headers-onlinesafetyguide_student

Guide to Online Privacy and Security for Students

Many of today’s digital natives begin using smartphones before they learn how to talk while education is no longer confined to books and notes. Modern students learn, research, and explore at an increasing pace thanks to digital classrooms and the Internet.

But while technology and accessibility of the Internet have changed education for good, they also come with a fair share of cons. Privacy and security threats top the list of related concerns.

This privacy guide addresses online threats that put students’ privacy and security at risk. It also outlines the best – and user-friendly – tips and tools that protect students’ privacy online,  so that they can enjoy browsing and stay safe.

Online Privacy Issues in Elementary School

Risks

Digital classroom online privacy and safety concerns

If young children don’t get exposed to technology at home, they’re almost sure to begin using digital classroom tools in kindergarten or elementary school. While the benefits of edutainment are numerous, educational apps and platforms store a wealth of students’ sensitive data.

That data contains not only students’ names, dates of birth, SSNs, addresses, race, and gender, but also sensitive information about their parents, as well as grades and other relevant information.

Poor security safeguards create ripe opportunities for hackers profiting from identity theft, or elaborate social engineering scams. Recent research reveals the scale of school hacks is increasing since selling students’ identities on the Dark Web is a lucrative business.

Schools sharing kids data with third parties

One of the most nagging privacy concerns with digital classrooms is how – or if – schools protect student data. A recent review of U.S. schools’ privacy policies and practices revealed a very lax attitude to student data.

Most educational apps and platforms come from third-party developers, and their handling of student data varies. It can be sold to data brokers, analyzed for ad targeting, or hacked.

So schools, educators, and parents need to work together to ensure privacy policies and security safeguards are sufficient to protect student data.

Parental consent

A glaring case of privacy intrusion is Facebook’s Summit Basecamp platform, which collects and uses student data without parental consent. While Summit Basecamp made the headlines due to a massive backlash from families, schools use a multitude of other digital tools in classrooms, and parents should always scrutinize each app’s privacy policies.

The tendency for software developers to bypass the parental consent at schools the way Facebook did is troubling. Families need to keep tabs open on whether their school offers a parental consent form, and most importantly – opt-outs.

Teachers posting kids’ pictures on social media

Teachers are increasingly aware of the privacy issues stemming from the use of digital tools in class. But it’s also common for groups and communities to share success stories and daily routines via social media.

If a teacher inadvertently posts group or individual pictures of students in public timeline, or if one of their friends shares a post that’s been published privately, students’ privacy may be compromised.

What Parents Can Do

Know what tools are used in your kids’ digital classroom

At an open house or during a curriculum night, inquire about the digital tools and platforms that teachers plan to use in the classroom:

  • Have these apps been approved by the Department of Education and the school board?
  • Do the classes involve non-educational and unapproved tools, such as writing or drawing tools? If yes, do these apps provide necessary privacy and security safeguards?
  • What is the school’s policy for protecting the privacy of students’ digital data?

Always read ToS and PP

Ask for a copy or a link to the developer’s Privacy Policy and Terms of Service pages and read them carefully. The devil is in the details, and the fine print stuffed with legalese may reveal data sharing practices you might not want to consent to.

Know your rights

Should you have any concerns, and your school isn’t collaborative, keep in mind that students’ privacy violation has legal and ethical consequences. You might want to bookmark the following laws:

Keep in touch with the teachers and schools social media accounts and pages

Keep an eye open on your school’s and teachers’ social network accounts from time to time. It’s not okay to post students’ pictures on public accounts without parental consent. Should this happen to you, you have the right to request for the image to be removed.

Online Privacy Issues in Middle School

Middle school students are attracted to free public Wi-Fi hotspots, excessive use of social networks and gaming, risky behavior, and quick judgments. Add in the initial stages of hormonal change, and you get a perfect mix for trouble.

Social Media Risks

Cyberbullying, trolling, online harassment, and sexting

Teens yearn for peer acceptance and are willing to engage in risky behavior to earn that recognition. At the same time, social networks encourage students to overshare their sensitive information, exposing them to cyberbullying, trolling, sexting, and harassment. Unfortunately, online bullying often comes from their peers and former best friends – not strangers.

A recent poll among students revealed the most frequent sexting scenario is identical across schools – a student is persuaded to share their sensitive pictures with a boyfriend or girlfriend. After they break up, the image goes public.

Spam, chain letter, and message scams

Spam chat messages and emails come in all colors and shapes. They claim you’ve won a brand new XBox, a million dollars, or the latest iPhone. They offer gaming bonuses, cheats, cracks, free games and other freebies.

Others tell you to share the message with a dozen of friends to get a bonus, but most want you to click on a link embedded in the message. Once you do that, you download malware, adware, or spyware. Depending on its type, it may intercept your traffic, steal your personal and financial information, or redirect your browser to ads and affiliate pages (browser hijacking).

Inappropriate content

Hackers aside, teens tend to share inappropriate content willingly because they think it’s cool. What escapes them is that such content may traumatize them in the long run, while their school IT admins and ISPs can always access their browsing history.

