Slashdot Mirror
MIT Tracking Campus Net Connections Since 1999
An anonymous reader writes "MIT has been monitoring student internet connections for the past decade without telling them. There is no official policy and no student input." The Tech article says, though, that the record keeping is fairly limited in its scope (connection information is collected, but not the data transferred) and duration (three days, for on-campus connections).
I am curious as to what exactly was setup. It honestly sounds like they setup ntop, which is something I have some what mixed feelings about, but can be amazingly useful for tracking network health and etc.
At our university, the lawyers would have a fit if we weren't.
I'd be very surprised to find a college or ISP that didn't monitor their network in this fashion. Looks like maybe they are keeping DHCP, transparent proxy, and network statistics. Plus they are doing intrusion detection and looking for malicious activity. The good news is that they are not keeping these records long term, but only for a reasonable amount of time. If they are having a problem or suspicious activity then they probably keep it longer. Face it, your internet activities are NOT anonymous no matter how much you'd like it pretend that it is.
I can see the argument that you could in theory back out the web surfing history of a particular mac address.
These are things any self-respecting network should be doing. The issue here is students not realizing that some monitoring and logging is done. I'm willing to bet that consent to monitoring is referenced in an agreement that the students signed, but that the details of the monitoring are not spelled out.
At my work, users sign agreements on acceptable use and consent to monitoring. I only dig into the logs if there is a problem, the IDS flagged something, or an accusation is made. Sometimes the logs prove innocence, btw.
Part of the problem with this sort of thing is, with no policy, where do reasonable expectations of privacy for using someone's pipe they've offered you access to begin and end? In general, with no privacy policy, there is no expectation of privacy, unfortunately.
i just wanted to monitor where you are going and what you are doing. dont worry i delete it after three days. i promise .... ive been doin it for ten years, didnt think you would mind, thats why i didnt ask you. im sorry if you feel 'invadded', clearly its some emotional problem on your part, hysteria or perhaps paranoia. id suggest some anti psychotics.
This doesn't surprise me at all, I don't exactly like it but under stand it. The positive side of this is they are being reasonable on how long they keep the logs. Though if they collect this information the student should made aware of, not just buried in the contract they signed.
or the feds snooping, i am really frankly surprised
you actually want to depend upon the federal government for your security?
you want to depend upon some school, some cable company, some phone company not to snoop on you?
whenever i'm encountered by this strange slashdot groupthink, i really have only one thing to offer: if you put it on a wire, if its outside your control, then the security or privacy of whatever you are doing is nothing you should count on
the outrage seems artifical, contrived, illogical, exasperating
if you want security, if you want privacy DON'T PUT IT ON A WIRE OUTSIDE YOUR CONTROL
beginning and ending of discussion
as if you actually want ot TRUST some other entity to do your security work for you?
hey, how about this: YOU are responsible for your security
you, and you alone
is my pov really that strange?
it seems odd anyone should consider it any other way
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
IT Professionals, working for major Universities, monitor network traffic?
No. Fucking. Way.
I mean, really, while it's wrong that they store the data without telling the users, and while users should have better expectations of privacy, you have to look at this in context. They are only storing the data for 3 days, and it's only the connection details rather than the content. And the context that this is in, on Slashdot, is that a few articles down the FBI and the state of california are going to take and warehouse DNA from people that have not been convicted of a crime. I'm not saying this is inconsequential, but considering what's going on in the world in general, from state bodies, what MIT is doing should probably rank fairly far down the list of things to worry about.
Help me out with this?
Seriously, they keep the records for 3 days for most traffic and 30 days for anomolous traffic which might indicate a threat to the network. Most networks I have seen keep data for far longer just because nobody ever bothers to clean out the logs.
The fact that they have a policy for cleaning the logs puts them streets ahead of the most network admins and yet they are being portrayed as the bad guys here.
Storm in a teacup if I have ever seen one.
Slashdot: Proof that a million monkeys at a million typewriters can create a masterpiece
...when you are going to finsh that fucking movie.
