I don't know where to place this question...

I have read on this site (and elsewhere) that a VPN provider (theoretically) could watch all the data traffic of a person's connection. And that Jondo protects against this because there are two-three different encrypted servers that protect against this attack because no one person or persons can see the whole traffic.

However, if a OpenVPN service has a High-grade Encrypted connection (tunnel) from a person's computer to one of its servers to a webpage, how would the data traffic be read, if encrypted? Would not the traffic have to be unencrypted first?

Who would have the ability to decrypt the traffic? The VPN provider or a particular server? Or both?

And if this is true with a OpenVPN service, how does this differ with JonDo? Could not the entry mix server decrypt the traffic and read, not only the IP, but everything else? Would not the server have the key to decrypt it? Would not this be true for the second server and the exit one as well?

Is it not theoretically possible for JonDo mix servers to decrypt traffic information, just like an OpenVPN service could do? In each case, abuse by servers could decrypt the traffic data?

One last point: would it take cooperation for JonDo and each server in a cascade to decrypt the traffic data? Or can each server do this alone?

What are the differences?

I will try to explain it in 3 steps:

1: normal internet connection:
Your traffic goes to your internet access provider (DSL provider, dial-in provider or internet gateway in a company) and than to the server in the internet. The access provider can see all your traffic.

2: You use a VPN provider:
Your traffic goes strong encrypted through your internet access provider to your VPN provider. The access provider can not monitor your traffic any more. But the VPN provider decrypts your traffic and connects to the server in the internet. The VPN provider can monitor your traffic like the access provider in case 1. and he can link it to a user by IP address or account information. Additional the VPN provider can collect all your account and payment information and can use it for deanonymisation.

3: You use JonDonym:
You traffics goes multiple encrypted through your internet access provider to the entry mix. The entry mix can only see, who connects to the cascade (the user IP, premium account number in case of premium mixes) but he can not see the traffic.

The traffic goes encrypted through the mix cascade to the exit mix. The exit mix decrypt the last shell of encryption and can see the plain traffic, but he can not see any information about the user. Because more than one user is using a mix cascade and each data request uses a new channel he can not link traffic data to a single user.

Additional mix servers does not get any payment information, because payment provider is JonDos GmbH.

You have to compromise all international distributed mix operators and JonDos GmbH, to deanonymise the traffic and payment information.

For high anonymous payment you can use the mix cascades. In this case the mix cascades protect your identity against JonDos GmbH.

Conclusion:
It is much more difficult to compromise JonDonym than a VPN provider like "Hide my Ass!". It is not impossible, but we offer the strongest security all over the world (together with Tor Onion Router, wich is on the same level like JonDonym in comparision with VPN providers or plain internet access).

I understand this already. What I was trying to get at: if the VPN traffic data is encrypted (via a secure tunnel) how is it possible for the VPN provider or a VPN server to read the data? Obviously, since there is only one encryption, one tunnel, all data could be read. But if the traffic is encrypted, by company policy, how could traffic data be read?

1. Either the traffic data is by default not encrypted and therefore logged by a "bad" VPN provider or server?

or

2.Would not the VPN provider or server have to decrypt the encrypted data first? I am not referring to the traffic data that is decrypted upon connecting to the internet server. If it decrypts the traffic data, then by very definition this VPN provider or server is considered "bad" (unless under court order), since it violates its own no logging policy?

In other words, VPNs, under proper guidelines (which is an issue of trust since no one can really know) can be anonymous but since all the data is packaged as a whole it can be abused. But this abuse issue is about corrupt VPN providers.




I understand this as well. But my point is: is it not possible for the entry mix to decrypt traffic going to it and therefore see all the traffic (not just the IP or premium account number)? The traffic should be encrypted by default but could a bad entry mix decrypt the traffic and read all the data?

If a bad entry mix cannot decrypt the encrypted traffic, then there is no issue here; but obviously if needed to (because of court order or because of a corrupt operator) a mix server can see the traffic data. If a bad mix can decrypt the encrypted traffic data, then how does this differ than a bad VPN provider decrypting encrypted traffic? Would not both systems be susceptible to malicious servers and operators?

Yes, VPNs are a lot more susceptible than JonDo but no method is absolute.



I understand this as well.




This is why JonDo and Tor are more secure than (unchained) VPNs. Indepenent operators and servers see only "bits" of traffic information--pieces of the puzzle. Only when all the servers are combined is it more likely to solve the puzzle. The inherent configuration of JonDo is more secure than a VPN.




