This module briefly opens with an introduction to the lack of end-to-end encryption in standard cloud and backup services, and closes with an activity to send the instructor a password-protected file over Tresorit Send, an end-to-end encrypted service.
Upon successful completion of this module, students will be able to analyze the difference between in-transit encryption and end-to-end encryption in the use of cloud services.
Why this matters
End-to-end encryption may be used to securely store files (sometimes called "zero-knowledge" file encryption). This technique may be necessary when storing sensitive files remotely, and when it is important that the service provider can't read your messages.
Have students set up Keybase on their personal device, and send an encrypted message with an attachment to the professor: keybase.io
Note that this assignment, of course, requires you to have your own Keybase account set up. See "Keybase for beginners" by Freedom of the Press Foundation for additional help.
Have students send a password protected file to the instructor with Tresorit Send: https://send.tresorit.com. (Agree on a password in advance, and ask students to only share what they are okay with the professor seeing.)
(Optional) Have students try to locate more services like Tresorit; how did they determine this was end-to-end encrypted?
Questions for discussion
When might you need end-to-end encryption for backups?
Do you feel comfortable with cloud services (e.g., iCloud, Google Drive) being able to see your files? Why is that?
Would you pay for a service of this kind? Why or why not?