[HN Gopher] Tell HN: My kid's school installed spyware and I can...
___________________________________________________________________
Tell HN: My kid's school installed spyware and I can't remove it
My middle schooler goes to Chicago Public Schools. They use Google
Classroom for assignments and other communications. I bought him a
Chromebook for schoolwork, but also for other private things. When
we logged in, the system installed GoGuardian monitoring software
on the Chromebook without notice or permission. And now I can't
remove it. I wrote to GoGuardian support, and they replied that I
had to contact the school or remove my son as a user. The
instructions for removing him as a user do not work; on the
contrary, I see the message "cps.edu manages this user and may
remotely manage settings and monitor user activity" and he can't be
removed. I did a full factory reset, signed in to his account
again, and now the system is once again locked down. So now I'm in
the position where I have to ask permission from a local government
entity to please let me install stuff and don't monitor the
computer I bought and paid for. Does anyone know how to refer
these people to law enforcement for prosecution?
Author : ccleve
Score : 133 points
Date : 2022-04-04 20:32 UTC (2 hours ago)
| wanderer_ wrote:
| I would do the factory reset again and then not use that account
| anymore. If you want, you can create a new local-only account and
| then (this is the important part) sign in to the school Google
| Classroom _on another browser_. Install Firefox, Brave,
| something, and use it for the school account rather than Chrome.
| Chrome allows extensions installed to it to run in the background
| and manage the system, but another browser cannot.
| ananonymoususer wrote:
| Good suggestion. If the school is requiring your child to have
| the chromebook, then they should pay for the thing. They don't
| have the right to infect any device that your child happens to
| log in with. So factory reset, don't log in. Then when the
| school complains that the child is not completing the
| assignments, tell them that he/she cannot do them unless the
| school issues a school-owned device.
|
| A better move would be to get your child out of Chicago public
| schools altogether.
| josephcsible wrote:
| > create a new local-only account
|
| I thought you couldn't do that on a Chromebook.
| dragonwriter wrote:
| > Does anyone know how to refer these people to law enforcement
| for prosecution?
|
| You can simply look up the phone number for any law enforcement
| agency you want and call them. None of them are likely to do
| anything, however; even if there was a crime involved, they have
| no obligation to pursue anything, and it's almost certainly not
| something that is on anyone 8nnlaw enforcement's list of
| priorities.
|
| What you probably want to do is contact a lawyer and see if you
| have any civil law remedies.
|
| Even if they are things you will eventually pursue in small
| claims court, you absolutely can get advice from a lawyer on
| causes of action and what you need to do, but in general forcing
| a behavioral change--equitable remedies--are not available in
| small claims (which mostly just allows limited monetary recovery)
| and you'd need a lawsuit in a "full" trial court to force that
| (or, of course, a settlement agreement.)
| steffanA wrote:
| Prosecute for what, though? It's very common for school
| accounts to take over a chromebook until you remove their
| profile/perform factory reset.
|
| This sounds more like a Google issue for allowing this behavior
| in the first place.
| nicce wrote:
| It is not actually specific behavior to Google (while Android
| in general has the same property). History has seen many
| cases, even my old Nokia Lumia phone many years ago has
| similar properties when I logged in the organisational email
| and that granted them remote wipe and access rights. Also
| iPhones have "organizational control", which can be set by
| certain configuration profiles, to track users.
|
| Companies have had demand for these kind features and now
| they are there.
| dragonwriter wrote:
| > Prosecute for what, though?
|
| Both what and who are good questions, which is why I say:
| "What you probably want to do is contact a lawyer and see if
| you have any civil law remedies."
|
| It's plausible that something in the combination of Google
| and school district practices violates some law of some
| applicable jurisdiction, but it's not obvious to me what law
| would be impacted.
| sumthinprofound wrote:
| What paperwork did you sign, and what did you agree to wrt
| computer policies? I'd start there.
| andrewmutz wrote:
| I think if you log in with any other google account, you won't
| have the GoGuardian stuff running.
