2023 Cybersecurity Awareness Blogs
Week 2 of Cybersecurity Awareness Month
Enhanced Password Standards: Strengthening Security at TRU
Vivian Oosthoek, Oct 10, 2023
At Thompson Rivers University (TRU), we are committed to safeguarding your digital security. As part of our ongoing efforts to protect your personal information and ensure the integrity of our systems, we are proud to announce significant updates to our password standards, effective as of August of this year. These changes are designed to enhance your online safety and minimize potential vulnerabilities.
Key Updates to Password Standards:
- Increased Minimum Password Length: We've raised the bar for password complexity by increasing the minimum password length from 8 characters to a more robust 12 characters. This longer character requirement helps create stronger, more resilient passwords.
- Comprehensive Character Requirements: To further fortify your passwords, we now mandate the use of a combination of lowercase letters, uppercase letters, numeric digits, and symbol characters. This diverse mix of characters makes it considerably more challenging for unauthorized parties to crack your password.
- Elimination of Regular Expirations: In our commitment to user convenience, we have eliminated the routine password expiration policy, as we now have MFA as a secondary layer of protection against account compromise. Your password will only expire if your account is implicated in a security incident. Previously, staff members were required to update their passwords every 6 months, while students had to do so annually. Now, you'll only need to update your password if there's a legitimate security concern.
Why These Changes Matter:
These updates reflect our commitment to continuously improving your digital security. Passwords serve as the first line of defense against cyber threats, and by strengthening our password standards, we reduce the risk of unauthorized access, data breaches, and identity theft. These measures not only protect you but also contribute to a safer and more secure digital environment for our entire TRU community.
At TRU, your online safety is our top priority. Our enhanced password standards, including increased complexity requirements and the elimination of regular expirations, are designed to provide you with peace of mind when it comes to protecting your digital identity and sensitive information.
Enhancing TRU's Security with Multi-Factor Authentication (MFA)
Taylar Masson, Oct 10, 2023
We are excited to announce an important security enhancement for your accounts at TRU. Recently, we have enabled Multi-Factor Authentication (MFA) for all student accounts accessing Microsoft services, including email and the Office suite. In this blog post, we will explain what MFA is, why it matters, how we are implementing it, and where you can find resources to manage your account effectively.
What is Multi-Factor Authentication (MFA)?
MFA is a security feature that adds an extra layer of protection to your account. Instead of relying solely on a password, MFA requires you to provide an additional form of verification during sign-in. This could be a text message code, a phone call, or a mobile app notification. By using MFA, we significantly reduce the risk of unauthorized access even if your password is compromised.
Why is MFA Important?
- Enhanced Security: With MFA, even if someone gets hold of your password, they won’t be able to access your account without the second factor (e.g., your phone).
- Protection Against Phishing: MFA prevents attackers from gaining access through phishing attacks.
- Compliance Requirements: Many regulatory standards now mandate the use of MFA to protect sensitive data.
How We are Implementing MFA
Enforced for All Students
- MFA is now mandatory for all TRU student accounts. When you sign into Microsoft services, you will be prompted to set up MFA. This added layer of security ensures that even if your password is compromised, unauthorized access is prevented.
Where MFA Is Needed
- On-Campus Access: When signing in from TRU campus locations, MFA will not be mandatory.
- Off-Campus Access: For security reasons, MFA remains enforced when accessing your account remotely.
Easy Setup
- Setting up MFA is straightforward:
- Sign into any Microsoft service (e.g., Outlook, Teams).
- Follow the prompts to choose your preferred verification method:
- Text message
- Phone call
- Mobile app notification
- Complete the setup process.
Remember Your Device
- Once you have set up MFA on a device (e.g., laptop, smartphone), you will not need to verify again unless you switch to a new device, browser, or have been inactive for more than a month.
- Remember that this convenience also means safeguarding your device against unauthorized use.
Managing Your Account
- To set up or manage student MFA settings: https://aka.ms/mfasetup
- For any issues or questions related to MFA: Contact our IT support team at itservicedesk@tru.ca
- Learn more about MFA: Visit our MFA Knowledge Base https://tru.teamdynamix.com/TDClient/84/Portal/KB/ArticleDet?ID=6714
Upcoming Changes
As part of our commitment to enhancing the security of our digital environment, we plan to extend MFA to other key services soon. Here is what you can expect:
Moodle
Our Learning Management System, Moodle, will soon require MFA for sign-in. This will ensure that only you can access your courses, grades, and other academic resources.
