Skype wants your BIOS | The Coffeehouse

Another_Darren
... than you can shake a stick at

http://www.pagetable.com/?p=27

Anyone want to have a guess at why Skype want a copy of your BIOS?

Cornelius Ellsonpeter

Although I never used Skype, it is a little odd. It wouldn't take much to send that information back to a database.

Say...didn't Lenn (a founding Niner here) go over to Skype? Perhaps he could answer that...

littleguru
<3 Seattle

Doesn't Skype say on their web site that they are ad and spyware free? I wonder if somebody in the US is going to sue them now Tongue Out

ScanIAm
On a scale of 1 to 10, people are stupid.

Someone posted in the comments a pretty plausible reason for this. Since Skype is P2P, they need to uniquely identify each node. Further, they probably need that identity to be repeatable. You can be pretty sure that if you put the Serial Number and Bios Model together, you can get a unique number that will repeat. This means that they can:

1) associate your 'phone number' with your computer
2) make sure you are uniquely identified on the network

If you notice, it doesn't read your whole BIOS, it just reads a few pieces of info and there is nothing that says that this info is sent back to Skype headquarters.

AndyC

Generating some form of unique hash from the BIOS serial number so they can identify if you move machines makes sense. Getting that info by doing some sort of nasty DOS dump rather than just querying WMI is just unforgivable though. Tongue Out

blowdart
Peek-a-boo

AndyC wrote:
Generating some form of unique hash from the BIOS serial number so they can identify if you move machines makes sense. Getting that info by doing some sort of nasty DOS dump rather than just querying WMI is just unforgivable though.

But Skype isn't linked to a single machine anyway, so why would they need that information?

AndyC

blowdart wrote:

But Skype isn't linked to a single machine anyway, so why would they need that information?

So they know which of the machines I'm currently at to direct calls to?

blowdart
Peek-a-boo

AndyC wrote:

blowdart wrote:
But Skype isn't linked to a single machine anyway, so why would they need that information?

So they know which of the machines I'm currently at to direct calls to?

You're running the software; it knows from that surely.

AndyC

blowdart wrote:

You're running the software; it knows from that surely.

But if I want to transparently roam between machines without constantly signing in/out would that be enough?

blowdart
Peek-a-boo

AndyC wrote:

blowdart wrote:

You're running the software; it knows from that surely.

But if I want to transparently roam between machines without constantly signing in/out would that be enough?

And how would reading the BIOS help? The software would be running on multiple machines, so how would it know where to forward to?

AndyC

Well, if you had a routing table that was keyed by some sort of unique id (which may or may not came from the bios serial number) then surely you can use that coupled with notification of which id was most recently active to attempt to intelligently direct a call.

There may well be better ways, I'm just speculating.

ScanIAm
On a scale of 1 to 10, people are stupid.

blowdart wrote:

AndyC wrote:

blowdart wrote:

You're running the software; it knows from that surely.

But if I want to transparently roam between machines without constantly signing in/out would that be enough?

And how would reading the BIOS help? The software would be running on multiple machines, so how would it know where to forward to?

Each phone has to be unique, not each user. They can set up software that forwards your calls to whichever phone you use, but they need a way to identify an actual phone.

It's analogous to what is done at the junction box right before your house. Your phone line is given a unique spot on the punchout panel and the phone company uses that to make your phone ring. The phone number that everyone uses is simply a shorthand for that.

blowdart
Peek-a-boo

AndyC wrote:
Well, if you had a routing table that was keyed by some sort of unique id (which may or may not came from the bios serial number) then surely you can use that coupled with notification of which id was most recently active to attempt to intelligently direct a call.

There may well be better ways, I'm just speculating.

Indeed. How about the last used machine registering itself; via UDP (a bit like it works now). Even with multiple machines behind NAT you could do uPNP to get unique ports and forwarding. I really can't think of a decent reason to sweep the BIOS

ScanIAm
On a scale of 1 to 10, people are stupid.

blowdart wrote:

AndyC wrote: Well, if you had a routing table that was keyed by some sort of unique id (which may or may not came from the bios serial number) then surely you can use that coupled with notification of which id was most recently active to attempt to intelligently direct a call.

