King Tiger

I need privacy!

89 posts in this topic

For what it is worth, I'm all for telling you to encrypt if the TOS lets you. Whatever you can get away with doing within those terms, you should do. Even if it weren't for the network admin logging, there is no reason to send plaintext email if it can be avoided. If the oother parties don't know anything about it, and you need a relatively secure, no hassle solution, go with the freenigma plugin. If they can install a firefox plugin, they can get busy.

0

Share this post


Link to post
Share on other sites
Tiny bit off topic but; If you want privacy while using MSN use Simplite it offers encryption like AES...

Simplite, like all other encryption, is only useful when the other party has it as well. Otherwise, it's all plaintext (I used SimpPro for two years and all my data was in plaintext because no one else used it).

@SeaL: No, I'm 100% serious. After all, it's the University's network and their assets at stake, they are free to do with it whatever they please and legally, they're given the power to do so. After working at a University for nearly three years, you get to learn little tidbits like that.

Hsve your friend download and set the same encryption

0

Share this post


Link to post
Share on other sites
Tiny bit off topic but; If you want privacy while using MSN use Simplite it offers encryption like AES...

Simplite, like all other encryption, is only useful when the other party has it as well. Otherwise, it's all plaintext (I used SimpPro for two years and all my data was in plaintext because no one else used it).

@SeaL: No, I'm 100% serious. After all, it's the University's network and their assets at stake, they are free to do with it whatever they please and legally, they're given the power to do so. After working at a University for nearly three years, you get to learn little tidbits like that.

Hsve your friend download and set the same encryption

Heh, yeah. That is kind of the point isn't it? To bad all people say when they hear *ANYTHING* regarding a computer is "I can't", then the wall of I can't goes up, impossible to penetrate, impossible to talk sense to.

Getting the technically adept to use something like this isn't the issue. He obviously means coworkers and family man.

0

Share this post


Link to post
Share on other sites
I've had my suspicions.

Was it his purple Cadillac that gave him away? You know, the one with the spinning rims and fixed mounted war driving antenna?

Edited by Drake Anubis
0

Share this post


Link to post
Share on other sites
Tiny bit off topic but; If you want privacy while using MSN use Simplite it offers encryption like AES...

Simplite, like all other encryption, is only useful when the other party has it as well. Otherwise, it's all plaintext (I used SimpPro for two years and all my data was in plaintext because no one else used it).

@SeaL: No, I'm 100% serious. After all, it's the University's network and their assets at stake, they are free to do with it whatever they please and legally, they're given the power to do so. After working at a University for nearly three years, you get to learn little tidbits like that.

Hsve your friend download and set the same encryption

I think you missed my point.

0

Share this post


Link to post
Share on other sites

Why do I need privacy? Not because I'm the leader of a secret underground anarchy group. I want privacy for the same reason I close the shower curtain. It's the reason I wear clothes. The reason my car has tinted windows. The same reason I close my blinds at night. Because privacy is a basic human need. You can't assume I'm doing something wrong because I want privacy.

So what I've sifted out is that there is no effective solution here?

Edited by King Tiger
0

Share this post


Link to post
Share on other sites
Privacy is a basic right. The college is out of line for providing a email address, making me dependant on it for grades, announcements, communication with other students, etc, but then randomly reading my messages. It's called an invasion of privacy.
You gave away those rights voluntarily. You probably also gave them your SIN/SSN number and other information that they have no legitimate need for. It all comes down to voluntarily giving up your rights.

Remember all those campuses that got hacked and the mass identify theft going on, due largely to insecurely and unnecessarily storing of sensitive information.. good times.

(It is mandated federally they need your numbers for taxation purposes but not for student identification, so in the end the tax man is screwing you once again. In the ass. With a parking meter, some broken glass and a lack of lube. ie - business as usual.)

So what I've sifted out is that there is no effective solution here? That can't be true. Maybe I could crash the monitoring system or spoof it somehow. That'll make IT happy.
I'm sure that will go over really well and completely unnoticed by all. :roll:

We have already said: sending plain-text over-the-wire through a network you know to be logging your traffic and through a mail server equally setup is going to enable your email being read and the websites you visit being logged.

