Thursday, May 9. 2013
Posted by cane in Speaker's Corner at 17:24 | Comments (0)
Tracking services are using sophisticated methods to get first-party status for their tracking elements to avoid blocking. The tracking services above are only small examples. Yahoo! Web Analytics sets a one-year, first-party, persistent cookie that includes a unique visitor ID number and is able to track 99,9% of website visitors.
Saturday, May 4. 2013
Posted by cane in Mix Proxy Operators at 14:00 | Comments (0)
SpeedPartner GmbH will perform unscheduled maintenance on the hardware running mix servers lilie/nelke/tulpe today. Please expect a downtime of about 15 minutes and reduced performance while raid disks are rebuilding afterwards.
Sorry for any inconveniences caused.
Friday, May 3. 2013
Posted by cane in JonDonym News at 12:26 | Comments (0)
A few weeks ago we started with the roll-out a a new server software on free mix cascades. This new version contains an additionally integrity check to improve security for users of JonDonym. Unfortunately the latest version has a bug which triggers the following error message in JonDo mostly in case of server overload:
In the last two weeks we have had an overload situation on free mix cascades because of outage of the free mix cascade provided by TU Dresden and time by time because of unexpected very high traffic on free cascades. In the last case it may be possible, the overload was the result on an attack by unknown third parties to disturb the operation of mix servers.
We are working together with TU Dresden to fix the bug and together with mix operators to improve the robustness against server overload. We're sorry for any inconvenience.
Friday, April 19. 2013
Posted by cane in Mix Proxy Operators at 19:32 | Comments (5)
Tuesday, April 16. 2013
Posted by G. Koppen in Speaker's Corner at 09:39 | Comments (4)
In the future the JonDoBrowser shall replace the JonDoFox profile in order to allow an even better protection against tracking on the Web. As the development is already on its way since a while we would like to deliver a short status report every six weeks from now on. That would hopefully give users an idea about where we are now and what still remains to do:
The top 5 things we did during the last six weeks:
1) Worked on the update mechanism (full updates are working on Linux now)
Top 5 things for the coming weeks:
1) Releasing JonDoBrowser 0.7 (scheduled for May 20, 2013)
ToDo for the 1.0-Release:
1) Update mechanism for Windows, Mac OS X and Linux
Wednesday, March 20. 2013
Posted by cane in Speaker's Corner at 13:35 | Comments (0)
More than 80% of Internet user dislike the tracking of their online behavior. But tracking is expanding more and more. Popular Web sites are far more aggressive in their tracking practices.
More Elements on Popular Websites
The project Web Privacy Census of University of California is watching the state of internet tracking and privacy over years. An increasing usage of tracking features was documented. For an example we want to show only the usage of cookies by the 100 most popular websites:
The project observed statistically significant increases in the amount of usage of sophisticated HTML5 features like DOMstorage and other EverCookies for tracking. 38% of popular websites were using EverCookies techniques in Oct. 2012. EverCookies are not easy to manage and remove by users like third-party cookies.
Because it is easy to block third-party content with modern browser more third-party aggregators are working to hide their presence in a first-party site by serving content from what are or appear to be first party servers. This approach makes it very difficult to block tracking scripts by advertising blocker. For an example you may have a look at the easy to use tracking plug-ins offered by Webtrekk for blogs, content management systems and shops.
Some tracking services doesn't use markers like cookies or EverCookies but only browser fingerprinting for surfer recognition. The demonstration project Panopticlick featured out, that more than 80% of browser have a unique fingerprint. The recognition rate increases to 94% if Flash or Java plug-ins were enabled. (How Unique Is Your Web Browser PDF). Tracking services are using more sophisticated methods and achieve 30% higher recognition rates than cookies based approaches. Other tracking services are using browser information, screen size and other values additionally for user recognition.
An increasing number of websites is using more than one tracking service. An example is the webshop Zalando. It uses the following tracking and advertiesment services: 36YIELD, ADSCALE, APPNEXUS, ATDMT, ATEMDA, CRITED, DEMDEX, DOUBLECLICK, FACEBOOK, METRIGO, OPENX, PUBMATIC, ADSERVER, SOCIOMANTIC, YIELDLAB und YIELDMANAGER.
Decreasing number of independent tracking companies
A number of families of domains and tracking services have been created through acquisition of many companies by some global player. The families are sharing collected data and achieve a large coverage of popular websites.
The larges family is Google and associated companies. The earnings of these family are 44% of the world-wide online advertising market. During the last years Google bought the following companies:
Because of this acquisitions tracking features of the Google family are present on more and more popular websites:
Other tracking families are the Overture network, Microsoft and the Yahoo! family, each with a portion of 3-8% of the world-wide online advertising market. The new cooperation of Facebook with BlueKai and Epsilon is the start of a new large tracking family.
Using of Real World Data
The tracking of our online behavior offers only an incomplete view on our interests. First steps are taken by Facebook to include real world data in profiling for proper online advertisements. A cooperation with Axciom and Datalogix was announced in February. Both databrokers operate big databases with real wold data like creditcard payments, loyalty cards at supermarkets and product warranty cards and so on.
