Last updated

This module briefly opens with an introduction to the lack of end-to-end encryption in standard cloud and backup services, and closes with an activity to send the instructor a password-protected file over Tresorit Send, an end-to-end encrypted service.

Note the Keybase homework assignment will require instructors to sign up for Keybase in advance:


Threat modeling

(Good to know) Legal requests in the U.S.

Estimated time

25-35 minutes


Upon successful completion of this module, students will be able to analyze the difference between in-transit encryption and end-to-end encryption in the use of cloud services.

Why this matters

End-to-end encryption may be used to securely store files (sometimes called "zero-knowledge" file encryption). This technique may be necessary when storing sensitive files remotely, and when it is important that the service provider can't read your messages.


(After class)

  • Have students set up Keybase on their personal device, and send an encrypted message with an attachment to the professor:

    Note that this assignment, of course, requires you to have your own Keybase account set up. See "Keybase for beginners" by Freedom of the Press Foundation for additional help.

Sample slides

End-to-end encryption for files (Google Slides)


  • Have students send a password protected file to the instructor with Tresorit Send: (Agree on a password in advance, and ask students to only share what they are okay with the professor seeing.)
  • (Optional) Have students try to locate more services like Tresorit; how did they determine this was end-to-end encrypted?

Questions for discussion

  • When might you need end-to-end encryption for backups?
  • Do you feel comfortable with cloud services (e.g., iCloud, Google Drive) being able to see your files? Why is that?
  • Would you pay for a service of this kind? Why or why not?
  • What if your employer paid for it?

Donate to support press freedom

Your support is more important than ever.