Conclusions

• Providers have a moral obligation to inform users about changes to their network.
• Turn off privacy-invading options.
• Packet-Monitoring solutions are here to stay.

Inform users that changes have been made (top)

       We believe that Stanford University seriously erred when they chose not to disclose the network situation to the students. Students pay $80 a year for what used to be probably the fastest connection on the west coast, and they should have been notified about network changes. Stanford Networking even kept its RCCs in the dark, leaving them with false answers to give to questioning students. It is in this where we can see the real life dangers imposed by PacketShaper and its kin. Perhaps the University actually had no intentions of telling the students, and we only know now because it leaked out through word of mouth. Is it acceptable for students to be monitored without their knowledge or consent?

Do not use privacy-invading aspects of the software (top)

       Specific user habits are not essential to the overall function of a packet-monitoring solution. It is well enough for an administrator to note that 10% of his/her traffic is due to application X. A bandwidth limit could then be set on application X, and the problem would go away. This prevents mis-use of the tracking options in PacketShaper, that keep histories and logs for up to 2 months. Stanford University is a very corporate-friendly university: all sports gear is emblazoned with Nike logos, and if you want a soda you'll be hard-pressed to find a Pepsi machine instead of a Coke machine. Knowing that the University makes deals like this with huge corporations makes PacketShaper's logging ability all the more frightening. Universities or employers could sell their PacketShaper logs to data harvesters, who then will claim to be "catering to you" while inundating you with useless email and ad banners. This would be a serious invasion of privacy, and we feel the best way to prevent this from happening is to curb use of those functions in packet-shaping software.

Packet-Shaping solutions aren't going anywhere. (top)

       Packet monitoring is definitely here to stay. It provides a way to increase connection performance and guarantee lower latency without paying for larger bandwidth. It intelligently distinguishes between different types of information over the network, and will be greatly useful to colleges and other users that require a certain amount of bandwidth for applications. However, we feel that Packeteer's PacketShaper is headed in the wrong direction. Although it is becoming more powerful, it is putting too much at risk. Privacy is very important to most internet users, and many people would rather have a slower connection that is guaranteed private than a faster connection that may be eavesdropped on. For example, people that use PGP to encrypt/decrypt mail, or those that use services like The Anonymizer as an anonymous proxy server are trading speed for security. We feel that PacketShaper should do the same- still improving their product and fine-tuning the packet-monitoring capibilities, but taking a potentially slower route rather than exposing users to potential harm and embarassment.