From: jongfoster Date: Thu, 17 May 2001 22:56:17 +0000 (+0000) Subject: Cosmetic documentation update. X-Git-Tag: v_2_9_9~524 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/static/gitweb.js?a=commitdiff_plain;h=addce9f3a4e868380661736e8e95010da786b972;p=privoxy.git Cosmetic documentation update. - Added required image files into CVS, they are no longer loaded from junkbusters.com - Modified HTML files to be fully complient HTML 4.01, using CSS etc. - Most of the links to junkbusters.com have been replaced with ones within the documentation set, or to the SourceForge project. - Added bold "these files are out of date" warning. --- diff --git a/doc/fb.gif b/doc/fb.gif new file mode 100755 index 00000000..43059924 Binary files /dev/null and b/doc/fb.gif differ diff --git a/doc/gpl.html b/doc/gpl.html index 7f0b6107..c980e61f 100644 --- a/doc/gpl.html +++ b/doc/gpl.html @@ -1,567 +1,560 @@ - + + + - - - - - - - - - - -The GNU General Public License - - - - - - - - - -

- -Junkbusters -

- -
-

The GNU General Public License -

-
- -
-

-We did not write the GPL: the Free Software Foundation did - -

-
- -

<Feedback>  -The GPL allows copying and changing of copyrighted documents -

-

-The Free Software Foundation -(FSF) -is a non-profit institution -that designed the GNU General Public License (GPL) to promote the -publication of free software. -The GPL is used by thousands of programmers -who want to give others the right to copy and modify -the source code of their programs. Millions of people benefit from this. -

-We use the GPL -to allow everyone to use, copy and modify the -Internet Junkbuster -as they wish. -Companies can use it for commercial purposes, -but they are not permitted to use it in products that they claim -as their property -without negotiating a separate agreement with us beforehand. -

-The GPL -can also be used -on documents written in human languages. -We give everyone permission to use everything on our web site under the GPL. -This means that you do not have to break copyright laws in order -to print a page or email a screen of the text to someone, for example. -Many sites do not permit you to do these things. -

-If you have a home page, -we recommend that you consider using the GPL to -allow others the right to copy and use all the documents you create for it. -If you just mark a page as copyright, they won't even -legally be able to print it. -If you don't state you are its copyright owner, -they could change it slightly and claim it as their own property. -By marking it with both copyright and GPL notices -you allow them to copy it but not to claim -anything derived from it as their own. -

-The GPL protects your -JUNKBUSTERS DECLARATION, -Spam Offer, -and all documents from us that you publish on your home page -or distribute to direct marketers by any other means. -By making your -DECLARATION -available to them under the GPL, you are -permitting them use to it, but never to claim it as their property, -even if they transform it. -

-The -remainder of this page is the text of the GPL. -As legal documents go it's relatively clear, -but unfortunately it's fairly long because it has to cover -a lot of details specific to computer programs -that may not be relevant to -DECLARATIONs. -The hypertext links are ours, and should not be misinterpreted -as an indication of emphasis by the FSF. -

-

--- Back to Top of Page ---

-
-

-Version 2, June 1991 - -

-
-
-Copyright 1989, 1991 -
-Free Software Foundation, Inc. -
-675 Mass Ave. -
-Cambridge, MA 02139 -
-USA -
-Everyone -is permitted to copy and distribute verbatim copies -of this license document, but changing it is not allowed. - -

<Feedback>  -Preamble -

-

-The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Library General Public License instead.) You can apply it to -your programs, too. -

-When we speak of free software, -we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. -

-To protect your rights, -we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. -

-For example, -if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. -

-We protect your rights with two steps: -(1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. -

-Also, -for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. -

-Finally, -any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. -

-The precise terms and conditions -for copying, distribution and -modification follow. -

- -

<Feedback>  -GNU General Public License: Terms and Conditions for Copying, Distribution and Modification -

-

-O. -This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, -translation -is included without limitation in -the term "modification".) Each licensee is addressed as "you". -

-Activities -other than copying, distribution and modification are not covered by this License; -they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -

-Whether that is true depends on what the Program does. -

    -
  1. -You may copy -and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. -

    -You may charge a fee -for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. -

  2. -You may modify -your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: -
      -
    1. -You must cause -the modified files to carry prominent notices -stating that you changed the files and the date of any change. -
    2. -You must -cause any work that you distribute or publish, that in -whole or in part contains or is derived from the Program or any -part thereof, to be licensed as a whole at no charge to all third -parties under the terms of this License. -
    3. -If the modified program -normally reads commands interactively -when run, you must cause it, when started running for such -interactive use in the most ordinary way, to print or display an -announcement including an appropriate copyright notice and a -notice that there is no warranty (or else, saying that you provide -a warranty) and that users may redistribute the program under -these conditions, and telling the user how to view a copy of this -License. (Exception: if the Program itself is interactive but -does not normally print such an announcement, your work based on -the Program is not required to print an announcement.) -
    -

    -These requirements -apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. -

    -Thus, -it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. -

    -In addition, -mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. -

  3. -You may copy -and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: -
      -
    1. -Accompany it -with the complete corresponding machine-readable -source code, which must be distributed under the terms of Sections -1 and 2 above on a medium customarily used for software interchange; or, -
    2. -Accompany it with a written offer, -valid for at least three -years, to give any third party, for a charge no more than your -cost of physically performing source distribution, a complete -machine-readable copy of the corresponding source code, to be -distributed under the terms of Sections 1 and 2 above on a medium -customarily used for software interchange; or, -
    3. -Accompany it -with the information you received as to the offer -to distribute corresponding source code. (This alternative is -allowed only for noncommercial distribution and only if you -received the program in object code or executable form with such -an offer, in accord with Subsection b above.) -
    -

    -The source code -for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. -

    -If distribution of executable or object code is made -by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. -

  4. -You may not copy, -modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. -
  5. -You are not required -to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. -
  6. -Each time you redistribute -the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. -
  7. -If, as a consequence of a court judgment -or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. -

    -If any portion -of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. -

    -It is not the purpose -of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. -

    -This section -is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. -

  8. -If the distribution -and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. -
  9. -The Free Software Foundation -may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. -
  10. -If you wish to incorporate parts -of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. -

    -NO WARRANTY -

  11. -BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, -THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. -
  12. -IN NO EVENT UNLESS REQUIRED -BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. -
-END OF TERMS AND CONDITIONS -

- -

<Feedback>  -Appendix: How to Apply These Terms to Your New Programs -

-

-If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. -

-To do so, -attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. -

-<one line -to give the program's name and a brief idea of what it -does.> -Copyright (C) 19yy -<name of -author> -

-This program is free software; -you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2 of the License, or -(at your option) any later version. -

-This program -is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. -

-You should -have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -

-

-Also add -information on how to contact you by electronic and paper mail. -

-If the program is interactive, -make it output a short notice like this -when it starts in an interactive mode: -

-Gnomovision version 69, Copyright (C) 19yy name of author -Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. -This is free software, and you are welcome to redistribute it -under certain conditions; type `show c' for details. -
-

-The hypothetical -commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. -

-You should also get your employer -(if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: -

-Yoyodyne, Inc., hereby disclaims all copyright interest in the program -`Gnomovision' (which makes passes at compilers) written by James Hacker. - -<signature -of -Ty Coon>, -1 April 1989 -
-Ty Coon, President of Vice -
-

-This General Public License -does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Library General -Public License instead of this License. -

-

--- Back to Top of Page ---

- -Home - · - - - · Site Map - - · Legal - - · Privacy - - · Cookies - - · Banner Ads - - · Telemarketing - - · Mail - - · Spam - -
- -
- - -

-Copyright © 1996-8 Junkbusters -® Corporation. -Copying and distribution permitted under -the GNU -General Public License. - - -1998/10/31 -http://www.junkbusters.com/ht/en/gpl.html - -

webmaster@junkbusters.com
- - + + The GNU General Public License + + + + + + +

+ Website · + Manual · + FAQ · GPL

+ +

Internet JUNKBUSTER License

+ +

This document is out of date

+ +

Development of JunkBuster is ongoing and this document is + no longer current. However, it may provide some assistance. If + you have problems, please use the Yahoo Groups + mailing list (which includes an archive of mail), the + SourceForge.net project page, or + see the project's home + page. Please also bear in mind that versions 2.9.x of + JunkBuster are development releases, and are not production + quality.

+ +

The GNU General Public License

+ +

We did not write the GPL: + the Free Software + Foundation did

+ +

+  The GPL allows copying and changing of copyrighted + documents

+ +

The Free Software Foundation (FSF) is a non-profit + institution that designed the GNU General Public License (GPL) + to promote the publication of free software. The GPL is used by + thousands of programmers who want to give others the right to + copy and modify the source code of their programs. Millions of + people benefit from this.

+ +

We use the GPL to allow everyone to + use, copy and modify the Internet Junkbuster as they wish. Companies can use it for commercial + purposes, but they are not permitted to use it in products + that they claim as their property.

+ +

The GPL can also be used on documents + written in human languages. This documentation for the Internet + Junkbuster is also under the GPL. This means that you do not + have to break copyright laws in order to print a page or email + a screen of the text to someone, for example.

+ +

The remainder of this page is the text of + the GPL. As legal documents go it's relatively clear, but + unfortunately it's fairly long because it has to cover a lot of + details. The HTML formatting is ours, and should not be + misinterpreted as changing the license in any way.

+ +

+

+ +

Version 2, June 1991

+ +
+ Copyright 1989, 1991
+ Free Software Foundation, Inc.
+ 675 Mass Ave.
+ Cambridge, MA 02139
+ USA +
+ Everyone + +

is permitted to copy and distribute verbatim copies of this + license document, but changing it is not allowed.

+ +

*  Preamble

+ +

The licenses for most software are designed to take away + your freedom to share and change it. By contrast, the GNU + General Public License is intended to guarantee your freedom to + share and change free software--to make sure the software is + free for all its users. This General Public License applies to + most of the Free Software Foundation's software and to any + other program whose authors commit to using it. (Some other + Free Software Foundation software is covered by the GNU Library + General Public License instead.) You can apply it to your + programs, too.

+ +

When we speak of free software, we are + referring to freedom, not price. Our General Public Licenses + are designed to make sure that you have the freedom to + distribute copies of free software (and charge for this service + if you wish), that you receive source code or can get it if you + want it, that you can change the software or use pieces of it + in new free programs; and that you know you can do these + things.

