Hi. My school just started issuing devices last year, and they have this Lightspeed spyware on them. Last year I was able to remove it by booting into Linux from a flash drive and moving the files to a separate drive and then back at the end of the year. This year I have heard from sources that they have ways of detecting someone booting from Linux so I am hesitant to do that option. My only other idea is to buy an old laptop off eBay that looks like it and install Linux on it. I could probably get one for about 50€. Does anyone have any cheaper ideas?

Oh also talking to IT isn’t an option.

  • tpihkal@lemmy.world
    link
    fedilink
    arrow-up
    82
    ·
    1 year ago

    Why would you not separate personal devices from school devices? If you can afford a personal device, do so; it won’t be the last time.

      • HumanPerson@sh.itjust.worksOP
        link
        fedilink
        English
        arrow-up
        62
        ·
        1 year ago

        Actually I can install things on it and only installed a better browser and office suite. I would simply prefer not to be spied on at school, and I don’t think that that is unreasonable.

        • tpihkal@lemmy.world
          link
          fedilink
          arrow-up
          69
          ·
          1 year ago

          Just don’t use school property for things you want to be private. It works the exact same way with anything owned by any organization you may work for in the future.

          • HumanPerson@sh.itjust.worksOP
            link
            fedilink
            English
            arrow-up
            36
            ·
            1 year ago

            I want my schoolwork to be private. I don’t want a proprietary network enabled keylogger on my computer even though I only use it for schoolwork. I am legally required to go to my school, I am legally required to use their computer, I am legally required to give up my privacy. I don’t understand why people think privacy isn’t a reasonable expectation at school. I am okay with the school having my information but they use proprietary keyloggers and network monitoring tools that can do whatever the fuck they want with it.

            • DreadPotato@sopuli.xyz
              link
              fedilink
              arrow-up
              29
              ·
              edit-2
              1 year ago

              But unfortunately your schoolwork isn’t private, it is likely considered property of the school. You will encounter this in both academia and any job you acquire basically. Work you do for them, or as a part of an assignment they hand you (schoolwork, research in university or whatever task at a job) is their property, that is something you unfortunately need to accept.

              Couple that with performing it on a device that is also not yours, but 100% theirs, they are allowed to do whatever the hell they want with it. Even if you did the work on a private device, they sill still own the work and the results you produce.

              • JubilantJaguar@lemmy.world
                link
                fedilink
                arrow-up
                3
                ·
                1 year ago

                By this argument the school should be allowed to install cameras in its bathroom stalls, which after all are its legal property.

                • taj@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  1 year ago

                  Tbh, they very likely have cameras pointed at the bathroom entrances at the very least, and quite possibly in common areas of the bathrooms too. You’re at school. Not home. Your right to privacy is minimal at best.

            • z00s@lemmy.world
              link
              fedilink
              arrow-up
              12
              ·
              1 year ago

              This is the right attitude, my friend, for real.

              I’m a teacher and have guided students down this path before. Tech rights are important, don’t let anyone tell you otherwise. Surveillance is not security.

              Buying that cheapo Linux lappy and running it on the down-low sounds like the best bet. Don’t draw attention to it and you’ll be fine.

              The ethics of what you use it for is up to you: choose wisely. But simply wanting privacy is not a crime.

            • ExLisper@linux.community
              link
              fedilink
              English
              arrow-up
              7
              ·
              edit-2
              1 year ago

              How will they grade your work if you keep it private? Isn’t the entire point of school assignments to show them to someone?

                • ExLisper@linux.community
                  link
                  fedilink
                  English
                  arrow-up
                  9
                  ·
                  1 year ago

                  The moment you transfer your work to a teacher it stops being private. He/She may upload in to could or use any sort of software to grade it/organize it/check for cheating. There are privacy issues worth worrying and there are issues that are not. This is the second one.

              • GBU_28@lemm.ee
                link
                fedilink
                English
                arrow-up
                8
                ·
                1 year ago

                In the workplace, when you grow up (I’m not cutting you down I mean literally when you are older) you will be issued a work machine packed to the gills with network monitoring software.

                Rule number one of being a saavy modern tech employee:

                Don’t do shit but work on your work laptop. I plug it in to an Ethernet connection, disable Bluetooth and wifi, do my job, and have the rest of my life on other devices.

