By Mike Olsen, CEO
To preserve the privacy of test takers around the world taking exams with Proctorio, we have purposefully designed our software to limit the information we can access. This includes refraining from using facial recognition and implementing Zero-Knowledge Encryption, ensuring that only institution-approved individuals have access to the encryption keys needed to decrypt and review test-taker recordings.
We also chose to deploy Proctorio as a browser extension. This means that as a test taker, there is no native software that you need to install on your computer, and, even though Proctorio only runs during an exam, you can uninstall or disable Proctorio immediately after you submit the exam.
To operate as a browser extension, Proctorio requests a few policy settings and permissions from test takers. Most test takers will see a permissions request that looks something like this:
Please note that the requested permissions are determined by the settings enabled by the exam administrator and can vary depending on the exam, test taker, or course.
Google controls the wording of Chrome browser permission requests, so it may not always be clear why Proctorio would request certain permissions. Here is an explanation of every browser permission request a test taker might receive and a breakdown of exactly why Proctorio requests it:
Read and change all your data on the websites you visit: To make sure test takers aren’t navigating to websites or tabs that can give them an unfair advantage, Proctorio will monitor web traffic only during the designated exam period.
Proctorio does not have access to your browser history. Institution-approved representatives will not be able to see the sites you visited prior to the start of the exam or any sites you visit after you have completed your exam.
We capture IP addresses in a truncated format so that institution-approved representatives cannot access them in full. The recordings are stored with Zero-Knowledge encryption for a length of time according to each institution’s requirements. You can read more about our security and privacy practices here.
Access your webcam and microphone: When your exam administrator requests certain settings – such as recording the video, audio, or testing environment, Proctorio will need to access the webcam and microphone during the exam and only has access to these devices while on your institution’s testing website. We do not obtain a blanket or global permission for this feature.
Display notifications: In open note exams where you could be using other programs or websites, the test window might need your attention. In this case we display a browser notification to alert you.
Modify data you copy and paste: We can not read the contents of the test taker’s clipboard. Instead, during the exam, we replace the clipboard text with our own text to prevent copying and pasting of exam content.
Capture content of your screen: This makes sure that no unauthorized resources were used during the exam that might live outside of the browsing experience or in open resource exams, this allows the exam administrator to view the work being done outside the exam.
Manage your downloads: When this setting is on, downloads are prevented only during the exam.
Identify and eject storage devices: Proctorio will simply identify “storage devices”, like a hard drive or any USB devices that are plugged in. We don’t eject any drives and this setting does not allow access to any personal files.
Manage your apps, extensions, and themes: There is a setting that allows exam administrators to “Disable Extensions” during an exam. This setting should not disable or interfere with accessibility-related technology.
Change your privacy-related settings: We use this to temporarily block the browser’s “password” fill option during the exam.
In summary, Proctorio asks an exam administrator, “what do you want to look out for?” and “flags” any conditions they’ve specified. If a test taker performs a test-taking action set by an exam administrator, we simply create a “flag” for the exam reviewer or administrator to review later and determine what happened and if it really matters. In this instance, Proctorio does not decide whether a flag constitutes suspicious behavior or any subsequent grading decisions.
Finally, a reminder that Proctorio can only do all of this during the exam.
For test takers, there’s an easy way to know if you are within an exam: the Proctorio icon on Chrome turns green. This means your exam administrator’s specified conditions are “on”. Once the exam is over, the green indicator turns off and Proctorio is no longer monitoring your device.
We know taking exams can be stressful; we hope this explanation provides test takers with more assurance that their privacy and security is taken seriously. Trust and integrity remain our top values at Proctorio; our aim is to facilitate an environment in which each test taker has equal opportunity to learn and perform at their best.
Note: This blog post was updated for clarity on June 23, 2021.