+ +

To protect your rights, we need to make + restrictions that forbid anyone to deny you these rights or to + ask you to surrender the rights. These restrictions translate + to certain responsibilities for you if you distribute copies of + the software, or if you modify it.

+ +

For example, if you distribute + copies of such a program, whether gratis or for a fee, you must + give the recipients all the rights that you have. You must make + sure that they, too, receive or can get the source code. And + you must show them these terms so they know their rights.

+ +

We protect your rights with two steps: + (1) copyright the software, and (2) offer you this license + which gives you legal permission to copy, distribute and/or + modify the software.

+ +

Also, for each author's protection + and ours, we want to make certain that everyone understands + that there is no warranty for this free software. If the + software is modified by someone else and passed on, we want its + recipients to know that what they have is not the original, so + that any problems introduced by others will not reflect on the + original authors' reputations.

+ +

Finally, any free program is threatened + constantly by software patents. We wish to avoid the danger + that redistributors of a free program will individually obtain + patent licenses, in effect making the program proprietary. To + prevent this, we have made it clear that any patent must be + licensed for everyone's free use or not licensed at all.

+ +

The precise terms and conditions for + copying, distribution and modification follow.

+ +

*  GNU General Public License: Terms + and Conditions for Copying, Distribution and Modification

+ +

O. This License applies to any program + or other work which contains a notice placed by the copyright + holder saying it may be distributed under the terms of this + General Public License. The "Program", below, refers to any + such program or work, and a "work based on the Program" means + either the Program or any derivative work under copyright law: + that is to say, a work containing the Program or a portion of + it, either verbatim or with modifications and/or translated + into another language. (Hereinafter, translation is included + without limitation in the term "modification".) Each licensee + is addressed as "you".

+ +

Activities other than copying, + distribution and modification are not covered by this License; + they are outside its scope. The act of running the Program is + not restricted, and the output from the Program is covered only + if its contents constitute a work based on the Program + (independent of having been made by running the Program).

+ +

Whether that is true depends on what the + Program does.
+

+ +
    +
  1. + You may copy and distribute verbatim + copies of the Program's source code as you receive it, in + any medium, provided that you conspicuously and + appropriately publish on each copy an appropriate copyright + notice and disclaimer of warranty; keep intact all the + notices that refer to this License and to the absence of + any warranty; and give any other recipients of the Program + a copy of this License along with the Program. + +

    You may charge a fee for the physical + act of transferring a copy, and you may at your option + offer warranty protection in exchange for a fee.

    +
    2. + +
  2. + You may modify your copy or copies of + the Program or any portion of it, thus forming a work based + on the Program, and copy and distribute such modifications + or work under the terms of Section 1 above, provided that + you also meet all of these conditions:
    + + +
      +
    1. You must cause the modified + files to carry prominent notices stating that you changed + the files and the date of any change.
      2. + +
    2. You must cause any work that + you distribute or publish, that in whole or in part + contains or is derived from the Program or any part + thereof, to be licensed as a whole at no charge to all + third parties under the terms of this License.
      3. + +
    3. If the modified program + normally reads commands interactively when run, you must + cause it, when started running for such interactive use + in the most ordinary way, to print or display an + announcement including an appropriate copyright notice + and a notice that there is no warranty (or else, saying + that you provide a warranty) and that users may + redistribute the program under these conditions, and + telling the user how to view a copy of this License. + (Exception: if the Program itself is interactive but does + not normally print such an announcement, your work based + on the Program is not required to print an + announcement.)
      4. +
    + +

    These requirements apply to the + modified work as a whole. If identifiable sections of that + work are not derived from the Program, and can be + reasonably considered independent and separate works in + themselves, then this License, and its terms, do not apply + to those sections when you distribute them as separate + works. But when you distribute the same sections as part of + a whole which is a work based on the Program, the + distribution of the whole must be on the terms of this + License, whose permissions for other licensees extend to + the entire whole, and thus to each and every part + regardless of who wrote it.

    + +

    Thus, it is not the intent of this + section to claim rights or contest your rights to work + written entirely by you; rather, the intent is to exercise + the right to control the distribution of derivative or + collective works based on the Program.

    + +

    In addition, mere aggregation + of another work not based on the Program with the Program + (or with a work based on the Program) on a volume of a + storage or distribution medium does not bring the other + work under the scope of this License.

    +
    3. + +
  3. + You may copy and distribute the + Program (or a work based on it, under Section 2) in object + code or executable form under the terms of Sections 1 and 2 + above provided that you also do one of the following:
    + + +
      +
    1. Accompany it with the complete + corresponding machine-readable source code, which must be + distributed under the terms of Sections 1 and 2 above on + a medium customarily used for software interchange; + or,
      2. + +
    2. Accompany it with a written + offer, valid for at least three years, to give any + third party, for a charge no more than your cost of + physically performing source distribution, a complete + machine-readable copy of the corresponding source code, + to be distributed under the terms of Sections 1 and 2 + above on a medium customarily used for software + interchange; or,
      3. + +
    3. Accompany it with the + information you received as to the offer to distribute + corresponding source code. (This alternative is allowed + only for noncommercial distribution and only if you + received the program in object code or executable form + with such an offer, in accord with Subsection b + above.)
      4. +
    + +

    The source code for a work means + the preferred form of the work for making modifications to + it. For an executable work, complete source code means all + the source code for all modules it contains, plus any + associated interface definition files, plus the scripts + used to control compilation and installation of the + executable. However, as a special exception, the source + code distributed need not include anything that is normally + distributed (in either source or binary form) with the + major components (compiler, kernel, and so on) of the + operating system on which the executable runs, unless that + component itself accompanies the executable.

    + +

    If distribution of executable or object + code is made by offering access to copy from a + designated place, then offering equivalent access to copy + the source code from the same place counts as distribution + of the source code, even though third parties are not + compelled to copy the source along with the object + code.

    +
    4. + +
  4. You may not copy, modify, + sublicense, or distribute the Program except as expressly + provided under this License. Any attempt otherwise to copy, + modify, sublicense or distribute the Program is void, and + will automatically terminate your rights under this License. + However, parties who have received copies, or rights, from + you under this License will not have their licenses + terminated so long as such parties remain in full + compliance.
    5. + +
  5. You are not required to accept + this License, since you have not signed it. However, nothing + else grants you permission to modify or distribute the + Program or its derivative works. These actions are prohibited + by law if you do not accept this License. Therefore, by + modifying or distributing the Program (or any work based on + the Program), you indicate your acceptance of this License to + do so, and all its terms and conditions for copying, + distributing or modifying the Program or works based on + it.
    6. + +
  6. Each time you redistribute the + Program (or any work based on the Program), the recipient + automatically receives a license from the original licensor + to copy, distribute or modify the Program subject to these + terms and conditions. You may not impose any further + restrictions on the recipients' exercise of the rights + granted herein. You are not responsible for enforcing + compliance by third parties to this License.
    7. + +
  7. + If, as a consequence of a court + judgment or allegation of patent infringement or for + any other reason (not limited to patent issues), conditions + are imposed on you (whether by court order, agreement or + otherwise) that contradict the conditions of this License, + they do not excuse you from the conditions of this License. + If you cannot distribute so as to satisfy simultaneously + your obligations under this License and any other pertinent + obligations, then as a consequence you may not distribute + the Program at all. For example, if a patent license would + not permit royalty-free redistribution of the Program by + all those who receive copies directly or indirectly through + you, then the only way you could satisfy both it and this + License would be to refrain entirely from distribution of + the Program. + +

    If any portion of this section is + held invalid or unenforceable under any particular + circumstance, the balance of the section is intended to + apply and the section as a whole is intended to apply in + other circumstances.

    + +

    It is not the purpose of this + section to induce you to infringe any patents or other + property right claims or to contest validity of any such + claims; this section has the sole purpose of protecting the + integrity of the free software distribution system, which + is implemented by public license practices. Many people + have made generous contributions to the wide range of + software distributed through that system in reliance on + consistent application of that system; it is up to the + author/donor to decide if he or she is willing to + distribute software through any other system and a licensee + cannot impose that choice.

    + +

    This section is intended to make + thoroughly clear what is believed to be a consequence of + the rest of this License.

    +
    8. + +
  8. If the distribution and/or use of the + Program is restricted in certain countries either by patents + or by copyrighted interfaces, the original copyright holder + who places the Program under this License may add an explicit + geographical distribution limitation excluding those + countries, so that distribution is permitted only in or among + countries not thus excluded. In such case, this License + incorporates the limitation as if written in the body of this + License.
    9. + +
  9. The Free Software Foundation may + publish revised and/or new versions of the General Public + License from time to time. Such new versions will be similar + in spirit to the present version, but may differ in detail to + address new problems or concerns. Each version is given a + distinguishing version number. If the Program specifies a + version number of this License which applies to it and "any + later version", you have the option of following the terms + and conditions either of that version or of any later version + published by the Free Software Foundation. If the Program + does not specify a version number of this License, you may + choose any version ever published by the Free Software + Foundation.
    10. + +
  10. + If you wish to incorporate parts + of the Program into other free programs whose distribution + conditions are different, write to the author to ask for + permission. For software which is copyrighted by the Free + Software Foundation, write to the Free Software Foundation; + we sometimes make exceptions for this. Our decision will be + guided by the two goals of preserving the free status of + all derivatives of our free software and of promoting the + sharing and reuse of software generally. + +

    NO WARRANTY

    +
    11. + +
  11. BECAUSE THE PROGRAM IS LICENSED FREE OF + CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE + EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE + STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES + PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, + EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, + THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND + PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM + PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY + SERVICING, REPAIR OR CORRECTION.
    12. + +
  12. IN NO EVENT UNLESS REQUIRED BY + APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT + HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE + THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, + INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL + DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE + PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA + BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD + PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER + PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN + ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    13. +
+ +

END OF TERMS AND CONDITIONS
+
+

+ +

*  Appendix: How to Apply These + Terms to Your New Programs

+ +

If you develop a new program, and you want it to be of the + greatest possible use to the public, the best way to achieve + this is to make it free software which everyone can + redistribute and change under these terms.

