Duke will not sell users’ data

April 10, 2017
In light of new privacy rules approved by Congress, Duke’s IT Security Office is offering the following guidance to help the Duke community understand how the change might impact them and what they can do.
 
The Internet privacy of Duke faculty, students and staff is of the utmost importance to the university, and the ability to freely conduct academic research must not be hindered by privacy concerns. 
 
Duke, which operates as an Internet service provider (ISP) for all users of the Duke network, does not and will not sell data about its users. Duke partners with other ISPs (the N.C. Research and Education Network and Internet2, both made up of leading research and education institutions), and those organizations will never sell data about their users.
 
Many companies, including Facebook and Google, already monitor, track and sell information about users’ Internet habits. For example, a user signed into Facebook who then visits another website can be tracked using cookies. If you “like” a page on a site, Facebook knows. If you “google” for information, Google knows your browser did so, along with the IP address you came from and (if you are signed into Google) that it was your account. Congress’ vote to repeal the FCC's broadband privacy protections is likely to make that kind of tracking more widespread.
 
To minimize tracking by an ISP (from home or while traveling), Duke's IT Security Office recommends using a full-tunnel Virtual Private Network (VPN) service to encrypt your  traffic before it leaves your computer.  The Duke VPN service (INTL-VPN or Library context) is a good option for most users. For personal use, one privacy website offers some guidance and a side-by-side comparison of some VPN options. Please note that there are some concerns that VPN providers could also sell personal data, as they can classify themselves as an ISP, so consider a provider who is incorporated in Europe or has a privacy policy on how they use customer data.
 
In addition, users who are concerned about tracking cookies when browsing should use an adblocker (the ITSO recommends uBlock Origin) and consider private browsing using Incognito mode or noscript. (Find more safe browsing tips here.)
 
If you have questions or concerns not addressed here, please contact the IT Security Office at security@duke.edu.