Page 1 of 1

Declining user base and (possibly) new data retention laws

Posted: Tue Apr 21, 2015 18:28
by Usr3596
The manual states that ideally a mix cascade should have 500+ users to work properly in terms of anonymity. From what I have observed, the number of JonDo users, both free and premium services, are dropping at a constant rate, in the past it was common that serveral free mix cascades are full while this is extremely unlikely today. Right now, at peak times, free mix cascades have about 350+ users at best, with 1 or 2 exceptions.

Premium services are even worse, premium mix cascades have never more than 50 users. Which is sort of nasty because at that point free services might actually outdo premium services in terms of anonymity because free services have way more users, unless the assumption of "3 mix servers are always better than 2, even if 2 have way more users" as stated by the manual is true.

The actual question being, how many users in a mix server cascade would be optimal, if the user manual is wrong, both regarding free and premium services.

I am aware that we cannot force mix server operators to merge. (Though, even if all premium users would be in one mix cascade, it would never have more than 300 users at once). Lowering the speed in free services to force users to use premium services will not work again because 50 kbit/s is barely enough to browse the Web. They would rather use Tor at that point.

We also cannot force people to use JonDo over something else. The other thing being that Tor (actually Tails, where Tor is installed) is somewhat "proven" (a certain whistleblower used it to reveal things and was undetected until s/he revealed him/herself) unlike JonDo.

The German government is planning new data retention laws, which would surely affect JonDo. Even if the Germans will do the best to curtail these laws, this may take a while. The problem being that most free services (and some premium services) have German operators, some of their servers being even located in Germany! (German mix operators and servers also being a bit iffy because recent law enforcement requests regarding JonDo happened in Germany, unless it only affects that single experimental Dresden mix server)

How will JonDo and its services be affected from these laws if they will be passed?

Re: Declining user base and (possibly) new data retention la

Posted: Tue Apr 21, 2015 21:27
by cane
The other thing being that Tor (actually Tails, where Tor is installed) is somewhat "proven" (a certain whistleblower used it to reveal things and was undetected until s/he revealed him/herself) unlike JonDo.
The "proven" security of TAILS:

- Deanonymisation of Tor users with I2P bug, because of wrong browser configuration, Jul 2014, (would not be possible with TorBrowser, but TAILS uses an own browser configuration) https://tails.boum.org/security/Securit ... ex.de.html

- PGP encrypted emails are stored unencrypted in IMAP draft folder on the mail server of the provider because of bad configuration of email client (would not be possible with Thunderbird+TorBirdy, but TAILS uses an own email client, not verified by Tor developers)

- Websites from internet can use Javascript code to scan the LAN and attack local CUPS daemon, Apr 2015 (would not be possible with TorBrowser, but TAILS uses an own browser configuration)

On a photo I saw Snowden with a HP laptop. Is HP now proven to be safe for whistleblowers and Lenovo, DELL, Acer.... and so on are not secure?
The German government is planning new data retention laws, which would surely affect JonDo.
Short remark: if JonDonym mix operators are affected, Tor admins will be affected in the same way.

But I'm not sure, if JonDonym is affected by the new law. But it is a decision of the mix operators, each German mix operator has to decide this question by self.

Remember data retention in Germany 2009: most German mix operators followed the recommendation of JonDos GmbH and did not apply the data retention for their mixes (Pimenidis, Behrens, Speedpartner, dotplex, GPF). Only TU Dresden und ULD (not a operator anymore) enabled data retention on their mix servers.


About the reasons for decreasing number of users I have my own thoughts, not related to technically questions. But I don't have an idea how to stop it.

Re: Declining user base and (possibly) new data retention la

Posted: Thu Apr 23, 2015 18:38
by Usr3596
If these laws pass, like back then, would the operators have to make it public that they have to collect data according to the laws, assuming data is even collected to begin with?

I am also confused regarding the mix operator and server location, now that example: If a German operator would comply to data retention laws, would the operator do that even if its server is located in a different country? (Assuming that this would work since full disclosure would require the data from all mix servers in a cascade)

I also observed that when the Dresden (JAP) experimental server was down (that was a long time ago), all free mix servers were full in peak hours (again, back in its "glory days"). That one single server in Dresden still gets 600+ users on a regular basis, back then it was even more, even though the JonDo software clearly warns the user that using this single server is not safe.

I think putting a limit on this single server in Dresden might be a good idea to force users to pick the other mix cascades, either by limiting its current speed to 50 kbit/s like all other free mixes or by putting a limit on how many users can use that server.

Doing some math, if the Dresden (JAP) server would be shut down at this time of writing and its users that relied on Dresden (JAP) were forced to use other free mix cascades, then it would be enough to almost fill all five remaining mix services without any excess users. This math is somewhat extreme, since the Dresden server must exist due its experimental nature, but just some thoughts.

As of always, some mix cascades have a user limit below the recommended 500 users. May be a choice from the operators though.

