summaryrefslogtreecommitdiff
path: root/content/entry/the-tipping-point-rejecting-windows-zoom-lockdown-browser-and-the-lockdown-monitor.md
diff options
context:
space:
mode:
Diffstat (limited to 'content/entry/the-tipping-point-rejecting-windows-zoom-lockdown-browser-and-the-lockdown-monitor.md')
-rw-r--r--content/entry/the-tipping-point-rejecting-windows-zoom-lockdown-browser-and-the-lockdown-monitor.md32
1 files changed, 7 insertions, 25 deletions
diff --git a/content/entry/the-tipping-point-rejecting-windows-zoom-lockdown-browser-and-the-lockdown-monitor.md b/content/entry/the-tipping-point-rejecting-windows-zoom-lockdown-browser-and-the-lockdown-monitor.md
index 0fe32f9..4544059 100644
--- a/content/entry/the-tipping-point-rejecting-windows-zoom-lockdown-browser-and-the-lockdown-monitor.md
+++ b/content/entry/the-tipping-point-rejecting-windows-zoom-lockdown-browser-and-the-lockdown-monitor.md
@@ -2,46 +2,28 @@
title: "The Tipping Point - Rejecting Windows, Zoom, Lockdown Browser, and the Lockdown Monitor"
date: 2020-03-30T00:00:00
draft: false
-makerefs: false
---
# Background
-This semester I took networking at SIUe[1]. Networking is a senior level CS course. I'll call the professor, "Professor X" to preserve anonymity.
+This semester I took networking at [SIUe](https://www.siue.edu). Networking is a senior level CS course. I'll call the professor, "Professor X" to preserve anonymity.
# Story
## Windows
-The first software freedom issue I had in this class had to do with the Wiresharks labs. Wireshark[2] is free software that can be used to capture and analyze network traffic. So there was no issue with Wireshark. Actually, the issue was with the assignment instructions. The instructions were written so that some tasks had to be performed outside of Wireshark and screenshotted. If I remember correctly Professor X said he did not make any changes to the assignment before giving us the assignment. The assignments were actually obtained from the University of Massachusetts, Amherst[3]. The DHCP Wireshark lab contained instructions that only work on Windows.
+The first software freedom issue I had in this class had to do with the Wiresharks labs. [Wireshark](https://www.wireshark.org/) is free software that can be used to capture and analyze network traffic. So there was no issue with Wireshark. Actually, the issue was with the assignment instructions. The instructions were written so that some tasks had to be performed outside of Wireshark and screenshotted. If I remember correctly Professor X said he did not make any changes to the assignment before giving us the assignment. The assignments were actually obtained from the [University of Massachusetts, Amherst](https://gaia.cs.umass.edu/kurose_ross/wireshark.htm). The DHCP Wireshark lab contained instructions that only work on Windows.
It wouldn't have been hard for me to find the equivalent commands on GNU/Linux, but by this point I realized that me doing all the legwork to get things working on GNU/Linux ultimately doesn't do much good. It gets me by but it doesn't help other students or have any effect moving coursework toward using free software. So instead, I decided I wasn't going to do the extra work myself, and instead included a note in my completed assignment submission stating that I don't own a Windows machine and wouldn't use it. So I downloaded the Wireshark trace from the University of Massachusetts (the assignment said we could do this if we couldn't get Wireshark to capture). I imported it into Wireshark and used it for the duration of the assignment.
-Back in class after the assignment was graded, Professor X announced that students would no longer be permitted to download the trace from the University of Massachusetts. It would have to be captured manually by following the Windows-only instructions. This swiftly closed the loophole I used to bypass using Windows. Therefore, it is no longer possible to take networking with Professor X without using Windows unless you want to do extra work. And by the way, this is one of, if not the most ardent GNU/Linux professors at SIUe based on my experience. He said in class that he uses Arch[4] and is comfortable doing things in the terminal. The point I'm trying to get across is that if you want to only use free software, do not study at SIUe. It is not a free software friendly university and you will struggle trying to work around that.
+Back in class after the assignment was graded, Professor X announced that students would no longer be permitted to download the trace from the University of Massachusetts. It would have to be captured manually by following the Windows-only instructions. This swiftly closed the loophole I used to bypass using Windows. Therefore, it is no longer possible to take networking with Professor X without using Windows unless you want to do extra work. And by the way, this is one of, if not the most ardent GNU/Linux professors at SIUe based on my experience. He said in class that he uses [Arch](https://www.archlinux.org/) and is comfortable doing things in the terminal. The point I'm trying to get across is that if you want to only use free software, do not study at SIUe. It is not a free software friendly university and you will struggle trying to work around that.
## Zoom
-After the corona virus lockdown was declared in Illinois and the university shut down all classes on campus, the lectures needed a way to continue. Professor X went for Zoom[5]. Zoom is proprietary crapware. You can download Zoom on your computer or use it through the browser which probably requires proprietary JavaScript and camera and microphone access. I emailed Professor X if there was another way I could watch the lectures. To accommodate me, he began recording the meetings and emailing them to everyone. However, he said he was still taking attendance with Zoom unfortunately. So I found out it's possible to use SIP[6]. I attempted to set up an SIP account so I could use Zoom, but then I quickly gave up on that and decided on just using the recordings. I felt that I shouldn't have to do extra legwork to avoid using proprietary software. If professors are going to suggest proprietary software to students, which they shouldn't, then they should at least offer a free software alternative that works equally well. Of course, Zoom in the long run is turning out to be a disaster as proprietary software often does.
