Does Microsoft track Windows devices?

[IamDavid]

I recently had my tablet stolen (or I just lost it) and it got me wondering, in the event of a lost or stolen windows activated device can Microsoft trace or track the device? I'm not talking about the "Find my device" option that users must enable and tie to a microsoft account, I'm talking about a deeper method of tracking.When contacting Microsoft and reading different posts on their help forums I'm a little lost since everything points towards they cant. I don't believe that to be truthful or accurate.

If I have a windows device and I reformat the drive and reinstall windows 10 I'm not asked to enter a product key, the process is not taken care of via authentication once fully installed. If this is the case that means Microsoft must have a database of all windows devices. This database wouldn't only contain the microsoft account associated with the install but an actual hardware identifier... So, if Microsoft does have this database than why wouldn't they be able to simply identify the IP address associated with the device? I'm sure everytime the WIndows Update runs it validates the device is the authorized for the install.

BY the way, I'm not looking at this as a conspiracy theory or thinking Microsoft should be helping out law enforcement, it's more of general curiosity.

 

[dave_the_nerd]

1) The product key embedded in the BIOS is basically like the old Windows serial numbers - MS sells a million of them to HP, Dell, whatever, and doesn't know what happens to them after that. They don't (can't) differentiate between a device that you bought and own, a device that you bought and sold me and I own, or a device that you bought and I stole from you.

1b) Also, Microsoft doesn't keep a list of keys. Keys are generated based on a proprietary algorithm: legit keys work, non-legit keys don't. Microsoft has no reason to keep a database of them, because:

2) Windows gets "activated" by that key. But then the key is irrelevant, because Windows "knows" it is activated. It's not re-activating itself every time you boot.

3) Nerd complaints to the contrary, Windows Update doesn't give all that much information to Microsoft - and, by design, is omitting most of the information that could be used to ID a user, including the hardware ID that activated Windows. In a nontechnical sense, this is basically what happens:

Microsoft: "Are you an activated Windows install?"
Device: "Yes! Also, here is a list of every website I have been to and which advertisements my users clicked on!"
Microsoft: "Thank You. Here are some updates."

(This is why Cracktivation works.)

4) An IP address isn't all that useful - if somebody is interested in being nefarious they'll mask it with a VPN or something, and if you're the kind of person who steals or buys stolen tablets, chances are pretty good you're leeching WiFi from your neighbor or using Starbucks/McDonald's free wifi anyway.

 

[IamDavid]

Thanks Dave, how does Microsoft "know" what device is tied to each install then? If I take Windows 10 and try installing it on a new device it'll say its already installed on another won't it? 1 license per device implies to me that Microsoft has to have a way to cross check?

 

[XavierMace]

1b) Also, Microsoft doesn't keep a list of keys. Keys are generated based on a proprietary algorithm: legit keys work, non-legit keys don't. Microsoft has no reason to keep a database of them, because:

If that's the case, how are keys blacklisted after the fact?

 

[lxskllr]

tl;dr
You get the worst of both worlds. You're spied on(don't think for a second MS data can't tell exactly who you are), but you get no benefit from it. The only people who know who/where you are is MS and the government. They don't care that your machine walked away. You can buy a new one, and give MS more money.

 

[dave_the_nerd]

If that's the case, how are keys blacklisted after the fact?

If Microsoft has been blacklisting devices with hard-coded Windows IDs, that'd be news to me.

In the old days they probably just had a hard-coded blacklist. It was the same 20-30 VLK keys floating around the warez sites that were like 90% of the Windows installations in China, that sort of thing.

Thanks Dave, how does Microsoft "know" what device is tied to each install then? If I take Windows 10 and try installing it on a new device it'll say its already installed on another won't it? 1 license per device implies to me that Microsoft has to have a way to cross check?

Honestly? No clue. Do an install on a new advice, and follow the directions to activate it over the phone. If they need your serial number, then I'm full of poop.

But the last time I did it, Windows generated some other string of garbage that I had to read off instead, not my Windows serial number.

 

[XavierMace]

If Microsoft has been blacklisting devices with hard-coded Windows IDs, that'd be news to me.

In the old days they probably just had a hard-coded blacklist. It was the same 20-30 VLK keys floating around the warez sites that were like 90% of the Windows installations in China, that sort of thing.

Even if they don't blacklist the keys, they still need to track them otherwise what are they checking activation's against? It's no different than the old OEM keys, except it's stored in the BIOS's ACPI table instead of on a sticker. It's not that hard to pull the key from the ACPI table.

 

[JackMDS]

Contact MS Support and ask them if they can Disable the Activation on the Device.

If they can (which I doubt) the Thieve would not be able to use it.