Alternative browser configuration

From JonDonym Wiki
Jump to: navigation, search

En2.png De2.png  Main Page (en) | Information for JonDonym users

Contents

Alternative browser configuration

For an optimal usage of JonDo we recommend also using JonDoFox. This will save you the configuration effort, since JonDoFox already contains all necessary settings to surf anonymously with JonDo on the Web. Further information about JonDoFox may be found here or on the JonDoFox homepage. If you prefer to use JonDonym with another browser it is necessary that you make the basic settings yourself.

Please beware: False or incomplete configuration causes browsers to leave a lot of traces while surfing, even if you use JonDonym. Configuring the browser yourself is quite elaborate and requires a deeper understanding of web technologies.

Browser updates: For surfing the web, use really up-to-date browsers only. Otherwise, websites might attack and damage your computer directly over browser security holes. Therefore, you should regularly update your browser.

Features required for privacy-friendly browsers

Apart from the IP address, web browsers do leave many other tracks. It is not sufficient to just set JonDonym as a proxy.

  1. Cookies and Jacascript: use domain-specific control (whitelisting) and disable it by default.
  2. Javascript functions has to be protected agains Evrcookies.
  3. Referer control: remove it when changing domain, keep when staying within domain (otherwise various pages don't work). Referer has to be send without parameters.
  4. DomStorage and SessionStorage: domain-specific control (whitelisting) and allow to disable completely.
  5. To avoid tracking by ETags and cash content the cache has to protected. Access has to be only possible within domain or it has to be disabled completely.
  6. Disable ping attributes of HTML links.
  7. Ads should be blocked by a blacklist because they are used for tracking too.
  8. Detect and remove HTML-Spys (1x1 pixel transparent pictures, usually GIF)
  9. Protect installed fonts on your computer for analysis, it is a high rated value in browser fingerprinting.
  10. Allow to specify alternative and privacy-friendly search engines, if the browser provides a web search field, or may "redirect" typed adresses to web searches
  11. Modify the user agent string and other HTTP header to match the values of the default anonymity group.
  12. Information about user agent and operation system readable by Javascript has to match the (faked) values of HTTP header.
  13. Disable Flash, PDF, Java and other plugins because of security reasons, because plugins can circumvent browser proxy settings and can send many information for a browser fingerprint.
  14. Tracking-Opt-Out Header should be available X-Do-Not-Track
  15. Disable the Geolocation-API, if present.
  16. If you were using JonDonym the browser has to send the timezone UTC to avoid leakage of local origin.
  17. Disable all protocols based on UDP, which are not supported by JonDonym and can leak your IP address.
  18. Clear all private data (cache, cookies, history, forms) when terminating the browser
  19. Access to browser history has to be only possible within a domain.
  20. Deaktivation of SSLv3 is recommended, because it is not secure.
  21. Desirable: offer additional validation of SSL certificates, government agencies can compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals’ secure Web-based communications. (research paper). Some CAs will easily provide such certificates, as shown by a test (Google groups).

Proxy settings

With proxy settings you configure your browser to not send requests directly over the Internet but through JonDo instead. This anonymizes the data. You will need to enter the following in the proxy settings for HTTP, HTTPS, FTP, and if required GOPHER (obsolete?) proxies of your browser:

  • Hostname/IP address: 127.0.0.1
  • Port: 4001 (if you had setup a different listen port than 4001 in JonDo then you need to input it here instead of 4001 too)

Warning: Make sure NOT to leave any protocols (HTTPS, FTP) without any proxy.

Browser list

Personal tools