|JonDoFox: Download Videos||Table of Content||Alternative browsers|
In the following, the main features of our JonDoFox extension will be explained.
If you would like to surf the Web with a different (local) proxy than JonDo or without any proxy, just use the button integrated in JonDoFox (upper left) in order to switch between different proxy configurations:
No Proxy: If no proxy is set, JonDoFox directly connects to the Internet. >Attention: Your IP address will be sent in plain and is not hidden!
Custom: Using this setting, you may use your own proxy configuration. Choose Preferences in order to create an individual proxy configuration. However, this is only recommended for experts.
Tor: If you have installed and started the program Tor you may use it as an alternative to JonDo with this setting.
JonDo: When this setting is active, JonDoFox sends the browser's communication data to JonDo. This option hides your IP address. JonDo needs to be separately installed and started.
Whenever you like to bypass the proxy without completely deactivating it (e.g. when downloading large files to save time and money), just open the context menu with a right mouse click on the file and choose "Bypass JonDo/Tor/Proxy and Save Link As..."
Advanced user may change the default proxy settings for "JonDo" and "Tor"
by open the URL "about:config" and modify these values for "JonDo":
extensions.jondofox.jondo.host = 127.0.0.1
extensions.jondofox.jondo.port = 4001
For "Tor" you may modify:
extensions.jondofox.tor.socks_host = 127.0.0.1
extensions.jondofox.tor.socks_port = 9050
Afterwards you have to choose the proxy again to activate the settings.
In order to provide better protection against man-in-the-middle-attacks with fraudulent SSL-certificates you may use the SSL observatory of EFF.org or you may use Certificate Patrol with a local database.
You may use the SSL observatory of of Electronic Frontier Foundation (EFF.org). In this case the certificate fingerprint and domainname of SSL encrypted websites will be send to the observatory an compared with the certificates sent by other users. You will get a warning, if something goes wrong with your certificate.
Alternatively you may use Certificate Patrol. In this case a local database is used to store all websites visited via HTTPS together with some information about the SSL certificate. You will get an information, if the certificate changes unexpected and you may accept the new certificate or reject it. A web server has no means to get that saved data.
The Referer is an HTTP feature that distinguishes different users on the Internet; consequently, it may reduce or abrogate anonymity. However, this can be avoided by activating our Referer management. The Referer will be set as long as a user is surfing within the same domain and will not be set if a bookmark is used to request a particular web page. This context dependent behavior ensures that no web pages will break while at the same time the Referer cannot be used to gather information to identify users.
It is possible to use the browser cache for tracking purposes. An attacker may try to set so-called cache cookies (ETags) to identify a particular user across different domains. In order to better protect our users against this kind of attack, we included "SafeCache" into JonDoFox. To avoid traces about your surfing on disk the disk cache ist disabled and only caching of first-party content in RAM is used by JonDoFox. The cache is cleared, if the browser was closed.
Additionally, the authentication cache of Firefox might get exploited to track users across several different domains. In order to defend against this kind of attack, however, we discard authentication information sent to or by third party elements.
Plugins can circumvent the proxy settings of JonDoFox leak your real IP address. Malicious Java applets and PDF documents are used for attacks to gain complete control over your computer. Plug-ins are especially dangerous while surfing anonymously. Enumeration of plugins and usage of Java and Flash applets to collect information about the browser for fingerprinting is used by many tracking services to identify users.
For security and privacy protection the following rules for plug-in handling were implemented in JonDoFox:
JonDo mode: all plug-ins are disabled by default. You may enable Flash in in the JonDoFox settings but it is not(!) recommended. Please read our hints about Flash player security and remaining risks before you think about activating Flash.
Tor mode: all plug-ins are disabled by default to match the behavior of TorBrowser.
No-proxy mode: all plug-ins but Flash are disabled by default. Flash is activated but applets are blocked by NoScript. You have to enable each applet by mouse click. If a website really needs another plug-in, you may activate it temporary within the add-on manager of Firefox.
With JonDoFox you have the opportunity to get temporary E-mail addresses conveniently. In order to do so right-click on a text field in which you want to get the E-mail address and choose the following entry out of the menu popping up:
Thereafter, clicking on 'Request a temporary E-mail address' the requested E-mail address will get inserted into the text field and your account gets opened in a new tab. If you want to decide by yourself which provider of temporary E-mail addresses you would like to use there are two options available: The first is hovering over the '>' shown on the image above. That allows you to choose a provider ad-hoc. The second option is using the JonDoFox settings. There, in the Temporary E-mails tab you may even deactivate the whole feature:
Information regarding users surfing the web may not only be gathered analyzing the Referer but examing the individual User Agent header as well. Therefore, we built a uniform User Agent which all users of JonDo are sending along while requesting pages on the WWW. If a user wants to connect to the Tor network instead of using JonDo the User Agent is rebuilt again, this time matching the one issued by the Tor Project and its browser add-on, Torbutton. And, additionally, if someone wants to configure a proxy manually then she has the opportunity to choose between different User Agents, i.e. Unchanged (leaving the default setting), JonDo and Tor:
In order to mitigate the risk that an outsider might get knowledge about used login accounts, the formfill wizard is disabled in JonDoFox.
Additionaly JonDoFox erases search queries just after they were submitted. The search history gets deleted every thirty minutes. This minimizes the possibility that entries in the search history may compromise the user without loosing the search history feature completely.
|JonDoFox: Download Videos||Table of Content||Alternative browsers|