

No Cheating Allowed - belgerath
http://engineering.khanacademy.org/posts/no-cheating-allowed.htm

======
lordsper
Or you don't do 'security' features client-side, and instead only send the
hint data in response to the user's request for the hint.

Wouldn't that be the 'right' way of doing this?

~~~
Hamcha
Yes, that's the proper way.

It's not even that much of a cheat, really. I'm surprised they decided to make
a full blog post on how they fight such a simple trick (incorrectly, even).

It won't work that much anyway, a simple chrome extension that injects code
can overturn their whole thing.

How far can they fight cheating anyway? I remember making a javascript snippet
in Chrome devtools that would bruteforce all the crypto questions (because
they had predictable patterns, like all sentences involved "Anna" or some
similar name). That seems way harder to fight.. will it deserve another blog
post?

~~~
NickNameNick
Alice, Bob and Eve the Eavesdropper?

------
jasonkester
Strange to see them trying to fix this with technology at all. Cheating is a
social problem.

Universities survive just fine giving out take-home tests and trusting
students not to cheat. Honor codes work, even when there is an actual useful
reason to cheat.

But on a site like Khan Academy, where the end goal is to learn something
useful, all the user is doing is cheating themself out of the thing they
signed up to get. Let them go nuts. If they want to go through a course, but
go out of their way to avoid actually learning anything, that shouldn't cause
the site owner any grief whatsoever.

~~~
mafribe

         Honor codes work
    

As a working university teacher, I have to disagree with this somewhat.
Cheating happens of a massive scale, I'd say at least 1/3 of all coursework I
have graded involved some degree of cheating, and I've seen cases where
clearly everybody in the course had copied from one person (who had an
ingenious but false solution). Whenever I discuss this with former students,
they think 1/3 is too low. When I give out coursework, it shows on sites like
rent-acoder.com. One meets people who make a living out of writing
dissertations for rich students.

The universities accept this tacitly for two reasons.

1\. They need the income from the students. If they'd fire every student
caught cheating, they'd go bankrupt pretty quickly.

2\. It's an extreme amount of administrative work for the professors to deal
with. In my experience, I need to invest a day's worth of work per cheating
student, all things considered. I _really_ have better things to do in life.

To put it pithily: the students pretend not to cheat, and the universities
pretend not to notice.

This is nothing new, students have been cheating since time immemorial, the
world keeps on spinning ... there are lot's of stories about cheating in what
may be the oldest exam system in the world, the Chinese Imperial examination.
(As an aside, if you want an alround fascinating story that involves the
Imperial examination, check out the history of the "Taiping Rebellion".)

~~~
eep_opp
I agree with you. Cheating was and probably still is very huge on my campus.
Honor systems don't work and many of my professors didn't care.

Very few people talk about what it feels like not to cheat and why students do
it. So here goes:

I made it through college without cheating. My university actually managed to
scare me from doing so with freshmen orientation. I focused on studying and
making sure I took advantage of walk-in hours and student teachers. For a
while I thought everyone was doing this. Then, as weeks passed in each
semester the students got more and more brazen. During my years of school I
was outright asked to share my test (sometimes during a test), I was offered
payment and I was made to feel ostracized when I didn’t “help”. It sucked.

The worst part came when I would meet other honors students and find out how
they got their high scores. I was surprised at how many of them cheated, to
what degree they would cheat and how little they knew about their course work.
This is when I found that there was no incentive not to cheat. Honors students
got scholarships and were often given some very good internship opportunities.

Why would anyone not cheat? No one cares if you do. You’ll have an easier
time. It doesn’t hurt your career. It also does wonders for your social life.
My final two years I pretended to have low scores on tests so as not to be
asked to help cheat. I kept my grades a secret and would often not look at
graded papers in class. I stopped talking about any of my classes with anyone
that was in my major.

~~~
manyxcxi
I technically cheated a lot in college and HS, but not in my weak subjects. It
was an economy of time. Person A would do some parts of the assignments and I
would do other parts. Combine the work and you've got twice as much done with
3/4 of the effort (I would still spend a little time deriving the work instead
of wholesale copying). By the rules, I should've been thrown out of most of my
courses (except CS and EE where I loved the work too much to let someone else
take it from me) but I wound up with marks that put me at the top of the
class. I learned enough doing just enough of the assignments to show up and
get good marks on the tests without cheating.

I honestly don't think what I did should've been considered cheating, and I
would do it that way again today- in fact, don't our jobs work just about the
same way? But I'm all in favor of strict rules around cheating on testing or
final projects. Those are where you demonstrate what you personally have
learned, I don't think it should matter how you got to that knowledge, but you
should have it.

------
jackweirdy
This solution seems to overlook the fact that once you've served something,
you lose control of it. If the hint's been served, there's probably another
way to find it - even just watching the bytes come over the wire.

I may be missing the point - but why not serve up the hint on a separate
request? That way if you're offline, you don't get the hint, and if you're
online, they can log that you requested it on the server side.

