this needs to go to r/all

You can't post to r/all

wait a sec

What does that one computer company have as motto ?

"INTEL(-ligence agency) INSIDE" wasn't it.

Or was it "Government inside" ?

Your Butthole, Inside

What secrets does it hold?

Its the brown cave where the terrorists hang out

You mean the brown eye of providence? What doesn't it hold, is the question.

All we know is... it hungers.

Odin's Eye

I agree this school needs some time in the spotlight so there crime gets a lot more exposure.

I thought I was reading r/privacy for a minute.

That's not how /r/all works...

If the superintendent doesn't respond, go to your local news station or newspaper. You could also try ArsTechnica, they would probably be interested in this. Finally, I'd find a lawyer especially if any of your systems have been infected.

I second this. Take it to the local news orgs. Let the school publicly explain publicly why they are tracking everything their students do online outside of school.

Check out the CFAA (Computer Fraud and Abuse Act) as well. It's incredibly broad and, I believe, it could be applied if any student logged onto their email from another state.

Yes, and don't water it down by describing it as "tracking". If they installed rootkits, this is more like what governments call cyberwarfare, and is probably a criminal act.

Techdirt loves shit like this.

I would add the EFF to that list, the ACLU, and possibly the FSF (free software foundation). All of them would take a massive interest in this, even if it is somehow justified to be legal.

The intent of this crap is clear. It would be bad enough in virtually any situation, but that is related to a school is just completely foul. Kids are totally helpless against sophisticated adult exploitation- they need adults to protect them from these threats, to educate them of these threats, and they need a voice that says this shit is wrong.

Agreed. OP should contact them directly, as well as any local and online media outlets of relevance, and post their findings in other subreddits to increase awareness to the issue.

He needs to go to the newspaper regardless.

Except OP doesn't actually understand what's going on and went full conspiritard. Chrome ADMX/ADML templates are used to manage it in the school (or business) setting and are applied by AD Group Policy to domain computers.

IE policies don't apply to Chrome, Firefox, or Safari so you need the other templates in place.

If his screen shot is from a home computer, my actual guess is the kid signed into Chrome at school and at home with their school account. Chrome can roam your installed extensions from one PC to another, just like bookmarks. The school isn't pushing a plugin on a home PC and they certainly are not getting privilege escalation on a home PC through a Chrome extension.

Just have the kid sign out of their school account in Chrome and poof, the extensions are gone. If it's a school provided PC I'm not sure why OP is even concerned. They very liked agreed to monitoring of activity when they accepted the PC. For all we know it could auto connect to the school's VPN so the traffic is going over their web filters anyway.

I'd need to dig into his other claims and see what each of the extensions does but OP is going straight to the deep end without reason.

Incorrect.

Hate to break it to you, but plenty of districts have the resources to issue laptops to students, of all ages. Happens across North America, likely around the world.

All of your understanding of technology seems to be quite outdated.

You are so far off it's funny. Stick to /r/conspiracy and out of technology subreddits.

I do design and implementation of what I've described for a living. Many, many school systems provide students with computers and have for a while.

You also clearly don't have a grasp of how these systems work and calling my suggestion "idiotic" proves that point. I seriously, 100% promise you that you have no understanding of what you're talking about and clearly do not understand the content in my post.

If a user logs into PC1 and signs into the Google Chrome browser this will automatically download their associated plugins, bookmarks, etc. This is called "roaming". It's been done for years. On systems in a domain a school may implement Microsoft Roaming Profiles or any one of the other technologies to roam settings and such (RES Software, AppSense, etc). This is separate from Google's account.

Layered on top of those basic items would be Active Directory Group Policy Objects (GPOs) which is where security, lockdowns, auto-config, printers, drive mappings, etc can be managed. Google Chrome has ADMX/ADML templates enabling administrators to manage the browser. That includes extensions, settings, etc.

When a user logs off of PC1 and onto PC2, the settings in their profile are saved to a central store/share and then copied to PC2 during the logon process. Again, separate from that you have the GPOs and Google Chrome stuff.

If the student logs into the web browser (probably should be blocked and managed with the roaming profiles actually) and then goes home and signs into the browser as well Google, not the school could download and install settings because that's why you sign into the browser. It roams the settings. It has absolutely nothing to do with the school or their system/settings at all.

Seriously, it's obvious you do not know what you're talking about.

TheMuffnMan def knows his stuff. Actually had to explain this policy to a parent at the previous school I worked at. It's so hard to explain technology to people with zero education on the topic. It'd be like throwing me in a chemistry lab and expecting no explosions to take place. Once you get into large active directory group policies...it's no longer something everyone understands.

Thanks for the self-conscious, self-defensive, unpersuasive, fraudulent reply, fraud.

I could literally max out four reddit replies explaining how it works but something tells me you would still be unconvinced. You do not know the technology and it is apparent. Feel free to go through my post history and read the technical solutions I given on multiple sections (sysadmin, Citrix, VMware, Windows, etc) for evidence I know what I'm talking about.

You're not going to do that either because you'd rather believe this is a giant conspiracy of the school to gather data from home computers.

Could you stop with the obnoxious verbose replies? I'm really uninterested in your nonsense.

I've worked for 4 school districts in the past 12 years. all issued laptops to EVERY student...comment on things you know about...

Good for you, you somehow worked at the only schools districts that have the funding to give every student a laptop.

