Northwestern fighting campus P2P use with... e-mail?

Northwestern University is the latest school to adopt the University of Michigan's open source Be Aware You're Uploading program. Turns out that simple e-mail notifications can make a real difference.<BR><BR>Read More

 

[Anla-Shok]

<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">officials at both Northwestern and Michigan say that many of the students who ultimately get in trouble weren't even aware they were uploading in the first place. While tech-savvy Ars readers might find this hard to comprehend, officials that we have spoken to at several schools insist it's the case. </div></BLOCKQUOTE><BR><BR>Trust me, I've worked tech support at a University. This is very very possible.<BR><BR><BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Students who know what they're doing are free to opt out of the notifications completely, though in any case, no more than one notification in a 24-hour period will be sent. </div></BLOCKQUOTE><BR><BR>Can one opt out of having their network traffic analyzed at the packet-level? I for one would be rather unhappy to know that my school is watching every bit of traffic going out. Even if the end-product is a harmless email, this is a sad precedent to set. I'm disappointed that we're happily consenting to DPI just because the implementation at the moment isn't troubling.

 

[RoboToque]

I would wager that the students are not so much surprised to learn that they're uploading, but surprised to learn that the University has detected it and knows who is doing it. I know that would probably be enough to scare me straight.

 

[eskouster]

As an Northwestern student, knowing that they're watching <I>me</I> is a pretty good reason to scale back the downloading -- every few months, you hear about another batch of students getting RIAA notices.

 

[Galeran]

<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">officials at both Northwestern and Michigan say that many of the students who ultimately get in trouble weren't even aware they were uploading in the first place. </div></BLOCKQUOTE><BR><BR>Or, for the slightly more savvy, weren't aware it could be traced directly to them so easily! Proof that "yes, you can be caught" is, I suspect, a pretty effective deterrent.

 

[brionl]

<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by Anla-Shok:<BR><BR>Can one opt out of having their network traffic analyzed at the packet-level? I for one would be rather unhappy to know that my school is watching every bit of traffic going out. Even if the end-product is a harmless email, this is a sad precedent to set. I'm disappointed that we're happily consenting to DPI just because the implementation at the moment isn't troubling. </div></BLOCKQUOTE><BR><BR>It's their network, they can do whatever they want with it. You can either agree, and use it, or disagree and not use it.

 

[djdementia]

I'm curios how they determine the email address. Does everyone get static IP addresses and they have a database of IP -> Email addresses? Do they use the same DPI to grab the user's email address when they send or receive an email? What if the user doesn't use an SMTP/POP3 based email service and only uses webmail, how then would the email address be obtained? How would this work with for example wifi, where you are likely to obtain a different IP address as you roam around campus? Do they have a web portal system that requires you to register your email address then emails back an authorization code?

 

[paper_wastage]

@djdementia<BR><BR>probably for dorm rooms, u have to register the MAC ID to ur user account in the school... nothing like saying u can't clone mac IDs, but i guess its a useful system for those ignorant of p2p sharing...

 

[Kaglan2]

My school used to track people by MAC address (The wireless service requires a log on, which is even better.)<BR><BR>But you're thinking too hard. Scenario A is someone trying to get around the university system: they'll succeed no matter what, and the lengths they went to do so only hurt their case (and the University's case of innocence) even more. Scenario B is someone being inpersonated and receiving an email when they are not in fact sharing. They will likely complain, triggering a more detailed investigation. And in any case, a single email doesn't hurt anyone.

 

[dreemernj]

<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by djdementia:<BR>I'm curios how they determine the email address. Does everyone get static IP addresses and they have a database of IP -> Email addresses? Do they use the same DPI to grab the user's email address when they send or receive an email? What if the user doesn't use an SMTP/POP3 based email service and only uses webmail, how then would the email address be obtained? How would this work with for example wifi, where you are likely to obtain a different IP address as you roam around campus? Do they have a web portal system that requires you to register your email address then emails back an authorization code? </div></BLOCKQUOTE><BR><BR>Campus networks I've used recently required logging in through a webpage to gain access. I would guess that's how it works.

