96
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 08 Sep 2024
96 points (100.0% liked)
Technology
37742 readers
492 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
Don’t put personal shit on work devices. This is pretty basic.
Kids going to school cannot reasonably be expected to have the knowledge, forethought, or ability to protect themselves from privacy violations. They lack the rights, info and social power to meaningfully do anything about this. That's why it's exploitative and harmful. Edit: that's also to say nothing of the chilling effect this is going to have on kids who DO need to talk about something but now feel they have to hide it, or feel ashamed of it. Shit is bad news all around.
Sooo schools should just provide devices to kids with no monitoring at all?
There shouldn’t be an expectation of privacy on school/company provided devices, that isn’t how it works literally anywhere. It’s on the parents to teach their children not to use the device for personal reasons.
Ideally the school machines should be limited to only allowing coursework and limited messaging between classmates and teachers, it’s a tool not a toy.
Idk I just can’t get upset about this. Kids and privacy is kind of a tough one to begin with, I personally think kids shouldn’t have unregulated access to communication devices at all until like 14-15, maybe.
Yes. There are tons of enterprise tools to lock devices to certain activities. Surveillance is not necessary and will be used to violate privacy, and I am not talking about just on device communication. Remember when companies were caught using their employees cameras without any indication on the device? The suspected benefits of surveillance is not worth the potential harm.
My company exclusively deploys machines with physical coverings for the camera and hardware disconnects for the mics.
Good! Not all companies do that and I highly doubt school districts in most places will. They tend to be underfunded and understaffed
An issue here for me is that the kids can't op out. Their guardians aren't the ones checking up on their digital behavior, it's an ai system owned by a company on a device they are forced or heavily pressured to use by a school district. That's just too much of a power imbalance for an informed decision to my mind, even if the user in question were an adult. Kids are even more vulnerable. I do not think it is a binary option between no supervision and complete surveillance. We have to find ways to address potential issues that uphold the humanity of all the humans involved. This seems to me like a bad but also very ineffective way to meet either goal.
We just fundamentally disagree on what rights someone is afforded on a company provided devices. They can’t opt out because obviously not, you don’t get to just opt out of information security policies.
It would be a different beast if the school didn’t allow you access coursework on a personal machine without installing their bullshit, thats a huge issue.
Yeah, I just fundamentally don't think companies or workplaces or schools have the right to so much information about someone. But I can understand that we just see it differently.
I agree on that point, nobody has the right to any information about me except for exactly what I choose for them to know. Speaking from an IT professional standpoint, if I deploy a device, I absolutely have the right to know anything that happens on that device. You have to from a security perspective.
That’s why I don’t use any social media on my work laptop. Ideally that’s why social media is blocked on work machines so it’s a non-issue. Kids should understand that concept early, you do have a right to privacy but you also don’t control that device.
I feel you're coming at this from an abstract angle more than how these things actually play out in practice. This isn't reliable software, it isn't proven to work, and the social and economic realities of the students and families and districts have to be taken into account. The article does a better job explaining that. There are documented harms here. You, an adult, might have a good understanding of how to use a monitored device in a way that keeps you safe from some of the potential harms, but this software is predatory and markets itself deceptively. It's very different than what I think you are describing.
Speaking as an infosec professional, security monitoring software should be targeted at threats, not at the user. We want to know the state of the laptop as it relates to the safety of the data on that machine. We don't, and in healthy workplaces can't, determine what an employee is doing that does not behaviorally conform to a threat.
Yes, if a user repeatedly gets virus detections around 9pm, we can infer what's going on, but we aren't tracking their websites visited, because the AUP is structured around impacts/outcomes, not actions alone.
As an example, we don't care if you run a python exploit, we care if you run it against a machine you do not have authorization to (i.e. violating CFAA). So we don't scan your files against exploitdb, we watch for unusual network traffic that conforms to known exploits, and capture that request information.
So if you try to pentest pornhub, we'll know. But if you just visit it in Firefox, we won't.
We're not prison guards, like these schools apparently think they are, we're town guards.
That's exactly how it works at many places. Students can only use a personal device if it's enrolled in the school's MDM, which grants them just as much control.
Schools literally, legally, are not companies.
The “provided devices” is the important part of that sentence
School is not work. Work is compensated. Work is voluntary. School is neither.
Not all of these kids have any other computer.