Violating chrome's developer guidelines is just one step too far
By - pacertest1
I know UBC doesn't use this software anymore, but the fact that our tuition once went into this company bothers me. So this just some info on Proctorio. You can try this for yourself.
This is what happens when you look at the background page of the proctorio extension. Chrome extensions normally allow you to read the background scripts or source code to see how operations/events respond to browser triggers.
When tested with Proctorio, it'll direct you to a honeypot page, rather than the code. The honeypot page claims to contact your school admin with your IP, which is just a scare tactic. It then uninstalls itself.
Here's what chrome's developer guidelines in their code readability requirements states:
"Developers must not obfuscate code or conceal functionality of their extension. This also applies to any external code or resource fetched by the extension package"
The lack of transparency and using a honeypot page as a scare tactic just completely crosses the line for me. Thanks for reading, wanted to get this out.
You can easily edit the Chrome extension to disable the check for developer tools. But then it also detects it is unsigned, but you can also edit out the code which checks that, and so on.
the real problem that's stopped me REing it out of spite for the company is well, one, that i can't really do any dynamic analysis because i can't arbitrarily use the thing. maybe on a practice exam. but even that, ehh. and two, all the fun content of the extension is in PNaCl, which has no reverse engineering tooling.
Which, because Proctorio isn't open source, is illegal.
Not that most people who do this care, but it's just another reason to ditch this POS software altogether.
Good thing I always keep my camera pointed at my fresh, raw nuts cuz I know they peekin
"Your IP has been locked" sounds like one of those scam calls lol. Next they'll be getting you to buy google play cards to unlock your ip.
> Your IP has been locked
It'll be fun when someone does this from their university's NAT-enabled Wi-Fi and gets the entire student network blocked.