[Academic] Honeypots🍯

It turns out that #NotAllHoneypots are of the cyber variety that I work with on a nigh daily basis. The Markup — a nonprofit newsroom that investigates how powerful institutions are using technology to change our society — has a story about Honorlock, a company that:

"…promises to ensure that remote students don’t cheat on exams through AI-powered software used by students that 'monitors each student’s exam session and alerts a live, US-based test proctor if it detects any potential problems.'"

Honorlock uses facial expression (not individual recognition) tracking, audio monitoring, and other AI-based techniques to help ensure a student taking an exam is not using "inappropriate information" to complete their task. It also uses "seed sites" (what I'm referring to as "academic honeypots" which are, essentially, fake websites) that provide alerts to proctors when they detect students visiting them during exams. They even have a patent for their methodology (abstract follows):

A server, method and computer program product for identifying online usage of honeypots by test-takers during administration of online assessments is disclosed. The server includes at least one computer processor coupled to a network interface and configured to receive a pool of test questions used for a learning assessment. The server converts each question in the pool into a watermarked question comprising a unique string of characters; creates a corresponding web beacon for each watermarked question in the pool; loads available PHP server header information; propagates each watermarked question onto at least one seed site domain to create a cluster of seed sites; and detects when a test-taker visits at least one of the seed sites during an online assessment.

and have at least one published paper [direct PDF] describing how the system works (abstract follows):

Digital watermarking technology plays an important role in the areas of copyright protection and identity tracing for owners of digital mediums. At present, the security of the watermarking scheme is facing a great threat. The security of a digital watermarking scheme must not depend on the scheme being kept secret. Zero knowledge-based watermark detection scheme (ZKWD) can achieve this aim. For ZKWD scheme, an owner can provide prove to a verifier that a digital medium in question indeed contains the owner’s watermark information without revealing any secret key and watermark-related information. However, the existing ZKWD protocols are still facing some challenging problems, such as ambiguity attacks. In this paper, a public ZKWD protocol is proposed for plain text, and the homomorphic property of asymmetric encryption algorithm in the multiplication operation is used to prevent the owner from cheating by ambiguity attacks. Compared with existing methods, the security of our proposed ZKWD scheme is improved by using the improved feature extraction algorithm.

The Markup's story centers around Kurt Wilson, a computer science student at the University of Central Florida. When Kurt heard his institution was using Honorlock, he set out to try to identify their honeypot sites and maintains a regularly updated list of them in a GitHub repo.

What Honorlock is doing with these sites is, essentially, publishing watermarked content, a practice that has been used in different (mostly non-skeezy) contexts for ages by publishers, professors, and organizations. It gets a bit more skeezy in Honorlock's context, since they capture all the same invasive tracking information that ad trackers do.

The story is a good read, and presents some great food for [ethical] thought on the use of technology in this way. Towards the end, they reference Ceceilia Parnther (@parntherc), an associate professor at St. John’s University who has studied remote proctoring, and notes that

students "are being set up" through honeypots, … in an attempt to detect academic integrity violations, a practice that’s itself ethically questionable … [and, that] this kind of software is backfiring by creating an environment where students are, by default, under suspicion.

That mindset itself facilitates cheating, … by subtly suggesting to students that they might as well cheat because teachers expect them to anyway. "Students see that there’s an environment where it’s automatically assumed that they are not to be trusted."

Mess With DNS!

I foreshadowed the release of Julia Evans' (@b0rk) new DNS zine in a previous newsletter, and that zine now has a companion resource — Mess With DNS — that Julia and Marie LeBlanc Flanagan (@omarieclaire) built to help folks grok DNS through active learning.

You are given a (randomly generate) subdomain of messwithdns.com (I was assigned boots93.messwithdns.com when I was playing with it to make this post). It has a set of experiments, a portion of which are below:

as well as a GitHub repo where you can file issues or requests.

I'm a huge advocate for active learning, and having Julia's new zine in hand while "messing with DNS" would be a great way to dig (heh) into how DNS really works.

In Ganymede's Shadow

I'm a firm believer that the stars are better off without us, but that doesn't mean I'm not in awe of the beauty and magnificence of the objects that make up our universe. We've been sending space junk (a.k.a. probes) out into our solar system for a while now, and NASA’s Juno spacecraft has been capturing incredible detail from Jupiter (as part of its original 2011 mission), as well as the entire Jovian system (as part of its extended mission, ending in 2025 or until it literally turns into space garbage).

Recently, Juno captured a massive shadow cast on Jupiter by Ganymede during the mission’s 40th close pass by the giant planet on February 25, 2022:

Thomas Thomopoulos created this enhanced-color image using raw data from the JunoCam instrument. At the time the raw image was taken, the Juno spacecraft was about 71,000 kilometers above the planet's uppermost clouds — 15 times closer than Ganymede, which orbits 1.1 million kilometers away from Jupiter

It turns out, you, too, can be a citizen scientist! NASA has a JunoCam processing center online app where you can work with the same raw data Thomas did. (If you happen to discover any protomolecule soldiers along the way, you might want to alert the U.N.).

FIN

What are your thoughts on the references academic honeypots? What DNS experiments did you try? Should James REDACTED Holden drink less coffee? If inspired, drop a note in the comments with your answers. Remember, the only rule is to be kind to each other. ☮