Why Does Skype Read the BIOS?

pfp writes "Myria at pagetable.com, among others, noticed that Skype reads the machine's BIOS code on startup. This probably would've gone unnoticed if the operation didn't fail on 64-bit windows. From the post: 'It's dumping your system BIOS, which usually includes your motherboard's serial number, and pipes it to the Skype application. I have no idea what they're using it for, or whether they send anything to their servers, but I bet whatever they're doing is no good given their track record... If they hadn't been ignorant of Win64's lack of NTVDM, nobody would've noticed this happening.'"

About figures

[TopSpin]

Wouldn't it be nice of the Operating System helped you protect it from intrusive applications? No, you don't get to silently spam half baked crap into /etc/rc.d/init.d just because the you actually need sufficient privilege to do some other thing on install. No, my registry is NOT a free-for-all; you get to put just what you need in there and not go on a fishing expedition or 'fix' stuff you're not compatible with. No, the BIOS isn't for you because you're just a VOIP app and have no business whatsoever mucking around with the nonvolatile CMOS I need to boot. No, I don't need a fourth JVM crammed into my PATH, thanks.

Vendors would be forced to detail the mucking around they do, probably leading to much less mucking around in general. Indifferent users could just do what they always do and bang on the 'accept/yes/ok' widgets. Those of us who know enough to care (or get paid to) would then have an actual chance.

Too much to ask I guess.

Re:Processor info?

[repvik]

Reading your BIOS to determine CPU ain't gonna be useful. I doubt any BIOSes store info on which CPU is on the board. Especially since there's easy ways to identify the CPU. I bet windows has a syscall that gives you CPU information.

Go to the source

[ZX3+Junglist]

Has anyone asked them for their explanation? I feel now would be a good time for them to exercise their right to tell us why they do this.
Might I suggest mailto:info@skype.net

I would do so I myself, but I assume there's a paying Skype user here who would garner a bit more attention than I would.

Re:Here's a question for you....

[Ash-Fox]

I once read somewhere that the only identifying information that you could legally acquire, being installed on someone's computer, was MAC, IP, and Nickname. Anything else (Pentium 3 fiasco, anyone?) constituted a breach of privacy.

I doubt it. Besides, one can change their Mac address, IP address and 'Nickname' without replacing hardware.

You don't need to know what CPU or HDD I have installed - the only reason you would want to would be to directly target advertisements at their own users, concerning their own fucking hardwaer.

Or maybe... Just maybe... They could make design decisions based on the majority of users.

What proccessor speed do the majority have? What OS? How much RAM? How much harddrive space?

It's important to know about who you're making software for.

If Skype did that, they'd lose not every bit of faith from me

Did you know Skype is owned by Paypal and eBay now?

I can guarantee you that IT is so stupid they'd drop Skype and install Asterisk on a whim if I told them too, since I usually end up having to fix their intranet when it goes down.

Asterisk and what? What SIP providers? What solution exactly? -- Asterisk is not a easy solution to setup compared to Skype. The end user can setup Skype, but Asterisk? I doubt it.

Re:Goddammit ! It is FREE so what do you care ?

[aesova]

That's a reasonable perspective, but if you are, as you say, "paying with information," wouldn't you prefer that your decision to do so be an informed one? After all, Skype doesn't appear to be particularly straightforward with this information, and therefore your payment is taken without your knowledge, which could be considered by some to be fraudulent.

Re:Don't like it one bit.

[Gr8Apes]

the original hardcoded MAC address is always visible to the OS somehow. Just changing the setting does not lose that information. I was under the impression that there was no such thing as a hard-coded number. Why do I say this? Because one fine day many years ago I received a shipment of 100 ethernet cards all with identical MACs. That was one fun day as those cards rolled out into the network...

Processor serial numbers are about as innocuous as a privacy concern as if you used your grocery store loyalty card. To say that someone is going to target you because you have a certain loyalty to the grocery store is ludicrous. I don't share your ambivalence, yet agree with your point. They might haul you into jail, however, for buying large amounts of plastic forks, rubbing alcohol, and a couple of other items though.

Uniquely identifying systems is ESSENTIAL to the current internet and DRM problems. Wrong. It's completely irrelevant and impossible to uniquely identify a system on the internet. It is ESSENTIAL to have unique connections. Identity is essential for law enforcement types, not the internet. For instance, do I care that I connect to machine 1 or 1,000,000 of those answering for google.com? DRM in this scenario is irrelevant, and any argument in support of that is already terminally flawed. (DRM's problems are that DRM exists at all)

Just think, if a processor serial number had become a standard, they may not have decided so fast that they needed TPM and per-machine iTunes authorizing so hackneyed, and so on. Of course you can be uniquely identified on the internet. How much crazy hashing crap like this would it have made totally unecessary? TPM exists purely to serve DRM. See above. QED.