I don't know why the MSI laptop shows that. That means they are not following the DMI standard. This is not good if MSI is not following this. Imagine all MSI laptop have the same UUID (the UU stands for Universally Unique), it also presents a security problem in how a machine can be identified (or even controlled!).

Anyway, this issue you raised does not appear to be a VMware issue. It is merely VMware conforming to the DMTF standards. The association with your online account, Microsoft store is really up to Microsoft and not VMware. If you installed Linux VM (just as an example, not a suggestion), you would not have this association even if you create the same machine name.

@bluefirestorm  I think that MSI is doing great by protecting its users privacy removing the UUID and Serial numbers. Kudos for MSI

On topics: VMWare should generate uuid.bios randomly and VMWare should make an option to remove the uuid.bios for more privacy! Please read reply #18!

I think I already replied to #18.

It is because you answered "I moved it" and it didn't generate a new UUID. I don't know how more random/unique you can go with 32 hexadecimal digits. You were fiddling with the vmx text file but if your VM was using virtual EFI, I think the UUID would already stored in the nvram. Of course some of the algorithm might depend on your host machine. It has to somehow guarantee that it is unique as well; otherwise the risk of clashing UUIDs between a 40yo Norwegian man named Jen and a teenaged female college student named in Jen in California who happen to have the same MSI laptop would be much higher.

I think part of the problem could be the MSI laptop is not having a UUID itself (or not letting the UUID be known).

The fact that you used an online Microsoft account created all these association problem and therefore it is not a VMware issue. Going back to the Linux VM example, such problem does not exist (I am not aware a distro that requires online account login). Same with Apple macOS VM running on VMware Fusion, so long as I don't sign in with Apple ID, the macOS VM is not associated with the Apple ID.

What you could try is to deactivate the device from the Microsoft online account instead of fiddling with the vmx UUID. You could copy a VM and then say "I copied it" and it will generate a new UUID. You might have a different result as well with the Asus laptop as it shows a UUID instead of the MSI laptop showing a fixed value. Since it showed a lot of hexadecimal F that means there is a lot of 1s and no randomness to its own pattern. You don't mention which version of Windows 10/11 release (21H1 or 20H1 makes a difference) you used and whether it allowed you to bypass using an online account.

Bias?

I’m trying to articulate that I believe this is more about how Microsoft recognise a Windows installation than anything which VMware have a direct responsibility for.

As you are using terms such as “fingerprint” and “tracking” without being clear as to what you actually mean, I’ll leave you to argue with everyone else who is trying to help you.

@scott28tt  A "virtual" machine should provide more privacy than the physical, I think it is not good for VMWare to be not able to provide this. Even hashing the UUID.bios from the VM name is privacy risk, it should be randomized

@bluefirestorm  I believe you didn't get what I wrote in reply #18, it could be my english!, UUID.location has nothing to do with it. Moved it has nothing to do with the UUID.bios. And again I am NOT using an online account, it is an offline local account

It is just the UUID.bios and it is associated with VM name.

It is Easter Sunday (probably still where you are), so this might be an appropriate and faster way of creating many VMs and see how random the UUIDs are. This involves creating the Pong Easter egg VM.

Open Player application, press Ctrl-Alt-Shift simultaneously and then select using mouse/trackpad Player -> File menu, and you should see "New Paschal Ovum VM". It is a very small VM wherein you can play Pong and you can easily create half a dozen or so VMs very quickly. When the Pong VM is created, the uuid.bios is not yet generated but once you power the Paschal Ovum VMs, the UUID will be generated and you will see how random the uuid.bios is. You should see "Paschal Ovum buffy" or "Paschal Ovum willow" and sequential numbers before buffy or willow since there will be more than 1.

I do not know the VMware UUID random value generator and I am not an expert in random number generation; but just relying on my basic understanding of random number generation. Not only the UUID.bios of has to be random, it will also have to be high probability of uniqueness. So using something as common as time of day may also result in repeated UUIDs; so some other UUID might be used as an input (such as the UUID of the host machine).

As I stated earlier, if the random generation involves using the UUID of the host machine itself (possibly to form a seed a number), this number itself is not so random (as shown in the screenshot of the MSI laptop), I don't think you can expect a very random UUID for the VMs as well.

@bluefirestorm  Please read all my replies again and the OP (slowly)

jen2,

Maybe you should also read my reply slowly.

All I read is that you duplicate a VM (renamed the VM inside the OS) and retained the same UUID.BIOS. So that same UUID.BIOS as far as Microsoft is concerned would be same machine that you created before. Whether or not you had used this VM before in an online account scenario, you don't say. Except that jumped to a conclusion there is a VMware security flaw.

If you had used this VM before with an online account, this VM is already remembered/registered with Microsoft with the online account.

That's when you try to edit the uuid.bios value in the vmx. But you answered "I moved it" so no new UUID.BIOS would be generated.

@bluefirestorm  I did nothing from the things you keep describing and claiming that I did, I am not sure if it is a language barrier or a prejudice, but I can't reply you when you keep saying that I am doing things that I have never done.

