Online Proctoring System | Just Another Threat?

Lets start by understanding these online proctoring systems which emerged from nowhere just when we needed them, we should understand the idea behind its implementation. The main variables from a solution perspective here are examinee's field of vision and hearing. Case one being cheating and the ideal case two is examinee being evaluated fair. So the solution that online proctoring companies came up with is monitoring the examinee's video-audio via webcam and/or recording it. This brings a major concern, making an assumption that they control the examinee's environment or even examinee's computer system is false.

This is solutionism at its worst. Machines are good with couple millions tasks but using a machine to validate an exam in an uncontrollable environment will always end us with case one. This will become just another excuse for big companies to trade off our data. Most proctoring exams are based off browser technology which means they are web based. Many might even require you to use your everyday browser and might even stop you from attempting the exam on a more private browser.

To make this PII (personally identifiable information) even more targeted, IP address monitoring and behavior tracking will be performed which might also occasionally be accompanied by browser fingerprinting and abusing webgl. If it wasn't enough, many of these companies also stop you from using a virtual machine which is insane, you are being told to open a website on your everyday computer on your everyday browser, to get this precisely your everyday computer system is being subjected to arbitrary code for which you neither have any control nor have access to source code of the application.

This will probably affect the norm and make people more casual about websites they visit. Browsing a website is very similar to installing a program. JavaScript (used by websites) programs can easily bundle unintended code that can execute in background when a user is browsing a website. In addition to it, a bad server side code can log http headers and fingerprint us further. We can blame the browsers that interpret the code, which don't even notify us when certain system information is being accessed.

Needless to say there's several cases where these proctoring software either shared this PII to its advertisers or was compromised and information of entire university students was available online. That being said, everyone should make sure to use unique passwords and follow online safety guides. 

Stay safe.