Forgot your password?
typodupeerror
Intel

Intel To Drop CPU ID Number 146

Posted by CmdrTaco
from the pats-on-the-back dept.
slashdoter writes: "Looks like Intel is giving up the ID number thing on the CPU. They will still have it on the PIII but the Willamette will be like the older PII. " Guess the boycott over the fiasco is at an end. Cool that Intel listens to consumers.
This discussion has been archived. No new comments can be posted.

Intel To Drop CPU ID Number

Comments Filter:
  • by kwsNI (133721)
    Dammit, I was enjoying all those benefits that you got by using the Processor ID while online :)

    kwsNI
  • We can now continue to download porno and mp3's w/o being tracked! All hail the internet!
  • Ya know what, I don't believe Intel for a second. I think the CPU ID will still be there. They've just declared it gone for PR reasons. Someone will discover it way down the line and ther'll be a big stink about it. Anyone want to wager against me on this one?
  • This looks a little familiar [slashdot.org] :) Why not just mirror this one on the front page? or educate people a little more on the various sections. This article can be found in the Your Rights Online [slashdot.org] section. I suggest that all slashdot readers regularly check the other sections, before bitching about how news didn't make the front page.

    Of course now if they'd just run the damn story about Napster and Limp Bizkit teaming up...
  • by Anonymous Coward on Thursday April 27, 2000 @05:34AM (#1107203)
    I am a free CPU
  • by wub (69839)
    I had a Mobile PII that had the ID # (yes, intel was putting them in the PIIs for laptops since they were being manufactured at the same time as the first PIIIs) but I returned it for an older PII.

  • Now I can start grabbing all that pr0n and mp3z at work again!
  • Actually, I think it was a combination of many things.

    They got lots o' negative publicity over this. Because of this, there wasn't nearly as many online sites that chose to use the technology (I can only think of Intel's Web Outfitters). Then they were faced with the question of what good is a technology that nobody adopts or uses?

    Basically, I think they had an idea (not a great one but it made a little sense) and they completely marketed it wrong. When it blew up in their face, I think they finally decided that it wasn't worth it and dropped it.

    kwsNI

  • It would be interesting to see which put more pressure on INTEL the boycott or the House Democrat denoucing the chip and the Chinese goverment telling people not to use it. This would be a good way to judge the effect of /.'s boycotts on MPAA and DVDCAA and eToys.

    Still I am glad by the move - even though I prefer AMD
  • Worry anytime a company or the government has any tracking plans designed to:

    - to stop crime, information piracy or terrorists.

    - streamline processes which will allegedly result in lower costs to the consumer/taxpayer but requires less accountability or bypasses standard protections.

    - cater to fearmongering in any sort, i.e. protecting your children, the Commies are coming to get us!, etc.

    Privacy, personal responsibility and accountability are the most important rights all persons in this world should fight for.
  • No, I was being totally sarcastic. I don't think the idea ever caught on outside of Intel's own website...

    kwsNI
  • Why are people so freaked about the CPU ID, yet not worried about:

    (1) The unique MAC address on their ethernet card.
    (2) The serial number in their modem ROM (See the ATIx series of commands)
    (3) The unique serial number embedded in their BIOS ROM.

    Any of these can uniquely identify YOUR pc to the net.

  • by DeepDarkSky (111382) on Thursday April 27, 2000 @05:42AM (#1107212)
    How was the serial number accessed? I mean, if it was documented, then you'd know it's there. What if it wasn't documented? What if they keep it in there and just not say anything about it? Since CPUs and hardware in general are not exactly "open source", there's nothing to prevent them from putting it in and not have anybody ever know about it, right? Not that Intel would do that, because if anybody ever find out, it'd be PR disaster. Right?

    The other thing is, why not just create two versions of the chip? For home users, we can get the version of the chip that does not have the serial number, and for those that want/need the serial number feature, they can create a version that has it. Better yet, make it a separate module that can be added to the CPU, so that while each CPU has a serial number, it cannot be accessed unless this module is added. If corporate/government users want this feature, I don't see why they shouldn't have it. For personal use, I'd say we have to have at least a choice or it should not be there at all.

  • by um... Lucas (13147) on Thursday April 27, 2000 @06:09AM (#1107213) Homepage Journal
    As far as I know, Microsoft was embedding the MAC Address in documents created by their products... Which is how the guy that wrote the Melissa virus was caught. Not that that's a good thing!

    In a completely separate incedent, it was found that the Windows Registration Wizard was sending all the data about your configuration back to Microsoft, regardless as to whether or not a user said it was okay when they were presented with a dialog asking permission.