                A second sub-part of this is that when you are on company grounds, never connect your phone to the wifi

        • m-p{3}@lemmy.ca
          link
          fedilink
          arrow-up
          24
          ·
          1 year ago

          Don’t have any expectation of privacy on a device you do not own, this applies with school & work-supplied devices.

          They own the device, they set the terms.

        • FoxBJK@midwest.social
          link
          fedilink
          English
          arrow-up
          20
          ·
          1 year ago

          A reasonable request, but I doubt the school’s going to back down from the position of “we’re allowed to monitor the hardware we own”.

        • GBU_28@lemm.ee
          link
          fedilink
          English
          arrow-up
          12
          ·
          1 year ago

          Honestly man use the device to submit assignments, and get yourself another laptop for everything else.

  • goryramsy@kbin.social
    link
    fedilink
    arrow-up
    48
    ·
    1 year ago

    I work for a school and I provision these types of devices. You do not want to modify or change anything about them, as it probably breaks your acceptable use policy. If they allow you to bring your own device, then do that. But do not change the device they give you in any manner. Just don’t use school property for things you want to be private. It works the exact same way with anything owned by any organization you may work for in the future. They own the device, they set the terms. And your excuse of ‘it does not break policy’ or ‘it is not against the law’ is ridiculous, as policy is intentionally broad for this reason, and the law requires you to not interrupt normal classroom activities. If the school lets you, bring your own device. Otherwise, tough luck, seems like you won’t be able to play your games.

    • zwekihoyy@lemmy.ml
      link
      fedilink
      arrow-up
      24
      ·
      1 year ago

      i would like to add on to this, do not bring your own device, just simply keep school/work and personal stuff entirely separate. simple as that.

      all work and schools that allow you to use a personal device that I’m aware of will require you to have whatever software for surveillance that they have on provisioned devices, you’ll likely end up messing up and leaking something private, and it just takes up storage space.

      it’s the organization’s device, they can put whatever nonsense they want on it, just be sure that you only ever use accounts from them on the device. never a personal account of any kind.

  • IphtashuFitz@lemmy.world
    link
    fedilink
    English
    arrow-up
    48
    ·
    1 year ago

    It’s a laptop owned by your school, so they can install spyware if they want to. More importantly the school likely has policies against removing or otherwise tampering with it. You would be wise to find out what they will do if you violate this policy. It could be anything from a slap on the wrist to expulsion.

    Any decent IT department will eventually figure out if you disable it. They’ll know fairly quickly if it stops “phoning in” if the spyware is any good.

  • PeachMan
    link
    fedilink
    arrow-up
    38
    ·
    1 year ago

    Don’t tamper with hardware that somebody else owns. If you get caught, you could be fined a lot more than 50€ and expelled. School administrators often like to “make an example” of kids that they think are “hackers” even if you’re just booting Linux from USB. They don’t understand the difference between that and real hacking, so don’t risk it.

    You can only achieve true privacy on hardware that you own. A cheap laptop to boot Linux isn’t a bad idea.

      • PeachMan
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        Absolutely yes, if you buy hackable and repairable hardware you can do whatever you want with it. Especially if you install software on it that is FOSS.

        • Llewellyn@lemm.ee
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          1 year ago

          By my question I mean:
          Any hardware is made by some other people. Any hardware is work under a firmware, made by other people.

          All that is a) regulated by licenses b) never can be trusted fully to work as you think it should work. Even if it based on open source - due to the “problem of untampered compiler”.

          If you have no total control over your hardware, can you say you truly own it?
          What percent of control is acceptable? How to measure it?

          • MajorHavoc@lemmy.world
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            It depends how far down the rabbit hole you’re willing to go.

            Today you can make sure the source code is truly what you intend, by running Linux on PC and GrapheneOS on Android. You might not have the ability to audit those, but others (like me) do, and are doing so.

            Whether you believe us or not is more philosophy - but join us in the rabbit hole and see what you find. You’ll find detailed public technical discussions of security and privacy. You can find some of that for closed software and hardware too, but we can never do as good of a job in that discussion without the source code.

            If you want open auditable hardware, you can stick to Raspberry Pi.

            There’s an open hardware project for phone too, but it’s more of a proof-of-concept, today, as far as I understand.

            If you want the TL;DR version of where I landed - I posted this from a Pixel running GrapheneOS.

            • Llewellyn@lemm.ee
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              1 year ago

              Exactly. There could not be true / full ownership of hardware.
              And yet that’s fine for me.

