are there any other multi-hop vpn services that don't log?

I was really considering JAP but, I'm starting to think the risk of leaks (javascript, etc..) doesn't seem worth it. In that sense VPN seems more reliable. I'd rather have higher security between the websites I'm visiting VS. the service provider.

 

I'm not sure what you mean, are you saying I can get that cryptorouter service without any hardware? or are you saying that I can place the cryptorouter at a particular location and use that service from my laptop from any location without carrying the hardware around?

 

at first I was really interested in JAP with the multi-cascade setup and still am some-what but, the more I think about the javascript leaks and what-not. I think VPN might be more reliable since if there was a leak then any website you visit or ISP has your traffic without any problems. If you go through a VPN service all your traffic is encrypted and they have to go through courts to get your information which can take time and be costly to pursue. (assuming you're not doing anything serious).

 

There's been plenty of discussion in other threads about the potential risks of Javascript, Java or Flash content in webpages. There is no way that I know of that Javascript alone can be used to de-anonymise you and Java/Flash can easily be handled by using a firewall to restrict your browser (and Javaw.exe) to connecting via the Tor/JAP client only. Alternatively, you could take the VM approach (as Xerobank's client does).

The trouble with single-hop/VPN services is that you are relying on the willingness of a single company (or even individual) to keep your data secure - and if they're based in the US, that data can be obtained without a court order. Indeed, it would be in the commercial interests of most privacy services to co-operate quietly with official information requests in the hope of avoiding any publicity.

 

Thanks for your reply, it sounds like we both have the same viewpoint towards VPN.

Do you know where I can find information on how to setup my firewall to restrict my browser with JAP? If I can set this up it it definitely encourages me to try JAP. Just like your viewpoint towards 1-hop, all data with 1-company (VPN) really doesn't make me feel comfortable. Anyway I can use JAP as securely as possible is what I would like.

Also, I'm not sure what you mean by the VM approach? Is that Virtual Machine? xb Machine? can you setup xb machine with JAP or do they have a VM for the paid version of JAP?


Thanks!

 

It really depends on the firewall you use - the key is to create a rule allowing browser access to 127.0.0.1 (your own computer) and JAP's source port (4001 by default) and another to block any other access. That limits the browser to JAP only. For javaw.exe, you need to provide rules for JAP itself (it is a Java applet) - creating specific rules for each mix is the safest option but requires a little more work (you'll need to allow access to infoservice.inf.tu-dresden.de:6543 for the status update, then for the Dresden-Dresden mix, mix.inf.tu-dresden.de:20,80,443,6544 and so on).

A suggested ruleset for Outpost firewall (with Tor, Proxomitron and Privoxy) can be found here if you want a more concrete example.

Yes, VM = Virtual Machine which is the approach xB Machine/XeroBank use. xB will only connect to Tor or XeroBank - if you want to create a version for JAP, you will need to build your own VM image.

It is worth noting that the JAP client can be used to connect to the Tor network, so you can switch between them (in this case though, you would need to give javaw.exe unlimited outgoing access which would prevent you using a firewall to prevent Java leaks - a workaround would be to make a separate copy of javaw.exe and use that, with unlimited rules, for JAP/Tor only).

 

Thanks again you've been really helpful.

quick question, I remember Steve saying something about that it's possible for Xerobank to trace a live connection. Is this possible with JAP as well?


Thanks

 

Only if all the mix server operators on the selected route agreed (and this would have to be in advance for live tracing) - with the possible exception of specific IP addresses (as noted in their Crime Prevention page).

While the default mix is a single server, there are others available that involve multiple administrators which is why, from a privacy perspective, I'd give JonDoNym the edge over XeroBank (whose servers come under the same administration) - more so now that JonDo accept the cash-like payment service PaySafeCard. And XeroBank in turn would have a not insignificant edge over any single hop anonymity service.

 

It looks like PaySafeCard is only for Europe. Is that correct?

This should be my last questions in this thread, you've helped greatly. Since it works similiar to ToR, does that means every time you connect you get a new IP?

Is there anything that you think I should know when I set this up? I'm going to get the paid mix cascade server with JonDoNym and use a FW to route all traffic through JAP. Is that all I do?


Thanks

 

It seems to be for the time being.

With both Tor and JAP networks, the IP address that you will seem to have (to sites you visit) will be that of the exit node. With Tor, this changes every 10 minutes by default - with JAP it changes only when you change mixes (i.e. select a different route in the JAP client). JAP's "fixed IP" is an advantage in dealing with sites that make you login again if your IP address changes but as JAP has far fewer exit nodes than Tor, it is easier to block by webmasters (who may see it as a source of abuse).

Experiment with the free JAP service first before committing yourself to JonDo. Don't worry about firewall rules to start with - get things working first and tighten up the setup later.

Make sure that you are using proper web filtering tools - in particular, sites that are allowed to set cookies will be able to tag and track you regardless of proxy usage (not a problem with forums like this one - but advertisers and trackers like Google Analytics, Webtrendslive, Nielsen Netratings and Omniture are best blocked by default). Ensure that your filtering can cope with https: traffic (see the Dangers of HTTPS thread for more info). Also make use of test sites like BrowserSpy or Leader Network Tools to check what websites can see about your system.