There may well be better ways, I'm just speculating.

Indeed. How about the last used machine registering itself; via UDP (a bit like it works now). Even with multiple machines behind NAT you could do uPNP to get unique ports and forwarding. I really can't think of a decent reason to sweep the BIOS

Then why do MAC addresses exist?

Why do they need to be unique on the local network?

This is all just speculation, so take it with a grain of salt, but even in your uPNP above, your network card needs to be unique.

blowdart
Peek-a-boo

ScanIAm wrote:

Then why do MAC addresses exist?

Why do they need to be unique on the local network?

This is all just speculation, so take it with a grain of salt, but even in your uPNP above, your network card needs to be unique.

Well yes, but macs don't go past the router, so can't be used for indentification over the internet as a whole.

ScanIAm
On a scale of 1 to 10, people are stupid.

blowdart wrote:

ScanIAm wrote:
Then why do MAC addresses exist?

Why do they need to be unique on the local network?

This is all just speculation, so take it with a grain of salt, but even in your uPNP above, your network card needs to be unique.

Well yes, but macs don't go past the router, so can't be used for indentification over the internet as a whole.

Why can't they be used as a universal identifier?

msemack
Embedded Systems Guy

ScanIAm wrote:
Why can't they be used as a universal identifier?

Not sure if this answers the question, but MAC addresses are not universally unique.

AndyC

msemack wrote:

Not sure if this answers the question, but MAC addresses are not universally unique.

Er, they are supposed to be. Networks could seriously break if they weren't.

As for UDP or UPnP, not much use behind a strict corporate firewall and it's the corporates Skype seem to be targeting these days.

blowdart
Peek-a-boo

AndyC wrote:

msemack wrote:
Not sure if this answers the question, but MAC addresses are not universally unique.

Er, they are supposed to be. Networks could seriously break if they weren't.

As for UDP or UPnP, not much use behind a strict corporate firewall and it's the corporates Skype seem to be targeting these days.

No, macs only have to be unique within a network, not globally.

And behind a corporate firewall kind of negates the multiple machines under the same user account arguement.

msemack
Embedded Systems Guy

AndyC wrote:
Er, they are supposed to be. Networks could seriously break if they weren't.

Welcome to the real world. MAC addresses usually are unique, but not always.

1. Most OSes let you spoof MAC addresses.

2. Most ethernet controller chips let you modify the MAC address at runtime (a requirement for #1).

3. Many broadband routers allow MAC address spoofing.

4. Some ethernet controller chips have a bug where some of the MAC address bits will periodically change. This bug was present on an extremely popular PCI Ethernet card sold at retail chains across the country.

5. Some el-cheapo network card vendors will recycle MAC addresses, rather than purchasing a new block of numbers.

6. Early Sun Microsystems workstations had dual ethernet ports, but allocated MAC addresses PER WORKSTATION, not per port. So, there were 2 ethernet ports with the same MAC address.

ScanIAm
On a scale of 1 to 10, people are stupid.

AndyC wrote:

msemack wrote:
Not sure if this answers the question, but MAC addresses are not universally unique.

Er, they are supposed to be. Networks could seriously break if they weren't.

As for UDP or UPnP, not much use behind a strict corporate firewall and it's the corporates Skype seem to be targeting these days.

I was posing the question so I could make a point: MAC addresses aren't universally unique. They need to be unique across the set of NICs that connect directly to a router/switch, but I could, right now, change the mac address on my router to anything I wanted to and it would still work.

There are (at least) 2 ways to get a universally unique ID number for a machine: a GUID or a combination of info unique to that machine. In the case of a GUID, it is possible that the GUID could be regenerated and still be unique, but it wouldn't be the same GUID as before. On the other hand, an ID based on the hardware itself is both unique and reproducible.

But, why would you need such a unique machine ID? 911! (or in the UK, I think it's 999). The mean ol US government requires that phone service provide 911 pinpoint functionality so that dialing 911 will give the 'address' of the person making the call.

As always, take this with a huge grain of speculation-flavored salt.