+ +

To do so, attach the following notices + to the program. It is safest to attach them to the start of + each source file to most effectively convey the exclusion of + warranty; and each file should have at least the "copyright" + line and a pointer to where the full notice is found.

+ +
+ <one line to give the program's name and a brief idea of + what it does.> Copyright (C) 19yy <name of author> + +

This program is free software; you can + redistribute it and/or modify it under the terms of the GNU + General Public License as published by the Free Software + Foundation; either version 2 of the License, or (at your + option) any later version.

+ +

This program is distributed in the + hope that it will be useful, but WITHOUT ANY WARRANTY; + without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public + License for more details.

+ +

You should have received a copy of the + GNU General Public License along with this program; if not, + write to the Free Software Foundation, Inc., 675 Mass Ave, + Cambridge, MA 02139, USA.

+
+ +

Also add information on how to contact + you by electronic and paper mail.

+ +

If the program is interactive, make it + output a short notice like this when it starts in an + interactive mode:

+ +
+ Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details + type `show w'. This is free software, and you are welcome to + redistribute it under certain conditions; type `show c' for + details. +
+ +

The hypothetical commands `show w' and + `show c' should show the appropriate parts of the General + Public License. Of course, the commands you use may be called + something other than `show w' and `show c'; they could even be + mouse-clicks or menu items--whatever suits your program.

+ +

You should also get your employer + (if you work as a programmer) or your school, if any, to sign a + "copyright disclaimer" for the program, if necessary. Here is a + sample; alter the names:

+ +
+ Yoyodyne, Inc., hereby disclaims all copyright interest in + the program `Gnomovision' (which makes passes at compilers) + written by James Hacker. <signature of Ty Coon>, 1 + April 1989
+ Ty Coon, President of Vice +
+ +

This General Public License does not + permit incorporating your program into proprietary programs. If + your program is a subroutine library, you may consider it more + useful to permit linking proprietary applications with the + library. If this is what you want to do, use the GNU Library + General Public License instead of this License.

+ +

+

+ +

+ Website · + Manual · + FAQ · GPL

+ +

+ Copyright © 1996-8 Junkbusters ® + Corporation. Copyright © 2001 + Jon + Foster. Copying and distribution permitted under the GNU General Public License. The text of the + GNU GPL itself is copyrighted by the FSF, and may be copied but + not modified.

+ +

+ http://sourceforge.net/projects/ijbswa/

+ + diff --git a/doc/ijbfaq.html b/doc/ijbfaq.html index ab7e7989..f9168a68 100644 --- a/doc/ijbfaq.html +++ b/doc/ijbfaq.html @@ -1,3186 +1,1999 @@ - + + + - - - - - - - - - - -Internet Junkbuster Frequently Asked Questions - - - - - - - - - -
-

Internet JUNKBUSTER Frequently Asked Questions -

-
- -

-Download for UNIX - - · (Download for Windows 95/NT) - - · (Other OS) - - · Configuring Browsers - - · Installation - - · For Companies - - · Blocking - - · Cookies - - · Anonymity - - · Security - - · (Technical Manual) -

-
-
-

-The Top Ten Questions - -

-
-
For a list of the questions on this page (without the answers), -see our -Table of Contents. -It also contains detailed pointers into our pages -on -cookies -and on busting -junk e-mail, -junk mail -and -telemarketing calls. - -

<Feedback>  -What is the Internet Junkbuster Proxy and what does it do for me? -

-

-The -Internet Junkbuster -Proxy -TM -is -free -privacy-enhancing software that can be run on your PC or by your -ISP -or company. -It blocks requests for -URLs -(typically banner ads) -that match its -blockfile. -It also deletes unauthorized -cookies -and other -unwanted identifying -header information -that is exchanged between web servers and browsers. -These headers are not normally accessible to users -(even though they may contain information that's important to your privacy), -but with the -Internet Junkbuster -you can see almost -anything you want -and control everything you're likely to need. -You -decide what's junk. -SM -Many people -publish -their blockfiles to help others get started. -

- -

<Feedback>  -Is there a license fee / warranty / registration form / expiration? -

-

-No, none of these. -It's completely free of charge. -Junkbusters -offers you the software to copy, use, modify and distribute -as you wish, forever, at -no charge -under the -GNU General Public License. -

-It comes with -no warranty of any kind. -

-You don't have to register, -in fact we don't even provide a way to do so: -the practice of registering software is -usually just an -excuse -to send you solicitations and -sell your name -and information about your behavior. -You are welcome to obtain and use our software as anonymously you wish. -(Your -IP -address will naturally be -disclosed -when you download it, -so if you work for a web ad company -you might want to use a service such as the -lpwa.com -when you get it. -We -never -want to be given any information that you consider private or confidential.) -

-We are often asked why we give away a product that many -would happily pay for. -The answer is that we are determined to carry out our -mission: -to free the world from junk communications. -

- -

<Feedback>  -Does it run on Windows? On a Mac? On the AOL browser? -

-

-For the latest information on availability, see the -Distribution Information -page. -We -don't -think it will ever run on -Windows 3.1. -But you don't need to have it running on your computer -if you get your -ISP -or Systems Administrator at -work -to run it. -

- -

<Feedback>  -How can I get my ISP to run the Internet Junkbuster? -

-

-Try their sales or support department -(depending on whether you are already a customer). -You might send them email including the following -URL: -
-   http://www.junkbusters.com/ht/en/ijbfaq.html#isps -
-You could mention that many -other -ISPs -provide it, -and that you regard it as an important part of your decision on -where to buy Internet service. -

- -

<Feedback>  -Who chooses the options that control what is blocked? -

-

-Whoever starts the -Internet Junkbuster -chooses the options and the blockfile. -If your -ISP -runs it for you, they have to make these decision -(though -some -may give you a choice of proxies, -and a way to suggest new -URLs -to block). -If you run it on your computer, -You -decide what's junk. -SM -

- -

<Feedback>  -How do I download and run the program on my computer? -

-

-It depends on your platform. -If you are using Windows 95 or NT, -see our separate page on -installing under Windows. -If you have a C compiler and are using almost any flavor of -UNIX ® -you -download it, compile it, start it running, -and then -configure your browser. -Several precompiled packages are also available through links in our -distribution page, -which lists all available platforms. -

-If you are using a platform for which we have no current -availability, -you are welcome to port the code. -If you do this and you would like us to consider publishing your ported version, -please -tell us. -

- -

<Feedback>  -How can I tell which blockfile and options are being used? -

-

-Just point your browser to -http://internet.junkbuster.com/cgi-bin/show-proxy-args -or to any -URL -ending in -show-proxy-args -(even if it doesn't exist). -It needn't exist because the -Internet Junkbuster 2.0 -intercepts the request, blocks it, -and returns in its place -information about itself. -Using the -URL -above is useful for checking that your browser really is -going through an -Internet Junkbuster, -because the -junkbuster.com -server returns a warning if the request actually gets to it. -Some people set the home page of their browser to such a -URL -to be sure that it is configured to use the proxy. -

-If you wish to check the header information -your proxy is actually sending, -a visit to -http://internet.junkbuster.com/cgi-bin/show-http-headers -will give you the more relevant ones first. -You might also like to turn the proxy -off -and compare the difference. (Don't forget to turn it back on again.) -

- -

<Feedback>  -My browser started giving me ``server not responding'' messages -

-

-Once your browser is told to use a proxy such as the -Internet Junkbuster, -it thinks of it as its server for everything, -so this message means it can't talk to the proxy. -The -Internet Junkbuster -may not be running, -or you may have specified its proxy -address -incorrectly. -Check that the details you entered are correct. -If you have -telnet -you can try connecting to the appropriate port to see if the -Internet Junkbuster -is running. -If your -ISP -is running the -Internet Junkbuster, -you may want to check with them. -If you are running it yourself under -UNIX ®, -try looking at a -ps ax -to see if it is running. -The -port -specified in its options should be the same one as your -browser has configured. -

- -

<Feedback>  -I've got this great idea for a new feature. Who do I tell? -

-

-We'd be very interested to hear it, but please bear a few things in mind. -

-

- -

<Feedback>  -My question isn't listed here. Who do I ask for support? -

-

-If you find using our free product -harder than you're used to for consumer software, -there are many -commercial alternatives -that you could consider. -

-The answer to detailed technical questions may be answered in -manual page, -or in the source code. -Also double-check this page for an answer: -using the ``find'' feature on your browser for likely keywords may help. -Our site also has a -search -feature. -

-Many people post requests for help and responses on -Usenet. -

-If your -ISP -is providing -the -Internet Junkbuster -for you, -and your question is about how to use it, -check their web page before asking them. -

-Even though we don't offer the kind of -support you might expect if you paid a lot of money for a software product, -you can still ask us. -But before you do, please consider whether -you could ask someone closer to you. -And please be patient if we're slow to reply: we -never charge consumers -for our services, -so we have to subsidize consumers with revenue from companies, -and our resources are limited. -

-If your company or organization -would be interested in a maintenance contract -with phone and email support, -hard copy documentation and source code and pre-compiled binaries on tape -or disk, -please -ask us -for a quote. -

-

--- Back to Top of Page ---

-
-
-

-Configuring your browser to talk to the Internet Junkbuster - -

-
-
-

<Feedback>  -What is the proxy address of the Internet Junkbuster? -

-

-If you set up -the -Internet Junkbuster -to run on the computer you browse from -(rather than your -ISP's server -or some networked computer at work), -the proxy will be on -localhost -(which is the special name used by every computer on the Internet to -refer to itself) -and -the port will be -8000 -(unless you have told the -Internet Junkbuster -to -run on a different port with the -listen-address -option). -So you when -configuring your browser's proxy settings -you typically enter the word -localhost -in the two boxes next to - -HTTP -and - -Secure, -and the number -8000 -in the two boxes labelled -to the right of those boxes. -

-If your -ISP -or company is running -the -Internet Junkbuster -for you, -they will tell you the address to use. -It will be the name of the computer it's running on -(or possibly its numeric IP address), -plus a port number. -Port 8000 is the default, so assume this number if it is not specified. -Sometimes a colon is used to glue them together, -as in -junkbuster.fictitous-pro-privacy-isp.net:8000 -but -with most browsers -you do not type the colon, -you enter the address and port number in separate boxes. -

