Development
JonDoNews 
- 02.03.2010 - 12:40
- 26.02.2010 - 18:24
- 17.02.2010 - 10:38
- 09.02.2010 - 18:15
Research and Development
JonDonym is an open source service in constant enhancement and expansion. As our ideas are numerous, but our developing capacities are limited, we are happy about the participation of free developers.
Security
Transparent disposable E-Mail adresses
Activity algorithm for anonymity gauge
The anonym-o-meter should take into account a statistically measured value for the user activity when evaluating the number of users. Cascades with less active users should look less attractive than such with many actives. A relative activity value from middle and exit mixes would also be good.
Automatic Certificate Management (easy)
Certification is very important in the JonDonym system. Users must have reliable trust in the identity of service operators. Only a few features are still missing: revocation lists have to be automatically distributed over the InfoServices. Mixes have to automatically verify each other using root certificates, which takes the need of a previous certificate exchange. This is a pre-condition for an automatic Mix cascade configuration.
Required knowledge: C++, Java, basic understanding of cryptography
JavaScript filter extension for Firefox (difficult)
Basically, JavaScript is a threat for anonymity, as a website may use it to query browser and computer attributes of the surfer. Thereby the same web surfer may be recognized quite exactly on different visits. HTTP filters cannot provide any effective protection for this, as JavaScript commands may be used to dynamically generate other JavaScript code and to thereby circumvent any filtering.
The goal of this project therefore is to use a browser extension change the JavaScript interpreter in Firefox (maybe also in Opera) in a way that all browser and system attributes are replaced by default or random values. This would ensure maximum anonymity. However, it may be difficult to set the attributes in a way that most web pages still work.
Required knowledge: JavaScript, (C++ if Firefox code has to be patched)
Blind signatures (medium)
For more complicated cryptographic protocols, we need some cryptographic primitives in C++ as well as in Java. One of these primitives are blind signatures: the signature creator should be sure that he issues certificates on valid information, but he must not be able to link this information with the issued certificate. Algorithms for these blind signatures exist, but still no suitable implementations.
Required knowledge: Java, C++, good knowledge in cryptography and maths
Dummy Traffic (difficult)
In order to fool observers about the concrete actions of a user, dummy traffic (DT), which simulates real user traffic, may be applied on a users' connection. However, this is not easy, as DT is costly and only effective if applied consequently, that means always and not only if strong protection is needed. The tasks are to implement and evaluate exiting concepts for DT into JonDonym.
Required knowledge: Java, C++, good understanding of anonymity; knowledge in german language could be helpful, as not all relevant documents are written in english
Refactoring of replay recognition
Integration of a new volume slice protocol
Privacy friendly law enforcement
Usability
JonDo Firefox extension (medium)
There already exists a Firefox extension that integration the JonDo code into the browser, but in pre-alpha-stage. That means it is quite unstable, and lacks several security and usability features. Accounting functions are missing altogether. A new project could now finish this extension and adapt it to the current code basis.
Required knowledge: Java, JavaScript, GUI design, basic understanding of anonymity and information security
JonDo-Droid - Mobile Client integration with Android API (medium)
As we strictly enforce client compatibility with legacy 1.1 Java code, most of the code could run in the new Android mobile framework from Google, for use for example in mobile phones. The project task is to adapt the code for full Android compatibility and to implement a mobile user interface for JonDo.
Required knowledge: Java (microedition), GUI design
Transparent client integration of Anti-Censorship (difficult)
Anti-censorship is important to circumvent firewalls and other filter rules. This enables people to visit websites that are otherwise blocked. The anti-censorship mechanisms in JonDo allow to connect to other users of the JonDonym system that forward own encrypted requests to JonDonym services. Unfortunately, the current implementation is somehow "attached" and does not smoothly and transparently integrate into the GUI. On the other hand, is should be more clear to users what good thing they are doing by activating the forwarding server and thereby helping other people. Moreover, a general framework for forwarding mechanisms could be developed that easily allows for new anti-censorship mechanisms to be integrated. Required knowledge: Java, network protocols
Web forwarder for Anti-Censorship (difficult)
In order to allow users in restricted and censoring countries to connect to the JonDonym service, users may already allow their local JonDo client to forward requests from others users to JonDonym services. As the dial-in adresses of the forwarding users may easily be blocked from these countries as well, we would like to introduce a forwarding technique that integrates into normal web pages. If some countries want to block forwarding, it should really hurt them: they should have to block lots of normal and useful web pages (like search engines, shopping portals, news magazines and so on). On the other hand, setting up such a forwarder should be so easy that is runs on almost any web space, so that a lot of people may offer it. This project therefore aims to develop a PHP based forwarding component for the JonDonym system that ideally just has to be put on the web space and runs without much configuration. Locally installed JonDo clients should then be able to connect to JonDonym services over these PHP forwarding sites.
Required knowledge: PHP, Java
Monitoring system
Client Web Interface (easy)
Instead of installing local client software, some users would like to install the JonDo software on a router. This takes the need for a router configuration interface in HTML. We already have a prototype for a web interface in JSP, however, it does not yet compile with Java version 1.1 which it should. Moreover, PHP would be far better than JSP, as this takes the need for additionally installing a resource-hungry servlet container on the router. In the scope of this project, both the legacy Java compatibility and the PHP interface should be developed.
Required knowledge: PHP, Java, XML