Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Pentium III serial # soft-switchable 146

Juergen Kreileder was one of the many to write in about the Pentium III serial number. One of the authors over at Ct, Andreas Stiller, has succesfully written a piece of *software* that can switch the PIII's serial number on and off, not requiring the reboot that Intel formerly claimed it needed. This piece of news is interesting in that I think I've lost count of the number of times that Intel's privacy strategy has changed now. BTW, Intel has confirmed that this feat works. I just wonder when people are going to realize that tracking individual computers is not the right way to do things.
This discussion has been archived. No new comments can be posted.

Pentium III serial # soft-switchable

Comments Filter:
  • I think this whole thing is silly.. It's stupid to use this chip ID as a person ID.. People change processors and systems and everything else.. Even cookies are more reliable.

    I don't mind the ID being there, since it's a good way of verifying the intended clockspeed of the chip (since you can't alter the chip ID, it will prevent resellers from putting out overclocked chips.. (A side note -- I think Intel's clockspeed locking strategy is dumb, but hey...) OEMs could add in a simple routine to any testing they do to check the chip ID, verify it with a database that Intel has.. (of course, many OEMs don't test their machines any more..)

    Oh well, I guess I'm just weird (since everyone else seems to think it's a bad idea -- I just think it's media hype..)
  • If a few web sites start asking users to switch it on and run software that uses it, you'll be left with two choices. Be identified or not.

    Of course, the issue here is that we now see that the serial number can be turned on and off at will, and by extension without the user's knowledge. This makes the option of turning it off meaningless.

    Previously you still had the option of not running an OS, software, etc that doesn't access the feature. You the consumer still have the freedom to decide.

    Not while Microsoft has an effective monopoly on the desktop.

    Lets say if you were buy or download Quake3 shareware version at the store or off the internet. If you like this game, they could send you a set of binaries customized around your id#.

    That's fine, but there is no evidence that any company that sells such software would make any provision for handling situations such as machine upgrades or selling the software to somebody else. Historically, with dongle-based software copy protection, it's been very hard to get companies to address issues such as destroyed dongles.

    Microsoft has shown every evidence of trying to tie their software to a particular desktop, and charging for the priviledge of moving the software to a different machine. (In fact, the current Microsoft EULA says that you cannot transfer the software to a different computer - you have to purchase another copy. This is a provision that I think many people find unfair. A CPU PSN provides a method to police this, thus immortalizing the unfairness.)

    The bottom line is this: Intel has put this feature in with little or no indication as to what the advantage is to the consumer. All the benefits appear to be on the side of corporations who want to sell things to or otherwise track the consumer. Do you have any compelling reason why a CPU PSN is an advantage to the consumer?

  • You do have a choice. Granted MS is a monopoly, but that does not mean that you personally have to run their crap. It just means that MS has the ability to push things over on OEMs and the like, it is not the same thing as having a gun pointed at your head.

    Well, I personally may have a choice, but the unwashed masses do not. That's what "effective monopoly" means. Linux is just beginning to enter their radar, and both you and I know it's not ready for prime time.

    In the mean time, it might open up internet software distribution to more companies. Bringing new software titles with the improved security. That is a benefit to the consumer.

    "Might"?? That's awful slim pickings, given all the disadvantages being discussed.

    Quit your damn whining, get a job, and stop getting caught up in the /. propaganda.

    You, sir, are a moron. I'm in the 40+ category of the latest Slashdot poll, and I've been gainfully employed in the computer business for 20+ of those years. Being concerned about privacy issues is not onlyt the arena of people in college. You've let your mental stereotype blind you.

    {copy emailed - I wouldn't want you to miss it.}

  • Yeah, and sign your CPU so that it is BillG's cpu!
  • I read enough people saying "This is not new, everyone can track you using your MAC address".

    1/ Not everyone is using an ethernet card
    2/ I can change the MAC address on mine

    Now try to run a computer without a CPU, or try to change the P3 serial ID ...

    The P3 PSN _IS_ an issue unless you are successful with one (or both) of theese solutions.
  • Yup. Multi-processor machines require multiple licenses for some software, such as some database packages.
  • I don't understand what use they will have for these numbers. The ones I read here is

    1. e-commerse
    There would still be ordinary software sending the number wouldn't it? Then it can easily be faked and would be useless for reliably identifying someone.

    2. Prevent illegal copying.
    Most protected software gets cracked within days of release. Why not programs using this number?

    So, what is the real difference between this and intel sending pIII buyers a paper with a number and the text "Please read this nuber to anyone who asks for it"?
  • Pentium III serial # soft-programmable would be interesting. :->

    Regards, Ralph.
  • I agree, anyone who uses a celphone, two way pager, etc should not complain about the P-III.

