The Internet provides many opportunities but also poses many dangers and risks, including escalating threats from attackers. These risks can be especially high in some countries with increasing demands for censorship and surveillance. With this in mind, anonymous surfing makes sense. But, to protect distributions, browsers, and applications against snoopers, you would typically need a detailed understanding of the network and your operating system. Or, you can take a shortcut and use JonDonym, an anonymization service that prevents exposure of your surfing habits and data.
JonDonym is available for download as open source software in various versions. One version is a complete Live distribution based on Debian that includes both CD and DVD images. Another approach is to secure your personal Linux installation with a JonDonym client and a matching Firefox profile called JonDoFox. A console version of the software and a modified version of Firefox called JonDoBrowser [1] are also available.
The software's functionality is the same throughout. Internet access is achieved through a local proxy that encrypts the data and forwards it with an anonymous IP address to a cascade of mix servers [2] available in different countries and maintained by multiple independent vendors. They serve packets of data to obfuscated paths so that attacks on and recording of your traffic remain ineffective.
The JonDonym service was started by JonDos GmbH in cooperation with the Technical University of Dresden and the University of Regensburg. These universities do not develop and maintain the software but coordinate accounts between the premium service users and server operators.
Along with the free version, which has more limited data and functionality, a commercial service offers different options and data contingencies [3]. The company also handles certification of the mix servers.
To set up the service on a running system, you need the JonDoFox Firefox profile along with the client, both of which are available on the web [4]. You can unpack the two archives for the client and JonDoFox profile:
tar -xjvf jondo_linux.tar.bz2 tar -xjvf jondofox_linux_en-US.tar.bz2
Next, become superuser with sudo su , because you need administrator rights to install the client, then change to the newly created jondo_linux directory and run the script with the ./install_jondo command. The routine configures the software.
To install the new Firefox profile, open another terminal. Unpacking the client tarball creates a profile subdirectory. In the parent directory, you'll find the install_linux.sh installation script, which you can activate with ./install_linux.sh . You do not need administrator rights for this step. Do make sure Firefox is not running during the installation.
After completing the installation, you must first activate the JonDo service by typing jondo in the terminal. The somewhat sluggish Java software guides you through the configuration from a graphical menu in just a few steps. The computer then establishes a connection to one of the cascades of mix servers, with the free version running at a relatively modest speed of 30 to 50kbps (Figure 1).
JonDonym provides a wealth of settings and options for monitoring anonymized access to the Internet, which you can execute by clicking the Config button in the upper right of the program window. The dialog that follows lists different international mix cascades at the top center. You can use up to two of the mix servers.
If the selected cascade is too slow because of many users or you can't access the mix server, choose another one at this point. You can see the current number of users, the degree of anonymization, and speed and access data to the right of the server list.
Further down the list are triple mix cascades that have a much higher transfer rate and – depending on how many users are currently connected – a higher degree of anonymization. The triple cascades are available only to paying customers, however. At the bottom of the program window, the software shows detailed information about the individual cascades, so you can determine which servers are handling things internationally (Figure 2).
Additional parameters relate to the interface, network ports and protocols, payment services, and certificates. You'll find these in the left pane under the User interface , Payment , Network , and Services selections. Make the required modifications, especially if a firewall is blocking ports that the JonDonym service needs. After successfully establishing a connection to the JonDonym servers, you can start Firefox, which displays a dialog for selecting the JonDoFox profile (Figure 3).
Firefox then opens the browser, albeit with some unusual features. A bookmark symbol will appear at the top edge of the window that provides some useful links to commercial email, filesharing, and download services, which the developers preselected for security reasons.
The Anonymity Test bookmark lets you try out certain important properties of the browser, which should now run exclusively on the JonDonym client. Colored bars show your anonymity level on the Internet. Green bars show a high anonymity and security level, whereas red bars indicate a need for improvement (Figure 4).
