Use cases

From JonDonym Wiki
(Difference between revisions)
Jump to: navigation, search
(Created page with '==== Web browser - anonymous WWW surfing ==== If you are surfing the web via JonDo using JonDoFox, your IP address and the characteristics of your browser are anonymized. But you…')
 
 
(107 intermediate revisions by 5 users not shown)
Line 1: Line 1:
==== Web browser - anonymous WWW surfing ====
+
<iimg>[[Use cases]]![[Image:en2.png]]</iimg><iimg>[[Anwendungsmöglichkeiten]]![[Image:de2.png]]</iimg>&nbsp;[[Main_Page|Main Page (en)]] | [[tips and tricks|Information for JonDonym users]]
If you are surfing the web via JonDo using JonDoFox, your IP address and the characteristics of your browser are anonymized. But you should in any case pay attention to the following notes while surfing, because otherwise JonDonym is not able to protect you:
+
== Use cases for anonymous E-mail communication ==
  
* If it is possible, enter personal data on web sites only if they are secured by HTTPS. JonDoFox shows for these sites a <strong><span style="color: rgb(0, 0, 255);">blue</span></strong> or <span style="color: rgb(51, 153, 102);"><strong>green</strong></span> bar within the address bar.
+
If you are using one and the same address more then once in order to send or receive your E-mail, you are "creating" an identity with it. In the following you will find notes about web mail services as well as some web services designed to improve your privacy.
* If it is possible, enter your correct personal data only if you want to order some physical product. In all the other cases you should use imagined identities and do not use login names more than once.
+
* Use different, randomly generated and preferably long passwords for each web service. You may use password programs like [http://keepass.info/ KeePass], in order to generate identities and passwords automatically and save them securely.
+
* [[JonDoFox_FAQ#I_sometimes_have_to_activate_Flash_applets._How_may_I_get_a_better_security_thereby.3F|Avoid Flash and Java applications]]. [[JonDoFox_FAQ#How_may_I_view_web_videos_with_JonDoFox.3F|Download web videos]] instead of viewing them directly in your browser.
+
* Deactivate Flash and JavaScript in the [[#Secure PDF documents: harden Adobe Acrobat against attacks|settings of your Acrobat Reader]]. Do not have displayed pdf-documents in your browser.
+
* Allow JavaScript only if you need it necessarily.
+
* Allow cookies just temporarily. Do not use Google search if you have accepted cookies for Googlemail.
+
  
==== Secure PDF documents: harden Adobe Acrobat against attacks ====
+
=== Remailer - Sending E-mails from disposable addresses ===
Using Edit->Preferences (key combination: Strg+K), you should disable various functions of your Adobe Reader in order to secure it against hackers.
+
Multimedia Trust must not be allowed (prevents direct IP connections):
+
  
[[Image:adobe_multimedia.png]]
+
If you want to send E-mails, but do not want to reveal your identity to the addressee or a third party, the best thing is using an anon remailer. Some mixmaster remailer offer a web interface. If the addressee has a contact form on his web-site, of course, you may use rather that one.
  
JavaScript must be deactivated (prevents hacker attacks):
+
* [https://www.cotse.net/cgi-bin/mixmail.cgi Cotse]
  
[[Image:adobe_javascript.png]]
+
* [https://anon.978.org/ Anon978] (SSL certificate is invalid at the moment: expired and self-brewn)
 +
* [http://anonymouse.org/anonemail_de.html AnonEmail by Anonymouse.org] ('''no SSL-encryption!''')
 +
* [http://humer55.hu.funpic.de/ Humer55] ('''no SSL-encryption!''')
  
