Java Anon Proxy
Encyclopedia
Java Anon Proxy, also known as JAP or JonDonym, is a proxy
system designed to allow browsing the Web
with revocable pseudonymity
. It was originally developed as part of a project of the Technische Universität Dresden, the Universität Regensburg and Privacy Commissioner of Schleswig-Holstein
. The client-software is written in the Java
programming language.
Cross-platform, free, it sends requests through a cascade and mixes the data streams of multiple users in order to further obfuscate the data to outsiders.
JonDonym is available for all platforms that support Java.
based anonymity networks like Tor (anonymity network)
and I2P
, whose anonymisation proxies are anonymous themselves, which means the users have to rely on unknown proxy operators (every user of the service being by default a proxy operator). However, it means that all the relays used for JonDonym-mediated connexion are known and identified, and therefore potentially targeted very easily by hackers, governmental agencies or lobbying groups.This has for example led to the issues mentioned below, where court orders essentially gave all control over the whole system to the German government. As discussed below, solutions like international distribution of the relays and the additional use of Tor can somewhat mitigate this loss of independence.
The speed and availability of the service depends on the operators of the Mixes in the cascades, and therefore varies. More users on a cascade improve anonymity, but a large number of users might diminish the speed and bandwidth available for a single user.
As a consequence the JAP
client has been renamed to JonDo and the service itself from AN.ON to JonDonym. JonDonym mix cascades are mostly operated by SMEs in multiple countries and mix cascades always include three mix servers for advanced security. As contractors of Jondos GmbH must ensure sufficient throughput of their mixes, anonymous web browsing at standard DSL speeds is possible. Cost free Cascades are still in operation, although they do not offer the low latency, multiple Mixes per Cascade or guaranteed bandwidth the commercial ones do.
In 2003, the German BKA
obtained a warrant to force the Dresden Mix operators to log access to a specific web address and to introduce a crime detection function in the server software making this possible. Coincidentally (at the same time, but for other reasons), a mandatory update for the JonDonym client software was released. This led to reports in Internet media about a backdoor directly built into the client, although JonDonym itself never had any kind of backdoor. The additional feature that was added to the Mix server code enables operators to revoke anonymity if they all work together and recompile
their software. This is completely covered by the AN.ON threat model
and not a security leak by itself. Currently, further research is being done by AN.ON to make this functionality more privacy-friendly.
As a reaction to the threat from local authorities, the system has spread internationally. If the Mixes of a cascade are spread over several countries, the law enforcement agencies of all these countries would have to work together to reveal someone's identity.
Since May 2005, JonDonym can also be used as a client for the Tor
and since 2006 also for the Mixminion
network. These features are still in an early stage and only available in the beta version of the software.
Proxy server
In computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server...
system designed to allow browsing the Web
World Wide Web
The World Wide Web is a system of interlinked hypertext documents accessed via the Internet...
with revocable pseudonymity
Pseudonymity
Pseudonymity is a word derived from pseudonym, meaning 'false name', and anonymity, meaning unknown or undeclared source, describing a state of disguised identity. The pseudonym identifies a holder, that is, one or more human beings who possess but do not disclose their true names...
. It was originally developed as part of a project of the Technische Universität Dresden, the Universität Regensburg and Privacy Commissioner of Schleswig-Holstein
Schleswig-Holstein
Schleswig-Holstein is the northernmost of the sixteen states of Germany, comprising most of the historical duchy of Holstein and the southern part of the former Duchy of Schleswig...
. The client-software is written in the Java
Java (programming language)
Java is a programming language originally developed by James Gosling at Sun Microsystems and released in 1995 as a core component of Sun Microsystems' Java platform. The language derives much of its syntax from C and C++ but has a simpler object model and fewer low-level facilities...
programming language.
Cross-platform, free, it sends requests through a cascade and mixes the data streams of multiple users in order to further obfuscate the data to outsiders.
JonDonym is available for all platforms that support Java.
Design
The JonDonym client program allows the user to choose among several Mix Cascades (i.e. a group of anonymization proxies) offered by independent organisations. Users may choose by themselves whom of these operators they will trust, and whom they won't. This is different from peer-to-peerPeer-to-peer
Peer-to-peer computing or networking is a distributed application architecture that partitions tasks or workloads among peers. Peers are equally privileged, equipotent participants in the application...
based anonymity networks like Tor (anonymity network)
Tor (anonymity network)
Tor is a system intended to enable online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user's location or usage from someone conducting network surveillance or traffic analysis...
and I2P
I2P
I2P is a mixed-license, free and open source project building an anonymous network .The network is a simple layer that applications can use to anonymously and securely send...
, whose anonymisation proxies are anonymous themselves, which means the users have to rely on unknown proxy operators (every user of the service being by default a proxy operator). However, it means that all the relays used for JonDonym-mediated connexion are known and identified, and therefore potentially targeted very easily by hackers, governmental agencies or lobbying groups.This has for example led to the issues mentioned below, where court orders essentially gave all control over the whole system to the German government. As discussed below, solutions like international distribution of the relays and the additional use of Tor can somewhat mitigate this loss of independence.
The speed and availability of the service depends on the operators of the Mixes in the cascades, and therefore varies. More users on a cascade improve anonymity, but a large number of users might diminish the speed and bandwidth available for a single user.
Cost, name change and commercial service
Use of JonDonym has been (and still is) free, but since financial backing of the original research project ran out on 22 June 2007, a startup, Jondos GmbH, was founded by members of the original project team. Jondos GmbH has taken over development and continues to work on an improved blocking resistance function that would make it easier for users from restrictive countries to get a connection to the system. To cover costs of running mix cascades and increase speed as well as anonymity, Jondos and other Internet firms launched a commercial version of the anonymizing proxy.As a consequence the JAP
JAP
Jap or JAP may refer to:* Journal of Applied Physics, scientific journal published by American Institute of Physics* Journal of Applied Physiology, scientific journal published by American Physiological Society...
client has been renamed to JonDo and the service itself from AN.ON to JonDonym. JonDonym mix cascades are mostly operated by SMEs in multiple countries and mix cascades always include three mix servers for advanced security. As contractors of Jondos GmbH must ensure sufficient throughput of their mixes, anonymous web browsing at standard DSL speeds is possible. Cost free Cascades are still in operation, although they do not offer the low latency, multiple Mixes per Cascade or guaranteed bandwidth the commercial ones do.
Privacy
The online activities of the user can be revealed if all Mixes of a cascade work together by keeping log files and correlating their logs. However, all Mix operators have to sign a voluntary commitment not to keep such logs, and for any observer it is difficult to infiltrate all operators in a long cascade.In 2003, the German BKA
Federal Criminal Police Office (Germany)
The Federal Criminal Police Office of Germany is a national investigative police agency in Germany and falls directly under the Federal Ministry of the Interior...
obtained a warrant to force the Dresden Mix operators to log access to a specific web address and to introduce a crime detection function in the server software making this possible. Coincidentally (at the same time, but for other reasons), a mandatory update for the JonDonym client software was released. This led to reports in Internet media about a backdoor directly built into the client, although JonDonym itself never had any kind of backdoor. The additional feature that was added to the Mix server code enables operators to revoke anonymity if they all work together and recompile
Compiler
A compiler is a computer program that transforms source code written in a programming language into another computer language...
their software. This is completely covered by the AN.ON threat model
Threat model
Threat modeling has two distinct, but related, meanings in computer security. The first is a description of the security issues the designer cares about...
and not a security leak by itself. Currently, further research is being done by AN.ON to make this functionality more privacy-friendly.
As a reaction to the threat from local authorities, the system has spread internationally. If the Mixes of a cascade are spread over several countries, the law enforcement agencies of all these countries would have to work together to reveal someone's identity.
Since May 2005, JonDonym can also be used as a client for the Tor
Tor (anonymity network)
Tor is a system intended to enable online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user's location or usage from someone conducting network surveillance or traffic analysis...
and since 2006 also for the Mixminion
Mixminion
Mixminion is the standard implementation of the Type III anonymous remailer protocol. Mixminion can send and receive anonymous e-mail.Mixminion uses a mix network architecture to provide strong anonymity, and prevent eavesdroppers and other attackers from linking senders and recipients...
network. These features are still in an early stage and only available in the beta version of the software.
See also
- Anonymous P2PAnonymous P2PAn anonymous P2P communication system is a peer-to-peer distributed application in which the nodes or participants are anonymous or pseudonymous...
- Anonymous remailerAnonymous remailerAn anonymous remailer is a server computer which receives messages with embedded instructions on where to send them next, and which forwards them without revealing where they originally came from...
- Internet privacyInternet privacyInternet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, providing to third-parties, and displaying of information pertaining to oneself via the Internet. Privacy can entail both Personally Identifying Information or non-PII information such as a...
- MixmasterMixmaster anonymous remailerMixmaster is a Type II anonymous remailer which sends messages in fixed-size packets and reorders them, preventing anyone watching the messages go in and out of remailers from tracing them. Mixmaster was originally written by Lance Cottrell, and was maintained by Len Sassaman Peter Palfrader is the...