Your Community is getting an upgrade!
Read about our partnership with Higher Logic and how we will build the next generation of the Instructure Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Community
- Canvas
- Canvas LMS
- Canvas Question Forum
- Students Using Browser Extensions to "hack" Canvas...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Found this content helpful? Log in or sign up to leave a like!
Students Using Browser Extensions to "hack" Canvas Quizzes?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2024
03:28 PM
In my large (120-ish) 100-level undergraduate class, I assign about 20-25 homework assignments that I set up in Canvas Quizzes.
I have set up the quizzes to allow multiple attempts, keeping the highest scores. Indeed, they are not just "open-book," I expect and encourage the students to use their notes. Furthermore, the quizzes pull the questions from question banks and shuffle the answers, so every individual attempt of one of the quizzes is different. And, I set the quizzes to show the results only once after each attempt, while hiding the correct answers. The theory is the students should look up what they missed and learn from the attempt, then try it again to improve.
I recently discovered that at least a few of my students have downloaded browser extensions for Canvas, which apparently allow them to see things in their versions of Canvas that I had hidden.
I am attaching screenshots the students sent to me. I have hidden the "assignments" list on the lefthand side of the home page, because the homepage (which I have set to the syllabus page) for the course lists all the assignments for the course in order. But as you can see from the screenshots, and from what the students have disclosed, the students navigate to "assignments" (again, which I have hidden) then selected the quiz (which I labeled "CFU 9"). When the students selected this, the browser pointed them to the assignment "submission" (see the URL).
I think the extensions allow them to see all previous attempts multiple times. Furthermore I fear that, perhaps, the browser extension may even autofill in the correct answers from previous attempts when the Canvas quiz calls up the same question from the question bank on a subsequent attempt.
This is cheating, right? If my understanding is right, these students are using a browser extension to hack Canvas quizzes to see answers on graded assignments.
On the one hand, setting up a browser extension that gives access to parts of Canvas the instructor has hidden seems pretty clearly to be a form of academic dishonesty and misconduct. On the other hand, I am unaware of and doubtful that my institution has even addressed this question (as so many at my institution are focused on harnessing AI and detecting/deterring problematic use of ChatGPT and similar.)
Has anyone run into this problem? Do you have ways to address it?
Thanks in advance.
Solved! Go to Solution.
3 Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2024
12:07 PM
At this moment in time, I am not sure I understand how students are accessing something they shouldn't have access to.
With your example CFU9:
- it was built with the New Quizzes tool, thus the url and breadcrumb list it under Assignments
- it is published
- it is listed with other published assignments on the Syllabus (which is set as the homepage)
- is is not available through the Assignments page (because that page is disabled/hidden)
They should be using the Syllabus link to get to the quiz. The screenshot makes me think you do not have Assignment Enhancements on in the Feature Options under Settings. From submissions being in the url, I suspect the student may have manually changed the assignment id in the url to that of CFU9. After submissions there is an id number (170368). I wouldn't be surprised if you saw that submission id listed on a different assignment for that student.
I tested a couple Canvas Quizzes extensions in Chrome and none of them ever did anything that included the submissions url piece.
There is no real good way to. determine how the student got to the page, but you can clarify to students that following the link from the Syllabus Course Summary will get them to the right assignments and to make sure submissions is not in the url or they are just previewing submissions they haven't made yet (hence the No Preview Available).
I'm sorry there is not a more definite way to determine what the student is doing and whether they are doing something malicious. These things are very difficult to definitely determine in Canvas. Even the community documentation references that the access logs and user details are not intended for use in academic integrity cases.
Regards,
James
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-09-2024
10:36 AM
Hello, thanks again for replying.
I discussed this access issue with the four students that brought it to me; each student showed me his/her Canvas interface in the browser, and I asked each about browser extensions. One student told me that she was using two extensions: “Better Canvas” and “Tasks for Canvas.” That student was using a task list assembled by the extension to navigate to the assignment. She was able to navigate to and access the assignment just fine using the list of assignments on the syllabus page (explained below)
The other three said they were not using browser extensions. Those three were doing something different to navigate to the assignment: they were selecting the “grades” tab on the lefthand side of the Canvas homepage for the class (which I have set to the syllabus), and then they were clicking on the as yet undone assignment—which I built in New Quizzes and named CFU 9.
I have set up the Canvas page expecting that students will scroll through the list of assignments and events on the syllabus page in order to select and open the various assignments. Thus, navigating to an assignment by first going through the grades page was “new” to me, not what I expected.