    In a way, it does have some benefits.

    But for thoes of you who do not want to be tracked, you might have to build your own hardware and software from the ground up. The way technology is going, there will be no way to buy products without a unique serial number. Its only time.

    Resistance is futile.
    You will be assimalated.

    Yours truly
    6 of 9... :-)

    Mike of Borg

  • by haides ( 3733 )
    People have been tracking computers for decades.
    Try typing 'hostid' on your unix/linux machines.

    Started long long long ago.. will never go away..
    Big Brother has always been watching.....
  • At work we use Intel, mainly because that is what was supplied with the box.

    At home I use (and have uses since the 486) AMD because I could do so.

    I have upgraded my CPU several times and if they had all had these serial numbers then I would have been stuffed because none of my software would have worked after the CPU change.

    Intel can go take a long walk of a short pier as far as I am concerned. AMD does the same job for half the cost. And they don't try nasty little things like this.
  • First, I'll agree with you that some folks here rebel for the sake of rebellion. Perhaps this is immaturity, and perhaps not.

    Unfortunately, it does not logically follow (as you implied) that rebellion against the idea of CPU ID's is wrong-headed.

    You're making two separate points, and your allegory linking the two contains a logical fallacy.

    As a representative of an age group outside the two you've damned (as well as someone who considers himself rational and mature enough to have an opinion on the matter), I find Intel's action deeply disturbing. Processor serial numbers are too easily abused, and one of the truly valuable aspects of the 'net is anonymity. Interestingly, I see you making free use of its virtues in your own post.

    Additionally, as another person here (or was it you?) pointed out, corporations are not motivated by what's good for consumers. Rather, they are motivated by the bottom line. This fact makes occasional consumer rebellion a good thing, IMHO.

    My own concerns regarding PSN's run along the lines of out-of-control commercial (and possibly governmental data-gathering), the silencing of opinions for fear of retribution, and the enabling of unfair and one-sided licensing arrangements for software. Further, this particular system is wholly flawed, leaving doors open for fraud and abuse.

    I don't believe it takes a genius to recognize the potential problems with the "feature" we're discussing here. The possible impact on consumer privacy (especially given the current sorry state of privacy in general) is quite serious. I fail to see, therefore, how not expressing concern over them is "doing the right thing".

    (Remove "x"'s from

  • Ok Thomas. Pop quiz. I buy 4 P3 boxes with CPUIDs. I have 6 people at my house (including myself) who may be using any one of these boxes at any given time. That is not counting friends who may come over to use a PC.

    Or, in a more normal case, 1 household PC, 4.3 average ppl/household. At least 2 are adults and may or may not have credit cards/do online shopping.

    How can the CPUID be used to make eCommerce more secure in a world where you cannot track an individual user by their CPU?

  • It's not a question of what they will do WITH it, it's what WON'T they do without it. Remember the days of, "This site is best viewed with Internet Explorer"? How about going to a site and receiving, "This site cannot be accessed without an Intel Pentium 3 CPU-ID." That would ruin the day for those of us who run non-Intel based machines.

    Or, as has been mentioned before, software locked to a single CPUID. That would make life quite difficult. What happens with an SMP box? What happens when I upgrade my CPU?

    The question I pose to you is what benefit may be derived from utilizing a CPUID? Please feel free to email me if you wish to discuss this at greater length.

  • Maybe it's a processor reset via the keyboard controller. AFAIK some MSDOS memory manager used this trick to leave the protected mode on 286s again since Intel forgot(!) to implement a proper CPU instruction.

    The CPU-ID would then probably be active until the BIOS turns it off again at the next reboot.
  • With your basic Java applet, you can't accomplish it unless there is a bug in the JVM or someone discovers a hole in the security model.

    However, you can write a trusted Java applet that has full reign just like a regular program, so it CAN be done with a Java applet in combination with native code.

    Whether someone may acutally get your PIII ID may or may not be a big deal, it's things like this that lead toward a slippery slope of things to come. What's the next 'minor' invasion of privacy that we'll 'accept' because it's no big deal? I can just see it now: A leagally purchased program records the PIII ID and checks the ID every time it is run. But due to oversight on the programmer's part I upgrade my chip to a faster version and, whoops, the program won't run because it thinks it's on another machine. ...and this is a simple example.
  • Wouldn't a changeable serial number eliminate all the benefits Intel is claiming the number will provide? Processors would no be longer uniqe. They could be cloned at will.
  • Next up..... Serial Number Spoofing !
  • Oh, grow up. Stop whining about the trivialities of life, and get some work done. As has been said before, this tracking thing has been done before, you just never realized it.