    Two completely separate incidents, which took place a while back... After the fallout, Microsoft released 2 utilities... One that would replace the standard Windows registration wizard with an :improved: one that actually obeyed your commands, and another that removed the embedded hardware info in Office docuents.
  • by Signal 11 (7608) on Thursday April 27, 2000 @06:23AM (#1107214)
    Yes, horray for intel. Now, what about color printers embedding hidden codes? Or your ISP selling your browsing habits? What about doubleclick consolidating cookies with real world users? Why does the NY Times require me to sign in? Or for that matter, dozens of other websites? Where is the outrage over the HTTP standard being encoded to tell the next website you visit where you came from (and what you were searching for if you used a search engine like altavista, google, any "directory-like" service like yahoo, etc)?

    Yes, a wonderful victory for consumers. But what about going after the root of the problem - marketing and insufficient legal protections?


  • The CPU id was important to me that I wasn't even looking at Intels new recent offerings and paying more attention to the Athlon and all of its incarnations.

    Guess I'll look closely at Intel(non-id chips) for now on.
  • This is truly a day to remember. Why? Not because Intel stopped a controversial practice in the fact of intense grassroots opposition. Because Intel is actually removing a feature from one of it's chips! That brings the number of instructions down to... letsee... 7,045. Basically a RISC machine, right?
  • The other thing is, why not just create two versions of the chip?

    Why not just give the option of disabling it in the BIOS? :-)
  • by The Infamous TommyD (21616) on Thursday April 27, 2000 @06:27AM (#1107218)
    I have this straight from one of Intel's senior researchers. The original concept was that the CPU ID would be used for tracking assets in an organization. Inventory type stuff. This was actually asked for by major IT departments.

    Then: The marketing dept. got hold of the ID number and started asking around about what it could be used for and someone said oooh, e-commerce! It was then that things got out of control and everyone got onto Intel for tracking them, etc.

    The sad thing is that you don't need a CPU id if you allow your adversary to execute arbitrary code on your machine.(which you would have to do to allow someone to read your ID #) I mean a nice unique ID number is available by running /sbin/ifconfig

  • ...they already finished cataloging every computer user on the planet. Tcd004
  • At least not on any decent OS. If you're a Linux user, put this is /etc/cron.daily:

    #!/usr/bin/perl -w

    $if = "eth0";
    $hwaddr = "";

    # From Programming Perl, 2nd ed, p 224
    srand(time ^ $$ ^ unpack "%32L*", `ps axww | gzip`);

    for($i = 0; $i != 6; $i++) {
    $hwaddr .= sprintf "%lX", (rand 256);
    $hwaddr .= ":";
    }

    chop($hwaddr);
    `ifconfig $if hw ether $hwaddr`;


    It will change your supposed 'hardware' address to a random value (of course you can choose one specifically to frame someone...)
  • by coreman (8656) on Thursday April 27, 2000 @06:29AM (#1107221) Homepage
    or just reimplemented in an undocumented way?

    Even paranoids have enemies
  • I bought all mine used and even if there are serial #s they couldn't be traced to me.

    Until you go to [insert "evil" site here] and they associate your serial# with your sitelogin/realname/whateveridentifyinginfoyouwantt otalkabout.

  • Heheheh. Hopefully your Ethernet ID is unique...:-)
  • Now, what about ... your ISP selling your browsing habits?

    If you don't know what Signal11 is talking about, take a look at the contract you signed when you signed up for service. I don't know what % of ISPs do it, but MediaOne/RR explicitly states in their service contract "we will monitor and sell info on your browsing habits" [paraphrased]. If you want the service, you've got to agree to it... and since I can't get DSL, there's no competition. (Dialup is out of the question -- I've been spoiled ;)

  • How does buying used make a difference? It's not like your name was associated with the CPU ID from the start -- it becomes associated by what you do with it. The main problem is that these ID's can leave a trail, not that they might reveal your name. Once somebody has decided to snoop on you, the trail can be found. This could potentially be like someone going through your files (i.e. depending on what you use the net for, they could find some of the same info they would on receipts and invoices, etc.)

    ========
  • by Anonymous Coward
    The CPU ID is nothing. What is REALLY frightening is the combination of the new crypto system on Intel's next generation of CPU's.

    That, along with an ethernet port on the motherboard, means that someone can wiretap your system if they set things up right.

    Mostly likely all it takes is some programming of the PAL or SAL API.

    You might pooh-pooh this; but consider the implications. It means that if it hasn't been exploited yet by the CIA/NSA, then there is someone who ought to be held up for treason.

    Consider that this is the best opportunity for the U.S. Government to have extremely considerable influence over the entire world's computer infrastructure - at will.

    If someone in the NSA/CIA hasn't worked with Intel to put wiretapping into the Itanium, this is an extremely serious oversight. It's hard to think of a better opportunity to expand U.S. dominance.

    Of course, if the Chinese have penetrated Intel's security, or the Israel's, well, hey, we're screwed. :)

    The Intel boycott is still on.