              Now about that:

              Today you can make sure the source code is truly what you intend, by running Linux on PC and GrapheneOS on Android. You might not have the ability to audit those, but others (like me) do, and are doing so.

              Even in that case you can never be sure what a compiler did with the code. You can say: go look at the code of that compiler. But then how can I be sure it’s code had been compiled without malicious modifications. And so on.

              • MajorHavoc@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                1 year ago

                You can compile your compiler from source.

                Edit: Here’s how: https://www.linuxfromscratch.org/

                Edit 2: I know you can hear the rabbit hole calling to you. Join us. Follow the rabbit trail.

                But seriously, it’s cool, you’re curious about it, and the pay from the jobs it leads to tends to be pretty great.

              • MasterBlaster@lemmy.world
                link
                fedilink
                arrow-up
                3
                ·
                1 year ago

                This reminds me of the times i and my friend had deep philospohical discussions… at 2am. During a weekend party, while drunk, in highschool.

                Anyway, don’t go down any rabbit holes in which you can’t see the bottom. Walk away. While whistling, if it helps.

          • diamond_shield@reddthat.com
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 year ago

            As of August 2023, the best way to avoid the problem of

            untampered compiler

            AFAIK Is using an MNT Reform With GNU Guix as its OS, I really liked this article “The Full-Source Bootstrap: Building from source all the way down”. This approach could, potentially, solve the problem of the untampered compiler. Damn, maybe it already does.

            As for the MNT Reform, the only thing I’m not sure is open is the actual processor firmware, but the schematics for its usage are available and even the Wifi firmware is open, so there remains the problem of actually verifying the hardware you get is actually the hardware you ordered, but that is a bit more complicated I think.

            • Llewellyn@lemm.ee
              link
              fedilink
              arrow-up
              3
              ·
              1 year ago

              To be sure you should build processor from a scratch and then write your own compiler directly in machine code.

  • JonEFive@midwest.social
    link
    fedilink
    arrow-up
    26
    ·
    1 year ago

    Know your school handbook and acceptable use policy inside and out. Same with any other published guidelines they provide. My bet is that their AUP says something about not circumventing their security and monitoring tools. Booting into a live OS would certainly fall into that category. But knowing what the rules actually say is probably the first thing you should do since you don’t own the hardware or network. From there, you can decide how far you really want to go and if there are any defenses or loopholes in the rules.

    Getting your own hardware is probably your best option in this case if you can do so.

  • Melody Fwygon
    link
    fedilink
    arrow-up
    24
    ·
    1 year ago

    They can’t detect if you boot into Linux; but they can detect the presence of external storage devices and scan their contents. It is best if you do not plug in your LiveUSBs or disks while the system is [ONLINE] (Meaning while the device is booted into any default operating system)

    Chances are if your hardware has not changed; the capabilities have also not changed. I do however have a few tips for you:

    • DO NOT MODIFY THE DEFAULT OS OR SPYWARE! It sounds like they are now monitoring the files for the software and will now notice if you have disabled it; as your machine will probably be sending heartbeats to a centralized server. You must accept this spyware when operating the machine as intended to interface with your school environment; but you can limit yourself to submitting schoolwork only on it
    • Boot into a Live(CD/USB/Media) environment of Linux with Persistence. Google it. They can’t detect this without BIOS tampering.
    • Do Not plug your Live Media into the system when booted into it’s default mode. Your drives are probably being scanned.
    • Keep a separate media storage device for storing your documents and such.
    • You can boot into your Linux key to work on school things and browse the web privately. Remember though that you are [OFFLINE] and may be unable to access the school network and will be required to save your work on a different piece of media, shut back down and boot into the default OS again to submit your work.
    • You may be unable to complete assignments in Linux [OFFLINE] that require you to respond to questions interactively [ONLINE] or otherwise require that you be interactively [ONLINE].
    • m-p{3}@lemmy.ca
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      They can’t detect if you boot into Linux

      It depends what they use for monitoring. If they use Intel vPro then they can technically take over from any operating systems since it runs at the TPM/firmware level.

      • Melody Fwygon
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        I’m assuming that unless told otherwise; they have no such capability in the BIOS. It IS probably a public school and IT department that isn’t that clever/resourced.

        • HumanPerson@sh.itjust.worksOP
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          1 year ago

          They are very dumb. I am not just being mean I met the head of IT personally and he is an idiot, but students from some of the computer classes were responsible for some of the configuration, meaning some competent people looked at it.

