Looks like I misremembered and it wasn't a kernel extension. It was a product called SafeConnect by Impulse. Based on the instructions I can find, it doesn't seem to require root so it must not be a kernel extension. But on contemporary Unix-y systems like OS X and GNU / Linux, pretty much all your privacy is gone if there is a rogue process running as you. You don't need root.

In any case, my attitude was that it was their network and they could put any restrictions on it, although they may be in very bad taste.

>it was their network and they could put any restrictions on it

Would you say the same of Comcast? When it is the only ISP serving the apartment you just signed a lease on?

Because that is basically the position of an undergrad in university housing with respect to "their network." You could say they had a choice not to go to that school, but for a state school system?

On a network engineering level, something is deeply wrong if you can't separate internet access from access to sensitive resources. Or if you are treating a subnet which includes tens of thousands of students as "trusted."

> On a network engineering level, something is deeply wrong if you can't separate internet access from access to sensitive resources. Or if you are treating a subnet which includes tens of thousands of students as "trusted."

I don't disagree with you. And I hate that I only have one choice of ISP.

I'm sure they were able to separate internet access from sensitive resources. But without forcing their users to install some piece of shit tracking software, how would they know who to forward letters to from the MPAA? ;)

Stanford has done stuff with requiring people to install particular monitoring software on personal devices in order to access SUNet (the main stated purpose being to ensure that users were running approved anti-malware scanners). I don't know what the current status is.