JonDo Help

file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/index.html

Please choose from the following topics for appropriate help:

Table of Contents
2. JonDonym technology 1. Introduction

The World Wide Web and your privacy Data collection techniques

JonDonym, AN.ON and Tor VPN services and proxies JonDo's features

3. Install JonDo and JonDoFox

4. How to use premium services

Installation for Windows, for MacOS, for Debian, Ubuntu, Mint and for Linux / UNIX Verify OpenPGP signatures of downloads First-start assistant of JonDo

Advantages of premium services Create a premium account with JonDo Buy a premium coupon at the webshop Manage your premium accounts

5. Anonymous surfing with JonDoFox

6. Prepare other applications for JonDo

Using JonDoFox for anonymous websurfing Control Cookies with Cookie Monster Control JavaScript and active Content Enforce HTTPS encryption Protection against dangerous Flash Videos Features of the JonDoFox addon Alternative browser configuration How to anonymize Flash and Java applets Browser security test

Proxy settings for other applications Anonymous e-mail with Thunderbird Anonymous instant messaging with Psi or Pidgin Anonymous IRC Proxifier for applications without proxy support o ProxyCap for Windows and MacOS o WideCap for Windows o proxychains for Linux and UNIX o Transparent Proxy for Linux

7. Usage of JonDo

8. Circumvent blocking of JonDonym

JonDo user interface The Anonym-O-Meter Mini view and context menu JonDo commandline arguments

Use a proxy with JonDo Use anti-censorship forwarder (Skype) Use anti-censorship forwarder (TCP/IP) Dial-up to a censorship free country

9. Configuration of JonDo

10. Troubleshooting

Changing appearance Debugging Payment settings Further help Updating Updating JRE (Java Runtime Network and connection settings Environment) Anonymity o Certificates and their meaning o Configuration of mix 11. Credits cascades o Advanced settings of mix A. Developers, credits and license cascades o InfoService o Anti censorship o Certification authorities Configuration file jap.conf

file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/wwwprivacy.html

Table of Content Data Collection Techniques

The World Wide Web and your privacy

For sure, you can no longer imagine day-to-day life without the World Wide Web. Those numerous services such as online banking, travel information, encyclopedias or the like mean a great convenience in solving your common tasks. Furthermore, you probably surf entertainment and shopping portals, stay in touch with friends over social networks or share your common interests with others in forums. To access the Web you are offered a dozen of stable, highly functional yet easy to use applications, the browsers. The most popular browsers are the Internet Explorer, Firefox, Opera, Safari and Chrome. Any communication on the Internet leaves all kinds of digital traces which can be automatically acquired, saved and analyzed. Some companies have thus specialized in creating individual user profiles from surfing related data. These databases are of high economic value since they allow an enterprise to comprehensively profile their costumers, which means you. This process is called data accumulation or data enhancement in data mining lingo. There are many reasons why one should avoid leaving digital traces when surfing: part of the data collected advects into scoring systems which are used to evaluate loan requests, to create individually priced offers or to decide on eligibility for C.O.D. service. Employers may be generated a character profile of their job applicants from traces on the Net prior to hiring them. Freedom of opinion is limited by governments or institutions where they trace individual surfers that use or edit certain web services or deny them any usage at all. Companies may recognize employees of other businesses or even those of their competition and subsequently annoy them with promotional calls or email spam. Browser related data exposes vulnerabilities in the surfing machine. An hacker may subsequently contact the computer directly and attack it. Further problematic is that these traces are collected, saved, sent and processed without your consent and most widely unnoticed. Decisions not being understandable by you may be based on this information. In the following three popular companies collecting and mining data get introduced briefly.

Google
It is generally known that Google's business model is based on the analysis of collected data. But many users do have no conception regarding the comprehensiveness of personal profiles and the worth of these data.

4 Economic figures: According to an estimation done by experts there are ca. 1.5 million servers working for Google in different data centers. Every three months that amount is growing by 100,000. The annual costs of this infrastructure are approximately 2 billion dollar. Google's overall revenue is about 30 billion dollar every year with an anually profit of 7 billion dollar. 96 percent of Google's revenue is generated by personalized advertisements. (as at 2009) The whole infrastructure may be used for free. It is not paid by money but by data. According to the Electronic Frontier Foundation (EFF) Google is logging the traffic which can be linked to a particular person unambiguously examining various characteristics. This affects the deployment of the search engine, of Google services like YouTube or Google Earth and applies as well to flashing advertisements on other web sites and of course to tracking tools like Google Analytics. The basic data is combined to comprehensive profiles of individual users surfing the web. Due to its popularity Google is almost able to capture the whole searching and surfing behaviour. In Germany 89 percent of search requests go directly to Google. Besides, 85 percent of German web sites are contaminated with elements (Google Analytics, flashing of advertisements et cetera) allowing Google to track users across multiple web pages. How exact and comprehensive Google's personal profiles are is hard to say. As a basis to estimate this one can use the data the company is providing to its advertisement partners. The following figure shows the aggregated statistics of a not further mentioned web site:

5 Besides age and gender Google is able to estimate the education level and income of almost all web surfers. Additionally, there are their interests, political orientation and contact addresses (e-mail, instant messaging) that are not mentioned here but nevertheless collected by Google as well. As the Wall Street Journal writes in an analysis there are even ways to assess the likelihood of a payment by credit card. The researchers Bin Cheng und Paul Francis from Max Planck Institute for Software Systems show that it is possible to ferret out gay users by anaylizing clicks on advertisements. Their method can be adapted to any kind of questions and may for instance be used to deliver individual advertisements. The tracking and observation of users can be detected especially good in the case of retargeting. If one does not buy anything while visiting a web shop one is often overwhelmed with advertisements of similar products in the aftermath. Google is offering a special AdSense program with retargeting.

RapLeaf
The company RapLeaf is collecting data profiles via e-mail addresses. The data is not used for personalized advertisements. Rather, it is just sold. As a potential buyer one is passing a list of e-mail addresses to RapLeaf and gets the profiles back (according to the comprehensiveness intented) after paying the bill. The following is a short abridgement out of the price list (as at 2011):

Age, Gender and Location: 0 Cent (loss leader) Household income: 1 Cent per e-mail address Marital Status: 1 Cent per e-mail address Presence of Children: 1 Cent per e-mail address Home Market Value: 1 Cent per e-mail address Loan-to-Value Ratio: 1 Cent per e-mail address Available Credit Cards: 1 Cent per e-mail address Cars in Household: 1 Cent per e-mail address Likely Smartphone User: 3 Cent per e-mail address Occupation and Education: 2 Cent per e-mail address Blogger: 3 Cent per e-mail address Charitable Donor: 3 Cent per e-mail address High-End Brand Buyer: 3 Cent per e-mail address Interested in Books/Magazines: 3 Cent per e-mail address ...

The data is gathered by correlating e-mail usage with surfing behavior or obtained via the time and time again happening data leaks at online merchants' platforms. One of the main investors is Peter Thiel, who founded PayPal and is co-determining the development of Facebook in the background in a significant way. It has to be asssumed that RapLeaf uses data collections of these internet companies as well. Furthermore, data stemming from Twitter and other data bases offering commercial access is included into the processing.

Facebook
Economic figures: The "social net" Facebook is supposed to have 600 million users worldwide. The stock exchange value of the company is estimated to 50 billion dollar and the profit was 353 million dollar in 2010. The earnings amount to 4-5 dollar for every user in one year. (as at 2011) Facebook is for free and the user's data is the basis for the commercial success as well. Data that is entered intentionally and in a controlled way is only playing a minor role here. Far more important is the information extracted out of the users' behavior. This data and the derived information is not controlled by users. But they have agreed to a commercial use of them when they registered themselves.
Connections between friends

The contact relationships of users are analyzed with different goals in mind. First of all they are used for friend-2-friend advertisements. Many users are not aware of the fact that they serve as an advertising medium. The targeted advertising gets improved by identifying opinion leaders in contact networks that get addressed (e.g. in order to publish sponsored stories). Another way of analyzing contacts is demonstrated by Gaydar. Looking at the contacts in Facebook profiles MIT students extracted the sexual orientation of the respective account owner. Such kind of information could influence a career.
Analyzing gaming behavior

Facebook offers different games for its members like "Farmville" or "Mafia Wars". The moves of the participiants are analyzed and character traits are derived. The profiles are then commercialized. Companies can buy profiles of potential applicants.
Facial recognition

Publishing private pictures is one of the most popular activites on Facebook. Meanwhile a software for facial recognition is deployed. According to Facebook several million persons are identified on uploaded pictures daily. With it a huge database is created which shall be used commercially. In the future, customers entering a shop could get identified by a camera and the salesman could access a comprehensive personal profile (for money). "Show us 14 photos of yourself and we can identify who you are. You think you don't have 14 photos of yourself on the internet? You've got Facebook photos!" said Eric Schmidt (then CEO of Google) on the Techonomy conference August 4, 2010.

7
Secret services, army and law enforcement agencies

Public authorities and secret services are using the information provided by Facebook and snoop in the users' private lifes. The israeli military is scanning Facebook profiles of Israelis dodging the draft. Secret services of other countries are acting more aggressively. The Agence Tunisienne d'Internet (ATI) used "Javascript Injection Attacks" in order to get the login data of suspected activists. Their profiles got owned and scanned for evidence. The result were detentions based on these data.
Privacy policy

"Mir sind keine Datenschutzbestimmungen von Facebook bekannt, die diesen Namen verdienen. Es handelt sich um Nutzungsregelungen, die grob nach dem Muster ablaufen: Du Nutzer bist fr alles verantwortlich, was Du bei uns machst. Und wir drfen mit den Daten dann alles machen, was uns gefllt." (Dr. Thilo Weichert, data protection commissioner of Schleswig-Holstein (Germany)) Translation: According to my information there is no privacy policy that deserves its name. It is all about terms and conditions that are roughly working like this: You user are responsible for everything you are doing here. And we may do with the data everything we like to do. Facebook is going to be a "net within the net" with orwellian visions.

Twitter
Economic figures: Twitter has an estimated amount of 200 million users. Every single user causes costs of about 1 dollar a year. (as at 2010) Contrary to Google and Facebook Twitter did not manage it to use the data itself profitably. The earnings out of the advertisements fell far short of expectations. Twitter's business model is selling access to its database. Twitter is providing 40 parameters (content, location, date, account, used software, language, retweets...) for every Tweet. Paying 60,000 dollar a year one can access 5 percent of the Tweets, paying 300,000 dollar a year one can access the whole database. Twitters database is a rich source of information that may not be found somewhere else for market research purposes, advertisements or secrect services. Table of Content Data Collection Techniques

8
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/wwwprivacy_technik.html

The World Wide Web Table of Content JonDonym

Data Collection Techniques

The actual techniques employed by the data miners on the Web are briefly introduced below.

Cookies
Cookies are used to identify and remember a web surfer. Without cookies, certain services would be complicated to realize. If a user requests a page from a webserver, it cannot readily match requests of previous pages requested from this server to that same user. HTTP is a stateless protocol. Nevertheless, some services require a sort of memory. Shopping portals are an example: a server has to remember what goods were placed into the virtual shopping cart. This "memory" is usually written into cookies, i.e. small text files which are being sent to you by the server upon every page request. When your browser contacts the server again, it also automatically sends back the cookie stored earlier. The server thereby allocates the right shopping cart to you. But cookies can also be abused to track your steps on the Internet. This works exceptionally well with web portals (e.g. Yahoo) and search engines (e.g. Google) for you use these a lot in order to reach other websites. With cookies, a web host can record large parts of your surfing behavior over years and easily relate it to you as a person with your "accumulated" profile data. Most Internet users have collected hundreds of cookies from various websites on their PC without their knowledge. The following example shows you just a small amount of cookies you get if you request www.nytimes.com:

Websites embedding several external ad and tracking services is nothing unusal. A study by University Berkeley done in 2011 has analyzed the top 100 websites and found 5,675 cookies. Thereby 4,914 cookies were set by third parties, i.e. not by the website the user

10 visited intentionally. While surfing on these 100 websites data to 600 servers was transmitted with the help of those cookies. You should thus: 1. in any case and at the latest, delete cookies after your browser session. 2. disable cookies from third parties. Modern browsers usually integrate an optional function for this, but it has to be activated by the user first. In JonDoFox it has been made default and you will get some more functions to administrate your cookies collection and preferences.

Evercookies
More than 80% of the users disapprove of tracking while surfing the web. Many surfers use browser settings which prevent a long-term tracking. Therefore, ad and tracking networks are moving on to use more sophisticated methods to distinguish each user.

Flash-Cookies (LSOs) are deployed since several years to recover deleted cookies with the same identification mark. Clearspring Technologies Inc. has been using this technique successfully (until it got sued in 2010) and promotes its precise data of 200 million Internet users. In a study of the University of California, Berkeley the methods of Space Pencil, Inc., aka KISSmetrics, were exposed which, in addition to cookies and flash cookies, used cache cookies via ETags, DOMStorage and IE-userData in order to distinguish each user. KISSmetrics got sued as well and is going to dispense with using Etags. Rather, it is going to respect the HTTP header Do Not Track. The tracking service Yahoo! Web Analytics is bragging about being able to set cookies on 99,9% of the users. This indicates that cookie generating JavaScript is deployed and/or e.g. Flash cookies are added as well. Samy Kamkar shows with evercookie - never forget further possible methods to mark Internet users individually.

Active Web Contents

Webcontent accessible by browser plugins such as Flash, Java, ActiveX and Silverlight renders the Web more dynamic and colorful but also more dangerous, for they allow websites to execute code on your PC. If executed, these plugin contents are able to read some details about your computer and network configuration and send it to the web server. By certain manipulations they moreover can read and edit files on your machine and in an extreme case even gain complete control over it. Especially beware signed Java applets: by accepting its signature, the applet, and thereby the visited webserver, automatically receives all user rights on your machine. In particular, it may then read your IP address, your MAC address and even hard disk contents. It does not help to only surf websites you deem trustworthy either. This concept

11 is outdated since nowadays even numerous large and notorious websites are being hacked and filled with malicious code. Only blocking/deactivating these plugin contents provides real security.

