Hi,
My moodle (ver 3.3) courses are delivered to their enrolled users thru https.
Would this be safe enough for the site's users to exchange sensitive and confidential content eg. test grades, exam questions, ..., students personal info, etc?
Also, is it advisable to use this site to deliver media based training material on trade secret?
Looking forward to hear your advice.
Cheers
James
That is kind of the purpose of moodle - to share grades, give exams etc. It is as safe as your server setup and your password security...thousands of universities across the world use Moodle to do just that. Is it infallible? - no, there is no such thing.
As for your training material, anytime you share anything on the internet, you have to understand that someone can always find a way to copy it if they want to.
My real concern is the safety of some of our course users who live in a country which forbid its citizens to learn about democracy, human right, multi-party politic and freedom of speech and the site hosts learning materials in these areas. The citizens' internet usage is closely monitored by the state and people being caught assessing information in these areas will be punished. My question is how difficult for the big brother to decrypte what is being transmitted thru https? Anything I can do to provide additional protection of our users from being unjustly punished?
I'm afraid you are out of luck. If the state is monitoring the internet usage, they might aswell have the capabilities to perform man in the middle attacks (MITM) on SSL/TLS, or simply block any SSL/TLS traffic outside MITM-ed connections (e.g.,like they do in China).
Some people route around this restrictions by using VPNs (virtual private networks), but they have their own downsides (e.g., the state sooner or later know about them, and blocks them, also your internet traffic stands out like a sore thumb, so you might be tracked more easily, etc.).
This is a very tough nut to crack...
Saludos. Iñaki.
Hi James,
Like Iñaki has put it, it's very difficult to secure lines of communication when nation states are involved.
As well as VPNs there are options like the TOR network https://www.torproject.org/ which effectively anonymises users' internet data and activities. It's especially useful for journalists, NGO workers, etc. working under the conditions you've described. However, privacy-oriented software and networks alone are insufficient for evading being identified on the internet. Users need effective training on how not to accidentally reveal themselves to the authorities.
Also, while measures like these are effective against dragnet style surveillance, a nation state would easily be capable of targeting individuals they suspect of accessing forbidden information and gather evidence of their online activities.
I hope this helps,
Matt