In a parallel universe of course.

No, 1 to 1 device programs are very common especially in the higher grades. A Chromebook can be bought for well under $200.

but OP is going straight to the deep end without reason

I don't think so.

"Getting there taking a minute to prep it all.. Had to read 40 page manuals, and dig thru stuff, find the laws, a lot of it was gathered by redditors in other threads when I was simply suspicious it was doing something screwy, they were able to gather the info faster than I could have."

"I'm going to attempt to talk to the superintendent of schools about this, doesn't appear legal."

OP is just looking into the matter in an informed manner. YOU are the one attempting to SJW your way into this, escalating the conversation to him being unreasoning in the matter, and going all overboard in his efforts.

You want to "dig into his other claims?" Fine. But you've already shown an amount of confirmation bias, and he appears to be making efforts towards proper due diligence of full situational discovery without your venial, extraneous, and acerbic involvement.

A non-technical person making technical claims and posting on /r/conspiracy convinced a school system is hacking into his personal computer via a Google Chrome plugin and is a rootkit in effort to install, manage, and uninstall whatever software on his machine.

Those are his claims/concerns. They are all ridiculous.

Biased. Sad.

In /r/legaladvice posts or comments encouraging others to contact the media or to post on social media get removed. Sometimes, though, it appears to be one of the best options.

This case appears to be one of them.

If the superintendent doesn't do anything, take all this info to a good lawyer and ask him if you have a legal(or lawsuit) case against the school. If you do, go from there. Remember, never take any legal advise from anyone here on reddit, claiming to be a lawyer or not. Always ask your lawyer first.

I've heard of so many schools surveilling students along these lines. There's no reason a school should take such an active interest in a child's off-campus internet activity. It's creepy and fucked up. The people running these schools are pathological control freaks and they need to lose their positions.

You've gotta remember, these are being installed on the computers, not on the user accounts of such computers. They are literally spying on the entire family.

One of those I can verify 3 girls saw a webcam kick on while using a mac, but the light turned on, and they covered it with a bandaid, that one my kid told me, she's an awful liar I'm 99% sure she's not making it up.

that little tidbit ought to make the superintendent shit a brick.

The general public generally doesn't care about computer privacy, but if word gets out someone at the school hacked a computer webcam to spy on little girls... that will make headlines.

someone at the school hacked a computer webcam

It wasn't hacked. The school enforces a policy that gives their contractor admin permissions on all PCs the students use Chrome on. There's no hacking involved.

The legal problems they can get from stuff like this is mindboggling. And they do break the law doing this, as they were never authorized to access non-school computers.

I understand that, but the details of how it's done don't matter to the public though, and they certainly don't matter to the media.

its been done by other schools, caused ructions too.

Lol, no they can't.

The school is not gaining any elevated permissions on your system through a Chrome extensions. Christ.

While I agree.

https://chrome.google.com/webstore/detail/impero-education-pro/gblkchompccdlgleecnffhlefbhejhhb?hl=en

It still does enough to piss me off, and others I'm sure. No one should be taking active screenshots of my browsing, let alone a school IT department. Reviews are populated with students clearly stupid enough to log into chrome browser with their school provided google powered email account, thus OP has some valid beef. If the school system has an Impero server hosted with external access, there's no reason this extension wouldn't work in the wild just the same as it would on their owned devices on their internal network.

The OP should be upset that his child, who doesn't grasp the roaming concept, is signing into the browser with the same account. This is nothing to do with the school or their settings.

And again, this software in no way is going to give any NTFS/security permissions and certainly isn't going to elevate them on a home computer.

The installation of software is likely verbiage related to its ability to install/manage plugins/extensions within Chrome.

Like I said, I agree with your position. It's not going beyond the browser from what I've read about the extension and people are conflating a browser and an OS in their head and don't understand the difference between the two on a computer. Just like they don't understand the difference between logging into their email, and the chrome browser itself.

The school should still issue a statement stating the implications of external use.

I'm actually surprised they don't block signing into the browser itself. Most companies I install Chrome for we'll disable sync:

https://support.google.com/chrome/a/answer/6309115?hl=en

Then you roam their settings within the profile management, whatever product that may be.

Again, I can only agree with your position. It's likely shortsighted action on the IT departments end, but if it is known and understood internally they should adjust group policies accordingly and alert parents and students alike of the change and why. Transparency is going to be pretty key if OP cleans up his position and addresses the real concerns with the school board.

You're so dumb. The chrome extension doesn't give them a backdoor into your computer. Google would NEVER allow that. It allows the school to control CHROME and only if you log in via browser, dolt.

Chrome extensions are per-user basis...

If they all use the same account and the child has logged into the Chrome browser then that's a different story.

this type of stuff is why I am paranoid, and only use the chrome browser to do school stuff, and Firefox for general purpose then a secret not technically installed browser for anything questionable. Then a Linux hidden distro that would be hard to find, as the hard drive is completely hidden and unmountable in windows. I don’t think the university I go to would ever do this but It is better to be a paranoid and safe then finding out someone is spying on you.

Look into qubes

Thanks for posting this, never heard of it and checking it out

Qubes is a solid piece of kit.

A Linux distro with KVM machines to separate tasks would work as well, but Qubes is built for it.