Good luck - and have fun.

 

You mean web filtering tools such as "no-script", etc..? The possibility of leaks makes me have 2nd thoughts again since I'm not sure if I understand how all this works well enough to be able to make my system "leak-proof" by myself. That was one of the advantages I was thinking with vpn is that all I have to do is connect to their vpn and not have to worry about the leaks.

 

No-Script is a good place to start, but it is an all-or-nothing tool (i.e. you can't choose to allow Javascript only while blocking Java or Flash) and you still need something to handle cookies. Since it is a Firefox plugin though, it will cope with https: pages.

The issue isn't leaks (which a firewall can deal with) but browser exploits. Firefox is not immune to these (though vastly better than IE) but with active content (Javascript, Java, etc) disabled, there is very little a hostile webpage can do.

VPNs generally provide no web filtering so don't help on this issue - which is more a security than a privacy concern.

 

I understand what your saying that these are browser leaks. Although with VPN even if there is a browser exploit, they can't see your actual IP addresss correct? or track you? Since all your traffic is being routed through the VPN.

Do you mind recommending some plug-ins that I should be using with Firefox for web-filtering?


Thanks

 

If your system is ever compromised, it won't matter to the attacker responsible whether you're on a VPN or not. In such a situation, the danger isn't having your ISP-assigned IP address revealed, but having your private data accessed and your PC taken over.

As for tracking, cookies can do this regardless of VPN or proxy used - that is why dealing with them is important (either blocking by default or making them all session only).

I don't use Firefox as my main browser (it normally gets fired up for placing fake orders with spam websites using Imperator) so I'm not best placed to make recommendations. There is plenty of information here and elsewhere.

 

Instead of doing all that (finding extensions for web-filtering to make firefox more secure), can't you just use JonDoFox?

 

alright well, seems I have another question...

With JAP/JonDoNym is all your traffic (including non-browser traffic) running through JAP and anonymized? Example: if you use VPN, your AIM, MSN messenger, smtp e-mail, etc..etc.. is all running through the VPN. Unlike if you use a web-proxy only your traffic through your browser is "anonymised".

 

See How can I use JonDoNyn for FTP, and other apps other than my browser.

 

Thanks, you've been a great help with all this.


There wasn't much discussion in that thread but, they recommended http tunneling software such as htthost.com.

Maybe, I'll need to register and post there although do you know how I can test to make sure I've setup FTP correctly with a tunneling software and JonDonym? With a browser I can just check any IP check website to give my IP so I can see I'm connected through JonDonym, how can I check that with 3rd party applications?


Thanks


Edit: I decided to post there but, if you want to reply I'd be interested in hearing what you say. I'm guessing if I configure my firewall to direct all traffic through JonDonym and if I can't connect through FTP means it's not setup correctly, if it does connect that it's probably configured correctly?

I saw this on their site that says, they don't support 3rd party applications, FTP, e-mail (except web-based) etc..etc..

http://anon.inf.tu-dresden.de/help/jap_help/en/help/supportedPrograms.html

 

Hi there, I just saw this thread and would like to help. The current JonDo help files are a little bit outdated: The paid services allow all HTTP ports, and will also support SOCKS proxies before the end of this year. This should work with a lot of messenger and FTP programs.

JAP/JonDo also layers the encryption. This is a basic principle of the JonDonym security concept, like in Tor. Otherwise, the first Operator of a Mix Cascade could in fact deanonymise the users (he would see ingoing and outgoing addresses).

If you additionally use a trusted VPN, it may at least protect you from leaking your IP address if you need to activate any active plugin (Java, Flash, Silverlight) on a web page. This is another layer of protection, so why not? If you tunnel all your traffic through your local Tor/JonDo application, the VPN operator won't see anything, and your security therefore won't decrease.

 

Thanks for your input!

That would be great if I could use a VPN and then also use JAP for the mix cascades. The javascript IP leak is a big concern to me, since a while back I started using Tor and I got the no-script plug-in to disable javascript but, the problem was that most of my browsing needed javascript, such as signing up for a service, making an order, etc.., so it felt kinda pointless that at all the important areas that I wanted to anoymize myself from required javascript and I had no choice but to disable javascript.

Although I'd like if somebody else here could confirm your statement since I've seen here a few times people say to use just one service and for one reason or another chaining 2 services could make you more vulnerable. I've heard that you're revealing your decrypted traffic to the internet twice instead of one time if you just use one service.

I'm not really concerned about my traffic, anybody could monitor my traffic all day long and it won't matter to me that's not my concern. What I am concerned with is my original IP being leaked. I'm not concerend with anybody seeing my traffic but, I don't want my original IP leaked, I don't want anybody to be able to get my original IP, that's my main point.

In my case does anybody think it would be ok to use a VPN service and then run it through JAP? I realize it might sound kind of strange not being concerned about traffic being seen yet only concerned with IP but, think of it like this. If I make a phone call to somebody and a 3rd party is listening in, I'm not concerned with what they hear but, my concern is not wanting my phone number to be traced by the receiving end (I know this is not 100% possible but, as much difficult as it could be).


