JonDoFox sources
From JonDonym Wiki
How to get the sources and build a jondofox.xpi
It is probably the best to create a JonDoFox directory first and change to it:
mkdir JonDoFox && cd JonDoFox
Now you need a subversion client and check out the source as follows:
svn checkout https://svn.jondos.de/svnpub/JonDoFox_Extension/trunk
If your svn client complains about our self-signed certificate you may compare the SHA1 fingerprints to make sure you download our sources. The fingerprint of our certificate is:
d2:db:a8:0a:01:bd:19:fe:39:14:b1:7c:15:8e:fd:ce:f7:2e:88:d5
Afterwards change the directory to trunk and run the appropriate shellscript:
cd trunk && ./makexpi.sh
Now you'll find the freshly built jondofox.xpi in the directory xpi.
JonDoFox Documentation
The source of the documentation may be found here, a compiled .pdf may be found here (currently only an old german version).
JonDoFox' Defenses
- HTTP-Header
- spoofing of User Agent (general.appname.override, eneral.appversion.override, general.buildID.override, general.oscpu.override, general.platform.override, general.productSub.override, eneral.useragent.override, general.useragent.vendor, general.useragent.vendorSub)
- spoofing of Referer
- further header spoofing (intl.accept_languages, intl.charset.default, intl.accept_charsets, network.http.accept.default)
- Further preferences
- browser.search.suggest.enabled set to false
- browser.zoom.siteSpecific set to false
- plugin.expose_full_path set to false
- browser.send_pings set to false
- dom.storage.enabled set to false
- geo.enabled set to false
- network.prefetch-next set to false
- network.proxy.socks_remote_dns set to true
- network.http.proxy.keep-alive set to false
- view_source.editor.external set to false
- security.remember_cert_checkbox_default_setting set to false
- security.default_personal_cert set to "Ask Every Time"
- privacy.sanitize.sanitizeOnShutdown set to true
- privacy.clearOnShutdown.history set to false
- privacy.clearOnShutdown.offlineApps set to true
- network.cookie.cookieBehavior set to 2
- network.protocol-handler.warn-external.news set to true
- network.protocol-handler.warn-external.snews set to true
- network.protocol-handler.warn-external.nntp set to true
- network.protocol-handler.warn-external.file set to true
- network.protocol-handler.warn-external.mailto set to true
- network.protocol-handler.warn-external-default set to true
- browser.history_expire_days set to 0
- network.websocket.enabled set to false (FF4 and higher)
- network.http.accept-encoding set to "gzip,deflate" (FF4 and higher)
- privacy.donottrackheader.enabled set to true (FF4 and higher)
- extensions.update.autoUpdateDefault set to false (FF4 and higher)
- extensions.getAddons.cache.enabled set to false (FF4 and higher)
- dom.indexedDB.enabled set to false (FF4 and higher)
- webgl.disabled set to true (FF4 and higher)
- browser.display.use_document_fonts set to 0 (JDF-Profile 2.5.2)
- Cookies, DOM storgae and IndexedDB
- cookies currently blocked per default via Cookie Monster {planned an own user friendly tabspecific CM}
- DOM storage currently disabled per preference {planned to expand the CM to the handling of DOM storage}
- The IndexedDB feature is disabled per preference at the moment {planned to expand the CM to the handling of DOM storage}
- Cache
- modified SafeCache code {planned to expand the tabspecific design mentioned above to handle cache cases as well}
- Browser History
- currently disabled per preference (FF3.x)
- Java and Flash
- NoScript in profile included
- if they need to be used we recommend ProxyCap as a Socksifier {we plan to investigate whether there is a free solution available for all platforms}
- Websockets
- currently disabled per preference until we investigated whether they pose an additional threat (and if so, how to mitigate that)
- MIME types
- in almost all cases we avoid that an external application is launched automatically to open a specific file
- we show a warning dialog (hooking us into the external app or NoScript dialog (the latter if the user has a pdf plugin activated))
- we prohibit that the user may set the "Always open with this application" option {there needs still a little bit done in this regard to make that bulletproof}
- Search queries
- delete the search queries after user launched search request
- after half an hour will the search history be deleted
- we disabled search suggestions per preference
- SSL based attacks
- included a modified version of Certificate Patrol (CP) {planned to enhance that to include CP evaluation of every SSL request, see: http://ha.ckers.org/blog/20100901/issues-with-perspectives/, further minor details should be enhanced (some things concerning the change-cert dialog, a kind of get-me-out-of-here button...)}
- disabled attacks using client certificates per preference
- included EFF's distributed SSL Observatory feature to be able to secure the SSL infrastructure in the future
- Media queries
- currently no way to cope with that as that needs probably a patched Firefox
- @font-face
- NoScript
- {we plan to implement a nsIContentPolicy that would take care of it e.g. if NoScript is disabled}
- JS based attacks
- NoScript in profile included
- tracking users via window.name is disabled
- {planned to spoof the browser locale reliably}
- Plugins
- {planned to disable Plugins in JonDo mode/and or if NoScript is not activated/installed}
- AdBlock based attack
- {planned to implement one ad blocking list shipped with JonDoFox to minimize the risk that users get profiled by using different ad filter lists}