JavaScript
The browser is a bit better protected against attacks on your privacy using the scripting language JavaScript ("scripts", "active scripting") than against those using the aforementioned plugins. But it is not completely safe, though. JavaScript is not to be confused with Java or the active Java plugin, respectively, which is a completely different thing despite the similar name (see above). It is possible to compromise your browser or operating system using software bugs or a bad designed website. An attacker can e.g. inject malicious JavaScript code by Cross Site Scripting and thus try phishing for login creditials, bank accounts or other sensitive data. Using JavaScript it is possible for web masters to access many information about your browser, your desktop settings and your hardware. All these information may be accumulated to an individual fingerprint of a particular user. By this fingerprint a user may be recognized. The Anontest shows only some examples of values which may be gathered (JavaScript needs to be enabled). It demonstrates the labeling of users by JavaScript, too (same effect like cookies). Therefore, we recommend you to only activate JavaScript contents if needed and to block them otherwise. To conlcude the last two paragrahps (Active Web Contents/JavaScript): You should not surf the Internet without a well secured browser, as your PC is otherwise in danger of being attacked quite soon. Instead of configuring the browser yourself, which takes quite some experience, you may use for example JonDoFox for free. This browser profile for Mozilla Firefox does not only block all active content at default (you can turn this back on if needed) it is also equipped with further ample security mechanisms. Most websites will still be reachable. YouTube videos and videos of other such portals which are rendered by Flash may be downloaded with special software and then viewed safely with a video player. Websites which demand usage of active plugins should be avoided if possible.

Fingerprinting of Browser (HTTP) Header

With every request for a webpage, browsers send information within the framework of the HTTP protocol that can be analyzed by the visited site: language, browser name and version, operating system and version, supported charsets, files, codecs and the last visited webpage. Sending these headers is usually not necessary for rendering websites, but it can be exploited for reidentifying, profiling and analyzing websurfers. The project Panopticlick of the EFF demonstrated browser fingerprinting. Most surfers are traceble by an unique browser fingerprint.

12 As of today, different filter applications and services have been developed that allow hiding or changing problematic browser headers (e.g. Privoxy). Unfortunately, these applications cannot filter encrypted connections: once you load a presumably "secure" website (HTTPS, browser lock) all filtering fails. Plus, these programs allow every user to define the header data himself. But setting an individual browser type e.g. is in itself what renders you quasi perfectly trackable. Therefore, in JonDo, an automatic filtering has been integrated which allocates an uniform header profile at least for unencrypted connections (HTTP). Those who want to achieve an even higher level of security should rely on JonDoFox though. It always sends the same profile for encrypted connections too. This guarantees that websites may at maximum realize that it is a JonDo user visiting, but not who.

Browser History and Cache

A publication of the from the University of California provide an analyses of the TOP 50.000 websites. 1% of these websites collect informations about web surfers by history sniffing. Using malicious JavaScript code and CSS hacks informations about visited websites were collected. Webmasters who are not familary with sniffing technologies can use services like Tealium or Beencounter for real-time history sniffing. Collected informations are not only used for advertisments. It can be uses for deanonymisation of surfers too. A publication of Isec shows a possible way. Using the browser history the visited groups of the social network Xing were collected. Because there are not two people members of the same groups in a social network it was possible to get the real names and e-mail addresses. By certain trickery, websites can tell which other websites are saved in your browser history. For this, the visited website embeds special formatting commands (CSS, Stylesheets) that contain external links "of interest" on the pages you visit. If you have visited one of the external websites, your browser will react by executing a command defined in the format, e.g. download a small picture form the website. The website can thereby completely or largely guess the contents of your browser history. From the contents of your browser cache one can conclude on previously visited, thus already cached, websites. Together with every website an ETag is send by the server and stored in the browser cache. If the website was called again, the Etag is send first to ask for changes. This tag may contain an unique user ID. KISSmetrics was using ETags in this way to identify visitors of some TOP100 websites. Additionally, the time required for loading a website changes when part of it is already in the browser cache. By subtle placement of the images on the website, the server can analyze the cache one by one. At the moment, there is no reliable protection against the analysis of browser histories apart from deactivating this feature, which has been made default in JonDoFox.

13 Unlike deactivating your browser history, deactivating your cache would have tremendous effect on your surfing speed, which is why we don't recommend it. In JonDoFox a protective mechanism has been integrated instead which bypasses cache for third party content. Also, the cache is deleted automatically when you close the browser. A website can thus no longer gain information about other websites, only about itself.

Webbugs and Banner Ads

Very likely, you will find one or more cookies in your browser from data miners such as doubleclick.com, advertisement.com or Google, although you have never even visited their websites. This is due to the fact that these enterprises use, on other web sites, a simple trick to nevertheless plant cookies on you and watch your browsing: Webbugs. "Webbugs" are usually pictures of 1x1 pixels and therefore invisible to the viewer. However, they can also be coded into banner ads embedded in a website. The website contains a picture (webbug) that is loaded from another server running a statistics service (such as Doubleclick, Google Analytics). Thereby the statistics service may set or edit a cookie in your browser unnoticeably. The browser will then send this cookie back to the statistics service with every new request for a site where any webbug of this service is embedded. If the service is used on many different websites, it can now track large parts of your browsing session. If the owner of the statistics service moreover collaborates with the owner of your preferred search engine, he gets an almost complete picture of your Internet activities. The privacy functions of most current browsers that either flatly deny cookies or only deny third party cookies, and alternatively also delete all cookie data when closing the browser, do not achieve optimal protection. To prevent session tracking, all cookies should be blocked by default if possible and only allowed in if needed for the duration of the session. JonDoFox is therefore preconfigured to deny all cookies but allow single websites at the expense of two mouse clicks. We recommend allowing cookies only on a temporary basis, so that they will be automatically blocked again after the session. Another nasty feature of webbugs is, that they send, besides cookies, also your IP address to the statistics service upon request. Even with a very good browser configuration, by switching off cookies and by using webbug filters, you are never able to reliably prevent this. The only effective protection against this are anonymisation services like JonDonym.

TCP Timestamps
The Transmission Control Protocol (TCP) is a protocol for transferring data between computers. It is necessary for using Internet services like http (WWW), smtp (E-Mail) and ftp. When your computer sends a request for a web site, for example, this data is sent within many small so-called TCP packets. Besides that request data, such a TCP packet also contains some optional information fields (optional headers). One of those options is

14 the TCP timestamp. The value of this timestamp is proportional to the current time of your computer and is incremented according to your computer's internal clock. The timestamp may be used by the client and/or server machine for performance optimization. However, an Internet server may recognize and track your computer by observing those timestamps: By measuring the clock skew of the timestamps, it may calculate an individual clock skew profile for your computer. Moreover, it may estimate the time when your machine was last booted. These tricks work even if you have otherwise perfectly anonymised your Internet connections. If you were using JonDonym, you are however protected against being observed this way: The JonDonym mixes automatically replace your potentially insecure TCP packets by their own.

IP Address
The IP address is given to you by your provider on dialing into the Internet. The provider usually saves it for months or even years together with your customer data and your online time. It is your distinct identifier on the Internet which is sent along whenever you make a direct connection to any Internet service. The IP address tells the server where to send his response. As long as your IP does not change, it is easy to monitor when and what website you have contacted. The IP also reveals your provider, many times your location and sometimes (in case of a company or computer center) even what terminal you are on. In many cases, an IP address relates directly to one person. All that your IP-address is revealing:
Your current whereabouts

The country and the city/region where you are. With the help of data bases free of charge or with costs even districts and office buildings can be identified. This is called geolocation.
Your Internet-provider

Personal data can be retrieved using your provider.

Your access technology

With the help of data bases one can find out whether you are using, for instance, DSL, a modem or a mobile in order to surf the Web.
Your company / your authority

In case you are surfing from within the network of a company or an authority its name can be find out.

15 Some of the information that is given away by your IP or browser can be reviewed on the JonDos test page. While the traces mentioned so far can be blurred without any special services needed, the same cannot be said about your IP address. That is why the software JonDo has been developed: In order to blur any connection between your IP and the websites you visit, JonDo connects to the service JonDonym. This service then interlaces the servers of different organizations with your PC and the Internet. You are now surfing with the IP of the respectively last server within a chain/cascade of a few so-called mix servers.

MAC Address
The MAC address (MAC=Media-Access-Control, sometimes also called Ethernet-ID, Airport-ID or physical address) is the hardware address of each individual network device. Each computer may have several of such physical or virtual network devices (bound to a cable (LAN), wireless (WLAN), mobile (GPRS, UMTS), virtual (VPS), ...). The MAC address serves as a unique identifier for the respective device in a local area network. On the Internet, it is neither used nor transmitted. Also, your access provider may only see it if your computer is not connected to the Internet over a router, but directly, for example by a modem. You may moreover change the MAC address yourself. http://en.wikipedia.org/wiki/MAC_address The World Wide Web Table of Content JonDonym

16
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/jondonym.html

Data Collection Technique Table of Content VPN services and proxies

JonDonym, AN.ON and Tor

The JonDonym / AN.ON technology is based on the principle of multiple (layered) encryption, distribution and processing. This procedure does not only protect your Internet activities from being observed by third parties (against your access provider, WLAN hackers, advertising services and websites), but also against observation by the individual JonDonym providers themselves. The anonymization service JonDonym is a development branch of the AN.ON Project. It consists of multiple user selectable mix cascades. A cascade consists of two or three separately encrypted mix servers. These mix servers are operated by independent and non interrelated organizations or private individuals who all publish their identity. The operators have to abide by strict provisions which prohibit saving connection data or exchanging such data with other operators. Every connection from a user is differently encrypted for every mix server within a cascade and transferred through the cascade to the target, e.g. a website. Thereby no mix operator alone can by himself expose the user. Eavesdroppers on the connections to JonDonym cascades get garbage data only, as the connection to every mix is separately encrypted. Also, since a lot of users surf the anonymization service simultaneously, and thus share the same IP address, all connections of every user are concealed amidst each other: a correlation is not possible any more.

17

JonDonym has many advantages to other anonymization services:

Protection against your own Internet access provider: Strong encryption and authentication protect you from being observed. Nobody can read the traffic between your PC and the JonDonym mixes. (per mix encrypted with RSA 1024 and AES 128 for each mix; signatures built with DSA, RSA or ECDSA; realized with the BouncyCastle and OpenSSL libraries) Protection against the anonymity service operators: Unless all mix operators in a JonDonym cascade are separately forced by a court order, blackmail or a hacker attack to monitor you, your JonDonym connections are safe. The mix operators are revaluated regularly concerning seriosity and professionalism. Their identity is made public also. Even in the highly improbable case that they all are forced to unmask a certain connection, this function would have to be compiled into each server software first. No logfiles: Saving any logfiles with IP addresses is forbidden to the mix operators by contract. The same holds true for the actual contents of the data. Exceptions caused by national prescriptions are marked and described clearly. Transparent functionality: The program user interface has an especially informative design. The source codes of all program components are published according to an OSI compliant licence in our SVN repository

18

Secure browser profile: With the JonDoFox you are given a Firefox profile for free which has been especially developed for anonymous and secure surfing with JonDonym. Portable anonymity: JonDo and JonDoFox also run without installation on the PC directly from a portable USB stick (Windows). Easy combination with other products: You may easily combine JonDo with other anonymization products, for example with Tor or VPN services. Evolution by research: Scientific work conducted at the Technical University of Dresden (AN.ON), the University of Regensburg (AN.ON) and at the JonDos GmbH (JonDonym) enhances and constantly improves the system. Competent, fast and at no charge: Very comprehensive help texts describe the application and its context detailed and understandably. Moreover, an administered user forum and e-mail support may be used for free.

Tor Oinion Router

A similar strong anonymization can only be offered by the non-commercial software Tor. Internet beginners should be careful with Tor. There is no control over who runs the Tor servers over which your private data travels. In the past, there has been ongoing suspicion that criminals and intelligence agencies exploit the Tor network in order to secretly attain information like passwords, bank accounts and credit cards. Researchers have shown in many cases how easy somebody can setup a spying Tor exit node:

Dan Egerstad was one of the first and he got the login creditials for more than 1000 e-mail accounts. With an attack on HTTPS secured connections explained at the Black Hat 2009 by Moxie Marlinspike it was possible to get the login creditials of users of Yahoo (114 accounts), GMail (50 accounts), Paypal (9 accounts), LinkedIn (9 accounts), and Facebook (3 accounts) within 24 hours. C. Castelluccia uses a spying Tor exit node for the paper Private Information Disclosure from Web Searches to get private information about Google user. For the paper Exploiting P2P Applications to Trace and Profile Tor Users spying Tor exit nodes were used for deanonisation of 10,000 user within 23 days.

Tor may be set as proxy in JonDo though, making surfing considerably slower but, in some individual cases, even more secure than with JonDonym alone. Like in Tor, the respective last mix server in a JonDonym cascade could record data which is not separately secured by HTTPS/SSL. Unlike Tor and other services, however, in JonDonym only certified and publicized persons and organizations may operate a mix server. The user may then decide for himself on whether he trusts the operator or not. If needed, they may simply choose other operators. All this makes it highly improbable for criminal operators to infiltrate JonDonym. Data Collection Technique Table of Content VPN services and proxies

19
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/otherServices.html

JonDonym and Tor Table of Content JonDo's features

VPN services and Proxies

VPN services like Relakks, Steganos Anonym VPN, Perfect Privacy, Cyber Ghost VPN, XeroBank VPN, Linkideo, Ivacy...
JonDonym and Tor may be the best anonymization systems technically, but both share small restrictions from concept that should be considered when using them:

Browser plugins for active contents (Java / Flash / Silverlight / ActiveX) must be blocked, e.g. by using JonDoFox. Otherwise, your PC's/router's true IP can be revealed by a website which secretly or visibly embeds such programs. While all web browsers do, some Internet applications do not support HTTP/SOCKS proxy settings. You have to use additional third-party software to also re-route the IP connections from these applications to JonDonym or Tor, and thus secure their Internet connection.

The combination of JonDo with a so-called VPN system (virtual private network) may slightly fix these restrictions: VPN software creates a single, encrypted connection to a certain VPN provider. This one accepts, similar to an access provider, your whole Internet data traffic (also the separately encrypted JonDonym data traffic), and forwards it to the Internet, while all users get the same exit IP address, similar to JonDonym. Of course, this provider may thereby observe your whole Internet communication. Hence pay attention to choose a reputable VPN provider, in particular with a reputable company address and similar contact persons. If possible, you should also use a VPN software directly integrated in your Internet router instead of executing a VPN program on your own computer. Thereby the provider's software cannot harm your computer. In addition to that, active contents cannot read your real IP address any more. However, please note that active contents may still read a lot of data about your computer and network configuration. For web surfing, VPN services should not be used.

On one hand, their hosts usually do not ensure that users also have an uniform appearance on the Web aside their IP address (see Data Collection Technique). The users are thus distinguishable and easily identifiable by merging the data. And on the other hand, a local observer on your network (ISP, WLAN) could guesstimate websites requested over VPN simply by analyzing size and timing of the encrypted VPN data stream. JonDonym and Tor are quite resilient against this attack (a scientific article which demonstrates the attack is found here; the success rates are over 90% for VPNs).

20

Moreover, VPN systems, as inherent to their functional principle, normally do not filter or replace your computer's TCP packets. They thereby do not protect you from TCP timestamp attacks like JonDonym. You should also keep in mind that VPN hosts can, unlike JonDonym and Tor, track and save every step of yours since they control all servers in the VPN.

