on the Linux forums I’ll be the punching bag of the week.

      • dream_weasel@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        7
        ·
        3 hours ago

        You’ve got two things going on:

        1. If you are trying to switch, a virtual machine is a bad way to start and it’s the hard way. What you really want is to use Rufus or something (easy Google) to make you a bootable USB and you just boot in and play around. It MAY require you to change boot order in BIOS if you plug it in and reboot and nothing happens, but that’s an easy fix
        2. You want to ask for help. You only get “beat up” if it looks like you did nothing first and you are asking people to do it for you. Pretty much every place you go if you can say, “I want to do X, it doesn’t work so I tried Y and Z.” Nobody will say shit to you. Also, on Lemmy if you say you’re new, people like me and the other guy who replied will probably offer to just DM us directly (which for me you can).
        • Talcosis@lemmy.zip
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 hours ago

          Might try the boot USB route. I wanted to do a virtual box so I could easily test to see if my current games/programs work

          • RamRabbit@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            ·
            2 hours ago

            Going to second dream_weasel’s suggestion. Don’t try to game in a VM. That is going the ultra-hard route while you are still unfamiliar with the OS.

            My suggestion is to take a side/old computer you don’t use every day, format it, and install Linux on it. Completely blow away Windows on that machine. Then use it regularly until you get comfortable with it. You still have your main computer to lean on.

            Once you are comfortable enough with it, flip the script. Put Linux on the main machine and Windows on the side/old machine. You will find yourself turning on the side/old machine less and less.

          • dream_weasel@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            5
            ·
            2 hours ago

            I think that will require you to do some passthrough for drives and hardware which may not be trivial. If you’re close to something working, stick to it. Otherwise I think that VM road is mostly pain. Caveat: I have not tried to do VM stuff in probably 10 years so it could be easier now.

    • Malyca@lemmy.zip
      link
      fedilink
      English
      arrow-up
      5
      ·
      4 hours ago

      I’m switching. I’ve been intimidated by the command lines but jfc these people are cartoonishly evil.

      • captainlezbian@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        58 minutes ago

        I’ll say that I only touch command line when I want to on nobara (I hear bazzite is the same). In general the days of command line being necessary are over

      • HakunaHafada@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 hours ago

        Mint was my first Linux distro away from Windows. Command line stuff is essentially optional if you’re just using the computer for web browsing, gaming through Steam, basic desktop usage, etc. No regrets, fuck Microsoft.

    • jpreston2005@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      5 hours ago

      I downloaded this program called “Driver Easy,” which scans my hardware, searches automatically for driver updates, downloads and installs them for me. If I could download a wizard that got rid of windows, installed a nice user-friendly version of linux, while keeping my old programs, files and junk… I’d do it in a heartbeat. All I want to do is play my video games from Steam, download shit to watch, browse the internet, write in Libreoffice… Can I do all those things with Linux? Can I download some install wizard to switch?

      If that wizard existed, a shit ton of people would switch. It’s just the idea of deleting my current OS and putting in a new one makes me thing I’m gonna brick my machine.

      • notnixxon@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        3 hours ago

        It’s always a good idea to back up your important files before a big change like switching operating systems, and your old software won’t work. But drivers haven’t been an issue for me in years. Mint is probably a super easy distribution for the switch. You can load it on a USB and give it a try before committing to the full install.

      • Toes♀@ani.social
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 hours ago

        Those driver tools are often bundled with malware and do a poor job validating what they download is safe and correct. They are often associated with services that crawls the internet for downloads and tries to match the hardware id.

        Generally, drivers are available from the motherboard or device manufacturer page. That said it’s rarely the solution and for your gpu (amd or Nvidia) they already have their own tool for keeping you up to date.

        But with Linux most of that is taken care of for you by either the kernel itself or your distro’s maintainer.

        Most games work fine on Linux and may only require small tweaks. You can check the games you’re interested in playing on protondb. http://www.protondb.com/

        The notable exceptions are games with aggressive anticheat software. Such as but not limited to (EA games, PubG, Fortnite, GTA5)

        If you’re looking for something “easy” look into Kubuntu LTS.

