Some Observations on Kahoot!

3 min read

NOTE, from July 1, 2016: Kahoot! updated their app, and their privacy policies. The issues flagged in this post have all been addressed. Also worth noting: their turnaround time in addressing these issues was incredibly fast. For what it's worth, I'm impressed by both the speed and the quality of the response. END NOTE.

In the screencast below, I highlight some issues with Kahoot!, a quiz platform that, according to the company, was used by 20 million US students in the month of March, 2016.

In the screencast, I use two demo accounts to show how an 11 year old student can create an account with no parental consent, and subsequently share content with a random adult within the application. I also highlight a less serious issue with how PINs can be shared to allow for open access over the internet to anyone who has the PIN. 

(note: the screencast has no volume - so don't think your audio settings are on the fritz :) )

Recommendations for Kahoot!

Some of these recommendations look at Kahoot's terms of service and privacy policy. A full evaluation of their terms is outside the scope of this post, but currently the terms lack meaningful detail about important points, such as how data can be used for advertising, or shared with third parties. In addition to a full review of their current privacy policy, a short list of improvements for Kahoot! includes:

  • Implement verifiable parental consent for accounts for people under 13; this should be accompanied by corresponding language in the privacy policy.
  • Inside the service, implement friend lists, and limit sharing to and from student accounts to approved friend lists.
  • Update their infrastructure to improve encryption on their login and account creation pages. Currently, these pages get an F using the Qualys SSL verification service.
  • Update their terms of service to clarify what ownership they are claiming over student and teacher work. Their current terms claim full ownership over all content created using "any open communication tools on our website" - this effectively means that Kahoot! owns all student and teacher work created in their platform, and that they can use that work without limits, in any way they want. While I don't think this is what they intend, they should clarify the details. The precise language from the terms of service is included below.

However, any content posted by you using any open communication tools on our website, provided that it doesn't violate or infringe on any 3rd party copyrights or trademarks, becomes the property of Kahoot! AS, and as such, gives us a perpetual, irrevocable, worldwide, royalty-free, exclusive license to reproduce, modify, adapt, translate, publish, publicly display and/or distribute as we see fit. This only refers and applies to content posted via open communication tools as described, and does not refer to information that is provided as part of the registration process, necessary in order to use our Resources.

There are other suggestions that would improve the service, but this short list highlights some of the more pressing issues documented in the screencast.