You could tunnel all dns+http+mail traffic out to a third-party network out of their control, so none of it travels in plain-text but this presents a few problems:

a - Your campus may have procedures in place to flag this traffic and question you about it. Encrypting communications unnecessarily may be against your system-access TOS, landing you in hot water and potentially setting you up for a review board meeting. Ask for a copy of your system access clauses they have to provide you with one, it is likely available on your campus website. IT departments don't like TOR. 'woot'

b - If any of your traffic is destined to a campus controlled resource it will still pass through them and get logged. (Https gmail to send email to a user within the campus mail-server will still be read entirely, the other account is the weak link.. you and her would both need to use PGP or an alternative like certificates.)

c - If any of your traffic is being received on the campus network by an unencrypted party it is still travelling in plain text. (Https gmail to another gmail account will keep the traffic out of the university mail server, but unless the other party uses the https security layer it is still transversing the network in plain text when she reads it.)

So as I said already (not a big fan of repeating myself) explain to this girl how to receive your encrypted communications (pgp/certs), get her using a third-party mail-server that supports your needs and access it with a secure connection, or live with it. Communication is a two man game, if the other party is not willing to play you are forced to send in plain text.

Privacy is still a relative privilege and not a right, it is potentially illegal (Cdn example) to possess tinted windows beyond a certain degree per window on a vehicle. (something about endangering police) :P

The police can fly by in helicopters with night-vision and heat-vision technology watching you through the windows or outright through your walls as you touch yourself at night, this is legal it would seem. (Though ironically use of this technology to obtain a warrant to enter a home suspected of being used as a marijuana grow-op has been thrown before the courts and struck down at least once.)

Could state several other examples but by now you should start to get the point, it is a relative thing - particularly if you are affected by the coveted 'patriot act'.

Still wondering about the need for all this security (for my curiosity, does it involve lesbian action?)

Edited by jabzor
0

Share this post


Link to post
Share on other sites
Still wondering about the need for all this security (for my curiosity, does it involve lesbian action?)

If thats the case the safest way to transfer information like that is to post it on the forums, then direct the other party to the forums also.

0

Share this post


Link to post
Share on other sites
You're using their service, their assets, their network, they are free to do whatever they want with your data even if that means reading it. You can't do anything about it, it's due diligence on their behalf.

They own the service and are free to legally read the communications, that does not make it right...

"What is legally right isn't always what is morally right"

This is quite true and depending on your ethical stance, you'll either agree with them or not. However, legally, it's their due diligence to do things like this. What if they never did it and they were harbouring a fanatical cult in their school that was freely using the school's email system to concoct a plot to blow up a building? If there is no email sampling, this would go unnoticed until the event happened. But with email sampling, an event such as this can be stopped and the offendors can be legally dealt with and by law, lack of due diligence is a serious offense.

Wait... are you automatically classifying everyone who values their privacy as ocultic bomberman?

0

Share this post


Link to post
Share on other sites

write using a foreign language?

0

Share this post


Link to post
Share on other sites

OK, I'm getting the picture. Have the other party use a secure method.

Edited by King Tiger
0

Share this post


Link to post
Share on other sites
OK, I'm getting the picture. Have the other party use a secure method. They can still see that "I'm trying to hide something".

What I'm trying to establish privacy for is so I can send this girl some pictures of both of us (get your mind out of the gutter) appearing to be in a situation that is not acceptable at my college. ($5 if you want to see them) I could post them up on my website in a password controlled area and give her the password... Gmail works too... I think.

Assuming your website is not just password protected (which simply keeps others from logging in) but also ssl-encrypted (which keeps the admins from viewing the traffic as she types in her password in essentially plaintext to login, and then proceeds to download said pictures also in unencrypted over the wire), same goes for gmail, use https://

If it is just data-transfer why not setup ssh or ftps, give her an account and you two can share files directly between you without going through third party servers. Alternatively or in conjunction with, you can simply 7z/ace/arj/rar/tar/zip the files as an archive with a pass-phrase only the two of your know and not have to worry if somebody does get a hold of the archive as the data within is protected.

(Which begs the question, why don't all the hospitals and insurance firms that keep losing millions of peoples private emails not simply use EFS, no doubt they are running xp or vista.. it's not like it is hard to implement; off-topic but still a valid question.)

(So I was right about the lesbian action..) :lol:

0

Share this post


Link to post
Share on other sites
(So I was right about the lesbian action..) :lol:

No, one guy, two girls.

Edited by King Tiger
0

Share this post


Link to post
Share on other sites

Unless it is a highly religious school, it took place somewhere it shouldn't have, someone involved is underage or is an instructor/'someone in a position of power'; I cannot see them being overly concerned.