|
| So I would recommend setting up a personal account for your child
| and telling them to log in to that whenever they want to work on
| something unrelated to school (or just want privacy)
| lappa wrote:
| You might consider small claims court for the value of the
| laptop. Whether you would win depends on the context which you've
| mostly left out.
| jeffal wrote:
| Good lord, just call the CPS IT helpdesk. Problem solved.
| ccleve wrote:
| Didn't know they existed. Just called them. They said "no, it
| cannot be removed".
|
| They suggested signing in with a different account, but when I
| do that, I get the error message "This account is not allowed
| to sign in within this network."
| hunter2_ wrote:
| Do you get that error if you try using a different account
| (non-MDM, for example a personal Gmail account) after a
| factory reset, never using* the MDM account post-reset?
|
| * Feel free to use it in a third party browser such as
| Firefox or Brave, as another commenter suggested. Just don't
| use it for an OS login.
| [deleted]
| donohoe wrote:
| Have you tried to see if the Small Claims Court would work?
|
| https://ag.state.il.us/consumers/smlclaims.html
|
| Get the cost of the Chromebook, some money for your time, and
| then donate the Chromebook to the school since its deadweight at
| this point.
|
| My guess is that no one from Dept. of ed will show up and you'll
| get a summary judgment.
| mhb wrote:
| Unless someone from HN is mediating, it seems pretty unlikely
| that there will be an award for the value of the computer in
| small claims court.
| steffanA wrote:
| The Chromebook isn't ruined. Just do a factory reset and do not
| log into the school account.
|
| I know it doesn't help the op's kids who needs the CB for
| school, but there is nothing being done that a factory reset
| can't fix.
| MrWiffles wrote:
| Good idea; IMO, probably the only way the OP is likely to get
| any "justice" (if you can call it that) here...
| wmf wrote:
| What happens if you have two accounts on the Chromebook?
|
| Ultimately spyware has to be unremovable to do its job so you're
| not going to get anywhere by contacting anyone. You have to
| decide to use the account or not.
| turtlebits wrote:
| Powerwash/factory reset it and don't sign into the school
| account. Ask for the school to provide a device.
| colinmhayes wrote:
| Yea I graduated from Chicago Public Schools and they gave out
| chromebooks starting in 8th grade. I think that was the first
| generation of them so maybe CPS get some deal, but through high
| school the chromebook system only seemed to expand. I imagine
| it's possible for OP to get one from school.
| tragictrash wrote:
| I think it's now a managed device and that won't help.
|
| If he power washes it, I believe it's still locked down to the
| school, I could be wrong thought.
| fn-mote wrote:
| There's a separate provisioning process for the "very locked"
| state you're talking about, not just signing in on the
| device.
| steffanA wrote:
| Factory reset and not logging into the account again, should
| fix the issue.
| throwaway413 wrote:
| Nothing gets "installed" in the traditional sense on a
| chromebook.
|
| When you login to the chromebook, you can log in with any Google
| credentials. The credentials the school gave your son are managed
| by them. If you log into that account, it configured the user
| session per the management of the account, so this will start a
| "managed" session for that managed user.
|
| If you use a personal Google account, none of that should happen.
| It's not a managed account, it's a normal one, and there shouldnt
| be any additional provisioning.
|
| You should be able to switch between them and use both
| independently.
|
| However, if you are saying that is what you are doing, and the
| spyware isn't respecting the config between users, then that is
| definitely a problem.
| secabeen wrote:
| This. My kids have chromebooks, and they have two accounts
| active on their devices, on at their .k12 for school stuff, and
| one for their gmail that is open.
| dddnzzz334 wrote:
| Easy, wipe the system and install Linux on it.
| wanderer_ wrote:
| Another little push in the right direction: you'll have to go
| into developer mode to expose the shell and flip the write-
| protect bit.
| jiffygist wrote:
| Could it possibly be impossible to enter developer mode?
|
| If so, could it be possible to somehow flip the write protect
| bit "by hand"?