Nevertheless, protection by the VPN of a professional and reputable host is often better than no protection at all.

Network proxies
Proxy services are particularly famous for this kind of "anonymization on demand", besides the already mentioned services. They are literally "proxy PCs" which switch communication between your PC and the Internet. They relay your data traffic to the target and send the answer back to your PC so that the web site cannot see your IP address. Unfortunately, proxies have a high susceptibility to misuse and user data theft: many proxies are PCs hijacked by hackers or criminals, or even exclusively offered for the purpose of user observation. Some automatically give your IP address away to the target webserver. Connections with proxies are almost always unencrypted, so that an eavesdropper on your connection could observe your surfing behavior. Moreover, the proxy operator can, of course, watch exactly what you are doing. Proxies offer thus, if at all, only weak protection from the website's host but not from third parties. Their usage is risky.

Web proxies like Anonymouse.org, Hide My Ass!, Guardster, Megaproxy...

In addition to these proxies, there are webproxy services, Internet pages with a form field in which the user can input the target address that he want's to visit anonymously. The webproxy subsequently delivers the content of the requested website and automatically patches all links to use the webproxy when clicked. For using webproxy services the browser configuration does not have to be changed. Compared to network proxies, they have the disadvantage not to be able to replace each link correctly, in particular on web sites with JavaScript code. This makes it easier that the user IP address gets "leaked" to the web server, which the proxy should acutally prevent. Our anonymity test displays the weakness of some web proxies: Provider Anonymouse Hide My Ass! WebProxy.ca HTML/CSS/FTP JavaScript Broken Broken* Broken* Broken Java Broken Broken Broken

21 KProxy Guardster Megaproxy Proxify Ebumna PHProxy ... Legend: Broken : Your own IP address gets uncovered. Note that your private browser data is uncovered as well... * : The thereby marked service does not even reach the test site if JavaScript is activated. It parses so bad, that the browser just leaves the service silently in some cases... - : not yet broken ... Broken Broken Broken ... Broken* Broken (if allowed)* (not available for free) Broken (if allowed) Broken* ... Broken Broken (not available for free) Broken (if allowed JavaScript) Broken

JonDonym and Tor Table of Content JonDo's features

22
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/about.html

VPNs and Proxies Table of Content Install JonDo

JonDo's features
The proxy program JonDo is an ip changer. It hides your IP address and encrypt your data traffic. This means that neither the contacted server, nor any eavesdropper on your connections, nor the operators of the JonDonym service themselves can realize which webservice you use. Basically all programs for which you can configure a HTTP proxy can used together with JonDo. Please note: free services can only contact destination ports 80 and 443, which are used for the HTTP and HTTPS protocol. You can use these services only for web browsing and ftp downloads. All other web services you can use only with premium services.

For web browsing we recommend JonDoFox.

The usage of premium services with SOCKS proxies moreover allows for an additional anonymization of the following applications:

Messengers, like Pidgin, with the Jabber protocol and the OTR plugin. IRC Chat Clients (e.g. Chatzilla). Privacy friendly email clients like Mozilla Thunderbird. WinSCP is a Windows program for the secure data transfer from and to a server. Other programs for which you can configure a SOCKS proxy.

It is possible, with the help of "proxifier" tools (e.g. proxychains for Linux, ProxyCap for Windows and MacOS or Widecap for Windows), to use applications via JonDonym which are not capable of proxy support by themselves. E.g:

Unobserved administration of servers via SSH Messenger application Kopete (KDE)

What is JonDo?

JonDo is an application that spoofs your own IP address for Internet access using certain applications (e.g. by the web browser). JonDo multiply encrypts the data sent over JonDonym. Neither your access provider nor JonDonym operators (except for the last mix one in each cascade) can see your plaintext data. JonDo is an Anti-Censorship-Application that allows access to otherwise blocked Internet sites. Users may configure their JonDo as aforwarding server in order to allow others access to the JonDonym service.

23

JonDo is open source and free. The program offers access to both free and paid (premium) services. JonDo filters and anonymizes HTTP headers but only for unencrypted connections (not HTTPS). You should additionally use JonDoFox in order to also filter encrypted connections. JonDo is available on all major systems (Windows, Mac OS X, Linux). JonDo was and is developed by the JonDos GmbH in cooperation with German universities (TU Dresden, Universitt Regensburg) and privacy organizations (Unabhngiges Landeszentrum fr Datenschutz Schleswig-Holstein).

What is JonDo not?

JonDo does NOT make your PC's or router's IP address invisible. Your IP address is assigned to you by your ISP, and it is inalterable by third parties. You need the IP so that the JonDo client may successfully connect to JonDonym services on the Internet. When using JonDo, you are surfing with servers (mixes) on the Internet that all have their own separate IP address. The websites accessed by you will only see this respective outgoing address and not yours. JonDo does NOT regularly change the outgoing IP address, but retains the same outgoing IP as long as it stays connected to the same mix cascade. This could be minutes, hours or even days. The IPs of JonDonym mixes are public anyways. Changing the outgoing IP would therefore not achieve additional security. JonDo does NOT hide the MAC address of your PC or router. The MAC address is used by your ISP to assign you your IP address in the first place, and it is not visible on the Internet besides that anyhow. JonDo is NOT a filesharing anonymization tool. You may run certain P2P applications with JonDo, but you will not be able to upload data yourself. JonDo can NOT anonymize emails. This would require special, additional data filtering in the email client itself. JonDo does NOT integrate with your operating system, i.e. every application has to be configured separately for it. JonDo does NOT accelerate Internet access. When surfing with premium services you probably won't notice any big loss in speed though. JonDo is NOT JonDonym. JonDonym summarizes all the accessible services in JonDo in one term and describes the technology itself. JonDo is NOT JonDos. JonDos is the company that develops most of JonDo. JonDo can NOT use random "anonymous" proxies (e.g. those on lists of open proxies) to create an anonymous connection. This would be a totally unsafe method that does not lead to anonymization. JonDo does NOT filter plugins, scripts or HTTPS websites. To secure your browser as a whole you best use JonDoFox. JonDo is NO One-Click-Anonymization-Tool - something like that can and will not really ever exist! Prudence is and remains maxim for Internet security. VPNs and Proxies Table of Content Install JonDo

24
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/install_windows.html

JonDo's features Table of Content first-start assistant

Install for Windows Install for MacOS Debian, Ubuntu, Mint Linux and UNIX Verify OpenPGP sig

Install JonDo and JonDoFox for Windows

Install JonDo
Double click the downloaded JonDoSetup.paf.exe and follow the installation instructions. You will then be shown the installation assistant. Follow the instructions that appear in the dialog. At the first step you can choose between Desktop installation an installation on a removable USB device for take away.

For JonDo Portable installation (for take away) a portable Java JRE will be installed too. At the last step you will be asked to install a portable JonDoFox. We highly recommend the use of JonDoFox for anonymous surfing. The Desktop Installation will check for a suitable Java JRE. If it was not found the installation assistant will offer the installation of ORACLE Java JRE (formerly Sun JRE). During installation of the Java JRE you are asked to install the Yahoo toolbar. We do not recommend the installation of the Yahoo toolbar. Please disable this feature.

25

After finishing the installation you are shown JonDo's main interface.

Install JonDoFox
Download the JonDoFox installation program. https://anonymous-proxyservers.net/downloads/JonDoFox.paf.exe Start the downloaded program by a (double) click and follow the instructions. At the first step of the installation assistant you can choose between "Desktop" installation and "For Travelling" option.

26

"For Travelling" option

If you choose the "for travelling" option, you may install JonDoFox on both a removable drive and your hard drive. Any existing Firefox or JonDoFox installation remains untouched as long as you do not install JonDoFox to the same directory and thus update an existing installation. While updating from earlier JonDoFox versions your bookmarks and your certificate database are kept. The "for travelling" option does not create menu entries for the Windows main menu. You have to create desktop start links by self if needed. But it automatically integrates with the PortableApps menu for which a lot of other applications are available as well. JonDo's features Table of Content first-start assistant

27
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/first-start-wizard.html

Installation Table of Content Premium services

First-Start-Assitant of JonDo
If you start JonDo for the first time the installation assistant will appear automatically. Otherwise please make a click on Assistant...

Step 1: Select your Language

This dialog appears only at the first start of JonDo.

Step 2: Create a Premium Account

If you already have a premium account or a premium test code you can enter it in the four empty fields. Otherwise click on Next>.

28

Step 3: Establish anonymous connection

If the assistant was not be able to connenct to the infoservices or mixcascades access to JonDonym may be blocked. Please have a look at: Circumvent blocking of JonDonym to avoid this problems.

Step 4: Start the anonymity test

29 Go to the webbrowser JonDoFox and test the status of anonymity by clicking on the bookmark "Anonymity test". It is required to run the test. Otherwise the assistant will not continue. If you were using an alternatve browser open the website http://ip-check.info.

Step 5: Run anonymity test

The website of our IP-Check will open. Run the full test by clicking on START TEST!.

If you see your IP address and not the JonDonym logo check the proxy configuration of your browser.

30

Step 6: Results of the anonymity test

Because you are using JonDo and JonDoFox the results should look like this.

Step 7: Choose test result

Please go back the the JonDo installation assistant and choose "All data are either colored in green or orange". Click on "Next >".

31

Step 8: Complete the JonDo installation assistant

Congratulations! You have seccessfully configured JonDo! Close the installation assistant by clicking on "Finish".

Installation Table of Content Premium services

32
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/premium.html

first-start assistant Table of Content Create a premium account

Premium services
With JonDonym you can choose between free services and the chargeable premium services. For premium services, you need a billing account with costs. The revenues achived thereby are used for extension and maintenance of the JonDonym system and for improving the JonDo software. Using premium services offers a lot of additional advantages to the basic features of JonDo:

Function Speed Available ports Maximum number of users Maximum file size for up- and downloads (HTTP) Number of different countries Number of mixes (proxies) Availability SOCKS5 (may anonymize Java and Flash) Access to JonDonym storage
* more than 600 kBit/s, usually available: 1.000 - 1.500 kBit/s ** SMTP-Port 25 is blocked on all cascades because of spam misuses.

30-50 kBit/s HTTP/HTTPS limited 2 MB usually 1 2 no guarantee No No

unlimited* all** unlimited unlimited 2-3 3 99% Yes Yes

Guaranteed access: A connection to at least one of the premium services is guaranteed for a minimum of 99% of the annual average. Guaranteed performance: Within the framework of the above guaranteed access, at least one service with a speed of at least 600 kbit/s and latencies of 4 seconds maximum will be available during 90% of the daily average. (Freeb services, especially Tor, are usually much slower).

33

Legal certainty: Development, support and billing addresses are all located in Germany and not at some anonymous offshore company without a summonable address. Germany sets worldwide standards in customer protection. Guaranteed internationality: Mixes and operators of a premium cascade are spread over at least two countries. This ensures that no large network node (CIX) can monitor all data traffic. Besides, it cripples every national data retention since a situation where all mixes in a cascade do log never occurs. Guaranteed connection: The mix operators generally do not block any Internet ports (except email port 25, if needed for spam defense). If the JonDonym service is blocked in your country, you get back your unconsumed volume as money. SOCKS5 support: Premium services offer SOCKS support. You may use it with application without HTTP proxy support.

Excluded from these guarantees are software errors that are discharged from liability in the licence and General Terms and Conditions of the software maintainers. Further possible exclusions concerning the performance of a single service may be found in the GTCTs of the respective mix operators. If you would like to use premium services, create a disposable account and activate it by an anonymous or non anonymous payment of your choice. After that you will have a certain amount of data volume at your disposal, depending on your chosen rate, to pay for premium services. Once it is depleted and you would like to use the JonDonym services any further, you can create and activate another disposable account any time. Advice on protection of personal information: for accurate clearing of data volumes with the mix operators it is saved how much volume an account has used cumulatively on a mix cascade. Moreover, a statistical evaluation of the data volume transferred per account is done with daily accuracy. An allocation of accounts to user identities is not saved. It is technically impossible to recognize requested websites by the deducted data volumes alone, even if monitoring accurately to the second or at maximum accuracy. first-start assistant Table of Content Create a premium account

34
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/premium_jondo.html

Premium services Table of Content Buy a Premium Coupon

Create a Premium Account with JonDo

In order to create a premium account with JonDo click on the button "Pay now" in the main window. The wizard starts up and will guide you through the rates and payment options. First, the wizard fetches the necessary information from the payment instance, please wait a moment. While creating the premium account the servers of the payment instance managed by the JonDos GmbH will be contacted. You may stay totally anonymous toward the JonDos GmbH if you anonymize the connections to the payment instance via JonDonym. In the advanced payment settings you may enforce these anonymous connections for your payment.

First Step: Choosing a Rate

In a first step you choose the rate you want to buy. There are rates available with monthly traffic volume and basic volume rates. Choosing the former means the respective data volume is available every month again during the rate's duration.

35

Second Step: Terms and Conditions

In a second step the standard terms and conditions of the JonDos GmbH are shown. You have to accept them in order to proceed.

If your are entering a JonDonym code the terms and conditions are not shown again as you have to accept them already when buying a coupon on the website.

Third Step: Choosing a Payment Method

Choose one payment method out of the available ones. Not every payment method we offer is available within JonDo, though. Paying with Bitcoins for instance is only available in our web shop.

36

Fourth Step: Paying

If you choose "PayPal" or "paysafecard" you will get forwarded to the websites of the respective provider in the next step in order accomplish the payment. If you have chosen "Bank transfer" as payment method the details of your payment will be shown to you in the next step. Please, use exactly these details. Otherwise your payment cannot be related to your created payment account.

37

You get the necessary details as well if you want to pay with "Cash" (by postal mail). You may copy the text to the clipboard and paste it into a word processing application. Please, do not send a registered letter with reply advice as its acceptance cannot be guaranteed.

38 Your newly created account is not activated until the JonDos GmbH got your payment actually. Depending on the payment method this can last some minutes up to several days. Clicking on the button "Reload" may enforce an update of your account details. Usually, this happens automatically and your account is activated on receipt of the payment. Premium services Table of Content Buy a Premium Coupon

39
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/premium_jondo3.html

Create a premium account Table of Content Manage your accounts

Buy a Premium Coupon at the Webshop and create an Account

You may buy a premium coupon code at the webshop of JonDos GmbH. The webshop offers more payment options than the JonDo client. Personal data are not collected at the webshop, you will stay anonymous. You don't have to give an email address to JonDos or anything else. You will see the coupon code at the end of the payment process. An example: Your JonDonym code: 1234567812345678 HINT: Keep your JonDonym premium code very carefully! You will not see your code again if you leave this website! You can use the coupon code to create your premium account. In JonDo you may use the assistant(1) or you may create a new account in the payment settings dialog box(2). Using the GUI-less JonDoConsole you may create the account with the command "coupon"(3).
1. option: Use the Assistant

The assistant will open at first start of JonDo or every time you will click on the button "Assistant" in the main window. You can copy the code and create a premium account.

