End-of-Live DVD

Tuesday, February 16. 2016

Sadly, we need to tell that the development of the JonDo live DVD has been stopped. You may still download the current version, but we will remove the download quite soon. The reason for this is, that there are not enough developers available to do the maintenance work. Our focus is to use our available time for maintaining the core components JonDo, JonDoFox, Mixes and other integral software components of the JonDoym system.

We hereby say a big THANK YOU to Cane, the long-time developer of the Live DVD, for the great work he did in the past!

New software signature key (GPG)

Monday, January 25. 2016

What lately lead to some confusion on the side of Linux users:

We changed the software signing GPG key, but this was news not updated on the Debian repository instruction page. So some users got  an error while verifying the GPG signature, while we on our side could not see any problem. This is fixed now, please follow these instructions to get and use the new verification key:

https://anonymous-proxy-servers.net/en/help/install_pgp_signaturen.html

For Debian: 
https://anonymous-proxy-servers.net/en/help/firststeps2.html

The change of the key was necessary in order to separate it from the general e-mail and support key, so that developers and the support team do not need to share the same key. Moreover, the key has a greater cryptographic strength now.

Merry Christmas and happy New Year

Friday, December 25. 2015
We wish all customers, partners and supporters of JonDonym merry Christmas and a happy and successful New Year 2016!

JonDonym against data retention in Germany

Thursday, December 17. 2015

Again, the German government passed a law for data retention, which came into force today.

Fortunately, this is nothing JonDonym users need to worry about. Unlike the previous law, which was dropped by the Federal Constitutional Court in 2010, only Internet acces provider are affected [ยง113(b)(3)]. Pure Internet services like JonDonym will therefore not get into any troubles, now will their users.

In any case, JonDonym users should be safe by against such single-country-laws in general. This is due to the nature of our system: operators from different countries and jurisdictions provide the Mix services, and always two or three of them need to get their data linked together to potentially uncover users.

This allows for legitimate crime prosecution in very serious, individual cases, but effectively prevents a mass observation. Until now, there has not been any court order that obliged a complete premium cascades to log data. By default, the Mix operators neither look into the users' traffic nor do they store it. That's what you can expect, now and in the future!

JonDoFox: Help on today's update to Mozilla Firefox 43

Wednesday, December 16. 2015

With today's update of the Mozilla Firefox release, Mozilla made some major changes concerning add-ons. If you do not have the current version of the JonDoFox add-on, it might not work any more in this new Firefox browser.

Important: If you are using JonDoFox, please verify that JonDoFox is still working correctly by visiting our ip-check-site. If you see any major problems here, this strongly indicates that you need to update your JonDoFox add-on.

In case you are using Microsoft Windows, we recommend you to download the latest version of the complete JonDoFox profile and reinstall it on your system:

https://anonymous-proxy-servers.net/en/software_win.html

For all other systems (Mac OS, Linux), please use this URL to directly download the JonDoFox add-on:

https://www.anonymous-proxy-servers.net/downloads/jondofox.xpi.zip

Unpack it by using your favorite zip/unzip tool. Then, use drag-and-drop to pull it in your Firefox browser for installation and update. If you still have problems, please feel free to contact our e-mail support, and we will help you.

If you still have problems updating the XPI, you may do the following:

1. Remove the JonDoFox add-on
2. Restart the browser
3. Move the XPI file (see link above) into the add-on list by drag using drop.

Please note that the two add-ons "Profile Switcher" and "Canvas Blocker" will nevertheless be unavailable, as their development has been stopped by third parties.

If you moreover have problems to activate "Profile Switcher" or "Canvas blocker", please do the following: 

1. Remove these add-ons
2. Restart the browser
3. Re-add these add-ons from the mozilla download site, e.g. from these URLs:
https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/
https://addons.mozilla.org/en-US/firefox/addon/profileswitcher/

Recommendation: In order to prevent future update problems with JonDoFox, please enable automatic extension updates in your browser. You may do this by entering about:config in your address bar. Make sure the options extensions.update.enabled and extensions.update.autoUpdateDefault are both set to "true".

SSL certificate for webserver

Tuesday, April 7. 2015

We installed a new SSL certificate for our webserver. The domains anonymous-proxy-servers.net and www.anonym-surfen.de are affected. The fingerprints of the new certificate are:

  • SHA256: 63:D4:5C:47:72:0C:9E:E5:4B:59:5E:D0:8F:84:BC:2C:69:9F:62:0B:2B:66:7E:60:13:37:C8:71:A0:5D:9B:74
  • SHA1: E2:2B:91:0E:CE:C3:52:80:26:6D:64:9B:13:02:A5:88:2F:1E:67:CF

(Corrected SHA256 fingerprint on 2015-04-13)

JonDoFox protects against WebRTC IP leak - since ever

Monday, February 2. 2015

Hello visitors,

just as we got a lot of questions regarding the recently published WebRTC ip leak attack, we just thought it might be a good idea to clarify that this is not an issue for JonDoFox users. Since ever this WebRTC was active in Firefox, we switched it off as even our preliminary analysis showed that it will be harmful for anonymity. So even if you activate JavaScript on a page, this is not a problem for you.

Note that, however, if you do not use JonDoFox but ANOTHER browser in connection with JonDonym, for example a self-configured Firefox, you are NOT protected automatically. Just to make this clear: normal browsers have so many IP and data leaks that even most tech-users are not able to configure them privately. Mabye you will be able to fix this one, but forget another three leaks... So we strongly recommend to use JonDoFox, as we use our best experience to make it secure for you.