- -

<Feedback>  -How do I tell the browser where to find the Internet Junkbuster? -

-

-All current browsers can be told the address of a proxy to use. -You enter the same information in two fields in your browser's proxy -configuration screen (see list below): one for -HTTP, -and one for the Secure Protocol (assuming your browser supports -SSL). -If you find some information already entered for your proxy, -see the -next question. -Here are the menus you go through to get to the proxy configuration settings. -(We also recommend that you -disable Java, -which is a separate operation.) -Make notes on the changes you make so you know how to undo them! -You will need to know what you did -in case you wish to -discontinue -using the proxy. -

-If your browser is not listed here, -or if you notice an error, please -tell us -the correct procedure. -

- -

<Feedback>  -What should I do if I find another proxy is already configured? -

-

-Some -ISPs -and companies require all Web traffic to go through their proxy. -In this case you would find your proxy configuration with values already set, -possibly under -Automatic Proxy Configuration -(in the case of -Netscape -and -MS-IE 3.0 -and above). -It's probably a firewall proxy between your company and the outside world, -or a -caching proxy -if you're using an -ISP. -

-What needs to be done in this case is to -use the -forwardfile -option -to tell the -Internet Junkbuster -the address of the other proxy. -Specify a different (unused) port number -with the -listen-address -option, -and configure your browser to -use that port. -If you haven't done this kind of thing before, -it's probably best to consult your systems administrator or -ISP -about it; -check their web page first. -

- -

<Feedback>  -What if I want to stop using the Internet Junkbuster? -

-

-Just go through the same procedure you used to start your -browser using the -Internet Junkbuster, -but remove the details you put in -(or if there was something there before, restore it). -You may need to use - -Save Options -to make this change permanent. -On Netscape 3.0 you can go through - -Options; - -Network Preferences; - -Proxies -and click on - -No Proxy -to turn it off, and later click on - -Manual Proxy Configuration -if you want to start using it again. -(No need to enter the again details under - -View -as you did the -first time; -they should remain there unchanged.) -

-This stops your browser talking to the proxy; -shutting down the proxy -is a different matter. -

- -

<Feedback>  -Automatic dialing isn't working any more. How do I fix it? -

-

-Some browsers (such as MSIE-4) can be configured to dial your -ISP -automatically when you click on a link, -but this feature gets disabled if you specify a proxy running on your -own computer -(with address -localhost -or -127.0.0.1) -because these addresses don't require dialing. -The -Internet Junkbuster -knows nothing about dialing, so it doesn't work. -To make automatic dialing work, -make up a name such as -junkbuster.ijb -and use that name in the proxy settings -instead of -localhost, -and then add the line -127.0.0.1 junkbuster.ijb -to the file -c:\windows\hosts -(if there already is a line beginning with -127.0.0.1 -just add -junkbuster.ijb -at the end of it.) -

-This should also work Netscape Communicator 4 on -machines where IE-4 has been installed. -

-

--- Back to Top of Page ---

-
-
-

-Setting up the Internet Junkbuster on your local computer - -

-
-
The next two sections assume you wish to compile the code -with your own C compiler. -If you just want to use the -.exe -file provided for Windows, -see the -Windows Installation page. - -

<Feedback>  -How do I compile the code under Unix? -

-

-If you are running Redhat -Linux -you may prefer to use the -rpm -instead of the following procedure. -

    -
  1. -First -download the tar file -(~286k) -and -uncompress and extract the files from it with this command -
    -   uncompress -c ijb20.tar.Z | tar xf - -

    -

  2. -If your operating system is from -Sun -or -HP -examine the -Makefile -and make any changes indicated inside. -
  3. -Run -
    -
    -   make -

    -

  4. -Copy the sample configuration file -(junkbstr.ini, -previously called -sconfig.txt -and other names in earlier releases) -to some convenient place such as -/usr/local/lib/junkbuster/configfile -or whatever you choose. -The sample file has all the options commented out. -You can remove the -# -character on any that you want, but it may be better to -leave this until to later. -Run it asynchronously: -
    -
    -   junkbuster configfile & -

    -If you are running a version earlier than 2.0 you can start it with -junkbuster & -

    -

  5. -Configure your browser (described -above). -
  6. -Verify that the -Internet Junkbuster -is working (described -above). -
  7. -Decide on the options you really want, -kill -the -process -and start it again. The most popular option is -blockfile -to block ads. -A sample blockfile is provided as an illustration, -but it doesn't really stop many ads. -More comprehensive ones are available -elsewhere. -
  8. -You'll probably want to add an entry to -/etc/rc.d/rc.local -or equivalent to start it at boot time. -(Any output you specify should be redirected to a file. -And don't forget the -& -at the end to run it asynchronously or your system will seize -up after the next reboot.) -
-

- -

<Feedback>  -How do I compile the code under Windows? -

-

-A binary is currently being supplied with the source code, -but if you prefer to compile it yourself here is the likely procedure. -Most of these steps are repeated in our checklist for -installation under Windows. -

    -
  1. -First -click here to download the zip file -called -ijb20.zip -(~208k), -then uncompress and unpack the zip archive using a tool like -WinZip. -
  2. -Now the distribution (source and sample files) -will be in a folder -called -ijb20. -Go into that folder and then edit the Makefile for -your system, -removing the comment character -(#) -in the lines related to Win32. -Then type: -
    -   nmake -
    -This should create an executable called -junkbstr.exe. -For information on issues with various compilers, see the -Distribution Information -page. -
  3. -Run the executable with the command: -
    -   junkbstr -
    -The program will produce a message -indicating that it has started and is ready to serve. -

    -(Version 2.0.1 and above uses -the file -junkbstr.ini -as the config file -if it exists and no argument was given. If you have an earlier -version or if you want it to use a different config file, -simply specify that file as the argument.) -

  4. -Configure your browser (described -above). -
  5. -Check the proxy is working (described -below). -
  6. -To have the proxy start itself automatically -when you login to Win95, -drop the ``shortcut'' to the -junkbstr -executable into the StartUp folder: -
    -   C:\Windows\Start Menu\Programs\StartUp -
    -You might want to change the shortcut's -Properties->Shortcut -to -Run: Minimized. -If you specify the -hide-console -option then the -DOS -window will vanish after it starts. -

    -WinNT users can put it into their own -StartUp folders or the Administrator -can put it into the system's global StartUp folder. -For details on how to make this a service under NT -see our -Windows page. -

-

- -

<Feedback>  -How do I check that the proxy is working? -

-

-Pick a page from somewhere (such as your bookmarks, or just one -that your browser was pointing to) -and - -Reload -it. -If you get a message along the lines of ``server not responding, -using cached copy instead,'' see the advice -above. -If the page reloads OK, check that your browser is actually -talking to the proxy by going to -http://internet.junkbuster.com/cgi-bin/show-proxy-args -or any -URL -ending in -show-proxy-args -(as described -below, -the proxy should intercept the request.) -When you see ``Internet Junkbuster Proxy Status,'' -you'll know it's working. -

- -

<Feedback>  -How and why would I have this proxy chained with other proxies? -

-

-You may need the -forwarding -feature to ``daisy chain'' the -Internet Junkbuster -to another proxy, perhaps an -anonymizing -proxy to -conceal -your -IP -address, -or a -caching proxy -from your -ISP, -or a -firewall -proxy between your company and the outside world. -Version 2.0 -can be even configured to forward -selectively -according to the -URL -requested: -for example, connecting directly to trusted hosts, -but going through an anonymizing or firewall proxy for all other hosts. -

-Network administrators might use it to provide -transparent access to multiple networks without -modifying browser configurations. -Most browsers also provide a way of -specifying hosts that the browser -connects to directly, bypassing the proxy. Some provide a method for -Automatic Proxy Configuration. -A well written -Internet Junkbuster -configuration can be much more flexible and powerful. -

-An -ISP's -caching proxy -would typically be called something like -cache.your-isp.net:8080 -(as described on you -ISP's -web page); -you would put this information in your -forwardfile -as described in our manual. -Your browser would be configured to -the -Internet Junkbuster -for -HTTP -and Security Proxies as before, -but you probably want to tell it to use the caching proxy -for -FTP -and other protocols. -If your -ISP -is running -the -Internet Junkbuster -for you, -they have probably already decided whether to chain with a caching proxy. -

- -

<Feedback>  -How does the Internet Junkbuster work with SOCKS gateways? -

-

-There is support for some -gateways -in -Version 1.4 -and above. -The gateway protocol used to be specified on the command line; -it is -now specified -in the same file as -forwarding. -Note that the browser's proxy configuration must -not -specify a -SOCKS -host; -it should specify the proxy as described -above. -

- -

<Feedback>  -How do I configure it to be just a plain old proxy? -

-

-To get the proxy to do as little as possible (which means not deleting any -sensitive headers), place in your -configuration file the following three lines (each ending in a space -then a period) to stop it changing sensitive headers: -
-   referer . -
-   from . -
-   user-agent . -
-   cookiefile mycookiefile -
-The fourth line is also needed to specify a -cookiefile -that might be called -mycookiefile -containing a single line with a -* -character, to allow all cookies through. -

- -

<Feedback>  -How do I shut down the proxy (to restart it)? -

-

-It depends on your platform. Under Windows, use - -Ctrl-Break -in the -DOS -window or -the old three-fingered salute of - -Ctrl-Alt-Delete -and select - -End Task. -Under -UNIX ® -you'll need to -kill -the -junkbuster -process. -If you don't know the process number to give to -kill, try this: -ps ax | grep junkbuster -
-

-

--- Back to Top of Page ---

-
-
-

-Information for companies - -

-
-
-

<Feedback>  -What do advertising companies think of this kind of technology? -

-

-We've seen only a few public comments from the advertising industry on this, -other than -SEC filings. -First, the president of the Internet Advertising Bureau told -CNET -that he wasn't worried by banner blockers. -Second, after the Federal Trade Commission's -workshop -where we gave a live demonstration of our proxy before -many eminent representatives of the industry, -the -Direct Marketing Association -made the following -statement in the closing paragraphs -of their -summary comments -to the Commission. -

-Clever shareware developers have come up with products that -can obliterate cookies and advertisements for those consumers -who have these concerns. -The Internet is a market that is so democratic and flexible -that it is easy for companies and software -developers to respond to a perceived market need. -
-Their attitude seems to be that they would prefer that -people use technical solutions -to protect their privacy than have protections -imposed by legislation or government regulations. -So, do you perceive a market need? -Then here are some ways to flex your democratic muscles. -

