Skype Extras plug-in manager

By Kurt on February 8, 2007 in Reviews and news.

(Updated Feb 9 with some more context.)

One of the new features in Skype for Windows is the Extras Gallery. (Extras are third-party plug-ins that let users expand Skype functionality. See extras.skype.com for what’s available.) The Gallery is managed by a plug-in manager software framework developed by EasyBits Software and used under license.

The EasyBits software includes a form of digital rights management functionality intended to protect commercial software, such as plug-ins, from illegal redistribution or unlicensed use. Simply put, the EasyBits DRM framework helps us ensure compliance with software usage and distribution.

To enforce these license agreements, the EasyBits framework attempts to uniquely identify what physical computer it’s running on. One way to do this identification is to simply read the serial number of the motherboard, which is often available through a public query to the BIOS.

It is quite normal to look at indicators that uniquely identify the platform and there is nothing secret about reading hardware parameters from the BIOS. The function calls to do this are public and are available to any software running on your computer. Of course, in line with our Privacy Agreement, Skype does not retrieve any of this data. It is only used by the EasyBits software to ensure that plug-in use complies with the appropriate license token or key.

Since we learned that EasyBits DRM did not perform well on some newer platforms, we updated the version of their framework with one that no longer attempts to read from the BIOS. The current download of Skype for Windows, version 3.0.0.216, includes this updated framework.

View blog reactions

Comments

Hey guys, nice to hear that you respond to people, but it is still a bit vague.

http://wirelessisfun.com/2007/02/07/skype-reads-your-bios-and-motherboard-serial-number/

I like the service of Skype.
One thing annoys me greatly: I constantly get requests from strangers, frm everywhere, to establish contact.
Many callers are from China.
I am sitting working on the computer and I need to fend off these callers.
Where did they find my address? How do I stop it?
Elly

1) Go to Options->Privacy and only allow calls as well as chats from people in your contact list.

2) Remove as much personal data from your profile as possible, especially gender! People just search for some specific criteria and start chatting with "fitting" users. Writing in your profile that you are female, blond and 18 might get you the most new contacts .

3) If you are in a public chat chances are that people find you this way as well.

Good luck!

Hey Skype! Why do you lie to your customers? Why haven't you inform about this DRM-Plugin? Now we have to decide if we will use you software in future or not. How can we be sure that there are no more other such Plugins in your client software? We can't believe you anymore, sorry!

Your own commitment/words: http://www.skype.com/download/adwarefree/

Dear Skype,
could you please be a bit more specific about what you mean by "The EasyBits software includes a form of digital rights management functionality intended to protect commercial software". What information is sent were to? Or is no data that is part of or derived from the bios sent anywhere? How can it be that there is a need for DRM management of plugins that apparently are freely distributed (in the same way as Skype).
I would also want to remind you that you/Easy Bit Software violate(s) not only the privacy of the user but also the copyright of the bios manufacturer by sending it or functional units thereof over the internet.

Hello Skype,
Please comment on the above two posts from fox-idl and patbeppo and please answer to *all* their concerns.
Are you aware of the bad reputation that you have earned just because of this story?

Kurt said:

> [..................................................]
> Of course, in line with our Privacy Agreement, Skype
> does not retrieve any of this data. It is only used
> by the EasyBits software to ensure that plug-in use
> complies with the appropriate license token or key.
> [..................................................]

(So I suppose, that data are send to the EasyBits servers. This fact is known only since a few days.)

http://www.skype.com/download/adwarefree/ said
> [..................................................]
> Spyware relates to software that becomes installed
> on computer without the informed consent or
> knowledge of the computer’s owner and covertly
> transmits or receives data to or from a remote host.
> [..................................................]

This two statements are not compatible.

3 days ago I was trying to make a transfer by my bank in Sweden but when trying to confirm the transaction by giving in a codenumber something like this came up on the screen: se +46 1234... Ring - making it impossible to confirm the transaction. Incredible!!!!!

Stenisen

@patbeppo: Not all plug-ins are "free". If you look at the extras gallery here (https://extras.skype.com/114/view) you will see that some are freeware, some shareware, some pay-per-use etc.