      • Mediaburn@lemmy.zip
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 hours ago

        You just need to think outside of the box. Instead of thinking. Instead of: “Can I convert my windows programs to linux?” Think: “Is there a free linux alternarive?”. 99℅ of the time the awnser is yes and most of the time they are even better. I made the mistake of seeing linux as a windows replacement and forced my self to get the same shit running on my linux distro. Then I changed my way of thining and it completely made the transition so much easier. Yes it will take a little time to get the thinks the way you want. But with a little investment you will have a machine that YOU control. And not the other way around. I had to boot up my windows partition the otherday to copy some leftover documents. And it felt so fucking alien to me… And Ive been a windows user since 95. But It has been a long time since my computer actually felt like mine again.

  • PissingIntoTheWind@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    6 hours ago

    I do absolutely nothing illegal on my windows 11 machine. I save the fun torrenting for my Mac. And soon I’ll have a Linux device set up.

  • iterable@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    8
    ·
    8 hours ago

    Cant wait for someone to make or reveal they already have a GDID spoofer and can now make grandma look like the worlds number 1 hacker.

  • someone@lemmy.today
    link
    fedilink
    English
    arrow-up
    55
    arrow-down
    1
    ·
    19 hours ago

    I can’t believe Microslop would do something like this to its loyal customers!

    • Eximius@lemmy.world
      link
      fedilink
      English
      arrow-up
      61
      arrow-down
      7
      ·
      23 hours ago

      A genz hacker. In a world where “hacking” is writing prompts and calling IT help desks.

      • Passerby6497@lemmy.world
        link
        fedilink
        English
        arrow-up
        19
        ·
        8 hours ago

        and calling IT help desks.

        It always amazes me how much people shit talk social engineering, when it’s been a power house for hackers since the beginning.

        The human (or I guess AI now) element is always the weakest link

      • Captain Aggravated@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        32
        arrow-down
        10
        ·
        edit-2
        18 hours ago

        Okay look, I’m old, I’m inadequate, and I’m drunk. But I’m also a millennial, and I was a flight instructor at the age of 23. I pray to whatever god actually exists instead of Jesus for the unceremonious deletion of every soul that doesn’t give young folks a chance to learn, grow and actualize themselves. Because I am so inordinately sick of being written off due to the year in which my parents fucked that I’ve got room on the docket to be pissed off when you do it to cohorts other than mine.

        It is our responsibility to teach the kids, to let them learn, to let them fuck up in order to learn some more, so that they can become the actual adults someday. And it hurts my mind, soul and dick that I’m apparently the only human on earth not excessively lead-addled to realize that. And bitch I’ve washed my hands in 100LL. It’s blue and feels cold at any temperature.

        If there’s one thing I’m going to teach you commie retards before I’m banned outright from this platform, it’s that you treat your students with at least the benefit of the doubt if you can’t manage genuine respect. Believe it or not, they’re real people living real lives that are different than your own. Things that are obvious to you aren’t to them because their lives led them to be curious about a different set of things than you did. And if you find yourself in the role of “teacher”, almost always your path led you to expertise sooner than your students. Sooner. Not Younger. I can tell you that, having served as a flight instructor at 23 mostly teaching men in their 50’s.

        You think you’re the senior in a field? You think it’s your job to reign superior over your juniors? Think again. Because it’s your job to sit in the right seat as a kid twice your age sits in the Captain’s seat and fails to use the rudder correctly, because falling off a bike is how you learn how to ride. You have to let them slam the plane into the runway, because how the hell else are they going to learn?

        Anyone with more experience expressing contempt for those with less experience for having shown up later: FUCK YOUR FUNERAL. Die unmourned.

        • CancerMancer@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          17
          ·
          14 hours ago

          The amount of times boomers on worksites called me retarded for not knowing how to do something I’d never done before astounded me.

          Meanwhile these fuckers would get real butthurt and start yelling and making a fuss when they’d struggle to find a file they just saved on their PC and you do anything besides silently assist them.

          I vowed to be different, to teach my people what it means to be competent and respectful. I tell them I expect to see the same level of professionalism and respect I show them going to everyone around them. It’s working! They aren’t coming to work high or hungover, they aren’t being pieces of shit, and they’re communicating with each other instead of yelling insults at each other (well except for when its funny lol).

          This has made me unpopular with the boomer leaders but fuck em: we get shit done, we get it done right, nobody gets hurt, and everybody feels respected and doesn’t dread coming to work.

        • dragonlobster@programming.dev
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          11 hours ago

          it’s not the experience or knowledge part that bothers me, as you said people focused on different things and everyone starts from 0. it’s the attitude of giving up when their ai slop doesn’t work or coming up with bandaid solutions to get the task done quickly rather than trying to actually learn or see the bigger picture. it’s an era of short attention span and fast dopamine due to tech, ofc everyone is affected but gen z and a more so because their parents put ipads in their faces since 0 years old.

          • warbond@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            ·
            11 hours ago

            It’s a response to the tired refrain that the latest generation are stupid and lazy

            • Passerby6497@lemmy.world
              link
              fedilink
              English
              arrow-up
              6
              arrow-down
              4
              ·
              8 hours ago

              Stop being a boomer

              You should try that and not use such idiotic language, like calling people rtrds or to ‘teach like a man’, cuz that’s some of the most boomer bullshit I’ve heard in years.

        • scutiger@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          ·
          6 hours ago

          It always is. Even if you’re actually calling for help, you need to basically trick them into helping you these days.

      • lordziv@lemmy.nz
        link
        fedilink
        English
        arrow-up
        19
        arrow-down
        2
        ·
        22 hours ago

        Tbf, some of the best hackers were social engineering their way into the backend just by calling up certain support numbers in the 80s

        • skozzii@lemmy.ca
          link
          fedilink
          English
          arrow-up
          10
          arrow-down
          7
          ·
          21 hours ago

          I refuse to call social engineers hackers, conmen is more fitting.

          • Passerby6497@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            ·
            8 hours ago

            You can refuse to call them hackers, everyone is entitled to be wrong about something.

            Kevin Mitnick was a prolific hacker who used social engineering regularly to infiltrate, and hackers still do today. Humans are a massive weak point in any org, that’s why we have to take quarterly training not to be a moron and let someone into our network through doing something stupid.

            • zod000@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              1
              ·
              29 minutes ago

              Mitnick was also a hacker, but I never considered his social engineering feats as hacking themselves. They were definitely what let him accomplish his goals though and I consider those skills adjacent, just like lock picking. If you see someone picking a lock, I doubt your brain says “OMG a hacker!”.

          • Squirrelanna@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            8
            arrow-down
            1
            ·
            14 hours ago

            Defcon would disagree. I’ve watched so many presenters talk about all forms of penetration testing, many of which used social engineering and lockpicking as a way to create exploitable vulnerabilities in networks. Whether or not you care to call them hackers… It doesn’t really matter, won’t stop them from hacking.

          • thallamabond@lemmy.world
            link
            fedilink
            English
            arrow-up
            11
            arrow-down
            1
            ·
            17 hours ago

            Hacking is making something work in an unconventional or unexpected way. Social engineers hack people in that way.

          • HieroProtagonist@lemmy.ml
            link
            fedilink
            English
            arrow-up
            6
            arrow-down
            5
            ·
            14 hours ago

            Real hackers social-engineered their way into high security systems decades before the first blue haired femboy nerd proudly announced “Btw i am usin Arch!”

  • cley_faye@lemmy.world
    link
    fedilink
    English
    arrow-up
    40
    ·
    22 hours ago

    I was gonna comment something about Linux distro also having a machine ID, but then I remembered that it’s not in a big database, and it’s so well enforced I routinely have multiple machines with the same ID pop up :D

    • PieMePlenty@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      ·
      15 hours ago

      Linux users will probably tell you their id if you ask them nicely and seem interested in their distro of choice.

