A new report suggests free software parents are using to track their child's online activities is doing more harm than good.
An analysis of ComputerCop by the Electronic Frontier Foundation (EFF) over eight months reveals the software is not as effective as many think and does not offer users any data protection, claims the EFF.
"Probably the biggest problem of all is that there are law enforcement agencies that aren't actually paying attention to cybersecurity," said Dave Maass in the report. "Some of the biggest jurisdictions in the country are giving out software that makes kids less safe if they use it."
ComputerCop, which can be used on both Mac and Windows computers, has two main features; one allows parents to review images and videos downloaded to the computer and search documents for keywords related to sex, drugs and hate groups, and another function provides a keylogger, which records what a user types.
According to the report, the search function is unreliable and can return a number of false positives. Not only that, but it also only works if the child uses Internet Explorer on Windows or Safari on a Mac.
The keylogger, which is called KeyAlert, has to be installed separately and records all keystrokes, including credit card information, and username and password combinations. All this information is stored unencrypted on Windows computers, while on a Mac the information can be decrypted with the default password for the software.
KeyAlert can be configured to send an email to parents if certain words are typed. ComputerCop does not distinguish between a child using the computer or an adult, so the software could be harming both children and parents by storing things like bank information right on the hard drive.
"Security experts universally agree a user should never store passwords and banking details or other sensitive details unprotected on one's hard drive, but that's exactly what ComputerCop does by placing everything someone types in a folder," said the EFF report.
"The email alert system further weakens protections by logging into a third-party commercial server. When a child with ComputerCop installed on their laptop connects to public Wi-Fi, any sexual predator, identity thief, or bully with freely available packet-sniffing software can grab those key logs right out of the air."
While ComputerCop did tell the EFF that it did not store user data, the EFF said it was a "nonsensical response," arguing that despite the fact that ComputerCop did not store user data, it still records sensitive information that is passed through a commercial server in an unencrypted way.
The EFF said more than 245 agencies in 35 states have distributed the software over the last 10 years. It runs off a CD-ROM.
