As part of the work of the Privacy Evaluation Initiative, we are publishing a list of vendors and websites that both support and require encryption on login -- that is, they enforce secure interactions between the browsers used by students and teachers and their websites upon exchange of user credentials such as usernames and passwords. Sites that are secure have an https:// in the URL and are visually indicated with a green lock next to it in most browsers on such pages. This level of security is a best practice that really should be standard in the industry by now (it means no one can read someone's personal information, even on an open wireless network, and even contributes to something as basic as search engine rankings).
As part of publishing this list, we need to highlight what this list means and what it doesn't mean. There are many good reasons a vendor might not be on this list, including:
- The vendor only offers a private login for subscribers;
- the vendor's service doesn't require a login;
- the vendor's login varies based on client, so every customer has a different subdomain;
- or we have not yet tested the specific vendor at this time.
So, just because a vendor isn't listed doesn't mean the vendor failed. If there is a company or service you'd like to see on the list, please let us know. Our list is representative but not all-inclusive, and it is growing all the time. We will continue to run this survey at least quarterly and update the list accordingly. The list of sites surveyed comes from the districts supporting the Privacy Initiative and are among the most used in classrooms and for homework by K–12 students.
This list only covers applications with logins over the web. It doesn't cover mobile apps yet. However, including mobile apps in our encryption survey and on the list of secure edtech products is on our road map.
When we ran the first survey in October 2016, we had many long conversations about how to share the results. In these conversations, publishing a list of sites that did not support encryption on login was not widely supported. We don't do this work to call people out. We do this work to provide resources so we can all do a better job creating and using technology to support inquiry. We spend a lot of time talking with vendors, teachers, district staff, parents, and students, and the overwhelming majority of people want to do the right thing in the right way. Within the Privacy Evaluation Initiative, we look to honor and respect that intent. Over 600 edtech websites are listed as doing the right thing, while over 500 either do not require or enforce encryption. Our hope is that this latter number decreases, substantially and as a proportion of sites and vendors surveyed in the coming quarters.
If you want to submit a site for inclusion (for example, if you're a vendor and you want your site to be included on the list), add the site via the form embedded below. If you want to evaluate a site to see whether it supports encryption prior to adding it to our list, running a basic test is pretty easy. Once a site has been submitted, we will check the login URLs to ensure that the site supports encryption, and if so, we'll add it to the list.
With those preliminaries out of the way, head on over and check out the list of Secure EdTech Websites!