Or I suppose it's possible that it only sends the domain and not the full URL, but that's enough for the police to go to the hoster and demand logs containing the full URL for said IP.
1. https://www.justice.gov/usao-ndil/media/1450651/dl?inline
Nope. That would be unbelievable but also very well known. It was a Windows software licensing matter, see my post above.
https://www.itpro.com/security/privacy/355029/microsoft-edge...
> Microsoft sends every URL you visit in Edge back to Microsoft servers,
Not the same thing.
While this is Google and not Microsoft it's worth noting that Chrome literally has a telemetry option which sends URLs to Google [2].
Hackers cloaked IP address -> VPN license -> Windows GDID -> Hacker's name.
It 100% reads that they enlisted Microsoft to correlate telemetry data with some known activities, backtracking from that. Barring specific additional data, this should be extraordinarily concerning. Repeatedly the documents cite "Microsoft's records" for the activity - installing ngrok, accessing certain sites, RDP connections, etc.