As an admin, if I have need to check if someone is using my server whithout respecting the condition I explicitely stated, is there a way to get to this user data other than changing the account passzord and login in as him ?
If so, what informations can I gather and in wich way ? (Unencrypted XMPP messages and mails, etc.)
Context : I want to setup a server with some young students to teach them about how internet services work, and what are the concrete implication of using/owning a server. But I will be ethically (and legaly) responsible of what happens there, and want to be sure to be able to stop dangerous behaviours that may occur (I’m thinking of bullying/harrasment using this server).
Hello, depending on which apps you intend to use with the students but most apps do ask for an admin account, as an admin you can moderate and overview most things used.
I can think of a technical solution and of a social approach.
The technical solution would be to hand out pre-made credentials to the children, and hack your Yunohost so that they won’t have the option to change their password by themselves.
The social approach would take more time and is probably a project in itself, to discuss (online) harassment build an environment of trust. Yeah, sounds utopic
As practical point: I just logged in to my server as admin via SSH, and su to my own user to see what information would be available to me via CLI. That is not an easy way.
It’s a difficult question and it depends of your country. For example, in European Union, young under thirteen can’t create social network accounts. And before 15, they need parent’s approval. Reading private conversations can also be reprehensible by law.
And on the other hand, some laws could ask you to moderate/censor public communication (or even survey private ones). So it really depends of your country.
Thanks for the answer, sorry for the late response, this month has been hard
Yes, of course, and I don’t even need to “hack” I think, since there is a way to prevent a user to change his/her password I think (even through the GUI admin)
That is of course one of the goals, and I don’t think it is utopic ! But true trust can only be build with understanding of powers, and being an admin means having power, so I think the “social approach” has to include some technical points too !
This is very interesting to me since I am by no mean a sysadmin. I know basic CLI stuff, but is there a way for exemple, to print out the data available by metronome, the XMPP server. Such as the date and time of messages, or even the content themselves if they are not encrypted !
TL ; DR : Yes, I will of course get parental approval. In reality, almost all of my students already have social media accounts, with minimal parental supervision, and I would rather let them know what this usage imply.
This will of course only be done with parental approval. And yes, the law is something, but often, reality is note that close… I had the idea of this project because among a group of about 50 eleven years old children, only 2 or 3 didn’t have TikTok. And I feel like the parents do not care enough for their own child safety. Not because they are stupid or careless, but because they have 2 choices :
ban their child from social media : the social cost is unbearable for the child when litteraly EVERY friend they have is there, interact, organize their social life there. A hard and violent exclusion is inevitable.
allow their child to use social media : this is a world they do not know, and do not have the time/will to understand. It is sad, but the truth. The generational gap is incredibly large, and it would take a huge amount of work that most parent cannot afford to fill it. So they let their children unattended online, full with a rightful fear, but not knowing how to act apart from just imposing time limit (which may helpful only against addiction problem, not everything else…)
Sorry for the long answer, but the subject is interesting and important to me. I am in France FYI. Apart from the legal aspect, which is important to point out, I would be happy to know what people think about this. It is not an easy problem !
FYI: I am a french part-time computer science teacher and i have an hosting company.
I had given some conferencies on this topic and also organizes some parents meeting to define class rules like no chat after 21h. I agree with you, it’s a difficult question. I have organized a debate for hackstub called “Education under surveillance” and we spoke about read chat of children… I think i will write an article with the content of the discussion.
Personnaly, for 14+ (may be less) i really believe parents or adult should not read their messages, except in case of extreme situation. But you are right, at 11, it’s an other story My point of view is we should not give smartphone at this age, but i know the reality in France: the first smartphone arrived very soon in a class room (8 or 9 years old) for a lot of children.
In parrallel, according to anne cordier’s research, i know teenagers creates several social media accounts to protect their intimacy.
In my school, if there is a restriction on smartphone in some places, they sometimes find a broken smartphone to have 2 smartphones, the one they give, the one they keep…
I warned you about the potential legal issues. And i really think you should at least explain to the parent and the child that conversation are not totally private.
Technically, some tools like nextcloud allows to impersonate to be able to login on an account without the password. Note it’s a plugin cause Nextcloud knows this feature is a legal risk in a lot of case.
It’s possible to read email by cli for example with mutt:
mutt -f /var/mail/USER
About xmpp i don’t know, i am not sure the historic of conversations are stored on the server with the ynh implementation…
Thank you so much for the time you take for this conversation !
I think I get the legal issues. I will think a lot about this before actively applying it.
I really think “Education under surveillance” as you call it is a major concern, and a difficult one. To me, learning what a private life is begins very young. I remember when I was less than 10, we would seek places outside of adult view, not to do clearly dangerous or unauthorized things, but I think it was an important experimentation to begin understand notions like responsibility, autonomy, surveillance. Parent are not behind their child ready to listen to anything, and that is the case very early in life.
But new technologies change the context, and I agree that parents should be able to ensure their child safety. And that it is difficult, or impossible, without some amount of surveillance. And again, parents are helpless, because they do not understand. They don’t seem to understand how social medias and messengers technically work, and do not follow their child culture either.
I think a major issue in this generational effect begins very early, and have similarities with the problem TV had. Screens and toy seem to be treated in to widely distinct ways :
With toys, parents play with their child, spend time interacting together with the objet and their child, building mutual understanding of their usages of the object.
Screens, on the other hand, are used like a mean to occupy children to have the time to do something else. It looks like children build their usage by themselves.
!
My point of view is we should not give smartphone at this age, but i know the reality in France: the first smartphone arrived very soon in a class room (8 or 9 years old) for a lot of children.