Protecting student media: Combatting AI misuse and deepfake threats

Misty Flowers

February 20, 2025 20:34

At Finalsite, we recognize that the rise of AI and deepfake technology has created new and serious concerns for schools. Protecting the privacy and digital identity of your students is a priority, especially given the concerning rise in schemes where bad actors manipulate publicly available images to create harmful content for sextortion and other targeted attacks.

While certain technical measures can make it more difficult to copy images, no method can fully prevent unauthorized use once an image is published to a public website.

To help mitigate risk, Finalsite recommends a layered defense strategy that focuses on friction, intentional exposure, and administrative policy.

Ultimately, schools must weigh the risk versus reward of utilizing student imagery on public-facing websites. While security is paramount, the website remains a school's primary marketing and communications vehicle. Authentic imagery is a vital component of school storytelling, provided it is leveraged within the specific risk tolerance of your community.

Why "disabling right-click" is not enough

Disabling the right-click menu is a surface-level feature. Any user can still capture an image using a screenshot, a browser’s "inspect" tool, or a simple browser extension.

Accessibility: Disabling right-click can frustrate legitimate users who rely on it for accessibility features or site navigation.
False security: It provides a false sense of security. Bad actors can still easily bypass this by inspecting the page source, using browser extensions, or simply taking a high-quality screenshot.

To offer substantive protection, schools must look beyond these measures and implement technical hurdles that actually degrade the utility of the image for misuse.

Layered controls for image protection

1. Authenticated access

The most effective way to mitigate risk is to remove sensitive imagery from the public-facing internet entirely. Authenticated access ensures that only verified members of your community can view identifiable student media.

Portals and password protection: Limit access to identifiable photos of children to password-protected pages or within a Finalsite portal.
Intentional exposure: Be extremely selective about which high-resolution portraits are placed on the public-facing "shell" of your website versus the private-access areas for current families.

2. Strategic image selection and resolution

Metadata safety: Limit identifiable information in file names, alt text, or captions. Get help stripping metadata from media with Pics.io Metadata Remover.
Consider anonymity: Use images that do not reveal the clear identities of the students pictured, such as shots from a distance or from behind.
Use AI-generated "synthetic" faces: Consider using image editing software to modify or replace the faces of students in featured website photos to protect specific student identities. Options to try:
- Adobe Express: Professional generative fill and object replacement.
- Canva Magic Edit: Intuitive tool for modifying or replacing image elements.
- Skylum Luminar Neo: AI-driven facial modification and anonymization.
- Generated Photos: Replaces real faces with unique, AI-generated "twins."
- Picsart: Web-based platform with AI-replacement features.

3. Deterrence and watermarking

Adding friction can deter bulk downloading and automated scraping.

Use watermarks: Adding a school logo or visible watermark can deter misuse and provide clear attribution.
Limit image resolution: High-fidelity AI manipulation typically requires high-density source material. While AI upscaling tools exist, delivering images at lower resolutions (optimized for web) acts as a deterrent by adding effort to the manipulation process and reducing the overall accuracy of AI-generated outputs.
Digital metadata: Embedding metadata or invisible digital watermarks can help track ownership, copyright, and usage details. Unlike visible watermarks, these cannot be easily removed unless the metadata is stripped. If advanced watermarking is not feasible, visible watermarks remain an effective deterrent.

Next steps for your district or school

Review media release waivers: Work with legal counsel to ensure waivers address modern digital risks and maintain an accurate "do not photograph" list. Cross-reference the list with images posted publicly to ensure they do not include people who have opted out.
Familiarize your team with reporting policies:
- Take It Down (NCMEC): A tool and reporting mechanism designed to protect individuals from the spread of non-consensual AI-generated or explicit imagery.
Audit public galleries: Identify high-resolution student portraits on public pages and consider increasing friction by replacing them with lower-resolution versions or moving them to a secure password-protected or authenticated portal.
Update your media policy: Ensure your school’s Acceptable Use Policy (AUP) reflects the transition toward lower-resolution public imagery. This helps parents understand that a change in photo quality is a deliberate security deterrent implemented to protect student identities.

Industry resources

For further guidance on aligning school media practices with federal regulations and modern data privacy standards, consult the following resources:

CoSN 2025 National Student Data Privacy Report: An industry-standard analysis of current K-12 privacy practices and district-level strategy.
U.S. Department of Education: Protecting Student Privacy Resources: The official federal hub for FERPA and PPRA compliance and data governance guidance.
FTC: 2025 Updates to the COPPA Rule: Key updates on the collection of biometric identifiers and expanded protections for children under 13.
NEA: Student and Educator Data Privacy (2024 Update): Essential checklists for managing data security and AI-specific risks in the classroom.