  • by ryanr (30917)
    Did they do it because of pressure, or because a unique feature in each CPU adds significantly to the cost, and they need to compete with AMD?
  • by a2fan (63460)
    No, I think this is just a cost savings or a step to remove unnecessary complexity from the fab mfg process.
  • Humpf... With the advent of IPv6 and its super duper security model we can all look forward to big brother knowing where we are... but at least we can encrypt the packets.
  • Ethernet MAC addresses are all unique - each vendor gets assigned a series of numbers to use. It's six bytes long, so there's plenty of address space.
  • MAC addresses, AS ASSIGNED, definitely are unique. Changing them without a very good reason (and there aren't many very good reasons!) is a Bad Thing. Furthermore, some cards actually have the address burned into them, meaning that ifconfig doesn't do a damned bit of good.

    Those comments aside, you're right. You can change your MAC address. Furthermore, if you have stuff to do that you don't want traced, you can just unplug the ethernet cable and use that old 56k modem! (or alternatively, get a few extra ethernet cards)

  • Yeah right. They didn't drop the serial number because of consumer pressure. They dropped the number because it was a complete failure. I buy stuff online alot, and never once have I seen the topic of the serial number. If companies are collecting them, they do it in secret. I have mine turned off anyway. I thought it was a stupid idea to begin with.

  • by roman_mir (125474) on Thursday April 27, 2000 @06:46AM (#1107233) Homepage Journal
    Remember, the day when you found out about Intel PSN? It was devastating. I remember going to their newsgroups and publishing questions
    -1 - [deja.com], -2 - [deja.com], -3 - [deja.com] maybe those were not very well articulated questions but, jeez, couldn't they try to answer?
    The only responses from Intel rep's that me and other hundreds of people received was to move our questions away from Intel's newsgroup into other newsgroups.
    They specifically did not like questions that mentioned overclocking their CPU's, even though they overclock their own CPU's all the time and sell them at higher prices (PII, PIII same core; Pentium 166 was an overclocked Pentium 150 - but only intel is allowed to do this.)

    I am happy that AMD did not catch this desease of marking their processors with PINs, it would be a worse blow yet.

    Now at least, I can go back the Intel's newsgroups and say: "told you so, suckers!"
  • Hey Sig--
    the irony here is astounding:
    >Why does the NY Times require me to sign in? Or for that matter, dozens of other websites?

    (.sig)>Stop anonymity now! (we can't blame if we don't have names)

    I know it's two different subjects, but it *is* funny to see those both on the same post...
  • As far as I know, MAC Addresses make up part of GUID's which are used far and wide in Windows.

    This is why Microsoft guarentees GUID's to be unique if they are generated on a computer with a network card. They are only "mathematically likely" to be unique if they are generated on a computer without a network card.
  • Intel really needs to get their ass in gear on several much more important things:
    • Provide a chipset that makes Rambus even halfway worthwhile.
    • Differentiate their CPUs by price and performance (L2 cache variances are not enough)
    • Release a 1GHz processor to the retail market
    • Show support for PC133 and DDR SDRAM
    • Prove that the Pentium III processor really does make the Internet more fun


    --
  • No, it's not, if you are a home user with serial PPP connection without any ethN device.
  • Well, that's settable on some net cards, but not all of them... a lot of times that # is in a NVRAM/FLASH, but in some cards it *is* hard wired, and you can't change it. Sure, you can change what you think it is, but it might not have a whole lot of real effect. Also, if nothing else, the bits that tell who manufactured the card are usually not changable, so you can be 'restricted' from spoofing an SMC as a 3Com, etc...

    and, in the unlikely case that someone on your local net *does* have the same HW address (small chance from a rnd, but it is there)... well, you're both in for a good time.
  • If AMD wasn't doing so well, would Intel have kept CPU-ID?
  • Most home pcs don't have ethernet cards.
  • by Kaa (21510) on Thursday April 27, 2000 @06:57AM (#1107241) Homepage
    Now, what about color printers embedding hidden codes?

    Wasn't it color copiers? Consumer-level ink-jet doesn't really have enough resolution for all the dirty tricks.

    Or your ISP selling your browsing habits?

    I am unaware of any. I think that anytime an ISP tries to market the 'net access logs, a huge outcry will result.

    What about doubleclick consolidating cookies with real world users?

    What about it? They own the data, they can cross-reference it all they want. The problem is not doubleclick, the problem is ownership (or lack thereof) of personal information.

    Why does the NY Times require me to sign in? Or for that matter, dozens of other websites?

    Doh! Cause it's their site. They are under no obligation to let anybody in. You don't like it, don't go there. Or are you arguing for the younger RMS habits (who, as the story goes, went around the network forcing all the users' passwords to be the same -- on the Thou Shall Not Hide Any Information principle)?

    Where is the outrage over the HTTP standard being encoded to tell the next website you visit where you came from

    And why the outrage? This doesn't look like a huge threat to privacy. There are a lot of more important things.

    But what about going after the root of the problem - marketing and insufficient legal protections?

    I wonder what you propose to do about marketing -- outlaw it, maybe?

    And insufficient legal protections for what? Privacy? That's a good thing, but has to be done carefully and precisely. I myself favor introducing property rights over personal information: you have unalienable (can't sell it) copyright to your own personal info. Anybody who collects such info automatically gets a license to use it, but not to transfer it (otherwise you couldn't e.g. take pictures of people in the streets or log IP traffic).

