JAP FAQ
Frequently asked questions about the JAP concept
- I use JAP. Who can observe my surfing?
- Do you save log files?
- Is there a way to trace criminal activity of a JAP connection?
- Couldn't the anonymization service be used by the government for control?
- Who makes sure that the mix providers hold to their official declarations?
- I use JAP, so do I still need other forms of protection for my computer and data?
- Why does frequent connecting and disconnecting of the internet connection reduce the level of anonymity?
- Am I also anonymous to web bugs?
- Is all data sent from my computer encrypted?
- Why is the mix service on a central server and not setup P2P?
This list does not contain my question regarding the JAP concept or my question was not answered sufficiently.
Concept
I use JAP. Who can observe my surfing?
My provider?
Your provider can only see that you are using the anonymization service. An encrypted channel is set up between JAP and the anonymization servers, over which your data is sent. All data requests in the browser that leave or arrive at your computer are therefore encrypted. A detailed description can be found under 'JAP and Encryption'.
My boss, colleagues, or system administrator at work?
The only thing apparent at work is that you are using the anonymization service. An encrypted channel is set up between JAP and the JAP servers, over which your data is sent. All data requests in the browser which leave or arrive at your computer are therefore encrypted. A detailed description can be found under 'JAP and Encryption'.
Of course, when surfing at work, one should be aware that the old "reading-over-your-shoulder" type of observation is just as easy with or without JAP. Browsers and operating systems on desktops often save data from recently visited websites, for example, in the address bar or in the Temporary Internet Files folder. This has the comfortable advantage of automatically completing typed addresses, but the disadvantage is that others who use the same computer or user account can very easily see where the last user surfed. This is the default setting in most browsers, but can be deactivated in the options menu.
A mix provider?
A mix provider can only determine a relationship between the incoming and outgoing connections to his mix server and must, in fact, do this to ensure that the data packets were correctly transferred. If the user uses a mix cascade consisting of more than one independently run mix, the mix provider of one single mix in the chain cannot determine a relationship between the user and the websites surfed.
For this reason, we especially point out that the "Dresden-Dresden" mix cascade is for test purposes and is run solely by us. Whoever uses this mix is protected from external observation, but we (in Dresden) could theoretically observe.
Do you save log files?
No log files are kept at the anonymization service with the following exceptions:
- For research purposes, we sometimes record statistical data during very limited periods on the Dresden-Dresden cascade. (for example, number of data packets processed per user or a list of the most requested websites.) This data is not related to specific persons. The data is statistically processed and the records are deleted.
- Accesses to our webserver http://anon.inf.tu-dresden.de/ are logged for statistical purposes. Here too, the data is not related to specific persons.
- We save the current number of active users on each mix cascade for statistical purposes and as information for the user. JAP continually displays this information when JAP is running and active.
Is there a way to trace criminal activity of a JAP connection?
The law requires that telecommunications service providers retain for crime prevention purposes, data that they would save anyway. But no one is required to save data which does not need to be recorded or processed for the service.
Retroactively?
Retroactive observation is nearly impossible: If someone wanted to uncover an internet connection after the person surfed, all incoming and outgoing messages from all mixes would have to be recorded. This would only make sense as long as the public key of the mix is valid. Not even the mix provider itself could decrypt old messages after changing keys, since the private key is destroyed. However, this feature is currently not yet implemented. How often the public key is changed is decided by the mix provider. Eventually, in a final version, this could even occur as often as every few hours.
Surveillance of connections in the future?
Online observation would require that every mix in a cascade immediately make a protocol of the ingoing and outgoing connection for a certain data message. The message to be tracked would have to be marked. Then it could be de-anonymized with all mixes in a cascade working together. This message marking could only be recognized by the mixes involved, and the process would work similarly to "trapping" an analog telephone line. In this way, it would be possible to monitor access to a specific website.
A detailed description of criminal activity tracking can be found under "JAP and criminal activity".
Couldn't the anonymization service be used by the government for control?
In principle, any service could be used by the government for control and surveillance. For this reason, transparency, clarity, and trust of the service's function are vital to the user.
Transparency and clarity are especially acheived by releasing the source code. Trust in the service's function should be acheived through the official declarations from the mix providers and our project partner, the "Unabhängige Landeszentrum für Datenschutz" (Independent National Center for Data Privacy) in Schleswig-Holstein.
Since there is no central instance involved in the mix concept, all mixes involved in a cascade would need to work together in order to track a connection. Because of this, any kind of observation of the internet user, including from the side of the government, is not made easier, rather more difficult by using JAP.
