We want to make you aware of recent changes in legislation that affect your privacy while you use Internet resources, and how you can protect your privacy as you continue to use these resources. On Monday, April 3, 2017 President Trump signed a bill to remove Internet privacy rules passed during the Obama administration to prevent tracking and sharing of people’s browsing and app activity without permission. Broadband providers have the widest look into the online habits of their customers. Without the rules, companies have more power to collect data on people and sell sensitive information. You can take several steps to protect your privacy while you use any Internet connection. The following two recommendations are in direct response to the legislation: 

  • Use a Personal Virtual Private Network (VPN) Service in All Your Computing Devices
    Similar to how Amherst College provides the virtual private network (VPN) service to allow access to resources while away from campus, you can obtain personal VPN services from different providers that encrypt your connection to the Internet. These services help prevent broadband providers from monitoring your activity on the Internet since they encrypt your communications on the Internet.

    PC Magazine provides a list of their top-rated VPN services for 2017. We have experience with two of the services listed: NordVPN, and Private Internet Access. The services can encrypt your access to the Internet on macOS, Windows, Android devices, and iOS devices. There are two main things we considered when evaluating VPN services: one, we wanted a service for which we paid as customers since free services may not be bound by clear privacy and service level agreements; and two, we wanted a service that provided a "no logging" policy, meaning they don't keep track of when you use the service or of your online activity while you use the service.
  • Reduce Online Tracking
    Although VPN services will help prevent broadband providers from tracking your online activity, other services can still track your activity by using other methods such as web browser cookies and sessions. You can minimize that type of online tracking by using several methods.

In addition, you should continue to protect your digital assets using the following recommendations:

  • Use Strong Passwords on Your Computing Devices
    You should set strong passwords on all your computing devices to make it more difficult for someone to gain unauthorized access. As a starting point, you can use the password rules for Amherst College accounts. Don't forget to set strong passwords for your accounts on Internet services as well! 
  • Use Multi-Factor Authentication Whenever Possible
    Many online services such as online banking now offer multi-factor authentication, meaning that they present and request separate pieces of information before granting access to an account. Examples can be the combination of a username, a password, and a random number sent via other medium such as text, phone, or a mobile app. Whenever online services offer the availability of multi-factor authentication, you may want to take advantage to strengthen the security of your account with the service.
  • Encrypt Your Hard Drive
    Both macOS and Windows offer hard drive encryption as part of their latest versions of macOS, Windows 10 Education, Windows 10 Pro, and Windows 10 Enterprise, at no additional cost. In the event of loss or theft of the computing device, hard drive encryption will prevent someone else from reading the contents of your hard drive. Smart phones and tablets such as iPhones and iPads are pre-encrypted and do not offer an option to remove encryption. If you recently purchased a new computer, it will likely already have encryption turned on, but it is worth verifying by following the instructions on the links above. Please contact AskIT@amherst.edu to inquire about encryption on any college-owned computing devices as this information is applicable to personal computing devices only.
  • Run Regular System Updates
    All modern operating systems such as macOS and Windows provide a facility to upgrade the software automatically. You should make use of the feature to check for updates regularly and install updates automatically. 

We hope the resources listed provide you with enough information to make you aware of your privacy, and help you make well-informed choices as you continue to use Internet resources. Please contact us at AskIT@amherst.edu, if you have any questions or need additional information.

Frequently Asked Questions
(We will add questions as we receive them.) 

  • Can I use the Amherst College VPN instead of purchasing a private service?
    The Amherst College VPN Service allows you to access the Amherst network, and the resources on it, as if you were on campus. It is intended to encrypt (secure) traffic from remote locations to Amherst College; the purpose of a personal VPN service is to encrypt all traffic from remote locations to any location on the Internet.

 

Released: April 4, 2017
Updated: April 7, 2017
1) Added note to clarify encryption applies to personal devices and to contact IT about encryption on college-owned devices.
2) Added note to clarify encryption on Windows is only available for Windows Education, Pro, and Enterprise.