40
2. option: Create an Account

Alternatively, you may click on the Button "Pay now" in the main window or in the payment settings dialog box. You don't have to pay again. A dialog will open and you can copy the JonDonym code to the form fields.

3. option: use JonDoConsole

If you were using the GUI-less JonDoConsole proxy you may create your account with the command "coupon".
JonDoConsole> coupon Please enter a coupon code or type <ENTER> to skip. JonDoConsole:code> 1234567812345678

Hint: While creating the premium account the servers of the payment instance managed by the JonDos GmbH will be contacted. You may stay totally anonymous toward the JonDos GmbH if you anonymize the connections to the payment instance via JonDonym. In the advanced payment settings you may enforce these anonymous connections for your payment. Create a premium account Table of Content Manage your accounts

41
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/premium_jondo2.html

Buy a Premium Coupon Table of Content JonDoFox

Manage your premium accounts

To get to this settings panel click "Config" in JonDo's main window and then choose "Payment" from the list to the left.

In this dialog you can create new accounts for use with the premium services. You can administer your existing accounts also.

Accounts
In this list you can see all the accounts that you have created. When you access this dialog for the first time the list will be empty for no accounts have been created yet. Next to the list of accounts you will see the following information about your account:
Creation date

The date on which you have created the account.

42
Valid to

The date on which the account expires.

Payment Instance

The payment instance where you have registered your account. Below will be a link to the general terms and conditions of trade of the payment instance. Please remember that the GTCTs of the mix operators are valid self-supportingly. If a message "no backup copy yet" is displayed next to the list then you have not yet made a backup of the selected account. We recommend that you make a backup of every account to an external drive. This will protect your credit from data loss. By clicking either the message itself or the button "Backup" you can save the selected account. You can take the following actions:
Create account

Lets you create a new account. The process of creating a new account may take a while because a complex cryptographic process has to be started. This is necessary for the process to be confidential and to ensure information integrity. During the creation process you may be asked a security question. The actual creation process depends on the method of payment that you have chosen. Please follow the instructions on-screen. When your account has been successfully created it will appear in the account list. IMPORTANT Please save your account to an external drive after creation, e.g. an USB stick. It will protect you from data loss.
Transactions

Here you can view a list of the transactions for all the accounts. There can only be one transaction per account. You can delete an empty account that you have not paid for or that you have depleted anytime. You may also create one or more new accounts whenever you want.
Change password

By clicking this button you can provide a new password for encrypting your account data. The password is valid for all of your accounts. If you want to erase your password, click "Change password" and enter nothing as your new password.
Import

Here you can import a previously exported account.

43

Information about account balance

In this section you can see all information available concerning the currently selected account, and you can apply some actions too. You will be shown in particular

the remaining volume on your selected account, the previous overall consumption, the amount that you have paid in and the date when the account was updated the last time.

You can take the following actions:

Activate

With this button you can activate the selected account for connection to a premium service. The active account is emphasized. Password protected accounts can be unlocked by clicking this button and entering your password.
Reload

Fetches the current account balance from the payment instance.

Delete

Deletes your account. ATTENTION: If there is any positive balance left on your account it will be irretrievably lost if you did not make a backup copy.
Backup

This button saves the selected account data to a file. This is useful when you need to regain access to your account after a complete data loss or you have reinstalled JonDo or the whole OS. This is why you should copy the exported file to an external media (e.g. an USB stick). Buy a Premium Coupon Table of Content JonDoFox

44
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/jondofox.html

Manage your accounts Table of Content Alternative browsers JonDoFox

Using JonDoFox Control Cookies Control Javascript Enforcing HTTPS Download Videos More Features

Using JonDoFox for anonymous websurfing

JonDoFox is a Firefox browser profile/configuration particularly optimized for anonymous and secure web surfing. You may either integrate JonDoFox in your Firefox or run it portable from USB sticks. The following lines describe how to use JonDoFox. The JonDoFox package contains all extensions which are relevant for your security, already with settings optimized. The symbols in the Firefox status bar and in the toolbar always give you control of the most important functions integrated in the JonDoFox profile (UnPlug, Cookies Monster, Adblock Plus, NoScript and JonDoFox).

Problems with Logins and Account Registration

By default JonDoFox uses restrictive settings for security reasons. Time by time a website does not work like expected.

Good webdesign will show you an advice to solve the problem:

Other websites will give you only an useless error message:

45

Very bad websites will not give you any return and something goes wrong. May be, you are redirected to the start page without login or something else unexpected. For solving CAPTCHAs you have to enable Javascript in most cases.

Howto solve these Problems

Please, try the following steps to solve the problems: 1. Temporarily Allow Cookies You can allow cookies for the website temporarily without risk. It is easy to remove stored cookies later by restart your browser or manage cookies with the add-on CookieMonster. 2. Enable Javascript If cookies does not solve the problem Javascript is required in most cases. Please keep in mind: using Javascript it is possible for web masters to access many information about your browser, your desktop settings, your hardware and an attacker can e.g. inject malicious JavaScript code. Enable Javascript only for trusted websites! 3. Enable Javascript for third party sites For large server farms like Facebook, Youtube, Yahoo! and others Javascript is required for some third party domains. For third party CAPTCHA providers you have to enable Javascript too.

Problems with Videos and PDF Documents

Because of security reasons all plug-ins for display non-HTML content (like Flash videos or PDF documents) within the browser are disabled.

Flash and Java applets can circumvent the proxy settings of your browser an leak your IP address. You may download Flash videos with UnPlug and use a media player to play it. For most attacks from the internet malicious PDF documents and Flash applets are used. To avoid drive-by-download in background and infection of your computer without notification all plug-ins are disabled. Download the document and open it in a recommended PDF reader. Manage your accounts Table of Content Alternative browsers

46
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/browser.html

Cookie Monster, Adblock Plus... Table of Content Browser security test

Alternative browser configuration

For an optimal usage of JonDo we recommend also using JonDoFox. This will save you the configuration effort, since JonDoFox already contains all necessary settings to surf anonymously with JonDo on the Web. Further information about JonDoFox may be found here or on the JonDoFox homepage. If you prefer to use JonDonym with another browser it is necessary that you make the basic settings yourself. Please beware False or incomplete configuration causes browsers to leave a lot of traces while surfing, even if you use JonDonym. Configuring the browser yourself is quite elaborate and requires a deeper understanding of web technologies. Browser updates For surfing the web, use really up-to-date browsers only. Otherwise, websites might attack and damage your computer directly over browser security holes. Therefore, you should regularly update your browser. Browser versions known to be insecure and not to be further developed are, for example, Internet Explorer 6, Mozilla Firefox 2.x, Opera 8.x, Safari 2.x and earlier versions of these browsers. In no case should you use one of these browser versions. If you operating system does not support newer browsers, you should replace it by a new one, either.

Proxy settings
With proxy settings you configure your browser to not send requests directly over the Internet but through JonDo instead. This anonymizes the data. You will need to enter the following in the proxy settings for HTTP, HTTPS, FTP, and if required GOPHER proxies of your browser:

Hostname/IP address: 127.0.0.1 Port: 4001 (Attention: If you have setup a different listen port than 4001 in JonDo you need to input it here instead of 4001 too.)

For some browsers there are step-by-step tutorials available:

Internet Explorer Mozilla Firefox Opera Konqueror Safari

47 In any case, please check your browser settings with the browser security test.

Avoiding data traces

Websites can offer special (active) content that can reveal your identity or even damage your PC, although you seem to be surfing anonymously with JonDo. This can happen by JavaScript, Java, Flash, Silverlight and Active Scripting. Basically, every type of dynamic webcontent that is run on the PC of the web surfer is potentially dangerous. Most browsers offer the possibility of blocking such content but are usually quite inflexible at it, so that the type of content can either be flatly denied or flatly allowed. This is problematic though since some web applications will then only be usable again after editing the configuration: e.g. chat rooms, Flash menus and animations, or online games. At the same time, these changes will also compromise security when surfing on other websites that do not require active content at all. Depending on the browser in use , it may be very complicated to completely deactivate active content in the configuration. Most of the time, this will only be possible to experienced computer users. Therefore, user-friendly and flexible settings, just as in JonDoFox, are a great convenience. Moreover, the browser sends so-called HTTP headers. They aid communication with the web server in loading pages or using web services. But they can also be used to identify you or create a profile of what your doing on the Net. From the HTTP header the browser type may be obtained, furthermore the language or the so-called referer which gives away your last visited page. Also, the data contained in cookies is being sent by HTTP headers. Although JonDo filters these HTTP headers, for technical reasons it does so only for unencrypted websites. If an eavesdropper should forward you to a presumably secure HTTPS site you will again be left without filter protection. The options for adapting HTTP headers are unfortunately very limited in most browsers. For these reasons, we recommend relying on JonDoFox since critical HTTP headers have been preconfigured for maximum anonymity in it. Much of the information your browser gives away can be reviewed in the browser security test.

Cookies Monster, Adblock Plus... Table of Content Browser security test

48
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/security_test.html

Alternative browsers Table of Content More applications

Testing the browser setup

With the help of different testsites you can tell whether your browser has been configured right. For JonDonym and Tor Onion Router We recommend specifically the JonDonym Anonymity Test http://ip-check.info/?lang=en
IP address check

The anonymity test will check your IP address in many ways. If the configuration was correct your real IP address will be hidden. But time by time there are configuration misstakes or bugs in your browser and deanonymisation is possible. Check the displayed IP address. If it is red you are surfing on the Net without any protection by JonDo or Tor. Make sure that your browser cannot run ActiveX, Java and Flash without your prior confirmation. An automatic execution of these plugins will usually give away your IP address and important system settings, and can thus revoke anonymity completely or at least partially with respect to that website. You can use a proxifier like ProxyCap or Widecap to avoid these issues.

IP address leak by Flash player. Browser fingerprint

The anonymity test will give you a quick overview about HTTP header informations send by your browser to websites. These informations can used to calculate an individual fingerprint of your browser. The EFF setup a demonstration project Panopticlick. All fields should be colored green or colorless. Orange is usually tolerable, red can be devastating to your anonymity. If you see any red, please work through the browser setup pages again.

49

Javascript values

If Javascript was enabled the anonymity test shows browser values readable by Javascript. Please note: JonDoFox can not fake all values. Enable Javascript only for trusted sites!

Please remember that at the moment only JonDoFox passes all criteria applied in the test for secure and anonymous surfing. With other browsers such a configuration is only possible to experts, if at all. Alternative browsers Table of Content More applications

50
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/otherApplications.html

Browser security test Table of Content Anonyme E-Mail

Using other applications with JonDo

In principal, you may thereby use any Internet application together with JonDo by entering JonDo as proxy into these applications. Please note: free services are limited in open ports. You can connect only to ports 80 and 443. These ports are used for web surfing (HTTP and HTTPS). For other applications you have to use premium services. On the following pages, you find configuration instructions for

E-Mail client Mozilla Thunderbird Instant messaging clients Psi and Pidgin IRC (Internet Relay Chat) Internet applications that cannot handle Proxies

You will need to enter the following in the proxy settings of your internet application:

Host: 127.0.0.1 Port: 4001 Typ: HTTP (prefered) or SOCKS v5

If your application supports both proxy types (HTTP and SOCKS proxy), please prefer using an HTTP proxy. If you are using a SOCKS proxy make always sure that the respective application is resolving the DNS name via the SOCKS proxy. In this case You have to activate an option like "resolve hostnames remotely" too. If you have setup a different listen port than 4001 in JonDo you need to input it here instead of 4001. Browser security test Table of Content Anonyme E-Mail

51
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/thunderbird.html

More applications Table of Content Instant Messaging

Anonymous e-mail accounts

The reasons as to why using e-mail accounts together with JonDonym may be:

You have to use unsave networks like WLAN at the airport or hotel and need a secure connection to your mail provider. Avoid interconnections between your e-mail identity and other data colletions. You would like to have a data retention free email account. (IP addresses of JonDonym mixes are useless for data retention.) You do not want to disclose your location to recipients and mail providers to avoid tracking of your movements. You would like to use a pseudonym without linkability to your real identity (anonymous email account).

If you would like to have an anonymous email account, please create a new account first. Choose an E-Mail address of the form anonymous1234abcd@xx.yy, that is "anonymous" + numbers + letters. If all JonDo users create addresses of this form, they are much less distinguishable. You can use JonDoFox to create the account in the web interface of the new provider. Some recommendations for a mail provider:

Posteo.de (German mail provider, 1,- Euro per month, anonymous accounts possible) Lavabit.com (high quality e-mail provider, without IMAP support) Zoho.com (useful for more than one mail account, familie, small office) CryptoHeaven (offers end-2-end encryption with own client, anonymous e-mail and many more features, from $66 per year.) safe-mail.net (Israeli mail provider, anonymous accounts possible) fastmail.fm (free version without SMTP support, premium version full featured) techemail.com (free version only with webinterface and without IMAP/POP/SMTP support, premium version full featured) riseup.net is a service for political activists. nadir.org a second service for political activists. hushmail.com offers some more privacy features, see Keep your E-mail communication.

Security Notes: Informations about long term communication partners can be used to feature out your real identity! If you need a highly anonymous e-mail account to do something may be for whistleblowing create a new mail account and use it only for this one job. Delete the account, if the job was done and never use it for other communication partners.

52

Mozilla Thunderbird configuration

Using an email client like Mozilla Thunderbird is more comfortable for anonymous email accounts than using the overloaded webinterfaces of some mail providers. Using OpenPGP or S/MIME encryption for your email communication is possible and well supported. For using anonymous mail accounts we recommend the creation of a new Thunderbird profil for separating anonymous and non-anonymous communication. Otherwise you may compromise your anonymous mail accounts by sending a mail without switch your proxy settings to JonDonym. You can start the prifil manager of Thunderbird at command line or in the DOS box with the command line option -P.
> thunderbird -P You may choose "Create Profile..." and enable the option "Work

offline".

Security Notes: Because of a serious bug in Thunderbird you can NOT use the account creation wizzard. The wizard does not use the proxy settings for testing the mail server! You can avoid this issues only by starting with Work offline. If the configuration was completed you can switch to online mode.

Proxy Settings for anonymous Profil

At first start with the anonymous profil the account creation wizzard will start too. Because the network connection is not anonymous you have to close the wizzard, configure the proxy and set the the security option. Open the dialog "Preferences". The proxy settings you will find at "Advanced -> Network -> Connection button ". Set ALL proxies to host=127.0.0.1, port=4001.

53

Aditional you have to set some configuration variables in the "Advaced Options" to get a secure configuration. Open the Config Editor for advanced options and modify the value of the following variables. Open "Preferences Dialog -> Advanced -> General" and click on the button "Config Editor". Some options you can set in the "Preferences Dialog" and main menu, too. But I want to keep this tutorial small as possible and list it here.

