![]() |
Table of Content |
JonDo's
features ![]() |
JonDonym and Tor may be the best anonymization systems technically, but both share small restrictions from concept that should be considered when using them:
Browser plugins for active contents (Java / Flash / Silverlight / ActiveX) must be blocked, e.g. by using JonDoFox. Otherwise, your PC's/router's true IP can be revealed by a website which secretly or visibly embeds such programs.
While all web browsers do, some Internet applications do not support HTTP/SOCKS proxy settings.
You have to use additional third-party software to also re-route the IP connections from these applications to JonDonym or Tor, and thus secure their Internet connection.
The combination of JonDo with a so-called VPN system (virtual private network) may slightly fix these restrictions: VPN software creates a single, encrypted connection to a certain VPN provider. This one accepts, similar to an access provider, your whole Internet data traffic (also the separately encrypted JonDonym data traffic), and forwards it to the Internet, while all users get the same exit IP address, similar to JonDonym.
Of course, this provider may thereby observe your whole Internet communication. Hence pay attention to choose a reputable VPN provider, in particular with a reputable company address and similar contact persons. If possible, you should also use a VPN software directly integrated in your Internet router instead of executing a VPN program on your own computer. Thereby the provider's software cannot harm your computer. In addition to that, active contents cannot read your real IP address any more. However, please note that active contents may still read a lot of data about your computer and network configuration.
For web surfing, VPN services should not be used.
On one hand, their hosts usually do not ensure that users also have an uniform appearance on the Web aside their IP address (see Data Collection Technique). The users are thus distinguishable and easily identifiable by merging the data.
And on the other hand, a local observer on your network (ISP, WLAN) could guesstimate websites requested over VPN simply by analyzing size and timing of the encrypted VPN data stream. JonDonym and Tor are quite resilient against this attack. A scientific article which demonstrates the attack is found here; the success rates are over 90% for VPNs.
Moreover, VPN systems, as inherent to their functional principle, normally do not filter or replace your computer's TCP packets. They thereby do not protect you from TCP timestamp attacks like JonDonym.
You should also keep in mind that VPN hosts can, unlike JonDonym and Tor, track and save every step of yours since they control all servers in the VPN.
Nevertheless, protection by the VPN of a professional and reputable host is often better than no protection at all.
Proxy services are particularly famous for this kind of "anonymization on demand", besides the already mentioned services. They are literally "proxy PCs" which switch communication between your PC and the Internet. They relay your data traffic to the target and send the answer back to your PC so that the web site cannot see your IP address.
Unfortunately, proxies have a high susceptibility to misuse and user data theft. At BlackHat 2012 the spain hacker Chema Alonso presented an unsophisticated yet powerful technique for an attack using an anonymous proxy server. Users connecting to the proxy would get their computer poisoned by the attackers script. Once the script was installed the victim’s computer became part of a botnet. The researchers were then able to eavesdrop on the victim’s web traffic, steal browser cookies and form data such as user credentials.
Proxies offer thus, if at all, only weak protection from the website's host but not from third parties. Usage of network proxies is risky.
In addition to these proxies, there are webproxy services, Internet pages with a form field in which the user can input the target address that he want's to visit anonymously. The webproxy subsequently delivers the content of the requested website and automatically patches all links to use the webproxy when clicked. For using webproxy services the browser configuration does not have to be changed.
Compared to network proxies, they have the disadvantage not to be able to replace each link correctly, in particular on web sites with JavaScript code. This makes it easier that the user IP address gets "leaked" to the web server, which the proxy should acutally prevent. Our anonymity test displays the weakness of some web proxies:
Betreiber | HTML/CSS/FTP | JavaScript | Java |
---|---|---|---|
Anonymouse | Broken | Broken* | Broken |
Cyberghost Web | - | Broken | Broken |
Hide My Ass! | - | Broken* | Broken |
WebProxy.ca | - | Broken | Broken |
KProxy | Broken | Broken* | Broken |
Guardster | - | Broken (if allowed)* | Broken |
Megaproxy | Broken | (not available for free) | (not available for free) |
Proxify | - | Broken (if allowed) | Broken (if allowed JavaScript) |
Ebumna PHProxy | Broken | Broken* | Broken |
Broken : Your own IP address gets uncovered. Note that your private browser data is uncovered as well... * : The thereby marked service does not even reach the test site if JavaScript is activated. It parses so bad, that the browser just leaves the service silently in some cases... - : not yet broken |
![]() |
Table of Content |
JonDo's
features ![]() |