    • bloogoose@lemmy.zip
      link
      fedilink
      English
      arrow-up
      94
      arrow-down
      2
      ·
      1 day ago

      No you don’t understand… I’ve spent the last 30 years investing in increasingly awful software companies to create “industry standards” and leaving these companies behind would require me to change and learn!!!

      • sp3ctr4l@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 hours ago

        Even worse!

        Admitting that I was not always doing the most sensible thing, at all times! That I was actually doing really stupid things, for a long time!

        I … I can’t make mistakes… no … reality is wrong!

      • M137@lemmy.today
        link
        fedilink
        English
        arrow-up
        14
        ·
        21 hours ago

        So many issues with the world boils down to that last part, people refusing to change and learn. I never understood it, I’ve always loved change and learning. I’ve seen so many people go from having that same openness to only caring about keeping everything the same and never learning, it’s really disturbing. Some are like that from a very early age, others fall into it at any other part of their lives and it’s never a good thing IMO.

        • agamemnonymous@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 hours ago

          For me, I’ve got a million interests. I could change and learn this one thing, but that would take time away from learning about other, more personally interesting things.

      • dindonmasker@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        22
        ·
        1 day ago

        I talked with the women i’m working with where we print our price lists about changing from adobe to something else and she told me it would be a bad idea since it would make both of our work much more buggy and time consuming with more chances of the end result being worse. So i’ll keep using indesing and the adobe suite for now but i did switch from sketchup to blender for 3D modeling and it’s a bit challenging and more messy then i’m used to but i get better rendering results from what i tried so far.

      • Wioum@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        20 hours ago

        At some point you just have to leave the software behind. That time is now!

    • mic_check_one_two@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      1
      ·
      1 day ago

      If your system uses systemd, it has an etc/machine-id, which is used for a lot of different things. And changing it will break a lot of stuff, probably until you reboot. I guess you could write something to randomly shuffle it every time you reboot? But it is the go-to way for lots of programs (including browsers) to identify themselves. Which means (unless you have done the work to scramble your machine ID) you can be tracked on Linux as well.

      • treadful@lemmy.zip
        link
        fedilink
        English
        arrow-up
        51
        ·
        1 day ago

        The difference is that Linux isn’t sending telemetry to some central entity associating that ID to an IP.

        Microsoft’s records showed that at that exact same minute, a Windows device carrying GDID g:6755467234350028 had visited the ngrok signup page. Three hours later, the same GDID visited the retailer’s own website, through the same Tzulo proxy address used to set up the ngrok account.

        This article is super vague about this as well. How does Microsoft not only have the GDID->IP link, but they have Web history as well? Are they just exposing all this through advertising telemetry?

        Fucking gross. And if you know of anything on Linux exposing/transmitting the machine-id, please do let everyone know because nothing should. Anything that does should be considered malware.

        • Trainguyrom@reddthat.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          7 hours ago

          This article is super vague about this as well. How does Microsoft not only have the GDID->IP link, but they have Web history as well? Are they just exposing all this through advertising telemetry?

          My interpretation was that they had an IP that they suspected was the perp’s home network, and subpoena’d some major platforms to confirm beyond a shadow of a doubt. Given the perp’s sloppiness in using the same machine for both personal and illicit computing activities, they could even have some network traffic in the capture to indicate which platforms they should subpoena

          Or if we want to be more conspiracy-minded, maybe they installed a trojan on his computer and this is the parallel evidence trail that law enforcement created so they don’t have to admit to hacking the hackers

        • hexagonwin@lemmy.today
          link
          fedilink
          English
          arrow-up
          4
          ·
          14 hours ago

          i think i remember hearing the dbus machine-id being read by google chrome on linux. it could be used for privacy violation with proprietary software, though i personally consider linux machines with chrome or equivalent software installed compromised.

          • treadful@lemmy.zip
            link
            fedilink
            English
            arrow-up
            27
            ·
            1 day ago

            It’s not just Windows tracking your web browsing history. GPU drivers do it too.

            …on Windows. if you explicitly install their malware and agree to data sharing.