The Tech article says, though, that the reco[...]
Look, timothy, little tip that'll make your job easier: Effectively zero Slashdotters read past the reminder that somebody can see them sometime, somewhere. They were all too busy alternating between sputtering gibberish, screaming in panic, and folding new layers on their tinfoil hats at that point.
Next time, you can save yourself a lot of writing trouble by just linking to The Tech with the text "people bigger than you fnord can see you fnord fnord fnord", and the effect will be the same.
As a network admin I can't tell you how useful it is to have at least a little data about where something might have come from in the event of a problem arising. Three days worth of data is hardly something to get in a twit about, and honestly the specifics of the data probably isn't even looked at that much.
The musings of just another geek and his junk.
whenever i'm encountered by this strange slashdot groupthink
I wouldn't say it's all that strange, but we find snooping practices to be extremely abhorrent because they almost directly imply an assumption of guilt. Furthermore, ISP logs have frequently been used as a tool for the MAFIAA Lawyers to nail people up on the wall for enough "protection money" to satisfy their business model.
Lastly, years' duration of log-keeping rarely actually benefits the ISP or company in question. It is kinda funny that you posted this in a thread about 3 days worth of logging.
Boot Windows, Linux, and ESX over the network for free.
I Hope They Favoritize P2p
Interesting How The Feds Pursue
1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.
tee hee
$META_SIG_JOKE
is something that impinges on my freedom. in the form of assholes driving around implements of death on my streets.
This is Quentin Smith reporting live from the Massachusetts Institute of Technology. News agencies are reporting that MIT has been keeping records of network activity. It's a practice called "logging" by hackers, crackers, and other computer deviants. Using nefarious software techniques, "loggers" can identify and disrupt innocent users' botnets.
Individuals with limited knowledge of computers like MIT students are particularly susceptible to these types of attacks. To combat these "loggers," experts suggest disabling firewalls and updating account information if you receive an email from your bank.
In other words you are afraid of people with guns. I once got punched in the face, standing at a bus stop. It was terrifying. And yet I don't go around asking that all fists be taken off the streets.
The world we live in is a dangerous place. I could have just as easily been stabbed, or pushed in front of a train. The sooner you learn to deal with the inherent dangerousness of life, the happier you will be.
Qxe4
And fascists don't come out of the 'right-wing-small-government-yokel-in-the-woods' fray. It requires a Socialist leader (Hitler, Mussolini) to create a fascist state: You have to tie industry and finance to the government under the guise of rescuing or improving the plight of the working class. Hey, wait a minute!-
!#&*
...is just enough time to figure out:
a) where the bomb threat came from.
b) which building the suicidal student needs to get talked down from.
c) who impersonated the professor to cancel an assignment.
d) how a lab router ended up sniffing for passwords.
All of these things happened while I was in campus IT, but I never heard about an RIAA/MPAA complaint about something that happened less than two weeks prior, so this really doesn't look like undue outside influence to invade student privacy. It's just responsible network management.
There's no failure quite as dissatisfying as a complete and total solution to the wrong problem.
But any student with an ounce of common sense OR technical knowledge would have assumed they were. I'm surprised their data retention is as limited as it is. Not every single action needs to be spelled out in a contract with the student. The simple fact that the campus OWNS the networks gives them automatically all sorts of rights.
lol yes, plutonium, Jefferson would have approved. Basically what it boils down to is society wants guns, at least enough members of society want them, and the rest are willing to tolerate it, so we have them. And if enough of society wanted plutonium, we would have that too. And I would be unhappy, but I would deal with it.
You really only have two choices: either deal with it, or change people's minds so they are against it, just as they are against plutonium. Whining and complaining that it is your 'right' is just annoying. Find a way to change people's minds, or deal with it. But don't be afraid either way.
Qxe4
Driving is a privilege, remember? The state revokes licenses for all sorts of reasons, and expects people to continue living civilly. And while vehicle ownership is a new phenomenon, there has never been a civilization that wasn't maintained by armed men.
how the fuck is this news? this is extremely basic monitoring for simple diagnostics and troubleshooting.
