The terms refer to "Device Metadata Retrieval Client". The DMD service is part of Microsoft Corporation and is used to exchange system information and metadata with manufacturers. The settings can be disabled via a group policy.
Group Policy Settings |
|
| Computer Configuration\Administrative Templates\System\Device Installation | |
| Prevent device metadata retrieval from the internet | Enabled |
The term GUID stands for "Globally Unique Identifier" and consists of a 128-bit value. A GUID can be created based on the device's MAC address and the timestamp. Since these values can be used (together with other values) to identify individual users, privacy is often compromised.
A SID stands for Security Identifier and is used to identify users and groups in Windows. Each user has a unique SID. The structure of a SID is identical to a GUID (Global Unique Identifier)
Example structure of a SID
S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1000
S = SID identifier
1 = Revision number
5 = Identifier Authority
DomainID
UserIDThe Crypto API often appears in header information as "User-Agent". The full name is "Cryptographic Application Programming Interface" and it is an interface included in Microsoft Windows that allows developers to protect Windows-based applications with cryptography.
A DELETE request is used to delete specific data from the server. It removes the specified records from the database.
GET is used to request content from a source. Parameters are sent in the URL as name-value pairs. An example of this are search engines, where search terms are transmitted as URL parameters. These data are visible in the URL and can be accessed by third parties.
Therefore, sensitive information such as passwords or personal data should never be transmitted via GET requests.
This page also uses GET parameters to transmit data.
:method GET
path: /search/?searchTerm=Glarysoft+Disk+Cleaner
authority: gameindustry.eu
:method GET
path: /?t=ffab&q=Penguins&ia=web
authority: duckduckgo.com
MQTT stands for Message Queuing Telemetry Transport, a protocol for telemetry data to exchange messages between devices despite high latencies or restricted environments. This category includes devices such as Virtual Reality headsets like the Oculus Rift S by Facebook Technologies, LLC., VPN software like NordVPN, mobile phones, in-vehicle systemsand even high-performance computers.
POST is used to send, update, or write content. Parameters are not displayed in the URL. This contrasts with GET.
SDK stands for Software Development Kit - A collection of tools and libraries used for software development.
An UPDATE request is used to modify existing data on the server. It sends new data which replace or modify the existing data.
The HWID (Hardware ID) is a unique identification number that associates specific hardware components of a computer. It is often used to link these components with software licenses or access rights. Examples of an HWID can include the serial number of a processor or the MAC address of a network adapter.
Another application of HWID is in anti-cheat systems used in online games. These systems read the hardware ID of a computer. By associating the HWID with a player profile, anti-cheat software and services ensure that banned players cannot simply create a new account on a different device to bypass the ban.
A MAC address is a unique identifier assigned to network interfaces for communication in a network. It is a 48-bit hexadecimal number, often represented as six pairs of two characters separated by colons.
For example, "00:1A:2B:3C:4D:5E" is a MAC address typically associated with a network device such as a network card or Wi-Fi adapter.
Malware (short for "malicious software") is a general term for software that aims to harm a computer, server, computer network, or the data stored on it. It can also be used to gain unauthorized access, take control of systems, or steal information.
Examples of malware include viruses, worms, trojans, ransomware and spyware.
Phishing is a fraudulent method where attackers attempt to steal sensitive information from internet users through fake websites, emails, or text messages (e.g., SMS).
The goal is to obtain personal information such as passwords, usernames, credit card details, or other sensitive data to commit identity theft, account hijacking, or other fraudulent activities.
Phishing can occur in various ways, such as through fake login pages or deceptive messages that appear to come from trusted sources.
Geo-Blocking or "Regional Lockout" is a simple method used to prevent consumers from shopping internationally or to censor content.
Both governments and private companies like Valve Corporation use this technique to significantly control the population or consumers.
Particularly, news blocks for system-critical content or blocks on copyright-relevant content are increasingly being used. Additionally, VAT can be somewhat controlled through region locks. The following example message is from a page of Valve Corporation.
An error occurred while processing your request
This product is currently not available in your country.
Referer denotes the source from which a visitor comes and is recorded on the target source, e.g., in log files. Normally found on the web, referers are also used in games to reference where and from which product players are assigned. An example would be websites accessed from a game, such as newsletter registrations.
Third-party services like Google Analytics, Hotjar, ADNSX, Mailchimp, or similar are often involved.
