An anonymous reader writes: The Motion Picture Association of America last month sent letters to the presidents of 25 major universities, urging them to download and install a "university toolkit" to help identify students who were downloading/sharing movie files. The Washington Post's Security Fix blog reports that any university that installs the software could be placing a virtual wiretap on their networks for the MPAA and the rest of the world to listen in on all of the school's traffic. From the story: "The MPAA also claims that using the tool on a university network presents "no privacy issues — the content of traffic is never examined or displayed." That statement, however, is misleading. Here's why: The toolkit sets up an Apache Web server on the user's machine. It also automatically configures all of the data and graphs gathered about activity on the local network to be displayed on a Web page, complete with ntop-generated graphics showing not only bandwidth usage generated by each user on the network, but also the Internet address of every Web site each user has visited. Unless a school using the tool has firewalls on the borders of its network designed to block unsolicited Internet traffic — and a great many universities do not — that Web server is going to be visible and accessible by anyone with a Web browser.