The purpose of these kinds of tools isn't to prevent cheating. Just like most DRM schemes, the purpose of these tools is the same as any other external consultant - so that the administration or people in charge of the school can offload the responsibilities related to any cheating that may happen to an external party, and if questioned, can respond that "reasonably secure technical measures have been taken to guarantee the integrity of the exam".
Whether the integrity of the exams is actually guaranteed is immaterial, because the company that made the nanny software went on the record and took responsibility, and/or by splitting the responsibility, the school admin and the nanny software vendor can point fingers at each other and the responsibility essentially disappears like it usually does.
You can see this with most other security theater type things. As long the "general public" is unaware that they have been lied to, they will accept this kind of positioning as gospel, and not look into it further. For the most part, as expected, the world turns around just fine without real security because systems tend to be robust to a certain level of bad actors doing selfish and small scale bad things like exam cheating, and as long as nobody's feelings are hurt, it's all fine.
>Just like most DRM schemes ... offload the responsibilities
Funny you mention this. I remember a senior staffer at a large games publisher talking about this back in the late 00's.
He said, quite candidly, that all of the execs at EA, Activision etc. all knew that technology like SecuROM was incredibly ineffective at reducing piracy.
They all paid millions of dollars in licence fees to use it, though, so that they when an investor asked them what they were doing to protect their IP, they had a "good" answer.
And in the movie world, look at Blu-ray. HDCP (for HDMI Cable Encryption), versions 1.4 (1080p) and 2.2 (4K). BD+ (a literal VM running on the player to correct intentionally erroneous data on the disc), AACS v1 and v2 (tons of keys, player keys, device keys, permanent revocation lists, even traitor-tracing), Cinavia (audio watermarking to detect whether AACS is present), and Drive Bus Authentication (no unauthorized players can talk to the drive).
AACS was supposed to last years. HDCP, indefinitely. BD+, the creators thought it would last a decade at least. Cinavia? They thought it would never be removable. Drive Bus Encryption? Almost impossible they thought.
All of these technologies were defeated about ~2 years after their introduction. Some had minor updates breaking things for a little bit, but were broken again shortly later. And some are only partially broken (not enough to make your own player), but in practice broken enough where you can rip the disc which is all most people want.
AACS did actually work pretty effectively. Keys were discovered and then revoked. You could play old disks but not new ones.
Similarly afaict there are some sketchy closed source programs to remove cinavia,but given we are a decade in, and there is no open source implementation/public description, i would say it lasted better than i would expect.
Definitely not a total success for DRM, but better than many people predicted.
Well... no. Right now there are multiple software packages available from questionable sources that break AACS offline on-demand no problem. So... yeah.
As for Cinavia, if you shift the pitch of the music, you can cause the player to stop recognizing the track. Or, as some people have experimented with, you can compare the audio to a version of the film from alternative sources (i.e. streaming) to detect and patch over potential watermark signals. Or, well, burn a streaming rip to the disc instead of the disc encode.
> Well... no. Right now there are multiple software packages available from questionable sources that break AACS offline on-demand no problem. So... yeah.
Including disks with the latest MKB?
> As for Cinavia, if you shift the pitch of the music, you can cause the player to stop recognizing the track
Sure, but that distorts sound, which people dont like.
Like its definitely not totally blocking piracy by any means, but its certainly not totally defeated the way DVDs DRM was. Its still present enough to be a little annoying, which is much better than early predictions thought would happen.
AFAIK, it appears so. Also AACS LA appears to have given up and stayed on v68 for a few years now. Maybe there is a new one at last... maybe. AACS 2.0 it sounds like started from v72 and counting up.
> Sure, but that distorts sound, which people dont like.
True... but if I just burn a stream rip instead to the disc, problem solved. Plus most discs do not have Cinavia.
> Its still present enough to be a little annoying, which is much better than early predictions thought would happen.
From what I can gather... you can just download MakeMKV and rip Blu-rays on any PC Blu-ray drive, no problem, no internet connection required, latest MKB, BD+ completely defeated. It's only annoying if you are trying to actually copy the disc.
If you look at console copy protection, the controls are slowly getting better, presumably the same will happen with content control. I guess the key difference is console protection is about preventing the masses and content protection is about preventing any single failure.