Referer: https://duckduckgo.com/
host: https://www.4players.de/Source: Visitor comes from the DuckDuckGo search engine and is now on the 4players homepage.
A sandbox is a self-contained virtual and temporary system. It is excellent for testing untrusted programs, websites, or connections without causing harm to the host system. Typically, all data and actions are deleted or reset upon exiting the sandbox.
Spyware is software that secretly collects data without the user's knowledge or explicit consent. In many cases, such as in certain computer games it involves collecting more data than is necessary for the functionality of the software.
This data can include private information, behavior patterns, or system information and is often shared with third parties or the manufacturer without transparency. It is often combined with adware to serve ads, monitor user behavior, or pursue commercial interests.
The term "snake oil" refers to products or software solutions that supposedly offer a benefit but are, in reality, ineffective. Often, these are useless software or false promises designed solely to deceive consumers and take their money.
The term is a reference to historical "miracle cures" that also promised to heal many ailments, but were actually without any medical effect.
An A/B test is a procedure in which two or more variants of an element (e.g., website designs, colors, call-to-action buttons, or forms) are directly compared to measure their performance. The test determines which version achieves certain goals, such as a higher conversion rate, longer dwell time, or a lower bounce rate.
Microsoft and other companies often implement A/B tests in their own applications, such as in Windows, which collect data without explicit user notification or consent.
Notification to Microsoft with ImpressionID and the user's hardware data at the start of a game. This behavior remains active even if the GameBar is disabled in the Windows settings.
Affiliate marketing is a commission-based system in which a website operator (affiliate) directs consumers to another company (advertiser), such as an online storeand receives compensation when these consumers take a specific action, such as making a purchase or registering.
A common example is the Amazon Partner Program, where affiliates earn commissions for sales generated through their unique partner links. Affiliate marketing can be found in various areas, including websites, newsletters, social networksand even programs or statistics.
Another example: Malwarebytes offers its own affiliate program, where partners also earn commissions when they direct users to Malwarebytes' sales platformand these users make a purchase.
Analytics refers to the process of collecting, analyzingand evaluating data to gain insights into user behavior, hardware and software usage, as well as their interests and decisions.
The collected data can cover a wide range, from simple interactions like clicks on a website to more complex information such as user preferences or payment details.
Especially regarding sensitive data, which is subject to specific legal requirements, datasets are often collected in products for which users have not explicitly given consent for collection and processing.
ASO (App Store Optimization) refers to the analysis and optimization of factors that affect the ranking, visibilityand revenue of apps on primary distribution platforms. This includes the analysis of reviews, user feedback, keywordsand the app description. The goal is to improve the app's discoverability and attractiveness to generate more downloads and increase the conversion rate.
ASO is mainly used for platforms like the Apple iOS App Store, the Google Play Storeand other app marketplaces like BlackBerry World, but also on platforms such as Valve's Steam or other digital distribution platforms that offer apps or games.
Big Data refers to the rapid collection, storage, processingand analysis of large and complex datasets that cannot be efficiently handled by conventional data processing technologies.
Big Data involves the use of advanced technologies to visualize, queryand extract data from various sources to identify patterns, trendsand relationships. Big Data is often used in areas such as business, research, medicineand social media.
A Correlation ID is a unique identifier, often in the form of a GUID (Globally Unique Identifier), used to track related requests or events from users across different platforms and devices.
A Data Warehouse (DWH) is a system that manages large amounts of raw data from various sources and consolidates it into a consistent repository. The goal is to provide data for long-term storage and analysis.
A Data Warehouse is often used for comparative analysis and predictive analytics to identify patterns and trends.
Larger companies often use an Enterprise Data Warehouse (EDW), which is specifically tailored to enterprise-wide data requirements.
When tracking users across platforms, a distinction is made between deterministic and probabilistic tracking:
Deterministic tracking is based on unique and reliable data, such as IPv4 addresses, device names, or login events, to accurately and uniquely track users across different devices. This model allows precise user identification.
Probabilistic tracking, on the other hand, does not use personal data. Instead, calculations are made based on anonymized profiles and, for example, pseudo-anonymized IP addresses. This model is less precise but offers a way to analyze users without direct identification.
Funnel Analytics refers to the mapping and analysis of a series of events or actions that are intended to lead to a defined goal. In online advertising, this could be the path of a user from an offer to a purchase.
In other contexts, such as mobile apps or e-commerce platforms, the funnel often begins with the user's first engagement (e.g., opening the app) and ends with a desired action, such as a purchase or conversion. Funnel analysis helps identify the steps where users drop off, optimize processesand increase the conversion rate.
