Windows GDID Can Expose Users Even When Using VPNs, Report Claims
A digital identifier known as the GDID (Global Device Identifier) on Windows operating systems can reportedly expose users to law enforcement, even when they are using VPNs to mask their online activity. This identifier is carried by Windows devices constantly and can be provided to authorities by Microsoft upon request. The issue came to light when the FBI apprehended a suspected member of the Scattered Spider hacking group in April 2026. The individual was attempting to conceal their network traffic by routing it through VPNs with IP addresses in three different countries. However, it was not a technical misstep that led to their capture, but rather the GDID. The author of the report previously discussed the GDID in an earlier article and subsequently investigated whether this identifier could be removed from Windows devices.
The reported vulnerability of the Windows GDID highlights a persistent tension between user privacy and law enforcement access to digital information. While the GDID may offer a valuable tool for investigations, its ability to circumvent privacy measures like VPNs raises significant questions about data governance and user consent. As digital tracking mechanisms become more sophisticated, the need for transparent policies regarding data collection and sharing by major technology providers like Microsoft becomes paramount. Users should be afforded greater clarity and control over such identifiers to maintain their expected levels of privacy in an increasingly connected world.
AI-generated to prompt reflection — not editorial opinion, not advice, not a statement of fact. How this works.