• Category: Security
  • Status: developing
  • Sources: reverse-engineering write-up, PCMag, HN discussion
  • Summary: A reverse-engineering write-up and PCMag coverage reaching the Hacker News front page on 2026-07-07 (294 points) describe a global device identifier tied to a Windows installation once it is linked to a Microsoft Account. The write-up documents it as a server-assigned 64-bit device Passport Unique ID minted by the Microsoft Account service (wlidsvc.dll) during provisioning against login.live.com, stored in cleartext in the user registry under IdentityCRL\ExtendedProperties, and registered with a Microsoft device-directory service by the Connected Devices Platform. It persists across OS updates, and a fresh reinstall gets a new identifier that reappears on re-registration with the account. Reporting frames it as correlatable with activity and IP history and cites a criminal case where the data was provided to law enforcement. The exact linkage of browsing to the identifier is inferred, not fully documented.
  • Why it matters: A persistent, account-linked device identifier stored in the clear and registered with Microsoft services is a concrete fingerprinting and correlation surface for anyone building or auditing privacy-sensitive Windows deployments.
  • Follow-up: Watch for independent reproduction of the correlation mechanism, any Microsoft statement, and whether the identifier can be disabled without unlinking the account.

Send feedback on this story