I agree with what you write and the assessment of JonDo and Tor. VPNs, generally, are not as trustworthy, esp Hide my Ass!, which doesn't hide anyone's ass but logs data.

VPNs are more for private use and less anonymous (unless chained). JonDo is more private and anonymous but more cumbersome (especially for people who want a simple internet approach).

There are some advantages to VPNs and some to JonDo.

OpenVPN (like Perfect-Privacy, VPN4All, etc):

1. Better Price
2. Speed
3. Ease of use
4. All ports
5. Encrypts the whole internet
6. Single Encryption
7. More Servers
8. More Countries

JonDo Premium:

1. More Expensive (because more security)
2. Speed (maybe a little slower because it goes through two to three different countries and three servers)
3. Requires third party software (Socksifier)
4. Most Ports
5. Does not encrypt the whole internet
6. Mixed Encrypted Servers
7. Less Total Servers but more per Cascade
8. Less Countries but more per Cascade

I personally use JonDo and prefer it but OpenVPN has some advantages.

The VPN provider_has_to decrypt the traffic-or no request into the net is possible!
+he needs to know where to sent the incoming answer so he _must be able to identify u_!
There is everything in one hand to identify u:
account information
ur real IP
ur request u made into the net
the answers
and come on-one request from an authority like FBI\CIA(as if he is a US corp)he will give them everything-that's for shure!




I understand this as well. But my point is: is it not possible for the entry mix to decrypt traffic going to it and therefore see all the traffic (not just the IP or premium account number)? The traffic should be encrypted by default but could a bad entry mix decrypt the traffic and read all the data?
[/quote]
NO!
Didn't u ever read the help?
JonDo(and Tor)are build as "onion routing"!
This means there are "skins'around ur requests-first mix decrypts the first skin and sent the request to the next mix server which decrypts the next skin and throws this away and sent ur request to the exit mix which decrypts the last skin-so HE finally can see where to sent the request.
Backwards it works the same-exit mix put on two skins and the entry mix which is now the exit mix on the way back decrypts the last shell and sent the answer(encrypted)to u and JonDo decrypts it right onto ur computer so that u can understand...

As written above:
a court order has to involve _all_mixes of the cascade.
Normally it goes this way:There is a known target like a "bad boys webage'or a known mail account and at this endpont there is a person which uses always the same or some special IPs.
So the police or whatever govement agency is involved has to find out who is behind this IPs.
Then they can go to court and file an order.
If it is only for the exit mix-nothing will happen cause there is no technical possibillity to fulfill there wishes


yea...life is dangerous and always ends with death



The manner in which VPNs are used today
for this they had been never designed for!
They had been constructed for only private end to end point of use and never for surfing the net!
But the public don't understand that-only the companies which is easy for them to make a lot of money with a promise they never can(or are willing)to hold.



u know the difference between "expensive","cheap",
"worth it's price"?
"Expensive"and "cheap"-are nearly the same,coz something cheap is not it's price worth-so it's at last expensive.
IKEA is something expensive...

Small correction: your local JonDo client decrypts the last shell, but I think, this is what you mean.

VPNs are using standard software with only very small own development and does not protect against tracking with cookies, Javascript, ETags and so on. To stay anonymous you have to install additional software too, some browser configurations (like JonDoFox... )

For real anonymity VPNs are not more ease to use than JonDonym. You have to do other steps. Only switch your VPN to "on" is not really anonymous. But if you only see the IP hiding, VPN supports all software, JonDonym needs proxyfier for some "baulky" software - correct.

And both end points have to be full trusted. Thats the basic concept of a VPN.

The price of JonDonym is the high end in anonymisation technologies. We know it and we are not happy about.

I’m not getting my point across here or maybe it is the language issue—not sure! I am not referring to the decryption a VPN does when exiting a VPN server into a webpage. Rather, I mean this ( I have no idea how to upload an image):

http://perfect-privacy.com/images/encrypted.internet.access.jpg.pagespeed.ce.Twbi6QJq5M.jpg

You see, the whole connection is encrypted, except the exit out of the VPN server into a IP address request. This is similar to Tor and JonDo, minus The Onion Routing.






https://www.torproject.org/images/htw2.png


The exit node for JonDo and Tor sends the IP request unencrypted.

In both illustrations, the same concept. Encryption to Unecryption. This is what I mean in my writing. If a VPN encrypts a connection from your computer through your ISP through their server and then decrypts it out to an IP request; the encrypted information is protected with strong AES 256 encryption.