    Kaa
  • MAC addresses, AS ASSIGNED, definitely are unique.

    Untrue. Hardware vendors have screwed up and send out MAC addresses that other people also sent out. It happens.

    Changing them without a very good reason (and there aren't many very good reasons!) is a Bad Thing.

    Why? They're really not used for much. Usually just to verify that someone (like a DSL provider) is talking to the machine they're supposed to be talking to, for which changing the hardware address can be very handy... [ie if you want to plug a different machine in]. It's handy on machines that don't know their IP at boot time, etc, but for most purposes it's useless.

    Furthermore, some cards actually have the address burned into them, meaning that ifconfig doesn't do a damned bit of good.

    Wrong, wrong, wrong, wrong, wrong. The drivers themselves do it. Think about it. You need a driver to be able to query the card to find it's address. But if you tell the driver to instead return some other value instead of quering the card, how can you (or a user-space application) tell the difference? So ifconfig tells the driver to return the value you give it instead of the actual value. How do I know that this is the case? If you reboot, the address returns to it's former (permanent) value. You never touch the hardware.
  • It was a little tough, but with my rotary tool and a fine carborundum bit, I was able to grind it right out.

    I'll do it for you, too, just send me your Pentiums.

    George
  • by RayChuang (10181) on Thursday April 27, 2000 @07:01AM (#1107244)
    Folks,

    I think the CPU ID idea used on the Pentium III CPU died real quickly because Microsoft never really supported the idea in Windows 98, Windows 98 Second Edition and Windows 2000. Given that's 85% of the operating system market, when Microsoft doesn't support the CPU ID#, nobody else is going to support it.
  • or you could just use an old net card that gathering dust one day, and another one the next day... keep 'em all fooled ;-)

    at one time, the Intel Ether Pro/10 cards were being sold in a bundle for ~$2 a card... grab a bunch of those, trade them around with friends... a grand old time.

    you can also run through one of the anonymizer services out there, create some free accounts on free BBSs... if you just want to avoid simple traces...

    You can avoid the HTTP-REFERRER stuff by just using wget for every page ;-)
  • Prove that the Pentium III processor really does make the Internet more fun

    You can run more pr0n movies simultaneously?

    Kaa
  • by Jouni (178730) on Thursday April 27, 2000 @07:02AM (#1107247)
    Hard drives can be used for fairly good identity tracking as they are assigned a 'quite' unique ID number when they are low level formatted. This is a method used by some multi-player online games to ban cheaters from their realms. Obviously this is "easily" circumvented by a hacker by re-formatting the hard disk, re-installing all system software and finally the application for the online connection/game. I was fairly amused by the vision of this kid reformatting his system every time he was caught cheating.

    But that's all still really besides the point. :)

    Digital identity in the right hands can give you the kind of freedom you've never imagined possible. Fully authorized digital identity or certificate in the hands of a third party you trust can be used to arbitrate your business and thus shield you from the more tiring elements of free capitalism such as direct mail marketing. Other elements of your identity, like all contact information, in the right hands can give you powerful roaming freedom, and in the wrong hands an endless nightmare of commercial bombardment.

    In the Real World, we leave this sort of trust to the government, the community and society that we are a part of. We have enough trust in our own community to allow them to do things like keeping an elaborate registry on everyone; where they live, where they work and how much they earn. Our identity can be verified at every door and most financial transactions. We have a common agreement that this information will not be abused, and a legal system to enforce it where violations may occur.

    Now, since the virtual world does not possess this kind of global authority, the need for verification and identification of an individual has driven us to temporary choices like ID numbers on processors. Quite laughable, actually, both the concept of associating a machine with a person and the worry of someone tracking these cyptic numbers over the Wild, Wild Web. Laughable, maybe, but hitting frighteningly close to home. A piece of our identity in the hands of someone we do not trust to treat us justly.

    This will continue to be an issue when we learn to flash the badge of our strong digital identify in the online world. Who will you really let know who you really are? What will they do with this information, where will it be stored?

    In God we trust, and God is dead. Now who will hold your number?


    --
    Jouni Mannonen
    3D Evangelist

  • Intel didn't listen to its customers, it listened to its public relations staff.

    You don't have to be a rocket scientist to realize that all the bad press from the id numbers fracas affected their sales at precisely the time when AMD was really beginning to make a run on Intel's market share.

    "Hmmmm, should I buy a slower processor from intel that can also help Big Brother track my every move on the Internet, or should I buy the faster, no-serial-number-having AMD Athlon?"

    Easy answer, and I'll bet Intel realized the same thing.

