Survey about privacy, anonymity and JonDonym

Tuesday, November 7. 2017

In the scope of a public research project, we ask to to participate in an anonymous survey:

https://m-chair.survey.uni-frankfurt.de/index.php/989977?lang=en

You will thereby support our work and the privacy research. 

Site outages

Wednesday, April 26. 2017
Due to problems with on one of our servers, some services (ip-check, some payment) are currently not available. We are working on the problems and hope to solve them until next week.

Old JonDo versions will expire

Monday, February 6. 2017
Old JonDo versions before 00.20.001 will expire within the next months, as we added some necessary certificates. At the end of April 2017, only the current JonDo version will be able to connect to the anonymization services. All JonDo users are therefore encouraged to update to 00.20.001 as soon as possible.

Freebeer and Goose will move to Germany

Tuesday, July 26. 2016
The mix servers "Freebeer" and "Groose" will move/moved from UbiquityServers/LeaseWeb in the US to Hetzner/DE. Both mix cascades will receive a new entry IP address because of this.

End-of-Live DVD

Tuesday, February 16. 2016

Sadly, we need to tell that the development of the JonDo live DVD has been stopped. You may still download the current version, but we will remove the download quite soon. The reason for this is, that there are not enough developers available to do the maintenance work. Our focus is to use our available time for maintaining the core components JonDo, JonDoFox, Mixes and other integral software components of the JonDoym system.

We hereby say a big THANK YOU to Cane, the long-time developer of the Live DVD, for the great work he did in the past!

New software signature key (GPG)

Monday, January 25. 2016

What lately lead to some confusion on the side of Linux users:

We changed the software signing GPG key, but this was news not updated on the Debian repository instruction page. So some users got  an error while verifying the GPG signature, while we on our side could not see any problem. This is fixed now, please follow these instructions to get and use the new verification key:

https://anonymous-proxy-servers.net/en/help/install_pgp_signaturen.html

For Debian: 
https://anonymous-proxy-servers.net/en/help/firststeps2.html

The change of the key was necessary in order to separate it from the general e-mail and support key, so that developers and the support team do not need to share the same key. Moreover, the key has a greater cryptographic strength now.

Merry Christmas and happy New Year

Friday, December 25. 2015
We wish all customers, partners and supporters of JonDonym merry Christmas and a happy and successful New Year 2016!

JonDonym against data retention in Germany

Thursday, December 17. 2015

Again, the German government passed a law for data retention, which came into force today.

Fortunately, this is nothing JonDonym users need to worry about. Unlike the previous law, which was dropped by the Federal Constitutional Court in 2010, only Internet acces provider are affected [§113(b)(3)]. Pure Internet services like JonDonym will therefore not get into any troubles, now will their users.

In any case, JonDonym users should be safe by against such single-country-laws in general. This is due to the nature of our system: operators from different countries and jurisdictions provide the Mix services, and always two or three of them need to get their data linked together to potentially uncover users.

This allows for legitimate crime prosecution in very serious, individual cases, but effectively prevents a mass observation. Until now, there has not been any court order that obliged a complete premium cascades to log data. By default, the Mix operators neither look into the users' traffic nor do they store it. That's what you can expect, now and in the future!

JonDoFox: Help on today's update to Mozilla Firefox 43

Wednesday, December 16. 2015

With today's update of the Mozilla Firefox release, Mozilla made some major changes concerning add-ons. If you do not have the current version of the JonDoFox add-on, it might not work any more in this new Firefox browser.

Important: If you are using JonDoFox, please verify that JonDoFox is still working correctly by visiting our ip-check-site. If you see any major problems here, this strongly indicates that you need to update your JonDoFox add-on.

In case you are using Microsoft Windows, we recommend you to download the latest version of the complete JonDoFox profile and reinstall it on your system:

https://anonymous-proxy-servers.net/en/software_win.html

For all other systems (Mac OS, Linux), please use this URL to directly download the JonDoFox add-on:

https://www.anonymous-proxy-servers.net/downloads/jondofox.xpi.zip

Unpack it by using your favorite zip/unzip tool. Then, use drag-and-drop to pull it in your Firefox browser for installation and update. If you still have problems, please feel free to contact our e-mail support, and we will help you.

If you still have problems updating the XPI, you may do the following:

1. Remove the JonDoFox add-on
2. Restart the browser
3. Move the XPI file (see link above) into the add-on list by drag using drop.

Please note that the two add-ons "Profile Switcher" and "Canvas Blocker" will nevertheless be unavailable, as their development has been stopped by third parties.

If you moreover have problems to activate "Profile Switcher" or "Canvas blocker", please do the following: 

1. Remove these add-ons
2. Restart the browser
3. Re-add these add-ons from the mozilla download site, e.g. from these URLs:
https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/
https://addons.mozilla.org/en-US/firefox/addon/profileswitcher/

Recommendation: In order to prevent future update problems with JonDoFox, please enable automatic extension updates in your browser. You may do this by entering about:config in your address bar. Make sure the options extensions.update.enabled and extensions.update.autoUpdateDefault are both set to "true".