Apparently, when students navigate to “grades” and then select an assignment, Canvas returns the “submission details” page for the assignment, regardless of the type of assignment, as in . . . “canvas.institution.edu/courses/242000/assignments/1600007/submissions/111113” and the breadcrumbs read Class 101 > Assignments > CFU X .
What is interesting and puzzling is that when I do this using my “student view” I see something different from what the students are seeing.
When I do this with an assignment that I built using Classic Quizzes, I see only the results of the assignment – I suppose that’s the “preview” that was unavailable (see earlier post) – however, when my students do this on an assignment that I built in Classic quizzes, they see the results (their score) and the button that says “Take the Quiz” regardless of whether or not they have attempted assignment.
Why is this happening? Weird, right?
On the other hand, when both the students and I navigate this way (grades to link to specific assignment) to an assignment that I built in New Quizzes, then we see “preview unavailable” if the assignment had not yet been attempted. Or, if the student(s) have already attempted the assignment, they see the results from their previous attempts and a button to retake the assignment.
I think the simplest solution is to remind the students to scroll through the assignments on the syllabus page (homepage for this class) and select the assignment from that list (at least for the first attempt). That seems to work for everyone.
Also, I did just a little internet surfing on the topic of finding an extension to “hack” canvas, and there sure seems to be a market in these apps, but, alas, my students have not come forward and shared any first-hand experiences with them.
I see (from other Canvas community discussions) that others have found students using these types of “cheating” apps as well, and there are YouTube and TikTok demonstrations on them. It’s vexing to me. I don’t have any experience with apps or extensions that help people cheat, nor do I have the time to try to gain the experience in them necessary to investigate if/how/when our students might be using them. Love to hear what others are learning and doing regarding this topic.
Thanks, again for considering. My best, David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2024
09:40 AM
Hello @DCadaret,
That's frustrating that students aren't navigating to assignments as you intended. I can see how that might provide a strange experience. At least you know now and can be sure to communicate the intended access methods moving forward.
I did some testing and found that a student user navigating to a classic quiz through the Grades page would end up at the submission page for that quiz, even if a submission had not been made. If a submission had been made, the results were there based on the viewing privileges in the settings of the quiz. If a submission had not been made, the student has the option to attempt the quiz, but it displays weird because the quiz is now in an iframe window inside the submission page.
I can also confirm that the Student View is slightly different and did not give me the opportunity to attempt an unattempted quiz from the submission page. This is likely a bug that it would be really easy to overlook (since you wouldn't expect someone to navigate to an assignment they have not completed through the Grades page).
It makes sense that this behavior is different for New Quizzes (since it is functioning as an External Tool assignment rather than being re-routed. to assignments from Quizzes or Discussions).
As for what others may be doing to battle the use of cheating add-ons/apps, I regretfully have no experience to speak from. I am not aware of any faculty on our campus that are doing anything special to battle that form of cheating. I hope someone else can speak to this matter for you.
Regards,
James
15 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2024
04:16 AM
I would really like Instructure to address browser extensions (in a webinar perhaps). I don't know how they work. Should I be using them? promoting them with my users? Or trying to figure out how to block them?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2024
10:07 AM
Hello @DCadaret,
From the screenshots you shared, it looks like the student is viewing the submissions page for their quiz (for which they have made no submissions). They would only be able to view their previous answers there if you had allowed those answers to be shown. During quiz setup you can restrict students from seeing results.
I do not see Assignments as having been navigated to persay. The breadcrumb includes Assignments in the path of the quiz because that is where quizzes live (whether the Assignments page itself is available). If a quiz is published, it will show up on the Syllabus's Course Summary section. Clicking the quiz will always reveal Assignments in the breadcrumb, but clicking Assignments would redirect them back to the homepage.
I have heard of extensions that will remember the answers a student has submitted for a quiz in case they have multiple attempts and need to re-enter work they have previously entered, but I am not sure about those extensions being able to tell if an answer was correct or not. Do you know the name of the specific extension and the browser in use?
Regards,
James
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2024
11:10 AM
Hello James,
Thanks for the reply.
So do you agree that the students are accessing something that they do not have access to?
I am almost 100% certain that the students are doing so, but I am not sure how.
Part of the issue is that this did not come to light until I used “new quizzes” to set up one of these assignments. Here’s some more detail:
- I have used Canvas “classic quizzes” to build most of these assignments.