Content protection isn’t about preventing any single failure. The actual purpose of most video and audio DRM gets missed by a lot of people. The purpose is for content owners to exert control over device manufacturers and content distribution services. It’s completely irrelevant if anyone can easily go to a torrent site and download your movie. You still get to use the legal system to force device manufacturers and distribution services to do whatever you want them to do in order to be able to play your content.
Not quite. If that were true, Blu-ray would have been quite happy with AACS. It had it all: key revocation, device-specific keys, blacklists, remote updates, it was plenty, and it even worked on the defunct HD DVD.
But they heaped on BD+ VMs, Cinavia watermarking, BD-ROM Mark, basically threw everything they had at the problem and hoped that something would stick. Movie studios actually say that Blu-ray supporting more DRM methods was actually a major reason they chose Blu-ray over HD DVD (which didn't support BD+, which supposedly was DRM designed to last a decade).
And again, if that perspective were true, the movie studios wouldn't have done the whole dance again with HDCP 2.2, BD+2, and AACSv2 when 4K Ultra HD Blu-ray came out (only for all of them to get broken again not long after release despite being completely-fresh implementations). You already needed the older versions, right? So, I would argue, it's actually a mixture of both.
Does audio DRM really exist? CDs were sold without any DRM and you can buy DRM free songs from the likes of itunes and amazon. Itunes used to have DRM but dropped it years ago; afaik songs bought from amazon never had DRM.
It's funny, songs are much easier to share than movies, the files are a hundredth the size, yet the movie industry thinks DRM is very important while the music industry survives just fine without it.
The "selling songs" music industry is basically dead, most people stream or use YouTube nowadays. Maybe that's why they don't bother with DRM? It would make them even less attractive compared to streaming
Maybe. But iTunes started phasing out DRM in 2007 and had 80% of their songs DRM-free by 2009. I think that's a few years before streaming became big. And Amazon was selling DRM-free mp3s from the big four labels in 2008.
There is a little bit of difference here though. Console copy protection usually doesn't prevent making copies of the media, rather it prevents _using_ those copies. It's more of an authentication mechanism.
OTOH, video is just pixels and waveforms. If you can get that raw content out somehow, copy protection cannot prevent someone from enjoying that copy (which can then be re-encoded to not have protection). So making video copy protection is much harder because you actually need to prevent copies rather than just make sure the authentication is hard to break.
>> which can then be re-encoded to not have protection
There are actually a handful of technologies meant to survive the transcription process only to reappear in the new medium. Probably the most effective schemes are used in money, in paper bills. There are little things there (ie the eurion constellation) that are purposely designed to be scanned. They can be copied. But then they are detected by software (Adobe Photoshop) and hardware (high-end printers) which then refuse to edit or reprint them.
Other tech is meant to leave a trail leading back to forgers, a bit like a DVD ripping software embedding your MAC/IP information in any Mp3 it generates.
Persistent marks as copy protection doesn't work for media mainly because they deal with the consumption rather than copying side, so just one single non-compliant legacy device spoils the entire thing.
As for fingerprinting, that's a whole 'nother can of worms. I've never seen it be used for DRM specifically but it has been successfully used many times to track down who was leaking trade secrets etc. In fact it might be more widely deployed than most people realize.
The problem with fingerprinting for DRM would be the plausible deniability of an unsuspecting user "getting hacked" and then their fingerprinted copy ending up as the illegally distributed one without their knowledge or control.
The movie industry uses something like 'fingerprinting for DRM', adding dots to film prints sent to movie theaters to figure out where bootleg telecining is being done: https://en.wikipedia.org/wiki/Coded_anti-piracy
I suppose, as long as you use locked down software and hardware. But you will be usually be able to reverse-engineer whatever heuristic they use.
>Other tech is meant to leave a trail leading back to forgers, a bit like a DVD ripping software embedding your MAC/IP information in any Mp3 it generates.
It is simple: rip the media multiple times with different identifying information, and then analyze the diffs (or just take the average). You cannot hide the existence of steganographic data if there are multiple copies with different steganographic data. It is not like analog where a loss of precision is justifiable
Well... they tried to patch that by locking the analog outputs on Blu-ray players to 960x540 (slightly better than DVD quality), and by removing the analog outputs entirely in 2013 on all new players after that point.
