Remote testing service Honorlock is using fake answer sites to tempt and catch students who try to cheat on online exams, according to a report by The Markup. When a student visits one of these “honeypot” sites during an online test, the site automatically sends data back to the student’s remote testing software, indicating that the student is attempting to cheat.
Honorlock is used by over 300 educational institutions
As noted on Honorlock’s site, the service is used by over 300 educational institutions, including the University of Maryland, University of Florida, Arizona State University, and the University of Massachusetts Boston. At its core, Honorlock taps into students’ webcams during tests and uses AI to alert remote human proctors of any suspicious activity, such as if a student takes out their phone during an exam.
But, as The Markup notes, it also uses what it calls “seed sites” (PDF), where it hosts “seeded test questions to help detect use of secondary devices or other conduct prohibited by Testing Organizations.”
Kurt Wilson, the student interviewed in The Markup’s report, compiled a list of honeypot site addresses used by Honorlock. There are currently five active domains: examequip.com, buzzfolder.com, gradepack.com, quizlookup.com, and wikicram.com. Each site is quite plain-looking, and all of them feature a homepage that contains a generic list of tips for students. Under their “Blog” tabs, you’ll find a collection of random test questions, with every question presenting two options: “Show Answer” and “Hide Answer.” Click either option, and you’ll hear a strange chime from your speakers — no answer is ever revealed or hidden.
Honorlock even has a patent for the technology behind its honeypot sites, which goes into more detail about what kind of information these sites collect. When a student accesses one of these sites, it sends their IP address, device information, mouse movement, clicks, and anything they type to Honorlock’s server. The Markup confirmed this when digging into the sites’ source code and network activity. Its honeypot sites also claim they can detect if a student is using a secondary phone, tablet, or another device to access answers by comparing IP addresses between devices.
Other test proctoring tools have been criticized as well, especially as schools and instructors struggled with implementing at-home testing-taking in the midst of the COVID-19 pandemic. In 2020, one technology specialist at the University of British Columbia criticized his school’s use of exam proctoring service, Proctorio, and got sued by the company for exposing the ways it tracks students’ “abnormal” eye movement and records students’ rooms during exams. Another service, Examity, uses live human proctors to watch students take tests through Zoom.
While cheating is a problem, I don’t think this level of counterespionage surveillance tactics uses the best approach to prevent it. Remote testing services can already potentially compromise students’ privacy and may fuel unnecessary anxiety, as students worry as much about trying not to seem suspicious as getting the right answers.