I went to a Dutch high school that used Google Accounts for email, and they once caught some students "cheating" on a group project (i.e. collaborating in larger groups than they were meant to collaborate in, I guess) via email. This made me suspect that the admins could read our school email (which people also used to talk about various other stuff, which I guess was unwise). I don't know if that was actually how they found out, but it made me very conscious of email privacy (or lack thereof).
Even if it was personal email/social media I've see school computers continually log to disk a low-framerate screen capture of the student's screen. They could also watch it in realtime. My school also had keyloggers installed and while admin insisted that they would not use any captured usernames and passwords they certainly had the capacity to do so.
I think there was some news in the past where some schools took this even further with webcam and mic access, though I didn't experience this.
On a school or work computer that you don't control assume someone is watching behind your shoulder at all times, and reading every word you type. Whether if that's the case or not.
I have worked for a MSP supplying internet services and groupware to institutions, and can tell you that the business and technical requirements for schools are almost indistinguishable from those of prisons.
>> On a school or work computer that you don't control assume someone is watching behind your shoulder...
And also every computer running software you don't own/control. If you really care about privacy you really need to be running Linux on personal machines.
Yeah, that's also terrible. But this was an email account that we could access from our personal computers (they didn't give us a laptop) so at the time I didn't realize that they would be able to read it. IMO, it would have been good if Google had shown some warning or so, that that's the case.
I mean, of course the email admins can read your email? Maybe I have a skewed perspective as an old school sysadmin, but when I managed servers that had mail services running on them obviously root can just read everything on disk and we even had spam filters that scanned the email content which is impossible if we couldn’t read all emails.
An old (school sysasmin) or an (old school) admin?
FWIW in a lot of SaaS companies having read access to production data for regular workflows is absolutely unthinkable. In my opinion the users who expect that their private communication is not read have it right.
A long long time ago I remember a sysadmin opened a senior director's email on his computer. He wasn't the type to do something like this, but he recently bought a house, and kids were the likely next step. The senior director in question would likely have been involved in layoff discussions. Unfortunately an email had a read receipt, so the sender got a messaging saying that "sysadmin read your email"... So he got the sack.
They were using Gmail though. Either the school could get privileged access since they presumably used organizational accounts, or they did TLS MITM with network proxies.
Maybe, but it should be disclosed, at least, and students reminded to only use these accounts for school-related stuff, then. And even then, I'm not sure that there should be no privacy in school accounts - what if you want to complain about a teacher? What if that teacher happens to be an admin and retaliates? Sure, there may be cases where having some oversight is good, but it's not necessarily clear-cut.
Having the technical possibility doesn't mean you have the moral, corporate and legal rights to use that possibility.
Be it emails, databases, file servers, anything reading content from anything else but a test account/db/folder is a no go for a sysadmin/dba unless given explicit consent by the user owning that content.
This is not what the law says. This why courts absolutely will rule against such practices. And this is why if some person goes to court against that, the snooping admin will get into quite some trouble.
There is a big difference between being able to do something and being allowed to do something.
Of course the right to privacy applies to children as well, and to messaging in school between peers, just like in civilized jurisdictions it's illegal for employers to read read email between employees.
Please read up on the relevant legislation in NL before displaying your ignorance. Employers don't even have blanket access to their employees' email accounts because of privacy laws. The laws concerning minors are even stricter.
Thankfully in Finland that would be massively illegal. The contents of letters and by extensions by email is so strong that employer or school would need to get specific permission to even try to access the headers.
It's illegal in many places, but happens everywhere. If the tools allow it, even if it's not the intended use for a feature, people will do it in the worst ways eventually.
This applies for school staff managing student emails, startup founders managing cloud apps for staff, and Google employees... in general.
The problem is email is a plain text format end to end, so all those emails are just text files on disk. In various situations admins might end up seeing mail headers and contents even if they don’t want to just by investigating various issues. Acting on that content is a different question though.