Continue reading "JonDoFox protects against WebRTC IP leak - since ever"

New OpenPGP software signatur key

Tuesday, November 11. 2014

We changed the OpenPGP software signature key for software downloads. The signatures were created with OpenPGP key 0x2146D0CD2B3CAA3E (software@jondos.de). You may download the key file Software_JonDos_GmbH.asc from our server and import it or you may fetch the key from a keyserver. The fingerprint of the key is:

fingerprint: 6899 5C53 D2CE E11B 0E41 82F6 2146 D0CD 2B3C AA3E

If you want to be sure you got the files created by our developer you have to verify the OpenPGP signatures as descripted in our online help: Verify the OpenPGP signatures. Our OpenPGP signatures contain a SHA512 hash of the signed download file. This hash is signed with a private 4096 bit RSA key.

The MD5 and SHA256 hashes on our download websites are only for download verification. If you want to be sure you got the software created by our developers, you have to verify the OpenPGP signatures.

SSL certificate for webserver

Friday, October 31. 2014

We installed a new SSL certificate for our webserver. The domains anonymous-proxy-servers.net and www.anonym-surfen.de are affected. The fingerprints of the new certificate are:

  • SHA256: 94:D1:A1:B0:2B:BC:3F:B2:96:C5:BE:E7:77:C8:09:F2:E3:7B:34:0A:E2:D9:0E:50:93:24:80:9C:8E:97:C7:22
  • SHA1: B6:E5:CB:27:8D:24:F7:10:EF:29:A4:CD:B4:62:6B:B3:45:05:C9:DE

Security Update for JonDo Live-DVD

Friday, October 24. 2014

The unscheduled release 0.9.66 of JonDo live-dvd contains an important security update for Pidgin (version 2.10.10). The updates fixes a heartbleed like bug for Jabber/XMPP (CVE-2014-3698) and contains bugfixes for the validation of SSL certificates (CVE-2014-3694).

Support for Tox was added to Pidgin. Tox is a serverless, secure peer-2-peer instant messaging protocol.

Additional the add-ons for JonDoFox, TorBrowser and Icedove were updated.

.gov .mil and .army blocked on some mix cascades

Thursday, October 16. 2014

To avoid more trouble for our mix operator GuruTek the access to the top level domains .gov .mil and .army are blocked on all mix cascades with an exit mix of GuruTec. The following mix cascades are affected:

  • Neptun-Wombat-Shamrock

  • Wallaby-Niagara-Speedster

  • Chomsky-Tulpe-Raiden

  • Speedy-Sektor

  • SpeedPartner-Cyrax

Please use other mix cascades to access websites anonymous below the listed top level domains.

New mix software

Saturday, June 7. 2014

Yesterday we started with the roll-out of a new mix protocol with improved integrity checks on the mix cascade "Dresden". The free mix cascades will follow, if it was working stable and afterwards the premium services.

Only JonDo proxy clients version 0.18.001 and above are able to connect to mix cascades running the new mix protocol. All JonDonym user with an outdated version of JonDo should update JonDo to the latest release 0.19.001.

Small bugfixes for JonDo Live-DVD

Sunday, May 11. 2014

The latest version 0.9.56.1 of our live-dvd is only a small bugfix release. Two bugs were fixed:

  • The MAC addresses of all network interfaces are faked at boot time, not only "eth0" and "wlan0".

  • Bugfix for start script of Filezilla.

If you don't use a computer with more than one LAN and WLAN interface and you don't use Filezilla an update is not required.

Staus Report April/May

Wednesday, May 7. 2014

Some short remark about the software releases last week:

JonDoFox

Changes for the JonDoFox-XPI (Firefox add-on):

  • The first step for our own privacy-friendly cookie management is an additional third party tracking protection we missed in CookieMonster.

  • Because Mozilla fixed the DNS leak for websockests in Firefox 29 (not fixed in Firefox 24.5.0esr) we enabled websockets for Firefox 29 and above.

  • We enforced some Javascript settings to improve security. This settings my reduce the performance of Javascript execution a little bit but not significantly.

The new JonDoFox profile contains only updates of add-ons. It is not required to upgrade the profile at all if you keep your add-ons up-2-date.

JonDoBrowser (beta)

JonDoBrowser 0.15 is based on Firefox 24.5.0esr. We disabled Mozilla maintenance service at compile time and not by configuration.

Because of problems with German localization we are not able to provide a JonDoBrowser for Windows at the moment. We regret the delay to release a stable version of JonDobrowser, but have only small developer capacities.

JonDo Live-DVD

The new version of our live-dvd contains security relevant updates for 50 packages. An update is strongly recommended.

We provide only a DVD version of our live system and closed the support of the lite CD version to reduce the effort of maintenance because of limited developer capacities.

Mix services

We prepared some changes for exit mix server configuration to fix problems with websockets, UDP and IPv6. During next days the changes will be applied by our operators and some short disturbance may be possible on all mix cascades.

JonDoConsole/JonDoDaemon

A maintenance release for the GUI-less command-line proxy client JonDoConsole/JonDoDaemon is scheduled for tomorrow.

JonDo Live-DVD with POND

Saturday, March 29. 2014

For the regular security release cycle of our live-cd/dvd last week we did not finished the integration of POND in our live-dvd. Yesterday we published version 0.9.54. The main change of this extraordinary release is the integration of POND cli (command line interface) in the DVD version. Regrettably, we are unable to install POND GUI in Debian wheezy.

POND offers forward secure, asynchronous messaging and seeks to prevent leaking traffic information against everyone except a global passive attacker. Users connect only to Tor hidden services.

In our online help you may find a small howto for using POND cli with our live-dvd.

If you were not interested in using POND an update of the live-dvd is not required.