        • Septimaeus@infosec.pub
          link
          fedilink
          English
          arrow-up
          17
          ·
          edit-2
          1 day ago

          Upvoting both comments for awareness, since Linux is the first of a multi-step process, not a privacy panacea.

          But we must be clear that in both theory and practice there’s little comparison between systemd and modern Windows machine-user association.

          Someone using Windows regularly has a gaping wound, is actively bleeding out. Switching to Linux is just a tourniquet, but every other treatment is at best no-effect until that tourniquet is applied.

          E: transpose systemd/Windows for clarity

          • DevDave@piefed.social
            link
            fedilink
            English
            arrow-up
            5
            ·
            1 day ago

            Also as a life long programmer, I have this feeling it is possible to just go in and make some changes so I can have the system just make shit up about the TPM while indeed also doing the equivalent of having system-d decide to respond with random bullshit.

            Don’t even need to be a programmer, just find a community of them that you trust that distribute their own “fixes”.

            Definitely not doing that with anything else because its both hidden in compilation and buried like herpes across multiple components. Probably/hopefully not directly related but I really want to know what they changed to break the clipboard service.

            • Septimaeus@infosec.pub
              link
              fedilink
              English
              arrow-up
              3
              ·
              24 hours ago

              And you’d be technically correct, the best kind of correct.

              To the inquisitor:

              any distro that’s fully OSS can be fully compiled from scratch with any modifications you choose).

              Though yes, if you’re still using Windows, the learning curve may look like a wall.

              I really want to know what they changed to break the clipboard service

              Guessing the X11 [X]Wayland migration KDE Plasma bug report? Should be fixed in 6.5.2.

              • DevDave@piefed.social
                link
                fedilink
                English
                arrow-up
                3
                ·
                17 hours ago

                Adjacent comment. I’ve found working in a true posix environment is drastically better than the oddities I dealt with Win32. One annoyance is Microsoft has never been able to implement fork().

                Though i never messed with x11 as I was never motivated to see what it was like under the figurative hood.

                • Septimaeus@infosec.pub
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  16 hours ago

                  It really is a hell of a lot more sane, instantly missed once you don’t have it. And yeah Fork’s a blessing when used with care lol

              • DevDave@piefed.social
                link
                fedilink
                English
                arrow-up
                3
                ·
                17 hours ago

                Sorry, switched contexts there. Microsoft broke their clipboard service recently which makes me think they added “telemetry” collecting logic somewhere in there.

                • Septimaeus@infosec.pub
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  16 hours ago

                  Oh right, I misread. And yeah not sure (my win32 repro targets have all been locked for a while) but with all the facepalm regressions I’ve read about lately it really could be anything.

        • mic_check_one_two@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          23 hours ago

          Yeah, motherboard-level tracking is scary because even the OS won’t be able to detect it. The truly paranoid people (and security researchers) go as far as desoldering chips to ensure nothing phones home.

      • ozymandias117@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        22 hours ago

        Where in the source does Firefox expose machine-id to websites?

        With a quick grep I’m only seeing it around audio?

    • Honytawk@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      5
      ·
      11 hours ago

      I wouldn’t call overhauling your entire operating system, including finding alternatives to software you use daily, making sure your hardware is compatible and relearning your entire work method as an “easy trick”.

      • Trainguyrom@reddthat.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 hours ago

        In any other context I’d agree with you, but hacking is the one context where you really do want to do things the hard way. Use ephemeral VMs with passwords only saved in your head, have a dedicated machine for your illegal activities to help isolate your real identity from your hacking.

        Honestly even if you’re just doing HackTheBox and similar best practice is to spin up a Kali VM and only use that VM for the activity since you’re literally connecting to a network with a bunch of hackers, even though what you’re doing is entirely above the board

  • db2@lemmy.world
    link
    fedilink
    English
    arrow-up
    97
    ·
    1 day ago

    So they’re saying that all these “secret” societies online, like the Peter Thiel psychopathy, are relatively easily identified and rounded up and prosecuted to the fullest extent of the law, and they’re just choosing not to do it? I’m shocked.

