Peter Stokes, a 19-year-old from Estonia, was arrested and extradited to the United States on charges related to digital crimes, with the FBI using telemetry logs from Microsoft Windows to trace his online activities. These logs included his Global Device Identifier (GDID) and records of websites he visited. Stokes likely had his telemetry settings configured to Optional/Full, which allowed the transmission of URL data. The FBI connected Stokes to his ngrok account and linked his travel records to a New York IP address and a rental at the Empire Hotel, aided by photos he shared. Google and Apple assisted in the investigation by tracing Stokes' phishing phone number back to the same IP address used for his ngrok account. Stokes attempted to obscure his digital footprint using a VPN and other services, but modern digital identification methods made it difficult to remain anonymous.