
last year, like Many new parents, I’m walking the extreme tightrope of keeping my young children healthy and happy. When my daughter left infancy to be a more conscious toddler, I decided it was time for her to start preschool. When I think about the health risks over and over, it’s better than her staring at four walls in the living room.After several internet searches and some phone calls, I chose a close and There are vacancies (hard to come by). When I started the registration process, I saw a large bag of flyers that immediately plunged me into a new set of worries I didn’t want to deal with: “We also use Brightweel, a mobile app to log attendance, share milestones, and let Parents are kept up to date on daily interactions.’”
I don’t know what other parents are thinking at this point, but I do privacy and security oriented work as my day job at the Electronic Frontier Foundation, so I couldn’t help but watch the security controls Brightwheel gave me as a parent. This is my child’s data left to some companies. Don’t get me wrong, the app offers some comfort in seeing my baby smile, make friends, and enjoy riding a bike while playing outdoors. especially Oversee every aspect of their life during the first week that you are away from the field for the first time. But looking at my account, I see very few settings that speak for security. There’s a PIN to check them in and out, but that’s about it.
For several months, I looked at the huge amount of data that this app shared and stored every day. Diaper changes, story time pictures, nap time, and more. The more data I saw about my daughter, the more worried I became.
By October 2021, I can’t sit still anymore. I wouldn’t call myself a hacker by most people’s definitions. But in this case, for my daughter, being a mother means doing everything I can to keep her safe. So I embarked on a months-long deep dive into the early education field of apps — and didn’t like what I found.
I am lucky to be where I work. After some cold emails and some networking, a coworker (also a new parent who was asked to use Brightwheel) and I finally met a real person at the company. In a sense, the conference was productive, and Brightwheel seemed to understand the concerns, but confirmed just how far the industry lags behind in terms of privacy and security protections.
For example, a very basic and well-known protection is two-factor authentication. You know how some services now require you to enter a one-time password in addition to your password? This is two-factor authentication that gives you a huge benefit in terms of security.it’s spreading fast, at least offerings Today, it’s almost an industry standard.
Brightwheel now offers two-factor authentication for all school or daycare administrators and parents, but it’s the only one that does. This is nonsense.