Java Anon Proxy

JonDo is a Web anonymizer, which is further developed by JonDos. The name is an allusion to John Doe - The english placeholder name for unknown people. The service went from the Java Anon Proxy (since Java is a trademark of Sun Microsystems, and no longer allowed to be used, only the acronym JAP was usually used) of the project AN.ON forth, on which the Technical University of Dresden, the University have researched Regensburg and the Independent Centre for Privacy Protection Schleswig -Holstein. After the government funding of the project ended in 2006, founded some project staff JonDos as a start-up company and as led continuing the service. JonDo is distributed as free software under the three claus time BSD license.

• 5.1 retention

Operation

The user is in the anonymizing application to the local address of the JonDo clients as a proxy server (particularly the browser). This client takes care of the communication with the mixing of the selected cascade - in particular, it takes the necessary encryption. These exchanges of the client with any mix of the cascade confidential its own secret key, so that the individual key is only known exactly a mix and the client. These secret keys are now multiple encrypted data to be sent and sent these multiple encrypted data to the first mix of the cascade. While these data now through the cascade, each mix decrypts the data with the respective known to him secret key. After the last mix has performed this procedure, the plaintext data is visible to him (if no end-to -end encryption it exists) and sends it to the intended recipient. Response data, the receiver sends to the last mix of the cascade. The mixes encrypt in the receive direction now successively the response data with the respective secret key. Once the response packet has passed through the reverse cascade complete and was handed from the first mix of the JonDo client, it decrypts the packet according to several times and then passes the decrypted data to the application.

Anonymous to external observers, one is within the user group of the same mix cascade. Therefore more used cascades produce a greater anonymity. The anonymity against the operators of the mixes on the other hand depends on the number of mixes in the cascade and the confidence in their individual operators that they do not work together. Only if all mixes a cascade work together, the only known to the first mix source IP addresses of the requests can be assigned to only known to the last mix requested web pages so that all user actions would deanonymisiert. Since law enforcement authorities or other government institutions to enforce such cooperation of Mix Operators, an international diversity of the mix operators of a cascade is also advantageous for the anonymity.

Pros and Cons of anonymization model

JonDo based - unlike some other anonymizing services such as Tor - on the concept of fixed mix cascades. In theory, this model is also safe for complete monitoring of the underlying network. In the Tor network can provide each his computer as anonymizing node in comparison. Gate is therefore susceptible to large-scale monitoring systems based on large server farms with which an intelligence mitbetreibt the anonymizing network in a big way. In the practical implementation for a real-time anonymization service but also result in JonDo problems because not all the necessary mixing functions ( sufficiently well ) can be performed. Therefore, the practical attacker model is significantly reduced: security can only be achieved against attackers who can monitor the network locally at one point. Conversely, in particular attacker who can listen to a cascade all communication before the first and after the last mix, able to fully comprehend the actions of the user of this mix cascade. Simplifies the situation for such attacks since there are only a very limited number of mix cascades, so that a presence for the attacker is only required at a few points to deanonymisieren all transacted through JonDo communication. An increase in the number of mix cascades as a countermeasure is problematic because the basic model assumes that as many users are active simultaneously via a mix cascade to maintain the anonymity of large group - more mixcascades would make the user groups per cascade smaller.

On the other hand, offers the Mixkaskadenmodell with the manageable number of mix operators the advantage that a more intensive review of the operator can take place. Thus, there is a higher security against the mix operators even guaranteed ( unlike, for example, the Tor node operators ).

Mix Operators

JonDos relies exclusively on certified Mix Operator. These need to identify yourself to at least one of currently two certification bodies ( JonDos, AN.ON ) and enter into an operating agreement. Purpose of this contract is both to ensure the anonymity of the user as well as the independence of the Mix operation of JonDos. In this way, cascades can be constructed by independent mixes without requiring a central authority as JonDos or other certification bodies to dispose of those mixes has.

There exists an international range of Mix Operators, with a focus on Germany. The operation is carried out both by individuals and by companies and organizations, in particular in the field of data protection. Among the operators, the original project partners of the AN.ON project (Technical University of Dresden, Independent Centre for Privacy Protection Schleswig -Holstein), JonDos itself, the Bavarian Association are the Pirate Party Germany, among others

Payment model

Since the traffic on a mix is significant, so not such as already have a broadband connection may be sufficient at the gate, there is the question of financing the Mix operation. On the one hand allow sponsors several free cascades. However, these are often very busy, so there is then the speed of the ISDN level.

On the other hand, one can use about purchasing a volume tariff cascades with costs, which offer significantly higher speeds usually. In addition, a SOCKS proxy is behind the paid cascade in the rule ( instead of only one HTTP proxies ) are connected, meaning that there is more functions can be made anonymous than just surfing the web. Even from the standpoint of anonymity have there some advantages, as these cascades are longer than integrate the free mixes and internationally distributed so that, for example, national law enforcement runs there into the void. However, significantly fewer users are active on these cascades, which reduces the anonymity win something, because the anonymity groups are small. The settlement of the amount consumed is done via a single pseudonymes account. The acquisition of the account is completely anonymous among other things, payment methods, such as Paysafecard, possible, so that the operator of any personal information must be made public.

In the spring of 2010, there was due to the payment model to disputes between the mix operators, which meant that some providers of free cascades have folded, including the German Privacy Foundation. Since by far the largest part of the unwound JonDo traffic despite payment model accounts for the free cascades, the project does not work even. To increase revenue, the use of free cascade was, inter alia, there by reducing the maximum possible speed of 100 kbit / s is less made ​​up 30 to 40 kbit / attractive in comparison with fee-based cascades. At such low speeds some providers of free mixes saw but given no reasonable possibility to use more and have their commitment to JonDo therefore terminated.