MYTRU
MyTRU, your portal for registration, financial aid, personal information, and other student services, will also be adopting MFA. This will add an extra layer of protection to your personal and academic records.
VPN
For those who access our network remotely via VPN, MFA will be implemented to prevent unauthorized access. This is especially important as VPN provides access to internal resources that are otherwise inaccessible from outside our network.
Passwordless Authentication
- Your Microsoft account offers what is called “Passwordless sign-in". For those with Microsoft MFA setup on the Microsoft Authenticator you can enable this option in the App. You may also elect to add a hardware token to use this (Such as a “Yubikey”).
- Passwordless authentication lets you sign in, as it suggests, without using your password. Having your phone (Something you have), combined with biometrics (Something you are) or PIN code (Something you know) cover the “multiple factors” in MFA and is more secure than a password, which could be easily guessed or stolen.
- DUO MFA for employees does not currently support this. This option will become available in the near future.
You will not have to do anything as part of these changes. All services will use your Microsoft account and be protected by the same MFA you set up now.
Remember that security is a shared responsibility. By using MFA, you play an active role in safeguarding your account and our institution’s data.
Thank you for helping us create a more secure digital environment at TRU!
Embrace the Power of VPNs - but Beware of the Slow Lane
Obiora Akachukwu, October 10, 2023
We live in an age where staying connected is crucial, and that often means hopping onto public Wi-Fi networks. Whether you're at a coffee shop, the library, or an airport, free public Wi-Fi is a lifesaver. But it comes with risks—risks that can be mitigated with a Virtual Private Network (VPN).
A Virtual Private Network (VPN) is a technology that creates a secure and encrypted connection over the internet, allowing users to access the internet as if they were connected to a private network. A VPN is like your own secret tunnel in the digital world.
Let's dive into the benefits of incorporating VPNs into your online routine.
Benefits
- Enhanced Privacy and Security
VPNs encrypt your internet connection, making it incredibly difficult for hackers or prying eyes to intercept your online activities. This is particularly valuable when accessing public Wi-Fi networks, which are notorious for their lack of security. For students and faculty handling sensitive academic data, this level of protection is a game-changer.
- Bypassing Geo-Restrictions
VPNs allow you to appear as though you're browsing the internet from a different location. This means you can access online resources or educational content that may be restricted or blocked in your region, broadening your research and learning possibilities.
- Secure File Sharing
VPNs create a secure tunnel for data transfer, making file sharing and collaboration safer and more confidential. This is particularly useful for faculty members working on research projects or students engaged in group assignments.
- Anonymity and Reduced Tracking
VPNs mask your IP address, reducing the ability of websites and advertisers to track your online behavior. This can enhance your online privacy and reduce the amount of targeted advertising you encounter.
- Access to Institutional Resources
Universities and colleges like TRU sometimes limit access to their resources from off-campus locations. A VPN can provide a secure way to connect to the university's network remotely, giving faculty and students access to library resources, academic databases, and other services even when not on campus. TRU offers access to the GlobalProtect VPN for this very purpose.
In conclusion, VPNs offer valuable advantages for both students and faculty, especially when it comes to online security and privacy. However, they are not without their drawbacks, including potential speed reductions and the need to trust a third-party provider when not using the university-provided VPN solution. When deciding whether to use a VPN, consider your specific needs and the potential benefits and limitations in the context of your online activities.
Protect Your Identity Information!
Kevin Zhong, Oct 10, 2023
Identity theft happens when someone uses your personal data, such as your name, birthday, social insurance number, to impersonate you. Identity thieves may steal money from your bank accounts, open new credit cards, or get utility services under your name, steal your tax refund, use your insurance information to receive medical treatments, or give police your name and address when they are arrested.
There are ways to protect yourself from identity theft:
- Change your password regularly and use two-factor authentication.
- Do not keep extra credit cards, or your Social Insurance Card, birth certificate, or passport with you unless necessary.
- Freeze your credit with the two major credit bureaus in Canada, Equifax and TransUnion, so that most lenders cannot obtain your credit report, therefore new credit files cannot be opened under your identity. It is free to freeze and unfreeze your credit.