| sp332 wrote:
| Some Chromebooks do have a physical switch, like in the
| battery compartment. I don't know of any Chromebooks where
| it's actually impossible to enter developer mode.
| livueta wrote:
| Every Chromebook model I've ever had has had a physical
| switch or screw that can be removed/toggled somewhere on
| the motherboard to unset the write-protect bit.
|
| e.g. https://joshuawoehlke.com/wp-
| content/uploads/2018/07/dell-31...
| wanderer_ wrote:
| Oops, I had forgotten about that. I was doing a bit of
| ...research a while back to apply to my own school
| machine.
| throwawybllion wrote:
| Probably need to log into the school account on chromeos
|
| So run another chromeos in a VM and just shut it down to switch
| to personal
| summm wrote:
| Why did you buy a device that's patronizing you in the first
| place? You bought a device that is even advertised as not being
| fully under your control, then it turns out it's actually not
| under your control. Meh. Put Linux on it and next time buy an
| normal PC.
| MrWiffles wrote:
| Way to blame the victim. Obviously he didn't know this would
| happen when he bought the device.
| vinceguidry wrote:
| You are completely failing to grasp the level of tyranny here.
| Schools these days often will not accept non-Chromebook
| devices.
| dhzhzjsbevs wrote:
| Probably shouldn't go round accusing Linux users of "failing
| to grasp the level of tyranny" when it comes to people
| forcing the use of Apple, Google or Microsoft operating
| systems.
| savant_penguin wrote:
| I'm curious on how they enforce that
| kube-system wrote:
| Presumably, the same way they enforce any other supply
| requirements.
| Schroedingersat wrote:
| And the root of the tyranny is devices you 'buy' without
| owning. Something the parent commentor has probably been
| trying to warn everyone about since it was first pushed in
| the 90s like most other long term linux users.
|
| 'trusted' computing is tyranniclal, petty managers and school
| boards exploiting it is its intended use case
| b20000 wrote:
| how can they enforce that as a public school?
| monkeybutton wrote:
| Same way they dictate which graphing calculator you buy?
| duxup wrote:
| > I did a full factory reset, signed in to his account again, and
| now the system is once again locked down.
|
| That's by design though isn't it? You logged in with a managed
| account and the policy was applied again?
|
| The account is his school account right?
|
| That's pretty much how Chrome OS works.
|
| This might just be a good lesson that you want to maintain device
| / role boundaries.
| trasz wrote:
| A gaping security hole is fine if it's been introduced on
| purpose?
| duxup wrote:
| > A gaping security hole
|
| What is that?
| trasz wrote:
| "the system installed GoGuardian monitoring software on the
| Chromebook without notice or permission."
| duxup wrote:
| When I logged in with my son's school account on chrome
| OS it had some notifications about who owns the account
| and so on.
|
| I don't think it is as much a mystery as implied.
|
| In the end there's no getting around that mixing device
| uses like this doesn't work. It works less and less as
| the history of computers goes on.
| xg15 wrote:
| Can the managed account actually access files from the
| unmanaged account or control which processes are active
| while the unmanaged account runs?
|
| Because, if yes, this absolutely does sound like a
| security hole:
|
| 1) Set up an organisation and add a managed account. Set
| up policies that install a backdoor on first login.
|
| 2) Get hold of victim's Chromebook.
|
| 3) Log into the Chromebook using the account from (1)
|
| 4) Chromebook will execute the policies and run the
| backdoor.
|
| 5) Use the backdoor to snoop victim's files.
|
| You've successfully gained access to the victim's files
| without knowing their password. Profit!
| micromacrofoot wrote:
| It's tied directly to the remotely managed account,
| that's how the account works. If you don't sign into the
| account, the software won't be installed.
|
| Students don't get to decide what software to install
| when it comes to logging in to school accounts. Generally
| the laptops are provided by the district, but it seems OP
| was trying to add another personal device to their
| system.