What You Can Do

Protect your online image

Irrespective of whether you want to be active on social media, browse 18+ web pages, or share sensitive images with friends, remember – things you do online are tracked, stored, and archived.

Deleting browsing history, or using an alias on social networks isn’t enough because your Internet Service Provider and school admins can access your browsing history.

Things you say online create an image of you that will sooner or later contribute to your studies and career, or hamper them.

Make your accounts private, verify friends’ identities

Take a minute to watch this Coby Persin’s social experiment on how easily teens get tricked by impostors on social networks.

Since social media are fruitful ground for predators, impostors, and troubled peers, it might be a good idea to verify the identities of your online friends and make your social accounts private.

Disable location sharing and make your images visible to close friends only – not friends’ friends.

Avoid oversharing

It’s easier said than done when everyone is Instagramming, Snapchatting, and typing their fingers numb in other chats. But go through your timeline and assess how much of your personally identifiable information you’ve exposed already.

Have you shared your address, name, school, parents’ names and workplaces, or who your best friends are? If your publicly visible social profile reveals a story of your life to the world, you’re exposing yourself to unnecessary risks – social engineering, trolling, and even identity theft.

  • Ask your parents and siblings if they’re comfortable with you sharing information about them.
  • Posting information about your vacation plans, neighborhood and residence can potentially make your home a target for robbery.
  • Consider dedicating more time to face-to-face interactions instead of documenting your life online.

Use aliases

Aliases and user-pics that don’t immediately identify you help protect your social profiles from snooping eyes, be it peers, creepy neighbors, or child predators.

Ask to remove data

If your friends tag you in pictures you don’t want to be shared publicly, or if someone posts false or hurtful information about you, you can file a complaint with the social network’s tech support and request for this information to be removed.

It might be a good idea to block the person on social networks to cut the trolling short.

Don’t click on links coming from unfamiliar sources

The rule of thumb is to never click on links in emails, chats, and private messages when you’re not sure of the sender’s identity.

Encrypt your pictures or don’t make them

The best way to prevent sexting is to be firm about not sharing your private images with anyone. Should your friends, boyfriend or girlfriend ask for it, say you respect yourself too much to do that. If your friends respect you, they should never ask for compromising pictures of you.

Also, treat everything that’s not encrypted as hackable. It’s best to avoid storing sensitive images on any Internet-enabled device. Alternatively, use an encrypted vault app to store your pictures.

Check cyberbullying and sexting laws

Your school and district most likely have policies and laws on sexting and cyberbullying. When sexting or revenge porn involves children under 18, it violates sexual offender laws in most states. If you should become a victim of sexting or cyberbullying:

  • Screenshot threats, hurtful posts, and comments
  • Check if your state has sexting, cyberbullying, or revenge porn laws
  • Report to your school authorities and police

Online Privacy Issues in High School

School Monitoring and Firewalls

Campus network monitoring

Every college has its own rules regarding how students can use its network and email system. Understand these policies and penalties for not complying with them.

General policies may cover:

  • Torrenting
  • Downloading and installing software and drivers on college computers
  • Adding, deleting, or altering files on college servers and computers
  • Bypassing firewalls and other security safeguards
  • Harassing someone online using college resources
  • Impersonating someone

Your college or university can – and does sometimes – monitor and inspect data traveling through its network, including your browsing history and bandwidth consumption. Most campuses also block P2P.

Campus email monitoring

As if network monitoring isn’t enough, most colleges monitor school email addresses – the one you’re assigned after enrolling.

Use this email for educational purposes. But keep your personal communications to your personal email because your school monitors activities on your email account. Since the institution owns the account, technically they have the right to snoop on you. So don’t expect your school email interactions to be private.

Dangers of free public WiFi

While campus network and email are monitored by your college, free WiFi hotspots are monitored by hackers. Public WiFi is exceptionally insecure, with Man-in-the-Middle attacks and honeypots set up to intercept your financial information or email credentials.

Shopping online or sending sensitive files over public Wi-Fi without extra protection is inviting trouble.

What You Can Do

Use a VPN

A Virtual Private Network is that extra protection you need when using public Wi-Fi because it encrypts your traffic, obscuring it from snoopers. Better yet, a VPN also hides your traffic from college surveillance and helps you bypass its stringent firewalls and blocks.

True, some colleges also block VPN-specific ports and use Deep Packet Inspection to identify VPN traffic and block it. If that’s the case, choose a VPN with anti-DPI protection.

Use private email and chat

If you seek privacy, consider switching to private messaging and email apps as opposed to mainstream services and college email.

Apps such as Signal, Tutanota, Threema or Cryptocat are easy to use and widely adopted, so you shouldn’t have trouble persuading your friends to switch to secure messaging apps.

Review your school’s email and network usage rules

You need to have realistic expectations of privacy when using college or university email and network. Request a copy of your school’s network and email use, and read the fine print carefully.

Disable “connect automatically”

The auto-join feature enables your devices to connect to any available network. While convenient, this feature connects you to public WiFi, potentially exposing you to MITM and honeypot attacks.

It makes sense to disable the auto-join feature and manage your networks manually.

Online Privacy Issues in College

Online Course Risks

Data interception, tampering

E-learning has become ubiquitous, allowing students to amplify their knowledge without having to be physically in the classroom. But like everything that resides in the cloud and travels online, e-learning courses and student data can be intercepted, stolen, sold, tampered with, or deleted.

Data sharing with third-parties

Moreover, not all e-learning providers have a reputation for excellence when it comes to student privacy. Some companies freely share student personal data with ad providers, data brokers, and other third parties.

What You Can Do

Vet online courses

The easiest way to weed out unreliable providers is to:

  • Read their Privacy Policy and Terms of Service, carefully scrutinizing the fine print about data collection and sharing
  • Review customer reports – if there’s a problem, it will surface in user reports
  • Check the provider’s BBB page

Use encryption

To prevent data interception, use VPN to encrypt your traffic as you upload and download data. Encrypt files on your hard drive and in the cloud, when possible.

When choosing your online course provider, inquire about it security safeguards. A serious provider will offer an ample choice of privacy and security measures.

Make screenshots

Should something suspicious happen, remember to make a screenshot – it will help you identify the source of the problem and mitigate the damage. Ask the provider’s tech support for help.

Online Dating Risks

Online dating services focus on helping you find romance, not privacy. Considering the nature of your information stored on their servers, the consequences of that data exposure can be dire.

Making matters worse, dating services keep your profile and pictures on their servers even after you delete your account. Many legal situations can force them to turn over that information in response to a court order.

Stalking

Google Image Search, TinEye, and other photo identification tools let anyone figure out who you really are, even if you use an alias.

A simple blunder of using the same profile picture on Facebook and a dating site can lead a potential stalker to your real identity. And if you connect your Facebook and dating accounts, identifying you is a no-brainer.

Defamation and doxxing

It’s not uncommon for peers, neighbors, acquaintances, and colleagues to accidentally spot someone they know on a dating site. Should someone want to spread false information about you, your dating profile can be used against you.

Likewise, the private information from your dating profile can be used in doxxing, when your adversary shares your sensitive information online on public forums and social networks.

Security issues

Many online dating sites aren’t all that secure, including Tinder, Bumble, and OkCupid. Recent research by Kaspersky revealed that these and other services render their users’ names, locations, message history, and pictures vulnerable.

Moreover, some vulnerabilities in Tinder and other popular apps allow hackers to see which pictures you’re looking at, and how you swipe in response to them.

The notorious Ashley Madison breach exposed the names, usernames, emails, passwords, addresses, phone numbers, and partial credit card data on millions of its users.

What You Can Do

Things you should remove from your dating profile

Consider removing your address, phone number, school, and real name from your profile. Avoid sending digital photos that contain metadata.

How to stay safe on dating sites

Do:

  • Use an alias and a profile picture that doesn’t let someone identify you on Facebook easily
  • Disable webcam and put duct tape over it
  • Use strong passwords and two-step verification
  • Disable location services
  • Be cautious with your photos (name and place tags)
  • Have a video chat before agreeing to meet in person
  • Say “no” if someone asks you for sensitive information you’re not comfortable sharing

Don’t:

  • Respawn credentials across accounts
  • Link to Facebook or Instagram
  • Overshare (keep private your favorite places to go in the city, school details, etc.)
  • Post any photos and comments on your dating profile that you wouldn’t want your parents – or teachers – to see

Issues with Free Speech Online

Firewalls

Campus network rules not only block torrenting, streaming, malware, and gambling. Along with the harmful websites, many schools blacklist a wealth of blogs and news sites they consider politically incorrect.

Censorship

Top that off with another blacklist of forums on human rights, investigative journalism, bloggers and vloggers who question authority, and you’re cut off from a substantial portion of the Internet.

Not only school censorship protects you from downloading malware or copyrighted movies – but it also inhibits your ability to research and access unfiltered information.

What You Can Do

Use VPN

A VPN helps you stay below your school’s radar and bypass its firewalls and censorship rules.

Check out this list of VPNs for colleges and universities – most of them come with advanced anti-DPI and firewall evasion bells and whistles.

Use private browsers and search engines

  • Keep Chrome and Firefox for studies. In the meantime, consider using Tor, Tails, Brave or Waterfox for private browsing.
  • Enable the private mode as default, and switch to DuckDuckGo for searches that you want to keep private from the snooping eyes of Google.

Don’t post censored content on your social accounts

Social networks are closely monitored for keywords that can tag you for mass surveillance, college expulsion, suspension, or a fine. While being provocative and truthful may earn you a hefty followers base, don’t suppose you’re too small and insignificant to be noticed by a surveillance agency.

Self-censorship online has become the new norm, unfortunately. However, alternative social networks crop up in response to the intrusive surveillance and censorship practices of schools, three-letter agencies, and tech giants.

Ello, Mastodon, Minds, Vero, or Telegram can replace your traditional social networks and allow more freedom.

Useful Student Privacy Resources