- Keep a list of all your credit and bank accounts in a secure place so you can quickly call the issuers to inform them about missing or stolen cards. Your list should include account numbers, expiration dates, and customer service and fraud department telephone numbers.
- Take your credit/debit and ATM card receipts with you. Do not toss them and pre-approved credit offers, credit card or utility bills in your trash or recycling bin without first tearing them into small pieces or shredding them.
- Do not give credit card, bank, or Social Insurance Number information to anyone by telephone, even if you made the call, until you can verify that the call is legitimate.
- Avoid any offer that sounds too good to be true – they are often scams. Be very skeptical of offers that require your Social Insurance Number, credit, or financial information as an enrollment condition.
How do I know if I’m a victim of identity theft?
- Scrutinize your credit card statement, utility, and subscription bills to ensure the charges are yours.
- One of your creditors informs you that they have approved or declined your application that you have never applied for.
- A collection agency contacts you to collect on your defaulted account, when you never opened that account.
What should I do if I suspect that I’m a victim of credit fraud?
- Reconcile your cheque and credit card statements regularly and challenge any purchases you did not make.
- Report all stolen credit cards immediately to the issuers and request new cards.
- If you are a victim of a data breach, ask the credit bureaus (Equifax and TransUnion in Canada) to place a fraud alert on your credit files. Lenders will need to contact you and confirm your identity before they approve any application for credit under your identity.
- Contact your local police to file a complaint after a data breach.
- Report any fraud to the Canadian Anti-Fraud Center (CAFC). The CAFC is a national police service that assists Police of Jurisdiction. It is Canada’s central repository for information about fraud.
- Notify Canada Post Postal Security if you suspect your mail was stolen.
Week 1 of Cybersecurity Awareness Month
Blocking Spam and Protecting Your University Inbox: The Power of Microsoft Spam Filtering and DMARC
Obiora Akachukwu, Oct 3, 2023
Today, let’s chat about something that's both annoying and potentially harmful: spam emails.
In June of 2023, the Information Technology Services implemented Microsoft's advanced spam filtering technology and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to make our university email experience way safer and smoother. Let's dive into the world of these new email standards and see how they're protecting our inboxes.
1. Microsoft Spam Filtering: Your Email Bouncer
You know those pesky spam emails that clutter your inbox? They're like party crashers at your favorite hangout. Microsoft's spam filtering technology is like the bouncer who keeps the undesirables out. It uses smart algorithms to spot spammy emails and sends them straight to the digital trash bin. No more sifting through shady promotions or suspicious offers.
2. DMARC: The Ultimate Identity Checker
DMARC is like the digital passport control at the airport but for emails. It helps ensure that the emails you receive are from who they claim to be from. Cybercriminals often try to impersonate trusted sources, like your employer, to trick you into revealing sensitive information. DMARC verifies the authenticity of the sender's domain, making it much harder for email scammers to sneak in.
3. Reduced Phishing Risks
Phishing attacks are like digital fishing expeditions where scammers try to hook you with fake emails. These can be seriously dangerous, especially for students and faculty dealing with academic and personal data. Microsoft's spam filtering and DMARC combo work together to spot phishing emails and protect your personal info and login credentials.
4. Enhanced Email Security
In the age of cyber threats, keeping your email secure is a top priority. Microsoft's robust spam filtering technology and DMARC help guard our university communications like a fortress. You can collaborate, share research, and communicate without worrying about email security breaches.
So, there you have it, folks. Microsoft's spam filtering technology and DMARC are like the dynamic duo of email security, making sure your university inbox is clean, safe, and hassle-free. You can focus on your studies, research, and teaching without spending as much time worrying about the distraction of spam or the fear of email scams. It's like having a digital guardian for your university email, which is a great perk.
Enhanced Password Standards: Strengthening Security at TRU
Vivian Oosthoek, Oct 10, 2023
At Thompson Rivers University (TRU), we are committed to safeguarding your digital security. As part of our ongoing efforts to protect your personal information and ensure the integrity of our systems, we are proud to announce significant updates to our password standards, effective as of August of this year. These changes are designed to enhance your online safety and minimize potential vulnerabilities.
Key Updates to Password Standards:
- Increased Minimum Password Length: We've raised the bar for password complexity by increasing the minimum password length from 8 characters to a more robust 12 characters. This longer character requirement helps create stronger, more resilient passwords.