- From what I understand, classic quizzes live in “quizzes,” they have URLs like “. . .. . canvas.institution.edu/courses/240000/quizzes/343319”
- These classic quizzes do show up in the assignments tab (which the students are not be able to see, because I disabled it in settings) and on the list of assignments on the syllabus (which they can see), and when you hover over the classic quiz in the assignments list, you can see a target URL of “… canvas.institution.edu/courses/240000/assignments/1617543”
- But even when you select the classic quiz from the assignments list it returns the quiz URL: “…canvas.institution.edu/courses/240000/quizzes/343319”
- See screen shot of my student view for CFU 10 . . . both the URL and breadcrumbs confirm the above
- When I build the assignments, I select . . .
- Allow multiple attempts
- Let students see their feedback, but I select “only once after each attempt”
- And I DO NOT select “Let Students See The Correct Answers”
- See second screen shot, below
For the recent assignment, the one named “CFU 9” I used the “new quizzes” in Canvas.
(Background: my institution is slowly rolling out using “New Quizzes” in Canvas, and, in my user settings, I have set up my Canvas pages to have both options for creating assignments, as I migrate my course materials to new quizzes.)
When I set up CFU 9 (using new quizzes) I replicated the settings . . . only see the feedback built in the questions and see how they scored on each question, keeping the correct answers hidden, but allowing them to see whether they got the question correct.
After publishing the assignment named CFU 9, which was built in New Quizzes, a small group of students noted that they could not access it. I tried re-creating what they've told me they are doing in my student view . . . and those students say the page they get to says "no preview available" . . . I don't see how the students could be clicking on anything
The problem from the students point of view is that when they navigate to this page . . . however they are doing it . . . for the assignments that I built in classic quizzes, they see a button that allows them to take the quiz. But when they do so using the assignment I created in new quizzes, they do not see that button, so they are not doing the assignment.
So, again, how are these students navigating to these pages?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2024
12:07 PM
At this moment in time, I am not sure I understand how students are accessing something they shouldn't have access to.
With your example CFU9:
- it was built with the New Quizzes tool, thus the url and breadcrumb list it under Assignments
- it is published
- it is listed with other published assignments on the Syllabus (which is set as the homepage)
- is is not available through the Assignments page (because that page is disabled/hidden)
They should be using the Syllabus link to get to the quiz. The screenshot makes me think you do not have Assignment Enhancements on in the Feature Options under Settings. From submissions being in the url, I suspect the student may have manually changed the assignment id in the url to that of CFU9. After submissions there is an id number (170368). I wouldn't be surprised if you saw that submission id listed on a different assignment for that student.
I tested a couple Canvas Quizzes extensions in Chrome and none of them ever did anything that included the submissions url piece.
There is no real good way to. determine how the student got to the page, but you can clarify to students that following the link from the Syllabus Course Summary will get them to the right assignments and to make sure submissions is not in the url or they are just previewing submissions they haven't made yet (hence the No Preview Available).
I'm sorry there is not a more definite way to determine what the student is doing and whether they are doing something malicious. These things are very difficult to definitely determine in Canvas. Even the community documentation references that the access logs and user details are not intended for use in academic integrity cases.
Regards,
James
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2024
11:18 AM
Oh, also, you asked about the extensions.
Unfortunately, I do not know the names or sources of the extensions. I am fairly new to the world of using browser extensions . . . I had only seen them used to in two contexts related to accessibility: (1) to monitor when a website was updated or (2) to make the screen easier to read (changing colors, making bigger, or having a screenreader option, etc) . . . I was not aware that students were adding extensions to their browsers in order to otherwise "enhance" their canvas experience until this incident came to light.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2024
11:20 AM
Is it possible to reach out to the student who brought this to light?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2024
11:28 AM
Yes, but I have four students that I know of right now, and it is a little delicate . . .
If this/these student(s) intuits or understands that they are essentially using a browser extension to help them "hack" the Canvas assignments and see their previous results, in order to make it easier to improve their scores, then I think the student(s) might be more than reluctant about sharing.
I have asked everyone who has brought up this issue to send me screenshots, and I have shared the couple of screenshots I received so far.
Do you have a suggestion? What should I be asking them to share?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2024
12:47 PM
I don't think there is a browser extension you would see in a screenshot. I assumed someone had mentioned using an extension and that you could ask them about what they were using. If nobody has openly admitted using an extension, how do you know anyone is using one?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-09-2024
10:36 AM
Hello, thanks again for replying.
