A student at a school used a burner Gmail to log into Google Classroom and sent inappropriate messages/photos, eventually causing a teacher to quit.

The school asked me to help track them down, but they have no proper logs since personal Gmail accounts were used (and Google Classroom do not show IPs without having workplace).

My plan:

• Send a bait link to that burner email.

• When opened, it runs browser fingerprinting and tries the location API.

• If location access is granted (or the browser is misconfigured), I can pinpoint them.

• If not, with the data gathered, I could match them on the school Wi-Fi by running the same script on its access portal.

The challenge: I’m bad at crafting convincing bait emails.
My current idea: Pretend to be a classmate offering a method to bypass teacher restrictions on Google Classroom, linking to the “tutorial.”

Does this seem like the right approach given the context, or is there a better lure idea?

EDIT: Ok, after reviewing the laws, this does not seem like the right approach since regulations here are strict (fortunately).

I’ll focus on getting info from Google first, then use the school Wi-Fi data to cross-reference.