Respondus LockDown Browser and AI overlays, a technical breakdown

Respondus LockDown Browser started in 2002 as a Windows-only IE wrapper for institutions running Blackboard. It became the default "locked browser" for community colleges and large state universities through the 2010s, and was rebuilt on Chromium around 2018 to handle modern web standards. The macOS build followed the Windows architecture closely: a kiosk-mode Chromium shell with a thin native wrapper that watches the OS for anything the institution flagged.

The product is sold to institutions, not to students. Students download it because their professor enabled it in Canvas, Blackboard, Brightspace, or Moodle. That distribution model matters: Respondus optimizes for institution-side reporting ("flag any student who launched a non-allowlisted app") rather than for catching a determined individual. The detection bar is set where it stops the casual case, not the technical one.

The companion product, Respondus Monitor, adds webcam recording and post-hoc review. Monitor is what flags suspicious head movements and prompts a human reviewer; LockDown Browser by itself is just the kiosk shell. Most posts online conflate the two. They are separate products with separate behaviors, and the distinction matters when you reason about what is actually watching the screen.

On macOS, the LockDown Browser process queries the Cocoa NSWorkspace API and the lower-level proc_listpids to enumerate running apps by bundle identifier and executable path. It matches those against a static blocklist (Zoom, OBS, ScreenFlow, common remote-desktop tools, and a handful of named AI assistants). If a match is found, the test session is blocked or a flag is recorded. The shell also installs a foreground-locking loop that re-raises the browser window if it loses focus, and it disables most common screenshot shortcuts at the AppKit level.

What it does not do on macOS: it does not load a system extension, it does not have Endpoint Security entitlements, and it does not have screen-recording permission for the whole desktop (it only sees its own window, plus whatever the institution requires Respondus Monitor to capture). It cannot enumerate every NSWindow the WindowServer manages, because that requires either screen-recording consent or a private framework call Apple has been hardening since macOS 14.

This is the relevant gap. A menu-bar app with NSWindowSharingNone set on its panels is invisible to a screen capture initiated by another userspace process. The locked browser sees its own contents and nothing above it. Whisply lives above it.

When any app on macOS asks to capture the screen, the request goes through ScreenCaptureKit (modern) or CGDisplayStream (legacy). The WindowServer composites the final image and hands back only the windows whose sharingType is not set to NSWindowSharingNone. Apple introduced this flag specifically so password managers, two-factor prompts, and accessibility tools could remain on screen for the human user while staying out of recordings and screen shares.

Whisply uses that flag on every panel: the chat overlay, the menu-bar response card, the streaming transcript, the settings popover. The WindowServer enforces the exclusion at composition time, which means it does not matter whether Respondus, Zoom, QuickTime, or a third-party recorder asks; they all receive a frame with Whisply absent. The protection is a property of the window, not of the requester.

This is also why a phone camera pointed at your laptop will see Whisply (the screen pixels are real), but a screen recording from inside the locked browser will not. The two paths are different. Respondus Monitor's webcam recording is unrelated to the screen-capture path and is governed by where you point your camera, not by Whisply's window flags.

The free and Pro tiers of Whisply ship as the standard com.whisply.app bundle. That identifier is not on the public Respondus blocklist as of this writing, but it is a fixed string an institution could request be added. Pro Undetected solves that by randomizing the bundle identifier per install, removing the Dock tile, suppressing the menu-bar text, and using a generic executable name that does not match any known AI-assistant signature.

On the first launch of armed mode, Whisply walks you through a one-time Recovery-mode step to grant the renamed binary the screen-recording and accessibility permissions it needs without leaving the original app name in the TCC database. The result is that Respondus's enumeration scan sees a generic-looking process, and its window-foreground watcher never gets a focus event from the renamed app because the overlay never takes key-window status.

None of this is a guarantee. Respondus ships updates, and a future version could add new heuristics. We test against each public Respondus release within a week of its publication and ship a Whisply update if the bundle-level changes need to evolve. Armed mode is the layer we maintain in response to those updates.

Whisply does not work against everything. Some institutions pair Respondus LockDown Browser with Respondus Monitor and require an environment scan via the webcam at the start of the session. That scan happens on your camera, not your screen, and is governed by what your room looks like, not by Whisply's window flags. A glance away from the screen is what a human reviewer notices, not the overlay itself.

If your test is delivered through a virtual machine, a remote-desktop session into a school-owned Windows lab, or a browser running inside a virtualized macOS image, Whisply's window-flag protection only applies to the host you installed it on. Inside the guest, the proctor sees the guest's windows. We do not currently support running inside a guest VM.

And on the institutional side, some schools use Respondus Monitor's review pass to look for off-screen glances or unusual eye movement. That is a human-judgment signal, and no overlay technology changes it. If you spend the session looking at a second screen or off to the side, a human reviewer will probably notice.