Of course 500 users are something of an optimum, how many users would have to use a free mix cascade so that anonymity is very likely? (Think "minimum requirements", whereby 500 users are "optimum requirements")

Again, except for maybe the Dresden server, the JAP team cannot force its mix operators to merge themselves. We also lack the publicity of lets say, Tor, albeit the lack of publicity might be actually good because attackers wont even bother to touch the unknown JonDo or at least consider to be not worth the effort to attack something that small (we still must be prepared for that though). The only kind of good publicity we got are some good reviews from some websites (aka JonDo beats Tor) and that about it. Advertising is expensive too and there I do not think that we need more attention.

If I got something wrong, feel free to correct me again, I am no security expert.

Re: Declining user base and (possibly) new data retention la

Posted: Thu Apr 23, 2015 19:57
by cane
If these laws pass, like back then, would the operators have to make it public that they have to collect data according to the laws, assuming data is even collected to begin with?
Yes, they have to do it. See operator contracts (Operational Agreement): https://anonymous-proxy-servers.net/wik ... /Contracts
I am also confused regarding the mix operator and server location, now that example: If a German operator would comply to data retention laws, would the operator do that even if its server is located in a different country?
For the law only the location of the operator is important, not the location of servers.
Assuming that this would work since full disclosure would require the data from all mix servers in a cascade.
Yes, that's one reason why the law may not apply to mix operators.

Nobody can be forced to store useless data (in Germany). I think, a mix operator can store nothing and ignore the data retention law, if the other mixes of cascade are not affected.
Again, except for maybe the Dresden server, the JAP team cannot force its mix operators to merge themselves.
You may contact the mix operators. Each mix operator has a website and a contact address for customers. See https://anonymous-proxy-servers.net/en/operators.html

Re: Declining user base and (possibly) new data retention la

Posted: Thu Apr 23, 2015 20:24
by sovereignpress
Usr3596 wrote:We also cannot force people to use JonDo over something else. The other thing being that Tor (actually Tails, where Tor is installed) is somewhat "proven" (a certain whistleblower used it to reveal things and was undetected until s/he revealed him/herself) unlike JonDo.
I have been hearing this for some time now, and I find it a bit perturbing. The whole "use the operating system Edward Snowden uses" is a bit jaded. This appeal to authority argument is weak. No offense to the OP, but the argument is legion on the web.
About the reasons for decreasing number of users I have my own thoughts, not related to technically questions. But I don't have an idea how to stop it.
I have some thoughts.

First, people do not see a large enough difference between Tor and JonDo. Tor is free, and JonDo is not. Tor is well-known, JonDo is not.

Second, no one wants to pay for premium services if they do not see a large enough difference between Tor and JonDo. Whatever advantages JonDo offers above Tor is (it is perceived) easily muted out in favor of the free services, Tor, and a VPN. Which brings me to three.

Third, because JonDo and Tor share the same limited abilities (e.g. limited to TCP traffic, et al.) people would rather spend money for a service that encrypts the whole Internet and supports UDP (e.g. VPN). Using a VPN in conjunction with Tor and free JonDo is more affordable and removes limited traffic.

Four, a collective hodgepodge of cacophony (e.g. VPN propaganda, claims of a JonDo backdoor, ease of use).

Re: Declining user base and (possibly) new data retention la

Posted: Fri Apr 24, 2015 8:28
by xg27
sovereignpress wrote: Four, a collective hodgepodge of cacophony (e.g. VPN propaganda, claims of a JonDo backdoor, ease of use).
As to that end, we have tongues, too, haven't we?

And once a while even some brains above them.lol!

Re: Declining user base and (possibly) new data retention la

Posted: Fri Apr 24, 2015 9:11
by cane
JonDo backdoor
I knoe the discussion. They talk about law enforcement and call ist "backdoor": https://anonymous-proxy-servers.net/en/ ... ement.html

They ignore the fact, that they have to follow the law too and it is much more easy comppromise ONE VPN operator by law than ALL mix operators in different countries.

No service operator (VPN, Tor or JonDonym) operates outside of law. But JonDonym communicate the limits by law to the user. Somebody use this information to call it "backdoor".

Endless and useless dicussion.

Re: Declining user base and (possibly) new data retention la

Posted: Fri Apr 24, 2015 14:44
by Richard
cane wrote:About the reasons for decreasing number of users I have my own thoughts, not related to technically questions. But I don't have an idea how to stop it.
Dear Cane, could you please name this reason you have in mind (if it's possible to name it) ? Thanks.

Re: Declining user base and (possibly) new data retention la

Posted: Fri Apr 24, 2015 16:21
by frustrated
I think the major problem is a matter of culture and psychology. Most people just don't see a good reason to use JonDo (or Tor, for that matter). I've had plenty of off-line discussions with people regarding internet privacy and I've concluded that most people don't particularly care if their internet usage is tracked. Even people I know who have a deep suspicion of powerful institutions don't really care. I haven't even been able to convince people to block cookies, never mind making use of JonDo.
I'm not suggesting user apathy is the sole source of our problem. I agree that the factors listed in the previous posts are all matters of concern. But user indifference to internet surveillance is the highest hurdle to clear.