Thanks

 

If you want to be absolutely certain, install a packet sniffer (e.g. Wireshark) or port monitor (e.g. Port Explorer, VitalAgent 0.9) on your PC and check the outgoing packets. Normal FTP packets will contain readable data (like the filename requested) while anything sent via Tor/JAP should be encrypted and unreadable. A simpler solution is just to install a software firewall that shows network connections and check that all outgoing connections are to the first JAP/Tor mix/node.

Thanks for the correction there. However the protocol description states that the first mix supplies the public keys of the second and third to the client. What is there to prevent a first-mix operator from attempting a man-in-the-middle attack by supplying different keys? (giving them the opportunity to decrypt and inspect traffic before re-encrypting using the proper keys).

If you are talking about running a VPN before JAP, then that would require the VPN operator to run the JAP client on their server. They may well agree to this, but it would nonetheless be possible for them to intercept/log traffic before it is sent onto JAP/Tor (Java/Flash leaks would reveal the VPN server IP address in this case, but that is hardly a price worth paying given they can be handled by a software firewall just as well).

If you are talking about running a VPN after JAP (i.e. using JAP to connect to a VPN service) then the issue of Java/Flash still exists and you lose any anonymity with a commercial VPN (where you have to supply a login name/password) since your account will identify you.

There is no way currently known for Javascript alone to reveal your IP address - Java or Flash have to be used to make a direct connection (outside of the browser) and this can be blocked by a software firewall. If you want to allow Javascript while blocking Flash/Java, you can set this up in your browser without any plugins needed (Tools/Options/Content in Firefox for Java, for Flash just uninstall the Flash plugin).

 

Thank you for your responses. We will add some explanations about these issues in our new help files (we are just working on them) and ask the Dresden people to clarify their texts.

This should be written clearer, it seems. There are severaly ways to make a man-in-the-middle quite hard:

• All Operators are certified by JonDos. That means no one can just sneak in with self-signed certifices. We have also developed algorithms (finished this month) for allowing two or more additional certificate authorities per Operator (multi-CA-certification), for which we hopefully find an NGO or another trusted party willing to act as additional CA in 2009.
• Information about Operators, available Cascades, Mixes and Operators/Mixes in the Cascades is published in a distributed InfoService and polled by JonDo. You may see all details in JonDo, can filter out single-Operator-services, specific Operators, Cascades, black/whiltelist and so on. If JonDo connects to a Cascade, it always checks if the information from the Cascade still matches your filter criteria. If it does not (e.g. if the first Mix sends you modified data so that he may lead the traffic over itself), connection is not allowed.
• If ever the first Mix modifies the Cascade information and the connection was allowed (your filter criteria were still met), the data stucture in JonDo for this Cascade changes. Users will see that this Cascade has changed and could be alarmed. If JonDos gets thereby noticed from malicious Cascade changes, the Operators are liable for breaking contracts and for all direct or indirect damages caused thereby.

We hope that these measures are sufficient for preventing insider attacks. If you have suggestions what else we could do to protect the users, please feel free to propose any ideas and I will discuss it. Security is never perfect, and the internet is a bunch of insecure communication protocols.

Right. However, not everyone is able to configure his firewall (or even the browser) correctly. While professionals will do it this way, it might be an alternative for other people to add a VPN connection to Tor or JonDo. We also recommend our development JonDoFox especially for unexperienced users, which at least provides a secure browser configuration and standardised HTTP header values. We also have contact to Mike Perry for creating a common anonmyous browser standardisation for Tor and JonDonym, so that anonymity groups get bigger.

This is difficult, as JonDo currently only forwards TCP traffic, and no IP traffic. While you could at least tunnel OpenVPN TCP connections through JonDo, though, this might not be very fast. And you are right that the leakage problem persists and your might get identified by the VPN Operator (at least he may link different actions to your pseudonym). This is therefore not recommended.

Yes, this is the method of choice.

No, this is not how a VPN works. Just imagine as if the VPN provider gives you a very long cable to his NAT gateway. You may use the VPN as if you were in the VPN Operator's internal network. The Operator therefore does not need to run the JAP/JonDo client on his server. You just "tunnel" (it is not quite the right word here but easier to describe) your JonDonym connection through the VPN from your local client program as in any other network.

Therefore you may use a VPN as fallback solution, even if you do not put much trust in the VPN provider.

Maybe you should have a short look at JonDoFox. We do our best to create a secure Firefox profile which accounts all these issues and the users' requests and needs.

Thank you for your comments!

 

you can now try crytohippie, they are a distributed VPN network, with servers spread through germany, USA, Netherlands and switzerland. they are US$275 annually. they have very minimal logging, and its usually only records connecting servers (its a multi-hop network).

 

I can vouch for cryptohippie. good setup, we contract with them and vice versa.

 

i'm actually surprised you don't join forces, use their network and then configure your software/hardware. They provide a large distributed network and you provide a harden software/hardware solution, bone fida security solution.