@Stenisen: Thats the Skype browser plug-in. You can deactivate it by clicking on the Skype button in your browser (both IE & FF).

@florian_matusek
Your argument in itself: acknowledged.

The argument however neither explains why the bios is read out if no such non-free extention is present, nor does it answer any of the other points. To repeat the above points:
What data is extractly used after the read out?
What is done with that data, specifically where is that data sent to? If data is sent to Skype or third parties what are the agreements to further distribute the data to still others?

sykpe = ebay ... any questions left?
think about it =)

(i like skype... but actions like that, espacially trying to hide the (evil) .com file are making me nervous..)

Please fix the link in your blog post.

Hey, you know that you are lie!
You can't tell us that someone (third-party) can develop spyware into their framework and you implement this into Skype without properly checking it or get the source code for this (here extras manager in Skype..)!

You simply must lie, because reading the whole bios and not just the serial number is done with this dos app (1.com)!

And there are other much more simplier methods to get the bios serial number, there is no need for an dos 16 bit .com application..!

WMI among others..(which work in x64..)

Here is the truth:
http://www.pagetable.com/?p=27

Skype is spying against the user, read the bios info and then submit it encrypted and so it's hard to find it, that is what Skype Limited wants and intended..

Why you lie against your customers and users?!
Why you don't say the truth and tell everyone that The new Skype 3.0 with the Extras use DRM..?!

DRM is bad, DRM is no solution, DRM spies.

It is even bad that you let an external company (third-party) named EasyBits develop this for you and then integrate this shit into your Skype application.
That saying that you cannot code and done this by yourself, so your coders in Skype Limited are too "stupid" and untalented to code an extras-manager by themselves instead of an external company..?!

Lol big shame on you!

Avoid using Skype 3.x, use 2.x instead..

Well, I am sure SKEPY GOING right TO OUT of my computer. If no one think about it two time.

Really people, reading responses in here makes me wonder if some people have some intelligence at all. You must know that most software manufacturers use some kind of reading of system information to set a system license key. You could basically uninstall all software you have!

Skype just does what most other suppliers do. The Easybits software is just to manage license key and no information is send over the internet.

Do all other suppliers explain how they protect their software?

"most software manufacturers use some kind of reading of system information to set a system license key"

Microsoft for example use "advanced" system information for activation system. They read "sensible" data from motherboard BIOS or HDD...

That's why I'm against proprietary closed-source software!

Nobody knows what is going on in/with Skype software and peer-review is not possible..

I uninstalled Skype now and recommend all my friends to do so.

The trust in Skype is over, you're claim to be spyware free, but bios dumping isn't spyware free, so you lie and so you will lose your credibility, authenticity and reputation. Don't trust Skype Limited because they are close and lie.

Skype Limited have to inform all users and customers, that Skype 3.x with the Extras(-manager) uses DRM and that the DRM protection system spies your bios data including the serial number of the motherboard.
Additionally Skype have to inform that you can use Skype Business 3.x, which is coming without the Extras (Plugin-Manager) and thus without DRM..!

I recommend all my friends to uninstall it and avoid using proprietary closed-source software which claims secure, safe and spyware free but spies bios date = SKYPE!

Now I'm using OpenWengo (WengoPhone) http://www.openwengo.org and recommend all my friends to use this great open-source IM, video and voice application.

OpenWengo uses open standards and NO proprietary closed protocols. WengoPhone uses e.g. SIP, RTP, etc.

And with Philip Zimmermann's Zfone, SIP and RTP is secure and encrypted (SIPS/SRTP/ZRTP). See http://zfoneproject.com/

I liked skype very much, but always had some nervous feeling about it. Now I uninstalled skype and told all my business cotnacts to do so, too. I am now using Gizmo (http://gizmoproject.com) v3; which at uses a standard protocol. OK, it's not open source, but I don't trust skype anymore. Skype's GUI is great and I miss the GUI somehow, but enough is enough.