If this wasn't too long ago you should report the case to the AP since it was likely illegal even before gdpr was a thing. Depending on how the email was offered this could be a major violation of privacy. Even in commercial employer/employee instances you do not have a carte blanche and in cases of students it's even more murky especially if it was done without adult consent.
That's why you use public key cryptography, for example with a Precursor.
Problem with ProtonMail is its JavaScript. If we want to use e-mail with public key cryptography (perhaps we shouldn't), we need to use standards which work in any MUA, and are completely FOSS.
I believe we are better off with a protocol which has a FOSS reference spec, is federated, and from the ground up build with privacy and security in mind.
i am a long time proton paid user but im in the process of moving business to fastmail.
Here is why:
- No autofwd. This is essential for any business Fastmail has this.
- No imap/ POP (usecase: integrating with clickup email)
- no iOS calendar app
- recent pricing changes
- pricing on a per domain basis
Ive wanted to support proton and ive paid to so that for a while, but my understanding is that product releases are very slow.
Ive come to believe that protons cadence of releases is not sufficient for a regular business that has to move faster to keep with competition.
I was a big supporter of proton, but starting a business using the proton suite now is a poor and expensive business decision.
i hope this changes in the future.
My criticism is on the business plans. Personal may suffice for most needs.
(Email search is a pain, but that is the sword you fall on, given encryption)
Yes but is Microsoft any better from a data privacy/ownership standpoint? They’re an American company too and they have an ad business. How is Microsoft different for Europe?
Yeah of course, gsuite administrators can access everything, and because gsuite admins are just modern-day instances of bofh-type obnoxious IT guys, there's no way you'll convince them to give up those powers.
I don't know about Google for Education, but the business flavor doesn't let you spy the email of your users, at least I haven't found it. There are ways that allow you to copy every email to an "audit" address, if you're persistent enough, but good luck managing that mess and liability.
There's the option of quarantining emails that have specific keywords. That's the likely way to catch students discussing cheating, attachments and all.
Edit: as the comment below has pointed out, this might not be true. Different editions have different tools, the one i use is not the most complete.
I think ChromeOS is the hardest. Having a computer that completely reinstalls itself from the cloud when the user 'inadvertently' breaks it, is huge for schools.
For companies it's not a big deal because their users know what responsibility is. And you can fire them otherwise. Schools don't have that privilege.
From what I saw when I worked at one large sized company that had an in-house tech support, they literally just install and image. Connect a cable to the laptop and install an image. You would go in there and they would have 3-4 being reset for a new employee to have.
Remember, most people at work are not responsible for their computer working. In IT we are because we're doing more advanced things and we're technically able to keep it working and to fix it. However, the HR person, the sales person, etc they are not. And most countries have laws where the employer has to provide working tools, the employer is responsible for providing you with a working laptop and if it breaks it is their responsibility to fix it.
Honestly I half wish we had some kind of supergiant company on this side of the pond too, despite the drawbacks that brings at least it would guarantee some sense of digital stability.
I've had my gmail account for probably more than a decade now and have never had to worry about it going amiss, meanwhile I look at this list of barely legit sounding names (aside from Proton) and wonder if any of these will be still around in a few years.
Web.de was founded in 1995 and GMX in '97. Both now belong to the gigantic German United Internet AG founded in '88 which currently has roughly 10,000 employees and EUR 5.5bn revenue.
I'm pessimistic. Whatever European alternative that will pop up to serve this market will hardly be fit to compete internationally, selling to schools and governments means jumping through hoops to provide an adequate service at an adequate price, that's not the way to build a FAANG competitor. Aside from Spotify there really isn't any top-tier European internet companies with global reach. It's even worse in consumer electronics. There are bits and pieces in other tech, but really, challenging the US isn't a reasonable goal at this point.
Well that’s just not true. And a webpage of “European Alternatives” that 99.99% of Europeans have never heard of, much less come even remotely close to adopting, means nothing.
Here is a great experiment you can do. Use an app like for example Netbalancer that can show you bandwidth use per app.