However... even the best intentions went awry after the first Blu-ray player software for PC was released with the flaw of allowing Print Screen to capture frames. Which caused people to quickly figure out they could run a script using Print Screen to capture all the frames, while having their audio-out headphone jack connected with a male-male 3.5mm cable straight into Line In. No real hacks necessary!
This was, of course, patched by blacklisting the player key and rolling out new keys in updated player software (to render new discs unplayable without an update) but it was a major oversight. ;)
I think investors weren't too slow to realize this was happening, though, and it's part of the reason why microtransaction-funded online games are loads more profitable and prioritized.
> can offload the responsibilities related to any cheating
Maybe we can reframe the issue. Why is it the administration's problem? When I went to college, I went there to learn engineering. I didn't really care about the degree. I was paying to have the prof teach me, not check me for cheating.
Me, I'd make no effort to detect cheaters. If they want to pay $$$$$ to attend university, not bother doing any work, and cheat, I'll take their money.
Make it like guitar lessons. People pay to learn how to play. There's just no percentage in cheating, because you can't play.
The cheaters will see their jobs outsourced, and my salary will be higher.
P.S. In college, lots of students were always doing engineering projects on their own and with their own money. For example, a couple of EEs designed and built a pirate radio station. I wanted to learn how to do that stuff. Cheating is just no fun. And if you don't learn anything, the other students will notice that, and will have nothing but contempt for you.
You don’t actually need to know most of a college curriculum to perform well in most jobs. For a lot of jobs the degree is just to get hired, or even just to get an interview. I think that is the problem.
For example, a doctor doesn’t need to know history very well to be a good doctor. Yet it’s probably part of the undergrad curriculum. So cheating on the test has no consequences if they don’t get caught.
Additionally a lot of jobs are really taught via OJT, and whatever was learned from a degree is mostly unused.
I understand that point of view. However, the non-cheating, conscientious students are often very angry with professors and administrators that take this approach. Your best customers feel like their earned credentials are devalued. They are competing with the cheaters for their first job after graduation. Maybe their investment will pay off in the long run, but they are pissed off right now.
Suppressing cheating is work on behalf of the good faith students. Miserable work it is.
That's a reasonable concern. On the other hand, by not checking for cheating, one changes the culture in the classroom.
For example, in universities that aggressively go after cheaters, an adversarial relationship develops between the students and the faculty. The students collaborate on cheating, and get social credibility for cheating. Students will brag about successfully cheating to their peers.
On the other hand, at Caltech, we had an Honor System. Exams were not proctored, and students could take the exams whenever and wherever they wanted. The students were on their honor not to cheat. And an interesting thing happened. The students developed a collaborative relationship with the professors. Cheaters were despised and ostracized. If you were cheating, you'd better keep it to yourself - the other students would turn you in, and at that point you might as well leave the university.
This is a really good point that I've never heard said exactly this way.
I paticuarly like the framing of responsibility.
In modern societies we have pretty fine grained tools for chopping up risk, selling it, trading it, via financial instruments or insurance. In fact when you use these tools sometimes the goal is to vanish the risk all together (which as a result sometimes creates counter-party risk).
Likewise we have a whole cottage industry of chopping up and trading responsibility with very similar mappings to risk. In fact in many ways responsibility is treated more or less like risk itself.
How many problems today though could you follow the thread back to people creating the responsibility equivalent of CDOs.
>For the most part, as expected, the world turns around just fine
That is total projection. The consequences of such things cannot even be estimated in such a short span of time. In any case, there is no shortage of studies showing recent massive shifts in quality of education in certain major western societies. Even if you were making the fallacious presumption that what has been will be, you should then presume change over stability.
>For 13-year-olds, the average score was lower in 2020 than in 2012 (260 vs. 263), marking the first time reading scores for this age group declined between assessments.
>Meanwhile, the average mathematics score for 13-year-olds was lower in 2020 than in 2012 (280 vs. 285), marking the first time mathematics scores for this age group declined between assessments.
Nailed it. Likewise, Enterprise customers don’t demand SOC-2 and similar certifications from their vendors because they actually think that will be effective in stopping data leaks, it’s just so they can say “reasonable measure were taken to select a secure vendor.”
Any large organization, private or public, is full of checkboxes and CYA. Test proctor software is just another example.
Despite this probably being effective for casual or opportunistic people, the problem is that the opposite of the responsibility hot-potato thing happens on the "client" side too. Companies dedicated to "getting around these tools" and their ads start popping up, and now you have these companies effectively (in students' minds anyway) taking over the responsibility of dealing with the tool. So it becomes an IT pros vs IT pros cat-and-mouse game, just like jailbreaking and every other game cheating service.
Recording students does work. The knowledge that a teacher can scrub through and see what you are doing can scared the daylights out of me. Also they required me to show whole room so i couldnt have notes. Cheating would not be worth it!
Different students have different tolerances for risk. Anti-cheating measures dissuade some but not others. Students with a lot of risk tolerance and a very high drive for success at all costs will likely find ways to cheat no matter what, but that doesn't mean simple anti-cheat measures don't work to reduce cheating.
In my experience as a TA, cheaters are more than willing to do so even with a proctor standing right next to them staring at them.
If anything, I suspect that on net a noisily invasive anti-cheating system would actually increase cheating, as more students would be tempted to see if they could game the cheating system than would be dissuaded from cheating from hearing about a cheat-proof system.
Obviously the cheaters you would catch while standing over them are the cheaters who would cheat when you're standing over them. Selection bias.
I can tell you with certainty that some cheaters are skittish. I am certain of that because I once wrote a bunch of trig identities on the side of my leg. I was very nervous about it, and only did it because I knew from previous tests in that course that I could get away with it. If the teacher had been walking around during that test, my pant leg would have stayed down.
I feel it does more than that too. If there is no technical security measures taken it seems less of an offense to cheat, if you see real effort to stop you it makes it feel more wrong even if you can get around it.
My intuition is the opposite. If someone said "No cheating, on your honor" then I would probably feel much more hesitant to cheat. On the other hand, if I see you're trying to prevent cheating then I feel almost obliged to defeat the measures you thought could contain me.
The traditional methods of measuring competence via a closed-book, fixed time test is being rapidly dated.
Practical knowledge and rote memorization have held mostly equal status, since out in the field both used to be inaccessible. Our tests are still structured around this, however the reality has moved on and rote memorization is now easily a search away.
I like to see more tests moving to open-book model where test takers are allowed to use all resources, as in work. Of course, this will be harder to administer because schools can't just reuse tests over and over again since they're bound to show up in the internet. Overall, more and more of evaluations will move from testing altogether into some project based evaluation, which I believe is superior in terms of accessing skill.
> I like to see more tests moving to open-book model where test takers are allowed to use all resources, as in work.
Open-book model does not mean you're entitled to all resources, including paying someone to solve all the questions for you, or mooching answers off your peers. Cheating isn't limited to closed book exams, and to that extent, it's still an unsolved problem.
Being able to search for an answer is not the same thing as knowing the answer, and it does not contribute to being able to synthesize ideas from observation combined with knowledge.
Otherwise I don't disagree with you that this is where things are heading.
In a few more years we probably won't even be giving traditional grades in school anymore. What would they mean, other than that the student has enough Google prowess to look up the answers?
Well, typically open book tests are designed with that ability to search in mind, so the problems are much harder and designed to test understanding rather than memorization. They often are also much longer, so you cannot just search for everything and still get a full score.
Agreed. The value is in being able to know _what_ to search in conjunction with knowing _how_ to compose the amalgamated resources together to derive a solution to the question at hand -- all in a timely manner.
Simply knowing a generic fact (e.g. "the Civil War began in 1861" or "the atomic mass of Oxygen is 15.999u") is not sufficient. One needs to know how to use that information.
I graduated from a liberal arts college in 1986, math + physics major. In virtually all of the courses that I took, rote memorization by itself was of limited usefulness on the exams -- certainly not sufficient to get a good grade. Many years later I taught a couple of college courses, and noticed that the students who focused on memorization, also had the weakest grasp of the subject matter, and often did the worst on the exams.
My own grades had their ups and downs for various reasons, but when I finally hit my stride, it was with the realization that sufficient memorization would occur as a natural consequence of the work needed to understand the subject matter.
Being able to search for information only gets you so far. Imagine reviewing a design or proposal, or engaging in a technical discussion, if you have no domain knowledge. Have you ever seen a non technical manager try to bluff their way through a technical meeting?