It is however a MASSIVE ram whore... you pretty much need 8GB for decent performance, and 16GB is recommended. 32GB is the RAM you need not to worry at all about ram. But thats life when everything is running under a VM. You can get away with less RAM if you are very careful about what you run, you use minimal templateVMs, do one task at a time, etc.

As someone with 32gigs of ram this is giving me a hard on and will have to go try it out.

This is all indoctrination to teach kids at a young age to get used to having your every move tracked and recorded. This way when you grow up and the government is doing the same thing it won't be anything new. Welcome to the nanny state.

Report them to the FBI?

Now is probably not a good time for them.

2 s00n

Hopefully the new director won't come with Loretta Lynch balls deep in their taint.

They'd probably just update the school's spying tech.

Hi OP. How is the impero software getting onto the student home computers? I have read your post a few times and I must be missing something, are students forced to download something to access school work which includes the impero tracking?

I am Head of Computer Science at a high school in the UK and we use Impero a lot in the classroom, not just for managing access but for distributing and receiving work. I have always found it an impressive and handy classroom tool. We do not use it at home.

I can tell you from the admin side impero stores a huge amount of data on its users, screenshots, video, browser history, program usage and more.

Wow, just wow. Should my administration ever suggest this I will be strongly advising against it. What a can of worms it opens! Not just the spying on kids but others in the house.

He's wrong about the abilities of this software.

How does it do that? A decent web browser should always ask for confirmation when a change like this is done. So is this a Google Chrome bug/feature?

But how is this even allowed? That's like the entry point for any malware. Plus you should always have to confirm the administrator policy.

Also how does this shit goes through the UAC barrier?

/r/badsysadmins

If you didn't start Chrome with administrator, no matter how compromised is your Chrome (we'll assume 100% under the control of the malware), it shouldn't be enough to install software on the computer or turn it off. If it could, that means there's a big hole in Windows there as well.

Can you connect to the website with a VM or a throw away PC to check how it got inside Windows?

So when you log in the first time, you still get a prompt asking you to accept that Chrome thing. What I don't get is how it gets out of chrome. The rollout guide says this only installs the addin. So while it sucks, it only fucks up your browser.

chrome installs spyware fam lol

https://www.theguardian.com/technology/2015/jun/23/google-eavesdropping-tool-installed-computers-without-permission

The client systems would need to be joined to a domain to receive the client software via Group Policy (or other managed software deployment means - SCCM / CASE / etc).

This only affects school-owned computers joined to their domain or otherwise enrolled in their fleet management solutions.

So in practice it isn't that bad, they just know what you do with one browser. The smart thing to do is to get a portable chromium or the like and use it for their shit and nothing else.

Unless you were to install the management client on your home computer, then enrol your computer into the school's management system (which would involve granting the school's system administrator remote access to your computer by setting up either a local administrator account for this purpose or joining your computer to the schools 'domain') then they don't know anything.

This sort of thing only works on what would be called 'managed' computers. i.e. they are the property of the school and have special software installed so that the systems administrators can control them (i.e. deploy software, configure settings, install patches, etc).

In the case of chrome you apparently can disable the warning by the administrator policy in the image I linked

Sorry to be all up in your words, but I'm really having a hard time understanding what you mean in either sentence here actually...

"In the case of chrome you apparently can disable" ... meaning the nefarious website can disable it??

That would be a giant effing security hole in Chrome, no?

It technically does, but not specifically for the impero chrome extension. Since the account is a Google Suite Education account, managed by the school, the school set a policy to automatically install the extension as shown by the screenshot. However, when you use a G Suite account and log onto chrome on a new device, it will warn you about linking chrome data to the managed account and in the dialog box will states that you are giving the administrator control over your Google Chrome Profile, including the apps installed in the browser, browser history, bookmarks, etc. You then have to click "Link Data" to logon to chrome with the school email account. After you do so, the school can remotely install extensions and apply policies on chrome without permission.

When they log into their school issued email account, it installs administrator privileges that block the screens which ask your permission to install extensions by google administrator policy, then it installs that extension in the background without ever showing the popup notification/warning anything is being installed.

Not without the client software being installed first it doesn't. This sort of system is intended for use on school-owned computers (which should be covered by a privacy policy spelling out what privacy can be expected) where the network administrator has the ability to deploy software to the fleet over the LAN. See the rollout guide in the manual you posted if you want specific details of how the client is rolled out. Unless your home computer is owned by the school, then there is simply no way they can deploy the client to it.

No client software, no control. This does NOT affect home computer use by simply 'logging into email' but would only affect computers owned by the school that have the client pre-installed.

It CAN be set up to preinstall if the user logs into -chrome-, not just their email. If chrome prompts them, and they know they have a google powered school provided email, they'll likely use that. Logging into the browser is what's causing the automatic installation. I have plenty of my own extensions that follow me across machines similarly.

OP has some legitimate concern here, children should be being told not to use this shit at home, or at least not to log into chrome with it.

Op does not have a legit concern. Nothing was installed to windows, just the chrome extension which does not give access to the computer or OS. If chrome did that, nobody would use it. There is literally nothing in the screenshots, even the links, to suggest that software other than the chrome extension is installed. Further, sign in to chrome is unnecessary and the installed policy can be removed by logging out.

You should look at the extension itself in the chrome store. It explicitly claims it will filter web traffic, can screenshot the browsers active tabs and so on. Not at at the OS level, but browser level. That's still not ok. Of course sign in is unnecessary, but again, look at the chrome store entry for the browser extension. Most comments in the review portion are by people who think logging in with their school credentials IS necessary and they whine about the effects of such. You and I may understand the difference between a browser and OS, but these end users clearly do not, and it's likely students who use these credentials to log in at home won't either. The school, if aware of the setup of their school provided google accounts consists of what OP is claiming even if only within chrome browser itself, absolutely should alert parents and students to these risks.

If my school could screenshot my active tabs at home cause I was too stupid not to log in at home and subsequently have chrome download and transfer extensions and their settings, I'd have a large problem with that, even if it was my own ignorance as the root of the problem.

THANK YOU!!! These posters are going ape shit over NOTHING!

Since you are in the know with this app.

Idk if I missed it, but are these School owned PCs that they let students use throughout the school year, or are this privately owned PCs?

If a privately owned PC would access the the schools email would the extension be installed without the user knowing?

When they log into their school issued email account, it installs administrator privileges that block the screens which ask your permission to install extensions by google administrator policy, then it installs that extension in the background without ever showing the popup notification/warning anything is being installed.

Sounds like it installs on ANY pc accessing school email

No, it's Google roaming the user's extensions, bookmarks, etc if they've signed into Chrome.

However OP hasn't provided a fully detailed bit of what's on Chrome and such, just the policies section and clearly is not a tech person.

It's not if they're just accessing school email. It's the user signing into the browser.

It only installs a chrome extension and only if you log in to the chrome browser itself with your account. The browser extension can't do anything outside of chrome and again, you don't have to sign in to the browser.

It sounds like the student logs into Chrome at school, where the extension is installed. Then, when the student logs into Chrome elsewhere, the extension comes along for the ride.

The implications to this are immense.

Exactly how it works when you sign into Chrome on multiple computers, of syncs the settings, extensions, etc. This is no different.

This sound big. Reminds me of that scandal about a private school spying underage students via the compromised webcams on their school-provided laptops.

Document everything, check the small print on any internal regulations students have accepted to comply and be prepared to suffer some backlash. Hopefully internal authorities will address this issue but be prepared to go to media if they want to keep this under wraps.

Wven if there was a law that "gave them permission", the next step would be to get that repealed/not obey it.

I can't find a state or federal law that gives them permission

because they would be fury if one attempted to be passed.

https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School_District is the case referenced, if anyone is interested in seeing its exact details. It's quite similar to what you're reporting now.

I doubt anything an elementary school kids signs regarding school rules can over ride state law. minors can't legally enter into a contract and even if they​ could, that still doesn't mean the school can break the law. for instance, I can't legally sign myself into slavery, even as an adult.

https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School_District

When I saw the title I was sure this was going to be a gross exaggeration, even though I am familiar with your original post. But nope, looks like you did a solid investigation and are exactly right. This is just an abuse of power and the trust relationship between the school and its students and parents. I hope something is done, this is just totally fucked up.

Have you found any evidence that they have used those admin privileges to install anything else interesting?

Have you found any evidence that they have used those admin privileges to install anything else interesting?

If you have admin permissions and know what you're doing, nothing is exactly the thing the computers owners are expected to find.

Meaning, if OP finds something installed by them, it is simple proof that they are either not malicious or massively imcompetent.

Keep us updated! This is probably going on all over the Nation!

You should contact a lawyer and sue them.

I'm just saying better to get it all to a lawyer first. The more they can hide the better for them if it gets to court.

You want to contact a lawyer before they start shredding documents, deleting emails and having lawyers coach people on what to say.

Make sure your dealings with them are mostly in writing. As Tennessee is a one party consent state, I suggest you covertly audio record any in person conversations with the school .

Look, they've done enough illegal things that you might be able to sue them and win enough money to put your kid through college.

If her tendency is to jump to worry of lawsuit, then she knows that the IT people know its wrong. She might not grok particulars, but someone has coached her that your type of curiosity is dangerous to status quo that ahe enjoys.

Contact EFF & ACLU, one or the other is likely to have pro bono help to offer.

Dude! I was just thinkin aboit your sitch. Hope all is well.

I don't really wanna sue them

Dude, nobody wants to enter legal battle, but this is often the ONLY way things get done and out in the open.

You're on bureaucratic turf now and you need to fight the bureaucratic way, unfortunately. And that means lawyers. Start mobilizing.

Holy crap! This is so much worse than I'd anticipated from your first post.

Give some thought to speaking with your attorney before going to the media; the last thing you need is some local news dick distorting editing distorting an interview with you for any reason.

Keep us updated, please.

I was already a little worried before reading this always wondering if schools would ever do stuff like this. Anyway if it is possible can you make a guide on how to find, and uninstall this type of spyware, I would like to know more of what to look for, I would search threw all the plug-ins installed but the home desktop has like 45 plugins from my brother installing them, and mine has non, but mine would not as likely be infected, and rarely is used.

Lawyer up and go straight to the local news. I hope this shit blows up.

1. Hit the lawyer

2. Delete the gym

3. Hire Facebook

Only reason I use Windows Is for video games and because for some reason the software I use for my accounting classes works horribly on Firefox, and can't sign in on Linux chrome. My little brother has his school email that he has to use for his school work. I know the school system, and this seems like something they would do. They monitor people's Facebook and Twitter if it isn't fully private.