If what happened occurred directly on university property (say in a classroom/the library/somewhere potentially equally voyeuristic).. they might be upset - just keep it in your dorm rooms/off campus housing and at a reasonable audio level so as to avoid annoying your neighbours and you can have a thirty girl orgy for days on end without repercussion (well.. aside from dehydration :P). Pictures you take while on campus are yours, pictures you take of yourself committing potentially incriminating acts are your responsibility. Just keep the acts and amateur photography off of the football field, out of the library and bathroom stalls or wherever else and you should be fine.

IANAL so if inclined speak to an attorney and go through your school regulations, but you could probably host a website of the pornographic nature featuring the local talent (off of the campus network) with little if any fallout to your academic future (particularly if you are using off-campus housing). Actions that take place off of campus facilities are not of campus concern unless they are deemed to be defamatory or you put the school at risk (liability,obscenity,operating without a license,prostitution,racketeering,tax evasion,etc keep it 'legal'). :huh:

(with two girls there, there better have been lesbian action otherwise your 'playa skils' be lacking yo)

Edited by jabzor
0

Share this post


Link to post
Share on other sites
(with two girls there, there better have been lesbian action otherwise your 'playa skils' be lacking yo)

Now that is what I'm talking about. :D

0

Share this post


Link to post
Share on other sites
Tehbizz, you are a jacked up guy. You need to study history and learn what happens when guilty until proven innocent and zero privacy is implemented. Privacy is a basic right. The college is out of line for providing a email address, making me dependant on it for grades, announcements, communication with other students, etc, but then randomly reading my messages. It's called an invasion of privacy.

Why do I need privacy? Not because I'm the leader of a secret underground anarchy group. I want privacy for the same reason I close the shower curtain. It's the reason I wear clothes. The reason my car has tinted windows. The same reason I close my blinds at night. Because privacy is a basic human need. You can't assume I'm doing something wrong because I want privacy.

So what I've sifted out is that there is no effective solution here? That can't be true. Maybe I could crash the monitoring system or spoof it somehow. That'll make IT happy. Freaking nazis.

Jacked up guy? Obviously you have no idea that in school, you have no rights, no privacy. Guilty until proven innocent? You must not follow news where this has not been held up for at least the last 30 years. Privacy is not a basic right, it's a right granted to you. Schools are not democracies. Don't believe me? Ask your school's legal counsel, they'll repeat what I've said.

The college is not out of line for providing an email address. By doing so, they make it easy for people to internally communicate with easy to remember addresses. Don't call me "jacked up" because I worked at a school and know what the school (and their legal counsel) will give for their justification for reading your email. In fact, have YOU worked at a school to be able to verify whether this is true or not? No? OK then don't doubt those that have.

0

Share this post


Link to post
Share on other sites
OK, I'm getting the picture. Have the other party use a secure method. They can still see that "I'm trying to hide something".

What I'm trying to establish privacy for is so I can send this girl some pictures of both of us (get your mind out of the gutter) appearing to be in a situation that is not acceptable at my college. ($5 if you want to see them) I could post them up on my website in a password controlled area and give her the password... Gmail works too... I think.

Simple: don't use the school's email system! Use GMail instead. Or Hotmail. Or Yahoo. Or anything except the school's own email system.

Problem solved.

0

Share this post


Link to post
Share on other sites
OK, I'm getting the picture. Have the other party use a secure method. They can still see that "I'm trying to hide something".

What I'm trying to establish privacy for is so I can send this girl some pictures of both of us (get your mind out of the gutter) appearing to be in a situation that is not acceptable at my college. ($5 if you want to see them) I could post them up on my website in a password controlled area and give her the password... Gmail works too... I think.

Simple: don't use the school's email system! Use GMail instead. Or Hotmail. Or Yahoo. Or anything except the school's own email system.

Problem solved.

Isn't it amazing? There is no issue with encryption and no issue of the evil sys admin sniffing the traffic... Who would have thought of that?

...

0

Share this post


Link to post
Share on other sites
Jacked up guy? Obviously you have no idea that in school, you have no rights, no privacy. Guilty until proven innocent? You must not follow news where this has not been held up for at least the last 30 years. Privacy is not a basic right, it's a right granted to you. Schools are not democracies. Don't believe me? Ask your school's legal counsel, they'll repeat what I've said.