- Comprehensive Character Requirements: To further fortify your passwords, we now mandate the use of a combination of lowercase letters, uppercase letters, numeric digits, and symbol characters. This diverse mix of characters makes it considerably more challenging for unauthorized parties to crack your password.
- Elimination of Regular Expirations: In our commitment to user convenience, we have eliminated the routine password expiration policy, as we now have MFA as a secondary layer of protection against account compromise. Your password will only expire if your account is implicated in a security incident. Previously, staff members were required to update their passwords every 6 months, while students had to do so annually. Now, you'll only need to update your password if there's a legitimate security concern.
Why These Changes Matter:
These updates reflect our commitment to continuously improving your digital security. Passwords serve as the first line of defense against cyber threats, and by strengthening our password standards, we reduce the risk of unauthorized access, data breaches, and identity theft. These measures not only protect you but also contribute to a safer and more secure digital environment for our entire TRU community.
At TRU, your online safety is our top priority. Our enhanced password standards, including increased complexity requirements and the elimination of regular expirations, are designed to provide you with peace of mind when it comes to protecting your digital identity and sensitive information.
Enhancing TRU's Security with Multi-Factor Authentication (MFA)
Taylar Masson, Oct 10, 2023
We are excited to announce an important security enhancement for your accounts at TRU. Recently, we have enabled Multi-Factor Authentication (MFA) for all student accounts accessing Microsoft services, including email and the Office suite. In this blog post, we will explain what MFA is, why it matters, how we are implementing it, and where you can find resources to manage your account effectively.
What is Multi-Factor Authentication (MFA)?
MFA is a security feature that adds an extra layer of protection to your account. Instead of relying solely on a password, MFA requires you to provide an additional form of verification during sign-in. This could be a text message code, a phone call, or a mobile app notification. By using MFA, we significantly reduce the risk of unauthorized access even if your password is compromised.
Why is MFA Important?
- Enhanced Security: With MFA, even if someone gets hold of your password, they won’t be able to access your account without the second factor (e.g., your phone).
- Protection Against Phishing: MFA prevents attackers from gaining access through phishing attacks.
- Compliance Requirements: Many regulatory standards now mandate the use of MFA to protect sensitive data.
How We are Implementing MFA
Enforced for All Students
- MFA is now mandatory for all TRU student accounts. When you sign into Microsoft services, you will be prompted to set up MFA. This added layer of security ensures that even if your password is compromised, unauthorized access is prevented.
Where MFA Is Needed
- On-Campus Access: When signing in from TRU campus locations, MFA will not be mandatory.
- Off-Campus Access: For security reasons, MFA remains enforced when accessing your account remotely.
Easy Setup
- Setting up MFA is straightforward:
- Sign into any Microsoft service (e.g., Outlook, Teams).
- Follow the prompts to choose your preferred verification method:
- Text message
- Phone call
- Mobile app notification
- Complete the setup process.
Remember Your Device
- Once you have set up MFA on a device (e.g., laptop, smartphone), you will not need to verify again unless you switch to a new device, browser, or have been inactive for more than a month.
- Remember that this convenience also means safeguarding your device against unauthorized use.
Managing Your Account
- To set up or manage student MFA settings: https://aka.ms/mfasetup
- For any issues or questions related to MFA: Contact our IT support team at itservicedesk@tru.ca
- Learn more about MFA: Visit our MFA Knowledge Base https://tru.teamdynamix.com/TDClient/84/Portal/KB/ArticleDet?ID=6714
Upcoming Changes
As part of our commitment to enhancing the security of our digital environment, we plan to extend MFA to other key services soon. Here is what you can expect:
Moodle
Our Learning Management System, Moodle, will soon require MFA for sign-in. This will ensure that only you can access your courses, grades, and other academic resources.
MYTRU
MyTRU, your portal for registration, financial aid, personal information, and other student services, will also be adopting MFA. This will add an extra layer of protection to your personal and academic records.
VPN
For those who access our network remotely via VPN, MFA will be implemented to prevent unauthorized access. This is especially important as VPN provides access to internal resources that are otherwise inaccessible from outside our network.
Passwordless Authentication
- Your Microsoft account offers what is called “Passwordless sign-in". For those with Microsoft MFA setup on the Microsoft Authenticator you can enable this option in the App. You may also elect to add a hardware token to use this (Such as a “Yubikey”).