Important security settings

network.proxy.socks_remote_dns network.cookie.cookieBehavior mail.smtpserver.default.hello_argum ent mailnews.start_page.enabled

true 2 localhost false

Remove information about your prefered language and your regional provenance

mailnews.send_default_charset UTF-8 mailnews.reply_header_type 1 mailnews.display.date_senders_timez true

54 one
Prefer "en-US" locales for all reply headers

mailnews.reply_header_authorwrote mailnews.reply_header_ondate mailnews.reply_header_originalmessa ge mailnews.reply_header_locale

Write outgoing messages in plain text

%s wrote On %s -------- Original Message -------en-US false false false 1

mail.html_compose mail.identity.default.compose_html mailnews.send_plaintext_flowed mail.default_html_action

Read incoming messages in plain text

Otherwise dangerous e-mail attachments could compromise your computer. mailnews.display.prefer_plaintext true rss.display.prefer_plaintext true mail.inline_attachments false You may apply these settings in the menu "View", too.

Remove information about the used software

Create a new value of type string and set an empty string for this value. general.useragent.override
Recommendations for OpenPGP/Enigmail

extensions.enigmail.addHeaders false extensions.enigmail.useDefaultComme true nt --no-emit-version --nocomments --displayextensions.enigmail.agentAdditional charset utf-8 -Param keyserver-options httpproxy=http://127.0.0.1:4 001

If a value was not found in the list (like mail.smtpserver.default.hello_argument), please create a new one of type string .

55

Create a mail account

After setting the proxy and secure your Thunderbird you can create your mail account in Thunderbird. Open the dialog "Account Settings" and choose "Add Mail Account". A wizzard will ask your for your e-mail address and password. Because of a serious bug in Thunderbird you have to Work offline during account setup. The wizard does not use the proxy settings for mail server tests.

We do NOT recommend the using of IMAP postboxes because of privacy issues. All messages are stored on the mail server. Additional it takes a lot of JonDonym premium traffic because all messages are downloaded again for each reading. Please switch to a POP3 postbox. Because you have to work offline the wizard can not feature out the correct settings for your mail server. Click on the "Advanced config" button and edit the settings for POP3 server (incoming mails) and SMTP server (outgoing mails) manually.
Incoming e-mail

You may find the settings for the POP3 server on the website of your mail provider. Enabled SSL encryption.

56

Outgoing e-mail

You may find the settings for the SMTP server for outgoing emails on the website of your mail provider too. Because of spam protection all premium exit mixes block port 25. You can use port 465 (SMTP-SSL) or port 587 (submission) for sending emails with Thunderbird. Please check whether your mail provider offers these possibilities and replace the settings like shown below.

57

Switch to "Online"
If all configuration steps were done you can go online with your Thunderbird. Disable "File - Offline - Work offline". More applications Table of Content Instant Messaging

58
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/instant-messaging.html

Anonymous e-mail Table of Content Anonymous IRC

Instant Messagingn Pidgin configuration Psi configuration

Anonymous Instant Messaging

You can use internet applications with JonDo, if HTTP proxy settings are supported by your application. Please note: JonDonym free services are limited in open ports. You can connect only to ports 80 and 443 (HTTP and HTTPS). For instant messaging like Jabber (XMPP) you have to use premium services. You will need to enter the following in the HTTP proxy settings:

Host: localhost Port: 4001 Type: HTTP (prefered) or SOCKS v5

Jabber Server (XMPP)

For anonymous instant messaging you have to create a new account first. Do not use your old, well known account with JonDonym and believe, you are anonymous. A list of useable Jabber servers you may find at jabberes.org or xmpp.org. Have a look at the privacy statement at the website of the selected server before you register your account. Some recommended Jabber servers with a high amount of users are: server ports file transfer proxy BOSH/HTTP URL commentd by Chaos Computer Club SSL certificates signed by CAcert.org donations are welcome

5222, 80 jabber.ccc.org 5223, 443

jabber.dk

5222, 5223

59

server

ports file transfer proxy

BOSH/HTTP URL

commentd donations are welcome SSL certificates signed by CAcert.org

5222, 80, swissjabber.org proxy.swissjabber.com 5223, 443

draugr.de

5222, 80 proxy.draugr.de 5223, 443

donations are welcome https://www.draugr.de/http- SSL bind/ certificates signed by CAcert.org no inbound registration, create your accout at the website

securejabber.biz

5222

If you were using JonDonym, XMPP file transfer is only possible by using file transfer proxies. If your instant messaging client and the server were support BOSH/HTTP, you can use free mix cascades too. But may be you will get timeout errors time by time.

AnonJabber Project
AnonJabber is a project powered by the certified mix operator Delta-Protect Ltd. It offers distributed Jabber servers that can only be used with particular JonDonym premium cascades (see below). server anonjabber.net SHA1 fingerprint of SSL certificate 2B:C6:69:EF:90:77:4F:45:47:33:3E:E1:31:C9:6C:30:A9:41:1A:B3

60

server

SHA1 fingerprint of SSL certificate

anonjabber.com DD:35:E2:66:B6:B3:81:2E:6D:41:2B:41:98:5A:8D:AB:00:83:33:74 anonjabber.de anonjabber.eu EF:9A:10:CC:AE:FB:26:31:1E:5C:F3:57:80:7A:2B:D1:2A:69:74:0B F0:4B:FA:C1:E1:41:21:55:BA:AD:1D:AA:9E:09:74:B6:02:75:35:4A

jabber-secure.net 79:EA:4C:AF:C4:53:19:4D:4D:C5:AD:C3:F1:27:3A:28:A5:FA:CC:3E

All of these servers offer SSL encryption, inbound registration and do not log any information about login and logout times. Because these servers are financed by earnings get from premium mixes, you can use them only with the following mix cascades:

Neptun-Wombats-Shamrock Locke-Goose-Pluto Fondue-Montesquieu-Uranus Koala-SpeedPartner-Titan Opossum-Berwald-Merkur

DNS Leaks
Warning: Many instant messaging clients break out the proxy for DNS request. An attacker can watch your internet traffic and feature out the Jabber server you were using. We have tested the following clients:

Miranda (Version 0.9.21) uses the proxy only for DNS request, if no DNS server was aviable. Psi (Version 0.14) leaks DNS requests, no patch aviable. Pidgin (Version 2.7.11) leaks DNS request, a patch was released in version 2.8.

Work around: You can set the IP address of the Jabber server in your account configuration. In this case no DNS requests are nessecary and no leaks will appear. You may use our DNS service webpage to get the IP address of the Jabber server. Anonymous e-mail Table of Content Anonymous IRC

61
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/anonymous-irc.html

Instant Messaging Table of Content Proxifier

Anonymous IRC
You can use our premium services for anonymous IRC without problems. In opposite to Jabber IM clients we did not found DNS leaks in all testet IRC clients. Open the network configuration of your prefered IRC client and enter the following in the proxy settings:

Host: localhost Port: 4001 Type: HTTP or SOCKS5

IRC Servers
IRC servers are connected to networks. All servers of network share the same channels and use the same DNS name. netzwerk server port 6667 6697 (SSL) comment a large IRC network

freenode.net irc.freenode.net

AnonOps.us irc.anonops.li

the IRC network of ANONYMOUS

AnonNET 6697 (SSL) 6697 (SSL) 6697 (SSL)

VoxAnon

irc.voxanon.net

another IRC server of ANONYMOUS

Indymedia irc.indymedia.org

Debian

irc.debian.org

support for Debian GNU/Linux

Wikileaks

chat.wikileaks.org

9999

IRC server of Wikileaks

62

netzwerk

server

port (SSL) 6697 (SSL)

comment

Telecomix irc.telecomix.org

Internet activists

anon-irc

6697 irc.whyweprotest.net (SSL)

anonymous IRC net of AnonNet, Marcab.org, whyweprotest.net, Xenurage.com and EpicAnon.com

Social Threads
IRC chats are public, keep that in mind. Deanonymsation is not only possible with IP addresses but by social threads too. Some recommendations to avoid deanonymisation collected by Anonymous:

Do not include personal informations in your nick and screen name. Do not discuss personal informations in the chat, where you are from... Do not mention your gender, tattos, piercings or physical capacities. Do not mention your profession, hobbies or involvement in activist groups. Do not use special characters on keyboard, which are existent only in your language. Do not post informations to the regular internet while you are anonymous in IRC. Do not use Twitter and Facebook. This is easy to correlate. Do not post links to facebook images. The image name contains a personal ID. Do not connenct to chat at the same time. Try to alternate.

Heroes only exist in comic books keep that in mind! There are only young heroes and dead heroes.

Instant Messaging Table of Content Proxifier

63
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/proxifier.html

Anonymous IRC Table of Content JonDo Interface Proxyfier Tools

Introduction ProxyCap (Win, Mac) WideCap (Windows) proxychains (Linux) Transparent Proxy

Proxify applications without proxy support

If your Internet application does not support any proxy settings, you can use proxyfier tools to redirect the traffic to JonDonym and hide your IP address. Usually this just works with premium services as you can only route traffic through the free services which goes to destination ports 80 or 443. These ports are usually used for web browsing. Other Internet protocols are using different ports. To configure your proxyfier tool two steps are required. At first you have to configure the proxy for anonymization. Use the following settings:

Type: HTTP (preferred) or SOCKS v5 Host: 127.0.0.1 Port: 4001 enable "resolve hostnames remotly"

In the second step you have to set up rules or rulesets for applications which should get redirected to the proxy. You have two options to achieve this: 1. Redirect only a list of applications: You can create a list of applications. Only for the applications on this list the Internet traffic will go through JonDonym. 2. JonDonym-VPN: Setup a list of exceptions. The traffic of applications on the exception list will NOT get redirected to JonDo. This list has to contain the JonDo proxy programm "JAP.exe". The Internet traffic of all your other applications will get redirected through JonDonym. A short list of recommended proxyfier tools:
Proxyfier for Windows and MacOS

You can proxify your Internet applications with Proxyfier. It redirects the traffic of the Flash player, Java applets and other Internet applications through JonDonym. You may test it for free for 31 days, afterwards you have to buy a license key. Proxyfier is not freeware.

64
o download Proxyfier for Windows (standard) o download Proxyfier for Windows (portable) o download Proxyfier for MacOS ProxyCap for Windows and MacOS

For Windows and MacOS we suggest ProxyCap as well to proxify your Internet applications. ProxyCap is not freeware either. You can download a free 30-day trial version. After 30 days you have to buy a license key. Please support JonDonym: Buy ProxyCap here! (JonDos gets 20% of the revenue).
Widecap for Windows

For Windows you can use WideCap to proxify your applications. You can use Widecap for free but it is not under development anymore and does not run well on newer Windows versions.
proxychains for Linux and UNIX

All Linux and UNIX distributions contain proxychains and it is possible to install it with your preferred package manager. You can use it to redirect the traffic of an Internet application to JonDo if you are using Linux/UNIX. Anonymous IRC Table of Content JonDo Interface

65
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/interface.html

Proxyfier Table of Content The Anonym-O-Meter

JonDo User Interface

The JonDo user interface consists of the following control elements:

For an overview of the program the following information elements have been included: Anonym-O-Meter Services Tells you what maximum level of Here you can choose which of anonymity the active service offers you at the available JonDonym the moment. services to use. Current service Anonymity Contains information about the number of This control element will users, performance and the operators of connect you to the selected the active service. JonDonym service. Remaining volume Browser button (JonDo Shows how much data volume your Portable) current account has left. This button starts the portable Encrypted data sent Firefox browser. Counts the anonymized data packets that have been sent by JonDo since last

66 activating anonymity mode. Forwarder Displays status information about the user activated forwarding servers. (only in the Extended View) Status bar Displays current messages.

The additional buttons Help, Assistant, Config and Exit at the bottom of the main view will open further windows.

Control elements

Services Right beneath the logo is the list of available services. Choose one from it, or just click on one of the presented filters/categories to choose a random service from the respective cagetory.

JonDo connects to this service automatically if you have switched anonymity to On earlier. The button refreshes the list. Details will take you to the settings window of JonDo, where you can find detailed information on the available services.

Anonymity

67 Switch Anonymity to On in order to connect to the chosen server. An animated picture will appear afterwards, if the connection was successful, showing the particular server connections and the amount of simultaneously connected users symbolically. If the switch is set to Off there will be no connection to any service.

Browser button

This button is displayed in the JonDo GUI if you are using JonDo Portable and a "portable" browser has also been found. You may start the browser by clicking it.

Information elements

Anonym-O-Meter The Anonym-O-Meter measures the level of security of the active service. It is calculated as follows:

o o

Distribution, certification and internationality of the operators and mixes. The amount of active users.

Click here for a description of the different levels in the Anonym-O-Meter.

Active service Information about the active service: o Users: The amount of users currently connected to the service. o Speed: Estimated speed of the service. o Response time: Estimated time required by the service to receive a response from the server. o Operators: The operators of the active service, described by the flag of their corresponding countries. A click on their flag will show details about the respective operator and his mix. A colored border which may appear around some or all flags moreover gives you a quick overview of the certification status concerning the respective mix of an operator. If all mix operators of this service are forced to perform special legal obligations which might influence anonymity in a negative way, a warning label is shown which you may click to get further information.

68

Remaining volume Measures the remaining data volume on the active account. An account with a volume rate is necessary for using the premium services. More info about accounts in JonDo can be found here. If you have chosen the Extended View you can click the arrow left to the "Remaining credit" display and receive more information about your account, especially o when it will expire and o how much volume you have already used. Encrypted data transferreed For user information and control of functionality, JonDo displays how much data a user has sent on the anonymity service during the current session. In the Extended View you can further subdivide the anonymized data by clicking the arrow left of the data display:
o o World Wide Web (HTTP) Other Internet services

Anti censorship service The forwarding function allows other users to connect to a service in your JonDo. You may thereby help these users in case their ISP blocks their access to JonDonym services. In the Extended View, clicking the arrow left of the display reveals the following information about the forwarder: How many forwarded connections are on hold at the moment have been accepted have been denied o How many forwarded traffic there is at the moment. o What bandwidth is used for it.
o

Attention By activating forwarding you allow unknown users to access your JonDo. This also has potential for abuse, while a trace back to your IP is protected by the used service. Also, you may experience a diminution in speed under certain circumstances.

Status bar Current news messages related to the available services is displayed here.