Launch your locally installed PowerPoint. Note I am not talking about Office 365 but a locally installed Office component. Start some internal presentation to your fellow workers, just presenting, no editing or creating a new presentation. Amaze yourself at it sends data to Microsoft at the rate of 4 to 5 MB/s. Yeah...just try it.
> Amaze yourself at it sends data to Microsoft at the rate of 4 to 5 MB/s. Yeah...just try it.
Amazing is too small a term. Unacceptable is more like it. Wow. Why do companies that spend a significant amount of money on securing their infrastructure fall for this?
Highschools demand students buy a Windows laptop, preferably some overpriced piece of crap with a few applications pre-installed from their 'preferred partner' who also happens to be a Microsoft representative.
It's way beyond despicable but I'm too tired to fight it so I've caved in and bought a Windows laptop for one of my kids to use for highschool. It disgusts me that Microsoft manages to extract a tax on every kid in highschool and that schools allow themselves to be used as a part of the marketing and sales arm of a multinational company.
Tweakers podcast of last week I think (in Dutch so I might as well paraphrase it translated). The topic was chromebooks and how it's convenient and easy for a lot of schools
> I went to buy a laptop for my son's new school last week. When I heard it was required, I was expecting some list of hardware requirements but no, the list I got had exactly one specification: Windows.
Schools also do free advertising for Microsoft products, at least in all of the schools where I went to until ~5 years ago. At minimum once a year we were made aware of the fact that we could get Microsoft products like Office at steep discounts from their new online store which they were so proud of and thankful for. Benevolent microsoft letting us get used to their ecosystem for prices we could actually afford, but not free! Still gotta make that profit!
Not sure why they didn't also advertise for libreoffice which, last I checked, is even cheaper and an even better protip (better compatibility if we would just not force each other to keep using the proprietary thing). I guess they just didn't feel like the libreoffice foundation was giving them free money the way that microsoft pretends to.
It gets even more ironic if you realize that schools fall in the 'semi-government' category and thus it's legally required (not optional) to use open source software unless that's impossible, and if it's impossible then it needs to be documented why it's impossible. In practice, you can guess how much this law is followed. I never heard of any consequences for not following it.
TL;DR: legally, there is the opposite of a microsoft requirement, except many schools require both Windows and Office in practice
Shortly after the height of the Merkel/NSA hacking scandal, when EU member states were most upset that US spying had been disclosed to their electorate (making EU politicians look weak in front of the voter). The EU kicked off an internal project to try and build a gmail replacement. Their plan was that customer number 1 would be all the educational establishments on the continent. They even got as far as checking out buildings to lease from paper manufacturers, to turn into data centres. Eventually that project went away, but I don't think we’ve seen the last of it yet.
That they tried to build their own data centers is a red flag. Not because its a bad idea, but I think you need to establish product-market fit for a software product before laying down serious hardware.
You don't have to establish product market fit in order to provide services to your own institutions. It's a great idea to piggyback on your own needs to create services that could be expanded to the general public.
I cannot for the life of me understand why public education institutions everywhere don't use Linux and open source software. For things like writing papers and doing research, Linux is more than enough. Plus it would give students a head start into understanding how computers actually work, which is arguably the most crucial skill for students today.
Because Microsoft has spent billions on lobbying and spreading FUD in every educational institution and government across the world ranging from national to local governments to convince them that Windows and Office are the only usable suite of tools. So Word documents are now the lingua franca in the office.
Well, once upon a time, I decided to break through the FUD, and convinced my local school to try teaching on Linux.
Problem is, after three months of work, I wasn't able to reliably deploy the OS to a room of computers and connect it to the school network - even though I worked as a Linux server admin before that. Every single computer (all the same, with serial number one after the other) had a different set of issues that made it completely unusable. Many of ones I got kinda working got broken after a few rounds of updates.
Windows just worked right after installation. The year of Linux desktop is still not there.
For things like writing papers and doing research, Linux is more than enough.
This is simply false. A lot of fields use specialized software that is only available on Windows and sometimes macOS. For instance, my wife works in neurolinguistics where most standard software for doing things like analyzing EEGs is for Windows.