Unperfect e-mail spam by PerfectMoney

Tuesday, April 7. 2015

Thoughout the last months, we got a lot of e-mails concerning a payment service called „PerfectMoney“. In these mails, a lot of „customers“ tell us their „interest“ in using this service to pay for ours. Almost all of these e-mails had the subject „Payment“ and contained only one or two lines of text. These are some of them:

„Greetings. I want to use your services. Can i
pay with PerfectMoney on your site ? Thanks !“
„Hello sir. I am interested in your services
and i want to ask you , can i use Perfect Money to pay on your
website? Thanks and have a great day“
„Hello. I want to use your services. I was
wondering if i can pay with perfectmoney ? thanks“
„Hello . 
I'm interested in using your services and i was
just wondering if i can pay with Perfect Money on your website ?“

Obviously, this is SPAM. And it originates from PerfectMoney themselves, as there is neither a URL nor an affiliate code in these messages. But how trustworthy can a payment service be, that is advertised by massive spam? We visited their German website and read:

„Genauer, zuverlässiger finanzservice, den deutsches Volk anerkennen wird“

Gipfel der Vollendung in der virtuellen Weltwirtschaft wird von nun an durch ein ideales Finanzinstitut – Gesellschaft Perfect Money vertreten, deren Zielprogramm ist es, Finanzoperationen im Internet auf ideales Niveau zu erheben.“

Source: https://perfectmoney.com/?lang=de_DE (2015-04-07)

This sounds like a very bad google translation... How trustworthy can a payment service be, that – instead of writing all English – relies on quite random translations for „informing“ their customers?

Wouldn't it be more honest and effective to directly contact us in the name of PerfectMoney, and acquire us as a partner rather than as a spam victim? 

Just for clarification: we are not against new payment services. They help us to finance our services. And maybe we would give PerfectMoney a try in other circumstances. But we hate SPAM. Maybe this article helps to stop it.

SSL certificate for webserver

Tuesday, April 7. 2015

We installed a new SSL certificate for our webserver. The domains anonymous-proxy-servers.net and www.anonym-surfen.de are affected. The fingerprints of the new certificate are:

  • SHA256: 63:D4:5C:47:72:0C:9E:E5:4B:59:5E:D0:8F:84:BC:2C:69:9F:62:0B:2B:66:7E:60:13:37:C8:71:A0:5D:9B:74
  • SHA1: E2:2B:91:0E:CE:C3:52:80:26:6D:64:9B:13:02:A5:88:2F:1E:67:CF

(Corrected SHA256 fingerprint on 2015-04-13)

JonDoFox protects against WebRTC IP leak - since ever

Monday, February 2. 2015

Hello visitors,

just as we got a lot of questions regarding the recently published WebRTC ip leak attack, we just thought it might be a good idea to clarify that this is not an issue for JonDoFox users. Since ever this WebRTC was active in Firefox, we switched it off as even our preliminary analysis showed that it will be harmful for anonymity. So even if you activate JavaScript on a page, this is not a problem for you.

Note that, however, if you do not use JonDoFox but ANOTHER browser in connection with JonDonym, for example a self-configured Firefox, you are NOT protected automatically. Just to make this clear: normal browsers have so many IP and data leaks that even most tech-users are not able to configure them privately. Mabye you will be able to fix this one, but forget another three leaks... So we strongly recommend to use JonDoFox, as we use our best experience to make it secure for you.


Continue reading "JonDoFox protects against WebRTC IP leak - since ever"

New OpenPGP software signatur key

Tuesday, November 11. 2014

We changed the OpenPGP software signature key for software downloads. The signatures were created with OpenPGP key 0x2146D0CD2B3CAA3E (software@jondos.de). You may download the key file Software_JonDos_GmbH.asc from our server and import it or you may fetch the key from a keyserver. The fingerprint of the key is:

fingerprint: 6899 5C53 D2CE E11B 0E41 82F6 2146 D0CD 2B3C AA3E

If you want to be sure you got the files created by our developer you have to verify the OpenPGP signatures as descripted in our online help: Verify the OpenPGP signatures. Our OpenPGP signatures contain a SHA512 hash of the signed download file. This hash is signed with a private 4096 bit RSA key.

The MD5 and SHA256 hashes on our download websites are only for download verification. If you want to be sure you got the software created by our developers, you have to verify the OpenPGP signatures.

SSL certificate for webserver

Friday, October 31. 2014

We installed a new SSL certificate for our webserver. The domains anonymous-proxy-servers.net and www.anonym-surfen.de are affected. The fingerprints of the new certificate are:

  • SHA256: 94:D1:A1:B0:2B:BC:3F:B2:96:C5:BE:E7:77:C8:09:F2:E3:7B:34:0A:E2:D9:0E:50:93:24:80:9C:8E:97:C7:22
  • SHA1: B6:E5:CB:27:8D:24:F7:10:EF:29:A4:CD:B4:62:6B:B3:45:05:C9:DE

Security Update for JonDo Live-DVD

Friday, October 24. 2014

The unscheduled release 0.9.66 of JonDo live-dvd contains an important security update for Pidgin (version 2.10.10). The updates fixes a heartbleed like bug for Jabber/XMPP (CVE-2014-3698) and contains bugfixes for the validation of SSL certificates (CVE-2014-3694).

Support for Tox was added to Pidgin. Tox is a serverless, secure peer-2-peer instant messaging protocol.

Additional the add-ons for JonDoFox, TorBrowser and Icedove were updated.