JonDonym News Center

Internet Censorship in Vietnam

nospam@example.com (cane) — Tue, 08 May 2012 15:57:33 +0200

Vietnam currently regulates access to the Internet extensively. Together with infrastructur management like DNS blocking, IP blocking and content filtering a climate of self-censorship is enforced by the gouvernment. (see: Profil Vietnam at OpenNet.net)

The Vietnamese government has issued a new draft decree of a law in online censorship that is expected to be issued in June and would have grave implications for 30 million country’s netizens and foreign internet companies.

No anonymous speech: Internet users are "strictly prohibited" from providing fictitious personal data.
For usage of Social Networks real names are requiered too.
Website administrators have to report any instances of prohibited online activities to authorities.
Bloggers will be held personally liable for all the published content on their blogs.
The draft require foreign internet companies to relocate their data centers to Vietnam.
Foreign internet companies are compelled to provide information and cooperate with Vietnamese government agencies in internet censorship.

Google and Facebook have millions of user in Vietnam. In similar situations in India and China both companies cooperated with the gouvernments.

Facebook Phishing Attacks by Syrian Electronic Army

nospam@example.com (cane) — Fri, 04 May 2012 15:03:11 +0200

The Syrian Electronic Army (SEA) operates with at least tacit support of the government. In the last weeks it targets Facebook and Youtube accounts of Syrian activists to get the login credentials and infect the computers with malware.

May 2011 a man-in-the-middle attack against the HTTPS version of the Facebook site was launched with support of most syrian ISPs. It seems, the Syrian Telecom Ministry was involved too.
February 2012 CNNtech reported the deployment of computer viruses like Backdoor.Breut against Syrian opposition activists
3 waves of attacks were reported by EFF.org in March 2012. At first a PDF document was delivered via Skype message from a known friend. It installed a remote administration tool called DarkComet RAT, which can capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, steal passwords, and more.
Afterwards links to a fake YouTube page were distributed by email and chats. Visitors were attacked in two ways: it requires to enter YouTube login credentials in order to leave comments, and it installs malware disguised as an Adobe Flash Player update.
During the third attack in March 2001 phishing links were spread in pro-revolution forums on Facebook to get Facebook login credentials of activists.
April 2012 the Facebook security application FacebookWebBrowser.exe was promoted for Syrian activist in Facebook comments. The FacebookWebBrowser.exe is a malicious application which logs keystrokes and steals login credentials for email accounts, YouTube, Facebook, Skype, and others.
Since a few days a Skype Encryption Tool is promoted for Syrian activist. The application does not encrypt anything. Instead of encrypting Skype traffic, the application downloads malware.

In may cases compromised accounts were used for malware distribution and people may think, the message is comming from a friend.

Attacks on facebook accounts are not a new idea by Syrian Electronic Army. The Agence Tunisienne d'Internet (ATI) used Javascript Injection to get login credentials of Facebook accounts a year ago. But this intensity of attacks is new in cyberwar.

4 news stories

nospam@example.com (cane) — Tue, 24 Apr 2012 17:10:34 +0200

Iran is investigating a suspected cyber attack on its main oil export terminal. A Stuxnet like computer worm was detected inside the control systems of Kharg Island - which handles the majority of Iran oil exports. The communications systems of Iran's Oil Ministry and of its national oil company were infected too. (Reuters)

(By some experts it was not yet clear whether the virus was, like Stuxnet, seeking to corrupt industrial processes to cause physical damage, or was a simple data virus.)
The High Council of Cyberspace of Iran published a "Request for Information" (RFI) seeking details on new types of censorship tools that are available in the market. The RFI calls for proper conditions for domestic experts in order to build a healthy Web and organize the current filtering situation. Iran invests millions of dollar in internet control and censorship technique, mainly build by the the Chinese telecom company ZTE. (EFF.org, ars technica)

The Pentagon says it is making measurable progress in developing new defensive and offensive weapons for the cyberspace. (Reuters)
Präsident Obama signed an Executive Order targeting people and companies facilitating human-rights abuses with technology (surveillance technology for the purposes of computer or network disruption, monitoring, or tracking of individuals) to Syria and Iran.

The order is solely focused on Syria and Iran, leaving out - most notably - Bahrain, where protesters were killed last weeks by police forces. Bahraini human rights groups have documented the use of Trovicor (formely Siemens/Nokia) technologies in surveillance there.

Total Information Awareness Project (TIA)

nospam@example.com (cane) — Mon, 23 Apr 2012 17:41:00 +0200

2003 US-Congress defunded the Total Information Awareness project (TIA) of Bush Administration's. TIA was part of the counterterrorism program of Bush Administration's and was qualified as a massive Orwellian technology-driven surveillance and data mining initiative.