Internet: Forbid displaying PDFs in the browser (prevents direct IP connections):
+
=== Temporary and disposableE-mail accounts ===
 +
This topic as moved to online help: [https://anonymous-proxy-servers.net/en/help/email-disposable.html Use Disposable Email Addresses]
  
[[Image:adobe_internet.png]]
+
=== Webmail providers: Security and Privacy ===
  
==== Disposable e-mail addresses ====
+
JonDos recommendation for trusted mail providers you may find in our online help together with a tutorial [https://anonymous-proxy-servers.net/en/help/thunderbird.html How to use Mozilla Thunderbird with JonDonym]. It is more comfortable and for JonDonym premium users less expensive to use an email client rather than the overloaded webinterfaces of some mail providers.
If you are using one and the same address more then once in order to send or receive your e-mail, you are "creating" an identity with it. In the following you will find some web services which you may use to quickly switch your e-mail pseudonym:
+
  
''Sending e-mails from disposable addresses''
+
Provides a personal E-mail address, requires registration, most services also personal data. Most of them need cookies to login, as well as they do use JavaScript, but still work without too, with some minor or bigger limitations and annoyances. Even if the server pressures you to enable JS or "upgrade your browser", it may be able to work without. To use your account without JS make sure to always login with JS off, otherwise the server, when it finds JS available at one time, may switch into a JS-friendly mode that is difficult to get rid off again. Also it is possible that a service will require JavaScript on registration only (abuse prevention), but later work without. List of services (without pointing privacy issues): [http://www.thefreecountry.com/webmaster/freeemail.shtml TheFreeCountry] Forum thread: [http://forum.anonymous-proxy-servers.net/viewtopic.php?t=4306 4306 (German)].
  
If you want to send e-mails, but do not want to reveal your identity to the addressee or a third party, the best thing is using the remailer interface provided by the German Privacy Foundation (click here). If the addressee has a contact form on his web-site, of course, you may use rather this one.
+
==== Yahoo ====
 +
* Only reading of emails is HTTPS encrypted. You will send emails without HTTPS encryption.
 +
* One of the earliest providers
 +
* Cookies: required
 +
* Javascript for ''yahoo.com'' and ''yimg.com'' required, additional for ''yahooapis.com'' for some functions.
  
''Receiving e-mails to disposable addresses''
+
==== GMX.de ====
 +
* Registration only possible with German IP address.
 +
* An e-mail address is required for registration, temporary mail addresses were possible
 +
* German language only, E-mail only for people living in Germany, Austria or Switzerland
 +
* Javascript not needed, session cookies required
 +
* Mobile webinteface at https://m.gmx.de/
  
If you are registering on web-forums you often have to leave an e-mail address in order to get a confirmation. If you do not want to use your own e-mail address for it, you may use rather one of the following temporary PO boxes:
+
==== Freenet.de ====
 +
* German free mail provider
 +
* An e-mail address is required for registration, temporary mail addresses were possible
 +
* Session-cookies required
 +
* Mobile webinteface at https://email.mobil.freenet.de/
  
*[https://anonbox.net/ Anonbox provided by Chaos Computer Club] (readable using web-site source)
+
==== Web.de ====
*[http://dodgit.com/ Dodgit]
+
* Registration only possible with German IP address.
*[http://www.mailcatch.com/ Mailcatch]
+
* German language only, E-mail only for people living in Germany, Austria or Switzerland
*[http://www.mailinator.com/ Mailinator]
+
* Also web search and news portal (posting comments and viewing videos do need JS)
*[http://www.sofort-mail.de/ Sofort-Mail]
+
* Cookies: required
*[http://www.trash-mail.com/ Trashmail]
+
* Works with Firefox, but not Opera (?)
 +
* Javascript: Pressures the user to enable ("your browser is not supported"), but works mostly, still not fully, without
 +
* Free of cost as long as it works for you, support is only by phone, 3 Euro/min
 +
* Last test: 2011-10
  
==== Create pseudonymous e-mail accounts ====
+
==== GMail (NOT recommended!) ====
 +
* All messages (incoming and outgoing) are indexed by Google. Informations from indexing are connected with other collected informations (search engine usage, websites with Google ads visited by the user....)
 +
* Deleted emails are '''not removed''' from the server, only marked as '''not visible'''.
 +
* Google cooperates with the CIA in the [http://www.wired.com/dangerroom/2010/07/exclusive-google-cia/ Future of Web Monitoring]. The Electronic Privacy Information Center (EPIC) tries to get informations about a Google/NSA partnership, but [http://epic.org/2010/09/epic-files-suit-for-documents.html did not get an answer]. May e-mails will be mirrored to NSA in future like the search queries database.
  
