<em>LockDown Browser® is a custom browser that locks down the testing environment within Blackboard, ANGEL, Brightspace by D2L, Canvas, Moodle, and Sakai. When students use LockDown Browser they are unable to print, copy, go to another URL, or access other applications. When an assessment is started, students are locked into it until they submit it for grading. Available for Windows, Mac and iOS[sic].</em>

executed on the fly, to add the "Lock Down" features, however it currently appears to be a stand-alone browser with some resemblance to Google's Chrome. On both OS X and Windows, it is based off of the open-source Chromium<ref>http://respondus.com/products/lockdown-browser/requirements.shtml</ref>, although previous OS X versions arebelieved to have piggybacked off of Safari features. On Windows, the running user must have administrative privileges to run the student edition, however administrative privileges are not necessary to run the browser on OS X.

On Mac OS XA version for iOS (iPad-only) is also available, it requires that <em>The Safari browser must be configured to the minimum requirements as well as a version for the Learning Management System being used</em>,<ref>http://respondus.com/products/lockdowncentrally managed Chromebooks for education (k-browser/requirements.shtml</ref>indicating that it piggybacks off of Safari features, although it is unknown if it requires administrative privileges on Mac OS X12).

A == Analysis ==Only cursory analysis has been done thus far, as the author of this article doesn't have a native windows box to run Respondus on. It appears that on launch, it first connects to an unencrypted http server running in AWS, presumably to check if the version for iOS (iPad-only) is also availablecurrent, then it checks if it is in a virtualized environment.

Respondus does not ===Actual Bugs===* No support infor U2F --browser U2F requires second (expensive) device for other [[gp:2FA|2 Factor Authentication]] methods* Easily circumvented** Most students have second computer (i.e. Smartphone), making which can be used for cheating (i.e. Google searching)** Circumvention methods disadvantage students of lower income, who do not have second device.* No Linux version, disadvantaging students promoting the use of 2FA at VT more difficult <b>free software</b>* Does not prevent collaboration in out-of-class testing* Superfluous for courses using Respondusin-class testing, where students are visually monitored anyway** At most just promotes lazy proctoring of exams* Cannot take multiple tests within a single session* Requires administrative privileges which may not be available on multi-user machines* Hostile to users of password managers === Open questions on debugging ===* Is a TLS cert chain bundled, or can it be MITMed?* What kind of protocol does it use to authenticate that it is respondus** A Kerberos-like protocol would be optimal, but I'd be surprised if they did it* Does the binary do any integrity checks?* Does qemu-only emulated devices adequately obfuscate that it runs in a VM? Doesn't seem to