2004 President Bush signed an order that allowed the NSA to eavesdrop Americans without the usual requisite warrants. The domestic surveillance program ramps up.

In December 2005 the cooperation of AT&T with NSA spying program was dicovered to the public by the whistleblower Mark Klein.

The NSA has unlimited real-time access to the telefon and internet communication of AT&T costumers.
The NSA has unfettered access to the 300 TByte large Daytona database of AT&T with fon and mail communication records.
A fiber-optic splitter was installed in San Fransisco that copies all internet traffic passing through the system into a NSA computer system.

According an ex-NSA member, AT&T has similar operations in place in as many as 20 other sites. These surveillance activities are in violation of the privacy safeguards established by Congress and the U.S. Constitution. Civil liberties proponents like EFF.org and ACLU sues AT&T and NSA to stop warrantless eavesdropping.

2008 The Obama Administration's would give phone companies retroactive immunity for breaking the law in cooperation with the NSA warrantless eavesdropping program! At first the bill was rejected but it passed the Congress in 2011 with FISA paragraph 802a.

2012 Expansive new guidelines were signed, allowing the National Counter Terrorism Center (NCTC) to mirror entire federal databases containing personal information and hold onto the information for an extended period of time -even if the person is not suspected of any involvement in terrorism. It proposed fusing vast archives of electronic records — like travel records, credit card transactions, phone calls and more.

2013 the infrastructure for the Total Information Awareness project will be ready. The new NSA datacenter in Bluffdale (Utah) will be ready. This new datacenter for $2 billion will be a great storage for all sniffed telecommunication data like phone claas, e-mails, Google searches and so on. For more information about you may read The NSA Is Building the Country’s Biggest Spy Center in Wired magazine.

10 years after defunding by Congress the Total Information Awareness project was realized piecemeal by the administration. The effects in counterterrorism are very low, it generally played a limited role in counterterrorism efforts.

Update (23 Apr 2012): The William Binney was the key source for the wired article about the new NSA datacenter in Bluffdale. He served in the NSA for over 30 years. In his first first television interview since he resigned from the NSA he speeks about the Orwellian state surveillance. Other interview parnters are Jakob Apelbaum and Laure Poitras.

Part 1: NSA Whistleblower William Binney on Growing State Surveillance
Part 2: Questioned Some 40 Times at U.S. Airports (Laure Poitras)
Part 3: "We Don’t Live in a Free Country" (Jakob Appelbaul)
Part 4: The NSA is Lying–U.S. Government Has Copies of Most of Your Emails

Letters from Iran

nospam@example.com (cane) — Wed, 28 Mar 2012 15:42:30 +0200

During the last weeks we got more and more e-mails from Iran.

until today 13/Feb the ssl Protocole and https was blocked and access to gmail,yahoo and other services be imposible. Jondo program be able to pass the iran censorship (nor Ultrasurf and Tor be able to break this limit).

I'm contacting you from Iran .
My only hope for connecting free internet is your software .

you are the most experienced group of German hackers to break the Internet filters in Iran

I wish i could pay you for a new account in some way but according to these amount of sanctions and banking problems it seems impossible. any way ...

Now ; all of our bank and currency issues are effected by this War against us . Its both the problem of Government and USA . they are lots of banking problems for the people here. But ... believe me ... I'll try my best to send you , what you should get .

Since the Society for Worldwide Interbank Financial Telecommunication (SWIFT) is blocking all monetary transactions to and from Iran and due to economic sanctions against Iran it is hardly possible for iranian users to buy premium volumes for JonDonym anymore. Additionally, the currency Rial has been dropping in value significantly versus the Euro and the Dollar.

People that are talking with each other don't throw bombs

On March 15th, Ronny Edry posted a poster on Facebook (left side) . Within 24 hours, thousands of people shared the poster. The answer from Iran (right side) appears within hours.

Ronny Edry is raising money in order to produce more posters and keep the movement grow. You can support the campaign. May we prevent this war.

Mix Rousseau has been moved to Frankfurt/M

nospam@example.com (Behrens) — Wed, 21 Mar 2012 23:58:44 +0100

Our german Mix Rousseau has been moved from Cologne/Germany to Frankfurt/Germany. It is now located at the Databurg Tier 3 facility (since January 2012 that DC belongs to TELEHOUSE) near the Frankfurt/M city centre. That measure supports our effort to provide even more stable cascades within the anonymous proxy server network. Have fun and please excuse any inconvenience.