@scott28tt  I already stated in the reply #18 and I will quote myself"Microsoft uses the uuid.bios to identify PCs, which I think it is not a good reputation for Microsoft" But in this case it is VMWare obligation to provide an option so the users can protect their privacy. The problem there is no way to contact VMWare other than reporting in this forum.

jen2,

I will put it down to language barrier/lost in translation. I am not accusing you of doing anything.

It is quite possible that the VM was unintentionally/unknowingly linked to an online account. My example earlier is with the Office 365, once you install Office 365 on a VM, that VM becomes registered with Microsoft with the online account that was used to install Office 365.

You could check if any of your online account(s) has registered a VMware VM.

http://account.microsoft.com/devices

What I see in mine that is linked to the Office 365, and it has the VMware VM OS name and serial number displayed. I don't know what the consequences are for removing a device from an account (I am not ready to find out myself). But not all Windows 10/11 VMs will be registered with Microsoft.

I don't think what you are asking for VMware provide an option to somehow block these information (serial number, uuid.bios) from any OS (whether Windows, Linux, macOS) or any software application that requires per-machine licensing enforcement without hardware dongles would be feasible. You might as well use a VM/PC that is never online to the internet.

I think I will stop replying to this thread now.

@bluefirestorm 

• I have never duplicated any machine
• It has nothing to with "I moved it"
• I have never created any online account, or logged in to an an count.
• All the tests were using an offline local account
• I just created a VM, deleted the VM, create another VM with the same name.
• The UUID.bios is the same when creating VMs with the same name, which contradicts the "unique" part in UUID
• It is a huge VMware privacy flaw, as it doesn't generate an unique UUID for machines.

Can I ask VMWare for adding an option to remove the uuid.bios? the answer is resounding yes (it is optional)

Will VMWare do it? Most likely NOT even if they read this thread.

Only users who are concerned about privacy will agree with me. But from what I saw from this forum that VMWare never listen to its customers. I am not surprised so many are abandoning VMWare software although it has been super fast compared to other virtualization software.

I have tested Virtual Box and Microsoft hyper-v and I can say with absolute certainty that VMWare is much much faster and more stable.

A way to go around this flaw in VMWare is to create VMs with unique names every time.

I assumed you understand the basics of random number generation (which is likely how uuid.bios is generated). I really doubt the uuid.bios can be removed. It is a DMTF SMBIOS standard. Every system vendor/BIOS maker should conform and be aware of that standard. Are we going back to the days of every system vendor/manufacturer software maker does their own thing?

If the problem is the UUID.bios is not unique, I suggest you try the Paschal Ovum VM test I suggested earlier. I already mentioned that since the MSI laptop UUID itself is not so random, if that is used as input to generate the VM uuid.bios, you will likely not get a very random and unique uuid.bios either.

Anyway, this thread is really going nowhere.

Yeah! It was a standard in the church to burn anyone to a stick  just for saying the earth is orbiting (revolves) the sun, or the solar system did exist! Giordano Bruno, Nicolaus Copernicus and Galileo Galilei will big to differ!


As long as we are still close-minded and no have options to choose what we believe in we will never develop!

@bluefirestorm  And BTW secure boot is a standard and it is optional!

I am not sure why you want to force people to do things you feel that you are forced to! If you feel like a robot and you have to follow standards, even though they are optional, don't force other users to do so.

Let me make it easy for you to understand! USB is a standard port, but yet you are not forced to use USB, it is there, but you have the option to use it or not!

Standards can be disabled and they are not forced bios options! Standard means they should be there but not are forced to be enabled.

@Anon2077  I think you are so funny! Microsoft spies on us? That is the funniest thing I heard today! Do you think I am a spy agent working against the US?

Microsoft doesn't spy on anyone, it is illegal, they collect data and they have to declare what they collect in their privacy policy and what it is used for.

DO NSA, CIA and FBI have access and maybe backdoors to both MS and Linux, I think yes and i believe it is good, and I hope they will use it to stop a possible terror attacks against innocents, but can they can not spy on billions of people, and I am 100% sure they are not interested in spying on me.

The only reason I do care about privacy so much is from old experiences! 10 years ago I am like so what, lets them take my mail. phone number, search and purchase history, they will help me for sure, and guess what, I am getting till now hundreds of junk mails and used to get phone calls, I had to change my number and make another mail for work only.

Microsft became more like google, and will track your habits to target you, I am really hoping it is not the case with VMWare, I am hoping that VMWare cares about its users privacy, although they enable all cookies by defaults (I disable them every time I visit VMWare, they doesn't even remember that I disabled them), which makes me believe that VMWare is forcing uuid.bios purposely to track users, I hope I am wrong, maybe @scott28tt  can articulate why VMWare enable tracking cookies by defaults to the contrary to all other sites.

Can VMWare provide more privacy to its users? Yes it can.

Will VMware do it? No, as from what I noticed here, VMWare doesn't listen to its users.

I am just giving some ideas as I have reported bugs before but they were not fixed, although they could be fixed easily!

In summery, I just want my private life to be respected.

I'm 1 of nearly 40,000 VMware employees, and as per my signature I post here in a personal capacity rather than an official one, I'm not here to "listen to users", this is a community where users help users, if you really want to connect with product owners the most I can do is tag @Mikero 

I have nothing more to add to this thread.