Geodata collection refers to the gathering of position data from users. Geodata can include information such as country, country code, city, postal codeand precise GPS data (latitude and longitude, often accurate to the meter). It also includes data like the user's IP address. This data collection is often combined with additional information such as the user's preferred currency and language.
Geodata collection is used for movement profiles, user profile creation, personalized advertising, or analysis of shopping behavior.
Geodata collection is also present in computer games and regular software, where mechanisms for geodata capture can often be found in collected datasets.
'city': 'Tallinn',
'country': 'Estonia',
'countryCode': 'EE',
'state': 'Harjumaa',
'stateCode': '37',
'latitude': '59.4339', 'longitude': '24.7281',
'continentCode': 'EU',
'connectionDetails'
{
'isp': 'Tele2 SWIPnet',
'connectionType': 'CABLE_DSL',
'autonomousSystemNumber': '1257',
'autonomousSystemOrg': 'TELE2'
},
'ipHash': '328319e0dc5b30685afaa526ec5a3534',
'classC': '95.153.32',
'ip': '95.153.32.132'A heatmap is a visual representation of data in which different user actions, such as clicks, scrolling behavior, or mouse movements, on a website or in an application are displayed with varying color gradients.
Similar to a thermal camera, a heatmap shows which areas are used most frequently or intensely by highlighting them with "warmer" colors (e.g., red or yellow).
This method is used to visualize movement patterns and analyze how users interact with a website, program or game.
The term obfuscation refers to the process of code obfuscation in software development. This involves transforming the source code of an application in such a way that it becomes difficult for humans to understand, while the functionality of the code remains unchanged for the computer. The goal of obfuscation is to protect the code from reverse engineering, unauthorized access or misuse.
Prebid is an open-source technology for online advertising based on the concept of header bidding. It allows website operators to auction ad spaces on their page simultaneously to multiple ad networks, enabling them to achieve the highest possible price for these spaces. Prebid conducts an auction before the actual ad request, so the highest bidder wins the space.
As a result, Prebid helps maximize the revenue of website operators. In return, users have to put up with dealing with up to 1600 advertising partners on one website.
Tracking, as an umbrella term, refers to the monitoring and collection of user activities. This can be done either on a specific website or app, or across different platforms. The goal of tracking is to gather data about user behavior, such as clicks, page views, or interactions. Tracking can be implemented in various ways. Examples include tracking cookies and fingerprints.
A tracking cookie is a fundamental element of online monitoring and data processing. They are used to track user activities, enable personalization, or conduct targeted advertising. In affiliate marketing, tracking cookies are used to identify the origin of visitors to a campaign and attribute actions such as clicks or purchases to a specific affiliate partner.
Tracking cookies are also used to create user profiles by collecting and consolidating information about preferences, interestsand behaviors. In combination with geodata collection, location data such as country, city and IP address can also be collected. For example for targeted advertising.
UUID (Universally Unique Identifier) is a standardized 128-bit value used to uniquely identify objects, users, or systems.
Unlike GUID (Globally Unique Identifier), which is also considered globally unique, a UUID is usually represented as a 32-character hexadecimal value, divided into five groups (8-4-4-4-12 characters). A UUID remains unique and constant, even if other attributes of a system or user, such as IP address, email address, or username will change.
The UUID is often used to ensure consistent identification across different systems or platforms.
Example of a UUID: 125863e1-h19g-d736-731a-683693820012The User-Agent is part of the information transmitted by an application, especially a web browser, to a web server. The User-Agent serves as an identification feature and is often used to distinguish users from bots or automated systems.
Typical attributes of a User-Agent include information about the web browser being used (e.g., Chrome, Firefox), the operating system (e.g., Windows, macOS, Android), language settingsand possibly details about other relevant programs or plugins installed on the user's device.
User-Agent of Pale Moon
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.9) Gecko/20100101 Goanna/4.3 Firefox/60.9 PaleMoon/28.6.1
User-Agent of Tor Browser
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0
User-Agent of Vivaldi
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.78 Safari/537.36 Vivaldi/2.8.1664.35
User-Agent of Mozilla Firefox
Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
User-Agent of Steam Browser
Mozilla/5.0 (Windows; U; Windows NT 10.0; en-US; Valve Steam Tenfoot/1568941497; ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36
User-Agent of Microsoft Edge
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362