+After the corona virus lockdown was declared in Illinois and the university shut down all classes on campus, the lectures needed a way to continue. Professor X went for [Zoom](https://zoom.us/). Zoom is proprietary crapware. You can download Zoom on your computer or use it through the browser which probably requires proprietary JavaScript and camera and microphone access. I emailed Professor X if there was another way I could watch the lectures. To accommodate me, he began recording the meetings and emailing them to everyone. However, he said he was still taking attendance with Zoom unfortunately. So I found out it's possible to use [SIP](https://www.wikipedia.org/wiki/Session_Initiation_Protocol). I attempted to set up an SIP account so I could use Zoom, but then I quickly gave up on that and decided on just using the recordings. I felt that I shouldn't have to do extra legwork to avoid using proprietary software. If professors are going to suggest proprietary software to students, which they shouldn't, then they should at least offer a free software alternative that works equally well. Of course, Zoom in the long run is turning out to be a disaster as proprietary software often does.
-I want to elaborate a bit on how Zoom is turning out to be a disaster. Zoom is a privacy nightmare. It actually has an attention tracking feature documented in the knowledge base[7] which creepily allowed hosts of a Zoom meeting to track if the participants were paying attention or not. The CEO addressed multiple issues[8]. One issue was uninvited participants joining and crashing conferences. Another was that the iOS client contained the Facebook SDK. Facebook is a surveillance monster, so of course that was an absolute privacy disaster and it had to be removed. Zoom video and audio doesn't even have end-to-end encryption according to this article[9]. Hackers quickly found a way to exploit Zoom to expose Windows passwords and showed a screenshot of it on Twitter[10]. Some Zoom calls may have been routed through China, where geofencing should have prevented this. The CEO didn't say how many users could have been effected[11]. China does not enforce laws about personal data privacy so who knows if the calls got collected, stored, or analyzed.
+I want to elaborate a bit on how Zoom is turning out to be a disaster. Zoom is a privacy nightmare. It actually has an attention tracking feature documented in the [knowledge base](https://support.zoom.us/hc/en-us/articles/115000538083-Attendee-attention-tracking) which creepily allowed hosts of a Zoom meeting to track if the participants were paying attention or not. The CEO addressed [multiple issues](https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/). One issue was uninvited participants joining and crashing conferences. Another was that the iOS client contained the Facebook SDK. Facebook is a surveillance monster, so of course that was an absolute privacy disaster and it had to be removed. Zoom video and audio doesn't even have end-to-end encryption according to [this article](https://theintercept.com/2020/03/31/zoom-meeting-encryption/). Hackers quickly found a way to exploit Zoom to expose Windows passwords and showed a screenshot of it on [Twitter](https://nitter.net/hackerfantastic/status/1245133371262619654). Some Zoom calls may have been routed through China, where geofencing should have prevented this. [The CEO didn't say how many users could have been effected](https://www.businessinsider.com/china-zoom-data-2020-4). China does not enforce laws about personal data privacy so who knows if the calls got collected, stored, or analyzed.
-So now some universities are rushing over to Microsoft Teams, which will also be a privacy and security disaster forced upon students yet again. They are just going from one proprietary privacy disaster to the next when the best solution is to just use free software. Teams is proprietary and the Teams website requires proprietary JavaScript and perhaps worse a Microsoft account where you must agree to their insane terms of service. So at this point you may be wondering, what free software is out there that would be reasonable for schools to use that would be better? Jitsi[12] seems like a very viable alternative. It allows video calling, voice calling, meetings between an unlimited number of participants, and no sign up or account required. I'm not sure about the encryption and data privacy it has, but at least you know it doesn't come with the Facebook SDK. Besides, there is also Matrix[13] which is cross-platform and has multiple clients. There are free software options available that universities should be looking into rather than all jumping onboard the Zoom train, then jumping onto the Teams train after Zoom derailed.
+So now some universities are rushing over to Microsoft Teams, which will also be a privacy and security disaster forced upon students yet again. They are just going from one proprietary privacy disaster to the next when the best solution is to just use free software. Teams is proprietary and the Teams website requires proprietary JavaScript and perhaps worse a Microsoft account where you must agree to their insane terms of service. So at this point you may be wondering, what free software is out there that would be reasonable for schools to use that would be better? [Jitsi](https://jitsi.org/jitsi-meet/) seems like a very viable alternative. It allows video calling, voice calling, meetings between an unlimited number of participants, and no sign up or account required. I'm not sure about the encryption and data privacy it has, but at least you know it doesn't come with the Facebook SDK. Besides, there is also [Matrix](https://matrix.org/) which is cross-platform and has multiple clients. There are free software options available that universities should be looking into rather than all jumping onboard the Zoom train, then jumping onto the Teams train after Zoom derailed.
