question about privacy and keylogging

Hi,
I've recently discovered that my university is logging every keystrokes that are typed into bash, whether the user is on a unix machine or using X-Win32. I do see the use of this from both a security standpoint as well as from a sys. admin's perspective. However, users are NOT warned of such logging activities.
Furthermore, a duplicate of the cache and of our web history is made for 'sys admin purposes'.

I'm seriously considering contacting our system administrator to voice my concerns over the (lack of) privacy but I was wondering what you guys thought as to whether or not it was an invasion of privacy to log keystrokes without at least notifying the user of this activity.

thanks a lot for any insights,

all the best,
banshee

I think that's bad. I login to my computer at home from bash all the time at school. All they'd have to do is see something in the log like
ssh blah.com
xxxxxx
and they'd have a shell account :P. Unless I'm missing something and they can't get the password like that, but I'm pretty sure they can. Are you sure they are doing this. If they haven't told you how do you know?

thanks a lot for your reply.

i know this because i found the 'hidden' log files on my share. It had a '.' before the filename to prevent normal display if done by an 'ls -l' call.
I've checked with some trusted fellow students and they all have the same type of log files on there shares (so this nulls the possibility that my account was hacked, unless every one else on campus has been hacked which could still be a possibility).

Luckily, the file did not contain any passwords (which would be very foolish of them).

thanks again.

banshee

IMO, it's not your network, not your computer, therefore you do not have any privacy rights on it. If you connect to your home computer, it makes no difference. I hold this opinion for everything all the way to web surfing in the workplace... It's not yours, and the owner has the right to take any actions neccessary to protect their network and their hardware.

The only exception I see is 911 or family emergency telephone calls...

all they have to do is state that they may monitor your network usage when you sign the acceptable use policy. if they didn't have you sign one...they're in deep ****.

Are you sure it's a keylogger? It looks to me like you just found bash's log file (where bash stores the command history). If that's the case and you're really paranoid, write a script that deletes the file(s) every "x" minutes.

Cheers,
cgkanchi

Soda: i do agree with you that its not my network and they certainly do have and should have administrative rights. However, I believe that its not right to not a user know that their session is monitored. If they had told me in advance, for instance in the Acceptable Use Policy that I signed in my first year at the university, I would be totaly cool about it.

Tedob1: as just stated, I did sign a AUP, and nowhere on it does it say that the CONTENT of the sessions were logged. All it pretty much stated was the 'usual', such as 'no porn', 'no hacking', 'no copyrights infringement'.

CGKanchi: yes the bash history, plus the html of every webpage, including personal emails
(no, not the 'pine' session: I primarly use the universitie's SquirelMail engine) that I have visited since what appears to be the beginning of this school year. Since I do a lot of web surfing, it was then that I realize that my disk quota was mysteriously being reduced by large amounts every time i checked. I do understand the point of storing some html pages on the hard disk for quick retrieval and yes, administrative use. But when were talking about over 20MB of saved log files over a 80MB disk quota, its becoming rediculous!

Thanks to everyone for their replies.

You may want to reread the EULA again , because I would bet dollars to dimes that somewhere in there it says that they have the right to modify the EULA at any time, without notifying you.... just a hunch. :)

Pssst.... Groove.... It's an AUP not a EULA.... ;)

banshee.... I wouldn't worry too much.... If you are using the computer for what they are supposed to be used for then what they log is pretty much irrelevant isn't it?

lol..I was just reading threads where people were griping about EULA's.......must have forgot what thread I was responding too..yeah, that's it. 8O

[Completely Off Topic]

Dayum........I think your AUP just EULAed my IP. Now you are going to clean up the resulting mess.....aren't you??

[/Completely Off Topic]

Perhaps you had better get a copy of the AUP you signed when you started there, and check the fine print.
I will also bet that they have covered their bases {asses} in some form or fashion.

Also, you might consider suggesting to the admin that if he doesn't want users to delete his logs, he might try storing them outside the user's home folder. That is kinda stupid, you must admit :D.

Cheers,
cgkanchi

Yes, I think thats a good idea. I'll reread the AUP again and then voice my concerns with the sys admin. I doubt that he will agree with my views but hey, what do I have to lose!

cgkanchi: yeah, I agree.

all the best,
banshee

Hmmmmmmm?

Maybe it is not the admins? maybe you are being attacked?

I don't like keyloggers except as a last resort because they are "information overload". You get everything and anything....................I cannot believe that they are keylogging every student.........there would be much too much to analyse..........anyway, there are much better higher level analysis tools out there?

In would be inclined to ask the Admins if this is an attack?

Cheers

I really doubt that its an attack (even though our system has a few known vulnerabilities).
I've watched the log files grow only when I was 'active' on the computer.

For instance, I leave the computer for 15 minutes and come back, nothing has changed. As soon as I start viewing webpages, working on bash, etc, they start to grow again.

Anyways, I'm currently writting a script that will be monitoring the suscpicious log files and delete them as soon as they grow.

all the best,
banshee

Can you talk to fellow students that you can trust?............have they got the same thing?

It is just that keyloggers need so much subsequent analysis, I don't think that they would be the tool of choice of your admins.

:)

The logs are not created by sysadmins to spy on you. The .bash_history file is created by bash itself and is actually quite useful and can do alot of niffty things, you can search the history to find a recently used comand for instance by using a bang(!) and the first few letters of the command and thats only one of many tricks. If it really offends you just use "shopt -u cmdhist" to disable the command history. As for the web pages, caching of pages is standard practice on almost any system you use. Any Windows machine does the same thing. If you dont like them caching the site, dont visit it from the schools machines, that simple. They are not your personal machines and are not admined by you. The admins can log whatever they see fit to ensure proper use of their systems. If you dont like it, dont use it.


P.S. Most admins are not going to rifle through your logs unless there is a problem, they have work to do. :) So if you arent causing trouble, dont worry about it.

-Maestr0

in the first year of ur school u must have signed the EULA, also this is quite right that they have got all rights on their organizational infrastructure, they may monitor the activities of the students about what u r doing over the net. You too r not supposed to indulge in anything wrong while in school, then why r u worrying about what ur teachers are enquiring..

Don't worry if it is keylogging by ur school administration,it will be for ur benefit.. I suppose

well our admin did they same for us in the begginnig of the semister , you know students just to close it down started typing all kinds of crap and the log file grew so big that the admin decided top drop the idea *(don know exactly how big ,but the rumor was something aroung 40gb)* the college strength is 5000

so if they key logging really bothers you som much then start a small rebel kinda a thing and may be your admin will give up .

or



well keep all your p/w and files in a floppy and keep copy-pasting them .that might help.some keyloggers do not log the data kept in the clip board

just a thought

Just for my clarification, are you talking your personal machine, or the school owned machines? Im assuming you are refering to your machine, being how most average college students dont run, or dont know how to run a *nix box, and most schools (generalization) dont provide campus *nix boxes either. Either way, just curious

-z3

Quote:

---

Originally posted here by Maestr0
The logs are not created by sysadmins to spy on you.

---

While true, they will be suspicious if *something* happens on the school server and your bash history *happens* to be gone. This happened to me once. Someone wrote a perl script which basically created a monstrous file by recursively adding itself... to itself... in multiple threads.

So after this all happens, the sysadmin looks into it, and sees that everything appears to be intact, except one of the scsi drives on the RAID array is down, and one of the students bash history files is gone. And he had the nerve to blame me.

Well... this time he was right.

BUT THAT'S BESIDE THE POINT!

Point is, if it's in the AUP, you lose. If not, what are you worried about? I know it goes against the whole "invasion of privacy" and all, but you realize... if you have nothing to hide, then you have nothing to worry about....

-M

well i agree with embro1001

Quote:

---

While true, they will be suspicious if *something* happens on the school server and your bash history *happens* to be gone. This happened to me once. Someone wrote a perl script which basically created a monstrous file by recursively adding itself... to itself... in multiple threads

---

the admins wants to keep a track of who is doing what , and if somr thing goes wrong ,it will be hardly a matter of minites untill he is caught,so think there is no need to panic!