Malware in Educational Technology

GNU Supported by the Free Software Foundation Site navigation Skip ●ABOUT GNU ●PHILOSOPHY ●LICENSES ●EDUCATION ●SOFTWARE ●DISTROS ●DOCS ● = MALWARE = ●HELP GNU ●AUDIO & VIDEO ●GNU ART ●FUN ●GNU'S WHO? ●SOFTWARE DIRECTORY ●HARDWARE ●SITEMAP

/ Malware / By product /

Nonfree (proprietary) software is very often malware (designed to mistreat the user). Nonfree software is controlled by its developers, which puts them in a position of power over the users; that is the basic injustice. The developers and manufacturers often exercise that power to the detriment of the users they ought to serve. This typically takes the form of malicious functionalities.

Tech corporations have invaded the education system introducing their proprietary products filled with malware. Education is a field that allows these companies to easily spread their unjust software in all directions, infecting deeply every area of society. Join us in the fight against the use of nonfree software in schools. This page lists malicious functionalities found in software used in educational environments. If you know of an example that ought to be in this page but isn't here, please write to <webmasters@gnu.org> to inform us. Please include the URL of a trustworthy reference or two to serve as specific substantiation.

Latest additions

Entries are in reverse chronological order, based on the dates of publication of linked articles. The latest additions are listed on the main page of the Malware section. ● 2025-05 Microsoft Teams has been collecting voice and face data from students of an Australian school, to feed the CoPilot chatbot. It took the school network administrators a whole month to realize what was happening, and disable this malfeature. It was obviously beyond their imagination that Microsoft could have made biometric data collection the default in Teams! Let's hope legislators and regulatory agencies all over the world will quickly put a stop to this sort of outrageous practice. In any case people would be better off switching to a free-software replacement such as Jitsi Meet for medium-size groups, or Big Blue Button for larger ones. Many public instances are available, and groups of users can also set up their own servers. ● 2022-05 A worldwide investigation found that most of the applications that school districts recommended for remote education during the COVID-19 pandemic track and collect personal data from children as young as below the age of five. These applications, and their websites, send the collected information to ad giants such as Facebook and Google, and they are still being used in the classrooms even after some of the schools reopened. ● 2022-03 The nonfree app “Along,” developed by a company controlled by Zuckerberg, leads students to reveal to their teacher personal information about themselves and their families. Conversations are recorded and the collected data sent to the company, which grants itself the right to sell it. See also Educational Malware App “Along”. ● 2022-02 Honorlock set a network of fake test answer honeypot sites, tempting people to get exam answers, but that is a way to entrap students, so as to identify them and punish them, using nonfree JS code to identify them. ● 2021-10 EdTech companies use their surveillance power to manipulate students, and direct them into tracks towards various levels of knowledge, power and prestige. The article argues that these companies should obtain licenses to operate. That wouldn't hurt, but it doesn't address the root of the problem. All data acquired in a school about any student, teacher, or employee must not leave the school, and must be kept in computers that belong to the school and run free (as in freedom) software. That way, the school district and/or parents can control what is done with those data. ● 2021-05 60% of school apps are sending student data to potentially high-risk third parties, putting students and possibly all other school workers under surveillance. This is made possible by using unsafe and proprietary programs made by data-hungry corporations. Please note that whether students consent to this or not, doesn't justify the surveillance they're imposed to. ● 2021-04 A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. The researchers demonstrated a three-bug attack chain that caused an RCE on a target machine, all this without any form of user interaction. ● 2021-02 The Prodigy maths game played in schools at no cost entices students to play it at home, where the company tries to lure them into paying for a premium subscription in exchange for mere cosmetic features that, at school, underline the socioeconomic gap between those who can afford it and those who can't. The strategy of using schools as a fishing pool for customers is a common practice traditionally adopted by nonfree software companies. ● 2020-12 The HonorLock online exam proctoring program is a surveillance tool that tracks students and collects data such as face, driving license, and network information, among others, in blatant violation of students' privacy. Preventing students from cheating should not be an excuse for running malware/spyware on their computers, and it's good that students are protesting. But their petitions overlook a crucial issue, namely, the injustice of being forced to run nonfree software in order to get an education. ● 2020-11 According to FTC, the company behind the Zoom conferencing software has lied to users about its end-to-end encryption for years, at least since 2016. People can use free (as in freedom) programs such as JitsiorBigBlueButton, better still if installed in a server controlled by the users. ● 2020-04 Proprietary programs Google Meet, Microsoft Teams, and WebEx are collecting user's personal and identifiable data including how long a call lasts, who's participating in the call, and the IP addresses of everyone taking part. From experience, this can even harm users physically if those companies hand over data to governments. ● 2020-03 The Apple iOS version of Zoom is sending users' data to Facebook even if the user doesn't have a Facebook account. According to the article, Zoom and Facebook don't even mention this surveillance on their privacy policy page, making this an obvious violation of people's privacy even in their own terms.

Proprietary malware

All items added since 2018 By type ● Addictions ● Back doors ● Censorship ● Coercion ● Coverups ● Deception ● DRM ● Fraud ● Incompatibility ● Insecurity ● Interference ● Jails ● Manipulation ● Obsolescence ● Sabotage ● Subscriptions ● Surveillance ● Tethers ● Tyrants ● In the pipe By product ● Appliances ● Cars ● Conferencing ● = EdTech = ● Games ● Mobiles ● Webpages By company ● Adobe ● Amazon ● Apple ● Google ● Microsoft Articles ● UHD Blu-ray Denies Your Freedom

▲ BACK TO TOP Set language Available for this page: [en] English [es] español [fr] français [ru] русский

“The Free Software Foundation (FSF) is a nonprofit with a worldwide mission to promote computer user freedom. We defend the rights of all software users.” JOIN DONATE SHOP Please send general FSF & GNU inquiries to <gnu@gnu.org>. There are also other ways to contact the FSF. Broken links and other corrections or suggestions can be sent to <webmasters@gnu.org>. Please see the Translations README for information on coordinating and contributing translations of this article. Copyright © 2021, 2022, 2023, 2024, 2025 Free Software Foundation, Inc. This page is licensed under a Creative Commons Attribution 4.0 International License. Copyright Infringement Notification Updated: $Date: 2025/05/28 19:25:18 $