Additional buttons

The button Minimize shrinks JonDo to the size of a small window which displays the most important information only. The window docks to the edge of the screen automatically. There you may toggle anonymity by clicking the JonDo

69 icon. Alternatively, you may open the Mini View by double clicking in the main window. i gives you e.g. information about the currently used JonDo version and the licence. Help opens JonDo Help. Assistant helps you with setup of JonDo. Config is where you can configure JonDo yourself. Exit disconnects from the service and quits JonDo. Proxyfier Table of Content The Anonym-O-Meter

70
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/jap.JAPNewView_anonymometer.html

JonDo user interface Table of Content Mini view

The Anonym-O-Meter
The Anonym-O-Meter displays visual information about the status and the security of the selected service. Detailed information with more concrete data can be reviewed at Details. From the information the Anonym-O-Meter gives, a partially subjective risk of observation and a maximum level of anonymity can be deducted. The more active users sending and receiving packets there are the higher the level of anonymity for every single packet will be. That is because potentially every user could have been the source of the particular packet. The number and distribution of mix operators is also crucial: the more mixes there are in a cascade and the further they are spread across the globe, the less likely will it be that a user can be observed by an operator or third parties. Which value you should prefer depends on the potential observer that you want to protect yourself from. This evaluation provides, besides an informational function for the users, also positive incentives for commercial mix operators to preferably form secure cascades. A picture similar to this shows that you are connected to an anonymization service. The symbols measure the approximate level of anonymity offered by the active service. The left symbols (server icons) reflect the number of servers and operators (optimum: three operators). The colors of connections in-between describe the international distribution of these servers. The more non-grey colors you see, the better distributed this service is. (optimum: operators and mixes in three different countries = one blue and one green connection). The right symbol evaluates the number of active users on the service (optimum: at least 500). Those two values, distribution and users, are additionally reflected in two evaluation bars on the bottom: they turn more or less green according to the values (full green is optimum). In pure number representation, both values range from 0 to 6, separated by commas (e.g. 5,4 / 6,6 - the two last values describe the theoretic maximum: first distribution, last users)

This picture appears if anonymity is switched off. All surfing will be allowed after confirmation only.

71 If this picture is displayed, a connection to the service is active and you can surf anonymously. But no status information could yet be obtained from the InfoService. This could be an error in the InfoService, a slow Internet connection, a blocking (personal) firewall or simply because you have forbidden JonDo to request the InfoServices automatically. This picture is shown while JonDo is trying to connect to an anonymization service. Meanwhile, no connection will be allowed through JonDo.

JonDo user interface Table of Content Mini view

72
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/miniwindow.html

The Anonym-O-Meter Table of Content Commandline

JonDo user interface: Mini View

JonDo's Mini View is a minimalist view of JonDo's main window. You can access it by pressing or by double clicking anywhere in the main window. It shows only the most important information and consists of the following elements:

MByte: Shows the amount of traffic that has been anonymized during this session. Anonym: Shows the level of anonymity. The numbers correspond to the Anonym-O-Meter display. for toggling anonymity on or off. button that switches back to normal view (double clicking the window will work too).

Context menu

You can access the most important functions in JonDo from the context menu. The context menu is opened by clicking right in the main interface, the Mini View or on the small icon in the windows panel.

73
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/JAP_commandline.html

Mini View Table of Content Circumvent blocking of JonDonym

Commandline arguments for JonDo

JonDo can also be launched from the commandline. Run JAP.jar with:
java -jar JAP.jar <switches>

For Windows use:

javaw -jar JAP.jar <switches>

Several switches can be specified on startup.

--help, -h Shows a help message.

--console JonDo will only be running in a console. This means that no graphical user interface will be shown. In order to quit JonDo, type "exit" and press Enter. In order to save the configuration, type "save" and press Enter. The console version offers only limited functionality and allows for no configuration at the moment. It is thus recommended to configure the jap.conf in a GUI and to copy it to the environment in which the console version of JonDo will be run.

--cascade {[host][:port][:id]} Connects to the specified mix cascade.

--minimized, -m JonDo will start in the Mini View .

--noSplash, -s Suppresses the splash screen at JonDo startup. Starting JonDo will then seem to take a little bit longer, as it takes some time until the JonDo main window is initialized. The splash screen's function is to bridge this time gap.

74

--noSystemErrorLog Disallow logging to the standard error stream.

--hideUpdate Hide all internal update features (used for Debian package).

--allow-multiple, -a Allows for multiple instances of JonDo running at the same time.

--listen, -l {[host][:port]} Specifies the interface JonDo will listen to. The relative setting in the configuration of JonDo will be overwritten.

--forwarder, -f {port} Act as a forwarder (TCP/IP) and listen on a specified port.

--portable [path_to_browser] Tells JonDo that it runs in a portable environment. If a path to a portable browser is given, it may also be launched directly from JonDo. JonDo will use this browser for internal connections to websites also.

--portable-help-path [html] Path to external HTML help for usage in portable mode.

--portable-jre Should be set if JonDo runs with a portable JRE. Suppresses update messages for Java.

--uninstall, -u Deletes all files created by the application. Attention: Volume accounts not saved to a separate file will be lost!

--version, -v JonDo will print version information for JonDo and Java to the console window.

--config {Filename}, -c {Filename}

75 JonDo will use the specified configuration file instead of the standard configuration file .

--extractHelp [directory] Extract the internal help files (HTML) to a directory.

Example

In order to start JonDo minimized open a console window, switch to the directory where JAP.jar is located and enter the following command:
java -jar JAP.jar --minimized

You may also use these arguments in Windows shortcuts. Just click on the JonDo shortcut with the right mouse button, choose Settings and edit the shortcut as follows: Target: <Path to JonDo>\jap.exe <switches> Run in: <Path to JAP.jar> Substitute <Path to JonDo> with the actual path to the files JAP.jar and japdll.dll (typically C:\Program Files\JonDo) and choose the arguments you wish as <switches>. Mini View Table of Content Circumvent blocking of JonDonym

76
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/forwarder1.html

Commandline arguments Table of Content JonDo Configuration Anti-Censorship

Use a Proxy with JonDo Skype Forwarder JonDo Forwarder Dialup to free country

Circumvent blocking of JonDonym

Because JonDonym offers censorship-free access to the Internet and protects against surveillance it is blocked by some governments. You can circumvent the blocking of JonDonym in several ways.

Use a proxy to circumvent blocking of JonDonym

If your JonDo proxy client did not get a connection to InfoServices or Mix cascades and the "Assistant" could not find a solution, you may try a proxy to avoid the blocking of JonDonym services. You can get addresses of free proxies at xroxy.org or you may ask JonDos by e-mail for some proxy addresses. Using a proxy with JonDo does not compromise your anonymity. The proxy will see only multiply encrypted traffic and will forward the traffic to the Mix cascades.
Configure the proxy settings in JonDo

Open the configuration dialog of JonDo and go to the "Network" section. Enable the option "I am forced to use a proxy" and set the proxy type, host address and port.

77

Afterwards you may run the "Assistant" again to check your settings and try to get connected. Commandline arguments Table of Content JonDo Configuration

78
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/appearance.html

Circumvent blocking of JonDonym Table of Content Payment settings

Changing appearance
To get to this panel, press the button Config in JonDo's main window, then choose the entry User Interface from the list to the left. In this dialog you can make changes to the appearance, language and message display of JonDo.

Appearance
JonDo supports different themes for windows and elements.

Language Here you can change the language in which elements, dialogs and menus appear. A restart of JonDo is needed for changes to take effect. You will be asked to do so. Look&Feel Look&Feel determines the overall graphical appearance of the program. This includes the appearance of buttons, windows, text fields and other graphical elements. Look&Feel depends on the OS you use. With this list you are given the option of customizing JonDo to your desire. Plus, you can add new Look&Feel themes by downloading them from the Internet and importing them in JonDo. They are not JonDo-specific, i.e. you may theoretically use any theme compatible with Java Swing. Please remember that some of JonDo's elements may not be compatible with a given Look&Feel. You can revert settings anytime though if you encounter problems. o Import New Look&Feels may be found on www.javootoo.com e.g. Just download the themes you want and click Import afterwards. A file browser will open. Navigate to the location of the newly downloaded Look&Feel package and choose the .jar file. An alert message will inform you whether the result was a success. If it was, you may now select the new theme from the list. o Delete This will delete the selected Look&Feel. You can only delete those you added yourself. Font size Here you can change the font size of the user interface elements.

79

Display mode of JonDo

Extended View Extended View shows all options. Simplified View Simplified View will not show some advanced options that may be confusing for unexperienced users. The basic functionality of the program does not change thereby. Mini View always on top Fixates the JonDo Mini View on top of all other windows. If unchecked, the Mini View will be hidden behind other active windows. Ignore DLL update warnings If activated, no warning will be given when a more recent DLL version is available. The DLL is a library of functions in the Windows environment for visual improvement and more convenient operation.

Program startup

After start of JAP/JonDo... If you activate this option, you will be given two further possible options: o ...show the minimal view This option will show Mini View immediately after starting. o ...move JAP/JonDo into the systray If this option is selected, JonDo minimizes to the Windows systray immediately after starting. This function is not available on all OS and requires an operating system specific DLL. Splash screen toggle If you don't want to see the splash screen when starting and quitting the program you can deactivate this option. Reactivate to see the screen again. Start browser when connecting (only JonDo Portable) If you have started JonDo Portable with the commandline option --portable <Path to browser> and the given browser has been found, it will automatically be started when this option is activated. However, your browser will not start until you have established a connection to an anonymization service. If you prefer the browser to not start automatically, deactivate this option.

Path to Help
For optimal accessibility your default browser will be used for displaying the help pages. This requires the help files to be saved somewhere on your harddisk or another media. The setting allows changing the path to these files. If you click the panel Move a dialog will open which allows you to set the path to the help pages. Notice: With JonDo Portable and on some OS this path can not be changed.

80

Path to web browser

This options is only available in JonDo Portable. JonDo Portable automatically looks for a portable JonDoFox or Firefox. It is referenced by JonDo Portable to open web links and help files. If you would like to configure the path to the (portable) browser yourself, you may do this here. Just choose a browser executable file like iexplore.exe, opera.exe or firefox.exe from a local drive (Windows examples). Notice: The chosen browser is NOT automatically configured for the usage of JonDo thereby. If you do not use JonDoFox, you have to configure the browser yourself. The path is always stored relative to the execution directory of JonDo Portable. It is thereby also valid on alien computer systems if the browser is located on the same portable device as JonDo Portable (e.g. a USB flash drive).

Remember location
This option is only available in the Expert View. If you check one of the following boxes the corresponding JonDo window will reappear at the position where it was when you closed JonDo. This applies to the following windows:

Main View Settings Mini View

Remember size
This option is only available in the Expert View.

Configuration window Checking this box will make JonDo remember the size of the settings window.

Program shutdown
This option is only available in the Expert View.

Show warning when closing JAP/JonDo When checked, JonDo displays a warning when closing the program which tells you to reconfigure your browser's proxy settings in order to continue surfing the web. Circumvent blocking of JonDonym Table of Content Payment settings

81
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/payment.html

Changing appearance Table of Content Updating

Payment Settings
To get to this settings panel click "Config" at the JonDo main window, select the entry "Payment" from the list to the left and then open the tab "Advanced Settings". This panel is only available in the Extended View.

Anonymous payment connections

"Only if direct connection is not possible" makes JonDo transfer information about your current account balance and account creation data through the currently active JonDonym service if the respective payment instance is not available through a direct connection. This could for example be the case if your ISP blocks access to the payment instance. "Always (deny non-anonymous connection)" will result in payment instances being contacted only through JonDonym services. By setting this, you may under circumstances no longer be able to create new accounts or receive updated information about your account balance. Affiliate inforamtion will not be send in this case. "Never (allow direct connection only)" This setting blocks any requests of payment data through the anonymous connection. It can make sense if you want to cut cost. For payment data transmitted through premium JonDonym services will for compelling technical reasons be accounted for just like any other user data.
Automatically update account balance

82 If activated, JonDo will try to update your account balance at fixed intervals. If you do not allow this, JonDo will not automatically show your current account balance. Your account will still be maintained correctly by the payment instance though.
Warn when closing JAP/JonDo while not all accounts are backed up

To prevent data loss, you may order JonDo to warn you if one or more of your accounts have not been backed up and JonDo is closing.
Connect timeout (s)

Sets the timeout for connections to the payment instance. If you experience problems creating or paying accounts, increasing the timeout may solve them.
Show error messages from accounting instance (deactivate for debugging only!)

If activated, error messages from the payment instance of the relevant service will be shown. It is recommended to do so. This setting is only available in the beta version. Changing appearance Table of Content Updating

83
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/update.html

Payment Table of Content Network

Updating
To get to this settings window press the button Config in the main window of JonDo, then choose the entry Update from the list to the left. This panel is only available in the Extended View. In this dialog you can check whether new versions of JonDo are available for patching.

Installed Version

Version Here you can see the version number of JonDo. Date This field shows the release timestamp of the currently installed version. Type There are two possible versions: the stable version has been thoroughly tested. The beta version, also called developer version, includes all functions that are available at the moment, also those that are still undergoing testing. This is why the beta version is meant for experienced and curious users.

Latest Version
The information here does not refer to the software currently installed on your system, but rather it refers to the JonDo version that can currently be downloaded. Using the dropdown menu Type, you can choose whether it applies to the stable version or the beta version.

Options

Anonymous update connection Only if direct connection is not possible makes JonDo connect to the update server through the currently active JonDonym service if the respective update server is not available through a direct connection. This could for example be the case if your ISP blocks access to the update server. Always (deny non-anonymous connection) will result in update servers being contacted only through JonDonym services. By setting this, you may under circumstances no longer be able to receive updates. But on the other side you are protected against direct manipulation of the software by the creator for your installation cannot be identified.

84 Never (allow direct connection only) can make sense if you want to cut cost. For update data transmitted through premium JonDonym services will for compelling technical reasons be accounted for just like any other user data. This setting blocks any updates through the anonymous connection.

Show information window if a new JAP/JonDo version is available If this option is active, an information window will be shown from which you can update directly whenever a new version of JonDo is available. If it is deactivated, the status bar of the main window will display only a small reminder. JonDo checks for new versions at startup and every 12 hours from then. Show information window when a new version of Java (JRE) is available JonDo checks for new JAVA versions at startup and every 12 hours thereafter. If this option is active, an information window will be shown. Upgrading the JRE has to be done manually. More... (\help\updateJava.html)

Information
This field displays information about the update's installation progress. Furthermore, it shows the results of checks for a new version.

Other Elements

Check for new updates Click this button to check if a newer version than the currently installed version is available for download. Upgrade... With this button, you can, depending on your selection for Type, download the latest version of JonDo from the Internet and install it on your system. Payment Table of Content Network

85
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/net.html

Updating Table of Content Services

Network
To get to this panel, press Config at the main interface and afterwards select Network from the list to the left. In this section you can configure all settings relevant to the network connections of JonDo.

Circumvention of Internet censorship and filtering

This function is necessary if you cannot connect to the service, e.g. because it is blocked by your company's firewall or by your Internet service provider. Please, only apply these settings if you cannot connect directly to the services. You will be reducing your bandwidth and the process of connecting is made more difficult for no reason. Connect to other JAP/JonDo users in order to reach a service

By activating this option you can connect to a service with somebody else's JonDo, which acts as a forwarding server.