          Edit: The bios was password protected last year so it isn’t stock at least.

          • thisisnotgoingwell@programming.dev
            link
            fedilink
            arrow-up
            13
            ·
            edit-2
            1 year ago

            Something tells me your intentions aren’t innocent(you want to be able to act maliciously at school or on the school network), or you have an overinflated sense of ego, the head of IT likely didn’t give two shits about explaining anything to some brat. You’re going to have to face some harsh realities pretty soon. Expecting digital privacy on a school issued device on the school network is asinine thinking.

            • HumanPerson@sh.itjust.worksOP
              link
              fedilink
              English
              arrow-up
              7
              ·
              1 year ago

              I wanted to do goofy stuff last year like the 4 line script that only uses tons of resources, but I have no intention to be malicious in any way. They now have a whitelist instead of a blacklist for website blocking, meaning many educational sites are blocked by accident. My teacher’s website was blocked for most of last year. We are required to use MS Office even though it takes 3-4 times as long as LibreOffice to load. I don’t want to be hackerman or to play csgo in class, I just want basic functionality on the computer I have to use.

              • thisisnotgoingwell@programming.dev
                link
                fedilink
                arrow-up
                3
                ·
                1 year ago

                Is this a school owned device? Goofy 4 line script that uses tons of resources, so that script that unnecessarily and intentionally taxes the laptops hardware, purely innocent right? Any chance why they might not want you to do that?

                That’s pretty standard across any respectable industry. You’re given suitable alternatives, if everyone could use whatever applications they wanted then it would be a nightmare.

                • HumanPerson@sh.itjust.worksOP
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  ·
                  1 year ago

                  It unnecessarily taxes the cpu. CPUs don’t die except for cracked dies and improper thermal solutions. Do you think that was really going to do anything to it? Also it isn’t like I can’t do that already, so all their shit does is make it harder to do legitimate work.

              • Johanno@feddit.de
                link
                fedilink
                arrow-up
                3
                ·
                1 year ago

                Well your easiest option would be to buy the another laptop.

                Or you could just use a different hard drive and install Linux. (and switch back the old drive once you need to give it back)

                But if the bios is password locked I don’t know what they might block in there

  • OsrsNeedsF2P@lemmy.ml
    link
    fedilink
    arrow-up
    23
    ·
    1 year ago

    Not using the school given device is the best course of option unfortunately. Second hand ones are good, but the specs will be pretty bad

  • Pandantic [they/them]@midwest.social
    link
    fedilink
    English
    arrow-up
    16
    ·
    1 year ago

    Hate to break it to you, but jobs are doing this as well. I am a teacher, and we just got GoGuardian for students, but it has been watching / blocking things for teachers since I started a couple years ago. If you have a work-issued device, your work will most likely monitor it, and same goes with school-issued devices. I get that you want to hack it and do what you want, but that could get you fired some day.

    • jsdz@lemmy.ml
      link
      fedilink
      arrow-up
      11
      ·
      1 year ago

      that could get you fired some day.

      Among other ways it might make you better off, a tendency to boot linux on school-issued devices could also very much help get you hired some day. Although perhaps not in the education system. Seeing a teacher discourage it is even more depressing than seeing a student fear he’ll be punished for it. So long as you’re not breaking any laws, it seems like a fine idea.

      • indepndnt@lemmy.world
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        So long as you’re not breaking any laws

        In the US, basically anything you are not authorized to do on someone else’s computer is illegal and can be prosecuted under the CFAA.

        I point this out only to highlight that it’s a terrible law that needs to be changed, I’m not disagreeing with anything that your said.

      • HumanPerson@sh.itjust.worksOP
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        I like this take. I got into a programming class after telling the teacher about a program I had previously gotten an in school suspension for writing. It recursively started itself and used a ton of resources. It was just goofy and the it dept. called it a virus.

      • Pandantic [they/them]@midwest.social
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I don’t discourage it so much as I’m giving this person a warning. Also, do you know why they put up those systems? To protect their devices, and to block kids from things they legally should not be on. I’ve seen so many kids (and adults) download viruses, spyware, adware, etc on their computer just because they wanted a “cool” mouse pointer, wallpaper, or other feature. Not that I think op will do something stupid like this, but this is what they’re protecting their computers from.