New Censorship Plans in Pakistan, Iran and USA

nospam@example.com (cane) — Tue, 13 Mar 2012 20:55:12 +0100

Pakistan:

In Pakistan substantial internet censorship already exist [1] {2]. Now the Pakistani government want to build a national Chinese-style censorship firewall. This would censor 20 million internet users!

It may be impossible to build this firewall without support of western IT companies. Pakistani government has put an ad in their national papers asking for companies to help them. Bidding deadline is this friday.

At least five western IT companies have already said they won't participate (Websense, Cisco, Verizon, Sandvine, and OpenDNS).
Bluecoat, Huawei, McAfee, Netsweeper, ZTE, and others did not refuse but also did not confirm to play a role in putting up the walls of censorship.

In our opinion the reason for this restraints to take this profitable job is a first success of the publicity of surveillance technology companies by Spyfiles (Wikileaks), BuggedPlanet or Surveillance Who's Who (Privacy International).

Update: It seems, Pakistan shelves its plans to install a Great Firewall.

Iran:

Supreme Leader of the Islamic Revolution Ayatollah Seyyed Ali Khamenei ordered the establishment of the High Council of Cyberspace and appointed a number of natural and legal persons to the council. The council will establish the National Center for Cyberspace that will allow gaining complete knowledge about the activities in cyberspace on domestic and international scales.

Additional Iran will launch the "halal" network (the closed national "internet") within weeks.

USA:

The Cyber Intelligence Sharing and Protection Act of 2011 (discussed in the Congress) will allow companies or the government free rein to bypass existing laws in order to monitor communications, filter content, or potentially even shut down access to online services "cybersecurity purposes". The bill defines cybersecurity purpose to include theft or misappropriation of private or government information, intellectual property, or personally identifiable information.

The government could proclaim that WikiLeaks constitutes a cybersecurity threat and have new, broad powers to filter and block communication with the journalistic website. Read more at EFF.org.

Google Chrome portable vs. JonDoFox portable

nospam@example.com (cane) — Wed, 07 Mar 2012 15:38:09 +0100

Students of the Martin-Andersen-Nexö high school have analyzed which data traces the browsers Google Chrome Portable and JonDoFox Portable leave behind on a hard drive while being used on a USB flash disk.

Results:

Google Chrome Portable leaves traces on the computer.
JonDoFox Portable has not left traces on the computer.

The students were supervised by Stefan Köpsell, PhD (TU Dresden). We are glad to see the interest in privacy on the Internet of these students.

Download of the presentation (pdf, 10 pages, German)

A License to Snoop

nospam@example.com (cane) — Mon, 05 Mar 2012 20:34:34 +0100

What if your government was considering a policy that would force ISPs to provide unrestricted access to your data to law enforcement at any time, for any reason, and without a warrant? What would you do if your country's leaders were trying to rewire the Internet to support systems of constant digital surveillance? Canadians are facing these dangers in the form of Bill C-30, and Canadian Public Safety Minister Vic Toews (right) is bent on getting it passed despite strong opposition from the public.

The bill would allow authorities to demand access to subscriber information from both ISPs and telephone providers without needing to present a warrant - and would additionally require telecommunications providers to ensure that there was a back door entrance to allow all communications to be intercepted when desired.

ACCESS NOW is running a campaign against Bill C-30

Update reminder

nospam@example.com (cane) — Fri, 02 Mar 2012 17:57:17 +0100

We will launch a new mix server software next time. At first the cascade "Dresden" will switch to the new mix version on next monday morning UTC. The other free mix cascades will follow a few days later and the premium services in the next but one week in case of no problems.

The new mix server software implements an improved protocol with integrity checks recommeded by scientific research at the University Trondheim (Norway). Old JonDo proxy clients below version 0.16.001 will not be able to connect to the mix cascades any more. If you were running an old version, please update your JonDo proxy client. The latest version you may find at the download page.

New Iran internet blocking

nospam@example.com (cane) — Mon, 13 Feb 2012 14:43:43 +0100

Some days ago the Iranian government has ramped up censorship in three ways: deep packet inspection (dpi) of SSL traffic, selective blocking of IP Address and TCP port combinations, and some keyword filtering. The blocks on SSL are not complete and not nationwide. It seems, only the central AS12880 is blocking SSL encrypted traffic.

May be, the shutdown is related to the 33rd anniversary of the Islamic Revolution, which is being celebrated by the government but has spurred protests in years past. In this case it may be possible the new censorship will be nullified in a few days (?)

We got some user reports from Iran about the results of the new censorship. SSL encrypted traffic and HTTPS to GMail, Yahoo! and other services with SSL/TLS encrypted login is imposible. For anonymisation services the situation is unequal.

