All times are UTC + 1 hour




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: I have one critical security question.
PostPosted: Fri Jun 18, 2010 14:36 

Joined: Fri Jun 18, 2010 16:12
Posts: 0
Assume that my computer is at country X
My target website is also at country X
I use premium Jondo cascade A->B->C. All of them is outside country X.

So, my connection will be

My computer-->My ISP-->(going out country X)-->A-->B-->C--(back to country X)-->Target website

But if the government of country X is watching Target website and can control ISP
This diagram will be...

My computer-->My ISP-->(going out country X)-->A-->B-->C--(back to country X)-->(sniff by government of country X)-->Target website

The government will know that C is connecting to Target website.
Then they know that IP of C is Jondo cascade which is fix to be A-->B-->C.
So they can know that A is connecting to Target website.
Then they look at ISP, who is connecting to A at that time.
For premium user, I can see that average user is about 50 at one point of time.
In that 50 users, should be only one or two users at country X.
So, the ISP can get only small volume of user who connect to A, may be only one.
This is suspicious enough to get search warrant!!

So, please tell me if I am wrong, or tell me how to fix this problem.
Thank


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jun 19, 2010 7:33 
User avatar

Joined: Thu May 24, 2007 14:52
Posts: 1197
Yes, this is a possible conclusion that a strong attacker could draw. However, you cannot be sure whether not another user from country Y visits web sites from country X as well. In Germany, this would not be enough to get a search warrant. In other countries, it may be different. Moreover, for "classic" law enforcement agencies (not NSA etc.), it is not so easy to get the addresses of all people that connect to a specific service. Even in times of the data retention in Germany, target addresses wee not allowed to be stored by ISPs. In other, more authoritarian countries like China, this may be different.


Top
 Profile  
 
 Post subject: Re: I have one critical security question.
PostPosted: Mon Oct 03, 2011 8:00 

Joined: Sun Jan 16, 2011 12:02
Posts: 161
No denying that we live in a dangerous world, however the danger does not come from private citizens but from our own governments. It is horrifying to realize that your own government is your biggest enemy.
If governments can easily sniff and find out who you are on the internet I think it will be necessary besides Jondonym that there exist a program that can detect who exactly is watching or tracking you.

That would be the smart thing to do.
Will Jondo take this challenge to develop such an application?


Top
 Profile  
 
 Post subject: Re: I have one critical security question.
PostPosted: Mon Oct 03, 2011 14:47 
kodok2cowok wrote:
No denying that we live in a dangerous world, however the danger does not come from private citizens but from our own governments.
don't forget corporations here. E.g.in the U.S. it is often easier for the FBI and other agencies to get sensitive information about users from private corporations as the data protection laws are "stricter" for federal/state officials.
kodok2cowok wrote:
If governments can easily sniff and find out who you are on the internet I think it will be necessary besides Jondonym that there exist a program that can detect who exactly is watching or tracking you.

That would be the smart thing to do.
Will Jondo take this challenge to develop such an application?
Probably not, unfortunately. The problem is that there is e.g. no way to recognize an eavesdropper that is using legally implemented interection interfaces. At least not for software such as JonDo running on the clients machine or running on a server. That is sometimes even required as an criminal would otherwise get warned which in turn might render prosecution useless.

What I'd like to do, though, is to develop kind of a Firefox extension a la Collusion (see: https://secure.toolness.com/xpi/collusion.html) but on steroids. I imagine some kind of add-on that is quite smart here and can detect sites that are worse in tracking users than others and I would like to have a mode that shows how JonDoFox is mitigating these tracking risks (something like "Wouldn't you use JonDoFox site X tracked you in this and this way). The problem of course is to define "worse". There are some promising approaches out there in the literature but we need more research here. If I find some time to finish my sketch of this project I might find some student who is elaborating/investigating this issue and may develop such an extesion and a model defining "worse" underlying it. We'll see. It is definitely on my ToDo list.


Top
  
 
 Post subject: Re: I have one critical security question.
PostPosted: Sat Mar 24, 2012 1:48 

Joined: Sun Jan 16, 2011 12:02
Posts: 161
@Georg K.

Georg I love your answer, and it is good that we still have individuals who cares enough about protecting our civil liberties.
There is only one problem, at this stage we are forced to play a cat and mouse game. We have allowed our governments to become so powerful because the law abiding citizens trusted their governments to much and allowed them to chip away at our god given freedoms, and realized to late of our mistakes.
Turning the Beast around is almost an impossibility short of rioting against the bureaucracy. The Internet has to be protected at all cost from the Bureaucracy gaining a foothold and take that freedom from us.
The way I see it you and your colleagues are exposing yourself to the peoples enemy maybe you should disguise yourself and not easily being silenced by the Bullies.
Thanks for your work.


Top
 Profile  
 
 Post subject: Re: I have one critical security question.
PostPosted: Mon Mar 26, 2012 8:35 
kodok2cowok wrote:
The way I see it you and your colleagues are exposing yourself to the peoples enemy maybe you should disguise yourself and not easily being silenced by the Bullies.
Thanks for your work.
Thanks. But currently there is no threat of getting silenced (at least no that I am aware of). Rather we are "just" doing our jobs (no good movie plot, I know) and I am pretty fine with that.


Top
  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 1 hour


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Free Trial for Premium Services
Free Trial for Premium Services
JonDonym News
New mix software
Sat, 07 Jun 2014
Small bugfix for JonDo Live-DVD
Sun, 11 May 2014
Speaker's Corner
UK Data Retention and Investigation Powers Bill
Fri, 11 July 2014
NSA and Tor
Fri, 04 July 2014
For your web site - free!
Get your free IP check image for your web site or forum here!
Latest software releases
JonDo 0.19.001
Tue, 29 Aug 2013
JonDoFox 2.10.0
Thu, 24 Jul 2014
JonDoBrowser 0.17 Beta
Sat, 26 Jul 2014
JonDo Live-DVD 0.9.60
Sat, 16 Aug 2014