  • EpicMuch@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    23
    arrow-down
    1
    ·
    23 hours ago

    My laptop came with Win11, I’ve removed that drive a few months ago and replaced it with Mint.

    Does this mean MS has my motherboard, WiFi, other hardware identifiers that would still tie that laptop to their database?

    • TeddE@lemmy.world
      link
      fedilink
      English
      arrow-up
      37
      ·
      22 hours ago

      Yup!

      Motherboard, CPU, GPU models and serial numbers. Ram size and speed. Those were used during Windows activation as old as windows 95. But likely yes, a full list of every component connected.

      Your Android phone collects every WiFi network it has ever seen and sends it to Google, so we should assume Microsoft does the same (Android can locate you without GPS by using your neighbors’ WiFi signals as position identifiers, and can triangulate you to a few feet using the relative networks’ signal strengths)

        • msage@programming.dev
          link
          fedilink
          English
          arrow-up
          3
          ·
          14 hours ago

          And if you dont have Pixel, try /e/os, SailfishOS, Mobian, PostmarketOS or anything other than vendor Android.

          • Reygle@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            17 hours ago

            Never knew a google account, so it was known to Google but not to me. … but while on the topic, know of a better option?

            • non_burglar@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              8 hours ago

              so it was known to Google but not to me

              Right, but you can assume google knows the imei and other hardware details, so they can probably link you to your identity on other platforms.

              There is also the baseband issue. It is currently assumed that manufacturers could have access to snoop your LTE/5g and WiFi traffic, because the software running most phone baseband units is closed and not audited.

              So you are probably private, but if you really want a phone with no Big Brother, you should get one from Pine64 or Jolla.

              • Reygle@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                7 hours ago

                I’d love to. I bought an early pinephone and after about a day of trying to make it do basic functions I gave up. I’d LOVE to have a real Linux option but in my experiences so far we’re not there yet. I don’t see a better option than Graphene at the moment- it’s that solid.

                • non_burglar@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  6 hours ago

                  Yes, I agree. We might not have rock-solid solutions, but less google is better.

                  I keep a oneplus 6t just to test Linux phone options.

      • emergencyfood@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        5
        ·
        18 hours ago

        Android phone collects every WiFi network it has ever seen and sends it to Google

        Possibly, but how often do you use WiFi on a phone?

        • AppleMango@lemmy.world
          link
          fedilink
          English
          arrow-up
          12
          ·
          17 hours ago

          Possibly, but how often do you use WiFi on a phone?

          Basically whenever I’m at home or a relative’s house?

        • TeddE@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          ·
          17 hours ago

          Please note: I didn’t say you had to connect to these networks. This happens as a background process unless you do a ritual to shut off location services and actively work to keep it off. Most people do not know/care to do this. And even if it’s off in settings, some apps have the permission to temporarily override this (and will ask you once to grant it such permission and then have that permission for the lifetime of the app). And regardless of which app overrides said setting, Google gets a copy of whatever the background scan finds (for all Android phones that have the Play store installed, which is most of them).

            • TeddE@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              5 hours ago

              I use WiFi at home and friends. I use cellular for work and travel (usually between home and friends). I’m glad you have a simple enough arrangement that it’s worthwhile to manage it by hand.

              Further, in recent versions of Android, factory settings are set to automatically turn WiFi back on if turned off - plus there’s several methods to indirectly turn WiFi back on (https://thedroidguy.com/stop-android-turning-wifi-on-automatically-1261625). This is that dark patterns thing. Getting people to do what you want by being frictionless with your preferred options and ‘polite’ but obstinate about options you wish to steer people away from.

              • emergencyfood@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                1
                ·
                4 hours ago

                I use WiFi at home and friends.

                This is the part I don’t understand. Mobile data would work in your houses too, right?

                Further, in recent versions of Android, factory settings are set to automatically turn WiFi back on if turned off

                I haven’t seen this happen, but I use MIUI (Xiaomi’s Android ROM) which tends to be aggressive in limiting battery use. It will actually cut hotspot if unused for a few minutes.