- -

<Feedback>  -Should we provide the Internet Junkbuster for our employees? -

-

-That depends. Try this quick three-point test. -

    -
  1. -Do you want to spend your communications budget -on bandwidth that wastes your employees' time by forcing them to wait -for a lot of annoying distractions while they're trying to -do their jobs? -
  2. -Do you want current and potential vendors -to know quantitative details about the -software and hardware platforms -that you have? -
  3. -Do you want your competitors to be able to -track -exactly which of your -employees are checking out their web sites? -
-If the answer to all three questions is yes, -then you probably don't have any need for this kind of product. -

- -

<Feedback>  -Can our company get commercial support for the software? -

-

-Yes, -ask us -for a quote on a maintenance contract with your choice of -phone and email support, -hard copy documentation, -source code and pre-compiled binaries on tape or disk, -and email alerting of upgrades and issues. -We also offer consulting services to help set up ``stealth browsing'' -capabilities to help reduce the footprints left while doing competitive -analysis and other Web work where confidentiality is critical. -

- -

<Feedback>  -I run an ISP. What issues should I consider before offering it? -

-

-Many -ISPs -who offer the proxy to their customers have told us that -most of their customers are -delighted with it -(although one reported that a customer complaint that without banner ads, -surfing was like reading a novel: we recommend making it optional). -Many -ISPs -like it because it reduces bandwidth requirements. -To help get you started, -here's a checklist we've developed from working with a few -ISPs. -You may think of more, -and we'd be interested if you're willing to -share them -with us. -

    -
  1. -If you get more than one request for -the -Internet Junkbuster -you may want to tell your customers on your News page that you -already -know about it and are assessing it. -
  2. -Try the software and -verify -that it performs satisfactorily. -
  3. -Determine whether your customers perceive the service as -valuable -(and therefore worth the time to set up). -We've had reports of many delighted customers. -
  4. -Assess the -level of -security -associated with the software. -If access is to be -restricted -(to just dial-in ports, for example) -how is this to be done? -
  5. -Consider -whether to expect any additional load on computing resources required, -and any change in use of bandwidth due to the blocking of large -GIFs. -
  6. -Choose the -options -you wish to provide. -
  7. -Decide whether you want -to offer a choice of configurations, such some of these four. -
      -
    1. -Banners -Blocked, -Wafer with -No-Cookie-Copyright -notice -
    2. -Cookies -not stopped -(cookiefile -with just a -* -in it), -User Agent -specified as -Lynx -
    3. -Cookies from browser -allowed, -permitting -registered services -
    4. -A proxy for -kids. -
    -If you run a -caching proxy, -decide whether the -Internet Junkbuster -will chain with it by default, -and whether to offer an alternate with no caching. -(Some -ISPs -don't, because they want to give customers an incentive to use caching -and save bandwidth.) -
  8. -Decide on a naming scheme for your -proxies. -If you're running only one -proxy on one machine, -the simplest way is to just use port 8000 on your main machine, -such as -our-isp.net. -But it would probably be safer to put an entry in your name server -and call it something like -junkbuster.our-isp.net. -If running several proxies, you could either use different ports -on the same machine, or if you have -the opportunity to distribute the load over -a few machines -you could -use different hostname aliases such as -banner.junkbuster.our-isp.net, -lynx.junkbuster.our-isp.net -and -oneway.junkbuster.our-isp.net -(corresponding to the examples in the previous point). -You may want to set up -Automatic Proxy Configuration. -
  9. -Prepare a page -explaining the -Internet Junkbuster -to your customers. -Here's are some examples from -Australia, -Germany, -Florida, -New York/New Jersey/Pennsylvania, -North Carolina, -Texas, -and -Utah. -You are welcome to copy and modify -material -from -Junkbusters -according to the -GPL. -You might want to set up a process to check this page periodically -and update it when it changes. -(A few links can probably serve as well as lot of copying however.) -A typical page would probably specify the following. -
    -
  10. -Invite a small number of technologically sophisticated -customers to beta-test the service. -
  11. -Announce general availability on your ``News'' page. -Tell us -if you would like to be included on a list of -ISPs -offering the -Internet Junkbuster. -
-

- -

<Feedback>  -What's a Proxy Server Server and how can I make money as one? -

-

-Other organizations with web presence and some bandwidth to spare -can set up as -Proxy Server Servers - -(PS2s). -The idea here is to allow users to choose their proxy configuration, -and provide it to them on a semi-permanent basis. -Users would fill in a form specifying what options they want in -their proxy, -possibly even at a very high level, such as -``no ads'' -or ``no nudity.'' -This information is sent to a -CGI -script that -configures a proxy, starts it running, and returns its address and port number -(possibly along with configuration instructions for the browser -that the user specified.) -

-Users -could be charged -a subscription fee, -or the service could be thrown in free in the hope of -improving customer retention for some existing business -(which is what -ISPs -are doing). -It might be possible to make money by -inserting new ads in the holes left where others were blocked, -but the original owners might object. -PS2s -could differentiate themselves -by providing frequently updated and comprehensive -blocking of ads, or of offensive material based on their own grading system. -Some content providers might do it for the chance to be the -only company that the consumer permits to set cookies. -(Identification could even be done via cookies, -but this might not be popular with the kind of user who wants a proxy.) -PS2s -might sell specific or aggregate information about their -users' browsing habits, -so the agreement with users on whether they are permitted to do this -would be important to both sides. -

-If your organization -establishes a -Proxy Server Service -you would like publicized, -please -notify us. -

-

--- Back to Top of Page ---

-
-
-

-Blocking - -

-
-
-

<Feedback>  -Where can I get an example blockfile that stops most ads? -

-

-The sample blockfile we provide blocks almost nothing, -and we do not publish blockfiles that stop almost all banner ads. -But others have; you can find them by -asking Altavista. -You can add any part of the new file to your old one -(probably called -sblock.ini -if you haven't changed the default name in the latest version) -or your just replace it completely. -You -probably -don't need to restart the proxy. -

-If you develop an interesting blocklist and publish it on the Web, -you might want to include the word ``junkbuster'' in it -and use the word ``blocklist'' in the file name given in the -URL -so that others can find it with the query given in the previous sentence. -

- -

<Feedback>  -If I see an ad I wish I hadn't, how do I stop it? -

-

-If your -ISP -is running the -Internet Junkbuster, -they should have a policy on whether they accept suggestions from -their customers on what to block. Consult their web page. -

-If you are running -the -Internet Junkbuster -yourself, you have complete control over what gets through. -Just add a pattern to cover the offending -URL -to your blockfile. -Version 1.3 and later automatically rereads the blockfile when it changes, -but if you're running an earlier version you'll -have to -stop it -and restart it. -

-To choose a pattern you'll first need to find the -URL -of the ad you want cover. -

-Some people use the -debug -1 -option to display each -URL -in a window as the request is sent to the server. -It's then usually an easy task to pick the offending -URL -from the list of recent candidates. -

-Alternatively, -you can use - -View Document Info -(or - -View Document Source -if your browser doesn't have that). -The - -Info -feature has the advantage of showing you the full -URL -including the host name, -which may not be specified in the source: -there you might see something like -SRC="/ads/click_here_or_die.gif" -indicating only the -path. -(The host name is assumed to be the same as the one the page came from.) -

-But ads often -come from a different site, in which case you -might see something like -SRC="grabem.n.trackem.com/Ad/Infinitum/SpaceID=1666" -or longer. -If the company looks like a pure ad warehouse -(as in the last case), -you may want to place just its domain name in the blockfile, -which blocks all -URLs -from that site. -

-If the ad comes from a server -that you really want some content from, -you can include enough of the path -to avoid zapping stuff you might want. -In the first example above, -/ads/ -would seem to be enough. -If you don't include the domain name, -the pattern applies to all sites, -so you don't want such patterns -to be too general: -for example -/ad -would block -/admin/salaries/ -on your company's internal site. -

-To speed the blocking of images, some -UNIX ® -users create a -shell script called -Image: -containing a line such as -echo $1 | sed s/http:..// >> $HOME/lib/blockfile -that adds its argument to the user's blockfile. -Once an offending image has been be found using - -View Document Info -it's easy to cut-and-paste the line (or part of it) into a shell window. -The same script can be linked to a file called -Frame: -to dealing with framed documents, -and -junkbuster: -to accept the output of the -debug -option. -

-When compiled without the -regular expressions -option, the -Internet Junkbuster -uses only very simple (and fast) matching methods. -The pattern -/banners -will not stop -/images/banners/huge.gif -getting through: you would have to include the pattern -/images/banners -or something that matches in full from the left. -So you can get what you want here, -the matcher understands -POSIX -regular expressions: -you can use -/*.*/banners -to block -and any -URL -containing -/banners -(even in the middle of the path). -(In Versions 1.1 through 1.4 -they were an option at compile time; -from Version 2.0 they have become the default.) -Regular expressions give you -many more features -than this, -but if you're not already familiar with them you probably won't -need to know anything beyond the -/*.*/ -idiom. -If you do, a -man egrep -is probably a good starting point). -

-Don't forget the -/ -(slash) -at the beginning of the path. -If you leave it out the line will be interpreted as a domain name, -so -ad -would block all sites from Andorra -(since -.ad -is the two-letter -country code -for that principality). -

-For a detailed technical description -of how pattern matching is done, -see the -manual. -

- -

<Feedback>  -How come this ad is still getting through anyway? -

-

-If the ad had been displayed before you included its -URL -in the blockfile, -it will probably be held in cache for some time, -so it will be displayed without the need for any request to the server. -Using the -debug -1 -option to show each -URL -as it is fetched is a good way to see exactly what is happening. -

-If new items seem to be getting through, -check that you are -really running -the proxy with the right blockfile in the options. -Check the blockfile for -exceptions. -

-Some sites may have different ways of inserting ads, -such as via -Java. -If you have ideas on how to block new kinds -of junk not currently covered, please -tell us. -

- -

<Feedback>  -How do I stop it blocking a URL that I actually want? -

-

-You can change the patterns so they don't cover it, -or use a simple feature in Version 1.1 and later: a line beginning with a -~ -character means that a -URL -blocked by previous patterns that matches the rest of -the line is let through. -For example, -the pattern -/ad -would block -/addasite.html -but not if followed by -~/addasite -in the blockfile. -Or suppose you want to see everything that comes from -a site you like, even if it looks like an ad: simply put -~aSiteYouLike.com -at the -end -of the blockfile. -(Order is important, because the last matching line wins.) -