 

[Kaglan2]

I mixed that up a little, but you know what I mean, I think.

 

[Jet Tredmont]

<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by djdementia:<BR>I'm curios how they determine the email address. Does everyone get static IP addresses and they have a database of IP -> Email addresses? Do they use the same DPI to grab the user's email address when they send or receive an email? What if the user doesn't use an SMTP/POP3 based email service and only uses webmail, how then would the email address be obtained? How would this work with for example wifi, where you are likely to obtain a different IP address as you roam around campus? Do they have a web portal system that requires you to register your email address then emails back an authorization code? </div></BLOCKQUOTE><BR><BR>First, this is a campus network, so every user has an email at which they can be reached.<BR><BR>Second, tracking. Yes, with multiple "shared" machines throughout the campus, you could attach P2P activity to the "last email address" and/or the "next email address" (assuming that email was checked within a certain span of time around the P2P activity), or any other logged-in service. It's just as easy to capture the logs of a webmail server as it is to capture the logs of an SMTP/POP3 server, so I don't see what the distinction might be there. Wifi adds an extra hop, but the "truth" identifier is the MAC address (which, yes, can be spoofed, but is unlikely), which, again, can be tracked and attached to the IP address.<BR><BR>Third, personal identification. The "hard" thing here is that in many cases on a campus you will have a single machine which is shared by a dorm room (2-3 students or perhaps 4-8 students). This is more likely to house P2P than a truly computer lab situation, and needs the above traffic analysis to attach actual users to P2P activity.<BR><BR>IMHO, sending an email to anyone who logged in to a campus service WHILE P2P activity was going on on the machine can and should get an email. And that's dead simple to determine.

 

[David Kanarek]

<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by djdementia:<BR>I'm curios how they determine the email address. Does everyone get static IP addresses and they have a database of IP -> Email addresses? Do they use the same DPI to grab the user's email address when they send or receive an email? What if the user doesn't use an SMTP/POP3 based email service and only uses webmail, how then would the email address be obtained? How would this work with for example wifi, where you are likely to obtain a different IP address as you roam around campus? Do they have a web portal system that requires you to register your email address then emails back an authorization code? </div></BLOCKQUOTE><BR><BR>You have a university ID and password for things like Oracle's PeopleSoft and Blackboard CMS. This ID is required to connect to the WiFi networks around campus and all ethernet ports in the dorms. This is also the Windows login for the computer labs. They know exactly who's using any given connection, or at least who authorized it.<BR><BR>-NU Student<BR><BR>Edit: Students are issued a university email address. This is considered an official form of communication by Northwestern - students check it regularly.

 

[muigleb]

I know when i was in school a girl that i had loaned a computer to, called me up and said that she had run out of harddrive space. Considering all she used the computer for was checking email and writing papers i figured something was wrong. when i went over there i found 12 gigs of anime in a hidden folder. unfortunately it wasn't any good so i reformatted and gave her a fresh install. so there are diffidently people out there that could be uploading with out knowing it.

 

[ltcommander.data]

The most interesting implication with "Be Aware You're Uploading" is that it implies that Universities don't care if you download copyrighted or otherwise illegal things. Just don't upload it.<br><br>Go leechers -- View image here: http://episteme.meincmagazine.com/groupee_common/emoticons/icon_smile.gif --

 

[Korov]

This strikes me as very appropriate response to the problem. Alert the clueless users that 1) they are sharing (and the possible consequences of such) and 2) they are easily tracked, but don't interfere with their ability and freedom to chose to do so.<BR><BR>I'm curious though...could the University be successfully sued for becoming aware of, yet not reporting, a possible crime?