If the information flow increased in both direction, our online activities may get more influence of our real live. A year ago Sarah Downey warns:
The harms of online tracking are real and growing. This isn't about targeted advertising, like the ad industry wants everyone to believe. This is about the collection and use of your personal information in ways you can't even imagine.
Today our online activities may decide about getting a new job or may have an influence on assurance taxes. Personally I know 3 cases of including private online activities to check job applicants by personnel managers. In one case the result was positive. In two cases the applicants were rejected mainly (but not only) because of this data.
Wednesday, March 13. 2013
Posted by Delta-Protect in Mix Proxy Operators at 20:09 | Comments (0)
due to low usage, we decide to discontinued the AnonJabber service.
We apologize for closing the service.
Friday, February 22. 2013
Posted by cane in Speaker's Corner at 20:05 | Comments (3)
I'm traveling in Iran at the moment and there is a good reason for using bitcoin here: Due to embargo there is no international credit card you could use in Iran.
On February 06. the US administration released new economic sanctions against Iran. It is not possible any more for Iranian people to send money via Dubai or use gold exchangers. Not only the government and central banks of Iran are affected by this sanctions but many people and travelers too.
Using Bitcoin it is possible to circumvent economic sanctions and pay for many international services. It is not very easy to use, but with a little bit motivation it may be possible. Unfortunately the Bitcoin software (and other cryptographic software) is hosted on Sourgeforge.net. This hosting project implemented the US Foreign Assets Control sanction list (OFAC) against Iran, Cuba, Syria and other countries. It is not possible for affected people to download the software without anti censorship tools.
To make free software available for free usage we offer an alternate download page for cryptographic software at our server. At the moment we mirror only the Bitcoin clients, but we are open for recommendations.
Friday, February 22. 2013
Posted by cane in JonDonym News at 13:30 | Comments (0)
We installed new SSL certificates on our webservers. Only the following certificates are valid now:
Wednesday, February 20. 2013
Posted by cane in Speaker's Corner at 21:13 | Comments (0)
Auf einem Polizeikongress finden die Teilnehmer ein dankbares Forum, um neue Überwachungsbefugnisse zu fordern. Zentrales Thema auf dem 16. Europäischen Polizeikongress war die Wiedereinführung der Vorratsdatenspeicherung (neudeutsch: Mindestspeicherdauer). Herausragende Gedanken äußerte BKA Vizepräsident J. Maurer: Jeder Bürger müsse eine neue Sicht auf das Internet verinnerlichen und eine Speicherung von IP-Adressen sei nicht problematisch, weil:
Wer im Internet ist, hat die Privatheit verlassen.
Diese pauschale Sichtweise würde eine Aufhebung des Post- und Fernmeldegeheimnis für E-Mails und sonstige private Kommunikation im Internet bedeuten. Das Post- und Fernmeldegeheimnis wurde nach den Erfahrungen mit der faschistischen Dikatur Mitte des letzten Jahrhunderts als Grundrecht in allen übergeordneten Normenkatalogen verankert (UN-Menschenrechtskonvention, EU-Grundrechtecharta, Grundgesetz), als Schutzrecht für Bürger gegen einen übermächtigen (Polizei-) Staat. Für mich stellt sich die Frage, ob Herr Maurer die geeignete Einstellung hat, um verantwortungsvoll die Führung einer Polizeibehörde mit weitreichenden geheimdienstlichen Kompetenzen zu übernehmen.
Ein weiteres Beispiel für den Geist des Kongresses war der starke Beifall für den nordrhein-westfälische Innenminister R. Jäger, als er die Haltung von Bundesjustizministerin Leutheusser-Schnarrenberger als "nah an einer Strafvereitelung" bezeichnete. Die Bundesjustizministerin hält eine Mindestspeicherdauer von sieben Tagen für IP-Adressen und Quick Freeze für Verbindungsdaten für ausreichend (siehe Eckpunktepapier des BJM zur VDS, PDF). Außerdem ist für Frau Leutheusser-Schnarrenberger Anonymität ein Grundprinzip des freien Internets.
Medial begleitet wurde der Polizeikongress mit Horrorgeschichten über drohende Terroranschläge per E-Mail oder die schlimmen Folgen fehlender Vorratsdatenspeicherung für die Aufklärung von Mordfällen (FAZ). Der Bundesdatenschutzbeauftragte bezeichnete den FAZ-Artikel als unredlich.
Kein Sprecher auf dem Polizeikongress konnte neue Fakten oder Studien präsentieren, welche die Notwendigkeit der Vorratsdatenspeicherung wissenschaftlich belegen. Zur Erinnerung:
Sicherheitspolitiker aller Ebenen sollten mehr Respekt vor Grundprinzipien unserer Gesellschaft zeigen, statt nicht-diskussionsfähige Maximalforderungen zu präsentieren.
