JonDoFox sources

From JonDonym Wiki
(Difference between revisions)
Jump to: navigation, search
Line 61: Line 61:
 
** dom.indexedDB.enabled set to false (FF4 and higher)
 
** dom.indexedDB.enabled set to false (FF4 and higher)
 
** webgl.disabled set to true (FF4 and higher)
 
** webgl.disabled set to true (FF4 and higher)
** browser.display.use_document_fonts set to 0 (JDF-Profile 2.5.2ff.)
+
** browser.display.use_document_fonts set to 0
 +
** browser.sessionhistory.max_entries set to 2 (FF4 and higher)
 
** browser.safebrowsing.* => set relevant safebrowsing peferences to values that do neither leak the deployed language nor the FF version to Google (see the preferences.js in the JonDoFox.xpi for the currently used values)
 
** browser.safebrowsing.* => set relevant safebrowsing peferences to values that do neither leak the deployed language nor the FF version to Google (see the preferences.js in the JonDoFox.xpi for the currently used values)
  
Line 73: Line 74:
  
 
*HTTP-Authentication
 
*HTTP-Authentication
** included first defense against HTTP-Auth tracking (see: [http://jeremiahgrossman.blogspot.com/2007/04/tracking-users-without-cookies.html http://jeremiahgrossman.blogspot.com/2007/04/tracking-users-without-cookies.html]) {planned to use the same partitioning methods as SafeCache and the Referer-spoofing in the mid-run; tabspecific separation in the long run}
+
** included first defense against HTTP-Auth tracking (see: [http://jeremiahgrossman.blogspot.com/2007/04/tracking-users-without-cookies.html http://jeremiahgrossman.blogspot.com/2007/04/tracking-users-without-cookies.html]) {planned to use the same partitioning methods as SafeCache and the Referer-spoofing in the mid-run; tabspecific separation in the long run; needs still to get improved, see TBB's solution}
  
 
*Browser History
 
*Browser History
Line 96: Line 97:
  
 
*SSL based attacks
 
*SSL based attacks
** included a modified version of Certificate Patrol (CP) {planned to enhance that to include CP evaluation of every SSL request, see: http://ha.ckers.org/blog/20100901/issues-with-perspectives/, further minor details should be enhanced (some things concerning the change-cert dialog, a kind of get-me-out-of-here button...)}
+
** included a modified version of Certificate Patrol (CP) {planned to enhance that a bit further (a kind of get-me-out-of-here button...)}
 
** disabled attacks using client certificates per preference
 
** disabled attacks using client certificates per preference
 
** included EFF's distributed SSL Observatory feature to be able to secure the SSL infrastructure in the future
 
** included EFF's distributed SSL Observatory feature to be able to secure the SSL infrastructure in the future

Revision as of 16:17, 27 September 2011

En2.png De2.png

How to get the sources and build a jondofox.xpi

It is probably the best to create a JonDoFox directory first and change to it:

mkdir JonDoFox && cd JonDoFox

Now you need a subversion client and check out the source as follows:

svn checkout https://svn.jondos.de/svnpub/JonDoFox_Extension/trunk

If your svn client complains about our self-signed certificate you may compare the SHA1 fingerprints to make sure you download our sources. The fingerprint of our certificate is:

d2:db:a8:0a:01:bd:19:fe:39:14:b1:7c:15:8e:fd:ce:f7:2e:88:d5

Afterwards change the directory to trunk and run the appropriate shellscript:

cd trunk && ./makexpi.sh

Now you'll find the freshly built jondofox.xpi in the directory xpi.

JonDoFox Documentation

The source of the documentation may be found here, a compiled .pdf may be found here (currently only an old german version).