86

Listener port number

For JonDo to protect your communication on the Internet it has to be interposed between your browser and the Internet. Such a local intermediary is called a local proxy. The following settings are specific to the proxy functionality of the program.

Port number Enter your port number here at which JonDo will accept connections from your browser. Please remember that your browser's settings must be adjusted accordingly. You have to configure the HTTPS proxy settings of applications that should use JonDo to this port and localhost or 127.0.0.1, respective, as host. Some JonDonym services also support the SOCKS5 proxy protocol additionally to HTTP. Notice The port number is preset to 4001 in JonDo. We recommend keeping it since it is linked to many other settings, including JonDoFox. Only change the port if you know just why you need to do it in your case.

Allow access to JAP/JonDo from localhost only (Only available in the Extended View.) If this option is active only your own PC will be able to connect to your JonDo. If it is deactivated all PCs on the network or the Internet may connect to your JonDo. Unauthorized individuals may then abuse your JonDo for illegal purposes and also use the data volume you paid for it. As long a you do not have good reason to allow other PC's access, it is recommended to keep this security setting activated.

Compulsory proxy/firewall
In some networks a connection to the Internet is only possible through the company's or the ISP's proxy. If this is the case for you, you can edit the settings needed for your JonDo to connect to the proxy here.

87

Hint: If you like, you can also enter a local Tor client here for an additional layer of security. Your connection will be slower though.

I'm forced to use a proxy Activate this option to tell JonDo that a proxy is needed for access to the Internet. Type Enter the type of proxy you are using. Possible types are "SOCKS" or "HTTP/HTTPS". For Tor enter "SOCKS" here. Host Enter the host name or the IP address of your proxy here. For Tor enter "localhost". Port Enter the port at which your proxy accepts connections. For Tor enter "9050". Proxy requires authorization Select this field if you have to authorize with your proxy. User ID Enter your username for accessing the proxy. The password will be asked for automatically upon the first connection attempt.

JonDo + Tor (TorBrowserBundle)

To use the Tor shipped with the TorBrowserBundle together with other internet applications (like JonDo), you have to disable the random "SocksPort" of Tor and set it to a fixed value.

88 Open the configuration file "torrc" used by Vidalia with a text editor. You may find the file in the subdirectory "Data/Tor" of your TorBrowserBundle. Change the "SocksPort" from "auto" to a fixed value (usually port 9050).
SocksPort 9050

Updating Table of Content Services

89
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/services.html

Network Table of Content Certificates

Services
This group of settings can be accessed by clicking Config in the main window. In the settings menu you will find the point Services on the left side. The following settings relate to fundamental functions of JonDo.

Anonymity and Mix cascades Here you can check information about the available anonymity services and change further settings. InfoService InfoServices supply information about available services and updates to the application. Here you can administer JonDo's access to InfoServices. only available in Extended View. Anti Censorship Contains all settings necessary to use your JonDo as a forwarding server. Users can then reach mix services through your JonDo. only available in Extended View. Certificate Authorities Certificates are necessary for ensuring authenticity of mixes, InfoServices and their operators. Here you can administer the root certificates of the program. only available in Extended View.

Please remember JonDo has all necessary settings preconfigured so that you can connect to the available services right away. Changing these settings is usually not needed. Network Table of Content Certificates

90
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/certificates.html

Anonymity Table of Content Mix cascades

JonDonym certificates and their meaning

Certificates are used to identify operators of JonDonym services. Typically, a mix cascade consists of two or more consecutive mix servers operated by different organizations. Only if all of these operators cooperate could the anonymity of the users be revoked. Users of JonDo should therefore consider for themselves whether they trust the mix operators of a cascade and whether they connect to this cascade according to this decision. It is therefore crucial that

the individual mixes are run by independent organizations and that the information about these organizations is reliable.

Certificates are parts of the so-called cryptographic public key method: the organization identified by a certificate owns a private key that it uses to create digital signatures. This key must always be kept secret since everyone could otherwise use it to create signatures. By comparison to the openly available public key others can check these signatures and verify that they really communicate with the requested organization. The correlation of identity and public key is proven by a digital certificate. This is an electronic document digitally signed by a certification authority. It is highly recommended to inspect the certificates of each individual server of a mix cascade (click on the different mix icons and then on the respective certificate).

Certification authorities (CAs)

Organisations that issue certificates are called certification authorities. They connect the identity of the certificate owner to his public key using an electronic signature. The organisations issuing JonDonym certificates have committed themselves to be very careful when certifying operators. Operators may also get certified by more than one CA. Multiple certification takes the need for trusting a single certification authority.

Mix certificates and operator certificates

Both mixes and operators of mixes receive certificates. A CA issues an operator certificate that is attached to his/her identity. By using this certificate, the operator may then generate mix certificates him/herself for his/her mixes. These mixes, or mix certificates respectively, can then be associated with their operator beyond a doubt and cannot refer to a faked identity.

91

Certification status
A certificate is considered as verified only if the signature of the certification authority, which has issued this certificate, is valid. Certificates may also be verified by two , three or more independent certification authorities at once. Thus, the correctness of the identity and the reliability of the respective operator is better secured. Non-verifiable certificates are generally not trusted as anyone with basic knowledge about computer technology can generate such certificates by himself. The validity of a certificate depends on the time period for which the certificate has been issued. Typically, you should not trust an expired / invalid certificate any longer, as it is not clear whether the owner still has the right to offer the service. Certificates may also be revoked , for example if their encryption was broken, the operator turned out to be dubious or if the private certificate got into the hands of unauthorized persons. JonDo blocks connections to mix cascades with at least one untrusted or revoked mix. Expired certificates cause service filters and the Anonym-O-Meter not to count such a mix as part of the service. However, a connection to the service is still possible if at least the first or the last mix in the service is still fully trusted. Moreover, JonDo prevents connections to InfoServices with untrusted, revoked or expired certificates. Program updates and payment connections are also always checked for trusted certificates. Anonymity Table of Content Mix cascades

92
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/services_anon.html

Certificates Table of Content Advanced settings

AN.ON/JonDonym
To get to this panel, press the button "Config" in JonDo's main window, then choose the entry "Anonymity" from the list to the left and open the tab "JonDonym".

In order to better understand the information and settings in this panel, you might first want to read the introduction to JonDonym und AN.ON.

Filter for Mixes

With the help of the filter you can determine the selection criteria by combining multiple criteria.

93

Click the button "Edit filter" to create your own filter. You can adjust the following selection criteria to your needs:
Cascade length

Determine whether a single mix is acceptable or whether you only want to use mix cascades. Notice: When using a single mix service, your privacy will only be protected if the respective operator is completely trustworthy.
Operators

Here you may decide if you would like to hide services because of the participation of a certain organization or individual as a mix operator.
Internationality

Determine how many different nations have to participate in the service. This includes the location of the mix operating organizations and also the geographic location of the servers themselves.

94 Notice: The more internationalization, the more secure the service should be esteemed.
Miscellaneous

Filter services that do not support the SOCKS5 protocol, or that perform a data retention that may, under certain circumstances, influence your privacy. Moreover, you may force using only services that are free of charge here. Notice SOCKS5 is a proxy protocol. You may use it to anonymize even more applications than with HTTP alone.
Speed and Response time

Here you can set a minimum speed and a maximum latency that the service has to provide in order to meet your selection criteria.
Blocking single services

The checkboxes to the left of the service entries are checked at default for all available services. Unchecking a box causes JonDo to no longer connect to this service. This achieves even more detailed filtering of services than is already possible with the user defined service filters. After having adjusted all selection criteria to your likings, click "Accept" to activate your user defined filter. With"Cancel" you can revert your settings.

Information about the available services

You can receive very detailed information about the different services. When hovering with your mouse over an entry in the selection list below the service filter you will be shown the address of the first mix and its access ports. To the right of the list you will furthermore be shown the following information about the selected service:
Anonymity

Shows two evaluations for the presented service, which have both influence on your anonymity: Distribution and user activity (refer to the Anonym-O-Meter). The higher the respective value is (maximum is 6), the better for your security. The respective theoretic maximum is shown after the slash (6,6). If all mix operators of this service are forced to perform special legal obligations which might influence anonymity in a negative way, a warning label is shown behind the anonymity evaluation. You may click on it to get further information.
Number of users

95 The value displays the current number of users connected to the service. The higher the user count, the higher your privacy will be while using the service.
Speed

Displays the speed with which data is sent and received in the cascade. The value is measured by the InfoServices and is calculated across all measurements from within the last hour.
Response time

Displays the time that passes between sending a data packet and receiving the response data. The value is measured by the InfoServices and is calculated across all measurements from within the last hour.
Availability

You can recognize from this information how reliable and stable the selected service works. The value is measured by the InfoServices and is calculated across all measurements from within the last hour. Also if this service is for some reason not available for you information about this will be shown here. If you click on the message, a dialog with further explanations will open.
Supports SOCKS

If the selected mix cascade supports the SOCKS protocol you will see this message and the SOCKS icon below the availability information. Otherwise you may only use HTTP(S). The data is further concretized in the lower part of the window. For every mix of the selected service a symbol will be shown. You can tell the number of mixes in a cascade from it. The flag symbols to the right of the mix symbols indicate the nationality of the mix operator (lower flag) and the geographic location of the mix (upper flag). If there is only one flag next to the mix symbol it means that the operator and the mix are located in the same country. Flags with a colored border give a quick overview on the certification status of the respective mix. Click on a mix symbol or on the right/left arrows to receive the following information about the respective mix of the cascade:
Mix name

The name of this mix as given by its operator.

Mix location

96 The geographic location of the server is shown here. The flag symbol to the left shows at a glance in which country the mix is located.
Operator

The name of the organization that operates the selected mix. The flag symbol to the left depicts the country in which the mix operator is located.
Certificates (Button)

The icon of this button shows you the certification status of the respective mix at a glance. A click on it opens details about the certificates. (Further information about certificates...)
E-Mail (Button)

A click opens your e-mail program with the address of the operator of the respective mix. Moreover, you may see the e-mail address when moving your mouse over the button.
Homepage (Button)

A click opens your browser with the address of the operator of the respective mix. Moreover, you may see the homepage address when moving your mouse over the button.
Map (Button)

If the mix operator publishes detailled location information about his server, you may see this on a map which opens on clicking.
Law (Button)

This button only appears if an operator is forced to perform special legal obligations which might influence anonymity in a negative way. It opens a web site with further explanations.

Actions for the available services

Below the window with the available JonDonym services you will find a row of buttons with which the following actions can be conducted:
Reload

A click on this button makes JonDo delete all services from the list and ask the InfoService for available services again.

97
Select

This button selects the currently marked service as the active service. JonDo will try to connect tot this service if anonymity is set to On in the main window. Notice: If you activate a premium service but have no appertaining account a dialog will open for account creation, and no connection will be made to the service.
Manual

Here you can manually add a service which has not been reported available by the InfoService but that you know the access data of. This function is rarely needed, e.g. if you can not connect to an InfoService to receive information about services automatically. Please also note the above warning for the filter "Services added by yourself". After clicking the button you will be presented the following fields in the lower part of the window: Host Enter the hostname or IP address of the service. o Port Enter the port of the service. o OK After having filled in the above fields, you can insert the service into the list of available services herewith. o Cancel Cancels the process and redisplays information about the current service at the bottom section.
o Edit

This button is only active if a manually entered service exists in the list and is selected. With this action you can edit the settings of a manually entered service again.
Delete

You can only click this button if you have also selected an already existing manually created service from the list. It will remove the respective service from the list. Certificates Table of Content Advanced settings

98
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/services_general.html

AN.ON/JonDonym Table of Content InfoService

Services: Advanced Settings

This panel is only available in Extended View. To get to this settings panel, click Config in the main window of JonDo, choose the entry Anonymity from the list on the left, and open the tab Advanced Settings.

The following general settings concerning all services can be made from here:

Anonymize HTTP header If this option has been activated, the HTTP header sent by the browser will be set to default values which equal those of JonDoFox. This renders users of other browsers less distinguishable from JonDoFox users or those that have also enabled HTTP filtering. This can improve the protection of privacy but is not necessary if using JonDoFox. Notice This function is only available for unencrypted connections to websites (HTTP). A respective filtering for encrypted connections (HTTPS) can only be done by JonDoFox.

99

Confirm every single website when anonymity is switched off With this box checked and anonymity mode switched off, JonDo will demand your individual confirmation in order to prevent pages from being loaded unnoticeably without protection whenever requesting a website domain. If you uncheck this box, JonDo will allow a direct connection to the web server in nonanonymous mode without asking for individual confirmation, but only ask for your confirmation once. Auto connect after program start If this box is checked, JonDo automatically connects to the anonymization service when started. Auto re-connect after connection to Mix was lost Check this box if you want JonDo to automatically reconnect to the anonymization service if the connection has been lost. Automatically change services This option randomly selects a service from the cascades set in your service filter if the active service fails or is unreachable. Also on JAP/JonDo startup With this option deactivated JonDo will connect to the same service it has been connected to before it was last shut down. Otherwise, a random service will be selected based on the filter criteria you have set. Connect to explicitly unlocked services only (whitelist) If activated, JonDo will only allow connections to services that you have explicitly verified and allowed before. This ensures optimal protection from unwillingly connecting to untrusted JonDonym services. On the other hand, you will not benefit automatically from new available services, but will have to unlock them one by one in the JonDonym service panel. Send keep alive packet every Here you can decide how often zero-content dummy packets should be sent in order to keep the connection alive when no other packets are currently sent by you. Login timeout (s) If your Internet connection is slow, a timeout too short for the login to services may prevent JonDo from establishing an anonymous connection. A timeout too high may cause long waiting times when connecting if the currently chosen service is not available or the connection is blocking for other reasons. Therefore, increase or lower the timeout just as you need it. AN.ON/JonDonym Table of Content InfoService

100
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/infoservice.html

Advanced settings Table of Content Anti Censorship

InfoService
This window is only available in Extended View. To get there, click Config in the main window and choose InfoService from the list on the left side. The InfoService delivers necessary information to JonDo about available services and updates. Multiple InfoSerivces of different organizations are available in JonDonym. They share and match their data so that they all have the same information in the end. This ensures availability of the information. Most information is requested redundantly so that no single InfoService may fake or conceal information. Please beware Changing these settings may render JonDo incapable of discovering any services.

Settings
On this page, you can see the InfoServices that are known to your JonDo client. The currently preferred InfoService appears in bold. You can take the following actions:

Download list Here you can download a new list of InfoServices. Set as default By clicking this button the selected InfoService will be chosen as the default InfoService. This default InfoService will be contacted first for redundant requests and it will not be deleted from the list of available InfoServices, even if it may be temporarily unavailable. Certificates A click on this button will show the certificate for this InfoService and its operator. JonDo only accepts information from InfoServices that have identified themselves with a trustworthy certificate. Notice The certificates of the preset InfoServices are already included in JonDo.