|
| You can't participate in their system without the
| software. So I guess the alternative would be to block
| personal devices from logging in like this at all.
| MereInterest wrote:
| > That's pretty much how Chrome OS works.
|
| And that's the problem. Signing onto a _remote_ account is a
| request to access a remote resource, and should not be
| interpreted as granted the remote actor control over _local_
| resources. That Chrome OS works this way implies that Chrome OS
| is fundamentally flawed.
| duxup wrote:
| Maybe there should be more of a notice, but when I tried it
| with my son's account I got some notifications.
|
| Having said all that the default will be for most school
| accounts... all or nothing. Don't allow them to manage it and
| you won't get in.
| awinter-py wrote:
| woof also goguardian has a prediction model for the 'active
| planning' phase of suicide which monitors all text + web activity
|
| https://www.goguardian.com/admin
|
| good in theory I guess, but 1) is it EBM and 2) not sure this
| plays well post CTL / loris snafu
|
| their privacy policy is nonsense
| https://www.goguardian.com/privacy-information, they don't sell
| 'private student information' but this is shrunk to be just PII.
| no details about non-PII categories of data
| js2 wrote:
| It seems like you should be able to sign out of the CPS managed
| account, then use "Add Person" to add a non-CPS managed account:
|
| https://docs.google.com/document/d/1r7xOL4U9lL0qyqMIVl4eH2EM...
|
| https://support.google.com/chromebook/answer/1059242?hl=en&r...
|
| For school work, login to the CPS-managed account. Otherwise
| login to the personal account.
| [deleted]
| mperham wrote:
| I believe the OP is concerned the Chromebook is rooted by the
| spy software and therefore using another account doesn't solve
| that issue.
| dervjd wrote:
| Why did you buy him the Chromebook versus the district?
| ccleve wrote:
| District chromebooks are for in-school use only. You can't take
| them home. This is for homework.
| colinmhayes wrote:
| Chicago Public Schools gave me a chromebook to do homework
| on. It was a piece of trash computer that they probably got
| for free, but I could certainly take it home and use google
| suite for homework.
| throwawayboise wrote:
| Yes. The district should supply the Chromebook for school work.
| They will manage that as they see fit. If he wants to do other
| stuff with a Chromebook, he should have a separate Chromebook
| and separate Google account. Ultimately that's easier and safer
| than constantly logging in and out of two different accounts on
| one machine anyway.
| don-code wrote:
| I am not a parent, but this seems like a good practice to get
| a child in the habit of, anyway: separating out your devices
| for work and school. Much like I wouldn't log into personal
| Slack groups on my work laptop (I learned that lesson!), I
| wouldn't try to conduct personal work on a school laptop.
| eitally wrote:
| In my case, we bought our kids better ones than the district
| offered, which are the lowest educational spec machines
| available. It was only after we bought it - during covid
| school-from-home last year - that we learned our district also
| forbids any non-district-issued computer from connecting to
| school wifi, so we ended up with one of the crappy machines
| anyway. On the plus side, no effect on our personal chromebook,
| but on the negative side, my kids are restricted to using the
| crappy school computers for school work.
| [deleted]
| [deleted]
| anamax wrote:
| If it's not too late, return it to where you got it.
|
| Then tell the school district that they have to pay for computers
| that they control.
|
| > Does anyone know how to refer these people to law enforcement
| for prosecution?
|
| You call the police. However, don't expect them to do anything
| and you won't be disappointed when they don't.
|
| You can then call the city/county DA and get the same treatment.
| The state's attorney will do the same thing.
| emerged wrote:
| ..and if those offices doing nothing to help you isn't enough,
| there are plenty of other government agencies/services which
| will also do nothing for you
|
| you can also try contacting Google, who will bend over
| backwards to make sure not to do anything for you.
| AnimalMuppet wrote:
| You're not going to get prosecution. You might get somewhere with
| a civil suit, though. (For that, talk to an actual lawyer, not
| random commenters on HN.)
|
| You also might get somewhere talking to the press. Be careful on
| this route, though, because it might get you sued by the school
| district...
