Learning Security

Differences between Drop-in and Cumulative Sessions

While we reinforced previously covered material where possible for participants in the cumulative track, we had to ensure that our drop-in sessions did not assume prior knowledge of the topic. This restriction—along with the challenges presented by shorter sessions and larger class sizes—prevented us from covering certain topics with our drop-in participants. For example:

  • At the end of our first cumulative workshop, we asked participants to bring an empty external hard drive to the next session so that they could practice creating encrypted backups. For students in our drop-in workshop series, on the other hand, we provided a comprehensive walkthrough on how to create an encrypted backup and enable full-disk encryption. (That said, most of our drop-in students who actually completed the encryption process did so by way of additional one-on-one assistance during our office hours.)

  • The hands-on portion of our drop-in Off-the-Record (OTR) chat encryption session only addressed the use of CryptoCat and did not extend to the Pidgin and Adium instant messaging (IM) clients.

  • Similarly, while we covered the same tools in both OpenPGP email encryption workshops, there was not enough time in the drop-in session for participants to verify one another’s public key fingerprints.

  • Most importantly, as noted in the session descriptions above, students in our cumulative workshops had multiple opportunities to practice using tools and applying techniques covered earlier in the semester. In nearly every session, for example, they generated new passwords and added them to the KeePassX password manager. We also gave them a second chance to access an onion service—specifically the CryptoCat encrypted chat service—through the Tor Browser.