With the recent developments regarding potential government spying, both in South Africa and abroad, the privacy conscious Internet user may be concerned about shielding their online activities from prying eyes.
This includes undersea cable systems, some of which are used by South African cable operators.
In South Africa, the Protection of State Information Bill, also called the “Secrecy Bill”, is waiting for Jacob Zuma’s signature. The President could send the Bill back to the National Assembly for further amendments as he has once before, but based on feedback from lawyers he could just as easily sign it into law.
The Southern African Federation Against Copyright Theft (Safact), which is spearheading the prosecution of the first person accused of Internet piracy in South Africa, also recently said that it is impossible to hide or stay anonymous on the Internet.
However, a South African security professional who wished to remain anonymous said that this is not true.
They said that depending on what you want to achieve, remaining anonymous can have varying degrees of difficulty.
Hiding from Safact when distributing torrents is certainly possible, the person said.
For the privacy-minded, the security professional provided the following general operational security (OPSEC) guidelines:
- Do not do anything sensitive from your home IP address. Get an anonymous “jump box”.
- Tor is great, but unless you have infinite patience, uploading or downloading anything over it will age you.
- Use cash, buy a disposable credit card (in South Africa, mall gift cards can work well) to buy a virtual private server from a provider such as Linode or Digital Ocean.
- Repeat step 3 to get a virtual private network account.
- If you are uploading a torrent don’t put any identifying information in the files or torrent itself. This includes performing “unique” tricks on the files or torrent. While taking credit for the upload is tempting, rather stay safe.
Along with the above advice, the person advised that those interested in learning more about operational security listen to a talk by The Grugq:
While it may be tempting to dismiss OPSEC matters as the domain of malicious hackers and pirates, The Grugq specifically targeted his talk at freedom fighters.
Similarly, torrents can be used for downloading “Linux distributions”, but is also used by perfectly legal media services such as Vodo.net.
Those concerned about their online activities being used against them now or in future may wish to ensure that their OPSEC is up to scratch.