You mention "as in work", but let's be clear here: "looking up how to do it" is not really a profession. Professionals are the ones who could write the stuff the former are searching for, explain why it works, and have the good judgment to choose a good solution over a poor one.
I am in full agreement with you, the tests as conducted in favor of rote memorization would be rendered useless in this regard as all the answer would be behind a simple search and the student would have learned nothing.
Therefore the test must change to be more engaging and more in depth, or be replaced with a final project.
Of course, and nothing I wrote above presumes or implies otherwise. True professionals make frequent and effective searches, but not from a position deficient in knowledge and understanding of the domain.
Law exams are open book; Engineering exams are not.
I'm not sure exactly what the distinction is - apart from law being "soft" and requiring argument - but it's deeper than inability to reuse past papers.
This depends very much on the job. Memorization is of course needed when learning a foreign language, and for any job with a real-time performance aspect, you can't be looking stuff up all the time.
In classes where I had open book tests, the value of the notes was always mitigated by the time allowed for the test. It was always made clear to us that while you could use any resources you wanted, you definitely didn’t want to do that. You just didn’t have time. But if you needed to look up a particular chemical structure (example), it was possible. But you had to really know the material in the first place.
Remote proctor software is nothing but security theatre. It's so laughable the little effort they put at all to prevent any sort of cheating whatsoever.
I created my own ring 3 rootkit (user land) and infected my own system to modify registry values to hide remote software to allow complete and total pwnage of the exam itself.
The pointer ‘g_Globals’ is a 4-byte pointer- seen multiple times in the main module.
Opening ‘g_Globals’ in memory and browsing through the pointers accessed above such as 0x0C91C brings us to a custom array type containing hundreds of strings.
Taking a look through the struct type and looking back at the array iteration code, wrote a basic structure and dumped all blacklisted processes:
Similar to the TSA, I've found a lot of these platforms and nanny-software (Life360 et al) to be little more than security theater. If the person is determined enough, they will always find ways around it -- and good on them for doing so, this software is not a net-benefit on society no matter how "noble" they try to appear.
Not the most related example, but I was just watching a video about undetectable online cheating in video games with a camera that monitors the screen and a robot that will physically move the mouse to accomodate.
I was at a school which used "Lockdown Browser" to try to lock-down the Windows environment to only the exam.
Unfortunately for the school, I had experience with Windows programming, and blew the doors off Lockdown Browser in about 10 minutes, with multiple apps and windows open on top of the befuddled browser. And later, I found a way to do it with no programming skill at all.
I did it to make the point that if I could figure it out, who is to say that some rich student's parents wouldn't pay a nice sum of cash for an exploit like that? Or that they haven't? The school, well... just decided to ignore it and keep it anyway because it was a contract.
I've also used it when I was taking exams for high school. It's pretty bad software if you ask me.
rant/long comment
First of all, they have a 'different' program for each institution, customized for you to 'sign-in' onto your school's auth page. From an institutional perspective it seems clever, since everything you do will most likely be logged along with your session.
Another annoying thing was that there's different versions of the program for 'each' software. E.g. I used the Canvas platform for some exams and the ALEKS platform for math exams.
And they have the same name under the windows programs so I can only really know which one I'm opening from looking at the desktop.
I believe the Lockdown program is using some lame code to keep the program window 'active'. I never really tried to do any programming behind it. But I do remember that I had some AutoHotkey scripts running for completely unrelated stuff.
On another note, I read their privacy policy and it seems very vague. I wonder if they can get away with letting a stranger view my face for two hours.
While at university, we had one professor who would assess student assignment papers after conducting an interview. It would take him 5-10 minutes per person and cheaters really did get caught out. It is a common practice in some universities and it's very hard to cheat when being asked questions in person. It can be done online, as long as the identity of the person can be verified. Takes a lot longer and is a lot more engaging that written tests, but it works.
There was this case of a foreign student who submitted a perfectly written paper, obviously copy/pasted from some websites. At the interview, he could not answer any questions properly, and that made it even more clear that he could not have written the marketing-type paragraphs. I think he did just pass anyway, but that’s a different story - the university tended to let international students pass easier sometimes.
Cheating software is silly. Seems simpler to force someone to a secure location with a trusted proctor. This can and should be shared amongst all users of this and costs amortized appropriately.