Is it possible to use the Wine program within linux to play Roblox,? I rarely use linux and when i do its only Ubuntu

In this sort of scenario (i.e. computer is managed by the organisation that owns it and has management software installed) the OS is irrelevant. Linux in such a situation would be exactly as 'secure' as Windows in that it will obey what the system administrator tells it to do.

Theyre NOT doing anything like this unless they own the computer. OP has blown this out of the water. Don't believe me? Cross post to one of the many computer admin subreddits.

public school or charter?

Fantastic research OP. I would advise talking to a lawyer incase the the school sees you as a threat instead of someone asking to apply help.

that's fucking teamwork!

Glad we're on the same page KG

I suggest you contact a lawyer. This is a egregious violation of privacy. This sounds like they most likely are violating COPA, among other privacy and computer laws. I'm sure you could find one willing to take the case pro bono.

Heck yes! I would also contact an anti virus company. They can do an analysis and make it public. They love press.

This is actually a really good idea.

Having gone to school in Tennessee, this sort of stuff doesn't even surprise me. Just about all the administrative body for my high school was corrupt and did anything they pleased. Don't let them get away with this crap.

Outstanding detective work. This is the kind of thread I come to r/conspiracy for.

I intuitively don't like to share computers with my family members -- and this reinforces my gut feeling it's a bad idea.

OP, consider x-posting to /r/privacy and /r/netsec. I'm not certain if their mods will allow your post in it's current form over there so you could message the mods if they would allow your post.

Please post it there so they can laugh you back to your conspiracy forum.

I'm going to get downvoted to hell for this but here goes... Just because the extension can do what you have reported doesn't mean that anyone is using it for that purpose. It could easily be that the extension provides multiple functions and only some are being used on home machines.

Not only are you correct, but this moron neglects to mention that he doesn't have the imperi client installed. It's only a browser policy that is only there because he logged into chrome itself. The chrome extension only allows access to chrome and the policy can be removed by logging out of the edu account.

If he had just logged into Gmail, no policy would have been applied.

There's a video of some guy lecturing about common core and how the schools are using their issues Tablets/laptops to, for lack of a better word, spy on the kids.. he said it's no secret that they use the cameras to scan students faces and they collect and sell all the data that passes through those particular machines, he also said that some schools will have the Tablets lock out the parents if they recognize their faces and they aren't allowed to check their kids stuff. If I find the link I'll post it but for warning it's around 3 hours long, if you have the time it's well worth watching though.

Uuuuhhh because schools have one IT guy managing thousands of tablets and networks...try manual update, patch or reboot on 2000 icky sticky school tablets....it takes a while for one or two techs...now lets say that needs to be done every other week. The schools aint hiring an army of techs to do that

Im just repeating the common complaints I hearfor years from my IT buddy for the school districts... severely understaffed, while the non technical administration managment makes all the IT decisions that make no sense to the IT department....so the networks and patches are always willynilly FUBAR and abnormal.

Im just repeating the common complaints I hearfor years from my IT buddy for the school districts... severely understaffed, while the non technical administration managment makes all the IT decisions that make no sense to the IT department....so the networks and patches are always willynilly FUBAR and abnormal.

Im just repeating the common complaints I hearfor years from my IT buddy for the school districts... severely understaffed, while the non technical administration managment makes all the IT decisions that make no sense to the IT department....so the networks and patches are always willynilly FUBAR and abnormal.

A yup! You repeated it 3 times, alrighty!

Something like this happened 7 years ago:

http://www.computerworld.com/article/2521075/windows-pcs/pennsylvania-schools-spying-on-students-using-laptop-webcams--claims-lawsuit.html

And has probably happened quite a bit since.

Saw your first post when things were murky. Your perseverance is admirable.

I am a Google admin for a school district. If a student signs into chrome browser (not email) it will download the user policies that we apply for Chromebooks. She should not need to login to the browser to access email.

This. There's a difference between checking your email and signing into Chrome.

Lol, holy fuck.

OK I want to clear some possible misconceptions up. When your daughter logs into chrome browser it creates a profile within that chrome browser for her. It then applies whatever policies are in place for the school. I assume they use Chromebooks. So they use this policy to install apps to content filter and have classroom management. Whatever is installed will only affect her profile in chrome (you can switch its the box in the upper right corner with your daughters name in the picture you posted). You are technically using a school resource when she is signed into her google account. If you don't like it then don't have her sign into the chrome browser. She can still go to gmail and drive without signing into the browser.

This is incredibly alarming. What is the purpose that a school would have for having access to a private home network? So simply logging into an email on any computer is now a method to surveil? I feel like this is going to be increasingly common with policy hidden in the details to eventually get in on the monetization of data.

Great work man, they need to be sued.

Do not talk to them. Sue them.

r/netsec

Well done!

This could be how you get set for life. Talk to some real high class lawyers about bringing a 4th amendment violation lawsuit against the county.

News and lawyers. I'm glad to see the return to old conspiracy sub. We need to be aware of the lack of privacy we're getting nowadays.

Holy shit. You need to take this to the press asap. These fuckers think they can get away with it and pretty fucking ballsy of them to do so.