JonDonym is not shortened by the new censorship limits. The connection wizard of JonDo is able to detect this kind of blocking and circumvent automatically. Our anti-censorship forwarders are working well, if connections to mix cascades and infoservices were blocked by IP addresses. Time by time the connections slow down.
Tor is not able to break the limits at the moment. The Tor metrics project shows a significant decrease of connections from Iran (direct connections and bridged connections):

In a short time Torproject.org will release new bridges with obfuscated encryption to circumvent SSL blocking.
VPNs with SSL encryption (like Ultrasurf and others) are blocked too. Allmost all VPN providers does not have any idea how to circumvent this kind of blocking.

Please, support our work by using JonDonym premium services. The earnings are important for further development and for the people in censorship countries.

Update: (2012-02-15) It seems, the new censorship was nullified after 2-3 days. Tor is working well in Iran.

Potential Indicators of Terrorist Activities

nospam@example.com (cane) — Tue, 07 Feb 2012 18:03:40 +0100

The FBI and the Department of Justice produced and distributed a set of 25 flyers to promote suspicious terrorist activity reporting. The flyers are not released publicly. The collection was compiled by the project Public Intelligence from a number of sources. It covers the information flyers for Airport Service Providers, Financial Institutions, Hotels/Motels, Internet Cafes, Shopping Malls .... Tattoo Shops.

Many of the suspicious activities described in the flyers are basic practices of any individual concerned with security or privacy online. The use of PGP, anonymisation services or any of the many other technologies for anonymity and privacy online are directly targeted by the flyer.

"Potential Indicators of Terrorist Activities" may be:

use of anonymisation services (like JonDonym, Tor or VPN)
use of encryption technique (like PGP, OTR or ZPHONE)
use of anonymous payment methodes

Flyer_Internet_Cafe (PDF)

MAXA Key Exchanger

nospam@example.com (cane) — Tue, 07 Feb 2012 15:27:23 +0100

MAXA Key Exchanger offers an easy way to exchange a secure key over unsecure connections like email or instant messaging. It uses Diffie-Hellman key exchange that allows two parties that do not know each other to jointly establish a shared, secret key for symmetric encryption. More information in the whitepaper (PDF).

Download: MAXA Key Exchanger (for WINDOWS Vista and newer)

MAXA Research Int'l Inc. is a cooperation partner of JonDos GmbH.

JonDonym is blocked in Iran

nospam@example.com (cane) — Fri, 30 Dec 2011 14:51:26 +0100

JonDonym is blocked in Iran. The censorships starts 3 weeks ago. Connections to mix cascades and infoservices are blocked by IP addresses black list. Additional it seems deep packet inspection is used to slow down encrypted connections to anti censorship proxy and anti censorship forwarders. But both anti censorship technologies are working and it is possible to avois the blocking of JonDonym.

During Chaos Communication Congress in Berlin J. Appelbaum and R. Dingledine presented an analysis about blocking technologies of some gouvernments against Tor: How governments have tried to block Tor. Because we don't have cooperation partners in Iran we will study the analysis of TorProject.org for development of more sophisticated anti-censorship technologies to get back the full speed of JonDonym services in Iran.

Update: We added tutorials to circumvent blocking of JonDonym to our online help. At first try to use a proxy. If it did not work, you may use the anti censorship forwarder of JonDo.

ANONdroid v. 00.00.008

nospam@example.com (cane) — Thu, 22 Dec 2011 15:23:19 +0100

ANONdroid is a JonDonym proxy client for Andoid smartphones. This nice piece of software is under ongoing development by the AN.ON project of the university Dresden. Project leader is Dr. Stefan Köpsell. ANONdroid uses the core libraries of JonDo with a smartphone compatible GUI. ANONdroid acts as a proxy for your internet applications and will forward the traffic of your internet applications encrypted to the mix cascades. It is still under development, but a first version is ready for download from the Andoid market.

At the moment we can not provide a secure and anonymous browser configuration like JonDoFox for desktops and netbooks. Because a secure browser configuration is important for anonymous surfing we recommend the use of Orweb browser. It is a browser for Orbot, but can be used with ANONdroid too. After installation you have to change the proxy settings of Orweb to localhost:4001.

If you would like to use our premium servces you can buy a JonDonym coupon in our webshop and create a premium account. The earnings are essential for the development of JonDonym.

Hint: You may use ANONdroid for anonymous surfing, chats and e-mail. But it can NOT protect you for data collections by your provider with tools like Carrier IQ or location tracking by gouvernments agencies.