I discussed this access issue with the four students that brought it to me; each student showed me his/her Canvas interface in the browser, and I asked each about browser extensions. One student told me that she was using two extensions: “Better Canvas” and “Tasks for Canvas.” That student was using a task list assembled by the extension to navigate to the assignment. She was able to navigate to and access the assignment just fine using the list of assignments on the syllabus page (explained below)
The other three said they were not using browser extensions. Those three were doing something different to navigate to the assignment: they were selecting the “grades” tab on the lefthand side of the Canvas homepage for the class (which I have set to the syllabus), and then they were clicking on the as yet undone assignment—which I built in New Quizzes and named CFU 9.
I have set up the Canvas page expecting that students will scroll through the list of assignments and events on the syllabus page in order to select and open the various assignments. Thus, navigating to an assignment by first going through the grades page was “new” to me, not what I expected.
Apparently, when students navigate to “grades” and then select an assignment, Canvas returns the “submission details” page for the assignment, regardless of the type of assignment, as in . . . “canvas.institution.edu/courses/242000/assignments/1600007/submissions/111113” and the breadcrumbs read Class 101 > Assignments > CFU X .
What is interesting and puzzling is that when I do this using my “student view” I see something different from what the students are seeing.
When I do this with an assignment that I built using Classic Quizzes, I see only the results of the assignment – I suppose that’s the “preview” that was unavailable (see earlier post) – however, when my students do this on an assignment that I built in Classic quizzes, they see the results (their score) and the button that says “Take the Quiz” regardless of whether or not they have attempted assignment.
Why is this happening? Weird, right?
On the other hand, when both the students and I navigate this way (grades to link to specific assignment) to an assignment that I built in New Quizzes, then we see “preview unavailable” if the assignment had not yet been attempted. Or, if the student(s) have already attempted the assignment, they see the results from their previous attempts and a button to retake the assignment.
I think the simplest solution is to remind the students to scroll through the assignments on the syllabus page (homepage for this class) and select the assignment from that list (at least for the first attempt). That seems to work for everyone.
Also, I did just a little internet surfing on the topic of finding an extension to “hack” canvas, and there sure seems to be a market in these apps, but, alas, my students have not come forward and shared any first-hand experiences with them.
I see (from other Canvas community discussions) that others have found students using these types of “cheating” apps as well, and there are YouTube and TikTok demonstrations on them. It’s vexing to me. I don’t have any experience with apps or extensions that help people cheat, nor do I have the time to try to gain the experience in them necessary to investigate if/how/when our students might be using them. Love to hear what others are learning and doing regarding this topic.
Thanks, again for considering. My best, David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2024
09:40 AM
Hello @DCadaret,
That's frustrating that students aren't navigating to assignments as you intended. I can see how that might provide a strange experience. At least you know now and can be sure to communicate the intended access methods moving forward.
I did some testing and found that a student user navigating to a classic quiz through the Grades page would end up at the submission page for that quiz, even if a submission had not been made. If a submission had been made, the results were there based on the viewing privileges in the settings of the quiz. If a submission had not been made, the student has the option to attempt the quiz, but it displays weird because the quiz is now in an iframe window inside the submission page.
I can also confirm that the Student View is slightly different and did not give me the opportunity to attempt an unattempted quiz from the submission page. This is likely a bug that it would be really easy to overlook (since you wouldn't expect someone to navigate to an assignment they have not completed through the Grades page).
It makes sense that this behavior is different for New Quizzes (since it is functioning as an External Tool assignment rather than being re-routed. to assignments from Quizzes or Discussions).
As for what others may be doing to battle the use of cheating add-ons/apps, I regretfully have no experience to speak from. I am not aware of any faculty on our campus that are doing anything special to battle that form of cheating. I hope someone else can speak to this matter for you.
Regards,
James
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2024
05:34 AM
Hello, I have a similar question regarding Chrome Web Extensions. Here are the extensions I know of:
Canvas Hack https://chromewebstore.google.com/detail/canvas-hack/lgonpmilnmodefgehfmlcbpkjfbakhkb?hl=en
And this "app" - https://studybuddy.gg/
I have downloaded Canvas Hack -- it seems to just circumvent the moderate feature in Canvas so the teacher will not know that the student navigated away from Canvas.
