Windows 11 Has a Hidden Tracker – Here’s How to Limit It

A 64-bit Windows device ID helped the FBI track a suspect across three countries, yet Microsoft offers users no way to disable it

Nikshep Myle Avatar
Nikshep Myle Avatar

By

Image: Gadget Review

Key Takeaways

Key Takeaways

  • Windows 11’s Global Device Identifier persists across updates, tracking all 1.6 billion users invisibly.
  • Removing GDID breaks Windows activation entirely, leaving users with no opt-out option.
  • VPNs fail to block Microsoft from logging GDID-linked browsing activity at the OS level.

Peter Stokes allegedly used VPNs, ngrok tunnels, and rotating IPs across Estonia, New York, and Thailand to cover his tracks during a luxury retailer breach. None of it mattered. The FBI subpoenaed Microsoft’s telemetry and found a single 64-bit string — g:6755467234350028 — that followed his Windows install everywhere, according to PCMag’s reporting on the DOJ complaint. That identifier is called a Global Device Identifier. It exists on his machine the same way it exists on yours. Most of Windows’ 1.6 billion users had never heard of it before court documents named it, raising fresh concerns about secretly tracking users at the OS level.

What GDID Actually Does – And Why There’s No Off Switch

Court records show GDID persists across Microsoft services with no user-facing controls.

The DOJ complaint describes GDID as “a persistent, device-level identifier designed to uniquely identify an installation of a Windows operating system on a device.” It survives OS updates but resets on a full reinstall. Reinstall and sign back into the same Microsoft Account, though, and activation records plus OneDrive sync can reasonably re-link you, according to privacy community analysis via PrivacyGuides.

Disabling GDID isn’t an option. The activation scripting community Massgrave concluded, via Cybernews, that removing it breaks Windows activation and UWP apps entirely. Before this case surfaced it publicly, Microsoft had documented GDID in exactly one obscure Azure Monitor schema reference — not in any consumer-facing privacy material.

There is no toggle. Not even a buried one.

You can’t remove the fingerprint, but you can reduce what gets tied to it:

  • Use a local account. Skip the Microsoft Account login during setup. Signing into an MSA enriches the identity graph connecting GDID to OneDrive, Outlook, Xbox, and more.
  • Minimize diagnostic telemetry. Go to Settings > Privacy & security > Diagnostics & feedback. Set data collection to minimum and disable “Send optional diagnostic data.”
  • Cut Activity history and swap your browser. Turn off Activity history under Privacy & security — Phone Link and cloud clipboard stop working, but cross-device timeline logging drops with them. For sensitive browsing, skip Edge; community analyses suggest it feeds URL-level data into Microsoft logs linked to GDID. Firefox or a hardened Chromium build with no MSA login works better here.
  • Reinstall carefully. A clean reinstall generates a new GDID, but only creates real separation if you avoid re-linking the same Microsoft Account on the same hardware. If you run into computer problems during this process, dedicated troubleshooting resources can help.

The VPN Problem Nobody Told You About

Relying on a VPN for privacy on Windows is like wearing a mask in a store that already scanned your fingerprint at the door.

VPNs hide your IP from destination sites. They do nothing to stop Microsoft from logging GDID-plus-IP-plus-URL combinations at the OS level. In the Stokes case, the same GDID appeared accessing his Apple, Facebook, and Snapchat accounts across multiple countries, correlating with travel photos he posted publicly — according to Tom’s Hardware and Cybernews reporting on the complaint.

Privacy researchers describe GDID as behaving “more like a covert tracking beacon than a typical advertising ID,” per PrivacyGuides forum discussion. For journalists, activists, or anyone with a serious threat model, the guidance from security researchers is pointed: don’t use Windows for sensitive work — especially given how a purpose-built surveillance app can compound these risks. Linux doesn’t run a closed, vendor-controlled device ID feeding a proprietary cloud telemetry graph.

Apple and Google at least expose user-facing resets for advertising identifiers. Windows offers nothing equivalent for GDID. For most people, that’s an uncomfortable reality to sit with. For anyone facing real risk, it may be reason enough to reconsider the platform entirely.

Share this

At Gadget Review, our guides, reviews, and news are driven by thorough human expertise and use our Trust Rating system and the True Score. AI assists in refining our editorial process, ensuring that every article is engaging, clear and succinct. See how we write our content here →