The college is not out of line for providing an email address. By doing so, they make it easy for people to internally communicate with easy to remember addresses. Don't call me "jacked up" because I worked at a school and know what the school (and their legal counsel) will give for their justification for reading your email. In fact, have YOU worked at a school to be able to verify whether this is true or not? No? OK then don't doubt those that have.

I really don't care what the justification is. They obviously have some "reason" for me having no rights or privacy. (It's true) The real reason is to make thier life easier. However, let me remind you of something I never want you to forget.

Amendment I

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

Amendment II

A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.

Amendment III

No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.

Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Amendment V

No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

Amendment VI

In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the Assistance of Counsel for his defence.

Amendment VII

In Suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved, and no fact tried by a jury, shall be otherwise re-examined in any Court of the United States, than according to the rules of the common law.

Amendment VIII

Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.

Amendment IX

The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

Amendment X

The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.

Yeah yeah, I know the line. "That only applies to the government." But don't you think that it is unethical for an instutition that depends on these rights for its existance to deny these rights to its students? Is there no freaking justice left in this world? *bang head*

(I'm not trying to hide p0rno tapes, just some pics of me breaking a few rules. At the same time.)

0

Share this post


Link to post
Share on other sites

unethical? perhaps. the way things are? yep.

if you don't like the way things are, there are ways to go about getting things changed. However, by using the email system, you grant them permission to monitor you any time they see fit. If you check your TOS, you'll probably find it there, plain and simple. Do I think that the fact that they do this is super awesome? no, I don't. However, it is how it is.

0

Share this post


Link to post
Share on other sites

I looked up the TOS and they pretty much have me by the balls. This ammount of control can't be morally or ethically right.

The computer information systems at *College* have been designed to be as open as possible, and as such *College* insists on responsible use of these systems. The use of computers, electronic information, and computer networks is essential for research, instruction, and administration within the academic community. Because the electronic environment is easily disrupted and electronic information is readily reproduced, respect for the work and rights of others is especially important.

*College* seeks to protect the civil, personal, and property rights of those actually using its computing and network facilities and seeks to protect the confidentiality of college records stored on its computer systems. Data stored on the network facilities is considered private. Tapping the network for the purpose of examining data for which the user is not authorized is considered unacceptable conduct and is subject to disciplinary action. Attempting to crash the network or computer systems is also subject to disciplinary action.

*College* network facility requires each user to have a unique identity to gain access to or otherwise use the system or facility. The identity is used to represent a user in various system activities and to provide access to certain hardware, software, and data based on his/her credibility and purpose for requiring such access. As such, this identity is another instrument of identification and its misuse constitutes forgery or misrepresentation and is subject to disciplinary action.

Any attempt to violate the provisions of this policy or any posted rules will result in disciplinary action, regardless of the success or failure of the attempt. Disciplinary action will be at the discretion of the Dean of Students’ Office, and may range from temporary restriction of account to dismissal.

Use of Equipment and Facilities

§ Telephone outlets are to be used only for telephones, not for computers.

§ Vandalism and theft of equipment will result in severe penalties. Unauthorized use or borrowing of equipment may be dealt with as theft.

§ Food and drink is prohibited in computer labs (including music labs, study carrels, etc.)

§ Games are not allowed to be played in labs unless otherwise specified. When playing games in any labs in which games are allowed, the following guidelines must be followed:

o Games requiring a license may not be installed. This includes shareware games and games that a student personally owns.

o Games must conform to standards outlined in the Entertainment section of the Student Life Journal.

o If students are waiting to use the lab for legitimate work, those playing games should immediately log out and allow someone else to use the computer.

§ Students may access only the following network resources from personally-owned computers: *College* email, *College*-provided Internet access, personal J drives, M drive, and the Maranatha Intranet.

Accountability, Privacy, and Security

§ Using or attempting to access someone else’s computer account or sharing passwords to accounts is prohibited.

§ Deletion, examination, copying, or modification of files and/or data belonging to other users without their prior consent is prohibited.

§ Students are responsible for their accounts at all times and should not leave any computer unattended when logged in. (If a student wishes to remain logged in to his own computer when it is unattended, he/she should lock the computer. On Windows XP computers, this can be accomplished by the keyboard shortcut Windows Key + L.) Demerits may be issued to the owner for misuse of an unattended or otherwise unsecured computer or computer account.