However, I agree that this may be true in other branches of education. E.g. in our daughter's primary school they use Chromebooks. They are used as glorified 'web terminals'. I can see why a mutable Linux distribution would be awful from a maintenance perspective, but an immutable Linux system like Fedora Silverblue would probably work as well as ChromeOS.
This is also a failing of the Dutch government and the EU, leaving things to the market, rather than taking initiative and making a standardized education platform.
My field (theoretical physics) has the opposite problem. Almost all tools support only Linux but university infrastructure and incoming students are Linux-illiterate. A Linux strategy would greatly improve the quality of education.
At my previous company we were all in on Google Cloud, mostly for technical reasons as we felt it worked better for us than AWS.
When it came to whitelabelling our product for a big multinational customer, they really liked that we were hosted on GCP and not AWS because they considered Amazon a competitor and couldn't justify paying AWS as a result.
Privacy concerns aside (which I believe are overblown for GCP, strong walls around customer workloads), competition concerns are big for many companies, and Amazon is out there trying to compete with almost everyone in retail and services now. I can only imagine this is going to get worse.
Disclaimer, I now work at Google but not on any of this stuff, this is my personal opinion.
Readit News
Now I work at ProtonMail, so go figure.
I think there was some news in the past where some schools took this even further with webcam and mic access, though I didn't experience this.
On a school or work computer that you don't control assume someone is watching behind your shoulder at all times, and reading every word you type. Whether if that's the case or not.
And also every computer running software you don't own/control. If you really care about privacy you really need to be running Linux on personal machines.
FWIW in a lot of SaaS companies having read access to production data for regular workflows is absolutely unthinkable. In my opinion the users who expect that their private communication is not read have it right.
Deleted Comment
Be it emails, databases, file servers, anything reading content from anything else but a test account/db/folder is a no go for a sysadmin/dba unless given explicit consent by the user owning that content.
There is a big difference between being able to do something and being allowed to do something.
This applies for school staff managing student emails, startup founders managing cloud apps for staff, and Google employees... in general.
https://developers.google.com/admin-sdk/directory/v1/guides/...
Problem with ProtonMail is its JavaScript. If we want to use e-mail with public key cryptography (perhaps we shouldn't), we need to use standards which work in any MUA, and are completely FOSS.
I believe we are better off with a protocol which has a FOSS reference spec, is federated, and from the ground up build with privacy and security in mind.
Here is why:
- No autofwd. This is essential for any business Fastmail has this. - No imap/ POP (usecase: integrating with clickup email) - no iOS calendar app - recent pricing changes - pricing on a per domain basis
Ive wanted to support proton and ive paid to so that for a while, but my understanding is that product releases are very slow.
Ive come to believe that protons cadence of releases is not sufficient for a regular business that has to move faster to keep with competition.
I was a big supporter of proton, but starting a business using the proton suite now is a poor and expensive business decision.
i hope this changes in the future.
My criticism is on the business plans. Personal may suffice for most needs. (Email search is a pain, but that is the sword you fall on, given encryption)
Not sure if/what other admin tools they might have
There's the option of quarantining emails that have specific keywords. That's the likely way to catch students discussing cheating, attachments and all.
Edit: as the comment below has pointed out, this might not be true. Different editions have different tools, the one i use is not the most complete.
Deleted Comment
https://european-alternatives.eu/category/cloud-computing-pl...
It should be easy to replace most of the services.
For companies it's not a big deal because their users know what responsibility is. And you can fire them otherwise. Schools don't have that privilege.
Remember, most people at work are not responsible for their computer working. In IT we are because we're doing more advanced things and we're technically able to keep it working and to fix it. However, the HR person, the sales person, etc they are not. And most countries have laws where the employer has to provide working tools, the employer is responsible for providing you with a working laptop and if it breaks it is their responsibility to fix it.
Dead Comment
I've had my gmail account for probably more than a decade now and have never had to worry about it going amiss, meanwhile I look at this list of barely legit sounding names (aside from Proton) and wonder if any of these will be still around in a few years.