| splch wrote:
| You could always install a different OS on your son's Chromebook
| since it would still have access to all of the school's software
| (through Chrome) and more. I'd recommend GalliumOS
| (https://galliumos.org/) since the drivers support audio and
| keyboard shortcuts better.
| b20000 wrote:
| wipe the chromebook and return it and get him a normal laptop and
| put linux on it
| monkeybutton wrote:
| This is the correct answer.
| awinter-py wrote:
| related support ticket from someone trying to log into device w/
| work account without inheriting workplace MDM policy
|
| https://support.google.com/chromebook/thread/117916330/how-t...
|
| > Even if the Chromebook is your private device and your owner
| account is your private @gmail.com account, once you sign in with
| a managed account, even using a separate profile, the managed
| account polices become active.
|
| > This is NOT a bug. It's required to maintain security of the
| managed environment. Whenever the managed account is active,
| ChromeOS management and the policies set by your administrators
| pwn the entire machine.
|
| > Google promises bulletproof security to customers who license
| Chrome OS management, and having any instance of an active non-
| managed account available when a managed account and its
| resources are active is a potential security hole.
|
| not a chrome-os user -- I imagine you can access the G acct via a
| browser without signing in the whole OS? if 'signing into gmail
| signs in the OS', maybe can do it via crostini linux
|
| re law: illinois is the state that has the biometric privacy law
| iirc? you may be able to do a civil suit via that, if the device
| is sharing face images _and_ you really didn 't consent _and_ you
| can prove it and the law was written with your situation and mind
| and CPS hasn 't indemnified big G. my guess is you'd have to pay
| a few $k to a lawyer to evaluate the case and then many more $k
| on the suit, plus you probably have a TOS problem.
| fn-mote wrote:
| The ending of that post (trimmed above) is also important:
|
| > So you can boot into your personal account and do your
| personal business and then reboot into your business acount and
| do your business' business, but never the twain shall meet.
| xg15 wrote:
| Not a chomeOS user, so maybe I'm not familiar with the
| terminology, but what is the difference between "log into" an
| account and "boot into" one?
|
| Are there different ways how you can add multiple accounts to
| a Chromebook and the OP just used the wrong one?
| Ancapistani wrote:
| Hmm.
|
| I'm not super familiar with ChromeOS's MDM stuff... but I
| wonder what would happen if someone were to log in to two
| separate managed accounts, for two separate organizations, with
| conflicting requirements?
| steffanA wrote:
| If you login with a different profile, is the GoGuardian software
| still running? Or is it only running on the managed school
| account?
| yeetsfromhellL2 wrote:
| As a longtime armchair attorney who has closely read summaries of
| cases like this on Slashdot for well over the past decade (IANAL,
| BTW)...you could go the lawyer route but this basically amounts
| to your kid being a minor in school which means they don't have
| full legal rights, and the interpretation of 4A is likely up in
| the air here anyway. Constitutional rights don't necessarily
| apply at school or anywhere near school (see bongrips4jesus
| case), your kid is a minor anyway (another special case), and a
| school doing this for the sake of "preventing cheating" may not
| fall under the umbrella of _unreasonable_ search.
|
| There was a PA school district back around 2009 that issued
| laptops to students preloaded with spyware that let school staff
| watch students through the webcam, while _the students were at
| home and not doing schoolwork_. Neither the students or parents
| were informed of this. IIRC the FBI got involved but nobody
| actually got in any real trouble, I 'm not even sure they were
| fired.
|
| I wish things weren't this way. You could maybe use Wireshark and
| black hole anything the spyware tries to connect to at the
| router, or maybe add the addresses to the hosts file on the
| machine itself (not sure if ChromeOS lets you do this).
| kaladin-jasnah wrote:
| Nit: I think it's "Bong Hits 4 Jesus."
| yeetsfromhellL2 wrote:
| Thank you, this one still makes me lose my damn mind.
| salawat wrote:
| Actually....
