Here in the age of endless surveillance scandals, you'd think we'd be past the shock of Big Tech embedding unkillable identifiers deep into our devices. But Microsoft has managed to raise the bar once again. Way to go globo Bill!

A recent court filing in the United States has pulled back the curtain on something called the Global Device Identifier (GDID), a secret 64-bit string quietly stamped onto every Windows installation. It's persistent. It survives OS updates. And crucially, a VPN does absolutely nothing to hide it.

What is the GDID?

According to documents from a federal case involving a cybercriminal (who thought rotating VPNs, proxies, and international hops would keep him anonymous), Microsoft's telemetry logged the same GDID across different countries, IPs, and services. The FBI used it to connect the dots.

This isn't some optional diagnostic tool. It's baked into Windows at the operating system level. Every one of the roughly 1.6 billion Windows users has one, whether they know it or not. There is no user-facing switch to disable it. No prominent privacy setting. No transparency page explaining exactly what it tracks or who it gets shared with.

Microsoft only acknowledged its existence when forced to in legal proceedings. That should tell you everything.

The Sinister Potential for Abuse

Here's where it gets dark.

This isn't just a convenient way for Microsoft to "improve your experience" or help law enforcement catch bad guys. A unique, hardware/software-tied identifier that cannot be easily changed or masked creates a de facto digital fingerprint for mass surveillance.

Governments love this stuff. Authoritarian regimes (and even "democratic" ones with expansive national security powers) can now pressure Microsoft for user data tied to a GDID. Want to know who was browsing certain sites, using certain apps, or accessing certain services, even while hiding behind a VPN? Easy. Correlate the GDID with telemetry, login records, OneDrive syncs, or Microsoft account activity.

Think about it:

Political dissidents or journalists in repressive countries using Windows? Their device is now more traceable than ever.

Activists organising protests? That "anonymous" account they used from a VPN-protected Windows machine just got a lot less anonymous.

Everyday users concerned about corporate or government overreach? Too bad: your machine has a permanent serial number Microsoft controls.

And because it's tied at the OS level, even privacy-conscious users who wipe their machines, use Linux dual-boots, or run virtual machines may find linkage through Microsoft account reactivation, telemetry remnants, or cloud services.

This isn't a Bug, It's a Feature of Modern Computing

We've seen this pattern before: "For your safety and convenience," tech giants centralise control and data. Then they act surprised (or stay silent) when the inevitable abuse surfaces.

Recall controversies around hardware identifiers like Intel ME, TPM chips, or smartphone advertising IDs, all sold as security features that quietly enable tracking. The GDID fits perfectly into this ecosystem. Combined with Windows 11's aggressive telemetry, Recall controversy, and deep integration with Microsoft accounts, it paints a picture of an operating system that phones home far more than users realize.

A VPN protects your IP address from websites. It does not protect you from the operating system itself acting as an informant.

What Can You Do? Suggestions from the Internet:

Short of switching to Linux (increasingly attractive for privacy-conscious users), options are limited:

Minimise Microsoft account usage.

Disable as much telemetry as possible through Group Policy / Registry tweaks (though this won't kill the GDID).

Consider full OS reinstalls strategically (it resets on clean install, but relinking is easy).

Use privacy-focused tools and compartmentalise activity.

But the deeper issue remains: trust. Why should we trust a company with this level of hidden power over our devices?

Microsoft's Global Device Identifier is a stark reminder that in 2026, "your computer" isn't really yours. It's a node in a vast, always-on surveillance mesh, one that laughs at VPNs and operates with minimal accountability.

The question isn't whether this power will be abused. History shows it will. The real question is how long users will tolerate being treated as suspects in their own machines.

In the meantime turn to Linux Mint or Fedora, and bypass Bill Gates entirely, if you want. While I have no proof, my guess is that there is a bug in everything somewhere.

https://reclaimthenet.org/microsoft-stamped-a-secret-number-in-your-windows-pc-a-vpn-cant-hide-it