Snowden and Manning are heroes.
I would venture to guess that they do have logs and snort running somewhere like all other universities of this size.
More to the point, if I were in a position to obtain a stash of plutonium, I don't think I'd be very concerned with whatever plutonium-control laws the rest of society might see fit to pass.
I would be no more interested in plutonium-control laws, than criminals are interested in gun-control laws.
First, I'd like to thank the GP for pointing out your hypocrisy. Second, I'd like to point out that "assault weapon" is either redundant or nonexistent. Stop using that made-up scare term.
"Yokels" like me who live in the western USA and "cling to guns and religion" are a very, very poor target for anyone hoping to "rise to power". Farmers are independent people. No Marxists, Muslims or any other -its or -isms come here make speeches. They'd be wasting their time. There's a reason people like Lenin stump in the cities.
As for your statement that guns do not protect democracy (I think you meant a republic), I think you ought to take a look at our very own Revolutionary War. Do you think the Continental Army would ever have been able to defeat a world-class army if nearly every able-bodied male didn't have a gun and know how to use it? You say I'm confusing the arena of a civil setting with outright war. In order to protect freedom, one must be able to stage an outright war (see American Revolution again).
I appreciate most of your posts and often mod you up, but you most definitely have a logical disconnect regarding self defense.
The government can't save you.
why does that translate in your mind into every asshole on the street?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
So, what's your solution then? A gun prohibition? I suspect that will work about as well as Alcohol Prohibition or the "War on Drugs", which is to say not at all.
The current arrangement in no way perfect. But there's no way to prove that a divisive campaign to rid the public of its arms wouldn't be worse. And even IF there are less bodies in the end, at some point one needs to consider how the people live rather than how many die. Being servants of the state or victims of the largest, meanest group aren't exactly desirable outcomes. And what about the will of the people? If the majority of voters see a place for firearms in private hands, why should they be denied that in a Democratic country? Because you know better? For their own good? Such is the mindset of an oligarch, an authoritarian.
-Grym
as if hamilton or madison didn't know what they were inviting?
as if hamilton or madison expected protection from the crown?
you say that my attitude is akin to the attitude of kind george the third goons. no, rather my attitude is to say that king george has goons that don't respect you, and never will, and you should know that. when you criticize me for this, you're simply shooting the messenger
do you think the answer is to hold the goons to some sort of expectation of behavior?
the american revolution would have been unnecessary if king george's goons were nice and behaved? pfffffffft
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Comment removed based on user account deletion
... don't they? They can do whatever the hell they want with their network, including monitoring, shaping, filtering, or whatever. If students are that worried about privacy, they can get their own private connections.
Perhaps its that many slashdotters appreciate others with intelligence that know what they are doing?
I realize this is beyond your comprehension, which is why I'm enlightening you.
Just because you don't understand it or the logic in it doesn't mean its a fairy tale.
I presume you're all bitchy because you think logging is bad. I feel I should warn you that every website, every mail server, every thing you do on the Internet is logged along the way unless they specifically go out of their way to disable logging. We computer geeks like to be able to figure out what the hell is going on in our little domain so we have a tendency to log EVERYTHING that happens, and do so by default. We don't do it so we can figure out what porn your looking at, we already know better sites than you do. We don't do it because we want to read your email, we invented it so we WOULDN'T HAVE TO talk to you. We don't do it because we want to report you to OMGBADGOVERMENTEVIL.
We do it because when your retarded ass comes up to us and tells us that your computer just stopped working and you 'didn't do anything' that we can figure out what you DID do without trying to pry it out of your clueless thick skull and save ourselves hours of digging through shit where we DO have to see your sheep porn websites and pedophile emails.
We write the software so it logs be default because we've dealt with too many clueless fucking idiots like yourself and we're tired of your ignorance wasting our time.
