Students are being exposed to various levels of tracking technology on nearly all of the edtech sites they most often use at school, a new study warns.
These extremely popular sites, such as Zoom, “are making extensive use of tracking technologies,” says the analysis conducted by researchers at the University of Chicago and New York University. “Cookies and trackers are not necessarily malicious or harmful in nature; however, they do still record information about the visiting party,” they added in their review of more than 15,500 K12 public school and district domains.
What they found “more alarming” was that a small number (7.4%) of sites used a type of tracking technology called a session recorder that would record everything a user did on those sites, including the links they clicked on, the images they hovered over, and even data entered into fields but not submitted. That data could include the auto-filling of saved user credentials or social network data that users might consider private.
The researchers paid special attention to login pages, where they also found both the less nefarious cookies and the more concerning session recorders as well as a Facebook-oriented tracking technology known as Meta Pixel. “This calls into question the confidentiality of login data and, logically, any further information shared during the remainder of the session,” the researchers asserted.
This research will likely heighten the cybersecurity concerns of district leaders already stoked by a string of recent reports, including one that warned late last year that “most apps used by K12 students are unsafe for children.” Nearly 80% of apps earned a “Do Not Use” rating from the Internet Safety Labs, which measured data-gathering technology that is “often buried deep inside app software components.”
More from DA: Here are 7 education changes lawmakers promise for 2023
The Lab found that about 20% of apps were high-risk for threats, including selling students’ personal information to third-party marketers. “In the wrong hands [personal information] can lead to emotional trauma, aberrant seduction or even physical danger with location information,” the nonprofit cautioned. “Further, data is forever. For instance, mental health information gleaned from a child’s innocent use of a mental health tracker can become a problem in later years as a teen or an adult.”
Custom apps commissioned by school districts for use by students, parents, and teachers were among the least safe, the Lab warned.
Tackling the tracking technology
The University of Chicago and NYU study recommended that schools get assistance in conducting more comprehensive threat assessments and fortifying their cybersecurity networks and response plans. This should include more professional development for administrators, IT leaders and teachers on how to protect student privacy.
The researchers also pushed for the development and consistent enforcement of stricter student privacy laws, pointing out, for instance, that there are no substantial repercussions for vendors who violated the Future of Privacy Forum’s Student Privacy Pledge.
“Our findings suggest that administrators lack resources to properly assess privacy and security issues around educational technologies even though they do pose potential privacy issues,” the study concluded.
