Windows GDID Raises Privacy Concerns Over Persistent Device Tracking
Microsoft’s Global Device Identifier, or GDID, can identify the same Windows installation across different networks, IP addresses, and Microsoft services.
The persistent device identifier recently appeared in a US federal complaint involving an alleged hacker who used VPN and proxy connections. According to Windows Latest, investigators used Microsoft’s GDID records to connect activity from the same Windows device across several countries.
What is Microsoft’s GDID?
A GDID identifies a particular Windows installation on a physical computer or virtual machine.
The identifier survives regular Windows updates. However, a clean Windows installation generates a new GDID. A single Microsoft account can therefore collect multiple identifiers over time.
When someone connects Windows to a Microsoft account, Microsoft’s account service reportedly assigns the installation a server-generated identifier. Windows stores the value in the registry under the user’s identity settings.
The Connected Devices Platform can then register it with Microsoft’s device services. Delivery Optimization may also send the identifier to Microsoft through update-related diagnostic data.
As a result, Microsoft can recognize the same Windows installation even after its public IP address changes.
Investigators reportedly tracked a Windows device through its GDID
US investigators were examining a May 2025 data breach connected to an ngrok account created through a VPN address.
The VPN address did not directly reveal the suspect’s identity. However, Microsoft’s records allegedly showed that a Windows device carrying the same GDID visited both the ngrok registration page and the victim’s website during the relevant period.
Investigators then compared the GDID with other information, including IP addresses, travel locations, social media activity, Apple accounts, gaming logins, and hotel visits.
The identifier remained linked to the same Windows installation as the device moved between networks and countries. This gave investigators a more consistent data point than a VPN or proxy address, which can change frequently.
The allegations remain part of a criminal complaint and do not represent a conviction.
GDID raises transparency and privacy questions
Windows users do not receive a dedicated consent prompt that clearly explains when Microsoft creates or transmits a GDID.
Microsoft has also published little consumer-facing information about the identifier. Users have limited visibility into which services collect it and how Microsoft associates it with account activity.
Reinstalling Windows may generate a different GDID. However, signing back into the same Microsoft account could allow Microsoft to connect the new installation with previous devices and account records.
The identifier reportedly supports services connected to Windows activation, Microsoft Store access, account identity, cross-device features, and Delivery Optimization. Completely blocking it could interfere with some Windows services.
How Windows users can reduce data collection
Users can limit some optional data sharing by using a local Windows account where practical.
They can also disable optional diagnostic data through Settings > Privacy & security > Diagnostics & feedback. Turning off personalized advertising, app-launch tracking, and cloud-based Windows Search features may further reduce information sent to Microsoft.
These changes do not guarantee that Microsoft can no longer identify a Windows installation. Turning off optional telemetry does not necessarily remove the underlying GDID.
In other Windows news, Windows didn’t lose 28% of its desktop market share in two months despite earlier reports. Microsoft is also experimenting with deeper Phone Link integration throughout the Windows 11 interface, along with a new Copilot PC Insights feature.
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
User forum
0 messages