~~~
moey
I think you ARE missing the point. Watching the bytes come over the wire isn't
something that they are trying to protect. Just easy cheating in the
classroom. They probably received some complains from teachers.

They wanted to keep it working offline, and hints should still be available
for students in areas with spotty internet.

It's not Khan Academy responsibility to ensure students don't cheat after all.
I mean for all they know the students could have other browsers/computers
open.

~~~
arcatek
The post title is a bit misleading, then. The way I see it, it's more like a
bug they fixed (since people could legitimately lose their connection and have
their hint count wrong) rather than a real no-cheat policy.

------
BlackBerryPi
Probably a dumb question but why not just let people cheat? I'm pretty sure we
all heard in grade school that "cheating only harms yourself." Those who
actually want to learn the material will stick it out and do the work.

~~~
DanBC
KA is used by schools. Some of those schools want to prevent cheating. They'll
have honour codes, but they'll also want to use technical means.

KA implementing these technical means makes the product more useful to those
schools.

------
kristofferR
It's kinda funny that this blog post, essentially describing how to cheat on
Khan Academy, soon is going to be one of the top results on Google when
students search for "Khan Academy cheat".

------
RobinUS2
Wouldn't it be an option to basically chain the "events" in the local storage
queue with crytographic hashes (kind a like a block chain). You can then
fairly easily verify modifications somewhere in the list of events.

It wouldn't make it entirely impossible, but much more complicated.

~~~
cjg
No, because if you have the ability to create the hash on the machine then you
have the ability to create a hash for a manipulated version.

The blockchain gets round this with consensus.

~~~
Asbostos
A hacker does yes, but can a kid recreate the hash quickly without the teacher
noticing? If some script appear on the net to automate that, Khan academy
could react by changing their hash frequently.

~~~
douche
I think you give the teachers far too much credit.

------
zackify
Deleting your localstorage is way too easy to do. I feel like this isn't much
of a solution at all

~~~
epaga
Especially because it doesn't have to be visually obvious like they suggest.
It could be a bookmarklet.

~~~
reustle
I'd love to see one created, just to light a fire under khan academy so they
fix it properly. If going offline is so uncommon in their eyes, why not store
the hint on the server?

------
z3t4
I'm a professional and I search the web, look in books, and ask other people
... I also learn new stuff every day by doing so. It's pretty stupid that it's
considering cheating in school.

Do you want schools to turn our kids into encyclopedias!? I think it's more
important that we learn them to share, work together, communicate, find
information (source criticism), explore and learn new stuff.

~~~
Asbostos
The problem they were having wasn't Googling for the answer, it was pressing
the "Hint" button right next to the question. That doesn't require any of the
skills you mentioned, so it's probably not very helpful for assessment. It may
well be helpful to teach the concept though, which is probably why it's there
in the first place.

------
emerongi
The problem is that localStorage never gets cleared on its own. So you could
have a situation where a hint persists from the last user using the computer
(or last session in general), effectively sabotaging the current user's
answer(s). An edge case, but possible. SessionStorage would be more suited
here.

~~~
jand
To my understanding they do not store the hints. They maintain a request log
to enable retransmission of requests made during a offline period.

So the hint-thing should not be a thing. On the other hand: The request log
requires a user identification method as part of the requests to avoid
crediting a "hint-taken" request to the next user in your scenario.

------
BasDirks
Perhaps this blog post is a decoy, and they implemented a better prevention
mechanism. I don't feel like "giving away" this possibility harms their
efforts, as it will only make those intent on cheating more paranoid. >:]

------
est
Some other online testing websites try detect cheating by using `onblur`. As
soon as your browser lose focus, you are considered cheating.

It's quite effective in its regard, unless you search for answer with a phone
or something.

~~~
vultour
Or you accidentaly hit the Windows button. Or Windows updates pops up. Or any
other of the million things like these...

------
stonewhite
I thought offline data sync was a solved problem even at the levels of
PouchDB. I don't see how this post was of any concern.

------
danielsamuels
What happens if you reconnect and submit the answer before the hint request
goes? Seems like a classic race condition.

------
jlebrech
one could create a bookmarklet that actively deletes the 'hints'