Of course, such anonymizers especially attract interest for surveillance. We are definitely aware that unobservable internet usage is for this reason especially important for users of the anonymization service. As a provider of anonymization service, we are well aware of the responsibility toward our users.
Who makes sure that the mix providers hold to their official declarations?
We have a partner in our project, the "Unabhängige Landeszentrum für Datenschutz" (Independent National Center for Data Privacy) in Kiel. They are responsible for this with their legal and technical competence. In the future, this should also be possible through further data privacy institutes.
I use JAP, so do I still need other forms of protection for my computer and data?
SSL for additional encryption?
Yes! JAP only anonymizes. It doesn't keep your data secret all the way to the receiver. An encrypted channel is set up between JAP and the JAP servers.
This is done simply by calling up a website with "https" instead of "http". A detailed description can be found under "Jap and Encryption".
If you don't use SSL, however, the data leaves the final server in a mix cascade unencrypted. In order for data to be sent encrypted from the anonymization service to the requested server, the server has to support encryption. This is done with the standard SSL protocol. Therefore, calling up websites with "https" instead of "http" is recommended for sensitive data.
A detailed description can be found under "JAP and Encryption".
JAP only anonymizes the IP address. Why is additional data such as browser type and operating system still being transferred?
JAP intentionally anonymizes the IP address only at the network level. Every user should decide for himself what other information he wants to hide. Since many people use the same operating system - browser combination, one is still anonymous within the set of JAP users with the same combination. Whoever filters out even more information, is likely to stick out of the crowd even more as someone who is trying to be anonymous.
Many website authors create sites that are specially optimized for different browsers and therefore ask for browser type information.
For this reason, we suggest another program (for example, various filter programs) for anonymizing this type of data. Some browsers (for example, Opera) can also be set to fake their type information.
Do I need a Firewall?
Yes! JAP only anonymizes your IP address for websites that you surf to. This doesn't mean that your IP address is masked in the internet, only that it's unknown which websites you visit.
A firewall, on the other hand, protects your computer against attacks from the outside, and this is absolutely recommendable.
Please note our instructions for configuring JAP when using a personal firewall.
Why does frequent connecting and disconnecting of the internet connection reduce the level of anonymity?
Someone observing your computer would know when you are connected to the internet or to the anonymization service. If this observer also observes the first mix in the anonymization service, he would see connections and disconnections there as well. He could then draw conclusions as to which user is visiting which website.
Let us assume the following example:
- It is known that a user is downloading a large file (for example, 50MB).
- It is also known that another user is only surfing.
The observer also sees that one of them frequently connects and disconnects from the internet while the other is constantly connected. Then it's clear that the one who is constantly connected is downloading the file and the other one is the one surfing.
Somit ist klar, wer von beiden die Datei herunterlädt und wer nur surft.
The problem remains even with many users. Statistical averages can be made of people who were logged in at the same time. Thus it becomes relatively easy to determine who did what at what time.
Am I also anonymous to web bugs?
Yes, as long as you follow all the security tips. (deactivating active content)
Is all data sent from my computer encrypted?
Yes, all data leaving your computer is encrypted in multiple layers like an onion for the mix cascade used. JAP takes care of this for you. You can find a detailed description under "JAP and Encryption".
But please note that data leaves the last mix in a cascade unencrypted if you don't use SSL. (Why?).
Why is the mix service on a central server and not setup P2P?
Some users suggest that each JAP user could simultaneously use JAP and act as a mix for other users. We've decided on mix cascades rather than mix nets (where users are free to choose their routes) for several reasons.
- The anonymity of an individual user depends on a maximum number of users behaving the same way. If each user is allowed to choose his own route through a network of many mixes, the number of users using the same route becomes significantly smaller than that of a single route in a mix cascade.
- Being a mix provider that offers a high degree of anonymity also means being able to deal with a large bandwidth of traffic. This makes it unrealistic to expect many private users to offer their JAP as a mix. Through continually changing mix availability and limited bandwidth through these mixes, an acceptable speed for surfing would be difficult to acheive.
- Unfortunately, being the final mix provider in a cascade usually means receiving inquiries from criminal justice authorities. Private users may then find themselves in the situation of proving that they did not commit a crime that occurred under their IP address.
- Many users would rather trust large institutions that are able to be strong for them (at least we hope so!) and who sign the official declaration, rather than random, unknown internet users.
| 