-As well as unblocking -pages that were unintentionally blocked, -this feature is useful for unblocking ads from a specific source. -This might be because you are interested in those particular ones, -or if you have an explicit agreement to accept certain ads, -such as those from a free web-based email provider. -

- -

<Feedback>  -Can I block sites I don't want my children to see? -

-

-Yes, but remember that -children who are technically sophisticated enough -to use the browsers' proxy configuration options -could of course bypass any proxy. -This kind of technology can be used as a gentle barrier to remind -or guide the child, -but nobody should expect it to replace the parent's role -in setting and enforcing standards of online behavior for their children. -

-Some -ISPs -are starting to provide specialized proxies to protect children. -There are two basic approaches: the ``black list'' and the ``white list'' -approach. -The black list approach allows the child -to go anywhere not explicitly prohibited; the white list permits visits -only to sites explicitly designated as acceptable. -

-It's very easy for -anyone to -compile a white list from a page of ``recommended -kids sites'' and to configure an -Internet Junkbuster -to allow access to those sites only. -If you compile with the -regex -option, -you can place a -* -(asterisk) as the first line of the blockfile (which blocks everything), -and then list -exceptions -after that. -Be careful to make the exception sufficiently broad: -for example, using -~www.uexpress.com/ups/comics/ch/ -as the exception for -Calvin and Hobbes -would block some of the graphic elements on the page; -you would probably want a wider exception such as -~www.uexpress.com/ups/ -to permit them. -

-Version 2.0 has an experimental feature -to permit only sites mentioned in a nominated -trusted site. -This allows organizations to build lists of sites for kids to browse, -and the software automatically restricts access to those on the list. -

-Many filtering -products -actually scan for keywords in -the text of pages they retrieve -before presenting it, -but -the -Internet Junkbuster -does not do this. -Building a perfectly reliable black list system is hard, -because it's very difficult to state -in advance -exactly -what is obscene or unsuitable. -For more info see our -links -page. -

- -

<Feedback>  -What do I see when a page or graphic is blocked by the proxy? -

-

-You usually see a broken image icon, -but it depends on several factors beyond the proxy's control. -If asked for a -URL -matching its blockfile, the proxy returns an -HTML -page containing a message identifying itself -(currently the two words ``Internet Junkbuster'') -with a status 202 (Accepted) instead of the usual 200 (OK). -(Versions 1.X returned an error 404: Forbidden, which caused -strange behavior in some cases.) -Status 202 is described in the -HTTP -RFC -as indicating that the request has been accepted but not completed, -and that it might complete successfully in the future -(in our case, if the blockfile were changed). -

-The broken image icon is most common -because the browser is usually expecting a graphic. -But if it was expecting text, or if the page happens to be using certain -HTML -extensions -such as -layer -and your browser is a late model from Microsoft, -you may see the words ``Internet Junkbuster'' displayed as a hot link. -

-Clicking on the link takes you to an explanation of -the pattern in the blockfile that caused the block, -so that you can edit the blockfile and go back and reload if you really -want to see what was blocked. The explanatory link is generated by -the proxy and is automatically intercepted based on its ending in -ij-blocked-url; -even though the site is specified as -http://internet.junkbuster.com -no request should actually made to that site. -If one is, it means that the proxy was been removed after it -generated the link. -

-To summarize: -the identifying link to the blocking explanation -is usually turned into a broken image icon, -but it may be displayed on a page alone, -or they may may be restricted to the particular frame, layer or graphic area -specified in the page containing them. -The proxy has no way of knowing the context in which a -URL -will be used and cannot control how the blocking message will be rendered. -

- -

<Feedback>  -Why not replace blocked banners with something invisible? -

-

-Many users have suggested to us -that blocked banners should be replaced by a something like a -1x1 transparent -GIF -to make the page would look as if there was nothing ever there. -Apart from making it harder to catch unintended blocking, -this might also displease the owners of the page, -who could argue that such a change constitutes a copyright infringement. -We think that merely failing to allow an included graphic to be accessed -would probably not be considered an infringement: -after all this is what happens when a browser -is configured not to load images automatically. -However, we are -not -lawyers, -so anyone in doubt should take appropriate advice. -

-In a context where the copyright issue is resolved -satisfactorily, -a proxy could simply return a status 301 or 302 and -specify a replacement -URL -in a -Location -and/or -URI -header. -An alternative would be to use inline code to return a -1 x 1 clear -GIF. -We do not publish sample code for this, -and we have no way of stopping -others -who have. -

- -

<Feedback>  -Why not block banners based on the dimensions of the image? -

-

-Many users have pointed out that most banner ads come in standard sizes, -so why not block all -GIFs -of those sizes? -This would theoretically be without fetching the object -because the dimensions are usually given in the -IMG -tag, -but it would require substantial changes in the code, -and we doubt whether it would be much more effective than a good block list. -

- -

<Feedback>  -What about non-graphic advertising within the pages I want? -

-

-The -Internet Junkbuster -deliberately -does not provide a way of automatically editing the contents of a page, -to remove textual advertising or -to repair the holes left by blocked banners. -Other packages such as -WebFilter -do. -

-For the same reason, -it has no way of stopping a new browser -window being created, because this is done through the -target -attribute in the -<a> -and -<base> -elements, -not through headers. -Nor do we plan to add a feature to -paralyze animated -GIFs. -

- -

<Feedback>  -Does it block ads on the broadcasting ``push'' systems? How about pop-up ads? -

-

-We haven't tried it but we expect it would probably -work on image ads on push channels. -See also -adchoice. -

-Disabling -Javascript -stops some pop-up ads. -One problem is that some advertisers throw open a new -browser window to frame the ad. The ad is easily blocked, -but the empty window remains. You can kill it easily, but this is a chore. -We don't see how to stop them other than editing the -HTML -from the parent window, which we -don't -like to do. -

-The -TBTF -newsletter warned subscribers to push information that -in IE4, -LOGTARGET -allows -servers to determine the -URLs -viewed at their site even if accessed from cache or through a proxy. -If you use this browser see our instructions on -how to disable -this. -

-If you find you have experience using the proxy with push, -or have any other advice about it, please -tell us. -

-

--- Back to Top of Page ---

-
-
-

-Cookies - -

-
-
For background information on cookies see our -page describing their dangers. - -

<Feedback>  -Might some cookies still get through? How can I stop them? -

-

-Yes, you should expect the occasional cookie to make it through to your browser. -We know of at least three ways this can happen; -please -tell us -if you find any others. -One way is in secure documents, which are explained -below. -

-A -few -sites set cookies using a line such as -<META HTTP-EQUIV="Set-Cookie" CONTENT="flavor=chocolate"> -in the -HEAD -section of an -HTML -document. -Cookies can also be - -set and read -in -JavaScript. -To see if this is happening in a document, -view its source, look in the -head -for a section tagged -script language="JavaScript". -If it contains a reference to -document.cookie, -the page can manipulate your cookie file without sending any cookie headers. -The -Internet Junkbuster -does not tamper with these methods. -Fortunately they are rarely used at the moment. -If a cookie gets set, it should be stopped -by the proxy on its way back to the server when a page is requested, -but it can still be read in Javascript. -bu -

-To prevent cookies breaking through, -always -keep -cookie alerts -turned on in your browser, -and -disable -Java and Javascript. -Making the files -hard to write -may also help. -

- -

<Feedback>  -Exactly how do cookies get created and stored anyway? -

-

-When a web site's server sends you a page it also sends -certain ``header information'' which your browser records but does not display. -One of these is a -Set-Cookie -header, which specifies the cookie information that the server wants your browser to record. -Similarly, when your browser requests a page it also sends headers, specifying -information such as the graphics formats it understands. -If a cookie has previously been set by a site that matches the -URL -it is about to request, -your browser adds a -Cookie -header quoting the previous information. -

-For more background information on how cookies -can damage your privacy, see our -page on cookies. -For highly detailed technical information see the -RFC. -The -Internet Junkbuster -will show you all headers you use the -debug -8 -option, -or you can get a sample from our -demonstration page. -

- -

<Feedback>  -If cookies can't get through, will some things stop working for me? -

-

-Possibly. -Some personalized services including certain - -chat -rooms -require cookies. -Newspapers that require - -registration -or - -subscription -will not automatically recognize you if you don't send them the cookie they -assigned you. And there are a very small number of sites that do -strange things with cookies; they don't work for anyone that blocks -cookies by any means. -Some sites such as -Microsoft -explain that their content is so wonderfully compelling that -they will withhold it from you unless you submit to their -inserting cookies. -

-If you want such sites to be given your cookies, -you can use the -cookiefile -option provided you are running -Version 1.2 or later -yourself. -Simply include the domain name of those sites in the -cookiefile -specified by this option. -If it still doesn't work, -the problem may be in -other headers. -

-It's possible to let cookies out but not in, -which is enough to keep some sites happy, but not all of them: -one newspaper site seems to go into an endless frenzy -if deprived of fresh cookies. -A cookiefile containing -a single line consisting of the two characters ->* -(greater-than and star) permits server-bound cookies only. -The -* -is a -wildcard -that matches all domains. -

-If someone else is running the -Internet Junkbuster -for you and has a version -that - -passes server-bound cookies through, -you can try editing your browser's cookie -file to contain just the ones you want, -and restart your browser. -To subscribe to a new service like this -after you have started using the -Internet Junkbuster, -you can try the following: -tell your browser to -stop using -the -Internet Junkbuster, -fill out and submit your subscription details -(allowing that web site to set a cookie), -then -reconfigure your browser to use the -Internet Junkbuster -again -(and stop more cookies being sent). -This also requires the -cookiefile -option, -and its success depends on the Web site -not wanting to change your cookies at every session. -For this reason it does not work at some major newspaper sites, for example. -But you may prefer to -look at whether other sites provide the same -or better services without demanding the opportunity -to track your behavior. -The web is a buyer's market where most prices are zero: -very few people pay -for content with money, so why should you pay with your privacy? -