§ *College* reserves the right to inspect a student’s computer, computer files (on any media), and electronic devices at any time. *College* also reserves the right to confiscate media or electronics as a result of misuse. {How the hell is this legal?}

Legal Compliance

*College* respects licensing laws and regulations, and expects its students to do the same.

§ Illegal copying or sharing of copyrighted materials is prohibited. The following list includes samples of illegal sharing or copying:

o Using “pirated” or “cracked” license codes for games or other software (including operating systems)

o Copying Microsoft Office or Windows CDs for use by others

o Using software on more computers than it is licensed for (most software licenses allow installation on only one computer)

o Sending licensed music files (in any format) to others. This includes duplicating or burning CDs, sending the files electronically via email, IM, or file share, etc.

§ Use of illegally licensed operating systems is against the law, and is expressly prohibited on computers connecting to *College* network.

Communications

§ Students are responsible for the content of any electronic communications. They are also responsible for any content they forward or direct people to, whether they read it first or not.

§ If a student receives e-mail or other electronic transmissions (excluding SPAM) containing partially or totally objectionable material (such as profanity and/or lewd and/or crude content), the student must follow the procedure listed below:

o Forward a copy to abuse@*edited*.

o Tell a dean or a dorm supervisor about the communication.

o Delete the communication.

Such material may not be saved or forwarded to others. Students are subject to disciplinary action for failing to report receipt of objectionable material and for saving or forwarding any kind of objectionable material. Disciplinary action may include the loss of e-mail privileges as well as a demerit penalty and/or other disciplinary measures.

§ File sharing is allowed, but only when the shared files are not protected by copyrights and the content is appropriate. File shares may not be password protected. Only the computer owner may have rights to post files to the file share. The same principles and regulations apply to ftp sites and web sites hosted on student-owned computers.

§ Email and other electronic communication may be logged, monitored, and/or inspected by *College* staff.

§ Students are not allowed to send mass emails. Sending electronic communications to large groups (30+) is not allowed. (This includes Reply-To-All emails.) This does not mean that students may send 5 emails to reach 150 students. The following chart provides instructions for dealing with various communications needs:

Internet Use

§ Internet access through *College name* network is filtered. Attempts to bypass filters are prohibited.

§ If a student uses Internet access in other areas (such as the local public library), students are still expected to visit only appropriate sites, and may be subject to penalties for any violations.

§ All Internet activity is logged and may be monitored.

§ Viewing or participating in illegal, pornographic, or otherwise inappropriate activity via any means (viewing, posting, sharing, downloading, etc.) is prohibited whether that activity is blocked by filters or not.

§ Cellular devices may not be used as modems. Residence hall students may access Internet services only through the campus network. Residence hall room telephone lines may not be used for Internet access.

§ *College* reserves the right to restrict the downloading of certain files or file types to limit bandwidth utilization, prevent security problems, and/or prevent misuse.

§ *College* network security needs far exceed the security needs of a home network. Therefore, several ports and protocols are blocked. Students may conduct business online, but *College name* will not unblock ports or protocols upon student request, even if a student’s business requires it.

Miscellaneous Computer Policies

§ All student-owned computers must have up-to-date antivirus software installed. Up-to-date means that a legal subscription to virus definitions is actively being utilized to keep the software current.

§ Screen savers and wallpaper must meet the standards outlined for wall hangings

§ Headphones may be used in labs. If headphones are used for listening to music, the music must meet the standards outlined in the music section of the Student Life Journal.

§ Students may not set up wireless access points without first contacting the I.T. department to receive permission and instruction. Students may not set up wireless access points in any buildings in which *College name* has provided wireless access. Students may not set up DHCP servers.

Entertainment

§ Computers may not be used for viewing movies, music videos, movie trailers, or entertainment television shows (video news stories from sites such as CNN.com and C-SPAN are allowed if the content does not violate *edited*. Violations will result in demerit penalties and loss of computer use.

§ *College name* may restrict access to certain games that are played over the Internet or our network, including multiplayer client/server games, to reduce bandwidth utilization and/or prevent the use of inappropriate games.

Additional I.T. Policies

*College* Information Technology Department publishes policies via its Intranet site *edited*policies include regulations regarding how personal computers should be named, which operating systems are allowed on network-connected computers, etc. Students are required to read and abide by those published policies.

CONFISCATION

Anything a student has that is prohibited is subject to confiscation. Items will be returned to the student at the discretion of the Administration.

So basically, they give themselves all the rights, I get none.

Edited by King Tiger
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now