  • I belive that it was asked for. Dell did something similar on their PII 'business' machines; Add a interrogatable checksum to the mobo that could be used to validate a given hardware configuration. If the machine shipped with a Rage/128M/8G/PII-350, the checksum was set accordingly. You can reset the checksum with a password, and interrogate it in any number of ways. (BIOS, software over a network, dos debug) Unfortunatly, I've only ever seen it used to figure out which machines shipped with 128M and which ones Dell decided to short us on.
  • I think the point of them removing it was that... they got a little benefit from it (Web Outfitters, corporate inventory control), not much, not many people were writing apps that used it. OTOH, they got a lot of negative publicity. So they decided that the benefits weren't worth the negative side effects.

    If my above statements are accurate, it doesn't seem like they have any motive to keep an undocumented version... the potential PR backlash would be 10 times worse if it were found out.
    --

  • >The Intel boycott is still on.

    Does that mean that I have to give up my 486/DX 66?

    I suppose I could start running my Cyrix 200+ again (w/ 150MHz of FPU goodness).

    Where's some info on the Intel CPU crypto stuff that is mentioned here? Is that on Willamette? Merced^H^H^H^H^H^HItanium?
  • Did you know that your face is easily recognizable when you are walking down the "public" street, or even through the window of your own "private" home?
    Did you know that your car has a unique licence no?
    Did you know that your DNA or evven crude fingerprints are tracable to you?
    Did you know that you are levaving fingerprints and DNA traces everywhere you go?
    And even your "anonymous" snail mail might be traced to where it was posted.

    Let's all cover our faces, always use gloves, never use any product with serial no, communicate through secret spy style boxes. Then we might at last enjoy the privacy wich we have the right to...

  • Why not just give the option of disabling it in the BIOS? :-)


    Because that is accessible from software and therefore someone will eventually work out a way to turn it on thru some neat coding trick. Possibly without the users knowledge of that going on.

  • Three Letters: AMD. AMD chose not to go that path. AMD's share is up. I'm not saying they are related but, just in case ...
  • All of mine have at least one, so I make up for the others ;-)

    Actually, the more broadband access we see, the more network cards make their way into home machines. Cable Modem -> ethernet... external DSL modem -> ethernet. More and more of these all the time.

    Not most yet, but it'll get there eventually.
  • Well, except that some cards allow you to change your MAC address. You really only need MAC addresses to be unique on a particular network segment, rather than across the entire Internet. Of course, if you later rearrange your network and put two cards with the same MAC on the same segment, you'll have some interesting issues to track down...

  • Why not just give the option of disabling it in the BIOS? :-)

    Some BIOS' do support disabling it, and everyone else can use a utility each time they boot. There are two problems with this;

    Even if you disable it, some program you load may enable it later.

    Some web sites might start requiring that it is enabled so that they can use it as a form of verification.

    It's hard (?) to spoof, so the number can't be changed to whatever you want.

  • >I think it has to do with sarcasm.

    Yeah - that's what makes it funny

    I laughed pretty hard when I glanced over it the first time - figured I should say something, and point it out 8^)
  • It wouldn't suprise me. They do that I'll never buy another intel anything.
  • by shogun (657)
    Ahaha, this first poster is probably the slowest on the draw i've ever seen. A first first claim thats number #57?? comeon, you can do better than that.
  • The serial number was accessed through the CPUID instruction by sending it a particular parameter (eax=3). That instruction will exist still (as it has since the 486), but will be undefined for eax=3. So the instruction count will not be reduced. Intel HAS retired instructions before, some of the old, old 16 bit stuff.
  • alt.binaries.hot.grits.on.natalie.portman here I come!!!
    Yeeeeeeee-haaaaawwwwwwwwwwww!!
  • all my computers' nics have the same hwaddr as their IP address (private ip)


    --
  • iMac's come built in with ethernet. Most PC's except for the very low end come with ethernet. Most home users have networks when they have more than one PC, so these have ethernet cards also. I have about a dozen computers at home, and all but two or three have ethernet.
  • It is all economics. Intel is getting their buts kicked by AMD. They're desperate to reclaim sales, and this is one thing stopping sales. I know I wouldn't buy a p///.
    The linux community needs to face the fact that corporations decisions about what to support and what not to support are all based on economics. If we want to create our own software and our own world, that's fine, and we can do it without any help from wall street. But if we want commercial products, we are going to have to show companies that they can gain financially from investing time in linux.
    But then again, who wants crappy closed source bug ridden commercial software anyway!? I'm happy sticking to gnu software...

    ___________________________
    Michael Cardenas
    http://www.fiu.edu/~mcarde02
    http://www.deneba.com/linux
  • I know this is offtopic but hardware identifiers are old news here on slashdot. What I want to know is can I trust that my grits will be stirred adequately with the intel random number generator chip?
  • How will these get traced back to me?

    (1) The unique MAC address on their ethernet card.

    But this only identifies my card to other machines on the local network (on the same wire). Packets coming to me from the Internet just contain my IP address, which in my case is dynamic (although it doesn't seem to change day-to-day very often). Some cards allow you to change their MAC, if you're paranoid or running IPV6 (which is supposed to include the MAC in your IP address).