The download and use of the necessary software is free in any case.

Software

JonDo is available for download as an installer version for Microsoft Windows (98, ME, 200x, XP, Vista, 7), Mac OS X and Debian-based Linux distributions. For other operating systems, a pure JAR file ready, so there JonDo also runs if an appropriate Java Runtime Environment is available. In addition, there is an app with ANONdroid for Android, which allows the use of anonymizing services on mobile devices.

Since the Web browser configuration critical for anonymous access to the internet is ( cookies, HTTP headers, plugins, ... ), in addition preconfigured profiles for Mozilla's Firefox Web browser are offered for download. These are called JonDoFox. For Windows also a fully preconfigured, portable version of Firefox can be downloaded on the basis of PortableApps.

In addition to the JonDo client is also the server software for information services and mixes (the latter not in Java, but in C ) open source and free of charge.

Prosecution

In the public spotlight law enforcement measures advanced for the first time in 2003. On 3 July 2003, the Federal obtained a decision the District Court Frankfurt, which undertook the project partners of the AN.ON project, on the basis of § § 100 g, 100 h Code of Criminal Procedure specific record call data. In contrast AN.ON lodged an objection, because § § 100 g, 100 h Code of Criminal Procedure refers only to data gathered by the service provider anyway. By itself, however AN.ON raised no such data. A decision would therefore based on § § 100 a, 100 b must be presented with Code of Criminal Procedure, which requires the service provider to record uncollected by him data. For a decision on the basis of § § 100 a, 100 b Code of Criminal Procedure, there are higher requirements than for a based on § § 100 g, 100 h Code of Criminal Procedure. As the opposition, however, had no suspensive effect, the AN.ON project partners began to safety with the implementation of a Single Event logging: If the last mix of the cascade access to a to be monitored website are detected, it transmits the response data a flag which the involved mixes for logging the channel allocation of the data channel concerned prompts ( the first mix, this flag then again before he forwards the response data to the requestor ). This log data is stored encrypted on the respective mix and can then be requested and evaluated later by law enforcement agencies. Since the source code of the mixes are open to this change some users noticed, which led to media coverage. The contradiction of AN.ON against the police decision based on § § 100 g, 100 h Code of Criminal Procedure but finally had success and the Frankfurt Regional Court upheld the legal opinion of AN.ON that such monitoring activities only on the basis of § § 100 a, 100 b Code of Criminal Procedure can be done. However, in meantime, a record was incurred, which the Federal secured with a likewise identified as an abuse of rights in retrospect search and seizure decision. In addition to the judicial clarification, on what legal basis in the future an anonymization service in Germany may be forced to log accesses, and the logging functionality as a result of these events remained in the source code of the mixes.

On 6 September 2006 the AN.ON server of the Independent Centre for Privacy Protection Schleswig -Holstein was confiscated. Since the prosecutors should have been clear that at AN.ON no connection data are saved by default, the point of this seizure is unclear.

To make prosecutions transparent, JonDos published a report that provides information on the number and the scope of judicial prosecution arrangements information annually.

Retention

With promulgation of the "Law for the Amendment of Telecommunications surveillance and other covert investigative measures and the implementation of Directive 2006/24/EC " on 31 December 2007 was in Germany from 1 January 2008, the so-called retention. Providers of publicly available telecommunications services were therefore obliged, from 1 January 2009 to save the costs incurred in service delivery traffic data for a period of six months and to submit the relevant state authorities on provision of appropriate conditions.

Basically, provider of anonymizing services were affected by these regulations. The JonDos, however, has the Mix operators recommended not to implement the data retention. The evaluation of the data obtained during the retention on a single JonDonym mix can not provide meaningful results. Only together can remove the anonymity of users all mix servers in a cascade. The international distribution of Mix Operators prevented in many cases, however, a survey or evaluation of the data retention. This data storage is not effective. The majority of the 2009 active German Mix Operators have followed this recommendation and have no stock data stored: Pimenidis IT Consulting, Behrens, dotplex eK, German Privacy Foundation eV, Pirate Party, and the speed Partner GmbH. The mix operators at the Technical University of Dresden, the University of Regensburg and the Independent Centre for Privacy Protection Schleswig -Holstein are not followed the recommendation JonDos and had implemented on their mixing the data retention as follows:

• The first mix the stored IP address, the date and time of the incoming call, and for each connection, the outgoing channel number on which the data is passed to the second mix.
• Mean mixes stored inbound and outbound channel numbers of the compounds as well as the date and time of each channel structure.
• Recent mixes saved the incoming channel number for a connection, the date and time of the Kanalauf and degradation, the source port number of the outgoing requests and its date and time.

Due to the significant interference with the operation of an anonymization service that JonDos belonged to the Erstbeschwerdeführern initiated by the Working Group on Data Retention collection constitutional complaint against data retention ( 1BvR 256/ 08). In particular, ( 12 para 1 of the Basic Law Art ) and the protection of property (Article 14 paragraph 1 GG ) were reprimanded by JonDos interference in the freedom of occupation. The implementation of the data retention would ensue for the provider of an anonymization service with disproportionate costs which barely allowed an economical operation. Also would use existing for the provision of telecommunications services installations that do not allow retention, so useless, which would constitute a disproportionate interference with the property. Although the constitutional complaint has been generally successful, since, according to the judgment of the Federal Constitutional Court of 2 March contrary 2010 central parts of the retention of telecommunications secrecy (Article 10 paragraph 1 GG ) and were therefore null and void, the complaints referred by JonDos against further encroachments on fundamental rights as being particularly admissible but unfounded rejected.

Since the judgment of the Federal Constitutional Court eliminated the legal basis for the retention, since this is applied to no more mix cascade.