If you're interesting in contacting the relevant Tennessee government agencies about this, I would recommend contacting, as follows, these offices:
TN Atty. Gen. - (615) 741-3491
TN State Board of Education - (615) 741-2966

I wish you the best of luck in this matter, OP. This is creepy as all hell, and IMHO, there is NO legitimate reason whatsoever for the school to be invading this far in to anyone's privacy.

PS: you might also try to make a thread on /r/legaladvice , they do have some rather legally knowledgeable people there who might be able to better point you in the right directions.

send this to the local news paper editor or better yet call them. Putnam county i believe has a bit of history violating rights of just about everyone. see if you cant find an independent circulation...arts music weekly....something like that. im sure someone would like to hear this.

There is only one reason to do this, and it's nefarious.

No excuse is acceptable.

I almost hesitate to chime in on this, but I am an IT Guy at a high school. We have software on all of our on campus computers that allow us to take control, install stuff remotely, deploy GPO, wake on LAN, etc. These are all very common things when you have a whole network of computers to maintain. Imagine walking around campus turning on/off every computer and installing updates or configuring settings manually 1 by 1 by 1... So, inherently the ability to do these things isn't malicious.

All of our students bring their own devices and we do not install anything on their personal devices, but there are school computers in the library, classroom, cafeteria, computer labs, etc. I'm not familiar with this particular extension, but the only thing I can imagine is they have this set as a user policy through Google Admin to set these permissions on any computer that user signs into with the intention of them using a library computer, a classroom computer, a computer lab computer, etc. I hope that's the case and they didn't realize it would also apply to their home systems. But I can't speak for their intentions.

I'm not denying that. I'm just saying the IT person may not have realized it was extended to every computer they sign into chrome with, even off campus ones. There are some school in our area that don't have staffed IT, they have a 3rd party company or they have the IT guy for their district who is in charge of multiple schools and different policies and setups.

I'm trying to play devils advocate on this hoping it's just negligence, but nothing on this day and age surprises me.

I think you definitely want to take investigation to professionals, disconnect your computer from any chance of updates, its evidence.

I have a similar reply. These people are freaking out over nothing.

If (and if it's a rootkit, I imagine they do) they have access to the folders on the computers that store pictures.... I can imagine this district being torn apart because of this. TN is conservative to the max. You know the board is gonna get fired.

It's silly to think this is the only district doing this.

Well holy shit.... Goes to erase dog and goat porn in hopes no one knows yet.

Oh, they know. They KNOW.

Well I didn't do it. I would never do anything like that anyway.

'cept that one time, but you didn't make eye contact so it didn't count anyway.

Hey OP. Post this over to /r/netsec and they might be able to give you a workaround as well. This is bullshit.

The workaround is to simply sign out of Chrome and possibly reset the Chrome profile. The "damage" does not extend beyond the Chrome profile.

I respect your attitude because of the action that doing an apology for a information that you made turned to be false.

Yeah. This is horrible news. My friend got called to our school and when she arrived they were about to institutionalize get daughter (13). Said she was "suicidal". Cops are there and had asked her to sign something before the mom arrived (she refused). School had read her email, literally a joke. No shit.

How can you tell from those screenshots, that impero software is installed? I can see blocked extensions (netflix, vpn, dosbox) and 2 mandatory extensions that are not impero (MyVocab and Compass Learning SSO).

But that does not show in required extensions.

These two are there: "npfplmfmbflbcffpkpgmhpinemlimnnc;https://clients2.google.com/service/update2/crx" is MyVocab

jbaceiimclclngcpmamngngidchigmom;https://clients2.google.com/service/update2/crx" is Compass Learning SSO

Where do you see imperio?

talking about this: https://www.reddit.com/r/conspiracy/comments/65a3u1/my_daughters_us_public_elementary_school_installs/dg9ifo1/

I thinks he is just speculating. He probably didn't check the screenshot and says it's impero IF that string is there (asking you to check it).

He's an idiot who's going to pay a few grand to his lawyer to find out he's water both his time and a nice chunk of his daughters college fund.

you're an idiot who has no idea how IT or computer management works.

please save your "investigation". That account DOES NOT belong to you or your daughter. It belongs to the school and they can put whatever the fuck they want on it.

You are SO worried about privacy, you posted a browser picture with PERSONAL INFORMATION in it. Some privacy expert.

All the lawyers you talked to laughed out out of their office, which is presumably why you haven't already been told to shut the fuck up about it; there's literally nothing to see here.

You NEVER had to sign into chrome with your school account and when you did, you accepted the EULA that comes with using that account with chrome.

Why doesn't your "proof" show any sign of the Impero agent, it didn't bind your computer to any central auth system, it didn't apply any policy to anything other than CHROME, and you should feel like you just wasted a huge amount of time.

Congratulations. When you get the letter from the school's legal team informing you of all the same blunders i've pointed out i hope you post that but something tells me you wont.

LOL is this the website that's "TOTALLY SPYING ON THE ENTIRE FAMILY OF IT'S STUDENTS!!!!" ???

http://northeastelementary.org/

Just get off your high horse. A child was arrested the other day for LIKING the picture of a gun on FB. He used his home computer in his room to do this. Yet someone, somewhere from his school grassed him up. Their argument was that it is against school regulations to be involved in any activity as described. Now, most people have wondered how a school would know, considering this boy was alone and on FB.

You laugh at things that have already come true. Schools can and have used their powers to infiltrate private computers against pupils, and it can only be because of their planting of these programs.