''Pseudonymous inboxes for whistle-blowers''
+
=== See also ===
  
Journalists, bloggers and other whistle-blowers may use the [http://privacybox.de/index.en.html PrivacyBox (click here)].
+
More: [[Other_use_cases]]
 
+
''E-mail accounts in one minute''
+
 
+
There are many e-mail provider that allow you to set up a new account very quickly if required. Choose an E-Mail address of the form '''anonymous1234abcd@provider.tld''', that is "anonymous" + numbers + letters. If all JonDo users create addresses of this form, they are much less distinguishable. Please be aware that you do never access these accounts without using JonDo because otherwise your IP address is being revealed. Please note that almost all of these services need cookies for login.
+
 
+
*[https://www.hushmail.com/ Hushmail] (HTTPS/POP with SSL; needs JavaScript)
+
*[https://www.safe-mail.net/ SafeMail] (HTTPS/POP with SSL; usable without JavaScript if you are choosing "User-Interface-NoScripts" below the password while logging in)
+
*[https://www.vfemail.net/ VFEmail] (HTTPS/POP with SSL, [[#Disposable e-mail addresses|you need a disposable address for registration]])
+
*[http://www.hotpop.com/ HotPop] (no HTTPS; POP with SSL; only 8 character passwords; choose random answers on questions about personality)
+
*[http://www.gawab.com/ Gawab] (no HTTPS; POP with SSL you need to allow JavaScript for Gawab and Recaptcha for signup)
+
*[http://boardermail.com/ Bordermail] (no JavaScript, but also no HTTPS/POP)
+
*[http://www.breakthru.com/ Breakthru] (no cookies, no JavaScript, but also no HTTPS/POP)
+
 
+
==== Keep your E-mail communication ====
+
With [http://www.hushmail.com/ Hushmail] you can prevent the details of your e-mail communication being left behind on servers and/or computers of your communication partners. Above all this is useful if the addressees of your e-mails are using web accounts which are never deleted, like GoogleMail. At least the e-mail provider can trace your communication then. Therefore, act as follows:
+
 
+
* [[#Create pseudonymous e-mail accounts|Set up an e-mail account]] (account A) in order to [http://anonymous-proxy-servers.net/en/help/thunderbird.html receive e-mails] (do NOT use Hushmail now, as otherwise Hushmail would be able to observe your long-term communication, which is just what we want to prevent).
+
* Access account A regularly via JonDo using your e-mail programm or your browser.
+
* Set up a [https://www.hushmail.com/ new Hushmail account] (account B) for every addressee who is sending you an e-mail to account A. You may now access this account via JonDo as well, as long as you need it.
+
* Answer the addressee only via account B. He is getting now a link. If he is clicking on it, he may write you back directly using the Hushmail web site (HTTPS-encrypted).
+
* Account B will be deleted automatically if you are not accessing it for three weeks. With it your communication is gone as well, unless your addressee has saved or printed the Hushmail web sites.
+
 
+
If your conversation partner is also using Hushmail, however, he keeps your messages. You should [http://www.gpg4win.org/ encrypt your messages using GPG] additionally, ([http://getfiregpg.org/install.html best directly in your web browser]) in order to make the access of a third party more difficult.
+
 
+
==== Anonymous and secure document sharing ====
+
If you want to send larger documents but are not able or do not want to attach them on e-mails you should use one of the following one-click file hosts. There you may upload files for some days or weeks free of charge:
+
 
+
* [http://www.turboupload.com/ TurboUpload]
+
* [http://www.filefactory.com/ FileFactory]
+
* [http://files.ww.com/ Files.ww]
+
* [http://www.share-now.net/ Share-Now]
+
* [http://www.justupit.com/ JustUpIt]
+
* [http://www.load.to/ Load.to]
+
* [http://www.datenklo.net/ Datenklo] (deleting manually maybe not possible)
+
* [http://www.flyupload.com/ FlyUpload] (deleting manually maybe not possible)
+
* [http://ultrashare.net/ UltraShare] (deleting manually maybe not possible)
+
 