JonDoFox' Defenses

  • HTTP-Header
    • spoofing of User Agent (general.appname.override, general.appversion.override, general.buildID.override, general.oscpu.override, general.platform.override, general.productSub.override, general.useragent.override, general.useragent.vendor, general.useragent.vendorSub)
    • spoofing of Referer
    • further header spoofing (intl.accept_languages, intl.charset.default, network.http.accept.default)
  • Further preferences
    • browser.search.suggest.enabled set to false
    • browser.zoom.siteSpecific set to false
    • plugin.expose_full_path set to false
    • browser.send_pings set to false
    • dom.storage.enabled set to false
    • geo.enabled set to false
    • network.prefetch-next set to false
    • network.proxy.socks_remote_dns set to true
    • network.http.proxy.keep-alive set to false
    • view_source.editor.external set to false
    • security.remember_cert_checkbox_default_setting set to false
    • security.default_personal_cert set to "Ask Every Time"
    • privacy.sanitize.sanitizeOnShutdown set to true
    • privacy.clearOnShutdown.history set to false
    • privacy.clearOnShutdown.offlineApps set to true
    • network.cookie.cookieBehavior set to 2
    • network.protocol-handler.warn-external.news set to true
    • network.protocol-handler.warn-external.snews set to true
    • network.protocol-handler.warn-external.nntp set to true
    • network.protocol-handler.warn-external.file set to true
    • network.protocol-handler.warn-external.mailto set to true
    • network.protocol-handler.warn-external-default set to true
    • browser.history_expire_days set to 0
    • network.websocket.enabled set to false (FF4 and higher)
    • network.http.accept-encoding set to "gzip,deflate" (FF4 and higher)
    • privacy.donottrackheader.enabled set to true (FF4 and higher)
    • extensions.update.autoUpdateDefault set to false (FF4 and higher)
    • extensions.getAddons.cache.enabled set to false (FF4 and higher)
    • dom.indexedDB.enabled set to false (FF4 and higher)
    • webgl.disabled set to true (FF4 and higher)
    • browser.display.use_document_fonts set to 0
    • browser.sessionhistory.max_entries set to 2 (FF4 and higher)
    • browser.safebrowsing.* => set relevant safebrowsing peferences to values that do neither leak the deployed language nor the FF version to Google (see the preferences.js in the JonDoFox.xpi for the currently used values)
  • Cookies, DOM storage and IndexedDB
    • cookies currently blocked per default via Cookie Monster {planned an own user friendly tabspecific CM}
    • DOM storage currently disabled per preference {planned to expand the CM to the handling of DOM storage}
    • The IndexedDB feature is disabled per preference at the moment {planned to expand the CM to the handling of the IndexedDB feature}
  • Cache
    • modified SafeCache code {planned to expand the tabspecific design mentioned above to handle cache cases as well}
  • Browser History
    • currently disabled per preference (FF3.x)
  • Java and Flash
    • NoScript in profile included
    • if they need to be used we recommend ProxyCap as a Socksifier {we plan to investigate whether there is a free solution available for all platforms}
  • Websockets
    • currently disabled per preference until we investigated whether they pose an additional threat (and if so, how to mitigate that)
  • MIME types
    • in almost all cases we avoid that an external application is launched automatically to open a specific file
    • we show a warning dialog (hooking us into the external app or NoScript dialog (the latter if the user has a pdf plugin activated))
    • we prohibit that the user may set the "Always open with this application" option {there needs still a little bit done in this regard to make that bulletproof}
  • Search queries
    • delete the search queries after user launched search request
    • after half an hour will the search history be deleted
    • we disabled search suggestions per preference
  • SSL based attacks
    • included a modified version of Certificate Patrol (CP) {planned to enhance that a bit further (a kind of get-me-out-of-here button...)}
    • disabled attacks using client certificates per preference
    • included EFF's distributed SSL Observatory feature to be able to secure the SSL infrastructure in the future
  • Media queries
    • currently no way to cope with that as that needs probably a patched Firefox
  • @font-face
    • NoScript
    • {we plan to implement a nsIContentPolicy that would take care of it e.g. if NoScript is disabled}
  • JS based attacks
    • NoScript in profile included
    • tracking users via window.name is disabled
    • {planned to spoof the browser locale reliably}
  • Plugins
    • {planned to disable Plugins in JonDo mode/and or if NoScript is not activated/installed}
  • AdBlock based attack
    • {planned to implement one ad blocking list shipped with JonDoFox to minimize the risk that users get profiled by using different ad filter lists}
Personal tools