Hi Kurt,

Came across your blog while browsing around…cool stuff u have going on here. Also I thought I’d tell u about something I came across, thought u might find it useful, bcoz ur in Technology…it’s this site called Myndnet…u should check it out..the link is here http://www.myndnet.com/login.jsp?referral=alpa83&channel=al55

It’s this cool place where u get paid for responding to queries…very cool stuff!! http://www.myndnet.com/login.jsp?referral=alpa83&channel=al55

Cheers
Alpa

TrackBack

Listed below are links to weblogs that reference Skype Extras plug-in manager:

» Skype gibt den Schwarzen Peter an EasyBits weiter from WWWorker - Sascha A. Carlin
Skype selbst ist gar nicht schuld, sondern einer seiner Partner: Since we learned that EasyBits DRM did not perform well on some newer platforms, we updated the version of their framework with one that no longer attempts to read from the BIOS. [Quelle... [Read More]

» Skype Reads Your BIOS and Motherboard Serial Number from wireless is fun dot com
Myria from pagetable.com tells us that Skype Reads Your BIOS and Motherboard Serial Number What happens, is that they use a protected executable file to dump the BIOS POST data, feed it to the client installed on your computer and then probably call b... [Read More]

» Skype 讀 BIOS 的真相 from 苦牢之最後一年
靠主機板 serial number 來認證 ? 前兩天大神那邊有提到過說 Skype 會不明原因地跑去讀 BIOS 的資訊，今天有了官方回應，據他們的說法， Skype 的 plugin framework 是買 EasyBits Software 的，而該 framework ... [Read More]

» Skype updaten from blog.der-link.de
Wurde gestern noch viel diskutiert und getestet(bei Rob meine Ergebnisse) ob Skype nun BIOS-Daten ausließt, steht es heute fest. Ja hat es. Wieso und warum und der Hinweis auf eine schnüffelfreie Version gibt es direkt bei Skype. [Read More]

» Skype ließt BIOS Daten aus Teil 2 from kONZENTRAT.org - infotainment, fun & trash
Offiziel heißt es man hätte das Auslesen für ein Plugin das in der aktuellen Version nicht mehr benutzt würde gebraucht. Mal sehn was als nächstes auffällt. Interessierte User lesen bei Skype: Skype Extras plug-in manager ... [Read More]

» Skype antics and DRM from (e)Mail Insecurity
[Read More]

» Skype pone soluci al spyware from Estrategias Miles
Hace unos d僘s comentabamos la noticia de que Skype ven僘 con Spyware, ｿel responsable? un framework desarrollado por EasyBits con funcionalidades DRM para el manejo de los plugins que se introdujeron en la versi 3 (Windows) con los extras. Bueno, ahora [Read More]

» Skype już nie czyta BIOS’u from ITblog
Wraz z nową wersją popularnego komunikatora wyjaśniła się mała afera z pobieraniem danych z BIOS’u. Pozwolę sobie na odrobinę polemiki z twórcami programu, cytuję za stroną skype.com: It is quite normal to look at indicators that uniqu... [Read More]

» Le monde, Skype, SSTIC, MISC et pensées matinales... from Ma petite parcelle d'Internet...
C'est en tout cas ce que plusieurs blogs ont affirmé la semaine dernière suite à un billet très commenté sur Pagetable.com. On y apprend en effet que Skype va lire l'intégralité du contenu de votre BIOS à l'installation, comportement étrange s'il en est. [Read More]

» How to avoid Skype 3.0 reading the BIOS of your system from Voice of VOIPSA
Last week, in a post entitled “Skype Reads Your BIOS and Motherboard Serial Number” a developer named myria outlined how Skype was calling a file called “1.com” to read your PC’s BIOS. Predictably, this set off a Slashdo... [Read More]

» Skype snoop agent reads mobo serial numbers from Digifonica
'Quite normal' feature has been removed Skype has been spying on its Windows-based users since the middle of December by secretly accessing their system bios settings and recording the motherboard serial number. A blog entry made on Skype's website as [Read More]

using RSS
via Bloglines
using Newsgator
with MyYahoo
with Google
with MyAOL
with netvibes