+
These file hosts do not require scripts or cookies in your browser and do not want user-related data.
+
 
+
If you want to protect the contents of the uploaded files against being accessed by file hosts or third parties you should encrypt them before uploading. You may use, e.g. [http://www.truecrypt.org/ TrueCrypt], [http://www.axantum.com/AxCrypt/ AxCrypt], [http://www.aescrypt.com/ AES Crypt] or [http://sourceforge.net/projects/jfilecrypt/ jFileCrypt]. Then you are sending the password to the same people that get the download link to the files.
+
 
+
Hint: An asymmetric encryption of these files using GPG/PGP results in third parties being able to connect your GPG/PGP pseudonyms with those files.
+

Latest revision as of 16:06, 4 October 2013

En2.png De2.png  Main Page (en) | Information for JonDonym users

Contents

Use cases for anonymous E-mail communication

If you are using one and the same address more then once in order to send or receive your E-mail, you are "creating" an identity with it. In the following you will find notes about web mail services as well as some web services designed to improve your privacy.

Remailer - Sending E-mails from disposable addresses

If you want to send E-mails, but do not want to reveal your identity to the addressee or a third party, the best thing is using an anon remailer. Some mixmaster remailer offer a web interface. If the addressee has a contact form on his web-site, of course, you may use rather that one.

Temporary and disposableE-mail accounts

This topic as moved to online help: Use Disposable Email Addresses

Webmail providers: Security and Privacy

JonDos recommendation for trusted mail providers you may find in our online help together with a tutorial How to use Mozilla Thunderbird with JonDonym. It is more comfortable and for JonDonym premium users less expensive to use an email client rather than the overloaded webinterfaces of some mail providers.

Provides a personal E-mail address, requires registration, most services also personal data. Most of them need cookies to login, as well as they do use JavaScript, but still work without too, with some minor or bigger limitations and annoyances. Even if the server pressures you to enable JS or "upgrade your browser", it may be able to work without. To use your account without JS make sure to always login with JS off, otherwise the server, when it finds JS available at one time, may switch into a JS-friendly mode that is difficult to get rid off again. Also it is possible that a service will require JavaScript on registration only (abuse prevention), but later work without. List of services (without pointing privacy issues): TheFreeCountry Forum thread: 4306 (German).

Yahoo

  • Only reading of emails is HTTPS encrypted. You will send emails without HTTPS encryption.
  • One of the earliest providers
  • Cookies: required
  • Javascript for yahoo.com and yimg.com required, additional for yahooapis.com for some functions.

GMX.de

  • Registration only possible with German IP address.
  • An e-mail address is required for registration, temporary mail addresses were possible
  • German language only, E-mail only for people living in Germany, Austria or Switzerland
  • Javascript not needed, session cookies required
  • Mobile webinteface at https://m.gmx.de/

Freenet.de

  • German free mail provider
  • An e-mail address is required for registration, temporary mail addresses were possible
  • Session-cookies required
  • Mobile webinteface at https://email.mobil.freenet.de/

Web.de

  • Registration only possible with German IP address.
  • German language only, E-mail only for people living in Germany, Austria or Switzerland
  • Also web search and news portal (posting comments and viewing videos do need JS)
  • Cookies: required
  • Works with Firefox, but not Opera (?)
  • Javascript: Pressures the user to enable ("your browser is not supported"), but works mostly, still not fully, without
  • Free of cost as long as it works for you, support is only by phone, 3 Euro/min
  • Last test: 2011-10

GMail (NOT recommended!)

  • All messages (incoming and outgoing) are indexed by Google. Informations from indexing are connected with other collected informations (search engine usage, websites with Google ads visited by the user....)
  • Deleted emails are not removed from the server, only marked as not visible.
  • Google cooperates with the CIA in the Future of Web Monitoring. The Electronic Privacy Information Center (EPIC) tries to get informations about a Google/NSA partnership, but did not get an answer. May e-mails will be mirrored to NSA in future like the search queries database.

See also

More: Other_use_cases

Personal tools