> Yet even as officials come up with novel ideas, so do the cheats. In February, a medical student at Mahatma Gandhi Memorial College in Indore, a small city, was caught with a skin-coloured Bluetooth device surgically implanted in his ear. A phone linked to the device was sewn into a secret trouser pocket. Last year, ten students taking a trainee-teacher exam were arrested for attempting to use Bluetooth gadgets concealed in the soles of their flip-flops. At least 25 students had bought such footwear from a gang for 600,000 rupees ($7,700) a pair. It is often mandatory for students to remove shoes and socks before exams.
While I don't disagree, a secure location with a trusted proctor is not simple or easy for all cases: students may be studying remotely/at home, which could be in a rural area with no accessible proctoring, or internationally with no trusted proctoring.
And that is not always due to their own wishes: covid lockdowns, unavailability of international flights or other governmental restrictions may be keeping them there.
For things like the SATs/ACTs in the US, this used to be the case. I think it still is, but less 'important' tests (read: probably in-school tests and such) were moved remotely because of covid and might be stuck in a kind of limbo now
Or just instruct the student to go to a location chosen at random from a list of nearby cooperating venues -- schools, churches, office buildings, whatever -- where they won't have had the chance to prepare any elaborate cheating schemes.
That would represent a good compromise between an on-site proctor and allowing the student full control over the testing environment.
I don't think the point is to protect against cheating - it's to protect the perception of legitimacy of institutions that are threatened by irrelevance.
Up until now, the University has served a dual purpose of education and certification.
I wonder if in the future, that will be split. Maybe the place where you study, and the place that tests are certifies your competency in the subject are two different entities.
Medicine, engineering, accounting, law all have some sort of this split where it is actually a different entity (medical board, bar, etc) that certified your competence.
When I wanted to switch from doing PHP/Perl programming to Java, I found getting the Java certification was a helpful thing for getting that first job. I wouldn’t necessarily recommend the certifications in general as a means of anything, but it does serve to open doors which might be hard to open otherwise. I have to imagine that this sort of path isn’t unique to myself.
It's less common in the other fields (where an engineer's decisions are less likely to involve life-risking decisions, or enormous amounts of public money), but the Professional Engineer certification is certainly a thing in the other fields. In fact, it's ambiguous at least in my state whether it is legal to run a business offering "engineering" services in those fields without a PE on staff.
When I watched the Perry Mason series on HBO a couple years ago, I was a bit surprised when Perry went from being an investigator working for a lawyer to being a lawyer himself without going to law school and was somewhat surprised (although in retrospect, it should have been less surprising) that law school as such is a very recent invention (although it was hard to find the exact date(s) of the transition). I have a vague notion that in some states you don’t need a law degree to sit for the bar exam (or at least that was the case a few years ago).
> I have a vague notion that in some states you don’t need a law degree to sit for the bar exam (or at least that was the case a few years ago).
It looks like that's still the case, including in California, where Mr. Mason practices. Of course, word on the street is California's bar exam is the toughest in the nation.
Meanwhile lawyer services are often ruinously expensive for the lower rungs of society. Allowing lawyers to control the supply of lawyers is a big mistake.
As a small note on the page labeled 281, they remark that they called for digital cheating methods since analog ones like cheat sheets were previously already found to be "virtually undetectable".
Also interesting: you can create profiles to weigh things more heavily, like weigh a abnormal noises worse than normal if you are suspecting students of using audio calls. They made a profile specific to each of the cheater's method and retroactively applied those profiles to the collected data, and still half of them could not be made to show up near the top of the suspects list. And this is only possible if you already know the exact cheating method your class will use.
The page labeled 288 does make a compelling case for how the spreading of fear, uncertainty, and doubt is effective, leading to less people trying to cheat. It just doesn't stop the cheaters that risk the perceived odds and I doubt this is sustainable once such systems are everywhere and they notice it's safe.
For now, you might as well turn on a dummy system that claims to be real by doesn't actually invade privacy because it's a dummy. Per the results, it would be equally effective and thus achieve the best of both worlds.
I think this is rather important. I get the distinct impression they also called for single-device cheating methods; almost all of the cheating methods employed are unrealistically complicated and prone to detection: but you could just use another device (phone, laptop, whatever), and be vastly less likely to be detected or flagged as suspicious. (The only thing that might remain troublesome is ones where you want to speak to someone or play a video, so the microphone shenanigans might still be employed.)
