Benign spyware recommendations?

[dvandom]

One of our research projects could use a good piece of software that could track activity about as well as a web server, a sort of benign spyware.


Okay, so we've got this online tutoring system we're developing, and a high school has agreed to participate in the alpha. Everyone at the school has a laptop, but not everyone has reliable internet access. So we're thinking of just dumping a working copy of the website onto a DVD and providing that to the non-net-enabled students.

The problem is that such a copy won't let us know how the resource is used. The ones who log into the real thing we can track in all the usual ways. We can see where they clicked and when, what they typed, etc. We'd like that level of recording on the offline participants too, but the only thing we currently have is a "record a movie of their screen" program. And aside from being an utter resource hog, that program requires licenses.

So, I figured I'd ask around here, since plenty of people I know on LJ are techie sorts who might have (cough) experimented with spyware. Is there a sort of benign spyware that we could include with the DVD so that we could get student usage info? It'd have to be fairly small and unobtrustive, and most importantly it'd need to be easily removed after the experiment was over. They're all probably Windows laptops, but something with available Mac and Linux ports would be nice too, just in case.

There's probably other FERPA-related and IRB-related details we'd need to worry about, but if any of y'all know some good starting points I can pass them on to the relevant grad students, who can see which ones pass legal muster.

Comments

[jarodrussell.livejournal.com]

Most web servers include a logging function. Why not just check that every so often?

[dvandom.livejournal.com]

Yes, the point is to replicate this in an offline fashion for those who are using the page-on-a-DVD version.

[jarodrussell.livejournal.com]

I get that. I mean if the offline versions are using a web server on their computer, can you use those, local logs?

[dvandom.livejournal.com]

Well, what would be a program that would dump that info to us?

[scavgraphics.livejournal.com]

putting something on the computer itself could get you in legal trouble.

IF it's a website on a disc, though, you could put a script on a page that sends a secret email....

Except you're dealing with non-net machines...

Do they return the dvds?

But dvd's aren't writeable, so that idea's out.


Have you considered hiring some ninjas?

[5eh.livejournal.com]

agreed with the ninjas. preferably accounting ninjas.

(you'd need a pretty hardcore EULA for this)
how about ...
- in the install package is a program that creates a log file of user info
- it pings for intertubes access every time the user runs or closes the program, if there is intertubes, it uploads the user info file

So my answer is, no, I don't know of a program that does this offhand, but I'm thinking of the error reporting that Windows has for when a program crashes.

[dvandom.livejournal.com]

I'm not too worried about the EULA end right now, that goes through our IRB and is Someone Else's Problem. I'm just seeing if there's a technical solution out there I can point the grad students at.

[5eh.livejournal.com]

I figured as much. Sorry I'm not more help.

[grant-p.livejournal.com]

Well, some live-CD's like Puppy linux can make a small file on the HD that allows it to record info for later use without affecting any of the information on the hard drive already. It may be possible to put a small log file in the install setup of the DVD to record that info to a hidden file, then have it pre-set to send that file to you whenever they do get on-line, even if it's on the weekend or at a bookstore.

[aardy.livejournal.com]

The browser's cache should include all of the web pages they visit--including on "localhost--if that's all you need to know. Then you just need a way to get them to report that data to you. Of course, that assumes folks haven't turned off caching, but if they're non-net-enabled, they probably haven't bothered to take that step.

In theory, someone with a niblet of browser and scripting knowledge should be able to hack together a program that would search the cache locations for all of the main browsers for URLs that are related to your tutoring system, dump those out in order to a file or printer; then you just need a way of getting that file or printout to TPTB. (Can't "phone home" without a net connection, so "perhaps please save this file to a floppy disk or USB stick and bring in" or "please deposit printout in the tray marked with a red & yellow race flag".)

I think the cache would only register the most recent visit to a page rather than repeated visits to a page, but it'd better than nothing and wouldn't trigger any anti-virus / anti-spyware software like a keylogger or "detect internet and phone home" program might.

[vulcanatf.livejournal.com]

make it a virtual machine.
Depending on the size of the website and what it is running on you can get an entire virtual machine into a DVD which can then be unpacked and put onto a laptop. (We are doing it at the office so they can demonstrate the sales website while on the road at conferences)

Once they are done write a linking script that will upload their statistics to the main website or get access to the computer and pull it from the virtual machine that way.