I have not tried StudyBuddy because I do not want to enter my cc info and it is only a free trial. But it claims to do what the OP is talking about -- it remembers quiz answers and also claims to allow students to copy/paste questions into an AI and gives them answers without navigating away from a page. Again, I cannot replicate this because I do not want to pay for it and I also do not have a Canvas student account to test it on.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-24-2024
01:53 PM
@DCadaret and @JanetteS26 You are right that there are browser extensions that students can subscribe to that provide AI guidance and answers within Canvas Quizzes. The one I tried was CanvasGPT, which added a button in the header of each question that students could use to generate tips and the answers, and doing so did not flag the student as having left the quiz in the Quiz Audit Log in Classic Quizzes. Students do not need to copy/paste anything and they do not need to navigate away from their page/browser tab. (The extension did not work when I tried it in the New Quiz tool.)
Transcript AI Study Companion, Answer AI, Studies AI, Apex Vision AI, and College Tools are all extensions that claim to be able to provide AI answers to quizzes without being detected. Some of these extensions provide screenshot tools that can help read and answer diagrams. Some allow students to "level up" their subscription -- the higher they pay the more accruate their AI assistance will be.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2024
10:07 AM
This needs to be investigated by the canvas engineers thoroughly. This type of situation is something they need to be on top of and find ways to prevent this from happening without schools having to purchase a 3rd party program.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2024
07:21 AM
I just wanted to add a few comments about browser extensions from my perspective as a Canvas admin for a higher-ed institution and someone with a bit of software development background....
First, I think it's important to make sure that everyone knows that browser extensions cannot allow students to see things from Canvas that they would not be able to see otherwise. For example, if you don't allow students to see quiz results, a browser extension can't change that. Interestingly though, when customizing course navigation settings, things aren't actually getting disabled, but more like being put in a "hidden" state. If you turn off the "blahblahblah" menu item, for example, a student can just add "/blahblahblah" to the course URL and get to that area anyways (there may be a select few things that work different, but I'm just trying to speak generally here). It would be nice if there was more control over this for faculty, but it doesn't exist today.
So with that being said, I'll venture a bit into these "assistant" type of extensions that may help students answer quiz questions or perhaps even discussion prompts or assignments... I have definitely seen examples of extensions like this, and web-browsers themselves are even getting assistants built in to them now. While these things could be a help in general, when using a browser for schoolwork, using them could definitely be interpreted as cheating or an academic integrity issue.
The problem, to my knowledge, is that because of the inherent way web browsers and extensions work, there is really very little that websites (like Canvas) can do to detect or block use of extensions or assistants. To Canvas itself, it just seems like input is coming from the user, and the extensions/assistants just see the webpage as the user does, so info can't really be blocked from them.
So, is there anything that can be done to curb this? I do know Instructure has gotten some extensions that falsely claim to be Canvas "hacks" removed from the browser extension stores. I don't think that approach is sustainable though, and won't work for more general extensions, since they aren't really breaking any rules/laws. There are live proctoring services which could watch a student's screen as they take the quiz. For high-stakes assignments, those might be a viable option, but they do some with their own set of issues (cost, availability, false-flags, computer/user account requirements). There are also somewhat similar but more automated services that attempt to lockdown a user's browser during a quiz, but there are technology and cost issues there too... There are possibilities to redesign assessments or individual questions to try to be slightly more "ai-resistant," but that requires a lot of faculty time/effort, and I think most experts will say that no assignment/question is really "ai-proof" at this point. Some questions/assessments might be able to be rewritten to actually encourage or require the use of AI, but I know that's not desirable for every single assessment/question out there. The last approach I'll mention is to return quizzes/assignments to on-paper in-class work so teachers could see what students are doing and perhaps ensure no technology is being used for assistance. I sppose that method could be effective, but it seems drastic and not really cheat-proof overall either (I remember trying to use my hand to cover my aswers on multiple choice tests so classmates couldn't peek over, even if I wasn't configdent in m,y own answers).
At this point in time, I think we're in a situation where there is no clear easy way to just stop the use of AI... I'd love to be proven wrong here, but I think some combination of the above strategies depending on the assessment, school policies, faculty time, etc is the best we can realistically do right now.
-Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-26-2024
11:36 AM
I think you might be seeing students who have downloaded one of several Chrome Extensions that will show students the answers to exam questions. There are several. It is my understanding there needs to be a block placed on this, even if you are using a proctoring service.
Community Help
To interact with Panda Bot, our automated chatbot, you need to sign up or log in:
Sign InView our top guides and resources:
Find My Canvas URL Help Logging into Canvas Generate a Pairing Code Canvas Browser and Computer Requirements Change Canvas Notification Settings Submit a Peer Review AssignmentTo interact with Panda Bot, our automated chatbot, you need to sign up or log in:
Sign In