Alternative browser configuration

From JonDonym Wiki
(Difference between revisions)
Jump to: navigation, search
(Features needed for privacy-friendly browsers)
(Features needed for privacy-friendly browsers)
Line 25: Line 25:
 
#Allow to disable the Geolocation-API, if present
 
#Allow to disable the Geolocation-API, if present
 
#Allow to clear all private data (cache, cookies, history, forms) when terminating the browser
 
#Allow to clear all private data (cache, cookies, history, forms) when terminating the browser
#Der Zugriff auf die Browser-History darf nur im Context der gleichen Domain möglich sein oder das Speichern des Verlaufs der besuchten Websites muss deaktivierbar sein. Eine [http://cseweb.ucsd.edu/users/lerner/papers/ccs10-jsc.pdf research paper of the University of California] zeigt, dass ca. 1% der Top 50'000 Websites Informationen über History-Sniffing sammeln.
+
#Der Zugriff auf die Browser-History darf nur im Context der gleichen Domain möglich sein oder das Speichern des Verlaufs der besuchten Websites muss deaktivierbar sein. A [http://cseweb.ucsd.edu/users/lerner/papers/ccs10-jsc.pdf research paper of the University of California] shows, that cca 1% of top 50'000 Websites do collect informations by History-Sniffing.
#Desirable: offer additional validation of SSL certificates, government agencies can compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals’ secure Web-based communications.  ([[Publications about tracking and spying technologies#Certified Lies - Detecting and Defeating Gouvernment Interception Attacks against SSL|research paper]]). Some CAs will easily provide such certificates, as shown by a [http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/ab1c21635e07d818 test].
+
#Desirable: offer additional validation of SSL certificates, government agencies can compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals’ secure Web-based communications.  ([[Publications about tracking and spying technologies#Certified Lies - Detecting and Defeating Government Interception Attacks against SSL|research paper]]). Some CAs will easily provide such certificates, as shown by a [http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/ab1c21635e07d818 test].
  
 
== Proxy settings ==
 
== Proxy settings ==

Revision as of 12:58, 27 January 2012

En2.png De2.png  Main Page (en) | Information for JonDonym users

Contents

Alternative browser configuration

For an optimal usage of JonDo we recommend also using JonDoFox. This will save you the configuration effort, since JonDoFox already contains all necessary settings to surf anonymously with JonDo on the Web. Further information about JonDoFox may be found here or on the JonDoFox homepage. If you prefer to use JonDonym with another browser it is necessary that you make the basic settings yourself.

Please beware: False or incomplete configuration causes browsers to leave a lot of traces while surfing, even if you use JonDonym. Configuring the browser yourself is quite elaborate and requires a deeper understanding of web technologies.

Browser updates: For surfing the web, use really up-to-date browsers only. Otherwise, websites might attack and damage your computer directly over browser security holes. Therefore, you should regularly update your browser.

Features needed for privacy-friendly browsers

Apart from the IP address, web browsers do leave many other tracks. It is not sufficient to just set JonDonym as a proxy.

  1. Cookies and Jacascript: domain-specific control (whitelisting) and allow to disable completely
  2. Referer control: remove it when changing domain, keep when staying within domain (otherwise various pages don't work), allow to disable completely
  3. DomStorage and SessionStorage: domain-specific control (whitelisting) and allow to disable completely
  4. Pings an Dritte bei Klick auf einen Link müssen deaktiviert werden.
  5. Werbe- und Trackingserver sollten mittels Blacklist generell blockiert werden können. Werbeeinblendungen werden häufig auch für das Tracking genutzt.
  6. Detect and remove HTML-Spys (1x1 pixel transparent pictures, usually GIF)
  7. Alternative und privacyfreundliche Suchmaschinen sollten konfigurierbar sein, wenn der Browser spezielle Eingabefunktionen für die Websuche bietet.
  8. Allow to modify user agent string
  9. Allow to disable Flash, PDF and other plugins
  10. Tracking-Opt-Out Header should be available X-Do-Not-Track
  11. Allow to disable the Geolocation-API, if present
  12. Allow to clear all private data (cache, cookies, history, forms) when terminating the browser
  13. Der Zugriff auf die Browser-History darf nur im Context der gleichen Domain möglich sein oder das Speichern des Verlaufs der besuchten Websites muss deaktivierbar sein. A research paper of the University of California shows, that cca 1% of top 50'000 Websites do collect informations by History-Sniffing.
  14. Desirable: offer additional validation of SSL certificates, government agencies can compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals’ secure Web-based communications. (research paper). Some CAs will easily provide such certificates, as shown by a test.

Proxy settings

With proxy settings you configure your browser to not send requests directly over the Internet but through JonDo instead. This anonymizes the data. You will need to enter the following in the proxy settings for HTTP, HTTPS, FTP, and if required GOPHER (obsolete?) proxies of your browser:

  • Hostname/IP address: 127.0.0.1
  • Port: 4001 (if you had setup a different listen port than 4001 in JonDo then you need to input it here instead of 4001 too)

Warning: Make sure NOT to leave any protocols (HTTPS, FTP) unproxified.

Warning for Webkit based browsers

Google Chrome, Apple Safari and other WebKit based browser are not recommended for anonymous surfing. Because of an FTP bug the IP address is leaked. This is independent of the used anonymization service. Tor users are affected as well.

Webkit-ftp-leak.png

Only solution is to block all FTP accesses (addresses beginning with "ftp://"), blocking only port 21 is not good enough. You can do this job with an AdBlock extension for your browser. Please use our anonymity test with IP check to verify your settings.

Browser list

Personal tools