I assume that smart comp sci kids already have some sort of proxy running on an Android phone that publishes the current in-classroom WiFi environment, and a browser plugin or Linux hack that their stay-at-home friends can run that intercepts the geolocation calls and spoofs the responses with what the in-classroom android phone is seeing.

The API just returns coordinates to the website and it's fairly easy to spoof on major browsers. You'd just need to know where the classroom is.