Last year, like many new parents, I was walking the extreme tightrope of keeping my young child healthy and happy. When my daughter left the stages of infancy into becoming a much more aware toddler, I decided that it was high time to put her in preschool. It was better than her staring at the same four walls of the living room while I contemplated the health risks over and over. After a few internet searches and some phone calls, I chose one that was close and had spots open (which was pretty hard to obtain). When I started the enrollment process, I saw a flyer in the huge packet that immediately threw me into a new set of worries I didn’t want to deal with: “We also use Brightweel, a mobile application to log attendance, share milestones, and keep parents up to date on daily interactions.'”
I don’t know what goes through other parents’ minds at this point, but I do privacy- and security-oriented work as my day job at the Electronic Frontier Foundation, so I couldn’t help myself from looking at the security controls Brightwheel gave to me as a parent. This was my child’s data left up to some company. Don’t get me wrong, the app provided some comfort, allowing me to see my baby smiling, making friends, and enjoy riding bikes during outside playtime. Especially in that first week when you aren’t there to oversee every aspect of their life for the first time. But looking at my account, I saw very few settings that said anything about security. There was a PIN code to check them in and out, but that was about it.
Over several months, I looked at the gigantic amount of data that was being shared and stored by this app every day. Diaper changes, story time pictures, nap times, etc. The more data about my daughter I saw, the more my worry grew.
By October 2021, I couldn’t sit on this any longer. I wouldn’t call myself a hacker by the definition in most people’s heads. But in this case, for my daughter’s sake, being a mother means doing everything in my power to keep her safe. So I began a months-long dive into the early education landscape of apps—and didn’t like what I found.
I am lucky in where I work. Some cold emails and a little networking later, a coworker ...