- Passwordless authentication lets you sign in, as it suggests, without using your password. Having your phone (Something you have), combined with biometrics (Something you are) or PIN code (Something you know) cover the “multiple factors” in MFA and is more secure than a password, which could be easily guessed or stolen.
- DUO MFA for employees does not currently support this. This option will become available in the near future.
You will not have to do anything as part of these changes. All services will use your Microsoft account and be protected by the same MFA you set up now.
Remember that security is a shared responsibility. By using MFA, you play an active role in safeguarding your account and our institution’s data.
Thank you for helping us create a more secure digital environment at TRU!
Embrace the Power of VPNs - but Beware of the Slow Lane
Obiora Akachukwu, October 10, 2023
We live in an age where staying connected is crucial, and that often means hopping onto public Wi-Fi networks. Whether you're at a coffee shop, the library, or an airport, free public Wi-Fi is a lifesaver. But it comes with risks—risks that can be mitigated with a Virtual Private Network (VPN).
A Virtual Private Network (VPN) is a technology that creates a secure and encrypted connection over the internet, allowing users to access the internet as if they were connected to a private network. A VPN is like your own secret tunnel in the digital world.
Let's dive into the benefits of incorporating VPNs into your online routine.
Benefits
- Enhanced Privacy and Security
- Bypassing Geo-Restrictions
- Secure File Sharing
- Anonymity and Reduced Tracking
- Access to Institutional Resources
VPNs encrypt your internet connection, making it incredibly difficult for hackers or prying eyes to intercept your online activities. This is particularly valuable when accessing public Wi-Fi networks, which are notorious for their lack of security. For students and faculty handling sensitive academic data, this level of protection is a game-changer.
VPNs allow you to appear as though you're browsing the internet from a different location. This means you can access online resources or educational content that may be restricted or blocked in your region, broadening your research and learning possibilities.
VPNs create a secure tunnel for data transfer, making file sharing and collaboration safer and more confidential. This is particularly useful for faculty members working on research projects or students engaged in group assignments.
VPNs mask your IP address, reducing the ability of websites and advertisers to track your online behavior. This can enhance your online privacy and reduce the amount of targeted advertising you encounter.
Universities and colleges like TRU sometimes limit access to their resources from off-campus locations. A VPN can provide a secure way to connect to the university's network remotely, giving faculty and students access to library resources, academic databases, and other services even when not on campus. TRU offers access to the GlobalProtect VPN for this very purpose.
In conclusion, VPNs offer valuable advantages for both students and faculty, especially when it comes to online security and privacy. However, they are not without their drawbacks, including potential speed reductions and the need to trust a third-party provider when not using the university-provided VPN solution. When deciding whether to use a VPN, consider your specific needs and the potential benefits and limitations in the context of your online activities.
Protect Your Identity Information!
Kevin Zhong, Oct 10, 2023
Identity theft happens when someone uses your personal data, such as your name, birthday, social insurance number, to impersonate you. Identity thieves may steal money from your bank accounts, open new credit cards, or get utility services under your name, steal your tax refund, use your insurance information to receive medical treatments, or give police your name and address when they are arrested.
There are ways to protect yourself from identity theft:
- Change your password regularly and use two-factor authentication.
- Do not keep extra credit cards, or your Social Insurance Card, birth certificate, or passport with you unless necessary.
- Freeze your credit with the two major credit bureaus in Canada, Equifax and TransUnion, so that most lenders cannot obtain your credit report, therefore new credit files cannot be opened under your identity. It is free to freeze and unfreeze your credit.
- Keep a list of all your credit and bank accounts in a secure place so you can quickly call the issuers to inform them about missing or stolen cards. Your list should include account numbers, expiration dates, and customer service and fraud department telephone numbers.
- Take your credit/debit and ATM card receipts with you. Do not toss them and pre-approved credit offers, credit card or utility bills in your trash or recycling bin without first tearing them into small pieces or shredding them.
- Do not give credit card, bank, or Social Insurance Number information to anyone by telephone, even if you made the call, until you can verify that the call is legitimate.
- Avoid any offer that sounds too good to be true – they are often scams. Be very skeptical of offers that require your Social Insurance Number, credit, or financial information as an enrollment condition.
How do I know if I’m a victim of identity theft?
- Scrutinize your credit card statement, utility, and subscription bills to ensure the charges are yours.
- One of your creditors informs you that they have approved or declined your application that you have never applied for.