Frankly, this is weak.

1. Account information can be fake. No one gives their real information. Moreover, most places only ask for email address, User ID, and password creation. None of this has to be real information or a real email. As for paying for it, one can pay via cash, PayPal (like JonDo) paysafecards, Liberty Reserve, etc. One can use prepaid cards with fake information and virtual credit cards with fake information
2. Real IP--? A Tor entry node and a JonDo entry mix can see your real IP too. The question is—Will the IP be logged or stored? Again, I don’t doubt that JonDo is “more secure” and “more anonymous.”



3. Requests to the Net and Answers and the FBI really doesn’t mean much.




But the first mix can see your IP or Premium Account number, as Cane said. If a cascade is forced to log via court order, the first mix, the entry mix, will record IP information and any other information, as well as the middle and exit mix.



There is a difference between expensive and cheap—and what I’m suggesting is that not all OpenVPN services are “cheap” in quality. Some are quite good and secure. There is a difference between quality and expensive and quality and super expensive.
Here are my recommendations:

JonDo must cater to its strengths and must compare its service to other quality paid services. 99.9% of the services on the Internet are junk.

Compare, however.

Perfect-Privacy:

1. Offers monthly, quarterly, semi annually, yearly, or two year payment plans; offers a strong incentive for a longer service. 150 Euros for a Year Service, 250 Euros for two years.
2. Unlimited Bandwidth.
3. More Servers, More Countries.
4. Encrypts the Whole Internet and All Ports
5. AES 256 and RSA 4096 Keys
6. Very Fast
7. Anonymous (no Logging Policy) Secure, Private
8. Can be chained to other proxies, SSH, SOCKS5, etc

In fact, I have read that when a Perfect Privacy server was raided in Germany, (law enforcement or German intelligence, whatever it was) seized some computers but not the server. My understanding is that since Perfect Privacy does not log, no information was found.

JonDo:

1. Payments for JonDo are good but they could and should be better. It should offer semi annually, yearly, etc. Instead, it only offers plans with 4 month durations and volumes with varying times. With JonDo you are paying 225 Euros for three four month terms. With Perfect-Privacy, you are paying 150 Euros for the year.
2. JonDo only offers 5GB a month. Most VPNs offer unlimited or very high bandwidth a month, for less money.
3. JonDo has no Asian servers, less total servers, less countries.
4. JonDo does not encrypt the whole Internet and All Ports.
5. JonDo security keys (minor issue) are not as strong as some VPNs, including Perfect Privacy.
6. JonDo Speed is not an issue
7. JonDo is more secure, more anonymous, and does not Log
8. JonDo can be used with Tor or be chained to other proxies via a Socksifier or a SSH

I have never used Perfect-Privacy. But I would like to give it a try. Again, I prefer JonDo; but as a user, I can see why someone may prefer an OpenVPN service for all the reasons enumerated above.

The morale of this story:

JonDo is generally more money, gives you far less bandwidth a month, has inherent short comings (does not encrypt the whole internet connection, requires third party software, has less servers, less country distribution, less continent distribution, etc). These can be perceived as weaknesses.
Clearly, JonDo is better in other areas, most importantly, anonymity and privacy.

But, please, do not take criticisms against JonDo as uncharitable. I think the way the product is marketed could be better.

Play to its strengths, but you must play to its weaknesses as well.

JonDo can still charge a premium price, more than a typical VPN, but it has to take into account a few things:

1. Bandwidth: Not too many people in the world will pay for such low amount of bandwidth for such high prices. Improve Bandwidth. It does not have to be unlimited; but 5GB is not a lot either.

2. Change the Payment Platform: offer a greater variety of packages, lower the prices, and create incentives for people paying in advance for a year’s service by charging a lower price.

3. In time, increase servers, and increase internationalization of services.

The rest is simply not changeable. VPNs will always be less anonymous but more user friendly and will appeal to the masses. JonDo, because it is a proxy and because of its configuration, will always be more anonymous but less user friendly.

I personally like the JonDo configuration, using a Socksifier, JonDoFox, add-ons, etc. Most VPN users don’t have a clue how insecure the browser they are using is; or any other matter concerning LSO cookies, JavaScript, etc.
Jondo is a better package but I say this as someone who understands to use it. But again, improvements can be made but I’m sure they are expensive and take lots of brain power.

