Testers only! As an exercise and proof of concept, I quickly put together a documentation chapter for Connecting to JonDonym before Tor (User -> JonDonym -> Tor -> Internet). Qubes-Whonix only! Non-Qubes-Whonix is unsupported.
At the moment these instructions have several limitations.
- They install JonDo in a separate ProxyVM behind sys-whonix. The motivation behind this was better security. JonDo is not installable from Debian. It’s a package from the anonymous-proxy-servers.net website / Debian apt repository. In theory, Tor should not be compromised if JonDo was compromised. But if JonDo was compromised to begin with or more easily exploited than Tor, it is very much desirable to run JonDo in a separate ProxyVM for better isolation.
- However, this is very impractical. Since Qubes does not support static IP addresses yet, the Tor config setting /etc/tor/torrc ‘HTTPSProxy 10.137.10.1:4001’ is not stable. When the JonDo ProxyVM gets its IP changed, connectivity breaks and /etc/tor/torrc in sys-whonix needs a manual update. Not great.
- It would be a lot more usable to document how to run JonDo directly in sys-whonix (under user tunnel with TUNNEL_FIREWALL=true etc.) However, then we would have less isolation.
- Does not autostart JonDo yet.
- And more…
- I probably won’t be able to become a maintainer of a fully featured JonDo-Gateway comparable to Whonix-Gateway using Tor. Help welcome.
Also… JonDo – the IP changer had its last release 2013-08-29. So I wonder, is that project dead? Why bother? On the other hand, JonDoFox though had its last release 2016-03-20 so that gives hope.(correction.)