The World Wide Web and your privacy TOC Introduction Certificates

JonDonym, AN.ON and Tor

The JonDonym/AN.ON technology is based on the principle of multiple (layered) encryption, distribution and processing. This procedure does not only protect your internet activities from being observed by third parties (against your access provider, WLAN hackers, advertising services and websites), but also against observation by the individual JonDonym providers themselves (against JonDonym service operators and their billing providers).

The anonymization service JonDonym is a development branch of the AN.ON Project. It consists of multiple user selectable mix cascades. A cascade consists of two or three separately encrypted mix servers. These mix servers are operated by independent and non interrelated organizations or private individuals who all publish their identity. The operators have to abide by strict provisions which prohibit saving connection data or exchanging such data with other operators. Every connection from a user is differently encrypted for every mix server within a cascade and transferred through the cascade to the target, e.g. a website. Thereby no mix operator alone can by himself expose the user. Eavesdroppers on the connections to JonDonym cascades get garbage data only, as the connection to every mix is separately encrypted. Also, since a lot of users surf the anonymization service simultaneously, and thus share the same IP address, all connections of every user are concealed amidst each other: a correlation is not possible any more.

JonDonym has many advantages to other anonymization services:

• Protection against your own internet access provider: Strong encryption and authentication protect you from being observed. Nobody can read the traffic between your PC and the JonDonym mixes. (per mix encrypted with RSA 1024 and AES 128 for each mix; signatures built with DSA, RSA or ECDSA; realized with the BouncyCastle and OpenSSL libraries)
• Protection against the anonymity service operators: Unless all mix operators in a JonDonym cascade are separately forced by a court order, blackmail or a hacker attack to monitor you, your JonDonym connections are safe. The mix operators are revaluated regularly concerning seriosity and professionalism. Their identity is made public also. Even in the highly improbable case that they all are forced to unmask a certain connection, this function would have to be compiled into each server software first.
• No logfiles: Saving any logfiles with IP addresses is forbidden to the mix operators by contract. The same holds true for the actual contents of the data. Exceptions caused by national prescriptions are marked and described clearly.
• Transparent functionality:The program user interface has an especially informative design. The source codes of all program components are published according to an OSI compliant licence (SVN-Repository and CVS-Repository).
• No software backdoor: There is no possibility to inspect single connections in the JonDo client. The software runs completely on your PC and can not be manipulated without your approval. No identity, serial number or account number is transmitted during update to impede any directed update manipulations by hackers or the developers themselves. Updates may be done entirely through an anonymized connection.
• Secure browser profile: With the JonDoFox you are given a Firefox profile for free which has been especially developed for anonymous and secure surfing with JonDonym.
• Portable anonymity: JonDo also runs without installation on the PC directly from a portable USB stick (Windows / Mac OS X).
• Easy combination with other products: You may easily combine JonDo with other anonymization products, for example with Tor or VPN services.
• Evolution by research: Scientific work conducted at the Technical University of Dresden (AN.ON), the University of Regensburg (AN.ON) and at the JonDos GmbH (JonDonym) enhances and constantly improves the system.
• Competent, fast and at no charge: Very comprehensive help texts describe the application and its context detailed and understandably. Moreover, an administered user forum and e-mail support may be used for free.

A similar anonymization can only be offered by the non-commercial software Tor. While the Tor hidden services (a special Tor feature) are somewhat affected, the Tor users themselves are also protected against TCP timestamp attacks similar to JonDonym. Internet beginners should be careful with Tor, though: there is no control over who runs the Tor servers over which your private data travels. In the past, there has been ongoing suspicion that criminals and intelligence agencies exploit the Tor network in order to secretly attain unencrypted information like passwords, bank accounts and credit cards. Moreover, certain tricks can enable the Tor server to concentrate much of the traffic on itself, making the exploit even more effective. Tor may be set as proxy in JonDo though, making surfing considerably slower but, in some individual cases, even more secure than with JonDonym alone: thereby the last servers in this chain will then be part of the verified JonDonym network.

Like in Tor, the respective last mix server in a JonDonym cascade could record data which is not separately secured by HTTPS/SSL (has to be offered by the web site itself). Unlike Tor and other services, however, in JonDonym only certified and publicized persons and organizations may operate a mix server. The user may then decide for himself on whether he trusts the operator or not. If needed, they may simply choose other operators. All this makes it highly improbable for criminal operators to infiltrate JonDonym.

The World Wide Web and your privacy TOC Introduction Certificates