Princeton campus network exposes student identities

The original appearance of this entry was in Danny Weitzner - Open Internet Policy

A group of Princeton University students have just launched an effort to expose privacy risks in the operation of the campus network. They’ve shown that each user’s username is publicly visible to anyone through a reverse DNS lookup. I hope the Princeton IT group will fix this but wonder how many other local networks are configured this way.

(One quibble: I found it ironic that the web site put up by these students fails to post it’s own P3P policy (the one Web standard for informing users about site privacy policies) and doesn’t even have a human-readable privacy policy. I hope they’ll fix both of these privacy gaps.)