Had you not be so paranoid about your privacy and been a little more up front with us to begin with we would have not only NOT given a fuck, we would have been able to solve the problem long before we got into the habit of logging every god damn detail to figure out what the fuck you screwed up and aren't telling us.
Okay, so thats not the only reason there is so much logging, hell its not even a secondary reason for most developers. It is however, the most fitting for idiots like you.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
if it were legal
which is my whole fucking point
who's the retard?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Way to fail at reading comprehension. I said nothing about logging. In fact, I have probably done more work in involving it (in law enforcement and several aerospace companies) than you can imagine. You have no need to question my technical ability. No, I was pointing out that because this had to do with MIT it made the front page. Anytime anyone at MIT so much as farts it makes the front page of Slashdot; its downright silly. But thanks for writing a huge comment about an assumption that you made, it was entertaining.
Instead of the stupid car analogies, I would look at your wireless bill. I can get a detailed rundown on every number I called or that called me and a duration of the call. The phone company isn't tapping my phone and monitoring my calls, but they *are* keeping track of the connection data. This covers their ass as well as mine...just as it does for the university
Bottles.
I think the issue here is that there is no clear policy. I don't know what my school has for a policy but I bet it is written out somewhere that "The university will maintain access logs consisting of XX, YY, and ZZ persisting for ##days". I am sure my wireless company has the same thing. MIT is just doing what is reasonable but since they do not have a formal policy, people are worried that they might change their minds and take it further.
Bottles.
if you have to meet someone shady behind an alley to get [x] versus walking into your average walmart to get [x], it might be that one world has more of [x] than the other
i leave it up to your boundless imagination and massive intellect to imagine which world that might be
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Ok, I was being a little mean there -- I concede no one really thinks what I was ascribing to you. I was just exaggerating a little to make a point. But you must concede that no one actually thinks what you are now ascribing to me!
First, I'm making no claims about Madison or Hamilton. My little historical fantasy was an absurd anachronism: as best I gather, Hamilton and Madison had nothing to do with helping incite revolution, and I only mentioned them as political philosophers who were vocal about individual liberties. Their period of activity was from a decade after the revolution, by which time the Crown was not so relevant.
Second, what I am attributing to you is an attitude of accommodation, and not that of a goon at all. Now, often there is much of value in accommodation. It's pragmatic; it's prudent. And it was characteristic of those who advocated conciliation with the colonies' imperialist masters. Whereas it was the staggering idealism and hubris of the American Revolutionaries to believe in the existence of Natural Rights, and to think them worth killing for. I'm not saying you don't believe in a natural right of privacy; maybe you do. But if you do, you seem to be ... hmm ... very well adjusted to the idea of your own rights being continuously violated by all and sundry.
What I'm saying is, the Founding Parents of America were crazy enough to think that they really ought to have public institutions that respected their natural rights, including privacy. So I think your sense of surprise that "anyone considers it any other way" should be piqued whenever (if ever) you hear the names Adams, Franklin, Hamilton, Jefferson, Madison, Washington, etc. (If you are not American, that might be seldom.) They considered it another way.
Short answer: yes, I think the answer is to hold the "goons" accountable. I feel I'm in good company. I wish other Americans were less used to being outraged. And I'm not talking about those foolish "tea parties" they just had.
$META_SIG_JOKE
Other societies never had guns in the first place. They didn't outlaw them democratically. They've been banned from them ever since monarchies.
The government can't save you.
I have not watched, Red Dawn, Star Wars or Dirty Harry. Please make a more relevant argument.
The government can't save you.
Really, unless the people paid by the university who aren't students monitor the network, nothing happens. My school has our residential network monitored by students. Yes, you heard me right, Students. This is why a major file sharing client was allowed to run on someone's computer for several years. Why? Because why is the student going to say anything and get them riled up? They already deal with enough.
Dude, you're still doing it. Stop.
Of course it's the same fucking thing you nit, that's the point.
Sure, that's the price of living in society: you don't always get what you want. But for now, most of America still supports the right to bear arms.
Qxe4