|
| It's the poster's Chromebook. They has revoked authorization
| for the school to deploy $software on their machine.
|
| Next step is the public school supplying a spyware'd laptop and
| NOT imstalling spyware on said parent's chromebook, but also
| said private chromebook _not_ being used for school stuff.
|
| If you want the district to not install spyware... Well... Lets
| just say, the poster is probably pissing in the wind in my
| experience.
| filesystem wrote:
| On the flip side of that "minors have no rights" coin you're
| holding up is the fact that laptop is the parent's property
| since they bought the laptop for the child to use. They did a
| factory reset and the problem software still remains. What if
| the parent did a factory reset to use the laptop for
| themselves? There is no reason for the spyware to remain in
| that case. It needs to be removable.
| detaro wrote:
| They did a factory reset and reconnected the Chromebook to
| the school account, which configures the device according to
| the schools requirements. If they wanted to use it
| themselves, they would reset it, do not connect the school
| account and all is well. GPs argument seems to support that
| the school doesn't have to allow to use a school account
| without the device being put under the schools control.
|
| (at least as I understand it. if the MDM enrollment is
| actually tied to the device somehow, then they could
| reasonably demand it to be released if they planned to use it
| themselves)
| MereInterest wrote:
| That doesn't really make sense to me. User accounts,
| whether managed remotely or locally, should be subordinate
| to administrator accounts. That administrator-level
| privileges are insufficient to undo a change made with
| user-level privileges breaks this relationship.
| detaro wrote:
| OP didn't mention that the child's account is a secondary
| account. AFAIK if you log-in with an account the first
| time on a fresh(ly reset) chromebook, it becomes the
| "administrator" account - and at the same time if its in
| an organization (i.e. the school) the orgs policies are
| applied. No clue how that interacts if you do attempt to
| login such account as a second account, it's possible the
| org can require an account to be in control of the
| device. Chromebooks are deeply designed for exactly this
| centrally managed scenario after all, that's (partly) why
| they are so popular with schools and companies.
| deathanatos wrote:
| > _to your kid being a minor in school which means they don 't
| have full legal rights, and the interpretation of 4A is likely
| up in the air here anyway_
|
| IANAL, either. Just because the student is a minor, I don't see
| how that gives the school the right to pwn a _private_ laptop
| (were the laptop a school laptop, my opinion would be different
| here); at best, this would seem to be the parent 's machine, or
| right to decide, at that point.
|
| The OP's post isn't very clear on how the school managed to get
| into a private laptop in the first place; he mentions they
| "logged on", but onto what? And how does signing into something
| permit installs? (There's a comment below that hypothesizes
| this might be an MDM profile sort of situation, and that's ...
| trickier. But doesn't even an MDM login have an uninstall of
| some sort? (Although, IDK, perhaps Chromebooks just can't do
| that, but that would seem to be an issue then with their
| software. But I've never tried, as I don't usually go for MDM
| stuff myself, as companies that do it typically want too much
| permission onto what is my personal device.))
| yeetsfromhellL2 wrote:
| pwning the laptop was a req for doing school work, like how
| you essentially give prior consent to a field sobriety test
| when you get a drivers license. I'm not saying it's right,
| but that likely the school district's argument in court, and
| I'm sure it's buried deep in a EULA or privacy policy
| somewhere.
| dhzhzjsbevs wrote:
| Probably a Google account sign on.
|
| If I sign into my work Google account on my androids chrome
| it basically forces you to install spyware so our IT team can
| suck up my browser history.
|
| It sounds like chrome os takes this approach and adds
| steroids.
| CodeWriter23 wrote:
| Organize other pissed-off parents and persist at school board
| meetings until they change the policy. You'll likely be labeled
| as terrorists for seeking redress with your public officials but
| stand strong, read up on laws and the board's bylaws. Let them
| enter a trap (like ignoring you) where the law/bylaws say you can
| petition for removal of board member(s) on that cause. You'll
| likely have to take it to court. But parents are prevailing and
| board members are being removed, for example in Pennsylvania over
| schools imposing their own mask mandates that do not align with
| public health.
