Slashdot Mirror
Why Does Skype Read the BIOS?
pfp writes "Myria at pagetable.com, among others, noticed that Skype reads the machine's BIOS code on startup. This probably would've gone unnoticed if the operation didn't fail on 64-bit windows. From the post: 'It's dumping your system BIOS, which usually includes your motherboard's serial number, and pipes it to the Skype application. I have no idea what they're using it for, or whether they send anything to their servers, but I bet whatever they're doing is no good given their track record... If they hadn't been ignorant of Win64's lack of NTVDM, nobody would've noticed this happening.'"
This is a random guess, but it could be part of skype determining the make and model of your CPU. They had made a deal with Intel a while back to only allow large conferences on their processors, and the BIOS reading could be part of that or anticipation of other deals to come.
What is mankind really? Well, it's just two words put together Mank, and ind.
nothing to see here. move along.
we are not spying on you. we swear.
oh btw.. your wife is cheating on you.
I think he was talking about the company who owns it. They also made kazaa, which was full of spyware and other harmful malware.
What better unique identifier than the system bios? Ip addresses are becoming less reliable since many people use wireless internet and mobile phones for skype.
Skype is probably just looking for abusive users who sign up for their low margin unlimited calling plan only to share it with their relatives and friends accross the world. If they say detect say 5 different machines calling 5 different people all within a span of 10 minutes, then something is likely wrong.
Of course they could just be collecting system info such as the system manufacturer, processor type, number of processors, sound card, etc. This could be combined with the survey results regarding phone quality they ask you to take after every few calls. In the end it could result in a better product and better service. Of course many other software products already do this (such as firefox, ms windows, ms office) but they are more open about it and at least give you the option of participating.
While it is true that the developers were responsible for Kazaa, currently Skype is owned by eBay. They bought them on Oct. 14, 2005 for around $2.6 billion.
What is mankind really? Well, it's just two words put together Mank, and ind.
Wouldn't it be nice of the Operating System helped you protect it from intrusive applications? No, you don't get to silently spam half baked crap into /etc/rc.d/init.d just because the you actually need sufficient privilege to do some other thing on install. No, my registry is NOT a free-for-all; you get to put just what you need in there and not go on a fishing expedition or 'fix' stuff you're not compatible with. No, the BIOS isn't for you because you're just a VOIP app and have no business whatsoever mucking around with the nonvolatile CMOS I need to boot. No, I don't need a fourth JVM crammed into my PATH, thanks.
Vendors would be forced to detail the mucking around they do, probably leading to much less mucking around in general. Indifferent users could just do what they always do and bang on the 'accept/yes/ok' widgets. Those of us who know enough to care (or get paid to) would then have an actual chance.
Too much to ask I guess.
Lurking at the bottom of the gravity well, getting old
Actually, the original Kazaa (which WAS dev'd by the same people as skype) was -not- full of spyware and adware. Kazaa was made an atrocity by Sharman, who still owns it.
It's easier to fight for one's principles than to live up to them.
That's even worse!
This comment is guaranteed*
*not guaranteed
Yeah, I'm shaking in my shoes thinking that eBay might steal my identity and sell my files to the government because their software might theoretically be able to read my bus speed and AGP window size.
I once read somewhere that the only identifying information that you could legally acquire, being installed on someone's computer, was MAC, IP, and Nickname. Anything else (Pentium 3 fiasco, anyone?) constituted a breach of privacy. Dunno if it's true, or not, but personally, I don't want you trying to identify what the hell makes up my system. Perhaps I'm building it SECRETLY for a fucking reason. You don't need to know what CPU or HDD I have installed - the only reason you would want to would be to directly target advertisements at their own users, concerning their own fucking hardwaer. If Skype did that, they'd lose not every bit of faith from me, but I'd go tell my company that I work for, which uses SKYPE on a regular basis. I can guarantee you that IT is so stupid they'd drop Skype and install Asterisk on a whim if I told them too, since I usually end up having to fix their intranet when it goes down.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
They could be referring to the time where Skype would only allow 10-way conference calling on dual-core Intel processors. Those running AMD processors could only have 5-way conference calls. At the time they cited the "technical superiority" of Intel processors over AMD ones.
