Malware in Educational Technology


Nonfree (proprietary) software is very often malware (designed to mistreat the user). Nonfree software is controlled by its developers, which puts them in a position of power over the users; that is the basic injustice. The developers and manufacturers often exercise that power to the detriment of the users they ought to serve.

This typically takes the form of malicious functionalities.


Tech corporations have invaded the education system introducing their proprietary products filled with malware. Education is a field that allows these companies to easily spread their unjust software in all directions, infecting deeply every area of society.

Join us in the fight against the use of nonfree software in schools.

This page lists malicious functionalities found in software used in educational environments.

If you know of an example that ought to be in this page but isn't here, please write to <webmasters@gnu.org> to inform us. Please include the URL of a trustworthy reference or two to serve as specific substantiation.

Latest additions

Entries are in reverse chronological order, based on the dates of publication of linked articles. The latest additions are listed on the main page of the Malware section.

  • 2022-05

    A worldwide investigation found that most of the applications that school districts recommended for remote education during the COVID-19 pandemic track and collect personal data from children as young as below the age of five. These applications, and their websites, send the collected information to ad giants such as Facebook and Google, and they are still being used in the classrooms even after some of the schools reopened.

  • 2022-03

    The nonfree app “Along,” developed by a company controlled by Zuckerberg, leads students to reveal to their teacher personal information about themselves and their families. Conversations are recorded and the collected data sent to the company, which grants itself the right to sell it. See also Educational Malware App “Along”.

  • 2021-10

    EdTech companies use their surveillance power to manipulate students, and direct them into tracks towards various levels of knowledge, power and prestige. The article argues that these companies should obtain licenses to operate. That wouldn't hurt, but it doesn't address the root of the problem. All data acquired in a school about any student, teacher, or employee must not leave the school, and must be kept in computers that belong to the school and run free (as in freedom) software. That way, the school district and/or parents can control what is done with those data.

  • 2021-05

    60% of school apps are sending student data to potentially high-risk third parties, putting students and possibly all other school workers under surveillance. This is made possible by using unsafe and proprietary programs made by data-hungry corporations.

    Please note that whether students consent to this or not, doesn't justify the surveillance they're imposed to.

  • 2021-04

    A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. The researchers demonstrated a three-bug attack chain that caused an RCE on a target machine, all this without any form of user interaction.

  • 2021-02

    The Prodigy maths game played in schools at no cost entices students to play it at home, where the company tries to lure them into paying for a premium subscription in exchange for mere cosmetic features that, at school, underline the socioeconomic gap between those who can afford it and those who can't.

    The strategy of using schools as a fishing pool for customers is a common practice traditionally adopted by nonfree software companies.

  • 2020-12

    The HonorLock online exam proctoring program is a surveillance tool that tracks students and collects data such as face, driving license, and network information, among others, in blatant violation of students' privacy.

    Preventing students from cheating should not be an excuse for running malware/spyware on their computers, and it's good that students are protesting. But their petitions overlook a crucial issue, namely, the injustice of being forced to run nonfree software in order to get an education.

  • 2020-11

    According to FTC, the company behind the Zoom conferencing software has lied to users about its end-to-end encryption for years, at least since 2016.

    People can use free (as in freedom) programs such as Jitsi or BigBlueButton, better still if installed in a server controlled by the users.

  • 2020-04

    Proprietary programs Google Meet, Microsoft Teams, and WebEx are collecting user's personal and identifiable data including how long a call lasts, who's participating in the call, and the IP addresses of everyone taking part. From experience, this can even harm users physically if those companies hand over data to governments.

  • 2020-03

    The Apple iOS version of Zoom is sending users' data to Facebook even if the user doesn't have a Facebook account. According to the article, Zoom and Facebook don't even mention this surveillance on their privacy policy page, making this an obvious violation of people's privacy even in their own terms.