Microsoft has confirmed the existence of the Global Device Identifier (GDID), a unique identifier assigned to Windows installations, in a federal complaint against an alleged member of the Scattered Spider hacking group. The GDID is generated when a Windows system is set up with a Microsoft Account and remains active through various Windows updates. Disabling the GDID could disrupt Windows activation and access to Microsoft Store applications. The GDID is described as "a persistent, device-level identifier designed to uniquely identify an installation of a Windows operating system on a device." It is created during the provisioning of Windows with a Microsoft Account and is stored in the Windows registry under HKCUSOFTWAREMicrosoftIdentityCRLExtendedProperties. The GDID remains persistent through Windows updates but is not retained after a clean reinstall. A single user can possess multiple GDIDs linked through their account, OneDrive, and activation history. The FBI used the GDID to track Peter Stokes, an alleged member of the Scattered Spider group, across various VPN connections and proxy servers. The GDID was recorded visiting specific websites and was linked to Stokes's accounts on platforms like Snapchat and Facebook. Concerns have been raised regarding user privacy, as the GDID is assigned without user consent and cannot be disabled without compromising essential Windows features. Microsoft has not committed to providing user-facing controls or comprehensive documentation for everyday users regarding the GDID. Legal requests can compel Microsoft to disclose GDID activity data to law enforcement. The GDID is linked to the Microsoft Account rather than the device itself, meaning reinstalling the operating system does not sever this connection.