2
School Spyware (sh.itjust.works)

Hi. My school just started issuing devices last year, and they have this Lightspeed spyware on them. Last year I was able to remove it by booting into Linux from a flash drive and moving the files to a separate drive and then back at the end of the year. This year I have heard from sources that they have ways of detecting someone booting from Linux so I am hesitant to do that option. My only other idea is to buy an old laptop off eBay that looks like it and install Linux on it. I could probably get one for about 50€. Does anyone have any cheaper ideas?

Oh also talking to IT isn’t an option.

all 20 comments
sorted by: hot top controversial new old
[-] TheHobbyist@lemmy.zip 5 points 1 year ago

Does it have built in storage? If not, could you just buy a second hand SSD, swap it and use that one and put back the original SSD when you return it?

[-] HumanPerson@sh.itjust.works 1 points 1 year ago

I believe I experimented with that before. Like I said I don’t want to risk much with this device. Their network is actually solid (it was set up by kids in the networking class not just it) and they would detect it. It did just occur to me that I could remove the Wi-Fi card then remove the files with Linux so that it couldn’t phone home, but I don’t know if it would log the files missing. Do you think that would work?

[-] TheHobbyist@lemmy.zip 1 points 1 year ago

It would really depend on the device. It would be possible to phone home, even analyze which files might be missing and report that. Whether that's how it works or not would depend on the device.

[-] HumanPerson@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago)

They didn’t notice it missing last year, but they have made changes. It used to not auto install its extension on librewolf but now it does.

[-] CandleTiger@programming.dev 1 points 1 year ago

What’s the consequences for getting caught? Even if they do detect you messing with their install image, what are they going to do about it besides tell you to put it back? Unless they’re going to make you go for psych visits over software removal, it seems to me you may as well just try it and find out.

[-] tinyVoltron@lemmy.world 4 points 1 year ago

Grow up and get your own fucking computer. Don't be an asshole and fuck with someone's else's machine. Do whatever is required to be done on the school machine then put it away and use your own for whatever supersecret spy shit or whatever you need to hide from"The Man". I don't fuck with my company issued machine. I do my work then use my own machine to surf porn, torrent, or what the fuck. I don't mess around with the machine that someone's else paid for. Because I'm not an asshole. Don't be an asshole.

[-] HumanPerson@sh.itjust.works 7 points 1 year ago

I have my own computer. I use it for exclusively personal things and use my school issued computer exclusively schoolwork. They legally require me to give up my privacy and I disagree with this based on principle alone. Enjoy your porn though.

[-] krnl386@lemmy.ca 5 points 1 year ago* (last edited 1 year ago)

Is there an IT policy at your school? I suggest perusing it for 2 reasons:

  1. Understanding the consequences of tampering/tinkering with the spyware.
  2. Understanding how much authority the IT department really has, and whether or not what they’re doing with the spyware constitutes overreach.

#2 in particular is for your own knowledge/benefit. Since you’re not an employee, but a student, you may have some inherent rights under this policy, which the IT department may be violating.

[-] HumanPerson@sh.itjust.works 4 points 1 year ago

Their policy (at least the last time I checked) was all vague rules with whatever punishment they see fit. That is why I just wanna get something identical that is mine. I won’t get on the network but I can use a mobile hotspot and be fine. What rights are you referring to specifically?

[-] krnl386@lemmy.ca 3 points 1 year ago* (last edited 1 year ago)

I’m guessing this is a school and not a university? At a university students have more clout/rights, at least on paper.

In any case, getting your own machine is the way to go. You can run whatever you want on it. You could still (cautiously) use the school network, as long as you use a VPN; basically treat the school network as a “hostile” environment. That’s assuming VPN use is not against the school rules. :)

[-] HumanPerson@sh.itjust.works 2 points 1 year ago

I can’t use the network there, I haven’t looked at how they configured it but if I do bring my own device I want to keep it off their network completely because they would realize quickly. I have decent cell service though and can do a mobile hotspot.

[-] Sabre363@sh.itjust.works 3 points 1 year ago

I would say just do it and play dumb if they bring anything up. Or look at some really weird shit and let them spy.

[-] HumanPerson@sh.itjust.works 4 points 1 year ago

I did the “look up weird shit” option last year and ended up having a nice chat with 10 different psychologists about it. I’m not doing that again but I like where your head’s at.

[-] user224@lemmy.sdf.org 4 points 1 year ago

What the hell did you look up?

[-] HumanPerson@sh.itjust.works 1 points 1 year ago

I can’t say too much. I want to not disclose info they might recognize.

[-] das_monk@lemm.ee 1 points 1 year ago

Is running Linux from a USB drive an option! You don't have to install anything on the machine itself, and you could run the pen drive os on any machine..

[-] SpacemanSpiff@artemis.camp 1 points 1 year ago

Install Linux on a USB stick or live CD. Boot into that OS and do exactly what you did last time.

  1. Unless they have gone into the firmware to prevent booting from anything but the HDD, this will will work and they can’t detect it.

  2. Once you make the changes and boot back into Windows they won’t know either. While the OS is offline their spyware does nothing. Once you boot back into Windows, it can’t run and can’t “call home”.

As someone else said, they will know eventually that something is broken on your computer, that is, no data from your machine and it becomes a stale object. But they may not automatically believe it was intentionally disabled. You’d be surprised how low compliance numbers need to be in order to be satisfactory, and no security or monitoring solution is flaw-free. They may just blame the software. Many low-level IT admins are prone to this assumption in order to avoid spending a lot of time diagnosing the problem.

Source: am a computer systems engineer

this post was submitted on 18 Aug 2023
2 points (53.3% liked)

Privacy

31601 readers
345 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS