Students surfing the Internet on the University's Dormnet system will no longer be associated with their NetIDs, following a change in OIT policy announced this week.
This move, expected to take effect by fall, will increase privacy by preventing outside servers from tracking host names back to students' NetIDs. Such tracking allows website operators to gather personal information, including telephone numbers and dorm addresses.
IP addresses, which were previously traceable to NetIDs, will now be associated only with randomly generated pseudonyms, OIT Associate Chief Information Officer Steven Sather said.
The current system has been used for "over 10 years, before the web was invented," Sather said in an email. "OIT believes this is the right time to make this change."
Though OIT has been looking for a solution to the issue for some time — it was raised at a CPUC meeting in April — graduate students Alex Halderman '03, Jeff Dwoskin and Harlan Yu created additional pressure with a petition that had collected 261 signatures as of Thursday evening.
Sather heard of the petition through a Dec. 13 Daily Princetonian article and quickly arranged a meeting with the three graduate students earlier this week. OIT was occupied with other issues over the summer, such as installing the wireless network in dorms, he said.
Halderman said the timing was fortunate, because OIT "had already come up with a plan to fix the problem, which coincided with what we thought."
Yu agreed that the solution seemed reasonable and was "greatly pleased" that OIT responded to the petition so quickly.
"The gears were in motion internally to change the host names," he said, but a little "pressure from students" helped speed up the process. He added that it was important for OIT to know that students are aware their privacy is being violated.
Until the change is implemented, OIT has pledged to educate the student body on ways to protect itself. The graduate students have also provided a number of suggestions on their website, princetonprivacy.org, on how to maintain anonymity online.
Tips on the website recommend accessing the Internet through the campus wireless network, which is safer than Dormnet, and connecting to the Princeton Virtual Private Network, which OIT's website describes as "a secure network connection layered on top of a public network, such as the Internet."
Though the new policy will make the network more private, OIT and others on campus will still be able to trace a host name back to a student's identity, and as the students' web site notes, "the University may be forced to provide this information to outside parties when required by a court-issued subpoena."
After the change, students who want a simpler pseudonym will also be able to add another nickname if desired.
Original URL: http://www.dailyprincetonian.com/2005/12/16/14175/