So I saw this the other day:

An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions.

…yeah, the lede has an error. Either the number of affected students is very inflated, or (more likely) the hack didn’t just affect the US. The devs’ webpage has language options for English, Spanish, German, Italian, Dutch, Portuguese, Japanese, and Korean…

But anyway. The devs responded by disabling Canvas for the time being… shortly after they tried saying the “incident” was minimal and “contained.”

They also said at the same time that breached info didn’t contain anything too sensitive like passwords and IDs, so take that for whatever it’s worth. The hackers claimed to have users’ phone numbers and billions of messages…

…which I choked on a bit, I know from experience how shitty that kind of “official” chat app can be, with its over-moderation and rampant self-censorship. The best users can hope from in such a system is that a parallel system is available; any student who entrusted anything sensitive to a Canvas message was just begging to be hacked.

The system wasn’t fully restored for four days. Some schools were in the middle of finals; here’s hoping they had contingency plans, or that they were using a part of Canvas’s “environment” that was only down for a matter of hours…

…who am I kidding? Of course they didn’t have contingency plans. Some of them probably didn’t even have their coursework backed up outside Canvas’s system.

(quavering old-man voice)

Back in MY day, we didn’t have any fancy-schmancy interlinked mobile apps to give us assignments, with our parents copied in. Since we were all being corralled and herded around a government building by government functionaries anyway, we were given the assignments in person. Uphill, both ways.

(/ quavering old-man voice)

Welcome to the brave new world, where students who are required by law to gather in person are still required to have an app to communicate, and where random Net outages can fuck over millions of people at a time.

Goddamn am I glad I didn’t have to deal with this shit as a teenager.

P.S. I wonder how the recent drive to technologize schooling interacts with the recent efforts to kick kids off of their phones. My first guess would be “badly” as some of the parallel systems I mentioned above would be closed off… or maybe (more cynically) that’s considered a feature.

P.P.S. I noticed that Canvas’ teacher app is rated lower than the student or parent apps, for valid-sounding bugginess reasons (or maybe the reviews on the teachers’ app are just less botted, because installing it is a job requirement). I also noticed that the app pages’ permission lists and data-safety sections disagree on whether the apps track location…