I really don't care that some people don't read the small print. How and why would they, if the school says that they are required to agree. You could read the small print and still have to consent if you want your kid to go to that school. OP even tried to opt out as suggested and wasn't allowed, despite it being apparently an option on the contract!

You probably think that because you 'know' a bit about IT, that you are the most switched on person but privacy is a right in a free country. OP has no privacy, other parents who let their child use their home computer to be used for school work also have no more privacy. All of their searches can be monitored and used against them. That's beyond utopian and it is wrong. Just like civil forfeiture is also wrong, despite it having been lawful, it is now being changed. Thanks to people complaining and doing something about it.

I don't think OP would be laughed out of a lawyers office if the program was misused/ abused/ used for illegal privacy breaches. I am just glad that there are still enough 'old school' people left that will expose unfair techniques and we are not all wet blankets that think authorities could never do wrong.

Grow up man and see it for what it is.

I don't just know a bit about IT, I roll that software for a living. Please educate yourself. If chrome could take over your computer nobody would use chrome.

And yet still no proof. Sad.

This reminds me of a story where some lady tried blocking the power company from building something, and she wound up gangstalked. It's worth sleeping with doors bolted and telling ur kids to do the same. If you find you are being stalked or harassed, read this book:

http://thoughtlessness23.blogspot.com.au/

Maybe go to the local news about the story.

since south carolina failed to block porn in 2016, maybe it's bible belt neighbor tennessee is attempting to use the school system to accomplish the same type of block.

From looking at the screenshots it seems that account logged into chrome is a "managed" G Suite for Education account which is issued by the school. The school was able to push the policy to automatically install the impero extension and setup a manual URL Blacklist using the G Suite chrome management features. I don't think the impero software/extension was ever intended to be implemented this way and is designed to be only installed on school owned computers. But since the school seems to be using Google's G Suite platform to push these settings, I think you may even be able to file a complaint to Google for the school's abuse of the G Suite platform to illegally spy on non-school devices without permission in addition to talking to the school and consulting a lawyer.

Sue the dogshit out of them.

How do I check to see if it's been installed on my computer?

Windows lol 😁

as someone who does this for a living you need to chill son. you got a bark and it's loud, but you got the wrong coon in the wrong tree.

I would look into the softwares ability to access the camera remote, and what it does with the camera activation light if it has one.

you then need to install wireshark, and start looking for connections coming and going from the machine.

look at the traffic and determine what it's looking for.

most maleficence for real money will come out of the camera or listening device if you can prove they are accessing it.

there was a case about 2 years ago along these same lines, and the father worked in IT. he ended up owning the school system for something similar.

that's normal though, for a corporate owned device. most have security metrics they are trying to meet.

wake on lan is a setting in the bios that can be turned on or off, and requires it to be physically connected to a supported switch. odds are your home network is not supported, unless you have it in a DMZ, and they are using intel amt. which they aren't, cause no one is.

someone already told you what happened. someone is signing into chrome with a student account, thus it's loading the extensions.

you can simply block them from installing. even have chrome blacklist the extension ids if it's on a home machine.

in most of these situations, you have really short staffed IT depts who don't have time, or care, to spy on someone. however some creepy types do, and that's were the money is, and case if you can find it.

Thanks for your comment. These rabid dum dums getting bent out of shape over shit they know nothing about is annoying.

You've cited a lot of tangential stuff except any of the actual proof.

Show us the computer. Show us the process names, upload some logs, some binaries, something to actually investigate. Not just anecdotes and assumptions.

Very interested in how this turns out. Keep us updated OP.

Is the impereron patch management software the same as the browser extension? Or different program.

I agree with most of the comments. It is illegal to take control of any computer that is not the the school districts property. It is also illegal to have that restriction set on someone's account then when they log into their own, it restricts their computer. They do not have the right nor authority to have that control over your personal computers. I'd take this to the superintendent and have a discussion about this, if I were you. If he doesn't comply hire a lawyer and it should all be settled in a month.

Damn, if only the government would protect us from the government. /s

I work for a school district which has the student google accounts under similar restrictions, the reason why this happened on your home computer was since your student signed into chrome with the school credentials not gmail with their school credentials. The school district goal isn't to get into your home computer it is so that when a student uses a school computer they can monitor it.

Please update us when you get the lawyer Bill and they tell you that you were wrong.

Sure. Which law firm?

The actual true test of what's happening or not would have been if you did a netstat, WireShark, or equivalent with a before/after of your child logging into Chrome. You could then check the public IP's that the computer is connecting to to see where traffic is being directed to. If there's an IP owned by the city/county or something to that effect then you'd know something was calling home to them.

In reality though, you've just got Google doing a profile sync from the school system that has mandated policies by AD GPO which is enforcing plugins to be installed. They should have disabled browser sync with those same policies to prevent what you're seeing. When the student logs into Chrome elsewhere it's syncing those settings that were mandated in the school.

There's no privilege escalation, there's no inventorying of your hard disk, etc. If I had to wager the company has a default set of things blocked (netflix) separate from the school.

Just have your kid's account signed out of Google Chrome for sync and you're on your merry way. If anything you should recommend they implement the 'disable sync' policy with Chrome. I linked to the specific setting in another post if you go through my history.

They don't care about your home browsing habits.

