this post was submitted on 08 Sep 2024
95 points (100.0% liked)

Technology

37599 readers
370 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
coldredlight@beehaw.org
Los@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
remington@beehaw.org
95
U.S. School Monitoring Software Sacrifices Student Privacy for Unproven Promises of Safety, Digital Rights Says (www.eff.org)
submitted 1 week ago by tardigrada@beehaw.org to c/technology@beehaw.org
24 comments fedilink hide all child comments
 

Imagine your search terms, key-strokes, private chats and photographs are being monitored every time they are sent. Millions of students across the U.S. don’t have to imagine this deep surveillance of their most private communications: it’s a reality that comes with their school districts’ decision to install AI-powered monitoring software such as Gaggle and GoGuardian on students’ school-issued machines and accounts.

"As we demonstrated with our own Red Flag Machine, however, this software flags and blocks websites for spurious reasons and often disproportionately targets disadvantaged, minority and LGBTQ youth," the Electronic Software Foundation (EFF) says.

The companies making the software claim it’s all done for the sake of student safety: preventing self-harm, suicide, violence, and drug and alcohol abuse. While a noble goal, given that suicide is the second highest cause of death among American youth 10-14 years old, no comprehensive or independent studies have shown an increase in student safety linked to the usage of this software. Quite to the contrary: a recent comprehensive RAND research study shows that such AI monitoring software may cause more harm than good.

you are viewing a single comment's thread
view the rest of the comments
[–] PotentiallyApricots@beehaw.org 7 points 1 week ago (1 children)

Yeah, I just fundamentally don't think companies or workplaces or schools have the right to so much information about someone. But I can understand that we just see it differently.

[–] TexMexBazooka@lemm.ee 1 points 1 week ago (2 children)

I agree on that point, nobody has the right to any information about me except for exactly what I choose for them to know. Speaking from an IT professional standpoint, if I deploy a device, I absolutely have the right to know anything that happens on that device. You have to from a security perspective.

That’s why I don’t use any social media on my work laptop. Ideally that’s why social media is blocked on work machines so it’s a non-issue. Kids should understand that concept early, you do have a right to privacy but you also don’t control that device.

[–] PotentiallyApricots@beehaw.org 7 points 1 week ago

I feel you're coming at this from an abstract angle more than how these things actually play out in practice. This isn't reliable software, it isn't proven to work, and the social and economic realities of the students and families and districts have to be taken into account. The article does a better job explaining that. There are documented harms here. You, an adult, might have a good understanding of how to use a monitored device in a way that keeps you safe from some of the potential harms, but this software is predatory and markets itself deceptively. It's very different than what I think you are describing.

[–] t3rmit3@beehaw.org 4 points 1 week ago* (last edited 1 week ago)

Speaking as an infosec professional, security monitoring software should be targeted at threats, not at the user. We want to know the state of the laptop as it relates to the safety of the data on that machine. We don't, and in healthy workplaces can't, determine what an employee is doing that does not behaviorally conform to a threat.

Yes, if a user repeatedly gets virus detections around 9pm, we can infer what's going on, but we aren't tracking their websites visited, because the AUP is structured around impacts/outcomes, not actions alone.

As an example, we don't care if you run a python exploit, we care if you run it against a machine you do not have authorization to (i.e. violating CFAA). So we don't scan your files against exploitdb, we watch for unusual network traffic that conforms to known exploits, and capture that request information.

So if you try to pentest pornhub, we'll know. But if you just visit it in Firefox, we won't.

We're not prison guards, like these schools apparently think they are, we're town guards.