    Oh, grow up. Stop whining about your life, and get back to work. As has been said before, this freedom thing has been compromised and eroded before, you just never realized it.
  • When are people going to realize that you can write an applet that will do the same thing from a website and defeat TURNING IT OFF.
  • ...Because if not, I know whom I'm buying my
    next processor from...

  • by styxlord ( 9897 )
    So ... I go to a web site and it remembers my details by checking my ID number and I don't have to remember a 100 passwords. Unless you're in the black market for processors why would you care that your machine has a unique ID ? Scared you can be banned from IRC by processor ID ? Terrified that software manufacturers may use it with online registration ! (Note to self, this gives me an idea). Worried that hackers won't be able to spoof it about 3ns after the PII is released.

    Big Deal.
  • Whats going to stop someone from turning it on?

    I am quite sure that would be the latest trick for the virus boys or if someone could find a way to do over the web (activex?)

  • who's to say that someone won't be able to come up with some interactive web applet or something that can turn the thing back on?

  • It happens all the time. People who have a few years in seniority, have been at their jobs for a while, and who have sunken into a repugnant form of complacency, sit back and claim that there's nothing wrong with any commercial interest posing an even GREATER threat to personal privacy.

    Younger people sometimes lack perspective, but the ones who are intent on making something of themselves have a level of energy and curiosity, and the intelligence to question stuff that's thrown in their face.

    If it's necessary to brand ANYONE as sheep, give credit where credit is due...how about the corporations who lap up what ever Intel and M$ dish out.
  • Assume the standard almighty front page driving moron designing ASPs, CFMs or other crap without understanding it. And assume that the web authoring tools have told the moron (or even skipped telling him/her) to have this crap requirement in the page.

    In other words, you are underestimating the power of human stupidity. Take a look around and ask yourself: "What is that percentage of US web sites that are designed to be viewed only with Winhose?"

  • You forget one major moment:
    How often have you met a windows user that thinks that there is nothing else but windows. How often have you met a XX-OS user that thinks that there is nothing, but his XX-OS.

  • First off, a CPU with a built in id# is not in and of itself a way to track you. You need to run software which utilizes this. If you run linux and what not I hardly imagine this is going to be an issue for you.

    Secondly, the fact that it is turned off by default makes no difference. If a few web sites start asking users to switch it on and run software that uses it, you'll be left with two choices. Be identified or not. The effect is still the same. Previously you still had the option of not running an OS, software, etc that doesn't access the feature. You the consumer still have the freedom to decide. I can see some concerns with the abuse of tracking and what not. But this is still a free country. If you don't like the PIII feature, buy AMD. If enough of you care, there will be a market for non-marked chips.

    Thirdly, there are some COMMERCIAL applications (God forbid saying this on /.) for this. Time will tell if this feature is worthwhile. While I have little sympathy for the likes of MS, piracy is an issue for smaller software companies. If this can allow say internet enabled software, so be it. Lets say if you were buy or download Quake3 shareware version at the store or off the internet. If you like this game, they could send you a set of binaries customized around your id#. Now I'm sure someone will find a way to defeat it, but that is not the point. Intel has every right to make this chip, most consumers probably do not mind. The privacy advocates who protest this chip have not made a rational and strong argument, they've been operating on fear of big brother and the like.
  • At least if a reboot was required, you'd know that it's been turned on or off. This way, what's to prevent a software product to just toggle it without the users knowledge?

    I know, I know, there's bound to be a freebie utility to monitor it's state, and keep it off, but still..
  • I'm pretty certain that AMD has publicly stated that they will not pull this kind of crap.
  • No kidding! IMHO, The number one thing that put Microsoft on top is piracy. If people COULDN'T pirate Windows and Office, do you really think they'd drop so much money on it? Office in particular would never have become the de facto standard for business communications without rampant pirating.

    Personally, I always felt terrible pirating software. I know lots of people who feel the same. That's why I made the Free Software switch: Now I can have all the latest cool stuff for free without being a loser pirate. I wouldn't be able to afford something as cool as Linux, Enlightenment, and GIMP if they were commercial products!
  • This is the best way to work (switchable).
    If you want privacy, good, dont use it.
    If you want to use M$/commercial products, you wont have privacy.
    (unless only the installation requires the ID)

    Better yet,
    These pirates (and there are many of them) will be screwed.
    (I dont understand why people use windows at all, but I REALLY CANT IMAGINE people paying for it)
  • Finally a bit of intelligence is added to the debate! In addition to NICs and cellphones, what about hard drives, some motherboards and even a few display adaptors? Lots of things have serial numbers, most of which people don't even know about.