    (2) The serial number in their modem ROM (See the ATIx series of commands)

    Sorry, I don't have a modem so I can't comment. If you are dialed up, can the remote machine command your modem to return the serial number? I'm not familiar with the issue here.

    (3) The unique serial number embedded in their BIOS ROM.

    How, pray tell, are you going to get this from across the Internet? This is more-or-less equivalent to the PIII CPU ID - somehow software has to get this ID number off of your machine and send it out. As long as you run an OS that you trust not to do that, and there are no hidden hardware interfaces that can pass the ID directly from CPU or BIOS to the network card or modem, then you're safe even if you have a unique ID on your machine.

  • Maybe next quarter they will announce the same for Merced/Titanicium.
  • Wrong, wrong, wrong, wrong, wrong. The drivers themselves do it. Think about it. You need a driver to be able to query the card to find it's address.

    These may be true for some newer PC ethernet hardware, but most older hardware, as well as most of the higher-end computers, do indeed have the MAC addresses "burned" in. Just look for the EPROM chip on the card, and note the lack of a flash chip. I believe all but one of my ethernet cards has a burned in MAC address. Sure you can replace the EPROM, but that is very time-consuming.

  • I totally believed you were serious and sincere and then I got to the punchline "Stop anonymity now!" Classic!
    --
    Have Exchange users? Want to run Linux? Can't afford OpenMail?
  • Seems to me that the best way arround this is Security Through Obfuscation. I would rather not have an ISP telling Lord-knows-who how often I visit 2600 or stickdeath.com or whatever. The best way to frustrate them is to fill them with false information. Set up a script that uses my web browser to visit every bizzare porno site, every mp3 site, every religious site, every nazi site, every animal rights site, etc. Perhaps have it use the decripted blacklist from cphack and go right down the list. Perhaps at the rate of about one web page every 60 seconds.

    If all of us were to run something like this as a background task and/or while we sleep (think of it as a practical alternative to SETI-at-home), all ISP log demographics would quickly become useless.

    I wonder if anybody has already hacked together a script like this... perhaps to take advantage of those "we pay you to browse" ad-based services. If not, it might be a fun project for me to set up.

  • Why? They're really not used for much.

    Um, actually, the MAC is what finally filters an Ethernet packets to a specific machine. IP numbers are a handy way to be able to identify machines and all, and they do mean that TCP/IP and UDP != Ethernet, but once you start talking to another ethernet card over a wire, you need to find out what it's MAC is to address the packets.

    Granted, so long as the MAC is unique on the network, this isn't a problem. But spoofing as someone else you know is therefore a bad idea, since the behavior is undefined.

    The drivers themselves do it. Think about it. You need a driver to be able to query the card to find it's address.

    But if the card has it's address hardwired, wrapping that information with the driver will misreport it's MAC in IP->MAC queries and suchlike, and the card will then proceed to ignore packets directed at it. Like putting a "Hi, my name is Joe" sticker on Fred and expecting him to listen to people who call for Joe. Silly.

    Ushers will eat latecomers.

  • If anyone ever started using it for ecommerce or tracking users, how long until someone here came up with a spoofing program? About 30 minutes? IT'S DATA GOING ACROSS A NETWORK, SOFTWARE CAN CREATE THE PACKET WITH *ANY* NUMBER. For it to be viable for ecommerce, you would have to keep it as secret as your credit card number.

    The ideas of ecommerce and user tracking are incompatible. It's the same as tracking users through their supplied credit card numbers, and nobody's having a hissy fit that their credit cards have a unique number.

    I was actually looking forward to picking up the ID of anyone who visited my site and using it instead of my own. :-)

  • These may be true for some newer PC ethernet hardware, but most older hardware, as well as most of the higher-end computers, do indeed have the MAC addresses "burned" in. Just look for the EPROM chip on the card, and note the lack of a flash chip. I believe all but one of my ethernet cards has a burned in MAC address. Sure you can replace the EPROM, but that is very time-consuming.

    And how exactly do you get the MAC address from the card without a driver?
  • Wrong, wrong, wrong, wrong, wrong. The drivers themselves do it. Think about it. You need a driver to be able to query the card to find it's address. But if you tell the driver to instead return some other value instead of quering the card, how can you (or a user-space application) tell the difference? So ifconfig tells the driver to return the value you give it instead of the actual value. How do I know that this is the case? If you reboot, the address returns to it's former (permanent) value. You never touch the hardware.

    Yikes! I stand corrected, although this strikes me as a Bad Way of doing things. I admit that I wasn't speaking from linux experience here, but HP-UX, which actually polls the card for an address when requested. On some of their cards, it can be changed in hardware (and thus is entirely stable across reboots), and on the others can't be changed at all (showing that they don't set it in software).

    Hmmmm....
  • Of which Coppermine is NOT!
    Now whren did IBM hit the street [edtn.com] with a copper process? Hmm ... two years ago? What are they doing in Santa Clara?
  • "And how exactly do you get the MAC address from the card without a driver?"

