1

Can the internet administrator on my school where I teach see what I'm uploading to my students on Blackboard. I.e. if I upload a file: "exercises_class1A.pdf", would they be able to see and open the files that I upload to my students? Or would they only be able to see some "activity" from my side?

schroeder
  • 129,372
  • 55
  • 299
  • 340
Joey Adams
  • 111
  • 3
  • Where are you uploading?What control does admin have?What is the whole setup here? – yeah_well Nov 23 '20 at 20:34
  • Let's say I'm logged on the schools internet and connected. Now I go to "BlackBoard" that we are using at the school. I upload a pdf file to my students.

    Of course the system administrator on BlackBoard can get acces to the course page I have, but would the internet administrator be able to see what I uploaded to my students assuming that I'm only connected to the internet?

     – Joey Adams Nov 23 '20 at 20:38
  • If your students can access the file it would stand to reason that any kind of admin could too. Is that what you are asking? – browsermator Nov 23 '20 at 21:02
  • 1
    Please add that essential context to the question, along with: are you using a school owned computer, or do you have the school's CA certificates installed? Is the site in question using HTTPS? – multithr3at3d Nov 23 '20 at 23:54

2 Answers2

2

Too many missing pieces of information so instead of peppering you with questions I'll go with a Straw Man then take it apart.

Assuming a baseline configuration of a secure HTTPS to the server you are uploading to, then no, the school admin would see only encrypted traffic to the server.

If it's not HTTPs (or otherwise secure connected) then the school admins (here after referred to as "They") are capable of seeing full content.

If They have access to the server with appropriate permissions then They can of course see the content.

If They have an agreement with the server to provide logs or such, then They can determine content.

If your use of the school network requires a school supplied cert to get through the school gateway, odds are They are decrypting as a Man in The Middle (MiTM) and can see full content.

Third parties, such as the students, can forward content to anyone.

The school supplied computer you are using may have monitoring software capable of providing content and activities as monitoring logs.

Short answer: They probably don't but best to assume that They can and do!

user10216038
  • 8,123
  • 2
  • 18
  • 22
1

This question is too broad. It depends on how you're uploading materials for your students.

Emailing your materials

  • If you're emailing them using a personal account (e.g. john.doe@gmail.com) to your students' personal accounts, the school should play no part in the delivery.
  • If you're using a staff account (e.g. john.doe@university.edu.com) and the contents of your email is stored in the school's server, in which case administrators may be able to view your email if it's stored without using your passwords/tokens to encrypt your emails, since they would have all your emails stored on their server.
  • If you use your staff account but it's hosted by a third-party service (e.g. Gmail), it will depend on the specific service hosting the emails & your school's contract with said service
  • If you use your personal email to send it to your students' student emails (e.g. student123@uni.edu.com), your emails will go through the school's server, usually for spam filtering, in which case an administrator may be able to view your emails.

Hosting your materials on a 3rd party service

If you host your materials on a service not affiliated with your school, the school should have no access to said materials

Hosting your materials on a server owned by the school

If you're put your materials on a server managed by your school, the school will certainly be able to get the materials. It's like you're putting your confidential papers in someone else's safe; it's their safe which they have full access to.

A third-party file hosting service outsourced by the school

I'm not familiar with BlackBoard, but if they're a service outsourced by your school, this depends on whatever contract the school has with BlackBoard. If BlackBoard grants access to your activity logs to the school, they can see it.

If you yourself outsourced BlackBoard (the school was not involved in signing up with the service), the school has no role in the service, and thus has no access to your activities.

Note on file sharing & permissions

In my experience, I've found that misused file sharing & permission are often a bigger problem. For example, you upload materials for your class but everyone in the school can view said materials because you changed some permissions temporarily to share with someone else but forgot to change it back. I've seen a good amount of class materials in my own university's file hosting/sharing that were meant for 1 class but can be viewed by others. This is not a problem with the school's security, but of your own mismanagement of your files.

The bottom line

If your school has no play in the delivery of your materials (e.g. direct emails using personal accounts), they should have no legal way to access them unless someone (e.g. your students) shows them to the school.

If your school is the one hosting the storage and/or emails you're using for the delivery, you should assume they can (and do) see everything you're sending to your students. Their server, their rules.

I would worry more about user misuse than the school trying to snoop on your activities. Very often, the users are the ones leaking sensitive data, intentionally or not, and your students (as well as yourself) should be expected to share your materials to others, and will sometimes misuse file sharing & permissions, which lead to unintentional data leakage.

ChocolateOverflow
  • 3,482
  • 4
  • 18
  • 35
  • It was mentioned in comments that they were using the Blackboard system to upload. I have edited the question to reflect that – schroeder Nov 24 '20 at 07:58