Add When you choose this action, an additional input area for manually adding an InfoService appears at below. These settings are usually not needed as InfoServices are discovered automatically.

101
o

o o

o o

InfoService host Enter here the host name or IP address of the InfoService that you want to add. InfoService port Enter the port of the new InfoService here. InfoService name (opitonal) If you like, you can enter a name for the InfoService here. The new InfoService then appears with this name in the list of known InfoServices. If the field is left empty the InfoService is listed as a combination of host name and port. OK Click this button to confirm your entry and insert the new InfoService. Cancel Discard changes and return to the previous window.

This part of the window also appears if you select an InfoService which has already been entered manually. You may then change this InfoService's data or delete it.

Remove When you click on this button the selected InfoService will be removed from the list of known InfoServices. Notice Deleting the default or preset InfoServices is impossible.

Advanced settings

Anonymous connections to InfoServices Only if direct connection is not possible makes JonDo connect to InfoServices through the currently active JonDonym service if the respective InfoService is not available through a direct connection. This could for example be the case if your ISP blocks access to the InfoService. Always (deny non-anonymous connection) will result in InfoServices being contacted only through JonDonym services. By setting this, you may under circumstances no longer be able to receive updated information about the JonDonym network, and as a consequence, no longer, or only to some extent, be able to connect to anonymization services. Never (allow direct connection only) can make sense if you want to cut cost. For InfoService data transmitted through premium JonDonym services will for compelling technical reasons be accounted for just like any other user data. This setting blocks any requests of InfoService data through the anonymous connection.

102

Enable automatic InfoService requests JonDo regularly attempts to connect to the InfoServices to update the information saved locally. If this box is not checked these automatic connections will cease. You will then have to update the InfoService data by clicking the different refresh buttons in the respective windows regularly. Otherwise program functionality may not be guaranteed. Do redundant requests to different InfoServices Define how many InfoServices will be queried. If you set this value to 3, for example, JonDo will always try to reach 3 InfoServices for the requested information. Should one of them be offline JonDo will try to reach the other two. The higher the value the more resilient against malfunction JonDo will become but the more time these queries will consume also. The default InfoService will always be contacted first. In the beta version you can completely deactivate this option so that only the default InfoService will be asked, no matter whether it is available or not. This may make it impossible to connect to InfoServices at all. Connection timeout (s) If your Internet connection is too slow a timeout for requests of the information set too short may prevent JonDo from establishing a connection and receiving the information. A timeout set too high may cause long waiting times if one or more InfoServices are slow or unavailable. Therefore, lower or raise the timeout as needed. Advanced settings Table of Content Anti Censorship

103
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/forwarding_server.html

InfoService Table of Content Certification Authorities

Anti censorship service

This panel is only available in the Extended View. To get to this panel, press the button Config in JonDo's main window, then choose the entry Anti Censorship from the list to the left. A anti censorship service is used to bypass any blocking of access to JonDo services. Because of censorship or other restrictive measures, other users may not be allowed to connect directly to the anonymization service. This is why JonDo includes the possibility of forwarding connections to the services. If you would like your JonDo to forward connections and help other users, you can find the relevant settings in this window. Beware After activating forwarding, every JonDonym user can use your JonDo as an access point to the services. While you are well protected from discovery of your own IP address by the anonymization services, you are exposing yourself to the risk of other users committing crimes on the Internet through your JonDo.

Anti censorship service settings

Server port for forwarding Enter the port number that your JonDo program uses for incoming forwarding connections. This port must be open for incoming connections in your firewall. My Internet connection Select the type and speed of your internet connection. The value in the field Max. bandwidth (kbit/s) is automatically set by this. Max. bandwidth (kbit/s) The bandwidth actually used for forwarding based on the settings above is shown here. Percentage for forwarding Choose a percentage from this field to set how much of your total upstream bandwidth should be used for forwarding.

Supported services
This section allows for basically two settings. Either you allow all forwarded clients to access all JonDo services known (Allow client access to all available services is checked), or you only allow access to certain services. Service access is set with the buttons Add to allowed services and Remove from allowed services. Access is allowed only to services found in the Allowed services list.

104 Hint: In neither case, other users may benefit from your Premium credits. Users relying on the anti censorship service in order to connect to Premium services have to have their own payment accounts.

InfoService registration
For JonDo users to find your JonDo forwarding server, your JonDo must be registered as a forwarder with at least one InfoService. You can register with all InfoServices or only certain ones. The procedure is basically the same as above. InfoService Table of Content Certification Authorities

105
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/cert.html

Anti Censorship Table of Content Configuration file

Certification Authorities
Only available in ExtendedView. To get to this panel, press Config in JonDo's main window, then choose the entry Certificate Authorities from the list to the left. To ensure authenticity and integrity of digital data, secure digital signatures are created from secret keys. The validity of such a signature can be tested with the public key that corresponds to the secret key; just like a key fits the proper lock. But capable proof is still needed that the key in question belongs to a certain person or organization. This is where certificates come in. A certificate is a (digital) container of the identity of a person or organization and their public encryption keys. To obtain a capable proof of authenticity, the certificate has then to be digitally signed by an authorized certification authority whose keys are openly available. further information about certification authorities and certificates... (\help\certificates.html) Certificates play a key role in JonDonym: mixes prove their authenticity to JonDo with them. Your JonDo already has all the needed certificates included to ensure that it only connects to services of certified operators. But with this settings panel you are also given the opportunity of adding your own certificates and administering them in case you want to connect to cascades that Jondo has no certificates of yet. BEWARE Adding certificates is a very sensitive and security critical area. If you accept certificates from untrustworthy certification authorities you run the risk of damage by connecting to dubious services. So you should only add new certificates if you really know what you are doing. It is not necessary usually.

Certification authorities

I only want to use servers certified by the following authorities This list contains all certification authorities that you trust. If a server is not certified by a certifying body listed here JonDo will not connect to it. If you deactivate this option no verification of certificates will be conducted. Third parties may then make JonDo believe that they are secure services, or they may falsify identities of the operators. Import... With this button, you can add certification authorities to the list. The appropriate certificate has to be chosen in the dialog that appears. Remove This button removes the selected entry from the list.

106

Disable By clicking this button, you can temporarily deactivate an entry without removing it from the list. The entry is flagged untrustworthy and JonDo will no longer accept certificates issued by this certifying body. Under certain circumstances you can no longer connect to a service after having deactivated certificates from certifying bodies. Details Click this button to see the details of the selected certificate.

Certification Authority Information

Here you can see detailed information about the currently selected certification authority. Anti Censorship Table of Content Configuration file

107
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/japconf.html

Certification Authorities Table of Content Debugging

JonDo configuration file

JonDo creates a config file which contains all settings available to the program. It may be useful to know the path to the configuration file in case you ...

want to email the file for debugging purposes want to delete the file because JonDo has been misconfigured want to copy the file to another computer

The file has different locations in different operating systems:

Windows %appdata%\JonDo\jap.conf Alternatively: C:\Documents and Settings\<username>\jap.conf

Linux $HOME/.jap.conf Mac <userhome>/Library/Preferences/jap.conf Certification Authorities Table of Content Debugging

108
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/debugging.html

Configuration file Table of Content Further help

Debugging
This panel is only available in the Extended View. To get to this panel, click Config in JonDo's main window and then select Debugging from the list to the left. Here you can configure which status and error messages appear in the console while running JonDo (for example in a DOS shell). If you're having problems with JonDo, you might be able to localize them using these error messages. If you would like help from us, you should definitely attach the appropriate error messages to your e-mail. Please attach your JonDo configuration file also, and then send the mail to support@jondos.de. Notice Please read the page about further help also. To configure log messages you are given the following options:

Show messages belonging to the following subsystems By selecting the checkbox for a topic you can choose whether you want to receive messages related to this topic. Show messages of the following level With the slider you can set the level of priority a message must have in order to be shown in the console. If the slider is at the very bottom, only messages concerning severe problems preventing correct functioning of the service will be shown. Detail level of log messages The higher the slider the more detailed log messages will be. Show messages in a separate window If this box is checked a separate window will appear for debug messages. In this window you can copy, save or send the messages to us. Write messages to the following file If this box is checked you can indicate a file in which the debug messages are to be saved. Configuration file Table of Content Further help

109
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/trouble.html

Debugging Table of Content Updating JRE

Troubleshooting
Neither this help nor JonDo's built-in assistant (a button in the main window) were able to solve your problem? If so, then first of all please read the FAQ in our Wiki: http://anonymous-proxy-servers.net/wiki/index.php/JonDo_FAQ You could not find the answer to your question in the FAQ either? You have several possibilities to ask others about your problem. But be sure to provide as much of the following information as you can for otherwise you might not get a satisfying answer or even no answer at all:

A detailed description of the error and the situation(s) in which it occurs. It will take much longer to solve the problem if you just tell us it does not work. The version of JonDo your are using (appears at the startup screen and when you click on the "i" in the JonDo main window, in the upper row of the newly opened window). Your installed Java version(s). Name and version of your browser and operating system, and ideally information about installed service packs, too.

In many cases, this information may be important also:

Do you have a desktop firewall? If yes, which one? Do you have an antivirus tool? If yes, which one? How do you connect to the Internet (your ISP, whether you connect from a local network, an external firewall or a forced proxy).

If you are able to provide them, also the following information may be useful in solving your problem:

Your transaction number if you did create an account, or the number of your pseudonymous account. The version of your japdll.dll (appears when you click on the "i" in JonDo's main window). The set Look&Feel in JonDo. On demand: A copy of the error messages displayed in the console. Please toggle all possible checkboxes in the Debugging area in Settings and set all the sliders to

110 maximum. Then save the output to a file. Before sending the file you may want to remove any personal information such as the username from it. It is an advantage to provide concrete and detailed information, so that you can be given the best support possible. You may post questions, suggestions or criticism to the JonDonym User Support Forum or alternatively to the old AN.ON User Support Forum (search function) where you will most likely be helped quickly. Be sure to use the forum search function before starting a new thread. Most of the questions have already been answered. If this is not the case for your questions, please use a meaningful subject for your posting and not something like "Problems!". Please help other users (and us) by answering questions in the forum too, if possible. If your problem could not be solved by other users, you should directly contact us via email: support@jondos.de Answering questions will take a certain amount of time, so please be patient. Debugging Table of Content Updating JRE

111
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/updateJava.html

Further help Table of Content Credits and licence

Updating JRE (Java Runtime Environment)

Notice: Users of Mac OS X will have their Java updated automatically by the operating system and do not have to update manually. The following information is not relevant to them. JonDo is written in the Java programing language and therefore needs Java installed for execution. Please remember that JAP/JonDo is at the moment only compatible with the Java distributions Sun-Java, OpenJDK, IcedTea and Apple Java. If you use a browser other than JonDoFox, your Java will usually be integrated as a plugin in your web browser. This is not necessary for JonDo but it also enables your browser to execute Java web applications (applets) which may revoke your anonymity. This is why we recommend deactivating or filtering this plugin in your browser. Furthermore, also in this plugin, just as in every software, new errors are discovered from time to time that may compromise the security on the PC where it is installed. JonDo thus informs you when new Java versions are available, and we recommend urgently to update right away. Although Java supports simultaneous installations of different versions, you should have only ONE Java version installed on your computer. Therefore, uninstall all old versions of this software before the new installation. Notice: The following manual is only meant for Windows. In Linux installation is specific to the distribution. The latest Java version may not be compatible with every Linux distribution. In order to update your Java installation, follow these three steps: 1. Download the latest version Get the current version from this site (alternatively from this site for older Windows versions; please note that Sun-Java versions since 1.4 do not run on Windows 95; the same holds for version since 1.6 on Windows 98). 2. Uninstall old version Go to the start menu, open "Settings", "Control Panel" and choose "Add or Remove Programs". It might take a while until the list of installed software shows up. Choose the entry "J2SE Runtime Environment <version number>" and click "Uninstall". Wait for the uninstaller to complete. Perhaps you will have to restart your PC. 3. Install new Version Double-click the installer you downloaded in step 1. Follow the installation

112 instructions. Installation might take some time. Perhaps you will have to restart your PC. Further help Table of Content Credits and licence

113
file:///C:/Documents%20and%20Settings/Admin/Application%20Data/JonDo/help/en/help/credits.html

Updating JRE Table of Content

JonDo (JAP)
This open source client program used to access JonDonym and AN.ON services is maintained by the JonDos GmbH. JonDos GmbH Bruderwhrdstrae 15b 93055 Regensburg Germany Homepage: http://anonymous-proxy-servers.net Moreover, this software incorporates research results and development from the Dresden University of Technology and the University of Regensburg in its code.

Credits
JonDo developers

Harim Arevalo (Anonym-O-Meter images) Christian Banse Jan von Ertzdorff-Kupffer (English translation) Robert Hirschberger (Certificate management, PortableApps-GUI) Philipp Kaplycz (Payment instance, installation program) Simon Pecher Johannes Renner (MixConfig Tool, JonDoFox)

AN.ON, the scientific predecessor project of the company JonDos GmbH, was a joint project with the Privacy Commission of Schleswig-Holstein/Germany. It was sponsored by the German Research Foundation and the Federal Ministry of Economics. Technical supervisors were the Dresden University of Technology and the University of Regensburg, called JAP-Team. AN.ON Development:

Tobias Bayer Oliver Berthold Simon Bunge (MixOnCD) Sebastian Clau Derek Daniel (English translation) Renaud F. (French translation)

114

Hannes Federrath Kuno G. Grn (MixConfig) Chris Hauser (Update of dmg installer for MacOS X) Stefan Kpsell Stefan Lieske Stefan Mark Rui Monteiro (Portuguese translation) Wolfgang Pppl (MixConfig) Dirk O. Roth (JonDo icon for MacOS X) Jonas Schiel (Help files) Elmar Schraml Bastian Voigt (Payment) Rolf Wendolsky

AN.ON Project Team:

Oliver Berthold Sebastian Clau Hannes Federrath Marit Hansen Stefan Kpsell Andreas Pfitzmann Rolf Wendolsky

Management:

Hannes Federrath

Anon Project Web Page:

http://anon.inf.tu-dresden.de

Thanks To:

Uwe Danz Heinrich Langos Thomas Lttig Kai Martius Andreas Schmidt Ronny Standtke Sandra Steinbrecher Thomas Weber and all users involved in the process.

A special thank you is dedicated to David Chaum for his invention of mixes and all of these other very useful things.

115 This product includes software developed by the Apache Software Foundation (http://www.apache.org).

Licence
Copyright (c) The JAP-Team, JonDos GmbH All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the University of Technology Dresden, Germany, nor the name of the JonDos GmbH, nor the names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Updating JRE Table of Content