    • cley_faye@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      22 hours ago

      If it was registered, probably. They use a mixture of that to allow re-enabling the same license on the same hardware.

      • The_Decryptor@aussie.zone
        link
        fedilink
        English
        arrow-up
        1
        ·
        18 hours ago

        OEM systems come with the license key stored in the firmware (ACPI tables specifically), you can read them from *nix easily enough.

        sudo strings /sys/firmware/acpi/tables/MSDM

        If you boot the system and login an account then yeah they’ll be able to link that, but the install itself can “self activate”.

  • the_riviera_kid@lemmy.world
    link
    fedilink
    English
    arrow-up
    47
    arrow-down
    2
    ·
    1 day ago

    The level of naivete to think it’s a good idea using a microsoft account on a microsoft product for your illegal activity is astounding. Especially when you consider the amount of technical knowledge required to do such a thing.

    I legitimately cannot make that connection, Microsoft has never been shy about tracking you or their tight relationship with 3 letter agencies. It doesn’t take a genius to know they are going to snitch, I figured that was a foregone conclusion.

    Kids need to learn about OPSEC.

    • Xerxos@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      15 hours ago

      Then why haven’t we heard about all the criminals (pedophiles, terrorists,…) being caught by Microsoft surveillance? Because they don’t care about the crimes you do. Their tracking is for money making only.

      If I were a criminal I would not bank on it - they might use it for blackmail, too - but for the most part they are not in danger.

    • allywilson@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      15 hours ago

      It mentions this GDID is sent in telemetry. So this guy kept using a hosted proxy, meaning his egress IP was always changing accessing different services, but everytime his Windows 11 machine was sending back telemetry (which included his GDID) they were logging the IP address he was appearing from (the proxy) - so they were able to track and identify him.

      • Honytawk@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 hours ago

        If you use your Microsoft account to login, they have to be able to identify you somehow when you try to authenticate. It is basic usage. Not Telemetry. That is what caught him.

        • Windex007@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 hours ago

          This is where I’m really fuzzy on the mechanics.

          Any authentication is to establish an identity. At what point does that involve getting a unique id associated with an OS installation instance?

          My original question is how the hardware id and ngrok get associated at all.

          So, after getting frustrated and just going to sign up for an account myself, it looks like ngrok has options to sign is as a Google account, or sign in as a github account.

          I’m guessing they picked github, and that’s why Microsoft had any visibility at all on the fact that they accessed a site that isn’t owned by Microsoft.

          It still doesn’t answer the question of how the browser knows this id which is set at the os level. It still begs the question of what github authentication looks like differently between operating systems. Obviously a osx or Linux machine wouldn’t have that id at all. Is it part of the initial authentication request? Is there some kind of challenge and response?

        • Windex007@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          ·
          21 hours ago

          From the article:

          Microsoft’s records showed that at that exact same minute, a Windows device carrying GDID g:6755467234350028 had visited the ngrok signup page.

          Why does Microsoft have a record that includes both the GDID and a web addresses? I am confused by this mechanism.

          • The_Decryptor@aussie.zone
            link
            fedilink
            English
            arrow-up
            2
            ·
            18 hours ago

            Could be using Edge (Account syncing), or using Bing while signed in (Considering they were signing into private accounts while on the VPN, seems possible)

            • Windex007@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              16 hours ago

              This seems the most likely… but still I want clarity on the mechanism. An identifying token defined in the registry is being sent over the wire. That mechanic is pretty substantial, and I’m surprised a bigger fuss hasn’t been made about that. This is pretty far beyond conventional header fingerprinting.

              • The_Decryptor@aussie.zone
                link
                fedilink
                English
                arrow-up
                2
                ·
                15 hours ago

                From other articles I’ve seen (Here’s an example) it was telemetry and cross referencing the IPs used.

                VPNs might help hide from passive identification, but they don’t help when you connect to the same service on your normal and private connections alternatively. The computer equivalent of using both your real name and an alias with the same person, they’ll know who you are.