    Besides, it's up to the software to send this ID. If Intel provides an ID and no-one bothers to write software that makes use of it, the whole issue is moot.

    On the other hand, I doubt it will be very difficult for someone to write software that sends whatever ID you tell it to. With Netscape now open source, it'll only take one hacker to add code that will do either of these.
  • maybe someone should have taught you critical analysis in your rise to wisdom. before you go name-calling, why don't you stop and consider the fact that maybe, just MAYBE, intel does not have your best interests in mind here.

    my two cents

  • i can dithc my cell phone and beeper, and i can change the MAC address of my ethernet card.
  • Forget the current trial and the other antitrust lawsuits, this will sink MS for good.

  • This will lead to subcutaneaous (sp?) serialized tracking implants.

    Ok, maybe not, but every time you give up a little of your privacy, you make it easier for the next guy to ask you to give up more.
  • Yeh, and if we all quit watching subtile events such as this we may find ourselves in the pages of 1984 by Orwell. Fool.
  • Well, who needs them anyway? Scary thought is imho that I BET that even if it could be turned off for good, how long do you think it would be required by commercial software (windows) to use the serial for copy protection? Customer is in a lose-lose situation. This feature never should have been inmplemented in the first place.
  • Yes, I know they probably won't remove it.. They know that after a while, nobody will care anymore anyway. They managed to calm down the first wave of protest, and silently continue their crap.
    Let's just hope AMD won't jump on this bandwagon.
  • Since MS Windows runs on 90% or so of the PCs, you can bet that once Windows2001 or whatever won't work on AMD chips because they lack the serial number thing, it'll hurt AMD a heck of a lot more than Microsoft. So, while I do not know anything about them actually announcing to change the EULA, I seriously doubt there would be much that could stop them.
  • Okay, so if you don't care about your privacy, your civil and human rights, why don't you all just move to china, iraq, iran, or one of the other places on the earth just like those?

    Just don't come crying to us then when you get gunned down because you don't agree with the party line.

    If you allow them to start to take away too much of your freedom, you will eventually have to fight to regain it, and it'll be a very tough uphill battle.

    I am not advocating "total freedom", I don't like anarchy at all, but I certainly like not having to worry about getting caught by the secret police because I've been hanging out on that subversive /. message board again :-)
  • The difference is, how many people have sun or sgi at home? Not many I hear you say? Damn right. How many people have ethernet cards? More, but most "ordinary people" don't have them. And last but not least, while ethernet cards etc are numbered, the idea is not to track and identify people. intel though has said the idea behind their serial is just that. And since the whole serial# idea is nonsense anyway, I think everybody would be better off without them.
  • Meept is either insane, or pretending to be. If you don't understand its posts, be glad. And that's all the explanation you're gonna get.
  • The difference, IMHO, is that this can bring digital [node] identification into the mainstream. Sure, SGIs, Suns, NICs, etc. all numbered, but how many advertisers/data miners/consumer-level programs (read: Windows apps) have made use of those? If the PIII does catch on, it stands to change the rules of the game.

    I really wonder what AMD et. al. are going to do. It could go one way ("we don't make insecure CPUs") or the other ("AMD: Because We're Not Your Big Brother(tm)"). It could be a big opportunity, esp. with the PIII's unimpressive performance specs.

    More importantly, it would mean no major software vendor (hint: Redmond) could explicitly require a CPUID for their products to run, without (quoting some poster above) alienating a large portion of the market. As long as we have the choice, ah?
  • why am i getting the feeling this is just another chance to roll a few punches to MS ? they arent the only ones who wanted this feature ya know. As a part time programmer, i could see how they would want it, and also as a consumer, i can see how it would be a huge pain in the a$$. and even if intel does make it user controllable, that just destroys and practical reason for it to even be there, so you know that wont happen. also, if they put it in and people write software to use it like they plan(ed), then that means amd and cyrix are effectively destroyed as competitors, and we all know uncle sam wont let that happen. I think the only way this would, or SHOULD come to be, is for identification purposes of the cpu, for warranty protection or something like that... oh, another swing of the door would be that if they put them in the cpu's, it would effectively destroy intel if people decide amd etc. have better products, and that would take any software locked to intel cpu serials out as well. business make stupid decisions, but i dont think they're gonna be this stupid. well, maybe not.


  • my apologies, i wasnt aiming for this exact spot in the reply tree. sorry.


