T O P

Violating chrome's developer guidelines is just one step too far

Violating chrome's developer guidelines is just one step too far

pacertest1

I know UBC doesn't use this software anymore, but the fact that our tuition once went into this company bothers me. So this just some info on Proctorio. You can try this for yourself. This is what happens when you look at the background page of the proctorio extension. Chrome extensions normally allow you to read the background scripts or source code to see how operations/events respond to browser triggers. When tested with Proctorio, it'll direct you to a honeypot page, rather than the code. The honeypot page claims to contact your school admin with your IP, which is just a scare tactic. It then uninstalls itself. Here's what chrome's developer guidelines in their code readability requirements states: "Developers must not obfuscate code or conceal functionality of their extension. This also applies to any external code or resource fetched by the extension package" The lack of transparency and using a honeypot page as a scare tactic just completely crosses the line for me. Thanks for reading, wanted to get this out.


fb39ca4

You can easily edit the Chrome extension to disable the check for developer tools. But then it also detects it is unsigned, but you can also edit out the code which checks that, and so on.


lf_1

the real problem that's stopped me REing it out of spite for the company is well, one, that i can't really do any dynamic analysis because i can't arbitrarily use the thing. maybe on a practice exam. but even that, ehh. and two, all the fun content of the extension is in PNaCl, which has no reverse engineering tooling.


AgreeableLandscape3

Which, because Proctorio isn't open source, is illegal. Not that most people who do this care, but it's just another reason to ditch this POS software altogether.


fb39ca4

It's Javascript running in your browser, police aren't going to come raid your house over that. You could also make a modified build of Chromium and intercept the APIs it uses instead, leaving the extension untouched.


trainer135

Good thing I always keep my camera pointed at my fresh, raw nuts cuz I know they peekin


iwanttogotoubc

"Your IP has been locked" sounds like one of those scam calls lol. Next they'll be getting you to buy google play cards to unlock your ip.


AgreeableLandscape3

> Your IP has been locked It'll be fun when someone does this from their university's NAT-enabled Wi-Fi and gets the entire student network blocked.