I don't do this often. I try to stay level-headed when I'm writing these things because hysteria helps nobody. But I'm going to make a very special exception here, because Respondus Lockdown Browser (henceforth referred to as "this rat-infested piece of shit") has personally wronged me on at least two documented occasions, and I think you deserve to know about it before your school forces you to install it and you find out the hard way like I did.
This is not me being paranoid. This is not me being a tinfoil hat guy who thinks his Roomba is reporting his floor plan to the FBI, I have actual logs and whatnot (I will not be posting here due to OPSEC but both my state investigative agency and FBI have recieved my findings)
This is me telling you, as someone who has professionally worked in cybersecurity and spent actual money on actual privacy tools, that your university has asked you to install a rootkit on your computer for the privilege of taking a quiz worth 5% of your grade. And they are going to charge you $40,000 a year for the education that required you to do it.
Buckle up.
Respondus Lockdown Browser is a "secure testing" application sold by a company called Respondus, Inc. to universities who are terrified that you might Google "what is mitosis" during your Bio 101 exam.
On paper, the pitch is simple: It locks your browser so you can only see the exam. You can't switch tabs, open other programs, or Alt+Tab. You're "locked in."
In practice, what it actually does is:
The core product philosophy can be summarized as: "We don't trust you. We're going to install surveillance software on your personal property to prove you're not cheating, and you're going to say thank you, because your professor said so."
Let me paint you a picture.
I run a homelab. For the uninitiated, that means I run various services locally on my own hardware: network monitoring, self-hosted apps, the whole nine yards. This is a completely normal and legal thing that IT professionals, students, and hobbyists do. It is also, as it turns out, something that Respondus Lockdown Browser found deeply personally offensive.
During a legitimate exam, on my legitimate computer, on my legitimate network, I watched my network monitoring logs on my PFSense (industrial grade router/firewall) lit up with outbound scan activity originating from the Respondus process reaching across my local network. Not phoning home to Respondus's servers (that was happening too, obviously), but actively probing other devices on my LAN.
My. Local. Network.
The exam software (the thing my professor told me to install to prevent academic dishonesty) was sitting there, between questions about, ironically Cyber Law, quietly poking around my home network like it was casing the joint. It was not looking for exam answers. Whatever it found on my NAS or my Raspberry Pi was not going to help me remember the ruling for U.S. v. Jones. (GPS trackers are consitered search and seizure, I didn't need to cheat, fuck you Respondus.)
There is no world in which that behavior is acceptable. There is no EULA clause fine enough, no "security purposes" justification vague enough, to explain why exam software needs to know what other machines are sitting on my home network. That is reconnaissance behavior. That is something I would flag as malicious in literally any other context.
But sure. Academic integrity. Very important.
The homelab scan was bad. What happened next time was personal.
For context: the Windows Registry is essentially the central nervous system of your operating system. It stores configuration data, startup entries, application settings, and a truly staggering number of things that you really don't want random software touching without a very clear and documented reason.
After a separate Respondus session (different class, different day, same nightmare) I noticed some things were behaving strangely post-exam. So I did what any reasonable person does: I checked. I looked at what changed.
Respondus had written to my registry. Not the normal "here's where we installed our app" registry entries that every program makes. Entries in locations that, to be blunt, a browser lockdown tool has absolutely zero legitimate reason to be touching. Persistence-adjacent locations. The kind of stuff that malware analysts highlight in yellow and circle in red when they're writing incident reports.
It wrote to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
THAT IS THE REGISTRY KEY THAT LOADS SERVICES AND DRIVERS BEFORE EVEN THE OS ITSELF FUCKING BOOTS. WHY? WHY DOES A TESTING SOFTWARE NEED TO RUN BEFORE MY FUCKING OS DOES??
To be clear, when I say OS I mean everything, including your antivirus. It behaves like malware. It is functionally how rootkits achieve persistence. If something writes there without your knowledge you have no reliable guarantee that a simple uninstall actually removes it, because it can load early enough in the boot process to hide itself from your security tools before they even wake up.