Of course thie gave bad publicity to both Intel and Skype after AMD issued a subpoena against Skype and the fact that it was discovered that the software simply checked the processor ID and enabled the feature based on that. A patched version was also released which bypassed this artificial limitation.
Has anyone asked them for their explanation? I feel now would be a good time for them to exercise their right to tell us why they do this.
Might I suggest mailto:info@skype.net
I would do so I myself, but I assume there's a paying Skype user here who would garner a bit more attention than I would.
Skype won't run if you have softice installed on windows. Pretty funny - I guess they don't want you to look.
Ollydbg still works though.
Dear Sir/Madam,
As a Skype customer (adpsimpson) and software developer who has used skype-out from across the world to stay in touch with folk at home, I read with some interest on http://slashdot.org/ this morning that Skype appears to read the system bios on start up.
While I am aware that there are legitimate reasons that some software may do this, I cannot immediately think what a VOIP application would require the data for.
Using closed source software is always a second-best from my point of view, especially in terms of privacy and transparency of the software's function - this in fact is what led me to Skype, since it runs on Linux. As such I am slightly concerned about unexpected application behaviour.
What does Skype do with this information? Is it transmitted across the network in any form? Is it identifiable?
I look forward to your response,
Yours,
Andrew Simpson
Is crushing a suspect's child's testicles illegal?
John Yoo: "No, [if] the President thinks he needs to do that."
http://www.recon.cx/en/f/vskype-part1.pdf
http://www.recon.cx/en/f/vskype-part2.pdf
Can someone tell me how can I check if its doing the same on my Macbook?
There's really no need. Macs are secure by default even when running Windows.
In the unlikely event that a rogue piece of software does manage to send out some of your personal info, an electronic version of Steve Jobs will shoot down the wire after it and destroy the packets before they reach their destination. Probably using one of those frisbees out of Tron.
Perhaps the federal government requires them to make all phone calls traceable?
I am gonna repeat my grand conspiracy theory: It is my belief that eBay's purchase of Skype was somehow coaxed by the NSA/CIA and here is why: Ebay's purchase of Skype never made sense. Ebay could have included skypeout:// links in their auctions without spending a penny. That would be like saying slashdot can't use IM unless they buy AOL. Skype spent way above considered market value for Skype and their share holders have applied no real pressure to have it turn a profit. This makes the transaction suspicious. The reason of course if because prior to the eBay's purchase Skype was owned in Luxembourg and definitely not an ideal partner for eavesdropping on "terra'rists" (given those crazy European privacy laws). Given that the calls are encrypted, and that Skype does maintain the keys to decrypt those session, getting Skype under US subpeona power is a powerful tool for eavesdropping. Infact, because it is VoIP for most if not all of the calls, it can easily route traffic into the US were it can be picked up, decoded and monitored. Or, since it is known that open IP's become super nodes, Skype can naturally be coaxed into steering packets toward a super-node that can easily be monitored. I use to work for the company that wrote Carnivore. People got worked up over that? It was only the prototype.
Yeah, I'm shaking in my shoes thinking that eBay might steal my identity and sell my files to the government because their software might theoretically be able to read my bus speed and AGP window size.
A++++++ A PLEASURE TO BE SPIED ON! WOULD HAVE PERSONAL INFORMATION STOLEN AGAIN!
That's a reasonable perspective, but if you are, as you say, "paying with information," wouldn't you prefer that your decision to do so be an informed one? After all, Skype doesn't appear to be particularly straightforward with this information, and therefore your payment is taken without your knowledge, which could be considered by some to be fraudulent.
If bullshit were music, you'd be a brass band.
I KNEW that bitch was using an aimbot!
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
The cesspool just got a check and balance.