In practice I feel like this isn’t even “it failed to detect all six cheaters” but rather “it failed to detect all six cheaters, even though we got them to cheat in ways that are uncommonly detectable and there are much easier ways to cheat that it has absolutely no hope of detecting”.
Of course they got this result they had a sample size of 30 Dutch from various geographies - not the program set for 30 in a homogeneous group. If it’s a weakness out of 50 different groups, okay, but how about testing 30 other skin tones or bone structures or hair types…
Study means nothing without breakdown of race / ethnicity (self reported) and age range because in its functional instead of academic gaming for publication environments, the algorithm is designed for a much greater sample size. Of diversity, because the absence of information on this condition the software must account for is woefully naive.
I took a class in college where the professor made us plagiarize our entire final paper. We couldn't use a single completely original sentence. The trick was that you had to highlight and source every plagarization.
It turned out this was one of the most challenging papers I wrote in undergrad and it forced me to understand my source material on a much more intimate level.
This was 15 years ago and access to information via the internet has only intensified since then. Perhaps our educators need to reconsider from first principles how we assess students in this era.
> For years I've been trying to get any proctoring company to agree to a study where I try to cheat. None have agreed. I've had legal advice not to do such a study without permission from the vendors.
I'm guessing they had to fly under the radar a bit.
That's because defeating the webcam proctoring is trivial. The simplest setup is a teensy, allowing two mice to be shown to the system as one input device. A HDMI EDID emulator placed after the GPU and before the splitter for two monitors.
The second person literally doesn't have to be in the same room, and you could even get fancy with a PiKVM for your assistant to be remote.
The proctor cannot distinguish the two mice or monitors, because the computer cannot either. This is a completely unpatchable hole with no good method of detection.
The standard for defeating this is a 2-device setup on zoom or similar: one phone and one computer, both with cameras. Phone must provide some side view of the surrounding environment.
It's multiple choice questions, all you have to do is not be blatant about it. The helper only needs to add a bit of side movement as the test taker brings the mouse down the list of possible answers.
Otherwise the test taker is in control 99% of the time. The helper doesn't even need to ever click or meaningfully move the mouse.
You could go another level and do a single earbud. Maybe the check for those now that AirPods are super popular, but they sure never needed to see my whole head when we I took remote proctored exams five years ago.
I've had time to think about this, just never bothered to act because the exams I was taking were a joke anyways and I was just looking to get my degree and move on, not make a point on how easy it would be to beat the system.
Absolutely. From the article: the software detected 0/6 cheating students, while a human detected 1/6 cheating students.
Frankly, with such low numbers, I would not draw any conclusion at all. Within the margin of error, the human could have detected 0, or maybe 2 cheating students. Who knows. It would change this results dramatically, so you can basically ignore them.
Also, the cherry on the cake is that the human also detected one cheating student who wasn't cheating. So human vs. software, no one wins.
First, I did not find any statistical test in the paper. The sample size is not relevant.
Further the power of a test already required you to know two parameters: variance and the size of the effect your testing for (difference between means). Proctorio is very careful in not claiming any effectiveness for detecting cheaters, how will you estimate these parameters?
Also iirc, the rule of thumb was for a normal distribution 30 samples is enough for decent strength, 40 samples is enough for general distributions unless you're looking at very small effects, weird distributions or in very noisy experiments.
Right, I'm trying to do this sorcratically and we got a smarty-pants over here. HN constantly has sample size critiques without power analysis responses which is a shame.
There are very well documented formulas for calculation sensitivity and specificity of a diagnostic with a certain degree of certainty around it. You would use one of those.
Whether the integrity of the exams is actually guaranteed is immaterial, because the company that made the nanny software went on the record and took responsibility, and/or by splitting the responsibility, the school admin and the nanny software vendor can point fingers at each other and the responsibility essentially disappears like it usually does.
You can see this with most other security theater type things. As long the "general public" is unaware that they have been lied to, they will accept this kind of positioning as gospel, and not look into it further. For the most part, as expected, the world turns around just fine without real security because systems tend to be robust to a certain level of bad actors doing selfish and small scale bad things like exam cheating, and as long as nobody's feelings are hurt, it's all fine.