If you use VSCode don't forget telemetry is enabled by default.
Here is how to disable it: https://code.visualstudio.com/docs/getstarted/telemetry
I refuse to touch any Windows 10 machine that did not go through this:
https://github.com/W4RH4WK/Debloat-Windows-10
https://gist.github.com/gvlx/b4d4c5681900ca965276fc5c16fe852...
(Warning: Use at your own risk)
Here is a great experiment you can do. Use an app like for example Netbalancer that can show you bandwidth use per app. Launch your locally installed PowerPoint. Note I am not talking about Office 365 but a locally installed Office component. Start some internal presentation to your fellow workers, just presenting, no editing or creating a new presentation. Amaze yourself at it sends data to Microsoft at the rate of 4 to 5 MB/s. Yeah...just try it.
Amazing is too small a term. Unacceptable is more like it. Wow. Why do companies that spend a significant amount of money on securing their infrastructure fall for this?
It's way beyond despicable but I'm too tired to fight it so I've caved in and bought a Windows laptop for one of my kids to use for highschool. It disgusts me that Microsoft manages to extract a tax on every kid in highschool and that schools allow themselves to be used as a part of the marketing and sales arm of a multinational company.
> I went to buy a laptop for my son's new school last week. When I heard it was required, I was expecting some list of hardware requirements but no, the list I got had exactly one specification: Windows.
Schools also do free advertising for Microsoft products, at least in all of the schools where I went to until ~5 years ago. At minimum once a year we were made aware of the fact that we could get Microsoft products like Office at steep discounts from their new online store which they were so proud of and thankful for. Benevolent microsoft letting us get used to their ecosystem for prices we could actually afford, but not free! Still gotta make that profit!
Not sure why they didn't also advertise for libreoffice which, last I checked, is even cheaper and an even better protip (better compatibility if we would just not force each other to keep using the proprietary thing). I guess they just didn't feel like the libreoffice foundation was giving them free money the way that microsoft pretends to.
It gets even more ironic if you realize that schools fall in the 'semi-government' category and thus it's legally required (not optional) to use open source software unless that's impossible, and if it's impossible then it needs to be documented why it's impossible. In practice, you can guess how much this law is followed. I never heard of any consequences for not following it.
TL;DR: legally, there is the opposite of a microsoft requirement, except many schools require both Windows and Office in practice
"Google Chromebook outlawed in Danish public schools"
https://news.ycombinator.com/item?id=32142927
(77 points, 73 comments)
Problem is, after three months of work, I wasn't able to reliably deploy the OS to a room of computers and connect it to the school network - even though I worked as a Linux server admin before that. Every single computer (all the same, with serial number one after the other) had a different set of issues that made it completely unusable. Many of ones I got kinda working got broken after a few rounds of updates.
Windows just worked right after installation. The year of Linux desktop is still not there.
This is simply false. A lot of fields use specialized software that is only available on Windows and sometimes macOS. For instance, my wife works in neurolinguistics where most standard software for doing things like analyzing EEGs is for Windows.
However, I agree that this may be true in other branches of education. E.g. in our daughter's primary school they use Chromebooks. They are used as glorified 'web terminals'. I can see why a mutable Linux distribution would be awful from a maintenance perspective, but an immutable Linux system like Fedora Silverblue would probably work as well as ChromeOS.
This is also a failing of the Dutch government and the EU, leaving things to the market, rather than taking initiative and making a standardized education platform.
When it came to whitelabelling our product for a big multinational customer, they really liked that we were hosted on GCP and not AWS because they considered Amazon a competitor and couldn't justify paying AWS as a result.
Privacy concerns aside (which I believe are overblown for GCP, strong walls around customer workloads), competition concerns are big for many companies, and Amazon is out there trying to compete with almost everyone in retail and services now. I can only imagine this is going to get worse.
Disclaimer, I now work at Google but not on any of this stuff, this is my personal opinion.
Are you sure that's a technical reason?