Security notes - JonDonym Wiki

Main Page (en) | Information for JonDonym users

1 Security notes for anonymous web surfing

Security notes for anonymous web surfing

General notes about secure and anonymous web surfing

If you are surfing the web via JonDo using JonDoFox, your IP address and the characteristics of your browser are anonymized. But you should in any case pay attention to the following notes while surfing, because otherwise JonDonym is not able to protect you:

If it is possible, enter personal data on web sites only if they are secured by HTTPS. JonDoFox shows for these sites a blue or green bar within the address bar.
If it is possible, enter your correct personal data only if you want to order some physical product. In all the other cases you should use imagined identities and do not use login names more than once.
Use different, randomly generated and preferably long passwords for each web service. You may use password programs like KeePass, in order to generate identities and passwords automatically and save them securely.
Avoid Flash and Java applications. Download web videos instead of viewing them directly in your browser.
For most attacs from the web modified PDF documents are used. Do not have displayed pdf-documents in your browser. Use an external application like the PDF viewers recommeded by PDFreaders.org. Time by time these viewers have security bugs too. Keep your reader up-to-date.
Do not use Adobe Acrobat or if you have to use it, respect the security nodes settings of your Acrobat Reader.
Allow JavaScript only if you need it necessarily.
Allow cookies just temporarily. Do not use Google search if you have accepted cookies for Googlemail.

Enforce HTTPS websites list

Many websites you can access encrypted with HTTPS. The Firefox addon NoScript contains an Enforce HTTPS implementation. Here we provide an expansible list of domains you can include in the NoSript Enforce HTTPS configuration.

E-mail communication:

anonbox.net
www.awxcnx.de
certified.privnote.com
www.cotse.net
privacybox.de
riseup.net
aikq.de
emkei.cz
safe-mail.net
*.safe-mail.net
mail.yahoo.com
login.yahoo.com
*.bc.yahoo.com

Informations about privacy in the web:

anonymous-proxy-servers.net
www.anonym-surfen.de
www.datenschutzzentrum.de
*.eff.org
www.privacyfoundation.de
www.torproject.org
www.vorratsdatenspeicherung.de
wiki.vorratsdatenspeicherung.de

Press:

www.aftenposten.no
derstandard.at
www.economist.com
www.faz.net
www.nytimes.com
www.taz.de
taz.de
blogs.taz.de
www.washingtonpost.com
voices.washingtonpost.com
www.securityweek.com

Blogs

*.wordpress.com
blog.fefe.de
www.lawblog.de
www.netzpolitik.org
www.schneier.com
scusiblog.org

NGOs:

www.accessnow.org
www.amnesty.org
www.democracynow.org
www.who.int

Social Media

flattr.com
api.flattr.com
twitpic.com
twitter.com
*.twitter.com
t.co
www.xing.com
www.studivz.net
www.facebook.com
m.facebook.com
ssl.facebook.com
login.facebook.com
developers.facebook.com

Software:

www.computerworld.com
www.i2p2.de
www.isc.org
www.macworld.com
www.phpbb.de
ubuntuone.com

Other:

wuala.com
*.wuala.com
wiki.openstreetmap.org

Youtube

s.ytimg.com
i.ytimg.com
i1.ytimg.com
i2.ytimg.com
i3.ytimg.com
i4.ytimg.com

Using NoScript Enforce HTTPS is easy to configure. But a complex rule for URL rewrite is not possible. It can only replace HTTP with HTTPS. For complex URL rewriting you may use the firefox addon HTTPSEverywhere. A large ruleset for this addon ist online at collection of compatible domains for HTTPSEverywhere. Download XML files of the rules you need and safe it in the subdirectory HTTPSEverywhereUserRules in your Firefox profil folder. Afterwards you have to restart Firefox.