As for many other computers, activities on id.wustl.edu are logged. This page describes which parts of your communications and activities potentially can become known to others. If any of this bothers you, aviod using this computer.

Files on this server:
By default files are created as world readable. Thus, unless you take special precautions, any file placed on this server can be read by anyone with a valid account. The reason for this policy is that increased protection leads to a lot of problems for users not used to Unix. e.g. your file may be there, but the WWW server will refuse to show it.

Learn about Unix, if you want to protect your files better.

Mail files are an exception and are readable only to the user and the system administrator (see below).

E-mail:
Mail is readable only to you and the system administrator (me). I have better things to do than to read other peoples E-mail. Once you have retrieved an E-mail with Eudora, it is gone from the server. Mail is not backed up. If it's gone from the server it's gone from the server. This also means that any unread mail is lost if the server disk crashes.

Note: Your mail, once retrieved by Eudora is, accessible to anyone with access to your Windows computer, unless you have taken special precautionsi to protect it.

If you use pine you can leave mail on the server. If you do, it is readable to you and the system administrator.

If you send mail to a non-existing address, it is bounced back to you. If your 'From:' and 'Reply-to:' fields are set up incorrectly, the bounce is sent to the system administrator. The system administrator tries to find out what's wrong by reading the header, not the content of the message. Still, it's better to avoid the problem by setting up your mail client correctly.

Any mail that goes to outside of the ID floor and id.wustl.edu, or originates outside, has likely been backed up somewhere. Don't put anything in E-mail that you wouldn't be willing to say.

E-mail can be forwarded by the recipient to anyone else. Don't put anything in E-mail that you wouldn't be willing to say.

WWW Access:
Web access is logged to a file readable to anyone with a valid account on the computer. Technically, any user can find out what was accessed from a given desktop computer. The log is used to generate statistics and track errors. No logging information is kept longer than 2 weeks. From outside of our network, it is essentially impossible to associate a user with a WWW request (unless you type in such info). It is technically possible to associate a user with a request made from a browser run on id.wustl.edu. At the moment, this is relevant only if you run 'lynx' on your id account.

If this is a problem, I can disable the feature that makes this possible.

E-mail logging:
E-mail logs are kept for no more than 2 days. They contain info on who sent a message to whom, but not any part of the actual message. This log is used to daily mail a summary to the stystem administrator. Mainly, this lists non-existant addresses mailed to or addresses that have problems. This is useful if mail is misconfigured so that e.g. mail to 'Stravinsky' bounces, rather than get's
redirected to 'xzstravi'.

Access logging:
Access logs are kept longer, usually 2 weeks. They list who logged in when and from where. If you repeatedly mistype your password or user name, it shows up here. Also, logins from computers that are not allowed show up here. This is useful to detect misconfigurations and break-in attempts.

This information is readable only by the system administrator, since it may contain passwords typed in the wrong place (i.e. if you type you password when asked for you user name).

A user with a valid account on id can find out when last any given user logged into the computer. You can check for your user id as well. When you log in, the date and time and origin of your last login is displayed. Let me know if this is incorrect (i.e. somebody else is using your account).

Passwords:
Passwords are stored one-way encrypted. It is not possible for anyone, including the system admninistrator, to read your password. However, the system administrator can change your password. Also, programs can go through dictionaries and compare the words after encryption with you encrypted password. Thus, any password that is a dictonary word, or a simple permutation thereof (e.g. rocking, 1rocking, ingrock, rockrock), or a simple permutation of information about you (e.g. SSN, phone, building, licenc plate) is easily guessed.

Anyone with your password can impersonate you and cause quite a lot of damage (send hate mail to the ACLU, your
boss, order stuff ,...).

Passwords are usually transmitted as clear text over the network. Anyone with access to the wires that transmit it can get it. Thus, it's a good idea to change it once in a while, especially if you use it somewhere other than on the ID floor.

It's no big deal if you forget your password. send me an E-mail or call me. I will set a new password for you and tell you in person or over the phone. Change it ASAP, so that only you know it.

I never send passwords by E-mail. I also never give you a password that you have requested by E-mail. Also, never give your password to anyone, not even the system administrator.

Web server passwords:
I'm more lax with these. I tell you and you can't change them. They do not give access to anything except protected Web pages. At worst, someone can put junk into a conference schedule. Let me know if you want this password changed.