I write these things as a user and supporter of JonDo. Keep an open mind. I am not one of those who frequent forums trying to promote my own product (I don’t have one!); nor do I have a vested interest in a VPN or Perfect Privacy (I have never used it)!

Peace.

peace to you also

can we both agree that VPNs are for dummies which have no idea what anonymity in the net really means?
and JonDo is for that people who are willing to learn a bit more what it means to be anonymous?
but isn't it the same way with a OS?
All the developer promise you it's soo easy to work with it and it's the best we ever made...but if ya look a bit closer,ther's a lot to configure or to remove to get that stuff safe and workin' that way you wanna it.

personally I dont't believe that Jondo is that complicated to work with.
only problem is the anon payment-but that's the same with a VPN,coz if they wanna catch ya,they always follow the money.
That's already the way they got Al capone
@ europe it loks a bit more easy with that anon payment cards-but anywhere else?
that's the main problem I'll see with that
and bitcoin is maybe nice-but not for everyone

A small correction:

A VPN encrypts a connection from your computer through your ISP "TO" their server... (not "through" their server, may be only a language misstake).

The VPN server can sniff, monitor and log the traffic in the same way, like the ISP without a VPN. See the PerfectPrivacy image.

If it was a problem of trust, why not using a trusted ISP?

A trusted ISP is a little more expensive than a least-cost ISP, but less expensive than an additional VPN service. And you will have to do zero software installations.

I meant "to," not "through," as the picture of Perfect-Privacy demonstrates. Thank you for the correction.

We can agree that JonDo is for people who are willing to learn more about what it means to be anonymous. JonDo is very good at this platform, indeed the best on the Internet (that I have seen). As for VPNs for dummies...yes and no. Most VPN users are dummies and want a convenient package; but there are also very bright, intelligent, and competent people out there who use OpenVPN (not PPTP).

OpenVPN is highly touted and respected by many people. It promises so much with so little effort. Most people want ease and convenience; a VPN like Perfect Privacy offers them so much,i.e., speed, encryption, more servers, more continents, unlimited bandwidth, whole Internet encryption, all ports, and very affordable prices.

A typical person who is just beginning internet privacy sees this package and compares it with JonDo and Tor and often times will choose OpenVPN because of the above reasons.

One must remember, however, that a VPN is not always about anonymity or complete anonymity.

For example, people outside of America who want to watch television shows on hulu cannot without a U.S. IP. These people are interested in bypassing their local IP and using an American IP to watch American shows and movies. Some may want to watch local programming in Switzerland,Japan, China, etc and may or may not do so without a local IP; a VPN provides this to them.

VPNs that offer unlimited bandwidth for modicum fees are great for this purpose. People can download movies, music, and other forms of entertainment; or watch live sports around the world with little effort or money.

JonDo is not entirely intended for this purpose; it is about security, privacy, and anonymity. It cannot offer the wide variety of IPs that VPNs can; no can it offer the bandwidth and price of service.

VPNs are perceived not only as providing easy entertainment but security and privacy from their local ISP.

For instance, when people market VPNs they advertize that their service is complete for internet anonymity (whole internet encryption), including email clients, software, etc. Proxies (i.e. JonDo, Tor, etc) cannot do this unless you change the network settings of software or email clients to that of a proxy. And sometimes, some software may not offer network settings; and sometimes some programs bypass network settings altogether.

Of course, one should use a Socksifier for these purposes, which is superior to tweaking the network settings, but VPNs don't advertize this or if they do, they say it makes VPNs more complete.

In other words, they advertize that their product is better.

Some of this is marketing hype and some is true.



JonDo is easy to use when you have learned how to use it. A typical person coming from web based proxies and VPNs will have no idea how to use JonDo. JonDo offers very good payment methods. It might not be such a bad idea to drop PayPal, which is awful, and favor another similar merchant; and it may be a good idea to use Liberty Reserve and Pecunix.

I think the larger picture in all this is this: JonDo is intended for people who are more serious about anonymity, security, and privacy and it is catered as such. It is a high end product with high end prices, with low bandwidth.

Unfortunately, not every Internet user looks for this alone. Many want this but they also want entrainment, in the form of videos, movies, television shows, and more access to local IPs for this purpose. VPNs are fast and do not require a Socksifier to watch in real time.

People often times just want to bypass IP censorship and connect to more local IPs for their banks, credit cards, etc. VPNs make it easy for this purpose.

Sometimes VPNs are just about fun and entertainment.

It all depends who you are marketing your products to.