  • Yep, the original game "castles" used a similar method. They code a formula into the program. Then the program comes up with a random number. You call the company which has the formula on file, then gives a response number. If the response number doesn't match the number the formula thinks you should get, it doesn't work. In some cases, it's a CMOS checksum, or it could be keyed to some other values in the machine, perhaps a BIOS revision, or the seed number for the original number the program comes from a combination of other values in the BIOS that can be captured.

    Now, on the problem here, Microsoft has been makeing a huge ammount of money from Intel's chip sales for a long time now. Because of this, I wonder if Intel made a deal with Microsoft on this issue. Perhaps Intel, not being able to shut AMD out by themselves, has figured out a way to get MICROSOFT to shut down AMD and other Intel competitors? This sounds like something both companies are known for. Anti-competitive behavior. First, Intel tries to kill AMD by going to Slot 1. It didn't work, AMD came up with chips that did so much more with socket 7 that AMD managed to gain market share. Now AMD is about to release the K7 in another few months. Intel is scared, so had to figure out another strategy to shut down AMD. They talk to Microsoft, and get CPU serial numbers that can be read by software. I wonder if the DOJ has enough of a clue to figure out that this happened?
  • The glorious meept for whom the speed of light in a vacuum would slowly change since the begining of the universe (but not be noticed) would like to point out to his sleeping past midday student friends the following:

    [cut to a Buddhist temple]

    Buddhist monk: Oum mane padme om

    George Lucas:mmm "padme" I like it. You don't mind if I borrow that word do you?

    Buddhist monk: [something something] Jedi [something]

    George Lucas:mmm "Jedi" I like it. You don't mind if I borrow that word do you?

    Buddhist monk: Fuck sake. Do you want to borrow the philosophies of our culture and some of our myths and legends as well?

    George Lucas:What do you call the force which you believe permeates everything?

    Buddhist monk: the force? Wha...

    George Lucas:Hang on, let me write that down t-h-e- f-o-r-c-e

    Buddhist monk: Ah fuck off.

  • surely someone (not me) could write an interception that would return a user-assignable id number when queried, right?
  • Good points. The processor ID can only be used for online identification by going through software. As soon as some web site starts requiring them for access, somebody will write a patch to Mozilla that will spew out any random number you care to enter.

    Intel's brain-damaged comments about this increasing security for online commerce are just hot air. The web site is only going to hear what your browser tells it. Worse, there's no way of changing a compromised serial number, so that "honest" consumers are screwed if that's the basis of authentication.

    The only effective use would appear to be software licensing, which I don't oppose quite as much.
    (And tracking stolen chips, which Intel has said they aren't going to do....)
  • As long as Intel does not sell the lists or anything, I'm fine with it. If you use a credit card for illigal purposes, you should be tracked and same with a computer.

    Funny that this should be posted by an Anonymous Coward...

  • Absolutely. I don't know the semantics of the
    instructions for PID, but if a user-space
    (ring 3/VM) instruction is used, then presumably
    the ID number is being returned in a register.
    (Well, maybe not - could be hard coded 'special register' I suppose) but the copy-protected
    program has got to issue getpid (equivalent) and
    then perform some kind of register to register compare.
    A multitasking OS is constantly interrupting
    the stream of instructions to do something
    else (that's how 387 emulation is done)
    so the instruction is issued, a user ISV is
    called, clobbers the register with a new fake
    number, and back to the program with the program none the wiser.
    That would be good in the end, because it would
    be a single point of failure for copy-protection.
    No copying numbers off of other people, no losing
    the number...just use one number on every machine.

    Easy to use piracy. Easy to use identity spoofing!

    I get the sense that Intel is going to 'rue the day' with the P3.

  • Instead of just turning the serial numbers off, it would probably be better to undermine their attempts to track CPU's by writing a piece of software that produces a different random serial numbers each time it is requested.

    Would this be possible?

  • Well look at it this way. If you don't pay cash for all of this computer equipment then there is a paper trail a mile long that anyone (with enough time) can track you. This ID code will just make it easier.
  • If AMD doesn't put serials on their chips, it'll make me all the more liklier to switch to them hardcore.
  • "Tell all of those people who ask you for computer advice to not buy it. "

    And if I'm anything like an average /. reader, that's quite a few people. If I say "Intel is garbage, go AMD," my non-techie friends listen. *grin*

  • People,
    I just don't see what the big deal is. I mean, you naturally don't want everything you do tracked and logged, however, If people REALLY wanted to monitor you, they can track you by MAC address. The only /real/ problem I see here is that because each chip is unique, the price will reflect that.

"An open mind has but one disadvantage: it collects dirt." -- a saying at RPI