Connecting to JonDonym before Tor (User -> JonDonym -> Tor -> Internet)

Testers only! As an exercise and proof of concept, I quickly put together a documentation chapter for Connecting to JonDonym before Tor (User -> JonDonym -> Tor -> Internet). Qubes-Whonix only! Non-Qubes-Whonix is unsupported.

https://www.whonix.org/wiki/JonDonym#Connecting_to_JonDo_before_Tor

At the moment these instructions have several limitations.

  • They install JonDo in a separate ProxyVM behind sys-whonix. The motivation behind this was better security. JonDo is not installable from Debian. It’s a package from the anonymous-proxy-servers.net website / Debian apt repository. In theory, Tor should not be compromised if JonDo was compromised. But if JonDo was compromised to begin with or more easily exploited than Tor, it is very much desirable to run JonDo in a separate ProxyVM for better isolation.
  • However, this is very impractical. Since Qubes does not support static IP addresses yet, the Tor config setting /etc/tor/torrc ‘HTTPSProxy 10.137.10.1:4001’ is not stable. When the JonDo ProxyVM gets its IP changed, connectivity breaks and /etc/tor/torrc in sys-whonix needs a manual update. Not great.
  • It would be a lot more usable to document how to run JonDo directly in sys-whonix (under user tunnel with TUNNEL_FIREWALL=true etc.) However, then we would have less isolation.
  • Does not autostart JonDo yet.
  • And more…
  • I probably won’t be able to become a maintainer of a fully featured JonDo-Gateway comparable to Whonix-Gateway using Tor. Help welcome.
  • Also… JonDo – the IP changer had its last release 2013-08-29. So I wonder, is that project dead? Why bother? On the other hand, JonDoFox though had its last release 2016-03-20 so that gives hope. (correction.)

Patrick started developing Whonix, the Anonymous Operating System in 2012, when quickly others joined efforts. He collected experiences working pseudonymous on Whonix for two years, enjoys collaboratively working on privacy preserving software.

Notable Replies

  1. Huh, hadn't noticed the last update was 2013. Could that be an error? I've seen them make mistakes on their webpage before (including blunders with gpg).

    In other news, I just noticed they've killed off their live DVD, which they had certainly been maintaining: https://anonymous-proxy-servers.net/en/software_more.html

    The Live DVD's development is discontinued, unfortunaly.
    Disappointing...

  2. Hi Patrick

    This is interesting
    To make this configuration need to follow guide about connect proxy before tor?

    Regards

  3. ted1516:

    Do I follow guide about connect proxy before tor?

    That is undocumented. Unsupported. (
    https://www.whonix.org/wiki/Unsupported ) Figuring that out needs a
    developers mindset and probably hours and hours.

Continue the discussion forums.whonix.org

Participants