Alternative browser configuration

From JonDonym Wiki
(Difference between revisions)
Jump to: navigation, search
(Features needed for privacy-friendly browsers)
Line 13: Line 13:
 
Apart from the IP address, web browsers do leave many other tracks. It is not sufficient to just set JonDonym as a proxy.
 
Apart from the IP address, web browsers do leave many other tracks. It is not sufficient to just set JonDonym as a proxy.
  
#Cookies and Jacascript: domain-specific control (whitelisting) and allow to disable completely
+
#Cookies and Jacascript: use domain-specific control (whitelisting) and disable it by default.
#Referer control: remove it when changing domain, keep when staying within domain (otherwise various pages don't work), allow to disable completely
+
#Referer control: remove it when changing domain, keep when staying within domain (otherwise various pages don't work). Referer has to be send without parameters.
#DomStorage and SessionStorage: domain-specific control (whitelisting) and allow to disable completely
+
#DomStorage and SessionStorage: domain-specific control (whitelisting) and allow to disable completely.
#Pings an Dritte bei Klick auf einen Link müssen deaktiviert werden.
+
#To avoid tracking by ETags and content the cache has to protected. Access has to be only possible within domain or disable it completely.
#Werbe- andTrackingserver should be blockable by a blacklist. Werbeeinblendungen werden häufig auch für das Tracking genutzt.
+
#Disable ping attributes of HTML links.
 +
#Werbe- andTrackingserver should be blockable by a blacklist because ads are used for tracking.
 
#Detect and remove HTML-Spys (1x1 pixel transparent pictures, usually GIF)
 
#Detect and remove HTML-Spys (1x1 pixel transparent pictures, usually GIF)
 
#Allow to specify alternative and privacy-friendly search engines, if the browser provides a web search field, or may "redirect" typed adresses to web searches
 
#Allow to specify alternative and privacy-friendly search engines, if the browser provides a web search field, or may "redirect" typed adresses to web searches
#Allow to modify the user agent string
+
#Allow to modify the user agent string.
#Allow to disable Flash, PDF and other plugins
+
#Disable Flash, PDF, Java and other plugins, because plugins can circumvent browser proxy settings and can send many information for a browser fingerprint.
 
#Tracking-Opt-Out Header should be available '''X-Do-Not-Track'''
 
#Tracking-Opt-Out Header should be available '''X-Do-Not-Track'''
#Allow to disable the Geolocation-API, if present
+
#Disable the Geolocation-API, if present
#Allow to clear all private data (cache, cookies, history, forms) when terminating the browser
+
#Clear all private data (cache, cookies, history, forms) when terminating the browser
#Der Zugriff auf die Browser-History darf nur im Context der gleichen Domain möglich sein oder das Speichern des Verlaufs der besuchten Websites muss deaktivierbar sein. A [http://cseweb.ucsd.edu/users/lerner/papers/ccs10-jsc.pdf research paper of the University of California] shows, that cca 1% of top 50'000 Websites do collect informations by History-Sniffing.
+
#Access to browser history has to be only possible within a domain.
 
#Desirable: offer additional validation of SSL certificates, government agencies can compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals’ secure Web-based communications.  ([[Publications about tracking and spying technologies#Certified Lies - Detecting and Defeating Government Interception Attacks against SSL|research paper]]). Some CAs will easily provide such certificates, as shown by a [http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/ab1c21635e07d818 test] (Google groups).
 
#Desirable: offer additional validation of SSL certificates, government agencies can compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals’ secure Web-based communications.  ([[Publications about tracking and spying technologies#Certified Lies - Detecting and Defeating Government Interception Attacks against SSL|research paper]]). Some CAs will easily provide such certificates, as shown by a [http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/ab1c21635e07d818 test] (Google groups).
  

Revision as of 09:45, 3 September 2013

En2.png De2.png  Main Page (en) | Information for JonDonym users

Contents

Alternative browser configuration

For an optimal usage of JonDo we recommend also using JonDoFox. This will save you the configuration effort, since JonDoFox already contains all necessary settings to surf anonymously with JonDo on the Web. Further information about JonDoFox may be found here or on the JonDoFox homepage. If you prefer to use JonDonym with another browser it is necessary that you make the basic settings yourself.

Please beware: False or incomplete configuration causes browsers to leave a lot of traces while surfing, even if you use JonDonym. Configuring the browser yourself is quite elaborate and requires a deeper understanding of web technologies.

Browser updates: For surfing the web, use really up-to-date browsers only. Otherwise, websites might attack and damage your computer directly over browser security holes. Therefore, you should regularly update your browser.

Features needed for privacy-friendly browsers

Apart from the IP address, web browsers do leave many other tracks. It is not sufficient to just set JonDonym as a proxy.

  1. Cookies and Jacascript: use domain-specific control (whitelisting) and disable it by default.
  2. Referer control: remove it when changing domain, keep when staying within domain (otherwise various pages don't work). Referer has to be send without parameters.
  3. DomStorage and SessionStorage: domain-specific control (whitelisting) and allow to disable completely.
  4. To avoid tracking by ETags and content the cache has to protected. Access has to be only possible within domain or disable it completely.
  5. Disable ping attributes of HTML links.
  6. Werbe- andTrackingserver should be blockable by a blacklist because ads are used for tracking.
  7. Detect and remove HTML-Spys (1x1 pixel transparent pictures, usually GIF)
  8. Allow to specify alternative and privacy-friendly search engines, if the browser provides a web search field, or may "redirect" typed adresses to web searches
  9. Allow to modify the user agent string.
  10. Disable Flash, PDF, Java and other plugins, because plugins can circumvent browser proxy settings and can send many information for a browser fingerprint.
  11. Tracking-Opt-Out Header should be available X-Do-Not-Track
  12. Disable the Geolocation-API, if present
  13. Clear all private data (cache, cookies, history, forms) when terminating the browser
  14. Access to browser history has to be only possible within a domain.
  15. Desirable: offer additional validation of SSL certificates, government agencies can compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals’ secure Web-based communications. (research paper). Some CAs will easily provide such certificates, as shown by a test (Google groups).

Proxy settings

With proxy settings you configure your browser to not send requests directly over the Internet but through JonDo instead. This anonymizes the data. You will need to enter the following in the proxy settings for HTTP, HTTPS, FTP, and if required GOPHER (obsolete?) proxies of your browser:

  • Hostname/IP address: 127.0.0.1
  • Port: 4001 (if you had setup a different listen port than 4001 in JonDo then you need to input it here instead of 4001 too)

Warning: Make sure NOT to leave any protocols (HTTPS, FTP) without any proxy.

Browser list

Personal tools