 

[d4ddi0]

<blockquote class="ip-ubbcode-quote">
<div class="ip-ubbcode-quote-title">quote:</div>
<div class="ip-ubbcode-quote-content">Originally posted by ltcommander.data:<br>The most interesting implication with "Be Aware You're Uploading" is that it implies that Universities don't care if you download copyrighted or otherwise illegal things. Just don't upload it.<br><br>Go leechers -- View image here: http://episteme.meincmagazine.com/groupee_common/emoticons/icon_smile.gif -- </div>
</blockquote>
<br><br>Thats because if you download but don't upload you aren't subject to ridiculous interpretations based on attempts to shut down commercial boolegging operations, with legal thoeories resulting in 200,000 judgements against you.<br><br>Go leechers indeed.<br> It kinda kills the morality of P2P though, doesn't it. The BitTorrent slogan is "Give and ye shall receive". Maybe we should replace that with "Give and ye might be sued for thousands of dollars of imaginary damages"

 

[Anla-Shok]

<blockquote class="ip-ubbcode-quote">
<div class="ip-ubbcode-quote-title">quote:</div>
<div class="ip-ubbcode-quote-content">Originally posted by ltcommander.data:<br>The most interesting implication with "Be Aware You're Uploading" is that it implies that Universities don't care if you download copyrighted or otherwise illegal things. Just don't upload it.<br><br>Go leechers -- View image here: http://episteme.meincmagazine.com/groupee_common/emoticons/icon_smile.gif -- </div>
</blockquote>
<br><br>The feel I got from my school was that they really don't have any interest in acting as copyright cops. They are legally bound to serve DMCA takedowns and report identities of IP addresses (barring precedent to the contrary). But otherwise they really have nothing to gain by handing their students over to the RIAA.

 

[Deleted member 1]

New curriculum: Leeching 101 "Downloading is OK, but Uploading is Bad"

 

[seatrotter]

I see this as being effective in terms of informing students of the upload nature of file-sharing software/systems. In the first place, you've got to understand how most people get to first know about a file-sharing programs. It is usually by word of mouth and not as direct as one might think. From the clueless to the less tech-savvy users (savvy as being actually knowledgable about computers and "world it entails"), the first and last thing they'll probably know is that it is where they can get "stuff" for free. And this means they have no idea how the software/system works (no doubt most P2P programs and variants, in their aim to "dominate", is set by default to impractical network resource use), and the legality of obtaining certain "stuff" thru such means. And given that it has an opt-out feature makes sense.<BR><BR>As for the university using DPI/monitoring traffic, it's a private network and would only need to disclose such practice.

 

[Tekzel]

<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by Korov:<BR>This strikes me as very appropriate response to the problem. Alert the clueless users that 1) they are sharing (and the possible consequences of such) and 2) they are easily tracked, but don't interfere with their ability and freedom to chose to do so.<BR><BR>I'm curious though...could the University be successfully sued for becoming aware of, yet not reporting, a possible crime? </div></BLOCKQUOTE><BR><BR>My uneducated guess would be no. They are only aware that you <B>are</B> sharing, not of <B>what</B> you are sharing. I think there is a very important distinction there.

 

[jonfitt]

Interesting. It's to get rid of the "Oh sorry I thought I was just leeching" defence I guess -- View image here: http://episteme.meincmagazine.com/groupee_common/emoticons/icon_smile.gif --<br><br>If I was a NW Student who was into P2P, it would be quite useful. Now you can apply obfuscation techniques (SSL, tunnelling etc.) and they handily stop emailing you to let you know when you're sufficiently hidden!

 

[Xanrel]

<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">They are only aware that you are sharing, not of what you are sharing. I think there is a very important distinction there. </div></BLOCKQUOTE>It also seems like a distinction that could cause them some trouble from the other side. If they're sending nasty emails encouraging you to uninstall legitimate software even when you were using it for legitimate purposes, I would expect e.g. Vuze to have something to say about it.

 

[Biggiesized]

I actually really like this idea. It's a more cooperative approach to halting illegal downloading without the fear mongering of legal action.