- -

<Feedback>  -Can I control cookies on a per-site basis? -

-

-Yes, since version 1.2 the -Internet Junkbuster -has included advanced cookie management facilities. -Unless you specify otherwise, -cookies are discarded (``crumbled'') by the -Internet Junkbuster -whether they came from the server or the browser. -In Version 1.2 and later you can -use the -cookiefile -option -to specify when cookies are to be passed through intact. -It uses the same syntax and -matching -algorithm as the blockfile. -

-If the -URL -matches a pattern in the -cookiefile -then cookies are let through in both the browser's request for the -URL -and in the server's response. -One-way permissions can be -specified by starting the line with the -> -or -< -character. -For example, a cookiefile consisting of the four lines -
-   org -
-   >send-user-cookies.org -
-   <accept-server-cookies.org -
-   ~block-all-cookies.org -
-allows cookies to and from -.org -domains only, with the following exceptions: -

    -
  1. -Cookies sent from servers in the domain -send-user-cookies.org -are blocked on their way to the client, -but cookies sent by the browser to that domain are still be fed to them. -
  2. -The cookies of -accept-server-cookies.org -check in to the proxy and are passed through to the browser, -but when they come back to the proxy they never check out. -
  3. -All cookies to and from -block-all-cookies.org -are blocked. -
-

-If -the -junkbuster -was compiled with the regular expressions option -they may be used in paths. -Any logging to a -``cookie jar'' -is separate and not affected. -

-It's important to give hosts you want to be able -to set cookies sufficient breadth. For example, -instead of -www.yahoo.com -use -yahoo.com -because the company uses many different hosts ending in that domain. -

- -

<Feedback>  -Can I make up my own fake cookies (wafers) to feed to servers? -

-

-Yes, -using the -wafer -option. -We coined the term -wafer -to describe cookies chosen by a user, -not the Web server. -Servers may not find wafers as tasty as the cookies -they make themselves. -But users may enjoy controlling servers' diets for various reasons, -such as the following. -

-

-Junkbusters provides a -CGI -script that lets you -see -your wafers as they appear to servers. -

-Wafers confuse a few fragile servers. -If this troubles you, don't use this option. -

-Any wafers specified are sent to -all sites regardless of the cookiefile. -They are appended after any genuine cookies, -to maintain compliance with -RFC 2109 -in the event that a path was specified for a cookie. -The -RFC's provisions regarding the -$ -character -(such as the -Version -attribute) -are transparent -to the proxy; it simply quotes what was recited by the browser. -

-If you want to send wafers only to specific sites, -you could try putting them your browser's cookie file in a format -conforming to the Netscape -specification, -and then specify in the proxy's cookiefile that cookies are to be -sent to -but not accepted from those sites, so they can't overwrite the file. -This may work with Netscape but not all other browsers. -

- -

<Feedback>  -Why would anyone want to save their cookies in a ``cookie jar?'' -

-

-We provided this capability just in case anyone wants it. -There are a few possible reasons. -

-

-

--- Back to Top of Page ---

-
-
-

-Anonymity - -

-
-
For details -on how your identity can be revealed while you surf, -see our page on -privacy. -Once you start using -the -Internet Junkbuster -you should find that much of the information -previously indicated on that page will no longer be provided. -If the -REMOTE HOST -indicating your IP address is too close for comfort, -see our suggestions -below -on how to -conceal -your IP address. -We also recommend that you -disable JavaScript -and -Java. - -

<Feedback>  -If I use the Internet Junkbuster, will my anonymity be guaranteed? -

-

-No. Your chances of remaining anonymous are improved, -but unless you are an expert on Internet security -it would be safest to assume that everything you do on the Web -can be attributed to you personally. -

-The -Internet Junkbuster -removes various information about you, -but it's still possible that web sites can find out who you are. -Here's one way this can happen. -

-A few browsers -disclose the user's email address -in certain situations, such as when transferring a file by -FTP. -The -Internet Junkbuster 2.0 -does not filter the -FTP -stream. -If you need this feature, or are concerned about the mail handler -of your browser disclosing your email address, -you might consider -products such as -NSClean. -

-Browsers downloaded as binaries -could use non-standard headers to give out any information -they can have access to: see the manufacturer's license agreement. -It's impossible to anticipate and prevent every breach of privacy that -might occur. -The professionally paranoid prefer browsers available as source code, -because anticipating their behavior is easier. -

- -

<Feedback>  -Why should I trust my ISP or Junkbusters with my browsing data? -

-

-You shouldn't have to trust us, and you certainly don't have to. -We do not run the proxy as a service, -where we could observe your online behavior. -We provide source code so that everyone can see that the proxy isn't -doing anything sneaky. -

-You are already trusting your -ISP -not to look at an awful lot of information on what you do. -They probably post a -privacy policy -on their site to reassure you. -If they run a proxy for you, using it could actually -make it slightly easier for them to monitor you, -but we doubt that any sane -ISP -would try this, -because if it were discovered customers would desert them. -

- -

<Feedback>  -What private information from server-bound headers is removed? -

-

-The -Internet Junkbuster -pounces on the following -HTTP -headers in requests to servers, -unless instructed otherwise in the options. -

-In -Version 1.4 -and later you can use the --r @ -option to selectively disclose -REFERER -and -USER_AGENT -to only those sites you nominate. -

-Some browsers -send Referer and User-Agent information under different non-standard headers. -The -Internet Junkbuster 2.0 -stops -UA -headers, -but others may get through. -This information is also available via JavaScript, -so -disable disable -it. -Some search engines -encode the query you typed -in the -URL -that goes to advertisers to target a banner ad at you, -so you will need to block the ad as well as the referer header, -unless you want them (and anyone they might -buy data -from) -to know -everything you ever search for. -

-If you have JavaScript enabled (the default on -most browsers) servers can use it to obtain Referer and User Agent, -as well as your plug-ins. -We recommend -disabling -JavaScript and Java. -

-Currently no -HTTP -response headers (browser bound) -are removed, -not even the -Forwarded: -or -X-Forwarded-For: -headers. -Nor are any added, -unless requested. -We are considering a more flexible header management system for -a future version. -

- -

<Feedback>  -Might some things break because header information is changed? -

-

-Possibly. If used with a browser less advanced than Netscape 3.0 or IE-3, -indicating an advanced browser -may encourage pages containing extensions that confuse your browser. -If this becomes a problem -upgrade your browser or -use the -user-agent -option to indicate an -older browser. -In -Version 1.4 -and later you can selectively reveal your real browser -to only those sites you nominate. -

-Because different browsers -use different encodings of Russian characters, -certain web servers convert pages on-the-fly according to the User Agent -header. Giving a User Agent with the wrong operating system or -browser manufacturer causes some Russian sites to be garbled; -Russian surfers should -change it -to something closer. -

-Some -page access counters -work by looking at the referer; -they may fail or break when deprived. -

-Some sites depend on getting a referer header, -such as -uclick.com, -which serves comic strips -for many newspaper sites, -including -Doonsbury -for the -Washington Post. -(If you click on that last link, you can then get to a page containing -the strip via the -same -URL -we've linked to under -Doonsbury, -but if you click on the -Doonsbury -link directly, it gives you an error message suggesting that you -use a browser that supports referers.) -In -Version 1.4 -and later you can use the --r @ -option -and place a line like ->uclick.com -in your cookiefile. -Wired News -used to use referer to decide whether to add a navigation column to -the page, but they have changed that. -

-The weather maps of -Intellicast -have been blocked by their server when no referer or cookie is provided. -You can use the same countermeasure with a line such as ->208.194.150.32 -(or simply get your weather information -elsewhere). -

-Some software vendors, including -Intuit -use -USER_AGENT -to decide which versions of their products to display to you. -With the -default -you get Mac versions. -

-As a last resort if a site you need doesn't seem to be working, -the -proxy configuration -of many browsers allow you to specify - -No Proxy For -any hostname you want. -

-We had reports that on some versions of Netscape the -What's New -feature did not work with the proxy, -but we think we fixed this in Version 2.0.1. -

- -

<Feedback>  -How is misidentifying my browser good for security and privacy? -

-

-Almost -every -major release of both leading browsers has contained -bugs that allow malicious servers to compromise your privacy and security. -Known bugs are quickly fixed, but millions of copies of the affected -software remain out there, and yours is probably one of them. -The -header -that normally identifies your browser tells such servers exactly which attacks -to use against you. -By misidentifying your browser you reduce the likelihood that they -will be able to mount a successful attack. -

- -

<Feedback>  -Does the Internet Junkbuster conceal my IP address? -

-

-Web sites get the IP address of any proxy or browser they serve pages to. -If you run the proxy on your own computer the IP address disclosed -is the same as your browser would, unless you use the -forwardfile -option is used to chain to another proxy, -in which case servers only get the last IP address in the chain. -Chaining slightly slows browsing of course, but it improves anonymity. -

-One public proxy that you can -forward to is -lpwa.com -port 8000. -Read about its privacy-enhancing -features and the authentication procedures first, -and note that it blocks -referer -in almost all cases, -as well as some -other headers. -

- -

<Feedback>  -How can I set the proxy to remember my LPWA password? -

-

-After you log in to -LPWA -it tells your browser to send a -Proxy-authorization -header with each request. -Whenever you shut down the browser and start again with a new browser, -you need to log in again. -If you are the only person using the -Internet Junkbuster -proxy, you can avoid repeated logins to -LPWA -by telling the -Internet Junkbuster -to send the information by placing a line such as -
-   add-header Proxy-authorization: Basic ZHVtbXk=. -
-in the configuration file. -The exact example above -does not work -because the code -ZHVtbXk=. -is a bogus one that -LPWA -would never generate; -follow the procedure below to generate a valid one. -

    -
  1. -Restart your -Internet Junkbuster -with -debug 8 -so you can see the -headers. -
  2. -Log in to -LPWA -and go to any other site. -
  3. -Find the -Proxy-authorization -header from the debug output and paste it -after the word -add-header -into the config file. -Also change the debug value back again. -
  4. -Shut down your browser, start it up again, and -restart the proxy. Test that it works. -
-This trick is convenient for sole users, but is not suitable when -more than one person uses the proxy, because they will all get the -same -LPWA -identity. -

- -

<Feedback>  -Does the Internet Junkbuster thwart identification by identd? -

-

-We think so, -provided you are not the user running the -proxy. -If your computer (or your -ISP's) -is running the -identd -demon, -servers can ask it for the identity of the -user making the request at time you request a page from them. -But if you're going through a proxy, -they will identify the user name associated with the proxy, not you. -A visit to -http://ident.junkbusters.com -lets you see what's happening. -This test is (quite rightly) blocked by many -firewalls; -just interrupt the transfer if you get an abnormal wait after clicking. -Running other applications -may also expose you via -identd; -the proxy of course doesn't help then. -

