
EFF Says Google Chromebooks Are Still Spying on Students - vezycash
http://news.softpedia.com/news/eff-says-google-chromebooks-are-still-spying-on-students-515015.shtml
======
andreareina
Direct link to EFF report: [https://www.eff.org/wp/school-issued-devices-and-
student-pri...](https://www.eff.org/wp/school-issued-devices-and-student-
privacy)

~~~
joatmon-snoo
Thanks - this is way more informative than the article.

Google certainly should be doing more to combat this issue, but the crux of
this issue seems to be that there are a lot of intermediaries and consumers
(teachers and schools) in the ed-tech industry with a very clear obligation to
do more about this but aren't.

~~~
csydas
Well hold on a minute. Part of the problem here was that when Google Apps for
Education (GAFE) was introduced, privacy and security were touted as huge
selling points. For years IT administrators in Education were told that GAFE
was different, GAFE was a service for schools, it respected FERPA guidelines,
it was isolated from the rest of Google's ad services.

But years afterwards, once everyone had migrated over, integrated everything
with Google, then they it broke that Google had lied. And it's not like people
sat on their hands either - there was a lot of anger and many complaints. But
that only goes so far when you have an Education IT budget - migrations take a
lot of tim and a lot of effort, and a lot of money.

The schools got conned hard, and it's not something you can just decide to
switch on a dime either. Some Ed-Tech folk certainly carry the blame for
evangelizing for Google, but the Education IT Administrators need to be given
a break here when everything led them to believe Google's advertising.

~~~
Clownshoesms
You're expecting me to believe a company that relies on soaking up personal
data, and tried to pull the "We will do no evil", is stiĺl at it? Say it ain't
so.

~~~
csydas
Well, yes. We expect that when a company presents a legal contract promising
not to do something and that service X doesn't do action Y that it's truthful.
If they want to enter into it to intentionally violate said contract, it just
seems absolutely bizarre that they'd even present a contract in the first
place.

I get the feeling that this wasn't some insidious conspiracy from Google to
get us hooked on GAFE so much as internal forces at Google not talking to one
another and data-collection ultimately winning out. I find that the more
complicated explanation is Google decided to do this despite the risk of
fighting fines and additional regulations from the government as well as
potentially thousands of institutions, and potentially tens of thousands of
individuals led to believe the terms and conditions of the contract were
different than what Google presented, as opposed to Google made GAFE and
presented it at face value, and other forces within Google decided to go ahead
with the data collection anyways. Right hand not knowing what the left is
doing just seems more plausible and reasonable.

I don't know either way, and cynicism can be healthy, but this just feels like
cynicism for the sake of cynicism. Yes, Google is a data blackhole, and it's
an unscrupulous company, but this would just be absolute incompetency on their
part. I'm not denying the possibility, but that's a big pill to swallow.

------
burner47
I remember being part of a School District who was GAFE for 5 years before
Google rolled out its "Google Vault" feature. You enable it to give yourself
access to email/google docs ediscovery for FOI requests.

Creepy thing is, when we turned it on we could see deleted emails including
spam, everything imaginable that had been sent, received, or created for the
entire previous years we had been a GAFE School. Before Google Vault even
existed. We don't have control over the collected data, these companies just
give us the illusion of it by letting us disable our own access to it.

Don't want Google now notification for in store deals on your android phone?
Ok, you can disable it...but Google is still tracking what stores you go to
when and where.

A big thing I've seen that keeps schools in GAFE is affordability and ease of
management. IT department workloads plummet, so no arguments from them. Also
imagine the nightmare of trying to export all of your google docs to another
platform somehow.

I don't like it and it isn't right, but before this can change I think we'll
need good open cloud alternatives with easy migration paths. As far as
chromebook hardware is concerned, we'll need another viable cheap alternative
that respects privacy.

~~~
jstanley
CopperheadOS is a mobile OS based on Android (AOSP, specifically) which
doesn't ship any closed-source code and takes your security and privacy
seriously.

I'm nothing to do with the project, I just like it.

[https://copperhead.co/android/](https://copperhead.co/android/)

------
open-source-ux
The privacy implications of using ChromeOS has always been horrible. You
cannot use this OS to its fullest extent without signing in. And once you are
signed in, it tracks everything you do online. Even printing to your desktop
printer routes the print request through the cloud first (where its recorded
by Google) and then back down to your computer. (Google doesn't look at your
documents when you print but they still know when you print and how often.
They also record the print job title, which can reveal a lot about what you're
printing, and the printer you have.[1])

Imagine if every time you saved a document in Microsoft Word or Apple Pages, a
record of when you saved, and how much time you spent in the app was saved by
Microsoft or Apple. Now imagine every app you run in the OS tracks your
activity to some degree, and every website is tracked too. Imagine this wasn't
anonymous either because you'd signed into the OS and your account has your
name, your gender, your location, your date-of-birth and even your mobile
phone number. In other words, some of your most private and personal details
tied to your activity in the OS.

No, this isn't a dystopian episode of Black Mirror, but real life. It's called
ChromeOS and it's spread like wildfire in US schools. It should _never_ have
gained a foothold in Education without stronger privacy assurances and a
guarantee of no tracking of students (who don't even have any choice in the
matter).

I'm just utterly baffled by the response of the tech community toward Google
on the issue of privacy and data collection. There is a strong double
standard.

Microsoft and Facebook are, quite rightly, criticised and scrutinised over the
amount and the degree of tracking they undertake. Meanwhile, Google, who
capture unimaginably huge amounts of data on users, escapes any scrutiny.

Assurances that the data is "anonymised" or aggregated are not enough. The
sheer scale of the data collected, even in aggregated form, lets these
companies interrogate the data in ways we simply can't imagine.

I don't blame ordinary users for not fully understanding the privacy
implications and the myriad and insidious ways they are tracked. But what
excuse does the tech community have for giving Google a free pass on privacy
and online tracking?

[1]
[https://support.google.com/cloudprint/answer/2541843?hl=en&r...](https://support.google.com/cloudprint/answer/2541843?hl=en&ref_topic=4456298)

~~~
blub
This is typical modus operandi for Google. Ad company promises not to do its
dirty analytics on students/health data/government data to get the contract,
then it turns out they don't give a crap and do it anyway. Solution: don't use
Google for anything, especially don't hand them contracts to handle data for
large groups of people.

"Imagine if every time you saved a document in Microsoft Word or Apple Pages,
a record of when you saved, and how much time you spent in the app was saved
by Microsoft or Apple. Now imagine every app you run in the OS tracks your
activity to some degree, and every website is tracked too."

You've just described Windows 10 telemetry. This is how low the privacy
standards are for the US software giants.

------
pryelluw
I used to work in edtech and spying on students was seen as "normal". Schools
are the main source of feature requests that allow them to see everything a
student is doing or has done. Worse is most SIS are very insecure and full of
sql injection issues. Not to mention that they use FTP and not SFTP to
transfer data.

On top of the chromebook Google has the classroom project which also pulls all
roster data from a school and stores it on their servers...

------
mark_l_watson
While I think that using Chromebooks in schools can make sense in many cases,
I find it pretty bad that Google accounts are permanently tied to real
identities of young kids. Schools should assign account names that are easy to
remember but in no way use real names.