## Lockdown Browser & Monitor
-Due to corona virus, the final exam was going to have to change also. Obviously, us students couldn't take the exam in person and this opened up doors to potential cheating. I found out we were going to have to use the intrusive proprietary Windows or Mac only garbage that is the Respondus Lockdown Browser[14]. So I contacted Professor X over email to find out if there was an alternate way to take the exam. For example, being given access to the final exam and then given a certain time window to finish and upload it. He told me this wouldn't be possible. The browser apparently detects and does not allow usage through a VM based on the Respondus knowledge base. Since I don't own any Windows machines and I'm required lawfully and ethically to social distance myself, the only way I know I can complete the exam without issues is by partitioning my hard drive and installing the latest Windows, just for this one exam that lasts less than two hours.
+Due to corona virus, the final exam was going to have to change also. Obviously, us students couldn't take the exam in person and this opened up doors to potential cheating. I found out we were going to have to use the intrusive proprietary Windows or Mac only garbage that is the [Respondus Lockdown Browser](https://web.respondus.com/). So I contacted Professor X over email to find out if there was an alternate way to take the exam. For example, being given access to the final exam and then given a certain time window to finish and upload it. He told me this wouldn't be possible. The browser apparently detects and does not allow usage through a VM based on the Respondus knowledge base. Since I don't own any Windows machines and I'm required lawfully and ethically to social distance myself, the only way I know I can complete the exam without issues is by partitioning my hard drive and installing the latest Windows, just for this one exam that lasts less than two hours.
Furthermore, even though I could do all that, I'm not willing to. That would be using Windows and the Lockdown browser and implicitly affirming that forcing proprietary software on students is okay. Professor X emailed me a second time and informed me that it wasn't really his choice to use Respondus Lockdown browser, that "the university" had decided on it. Whether that means there was some vote within the faculty of the computer science department or the dictate was simply handed down university-wide I don't know. I'm not very interested in the bureaucracy. He told me that "We are under extraordinary circumstances that no one foresaw 3 weeks ago. We've all had to make changes and exceptions to ways we work... I highly encourage you to also be sympathetic to the situation and consider making exceptions". After that he offered to help me repartition my machine to install Windows and mentioned that the university offers free legal Windows 10 licenses available to students. So I took the next step and contacted the chair of the CS department at SIUe. He reaffirmed what Professor X had already said and was not willing to have Professor X make an exception.
So I took Professor X's advice and was sympathetic and considered making an exception. And then after two seconds of thought I decided that dropping the class and refusing to use it was as sympathetic as I can get to proprietary software. I wasn't going to repartition my computer to install the proprietary backdoored malware operating system Windows that could rootkit my machine so that I could install a proprietary malware browser and "monitor" that purposely spies on and cripples the operating system. And then I realized it's probable that some of my other classes would require Respondus lockdown software as well this semester for the final exam and I couldn't in good conscience use it. Also, it's likely that due to COVID-19 my summer classes would also require using it. Even if those classes didn't require that proprietary software, it became clear to me that there were certainly going to be obstacles I simply couldn't get over in the future without switching professors, retaking classes, and constantly doing extra work without much benefit or change to the software the university was using. All of that could also prolong my graduation by a year, two years, or who knows how long racking up student debt. I had already came so far as I was two semesters away from graduating after this one. However, if I dropped out of SIUe, I would free up enough time to build my portfolio, improve my programming skills, network with free software organizations and potentially get some real-world experience. So, I dropped out. It was at great personal cost to myself, but it was the only ethical option left.
-
-
-Link(s):
-[1: https://www.siue.edu](https://www.siue.edu)
-[2: https://www.wireshark.org/](https://www.wireshark.org/)
-[3: https://gaia.cs.umass.edu/kurose_ross/wireshark.htm](https://gaia.cs.umass.edu/kurose_ross/wireshark.htm)
-[4: https://www.archlinux.org/](https://www.archlinux.org/)
-[5: https://zoom.us/](https://zoom.us/)
-[6: https://www.wikipedia.org/wiki/Session_Initiation_Protocol](https://www.wikipedia.org/wiki/Session_Initiation_Protocol)
-[7: https://support.zoom.us/hc/en-us/articles/115000538083-Attendee-attention-tracking](https://support.zoom.us/hc/en-us/articles/115000538083-Attendee-attention-tracking)
-[8: https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/](https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/)
-[9: https://theintercept.com/2020/03/31/zoom-meeting-encryption/](https://theintercept.com/2020/03/31/zoom-meeting-encryption/)
-[10: https://twitter.com/hackerfantastic/status/1245133371262619654](https://twitter.com/hackerfantastic/status/1245133371262619654)
-[11: https://www.businessinsider.com/china-zoom-data-2020-4](https://www.businessinsider.com/china-zoom-data-2020-4)
-[12: https://jitsi.org/jitsi-meet/](https://jitsi.org/jitsi-meet/)
-[13: https://matrix.org/](https://matrix.org/)
-[14: https://web.respondus.com/](https://web.respondus.com/)