The setup also installs several Firefox add-ons, including Adblock Plus , HTTPS-Everywhere , Cookie Monster , and NoScript . The UnPlug add-on even provides an extension that locates which embedded video files are localized and makes them available for download.
The developers configured the NoScript add-on very restrictively so that the browser doesn't display certain websites immediately – among them multimedia sites and those relying on Java. Because NoScript still displays placeholders, you have the option of unlocking the sites temporarily.
JonDoFox developers also made some modifications to Firefox settings related to security. They disabled Firefox cache management and set up the browser to delete all files that record your surfing habits.
Because JonDonym provides less bandwidth in its free version, acquiring a commercial anonymous account is recommended for larger file transfers. This also financially supports the project. Some volume and timing models also can guarantee much higher bandwidth and better availability [5]. The payment options are also varied and are all under the premise of an anonymous transaction.
In addition to the software for permanent installation on Linux systems, JonDo GmbH provides a Live DVD along with a Live CD for older computers. Both are based on Debian and come preconfigured with a completely secure communication environment. Apart from JonDonym and JonDoFox, you'll also find an Onion router and the Mixmaster remailer.
The Live DVD is rather slim, taking up only 1GB. Even the start menu shows that the distributions works with older machines. You can choose between 486 and 686 kernels, with the latter available only in a PAE version.
After the expected slow startup from the optical disk, a desktop based on Xfce 4.8 appears with the usual selection menu in a bottom left-hand corner of the desktop. The work area includes icons for major communication programs. Besides JonDonym and the JonDoBrowser, you'll find Mixmaster, Icedove, Pidgin, and the Vidalia graphical management interface for the Tor network.
The developers integrated programs into the menus that promise security one way or another. The Accessories submenu, for example, has TrueCrypt, Unison, Figaro's Password Manager 2, KeePassX, and the GNU Privacy Assistant. The System submenu includes additional applications for encrypting disks and partitions, with Cryptkeeper and especially USBCryptFormat, which is hidden in the entry Encrypt external disks . The System and Accessories submenus also include the Metadata Anonymization Toolkit (MAT) that maintains valuable metadata for numerous file formats.
The procedure to surf anonymously with the Live distribution is the same as with JonDonym installed on a regular system. To begin, start the JonDonym client by clicking the corresponding entry on the desktop. Then, activate the JonDoBrowser that consists of a preconfigured Firefox 17.0.2. The JonDonym client itself is fully configured and doesn't require any additional settings in the Live version.
Alternatively, you can surf the Internet anonymously from the Live version over the Tor network by clicking the Vidalia (Tor GUI) icon on the desktop. Vidalia starts the graphical interface and automatically establishes a connection to the Tor network without requiring manual configuration.
Note that you can surf over the Tor network to the Internet with the JonDonym client turned off only if you modify the proxy settings at the bottom right of the browser. Click the entry with the left mouse button and activate the Tor radio button in the context menu that pops up.
Use of the Live distribution isn't limited to anonymously surfing the Internet and the use of corresponding online services, however, because the developers have integrated many well-known applications in the system. Among them are LibreOffice, GIMP, and Calibra, which let you handle standard office tasks. ImageMagick, XSane, and Evince are also included for creative minds, and you can find the Parole media player in the Multimedia submenu.
No option to install the distribution on a hard disk is included, but you can back up personal data on a USB stick. If you don't have an optical drive, you can also use a USB stick as boot media. The website includes detailed instructions on making a data disk [6].
JonDonym provides anonymous surfing of the Internet without a major installation or configuration. Carefully prepared configuration options make for complete security – as long as you don't make any changes later.
The Live CD or DVD and the bootable USB stick (with some preparation) provide a good opportunity to use other computers without any modification as full-fledged computers for anonymous surfing. Using the JonDonym client and the corresponding browser, you can set up your own computer in the same way. The rather low transfer rate of the free mix cascades tends to tarnish the overall positive impression of the software. But, because the service provider offers many different data allocation, run-time, and payment models, you can find the appropriate cost option for any application with high-speed requirements.
Infos