Slashdot Mirror
Why Does Skype Read the BIOS?
pfp writes "Myria at pagetable.com, among others, noticed that Skype reads the machine's BIOS code on startup. This probably would've gone unnoticed if the operation didn't fail on 64-bit windows. From the post: 'It's dumping your system BIOS, which usually includes your motherboard's serial number, and pipes it to the Skype application. I have no idea what they're using it for, or whether they send anything to their servers, but I bet whatever they're doing is no good given their track record... If they hadn't been ignorant of Win64's lack of NTVDM, nobody would've noticed this happening.'"
If you run closed-source software on your machine, then you deserve everything you get.
If the suppliers of software weren't ashamed of it, they would gladly show you what was inside, beaming with pride as you carefully inspected each immaculately-tooled part. If they won't let you look, it's always for one of two reasons. Either it's doing something they don't want you to know about (*cough* ActiveX *cough*), or it's so badly written that they wouldn't want to admit to it (*cough* StarOffice *cough*).
Stick to open standards like SIP and IAX. Only download Skype if you're planning to try to force it open.
Je fume. Tu fumes. Nous fûmes!
This will generate some much needed criticism of Skype. It's not only that it is closed source, it's a closed protocol as well. I presume every Skype phone will have to pay nice amount of royalties.
Basically Skype is not much more than VOIP. What it has going is a lot of hype, a cool name and an efficient way of doing the networking. But even then I have always been very sceptical of Skype. Unfortunately I haven't seen this reflected in real life. People simply buy Skype phones - even ones that only know how to do Skype - without realizing they are setting up a new monopoly again.
And, as you can see, monopolies can do really bad stuff. Maybe this will turn out to be nothing spectacular, but who says that the next time this will be the case? It's not that I hold eBay in such a high esteem either (although this is mostly gut-feeling).
MAC addresses can be changed but despite the "currently in use" MAC on your board being different to the factory default, the original hardcoded MAC address is always visible to the OS somehow. Just changing the setting does not lose that information.
You could always uniquely identify an ethernet adapter, and barring reflashing the chip eeprom that stores this information, it's not user changable.
Processor serial numbers are about as innocuous as a privacy concern as if you used your grocery store loyalty card. To say that someone is going to target you because you have a certain loyalty to the grocery store is ludicrous.
Uniquely identifying systems is ESSENTIAL to the current internet and DRM problems.
Just think, if a processor serial number had become a standard, they may not have decided so fast that they needed TPM and per-machine iTunes authorizing so hackneyed, and so on. Of course you can be uniquely identified on the internet. How much crazy hashing crap like this would it have made totally unecessary?