    Easy! Pull it out of the computer, and read the sticky label on it. :-)

    Well, you asked...


  • Color me confused. You said:

    So ifconfig tells the driver to return the value you give it instead of the actual value. How do I know that this is the case? If you reboot, the address returns to it's former (permanent) value. You never touch the hardware.

    It sounds like you are agreeing with the previous post that the MAC is fixed by the card (essentially burned in) rather than being software-configurable. But you started off by disagreeing with that idea. Which is it?

    I don't care about the number that ifconfig prints out; I care about the MAC that other machines see on the wire from my ethernet card. The MAC on the wire can be changed, right?

  • Why not use MAC address for inventory tracking uniqueness like the rest of the world?
  • but once you start talking to another ethernet card over a wire, you need to find out what it's MAC is to address the packets.

    But not a concern if you've just got a local network hooked up to a DSL line.

    But if the card has it's address hardwired, wrapping that information with the driver will misreport it's MAC in IP->MAC queries and suchlike, and the card will then proceed to ignore packets directed at it. Like putting a "Hi, my name is Joe" sticker on Fred and expecting him to listen to people who call for Joe. Silly.

    I should think the drivers are smarter than that. It would be a very dubious functionality indeed otherwise. However, it's hard for me to know as I'm not on a large LAN.


  • Sun CPUs have ID numbers of the same type...no one went after them. Though, this is probably because most home users (yes, I know the 11 people that are the exception will all reply to this post!) don't use Sun hardware :)

    Also, Intel CPUs have had Processor IDs ever since they went to .25 micron. Yes, that means the Pentium MMX, and everything after it. They just didn't do anything with it until the PIII. So, if they really are ditching it, then the new CPUs will NOT be like the PII :)
  • It sounds like you are agreeing with the previous post that the MAC is fixed by the card (essentially burned in) rather than being software-configurable. But you started off by disagreeing with that idea. Which is it?

    OK, sorry about that (this post is getting out of hand!). The MAC address that the OEM puts on is there, and it stays there. I have no contention with that. HOWEVER... drivers on most OSes (hell I think Win98 can do it, so it can't be that hard) can change what the MAC address is reported to be. So, for all intents and purposes, the MAC address is configurable.

    I care about the MAC that other machines see on the wire from my ethernet card. The MAC on the wire can be changed, right?

    Yes. Otherwise there really wouldn't be much point in this at all, would there? :)
  • Why not just give the option of disabling it in the BIOS? :-) Because that is accessible from software and therefore someone will eventually work out a way to turn it on thru some neat coding trick. Possibly without the users knowledge of that going on. Can anybody say "Hardware jumper"? Also, this is akin to the whole "opt-out"-"opt-in" debate. It should be disabled by default (for all the people who don't know about it or are afraid to open their computer), and if someone needs/wants it, they can always just jumper it. "What a day - warm sun, beautiful women.... and the air is just right for drinking!"
  • Yeah, no more KNOWN IDs but now we will have to audit our CPUs to be sure they didnt hide it near that bill sux [infinit.net] circuit ;-)

    ---
  • Why are people so freaked about the CPU ID, yet not worried about: (1) The unique MAC address on their ethernet card. No need to worry about a MAC ID, they are about as uniqe as a first and last name. sure in some areas there might only be one, but the larger the area the more the chance of duplicates. I ordered 3 Nic form a company and two of them had the same MAC address!
  • when you have BeOS [be.com] instead? It sure costs a lot less...

    --
  • >(.sig)>Stop anonymity now! Stop anonymity now? Sounds cool! Where do I sign up? - Ekapshi.
  • I've never heard of any site making use of the processor ID. I use a K6-2, though. If the ID was never used at all, then the wired article is just PR crap.

    I think Intel just pulled a useless feature that nobody cared about and reduced costs (I blindly assume). They're just making themselves look good by claiming to bend to the peoples' desires.

    Does anyone know of anything these processor IDs were actually used for?


    ---
    Dammit, my mom is not a Karma whore!

  • The other thing is, why not just create two versions of the chip? For home users, we can get the version of the chip that does not have the serial number, and for those that want/need the serial number feature, they can create a version that has it.

    All they would need to do is burn some of the batches with identical serial numbers (all zeros or something) for the former market. Hell, they could probably charge the PHBs extra for the serial number feature in the latter market.
    /.

  • by Animats (122034) on Thursday April 27, 2000 @08:27AM (#1107293) Homepage
    The CPU serial number was a good idea, ruined by stupid marketing statements and unwarranted activist enthusiasm. Sun has had CPU serial numbers for over 15 years, and nobody is bothered by that.

    CPU serial numbers are useful mostly for networking, inventory control, and copy protection. If you've had to deal with dongles [rainbow.com], or FLEXLM [globetrotter.com], the License Manager from Hell, CPU serial numbers look like a big improvement. Dongles are notorious for having problems when you have more than one. They usually plug into the printer port (although USB dongles are appearing) and try, not too successfully, to be transparent. On my system, if the printer runs out of paper, the dongle can't respond to the license manager, and the licensed software stops running.