Monday, February 11. 2013
Posted by Gast in Guest at 12:46 | Comments (0)
Beim Aufploppen des E-Mail-Signals des eigenen Mailprogramms kann man sich nicht sicher sein, eine gewollte E-Mail zu bekommen. Fast stündlich landen unerwünschte Werbe-Nachrichten, sogenannte Spammails, in unseren Postfächern. Abhilfe verschaffen Spam-Filter, trotzdem schaffen es gut getarnte Nachrichten immer wieder am Spamschutz vorbei. Mit ein paar Tipps kann man die tägliche Spamflut etwas schmälern.
Monday, January 28. 2013
Posted by cane in Speaker's Corner at 13:33 | Comments (11)
Hushmail.com enjoys a good reputation for privacy friendly e-mail services or years. The EFF.org recommended in the tutotial about anonymous e-mails accounts only Hushmail.org (Don't be a Petraeus) and the German Journalist P.Beuth wants to publish a tutorial for anonymous e-mail accounts by using Hushmail.com next days in the online newspaper ZEIT.de.
JonDos does NOT recommend Hushmail.com
The stored records are not deleted when you cancel your account.
Recommended e-mail provider
A small list of recommended e-mail provider you may find in our online help about anonymous e-mail accounts with Mozilla Thunderbird. You may send us your recommendations by using our contact form and we will add it after checking the service.
Wednesday, December 19. 2012
Posted by cane in Speaker's Corner at 17:18 | Comments (2)
In April 2012 the security scientist Pete Swire published a paper about trends in lawful surveillance. Intelligence services and law enforcement agencies are seeking access to stored data in the cloud and on private computers because wired interception of telecommunication is less effective.
With a new drafted law (BR-Drs. 664/12) the German government is taking a leading position in this development. For the future intelligence services and law enforcement agencies may have warrant-less access to passwords of e-mail accounts and cloud-stored data, PIN codes of smartphones and to the TR-069 interface of routers provided by Internet access provider for customers. Provider with more than 100,000 customers have to offer automated interfaces for lawful access. Smaller provider have to answer a request within 6 hours. All providers are not responsible in case of unauthorized access to user-related telecommunication data.
The German Pirate Party commented:
"This draft is not supported by constitution." (Patrick Breyer, MDL)
JonDonym storage grid
We are going for development of new services to keep your data private. For premium users we offer a storage grid, which does not have all the comfortable features of DropBox and is only accessible by webinterface (at the moment). But it implements some great security concepts:
Monday, December 10. 2012
Posted by cane in Speaker's Corner at 13:39 | Comments (3)
The project SSL Pulse tracks nearly 200,000 high profile web sites from the Alexa top one million site list and evaluates their SSL implementation. Only 10% of all sites are genuinely secure.
We want to give some small recommedations for webmaster to improve the security of HTTPS encryption. All sample configuration snippets are working for Apache2, but you may adapt it for other web servers too.
Create a SSL certificate
At first you have to create the SSL certificate and get a signature by a certification authority (CA). You may use checkdomain to get a signed certificate.
All CAs offer a comfortable webinterface to use your browser of all steps of the certificate creation process. We do NOT recommend the use of website wizards. You do not have full control over the creation of your private key. You may use the OpenSSL library to create at first the private key and a certificate signing request (CSR) afterwards on your computer:> openssl genrsa -out my.key 2048
> openssl req -new -key mein.key -out my.csr
Now you can send only the CSR to the CA and you will get the signed certificate (CRT) back.
Enable SSL encryption in your server configuration
To enable SSL encryption you have to load the module "ssl" and add the following lines to your virtual host configuration for port 443. The certificate chain file is only required time by time, please read the documentation of you preferred CA and download the bundle if required.SSLEngine On
Restart your web server and SSL encryption is working. But SSL is a complex standard and contains may insecure features.
Security is a process and not an one-time action. Check your server time by time with the SSL server test for new vulnerabilities and fix it as soon as possible.
Thursday, November 29. 2012
Posted by cane in Speaker's Corner at 20:51 | Comments (3)
The EFF.org evaluated the investigation of FBI in the personal lives of CIA Director David Petraeus, Paula Broadwell, Jill Kelly and General John Allen and published A Tutorial on Anonymous Email Accounts.
(Page 1 of 12, totaling 166 entries) » next page
Free Trial for Premium Services
Georg Koppen about JonDoBrowser 0.6 - Status Report
Mon, 29.04.2013 09:54
Ja, der Wartungsaufwand steigt , aber wir hoffen, der Support aufwand sinkt und die Si [...]
Georg Koppen about JonDoBrowser 0.6 - Status Report
Mon, 29.04.2013 09:43
Auf Java kann in absehbarer Ze it nicht verzichtet werden, le ider. Die Integration br [...]
basil about JonDoBrowser 0.6 - Status Report
Tue, 23.04.2013 18:55
Jondofox wird es, wenn der ers te Satz im ersten post umgeset zt ist, nicht mehr geben [...]