  • galaxies_collide@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    ·
    1 year ago

    Yeah, that’s not spyware, it’s called mobile device management and if the school owns it, they have every right to monitor it.

    • HumanPerson@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      17
      ·
      1 year ago

      I don’t give a shit. I am required to use it and it has a fucking keylogger. You have to be a complete idiot to say that isn’t spyware.

      • galaxies_collide@lemmy.world
        link
        fedilink
        English
        arrow-up
        23
        ·
        edit-2
        1 year ago

        Sassy. You’re required to use it for school work. No one is forcing you to use it on your own time, get your own personal device for that. Cope.

        • gullible@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Hoc cognito, ergo dico hoc. Compartmentalize information that you can; create a new email specifically for school, tape over camera when possible, avoid connecting to your other devices, disconnect the battery when possible. Use other devices for sensitive information.

            • gullible@kbin.social
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Then go the AdNauseum route. Give them such vast sums of information to sift through that it’s nearly useless to pick through any specific piece. Hotstrings would make the task much more painless, and save you dozens of hours per year once you get used to using them in other capacities.

      • IphtashuFitz@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        ·
        1 year ago

        If it truly does have a keylogger then that’s really bad as it means they have access to your passwords and any other sensitive data you might type. How certain are you that it includes a keylogger?

        • Krotiuz@kbin.social
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          Generally security programs like this that do keylogging are context aware and don’t include passwords, plus if it’s a managed device they probably wouldn’t need keylogging to obtain passwords if that was the objective. Significant amount of endpoint protection software will allow for RAM capture, which would have your passwords as well.

          Furthering this, if you’re accessing managed applications (say OneDrive or Sharepoint) it’s common to prevent access to a device that doesn’t have all of the monitoring software installed.

      • ridethisbike@lemmy.world
        link
        fedilink
        arrow-up
        9
        ·
        1 year ago

        You don’t NEED to give a shit. It’s their hardware, they can do as they see fit with it. If you don’t like it then don’t use it. It really is that simple. You can be as indignant as you want, but the answers that many have already given you in this regard will still ring true.

        Use it as is, or don’t use it at all. Those are your options. Get over it.

        And for fucks sake, stop giving everyone here a bunch of attitude just because you don’t like how the real world is.

  • Steamymoomilk@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    12
    ·
    edit-2
    1 year ago

    When I was in high school I had my school laptop and my Linux laptop, if I needed to do work I would download the file on the school laptop and use a USB to move it to my Linux laptop to work on it. It was tedious but was the only way as we had latitude 2 in 1s that had a soldered in ssd. So I couldnt swap hdd, I ran zorinOS on a Lenovo t450 and it worked really well for school work

    —edit Light speeds a bitch

  • Nate@programming.dev
    link
    fedilink
    English
    arrow-up
    10
    ·
    1 year ago

    I got in trouble for getting into the schools network I’m 6th grade. They kept asking who in the group was involved in remotely shutting down computers and that they had logs and would find out anyway. I called their bluff and didn’t get in as much trouble as the rest of us.

  • Disregard whatever you’ve heard about installing Linux on the device, find the agreement given with it and see what it says. If no reference is made to doing your thing then returning it with the same setup, I’d say you’re in the clear. I’d bet the agreement covers damage, lost and stolen aspects plus returning it good condition, yet if you reinstall the software like it was provided they’d have to be very explicit about not loading Linux. If they do, you could use linux on a USB without installation. This could get you off the spyware while not breaking the rules if they are in writing.

    • skankhunt42@lemmy.ca
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Basically this. I’d just buy a used disk, swap them out and install Linux. That or use a USB.

      When it comes time to return it, put the old hard drive in it and return it. I can’t think of a way for them to tell you did this aside from the lack of logs they keep from trying to track you.

  • oo1@kbin.social
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    are you in europe/EU? (judging by currency symbol)
    what about talking to the relevant GDPR authority?

    there should be a clear route of complaint.

    start by submitting a subject access request
    " what infomation do you hold about me, or that you can link to me?"
    “give me a copy”
    " what procesing are you doing with it"
    " have you shared it? with whom?"

    so this process in iself should reveal all processing that they think youve consented to - gives you a basis to challenge.

    if they lie to you, that’s anothet offence.

  • skymtf@pricefield.org
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Hmmm not sure if its any different now but I used to bring my own iPad mini and do my work on that. I’m sure its different now.