- A collection agency contacts you to collect on your defaulted account, when you never opened that account.
What should I do if I suspect that I’m a victim of credit fraud?
- Reconcile your cheque and credit card statements regularly and challenge any purchases you did not make.
- Report all stolen credit cards immediately to the issuers and request new cards.
- If you are a victim of a data breach, ask the credit bureaus (Equifax and TransUnion in Canada) to place a fraud alert on your credit files. Lenders will need to contact you and confirm your identity before they approve any application for credit under your identity.
- Contact your local police to file a complaint after a data breach.
- Report any fraud to the Canadian Anti-Fraud Center (CAFC). The CAFC is a national police service that assists Police of Jurisdiction. It is Canada’s central repository for information about fraud.
- Notify Canada Post Postal Security if you suspect your mail was stolen.
Blocking Spam and Protecting Your University Inbox: The Power of Microsoft Spam Filtering and DMARC
Obiora Akachukwu, Oct 3, 2023
Today, let’s chat about something that's both annoying and potentially harmful: spam emails.
In June of 2023, the Information Technology Services implemented Microsoft's advanced spam filtering technology and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to make our university email experience way safer and smoother. Let's dive into the world of these new email standards and see how they're protecting our inboxes.
1. Microsoft Spam Filtering: Your Email Bouncer
You know those pesky spam emails that clutter your inbox? They're like party crashers at your favorite hangout. Microsoft's spam filtering technology is like the bouncer who keeps the undesirables out. It uses smart algorithms to spot spammy emails and sends them straight to the digital trash bin. No more sifting through shady promotions or suspicious offers.
2. DMARC: The Ultimate Identity Checker
DMARC is like the digital passport control at the airport but for emails. It helps ensure that the emails you receive are from who they claim to be from. Cybercriminals often try to impersonate trusted sources, like your employer, to trick you into revealing sensitive information. DMARC verifies the authenticity of the sender's domain, making it much harder for email scammers to sneak in.
3. Reduced Phishing Risks
Phishing attacks are like digital fishing expeditions where scammers try to hook you with fake emails. These can be seriously dangerous, especially for students and faculty dealing with academic and personal data. Microsoft's spam filtering and DMARC combo work together to spot phishing emails and protect your personal info and login credentials.
4. Enhanced Email Security
In the age of cyber threats, keeping your email secure is a top priority. Microsoft's robust spam filtering technology and DMARC help guard our university communications like a fortress. You can collaborate, share research, and communicate without worrying about email security breaches.
So, there you have it, folks. Microsoft's spam filtering technology and DMARC are like the dynamic duo of email security, making sure your university inbox is clean, safe, and hassle-free. You can focus on your studies, research, and teaching without spending as much time worrying about the distraction of spam or the fear of email scams. It's like having a digital guardian for your university email, which is a great perk.
ChatGPT - Protecting your Privacy
Kevin Zhong, Oct 3, 2023
Is using ChatGPT private? The answer is no, ChatGPT is not private. Information entered into ChatGPT is stored on OpenAI’s servers and used to further train the AI tool. Users should exercise caution and not enter confidential or personal information into ChatGPT. According to OpenAI’s privacy policy, collected personal information related to you includes:
- Account and Communication Information: OpenAI collects your name, contact information, payment card information, and transaction history from your user account. If you communicate with OpenAI about any issue, they also collect the contents of any messages you send to them.
- User Content: When you use OpenAI Services, they collect personal information that is included in the input, file uploads, or feedback that you provide.
- Social Media Information: When you interact with OpenAI social media pages on popular social media platforms, such as Instagram, Facebook, Twitter, they will collect personal information that you elect to provide to them.
- Log Data: Information that your browser automatically sends when you use OpenAI Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with their website.
- Usage Data: ChatGPT may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
- Device Information: This can include the name of the device, the operating system, device identifiers, and the browser you are using.
- Cookies and Analytics: OpenAI uses a variety of online analytics products that use cookies to help them analyze how you use their services.
So, how should you protect your privacy when using ChatGPT?
- Don’t share sensitive information: confidential information should not be entered into ChatGPT.
- Use a VPN to increase your anonymity.
- Disabling your chat history through your account settings does not prevent the use of your data in training ChatGPT. However, you can fill out the OpenAI “User Content Opt Out Request” Google form to opt out of having your data used to improve their language models.
