Follow us on Instagram
Try our daily mini crossword
Play our latest news quiz
Download our new app on iOS/Android!

Preliminary fall 2024 course offerings leaked on Fizz three days early

Over the shoulder angle of a student browsing the Princeton course offerings webpage.
Jean Shin / The Daily Princetonian

For many Princeton students, “course offerings day,” the day when classes for the following semester are posted by the Registrar, can be a day of frenzied excitement. This year, some celebrated three days early when a post from the morning of Monday, March 25 on the social media app Fizz claimed to leak Princeton’s fall 2024 course offerings. Courses are set to be officially released on Thursday, March 28.

“The University makes course listings available through its website and through an API that allows other applications to disseminate this information,” University Spokesperson Jennifer Morrill wrote in a statement to The Daily Princetonian. “It appears the API allowed the data to be accessed a few days before the official release date of Thursday, March 28. The API access issue has been addressed.”

ADVERTISEMENT

Morrill also added that “there is no sensitive or private data accessible through this API.”

Adam Kelch ’24 and Joshua Lau ’26, co-president and developer for TigerApps, respectively, provided some perspective on how such a leak may have occurred in an interview with the ‘Prince.’ TigerApps is a student-run organization that develops and manages applications, including popular course planning apps like TigerSnatch, TigerJunction, and Princeton Courses.

According to Lau, a number of people have access to this API for student applications, whether it’s for student-run programs like TigerJunction or for COS 333: Advanced Programming Techniques, a computer science class in which students can code their own apps. Access to the API can be granted by a professor or via a request to the Office of Information Technology.

When asked for comment, the student who conducted the leak and who wished to remain anonymous said in a comment to the ‘Prince’, “let Compass guide your way.” Compass is a student-made app made for those wishing to “explore courses, read reviews, and manage your four-year course schedule” according to the website’s homepage. The site did not seem to be functional at time of publication.

The student created the data file at 5:56 a.m., and the Fizz post announcing “Fall 2024 course offerings 1.0 leaked” was made shortly afterwards at 6:02 a.m. by an anonymous user. The post was taken down about four hours later, and the file itself was deleted soon after. Another Fizz post, seemingly from a different anonymous user, quickly popped up at 12:30 p.m., preserving the information in a Dropbox folder.

unnamed.jpg

A Fizz post shares the link to the leaked list after the original post was deleted.

ADVERTISEMENT

The file likely contains an incomplete list of courses. None of the listed courses have a primary designation of Asian American Studies (ASA), Center for Human Values (CHV), Czech (CZE), Freshman Seminars (FRS), Global Health and Policy (GHP), History of Science (HOS), Judaic Studies (JDS), Latin American Studies (LAS), Population Studies (POP), or Ukrainian (UKR). For example, Freshman Seminars always have the primary designation FRS, but there are no classes with this designation on the leaked list.

According to an analysis by The ‘Prince’, the leaked list contains 962 unique course listings. This number is significantly lower than the number of courses available last fall, further suggesting the list is missing some courses. “Students are advised to wait until March 28 before searching for Fall 2024 course listings, as they may still change,” Morrill wrote.

“An API is basically a way for computer programs to get data from a separate source,” Lau explained. He added that the University stores course data in two different APIs — one more public-facing API used by the Registrar website, and another API which is used for student applications. In order for the data to be publicly available, the API must have an established endpoint.

What likely happened to allow the data to be leaked, according to Lau, was that “the endpoint for the new courses was available [in the student-facing API] at some point this morning.”

Subscribe
Get the best of ‘the Prince’ delivered straight to your inbox. Subscribe now »

“A lot of the student apps that monitor the API … have a recurring ping to this API to see if a new term of courses is released, and then we parse those. So maybe that’s how it was discovered,” Kelch added.

Annie Rupertus is a head News editor for the ‘Prince.’

Christopher Bao is an assistant News editor for the ‘Prince.’

Head Data editor Andrew Bosworth contributed reporting.

Please send any corrections to corrections[at]dailyprincetonian.com.