Tuesday, October 28, 2008

Practical JonDo

Because the speed of JonDo is pretty decent, and free, I recommend it for many causal uses. As a matter of fact, I'm now writing this blog via JonDo.

I will certainly use it in internet cafes, wired or wireless, if I want privacy. I'll also use it at work or school to keep my secret from IT people. It's the encryption, for both your urls and content.

I will use it to secure yahoo web mail. It's encrypted only when you login, meaning that your password and your username is secret, but your email content can be sniffed by neighbors and IT coworkers. JonDo encrypts the whole thing, as in the secure option in Gmail. At the email servers, still somebody may like to peep at emails, but they have no idea who the emails belong to.

There's no strong reason to hide your IP, because in theory it need court orders to reveal your IDs, but if you know the right person in Earthlink, maybe a beer will do.

Very often, you want to change your IP often. For dial-up, it should be different everytime. For most broadband ISP's, you can "reset" you IP everyday without too much trouble. (You are still traceable.) You want to have different IP's so others can't put two and two together. For example, if you have two email accounts, you don't want the recipient to know that you are the same person. It's elementary for discussion board trolls. In the blogosphere, you can spread your personal details in different blogs or comments without fear of identification in real life. Say if you have 3 dogs and 2 twins living in a small town in Washington with a name called John, our neighbor will immediately thinks that it's you. Wordpress logs IP's automatically, and you can add scripts to other blogs to log statistics and IP's.

Actually, JonDo is pretty weak in protecting your ID, because they have only a few IPs. So even your IP is well hidden, it's easy to know that it's the same person calling. For example, how many JonDo users will be visiting your blog? Yeah, about one. Even worse, the few JonDo users are seen as one, and that's a hard time to convince webmasters otherwise. Also, in TOR it can be seen that you are visiting from all over the world, but JonDo only visits from Germany.

For the JonDo client, there's no need to set anything, but you have to pick the cascade yourself. For any paid cascade, they have 3 mixes to be safe, but there could be only 50 users, which may not satisfy your security requirements. For the free cascades, they all have only two mixes, while there is the test service where both mixes are run by the same university, mostly likely side by side. With at most a few thousands users, the traffic can be very different in different cascades, so you have to select the faster and safer cascade from time to time, manually. This is not going to change with the ramping up of paid services.

For the browser, I can only recommend JonDoFox, basically FireFox 3 with correct settings and loads of extensions, some even cannot be modified. If you see how much extensions they put in to secure the browser, you probably won't want to set it up yourself. The setup up provide you with a portable version, which is standalone Firefox, and a profile to be used for your installed version of Firefox.

When you start FF, you will be asked if you want which profile to use, "default", your old profile you have been using, or "JonDoFox", the new profile. If you don't want that trouble, copy the FF short cut, right click on it to edit the property, add to the target path. Instead of


you have ".../firefox.exe" -P JonDoFox

You can do the same for your old "default" profile.

If you want to use JonDoFox for everything other than your most secret activities, you have to use a lot of the 4 icons at bottom right. Cookies, Ads, scripts are normally disallowed, which make it totally unusually for most websites. You have to give temporary permissions, or add to the exceptions (white list). The actions are self explanatory if you click on the icons left and right.

Finally, there is the proxy switch on the bottom right most. You can turn off JonDo, switch to other proxies and even to TOR. But I don't know how secure the TOR option (if you have installed TOR or Vidalia) is. The TOR bundle seems to be less restrictive on the web contents, but the TOR button has some unexpected behavior that claims to be security fixes. Though the FF in TOR bundle wasn't that update.

No comments: