Java Anon Proxy
|Stable release||0.19.001 / August 29, 2013|
|Preview release||0.19.002-beta / August 29, 2013|
Java Anon Proxy, also known as JAP or JonDonym, is a proxy system designed to allow browsing the Web with revocable pseudonymity. It was originally developed as part of a project of the Technische Universität Dresden, the Universität Regensburg and Privacy Commissioner of Schleswig-Holstein. The client-software is written in the Java programming language.
The JonDonym client program allows the user to choose among several Mix Cascades (i.e. a group of anonymization proxies) offered by independent organisations. Users may choose by themselves whom of these operators they will trust, and whom they won't. This is different from peer-to-peer based anonymity networks like Tor and I2P, whose anonymisation proxies are anonymous themselves, which means the users have to rely on unknown proxy operators. However, it means that all the relays used for JonDonym-mediated connections are known and identified, and therefore potentially targeted very easily by hackers, governmental agencies or lobbying groups. This has for example led to the issues mentioned below, where court orders essentially gave all control over the whole system to the German government. As discussed below, solutions like international distribution of the relays and the additional use of Tor can somewhat mitigate this loss of independence.
The speed and availability of the service depends on the operators of the Mixes in the cascades, and therefore varies. More users on a cascade improve anonymity, but a large number of users might diminish the speed and bandwidth available for a single user.
Cost, name change and commercial service
Use of JonDonym has been (and still is) free, but since financial backing of the original research project ran out on 22 June 2007, a startup, Jondos GmbH, was founded by members of the original project team. Jondos GmbH has taken over development and continues to work on an improved blocking resistance function that would make it easier for users from restrictive countries to get a connection to the system. To cover costs of running mix cascades and increase speed as well as anonymity, Jondos and other Internet firms[who?] launched a commercial version of the anonymizing proxy.
As a consequence, the JAP client has been renamed to JonDo and the service itself from AN.ON to JonDonym. JonDonym mix cascades are mostly operated by SMEs in multiple countries and mix cascades always include three mix servers for advanced security. As contractors of Jondos GmbH must ensure sufficient throughput of their mixes, anonymous web browsing at standard DSL speeds is possible. Cost free Cascades are still in operation, although they do not offer the low latency, multiple Mixes per Cascade or guaranteed bandwidth the commercial ones do.
The online activities of the user can be revealed if all Mixes of a cascade work together by keeping log files and correlating their logs. However, all Mix operators have to sign a voluntary commitment not to keep such logs, and for any observer it is difficult to infiltrate all operators in a long cascade.
In July 2003, the German BKA obtained a warrant to force the Dresden Mix operators to log access to a specific web address, which was hosting child pornography. AN.ON then decided to introduce a crime detection function in the server software in order to make this possible. The feature was made transparent by publishing the changed source code on August 18, 2003, and subsequently criticized by many users. For the Dresden Mix, the feature continues to be part of their software until today. Tracing activities back in the past is still technically not possible for the operators, but anonymity now extends only to the timepoint that a surveillance court order is issued. It was pointed out though that the new feature was covered by the AN.ON threat model and not a security leak by itself.
As a reaction to the threat from local authorities, the system has spread internationally. If the Mixes of a cascade are spread over several countries, the law enforcement agencies of all these countries would have to work together to reveal someone's identity. AN.ON publishes every year the number of successful and unsuccessful surveillance court orders. Further research is being done by AN.ON to make the crime detection functionality more privacy-friendly.
Since May 2005, JonDonym can also be used as a client for the Tor network and since 2006 also for the Mixminion network. These features are still in an early stage and only available in the beta version of the software.
- JonDo changelog - JonDonym Wiki
- JonDo changelog beta - JonDonym Wiki
- Privacy-friendly law enforcement 2006
- ANONdroid v. 00.00.008 2011-12-22
- ANONdroid on Google Play
- JonDonym press release 2007
- Law enforcement | JonDos GmbH
- Report on the Legal Proceedings against the Project, AN.ON Project
- AN.ON still guarantees anonymity 19. August 2003
- Project Declaration on the Future Relationship with Criminal Justice Authorities, AN.ON Project, 02. July 2013
- Tor: The Second-Generation Onion Router
- Law enforcement, AN.ON Project, 02. July 2013
- Help services.html | JonDos GmbH