School IT administration typically is not the highest paid and it doesn't surprise me they would have overlooked the sync setting. That and AD GPO can be incredibly difficult to grasp, I've seen people with years of IT not understand basic GPO policies and how they impact one another.

No one is bugging your home computer.

The school didn't install anything on your computer.

Your child logged into Google Chrome which was configured to synchronize settings across machines.

That's not the school, be mad at Google. Be upset with your kid for logging into Chrome. Your child gave Chrome permission to synchronize settings (plugins, etc)

Gotcha, part of it is going to be school IT salary doesn't attract the most qualified candidates so you can get sloppy policies. I got suspended my senior year for figuring out how to bypass some of the security on the machines in all the labs - didn't go over too well with the county.

My guess would be teachers or the IT guys had them set it up that way "because it works" rather than how it should work. That one setting I linked to and keep mentioning (disabling sync) should have been applied. I would absolutely go to them and print off that article and recommend they do it. Group Policy is a tough concept to master and as a result you really do get a lot of dumb luck (trial & error) and then they leave it in place. Definitely not best practice and definitely not production ready stuff.

Software did get installed on your personal machine but it's the result of Google and not the school. The recommendation for WireShark and Netstat would be to determine if the plugin is actually phoning home for policy versus just a default layout.

I specialize in a product called Citrix (/r/Citrix) which is remote apps/desktops and deal a lot with education (mostly upper education) as well as healthcare, insurance, financial, lawfirms, etc. I've seen a lot of sneaky things that kids (and even adults!) do to circumvent security so we try to lock down stuff as best as we can.

Part of that is implementing the Google Chrome templates. Google and Firefox both can install into the user's personal directory (C:\Users\%username%\AppData) which doesn't require admin rights and is an absolute pain to prevent. There's a few other pieces of software that do the same - DropBox, Spotify, etc

https://support.google.com/chrome/answer/165139?co=GENIE.Platform%3DDesktop&hl=en

To help keep your data private:

• Only sign in to Chrome from trusted devices.
• Don't sign in to Chrome on a public or shared device.

School system is a shared device.

Also, to be 100% clear.

Active Directory Group Policy mandating the installation of any software or any policies can only occur on domain-joined machines.

That means, if the school is mandating the home page, internet settings, extensions, plugins, security settings, etc those settings can only apply to computers on the school's domain. There's is absolutely no way possible for the school's AD GPO settings to apply to your personal computer. It's technically impossible.

That said, and to reiterate what I said earlier, Google Chrome and its account are separate from the school's policies.

If the school allows the students to create a Google account with their school email and they're permitted to sign into Chrome and the administrators have not disabled Google's sync then if the students signed into another computer (personal, work, school, etc) Google would install whatever associated plugins you had and sync your bookmarks.

That does not bypass any security restrictions on the computer. Hopefully you've given your child a 'standard' user account rather than an adminsitrator but even then you should have User Account Control enabled which would prohibit anything without user intervention.

Google Chrome plugins do not require any escalation of privilege to install. They're installed on a per-user basis in the user's C:\Users\%username%\AppData folder (I think it's in the Roaming subfolder).

Now, the plugin you're specifically concerned with may have a default set of settings (Incognito, etc) that it installs with. If you log your child out of Google Chrome those plugins, bookmarks, etc should all go away automatically.

The school should disable synchronization to prevent this from happening but it's not some hidden agenda. Everything you're seeing can be explained from a technical point of view and makes sense.

Your child consented to synchronizing settings when they logged into Chrome - that would include those plugins and settings. There's no crime committed here.

I did look up the minimum age for a Google account is 13, how old is your child?

Yeah, you can disable the synchronization in Google Chrome for extensions and keep their bookmarks and passwords.

Chrome Sync Settings

Pretty granular in what you can keep/ignore. On the home computer until they modify the disable sync I'd just disable the browser extensions from syncing.

Regarding their ages, it's possible the school is associated with Google for email, I know my college was, but I'd also double check your children didn't create an account on their own with a school provided email - which is something you can do.

If the school gave them a Google account see here I'm sure there's different policies on the ages and such.

I sent this thread to the school and superintendent with my comments.

For someone who is so concerned with privacy you sure did post a lot of identifying info.

Oh good. Yea post all the stuff. I'm headed over to your towns subreddit and Facebook now to make you look real dumb :)

You're not going to get any publicity because nothing illegal is taking place.

For someone who is so concerned with privacy you sure did post a lot of identifying info.

Your about as bright as a broken bulb.

It's one thing to give out your information freely at your own will. It's another for a 3rd party group to secretly steal said information.

How you can't understand that is absurd and I'm embarrassed for your lack of mentality.

Ooooooo I know things you don't understand are scary!!!

Also remember that the school is an agent of the state. 4th amendment protections likely apply here as well.

Wendel and twindell should have this as one of the topics on next week's podcast

So in practice it isn't that bad, they just know what you do with one browser. The smart thing to do is to get a portable chromium or the like and use it for their shit and nothing else.

Chrome extensions are per-user basis...

If they all use the same account and the child has logged into the Chrome browser then that's a different story.

I'm actually surprised they don't block signing into the browser itself. Most companies I install Chrome for we'll disable sync:

https://support.google.com/chrome/a/answer/6309115?hl=en

Then you roam their settings within the profile management, whatever product that may be.

Good for you, you somehow worked at the only schools districts that have the funding to give every student a laptop.

In a parallel universe of course.