Current State Conclusion
We addressed the current state of computer and network privacy at Stanford by identifying and exposing many of the privacy risks associated with the Stanford University Network. After providing a brief overview of the network and the systems involved, we listed the various tools and activities that can expose information about a student’s background and current work.
In sum, the risks we have identified are:
System
|
Description
|
Priv.
Control?
|
Zephyr |
UNIX tools like zwrite and zlocate |
Yes |
Other UNIX |
finger, processes, home folders, etc. |
No |
Whois database |
Public and private directories of student information |
Yes |
Prism database |
Administrative database with detailed student records |
No |
Cluster PC’s |
Thousands on campus, used by many students |
Yes |
Forging Email |
Email can be forged by any Internet user |
No |
Sharing Files |
Users’ personal computers allow file exchanges |
Yes |
Search Engines |
Sites like Google provide quick access to personal info |
No |
Students should play a part in their own protection through revealing less information on personal webspace, utilizing “Stanford.Who” to control what information is shared with Stanford community members and what is shared with the outside world, specifying access permissions to “Read-Only” when sharing files, and when using cluster computers, being mindful not to give sensitive information (which may be cached via cookies for example), closing browser windows, and making sure to logout from MacSamson sessions.
Questions? Comments? Suggestions? Send mail to: privacy_project@CS.Stanford.EDU
