In the 60s, 70s, and 80s a public service announcement ran on American television right before the nightly news that posed the question, “It’s 11 o’clock. Do you know where your children are?” While that particular PSA hasn’t run for over thirty years, we might want to consider bringing it back, albeit with a modern spin:
“It’s 11 o’clock. Do you know where your personal information is?”
Researchers with the security firm Avast recently released a statement identifying at least 28 third-party Google Chrome and Microsoft Edge extensions for popular platforms including Vimeo, Facebook, Spotify, and even The New York Times as malware because of their covert functions. The alarming Ars Technica headline caught our eye — “Up to 3 million devices infected by malware-laced Chrome and Edge add-ons”.
Think this is a rare or unusual case? It’s not. Twelve months earlier another researcher uncovered that Chrome and Firefox extensions had collected and exposed the browsing history of an estimated four million people.
How does this information affect you and your organization? Consider this: If you require your students or workforce to utilize services or products that require them to install plug-ins or browser extensions, then those individuals are at risk. And according to the researchers at Avast, the risk doesn’t just happen at the point of installation. Instead, plug-ins and extensions can be changed by their developers at any time and those potentially malicious changes pushed onto user devices through updates.
The malicious capabilities are pretty scary, too. They can remotely turn on your video camera and microphone, track every website you go to and for how long, and see what photos and videos you upload or view, not to mention everything you type. How would you feel if you knew that everything you’ve ever done online could be exposed for the whole world to see?
Have your students or workforce expressed concern at being asked to install software to complete an online learning event? With Avast’s research and other similar stories hitting the news, it’s not hard to understand why learners are pushing back against the use of invasive code on their devices for the purposes of monitoring them during a course or exam.
It's not the concept of being monitored that creates unease. Learners are used to being monitored when they take a course or an exam; they understand that it’s in everyone’s best interest to maintain academic integrity during online exams.
Instead, students are concerned that they’re required to give so much potentially dangerous access to an unknown entity. They’ve seen, time and time again, how easily their personal information can be tracked, collected, and used by bad actors.
The good news is that a better option does exist. Protecting learner privacy doesn’t have to mean sacrificing assessment integrity.
From inception, Integrity Advocate has never required end-users to “trust" us with their personal information. Instead, we simply don’t ask them to install anything. We don’t ask for any information that isn’t necessary to verify their identity or ensure that they participate in the event. When the exam, assessment, or certification is complete, the Integrity Advocate application is gone from the user’s cache, leaving nothing behind — including any fears of a data breach. After all, you can’t breach data that is not being stored.
Creating an ethical service and technology based on the concepts of Privacy by Design isn’t easy. That’s why other solutions on the market have chosen a very different route — a choice that too often puts learners at undue risk.
We made the decision to build our technology on a foundation of privacy not because it’s easy — we did it because it’s the right thing to do. Learners deserve a privacy-first proctoring alternative, and so do you. Because no one should ever have to wonder who has their personal information.
If you’re (rightfully) concerned about plugins that may leave you vulnerable, this How-To Geek article contains instructions for finding and uninstalling plugins on the four major browsers.