Anonymity

Table of Content

Mix cascades

JonDonym certificates and their meaning

Certificates are used to identify operators of JonDonym services. Typically, a mix cascade consists of two or more consecutive mix servers operated by different organizations. Only if all of these operators cooperate could the anonymity of the users be revoked. Users of JonDo should therefore consider for themselves whether they trust the mix operators of a cascade and whether they connect to this cascade according to this decision. It is therefore crucial that

• the individual mixes are run by independent organizations and that
• the information about these organizations is reliable.

Certificates are parts of the so-called cryptographic public key method: the organization identified by a certificate owns a private key that it uses to create digital signatures. This key must always be kept secret since everyone could otherwise use it to create signatures. By comparision to the openly available public key others can check these signatures and verify that they really communicate with the requested organization. The correlation of identity and public key is proven by a digital certificate. This is an electronic document digitally signed by a certification authority. It is highly recommended to inspect the certificates of each individual server of a mix cascade (click on the different mix icons and then on the respective certificate).

Certification authorities (CAs)

Organisations that issue certificates are called certification authorities. They connect the identity of the certificate owner to his public key using an electronic signature. The organisations issuing JonDonym certificates have committed themselves to be very careful when certifying operators. Operators may also get certified by more than one CA. Multiple certification takes the need for trusting a single certification authority.

Mix certificates and operator certificates

Both mixes and operators of mixes receive certificates. A CA issues an operator certificate that is attached to his/her identity. By using this certificate, the operator may then generate mix certificates him/herself for his/her mixes. These mixes, or mix certificates respectively, can then be associated with their operator beyond a doubt and cannot refer to a faked identity.

Certification status

A certificate is considered as verified only if the signature of the certification authority, which has issued this certificate, is valid. Certificates may also be verified by two , three or more  independent certification authorities at once. Thus, the correctness of the identity and the reliability of the respective operator is better secured. Non-verifiable certificates are generally not trusted  as anyone with basic knowledge about computer technology can generate such certificates by himself. The validity of a certificate depends on the time period for which the certificate has been issued. Typically, you should not trust an expired / invalid  certificate any longer, as it is not clear whether the owner still has the right to offer the service. Certificates may also be revoked , for example if their encryption was broken, the operator turned out to be dubious or if the private certificate got into the hands of unauthorized persons.

JonDo blocks connections to mix cascades with at least one untrusted or revoked mix. Expired certificates cause service filters and the Anonym-O-Meter not to count such a mix as part of the service. However, a connection to the service is still possible if at least the first or the last mix in the service is still fully trusted. Moreover, JonDo prevents connections to InfoServices with untrusted, revoked or expired certificates. Program updates and payment connections are also always checked for trusted certificates.

Anonymity

Table of Content

Mix cascades