Alternative browser configuration
Alternative browser configuration
For an optimal usage of JonDo we recommend also using JonDoFox. This will save you the configuration effort, since JonDoFox already contains all necessary settings to surf anonymously with JonDo on the Web. Further information about JonDoFox may be found here or on the JonDoFox homepage. If you prefer to use JonDonym with another browser it is necessary that you make the basic settings yourself.
Please beware: False or incomplete configuration causes browsers to leave a lot of traces while surfing, even if you use JonDonym. Configuring the browser yourself is quite elaborate and requires a deeper understanding of web technologies.
Browser updates: For surfing the web, use really up-to-date browsers only. Otherwise, websites might attack and damage your computer directly over browser security holes. Therefore, you should regularly update your browser.
Features needed for privacy-friendly browsers
Apart from the IP address, web browsers do leave many other tracks. It is not sufficient to just set JonDonym as a proxy.
- Cookies and Jacascript: use domain-specific control (whitelisting) and disable it by default.
- Referer control: remove it when changing domain, keep when staying within domain (otherwise various pages don't work). Referer has to be send without parameters.
- DomStorage and SessionStorage: domain-specific control (whitelisting) and allow to disable completely.
- To avoid tracking by ETags and content the cache has to protected. Access has to be only possible within domain or disable it completely.
- Disable ping attributes of HTML links.
- Werbe- andTrackingserver should be blockable by a blacklist because ads are used for tracking.
- Detect and remove HTML-Spys (1x1 pixel transparent pictures, usually GIF)
- Protect installed fonts on your computer for analysis, it is a high rated value in browser fingerprinting.
- Allow to specify alternative and privacy-friendly search engines, if the browser provides a web search field, or may "redirect" typed adresses to web searches
- Allow to modify the user agent string.
- Disable Flash, PDF, Java and other plugins, because plugins can circumvent browser proxy settings and can send many information for a browser fingerprint.
- Tracking-Opt-Out Header should be available X-Do-Not-Track
- Disable the Geolocation-API, if present
- Clear all private data (cache, cookies, history, forms) when terminating the browser
- Access to browser history has to be only possible within a domain.
- Desirable: offer additional validation of SSL certificates, government agencies can compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals’ secure Web-based communications. (research paper). Some CAs will easily provide such certificates, as shown by a test (Google groups).
With proxy settings you configure your browser to not send requests directly over the Internet but through JonDo instead. This anonymizes the data. You will need to enter the following in the proxy settings for HTTP, HTTPS, FTP, and if required GOPHER (obsolete?) proxies of your browser:
- Hostname/IP address: 127.0.0.1
- Port: 4001 (if you had setup a different listen port than 4001 in JonDo then you need to input it here instead of 4001 too)
Warning: Make sure NOT to leave any protocols (HTTPS, FTP) without any proxy.