I want to be very clear here: I am not saying Respondus is definitively, provably malware in the legal sense of the word. I'm saying that if I submitted a VirusTotal behavioral analysis of what it did to my system and you showed it to me without context, I would tell you that it was malware and it should be classed as much in the next windows security intelligence update.
The fact that a university told me to install it does not change what it did. "Your professor recommended it" is not a security model. There's a reason "girl bangs professor to get a good grade" is also a stereotype. Humans are not omnipotent, especially if your professor teaches something like finance.
Oh, you sweet summer child.
Here is a non-exhaustive list of ways students cheat on Respondus-proctored exams that require approximately zero technical skill:
What Respondus actually catches, reliably, is:
The cheaters with resources will simply cheat around it. The honest students get surveilled. This is the product working as designed and the university calling it a success.
Let's talk about Respondus Monitor specifically, because the base Lockdown Browser is merely invasive. Monitor is invasive and outsources your data to an AI.
You are, to be direct about it, uploading a recording of yourself and your living space to a third party corporation because your professor uses Canvas and didn't want to write a new exam. Your bedroom background. Your family photos on the wall. The layout of your room. The way you look when you're stressed. All of it, sitting on a server, flagged or unflagged by a machine learning model that was trained on god knows what and has no accountability to you whatsoever.
And if the AI flags you for cheating? That flag goes to your professor. Who may or may not understand how the AI works (spoiler: they don't). And you get to explain to an academic integrity board why you looked slightly nervous during a test. Which, again, you were being watched and recorded for, so the nervousness seems pretty fucking justified in retrospect.
This is what your professor will say when you raise any of the above concerns.
Let's think about this for exactly four seconds.
Not everyone lives on campus. Not everyone has a car to get to a computer lab. Not everyone can physically get to campus at the time the exam window is open. The entire pitch of online education (the thing universities use to justify charging online students full tuition) is flexibility and accessibility. "Just go to campus" is a sentence that obliterates the entire premise.
I also hear the argument "Just go to a library then!", I don't know what kind of city government you have but both of the libraries near me don't have webcams on their public access computers and would be getting consistently flagged by people walking by you. Also consiter the fact in this day and age that your local library is likely heavily underfunded and their computers are not that great.
Also, school computers have Respondus on them too. You are not escaping the scan. You are just doing it on hardware you don't own, which means you also can't monitor what it's doing. Congratulations, that's somehow worse.
Look, I know most of you don't have a choice. Your school requires it, your professor requires it, and the alternative is a zero on the exam. I get it. I've been there, registry writes and all.
But here's what I want you to at least know before you do it:
Control Panel > Programs > Uninstall. Do it while you still have the emotional energy from the rage of having just used it.regedit and look at HKEY_CURRENT_USER\Software and HKEY_LOCAL_MACHINE\SOFTWARE for Respondus entries. See what it left behind.Respondus Lockdown Browser is the logical endpoint of institutions treating their students as suspects first and people second. It is surveillance theater that catches unsophisticated cheaters while collecting data on everyone, sold to underfunded IT departments by a company that has correctly identified that universities will pay for the appearance of academic integrity without asking too many questions about what the software actually does.
It did not prevent a single cheater in either of the exams where it scanned my homelab or molested my registry. It did, however, add two documented incidents to my personal security log and give me enough material for this writeup.
So thanks for that, I guess. Also, Dr. Dean (in substitute of actual names) you can go fuck yourself since I know your wife clearly doesn't.
-- It was suggested by one of my mods to add context, he flaked on a meeting twice then when we had a zoom meeting he kept trying to brush me off with the same 2 talking points which I suspect respondus gave him. Yes, he's a dick.
Uninstall it the second you're done. And maybe run Malwarebytes after, just to feel something.
As always, if you have your own Respondus horror stories (logs, registry dumps, network captures) I'd genuinely love to hear them. Misery loves company and also technically this is a wiki.