Alternative browser configuration
From JonDonym Wiki
(Difference between revisions)
(→Features needed for privacy-friendly browsers) |
|||
| Line 13: | Line 13: | ||
Apart from the IP address, web browsers do leave many other tracks. It is not sufficient to just set JonDonym as a proxy. | Apart from the IP address, web browsers do leave many other tracks. It is not sufficient to just set JonDonym as a proxy. | ||
| − | #Cookies and Jacascript: domain-specific control (whitelisting) and | + | #Cookies and Jacascript: use domain-specific control (whitelisting) and disable it by default. |
| − | #Referer control: remove it when changing domain, keep when staying within domain (otherwise various pages don't work) | + | #Referer control: remove it when changing domain, keep when staying within domain (otherwise various pages don't work). Referer has to be send without parameters. |
| − | #DomStorage and SessionStorage: domain-specific control (whitelisting) and allow to disable completely | + | #DomStorage and SessionStorage: domain-specific control (whitelisting) and allow to disable completely. |
| − | # | + | #To avoid tracking by ETags and content the cache has to protected. Access has to be only possible within domain or disable it completely. |
| − | #Werbe- andTrackingserver should be blockable by a blacklist | + | #Disable ping attributes of HTML links. |
| + | #Werbe- andTrackingserver should be blockable by a blacklist because ads are used for tracking. | ||
#Detect and remove HTML-Spys (1x1 pixel transparent pictures, usually GIF) | #Detect and remove HTML-Spys (1x1 pixel transparent pictures, usually GIF) | ||
#Allow to specify alternative and privacy-friendly search engines, if the browser provides a web search field, or may "redirect" typed adresses to web searches | #Allow to specify alternative and privacy-friendly search engines, if the browser provides a web search field, or may "redirect" typed adresses to web searches | ||
| − | #Allow to modify the user agent string | + | #Allow to modify the user agent string. |
| − | # | + | #Disable Flash, PDF, Java and other plugins, because plugins can circumvent browser proxy settings and can send many information for a browser fingerprint. |
#Tracking-Opt-Out Header should be available '''X-Do-Not-Track''' | #Tracking-Opt-Out Header should be available '''X-Do-Not-Track''' | ||
| − | # | + | #Disable the Geolocation-API, if present |
| − | # | + | #Clear all private data (cache, cookies, history, forms) when terminating the browser |
| − | # | + | #Access to browser history has to be only possible within a domain. |
#Desirable: offer additional validation of SSL certificates, government agencies can compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals’ secure Web-based communications. ([[Publications about tracking and spying technologies#Certified Lies - Detecting and Defeating Government Interception Attacks against SSL|research paper]]). Some CAs will easily provide such certificates, as shown by a [http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/ab1c21635e07d818 test] (Google groups). | #Desirable: offer additional validation of SSL certificates, government agencies can compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals’ secure Web-based communications. ([[Publications about tracking and spying technologies#Certified Lies - Detecting and Defeating Government Interception Attacks against SSL|research paper]]). Some CAs will easily provide such certificates, as shown by a [http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/ab1c21635e07d818 test] (Google groups). | ||
Revision as of 09:45, 3 September 2013
Main Page (en) | Information for JonDonym users
Contents |
Alternative browser configuration
For an optimal usage of JonDo we recommend also using JonDoFox. This will save you the configuration effort, since JonDoFox already contains all necessary settings to surf anonymously with JonDo on the Web. Further information about JonDoFox may be found here or on the JonDoFox homepage. If you prefer to use JonDonym with another browser it is necessary that you make the basic settings yourself.
Please beware: False or incomplete configuration causes browsers to leave a lot of traces while surfing, even if you use JonDonym. Configuring the browser yourself is quite elaborate and requires a deeper understanding of web technologies.
Browser updates: For surfing the web, use really up-to-date browsers only. Otherwise, websites might attack and damage your computer directly over browser security holes. Therefore, you should regularly update your browser.
Features needed for privacy-friendly browsers
Apart from the IP address, web browsers do leave many other tracks. It is not sufficient to just set JonDonym as a proxy.
- Cookies and Jacascript: use domain-specific control (whitelisting) and disable it by default.
- Referer control: remove it when changing domain, keep when staying within domain (otherwise various pages don't work). Referer has to be send without parameters.
- DomStorage and SessionStorage: domain-specific control (whitelisting) and allow to disable completely.
- To avoid tracking by ETags and content the cache has to protected. Access has to be only possible within domain or disable it completely.
- Disable ping attributes of HTML links.
- Werbe- andTrackingserver should be blockable by a blacklist because ads are used for tracking.
- Detect and remove HTML-Spys (1x1 pixel transparent pictures, usually GIF)
- Allow to specify alternative and privacy-friendly search engines, if the browser provides a web search field, or may "redirect" typed adresses to web searches
- Allow to modify the user agent string.
- Disable Flash, PDF, Java and other plugins, because plugins can circumvent browser proxy settings and can send many information for a browser fingerprint.
- Tracking-Opt-Out Header should be available X-Do-Not-Track
- Disable the Geolocation-API, if present
- Clear all private data (cache, cookies, history, forms) when terminating the browser
- Access to browser history has to be only possible within a domain.
- Desirable: offer additional validation of SSL certificates, government agencies can compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals’ secure Web-based communications. (research paper). Some CAs will easily provide such certificates, as shown by a test (Google groups).
Proxy settings
With proxy settings you configure your browser to not send requests directly over the Internet but through JonDo instead. This anonymizes the data. You will need to enter the following in the proxy settings for HTTP, HTTPS, FTP, and if required GOPHER (obsolete?) proxies of your browser:
- Hostname/IP address: 127.0.0.1
- Port: 4001 (if you had setup a different listen port than 4001 in JonDo then you need to input it here instead of 4001 too)
Warning: Make sure NOT to leave any protocols (HTTPS, FTP) without any proxy.