| duxup wrote:
| Considering the range of protections a school is required to
| provide and that school IT is usually poorly staffed, paid,
| funded awkwardly... tons of different motivations for various
| policies.
|
| I wouldn't expect these policies to change.
|
| Best bet is to not mix school administrated accounts with
| personal devices.
| mbubb wrote:
| "this is my rifle/ this is my gun/ this one's for fighting/
| this one's for fun"
| mfreydavis wrote:
| I work for a school district (not CPS) with about 2000 deployed
| Chromebooks and you're likely running into one of two things.
|
| 1) You somehow 'enrolled' the device into the Chromebook
| management. This is hard to do by mistake but if you do,
| essentially puts the device under the control of the school
| district. It also uses up a license on their end. We only allow
| particular IT only accounts to enroll devices. 2) You're logging
| in with their CPS account. Once a person logs in with their
| managed account it can deploy user level policies that include
| everything you described: extensions, filtering, and blocking
| signing into another account in the browser. You'll also find
| some random pages are blocked to keep students from bypassing the
| restrictions.
|
| That you can wipe the machine makes me think you didn't enroll it
| - if you wipe an enrolled device it will prompt/force you to re-
| enroll. You should be able to reboot the device so you land at
| the login screen and hit "Add Person" down at the bottom. From
| there sign in with a different Google account and it should be
| completely unaffected by any policy the school is deploying.
| Unless you enroll it, the policies are deployed to the Google
| account, not the device.
|
| Its likely the CPS Help Desk Staffer you reached doesn't have the
| power to fix things for you if you've enrolled things - that
| usually requires permissions that are restricted to a few admins.
|
| Feel free to shoot me a message via the email in my profile - I'm
| happy to give you some of the inside perspective and help you
| figure it out.
| car_analogy wrote:
| > I bought him a Chromebook for schoolwork, but also for other
| private things. When we logged in, the system installed
| GoGuardian monitoring software on the Chromebook without notice
| or permission.
|
| Can you give more details? Logged in to what? I don't know how
| Chromebooks work, but I take your description to mean logged into
| a webpage, which allowed it to install arbitrary software on your
| computer - this sounds like a vulnerability in Chromebooks.
|
| Edit: On rereading the post, I suppose you mean logged in to
| Google Classroom.
| ev1 wrote:
| This is similar to MDM. Sign in to a school .edu Google account
| that force auto provisions the device.
| i_am_jl wrote:
| >Edit: On rereading the post, I suppose you mean logged in to
| Google Classroom.
|
| Oh, if only. They mean logged into ChromeOS with a Google
| account.
|
| There is an option to log in as a Guest, but the machine is so
| unbelievably gimped in Guest mode I can't imagine anyone
| actually using it like that permanently.
| Glyptodon wrote:
| Is your son's Google account a school account rather than a
| personal one?
| icsa wrote:
| You use ask for a reasonable accommodation. E.G. Access to
| assignments via email.
|
| The Department of Education mandates such accommodations.
| evilotto wrote:
| MrWiffles wrote:
| I haven't used a Chromebook before because I've always suspected
| this kind of malfeasance is inevitable, but I wonder...
|
| Could you just rip out the disk device (nvme/etc) and shove a
| blank one in there?
|
| As long as you never used the backdoored Google account again, at
| least you could re-use the device for other purposes (albeit with
| a different OS most likely). Not optimal I agree, but could that
| be a viable option?
|
| Also, is it possible to virtualize Chrome OS, feasibly? Might be
| an option for anyone with the skills to firewall/isolate that
| malware when usage is compulsory.
| barbacoa wrote:
| >Could you just rip out the disk device (nvme/etc) and shove a
| blank one in there?
|
| When I last owned a Chromebook the storage was soldered on the
| motherboard.
___________________________________________________________________
(page generated 2022-04-04 23:00 UTC)