  • by Millennium (2451) on Thursday April 27, 2000 @09:01AM (#1107297) Homepage
    You're right. In the physical world, we do have these elaborate "registries" as you call them. But there's a difference between that and strong digital identity. With physical identity, we can always choose not to "flash the badge." With digital identity, you can't do that because you have no control whatsoever over what of your identity people see (you don't have much control in the physical world either, but you can still take precautions to completely hide your identity).

    Now, if this "identity" could be stored on my machine and only my machine, and I could at my own discretion choose to hide it or not, that would be one thing. Perhaps CPU ID's would make a starting point, though MAC addresses would be better (they're cross-platform). But that's not how it works now, and businesses will never allow that (since then they have no control, and in business it's all about who controls what).

    By the way, I notice people here saying MAC addresses are totally private. Not strictly true. Every Ethernet packet you send out is tagged with both your MAC and the MAC of the machine you're sending to; it's part of the Ethernet protocol. Now, these are both stripped out as soon as the packet passes through a non-Ethernet device (cable modem, DSL modem, T1, etc). But as long as there's only Ethernet between you and The Bad Guy (tm), he can still track that part of where you're going. Guess it's a Good Thing that the Net isn't Ethernet-only...
  • Since MAC addresses can be used instead, and since virtually all corporate PC's have them, this excuse is for a redundant id code. (This argument is weakened slightly by the fact that you might replace your network card, thereby changing the MAC address.)

    And, of course, it's use for tracking people remotely would require the "victim" to execute code to identify himself.

    No, the real use of such code would have to be for copy protection schemes. Mainframe users have long lived with programs that are installed with a key specific to a particular machine's CPU ID. Software I have installed on a Sun 10000 attempted to do the same thing -- but using a network adapter's MAC address -- but became terribly confused when I added a fifth or sixth adapter. The boneheaded scheme then disabled our *backup* software.

    A universal CPU ID would be a copy-protection/software licensing dream come true.
  • I've come late to the discussion, but it seems that there is a much more pragmatic explanation to the existence of a CPU ID register.

    I believe that Intel begin putting CPU IDs in when (literal) highway robbery of processors was running rampant. It was noted at the time that gram for gram these things were more valuable than gold and less contraband than cocaine. When a greymarket vendor starts selling Intel CPUs real cheap it really helps the constables to be able to track them back to a "vanished" shipment. Thus, Intel would have added serial numbers for the much more mundane purpose of protecting their own shipments. Dell has now begun shipping "stealh" boxes that don't say DELL all over them (translation: steal me, I'm a computer) for much the same reason that my daughter just received a non-descript shipment from "TRU" which contained a gift from a well know national toy vendor.

    As people have noted, the export of the CPU ID might make enterprise asset tracking easier, but I think the more parsimonious explanation fits better. Of course I could research the relevant history, but it's much more fun to pull it out of memory.

  • Pentium 166 was an overclocked Pentium 150

    Nonsense - the P150 was an underclocked P166. Just like the P166MMX and P200MMX was an underclocked P233MMX (which in turn was an underclocked P266MMX, which they never released because it would interfere with PII sales), just like the PII 300-400 was an underclocked 450, the Celeron 366 through 466s were underclocked 500's, etc etc etc.

    Saying the P166 was an overclocked P150 would be saying that all P166's wouldn't necessarily run at 166.666mhz - excluding defective chips, this was most certainly not the case.

  • At least the P3 serial number isn't backed up via a lithium battery that dies after five years causing your Sun to lose its ethernet address :)

    Then again, you could actually use a dremel tool to drill into the RTC chip to solder in wires for a new external battery - I'd hate to attempt this to anything in a slot1 cartridge.

  • The serial number of your hard drive. Very easy to get to. Not guaranteed unique, can be changed, but most are not.

    I hope you're not thinking of this:

    C:\>dir
    Volume in drive C has no label.
    Volume Serial Number is E0F1-8483

    Because that E0F1-8483 is just a fancy timestamp written by DOS's format command.

    I believe the stuff in /proc/ide/ide*/hd*/identify is actually hardware information and is AFAIK unique.

  • Tracking peoples affairs has been possible for a long time. Todays tecnology only makes it cheaper. Does it reallly matter so much wether I'm spied at by a camera or by my nosy neighbour (or by a guy in a black trench coat)?

    If we want privacy we need laws (aka rights). Too much "privacy intrusive" information has fully legit use. Or do you really believe in privacy through obscurity?

  • It can't cost that much to add a serial number to a chip.

    An iButton [ibutton.com], with no special features, so it's just a serial number chip, costs about $1 each in quantity. That probably indicates that it costs only a few cents to serial numberize a chip.

"Who cares if it doesn't do anything? It was made with our new Triple-Iso-Bifurcated-Krypton-Gate-MOS process ..."

Working...