Archives

All posts for the month September, 2021

There are many websites out there that will gladly take the details of your wifi network and in exchange for receiving those details, will generate an QR code that you can use to allow others easy access to your guest network, or business wifi. I strongly recommend against use of such sites as you can’t be sure they aren’t mining the data to build a repository of such information, and for what other purposes.

Instead, I used a freely available tool in Linux known as qrencode. Fortunately, qrencode is a simple program that you run locally on your linux machine (hell you could even roll up a linux VM to do this if you don’t have a machine with linux on it).

Installing qrencode in debian or ubuntu is as easy as:
sudo apt install qrencode

Once you have it installed, the format for generating the QR code is pretty straightforward:
qrencode -l H -t PNG -o qrwifi.png "WIFI:S:{SSID name of your network};T:{security type - WPA or WEP};P:{the network password};;"

So say your wifi name is “FBI VAN” with a password of “b0nehead” and has WPA encryption, your command to generate the QR would look like this:
qrencode -l H -t PNG -o qrwifi.png "WIFI:S:FBI VAN;T:WPA;P:b0nehead;;"

You would then see this QR code generated: (go ahead, scan it here!)

Once done, you have a nice QR code you can print and display for your guests. This makes it easy to get them connected, and they don’t have to worry about bothering anyone for the wifi password anymore. It’s a win on both sides.

ABSTRACT

So we recently moved to Northbridge (July 2020) and we were excited that (at the time) the NPS school district was not a GoGuardian customer.  Our family fought with our last school district in North Attleboro to stop deploying GoGuardian to our equipment at home for the reasons I documented back then.  The concept is simple:

  • MY house
  • MY home network
  • MY privately paid for internet
  • MY computers
  • MY electricity that was/is being paid for to run such an invasive application extension software

As a student/family privacy advocate, I believe the school should monitor it’s equipment and only on school grounds.  When it comes to family owned equipment used at home or anywhere off school campus, it should be HANDS OFF!  Students (and families) deserve a reasonable expectation of privacy in their own homes and on their own computers.

You should know that today (at the time of this writing) I telephoned the product team at GoGuardian, and asked them about their data collection and retention policies.  They refused to give me any information citing that I wasn’t their customer.   Tax dollars funded the acquisition and installation of this software in our schools, I think full disclosure is totally appropriate.

LATEST FINDINGS/HOW TO TELL IF YOUR SCHOOL IS WATCHING

So at home, it’s YOUR computer, and your child is logged in to process homework, or email a teacher.  How do you know your school is watching and recording all their browsing history?  Here’s how:

Ensure they are logged into their school account on chrome.  Once logged in, type this in the address bar:

chrome://extensions

You will see something like this showing GoGuardian is installed: (click for larger view)

 

Here you can see GoGuardian is installed and running on the browser.  ON YOUR COMPUTER!  Did you ever give your school system permission to install a monitoring agent on YOUR equipment?  No?  then you need to complain to the highest levels of administration up to and including your school committee.  They are hoping this goes unnoticed, but I bet if they held a public forum on it and went out asking for consent, that most people would decline when they fully understand that GoGuardian really does.  I’ll also note that it isn’t possible to remove this extension – the ability to remove it is managed by the school district’s Google Apps domain policy.

You can see here the permissions given to the GoGuardian browser extension – it’s disturbing:

Here’s a snapshot of the DNS queries I saw in our logs just after doing a test search for illicit materials on our machine: (click for larger image)

 

That right there friends, is GoGuardian “phoning home” on what I just did.  (in this case web browsing history and searching) was sent to GoGuardian, and whatever I did is now visible to school officials.  There are real ramifications to this kind of tracking (which I will not go into here) but simply put, you should contact your school system and demand removal of this invasive browser extension from running in your home.  Here’s a brief use case/reasons why:

  • when the equipment and network the application/extension is running on does not belong to NPS
  • students need to have a perceived sense of privacy within their own home and on family owned equipment.
  • on shared family owned equipment, the data collection could violate the privacy of any person who uses that equipment and unknowingly is operating within a chrome browser logged into that account.  People seldom check to see who chrome is logged in as – they just open a window and go online.
  • This also has the potential to implicate the “tracked” student in other people’s internet activity unfairly, on privately owned (but possibly shared) equipment.

Also the EFF (Electronic Frontier Foundation) has released an extensive study into the privacy matters and even legality of off-campus school surveillance.

SIGN THE PETITION TO REMOVE GOGUARDIAN FROM SCHOOLS

You can sign the petition here (I did): https://www.change.org/p/goguardian-ban-goguardian-in-schools-across-the-globe

HOW CAN MY SCHOOL MAKE THIS RIGHT?

Simple.  All the technology department needs to do is work with GoGuardian to prevent it’s extension from being deployed on non-school owned assets:

  • Work with GoGuardian to come up with a way to better control extension deployment by confining it to the following:
  • Define a Google Apps OU just for school-owned assets
  • Put all school-owned assets in that OU
  • Push GoGuardian policies to ONLY that OU containing school owned assets.

UPDATE 9/24

I spoke with Director Tiago Vital and Superintendent McKinstry today about the privacy concerns with the GoGuardian extension running on privately owned equipment.  Here are the key points:

  • McKinstry agrees that this extension running on “private property” is a bit concerning, wants to find a solution to exclude private computing equipment where possible.
  • Director Vital has actually looked into fixating GoGuardian to specific OUs within the NPS GApps domain, but mentioned it doesn’t appear that GoGuardian currently honors this in it’s current version.
  • Both Director Vital and Superintendent McKinstry agreed that a joint conference to discuss directly with GoGuardian, ways of excluding private equipment from the product deployment scope is desired and have invited me to join the call to present the concern from a parent’s point of view.
  • Time and date of such call is yet to be determined.

I will provide additional updates as they become available.

UPDATE 9/27

I got an email back from Director Vital which makes it clear GoGuardian does not wish to hear from/or involve in discussion, parents.  Here’s what the email said (and my response) click for larger view:

It should be noted that the claim of the extensions on non-chromebook devices are inaccurate.  Our family computer is a Linux (Ubuntu 20.04) machine running Chrome browser.  You can see from the screenshots above from that computer, that the extension was present and alive.  A test search for porn caused several DNS queries for goguardian servers to immediately show, indicating that the computer was talking to and sending data to GoGuardian.  This computer is private property, and we don’t consent to the residency of this executable extension (and code) belonging to GoGuardian, running on our private property (computer) in our home.

Since I learned that GoGuardian will not talk to parents – I went to my local police department (Northbridge Police) and filed a police report. (I’ll copy any developments herein as they happen)  I intend to fully pursue the legality of a school system and/or company placing executable monitoring agents in people’s homes on privately owned equipment.  I need parents to join this effort to preserve the expectation of privacy in our homes.  I also believe there are serious 4th amendment violations at work here.

UPDATE 9/30

I’ve kept an eye on our machine over the last couple days and there has no longer been any GoGuardian traffic.  The extensions also appear to be missing from Chrome now.  I suspect that the school has removed this extension somehow from being deployed to our equipment when the kids log on – THANK YOU!   I do ask that parents use this guide to check and verify if the GoGuardian extensions have disappeared from their chrome browsers also.  Please follow the steps above and please feel free to comment below.   NOTE: I believe this removal is only for PRIVATE at home equipment.  If your child is using school issued equipment at home or on campus, I believe you will still see this extension in use.   Please remember that the focus of this cause, is ONLY for removal of the goguardian extension from PRIVATE equipment used OFF CAMPUS.