- -

<Feedback>  -Can web sites tell that I'm using the Internet Junkbuster? -

-

-With the default options the proxy doesn't announce itself. -Obvious indications such as -Keep-Alive -headers are -deleted, -but sites might notice that you can cancel cookies faster than -any human could possibly click on a mouse. -(If you want to provide a -plausible explanation for this, -change the User Agent header to a -cookie-free -or -cookie-crunching -browser). -

-But when certain options -are used they could figure out something's going on, -even if they're not pushing cookies. -If you use blocking -they can tell from their logs that the graphics in their pages -are not being requested selectively. -The -add-forwarded-header -option explicitly announces to the server that a proxy is present, -and -sending them -wafers -is of course a dead giveaway. -

-

--- Back to Top of Page ---

-
-
-

-Security - -

-
-
-

<Feedback>  -What happens with Secure Documents (SSL, https:)? -

-

-If you enter a -``Secure Document Area,'' -cookies and other header information -such as User Agent and Referer -are sent encrypted, -so they cannot be filtered. -We recommend getting your browser to alert you when this happens. -(On Netscape: - -Options; - -Security; - -General; - -Show an alert before entering a secure document space.) -We also recommend adding the line -:443 -to the blockfile to stop all but sites specified in an exception -after that line from using SSL. -

-It may be possible to filter encrypted cookies -by combining the blocking proxy with a cryptographic proxy along -the lines of -SafePassage, -but we have not tried this. -

- -

<Feedback>  -Will using this as my Security Proxy compromise security? -

-

-We're not security experts, but we don't think so. -The whole point of -SSL -is that the -contents of messages are - -encrypted -by the time -they leave the browser and the server. -Eavesdroppers (including proxies) can see where your messages are going -whether you are running a proxy or not, -but they only get to see the contents after they have been encrypted. -

- -

<Feedback>  -Can I restrict use of the proxy to a set of nominated IP addresses? -

-

-Yes, we added an -access control -file in Version 2.0. -But before you use it please consider why you want to do it. -If the reason is security, -it probably means you need a firewall. -

-The -listen-address -option provides a way of binding the proxy to a single IP address/port. -The right way to do this is to choose a port inside your firewall, and -deny access to it to those outside the firewall. -The -Internet Junkbuster -is not a firewall proxy; -it should not be expected to solve security problems. -

-For background information on firewalls, -see -Yahoo -or a -magazine article -or these well-known books: -Firewalls and Internet Security: Repelling the Wily Hacker -by -William R. Cheswick -and -Steven M. Bellovin -or -Building Internet Firewalls -by -D. Brent Chapman -and -Elizabeth D. Zwicky. -There's - -free Linux software -available, -and a large number of -commercial -products and services. -For an excellent security overview, primer, and compendium reference, see -Practical Unix and Internet Security -by -Simson Garfinkel -and -Gene Spafford. -

- -

<Feedback>  -Are there any security risks for ISPs or others who offer the proxy? -

-

-Yes. -As with any service offered over the Internet, -hackers can try to misuse it. -A well-run -ISP -will have professionals who are experienced at assessing and containing -these risks. -

-It's possible to set up your machine so -that other people can have access to your proxy, -but if you lack expertise in computer security -you probably shouldn't have your computer configured to offer -this or any other service to the outside world. -

-Hackers can attempt to gain access -to the machine by various attacks, -which we have tried to guard against but don't guarantee to thwart. -They can also use the ``anonymizing'' quality of proxies -to try to cover their tracks while hacking other computers. -For this reason we recommend preventing it being used -as an anonymous -telnet -by putting the pattern -:23 -in the blockfile (it's included as standard equipment). -(Actually the current implementation incidentally blocks telnet due to the -way headers are handled, but it's best not to rely on this.) -If you wish to block all ports except the default -HTTP -port 80, -you can put the lines -
-   : -
-   ~:80 -
-at the beginning of the blockfile, but be aware that some servers -run on non-default ports (e.g. 8080). You might also want to add the line -~:443 -to allow -SSL. -

-On -UNIX ® -systems it is neither necessary nor desirable for the proxy to run as root. -

-Versions 2.0.1 and below may be vulnerable to remote -exploitation of a memory buffer bug; for security reasons all users -are encouraged to -upgrade. -

-If you find any security holes in the code -please -tell us, -along with any suggestions you may have for fixing it. -However, we do not claim that we will be able to do so. -

-We distribute this code in the hope that people -will find it useful, but we provide -no warranty -for it, -and we are not responsible for anyone's use or misuse of it. -

-You may also want to check back periodically for updated versions of the code. -We do not -maintain a mailing list. -To get quick updates, bookmark our -Distribution Information -page. -

-

--- Back to Top of Page ---

- -Home - · - - - · Site Map - - · Legal - - · Privacy - - · Cookies - - · Banner Ads - - · Telemarketing - - · Mail - - · Spam - -
- -
- - -

-Copyright © 1996-8 Junkbusters -® Corporation. -Copying and distribution permitted under -the GNU -General Public License. - - -1998/10/31 -http://www.junkbusters.com/ht/en/ijbfaq.html - -

webmaster@junkbusters.com
- - + + Internet Junkbuster Frequently Asked Questions + + + + + + +

+ Website · + Manual · FAQ · GPL

+ +

Internet + JUNKBUSTER + Frequently Asked Questions

+ +

Configuring + Browsers · + IE 5.0 · + Installation · For Companies · Blocking Ads · + Cookies · Hotmail · Children · Forwarding/Chaining + · IP + · Anonymity + · Security

+ +

This document is out of date

+ +

Development of JunkBuster is ongoing and this document is + no longer current. However, it may provide some assistance. If + you have problems, please use the Yahoo Groups + mailing list (which includes an archive of mail), the + SourceForge.net project page, or + see the project's home + page. Please also bear in mind that versions 2.9.x of + JunkBuster are development releases, and are not production + quality.

+ +

The Top Ten Questions

+ +

*  What is the Internet Junkbuster + Proxy and what does it do for me?

+ +

The Internet Junkbuster Proxy TM + is free privacy-enhancing software that can be run on your PC + or by your ISP or company. It blocks requests for URLs + (typically banner ads) that match its blockfile. It also + deletes unauthorized cookies and other unwanted identifying + header information that is exchanged between web servers and + browsers. These headers are not normally accessible to users + (even though they may contain information that's important to + your privacy), but with the Internet Junkbuster you can see + almost anything you want and + control everything you're likely to need. Many people publish + their blockfiles to help others get started.

+ +

*  Is there a license fee / warranty + / registration form / expiration?

+ +

No, none of these. It's completely free of charge. + Junkbusters offers you the software to copy, use, modify and + distribute as you wish, forever, at no charge under the GNU + General Public License.

+ +

It comes with no warranty of any + kind.

+ +

You don't have to register, in fact + we don't even provide a way to do so: the practice of + registering software is usually just an excuse to send you + solicitations and sell your name and information about your + behavior. You are welcome to obtain and use our software as + anonymously you wish. (Your IP address will naturally be + disclosed when you download it; use anonymizing software if you + want to conceal this. We never want to be given any information + that you consider private or confidential.)

+ +

We are often asked why we give away a + product that many would happily pay for. The answer is that we + are determined to carry out our mission: to free the world from + junk communications.

+ +

*  Does it run on Windows? On a Mac? + On the AOL browser?

+ +

For the latest information on availability, see the + Distribution Information page. We don't think it will ever run + on Windows 3.1. But you don't need to have it running on your + computer if you get your ISP or Systems Administrator at work + to run it.

+ +

*  How can I get my ISP to run the + Internet Junkbuster?

+ +

Try their sales or support department (depending on whether + you are already a customer). You might + send them email including the following URL:
+     + http://www.junkbusters.com/ht/en/ijbfaq.html#isps
+ You could mention that many other ISPs + provide it, and that you regard it as an important part of your + decision on where to buy Internet service.

+ +

*  Who chooses the options that + control what is blocked?

+ +

Whoever starts the Internet Junkbuster chooses the options + and the blockfile. If your ISP runs it for you, they have to + make these decision (though some may give you a choice of + proxies, and a way to suggest new URLs to block). If you run it + on your computer, you get to choose.

+ +

*  How do I download and run the + program on my computer?

+ +

It depends on your platform. If you are using Windows 95 or + NT, see our separate page on installing under Windows. If you + have a C compiler and are using almost any flavor of UNIX ® + you download it, compile it, start it running, and then + configure your browser. Several precompiled packages are also + available through links in our distribution page, which lists + all available platforms.

+ +

If you are using a platform for which we + have no current availability, you are welcome to port the code. + If you do this and you would like us to consider publishing + your ported version, please tell us.

+ +

*  How can I tell which blockfile + and options are being used?

+ +

Just point your browser to + http://internet.junkbuster.com/cgi-bin/show-proxy-args or to + any URL ending in show-proxy-args (even if it + doesn't exist). It needn't exist because the Internet + Junkbuster intercepts the request, blocks it, and returns in + its place information about itself. Using the URL above is + useful for checking that your browser really is going through + an Internet Junkbuster, because the junkbuster.com + server returns a warning if the request actually gets to it. + Some people set the home page of their browser to such a URL to + be sure that it is configured to use the proxy.

+ +

If you wish to check the header + information your proxy is actually sending, a visit to + http://internet.junkbuster.com/cgi-bin/show_http_headers will + give you the more relevant ones first. You might also like to + turn the proxy off and compare the difference. (Don't forget to + turn it back on again.)

+ +

+  My browser started giving me + ``server not responding'' messages

+ +

Once your browser is told to use a proxy such as the + Internet Junkbuster, it thinks of it as its server for + everything, so this message means it can't talk to the proxy. + The Internet Junkbuster may not be running, or you may have + specified its proxy address incorrectly. Check that the details + you entered are correct. If you have telnet you + can try connecting to the appropriate port to see if the + Internet Junkbuster is running. If your ISP is running the + Internet Junkbuster, you may want to check with them. If you + are running it yourself under UNIX ®, try looking at a + ps ax to see if it is running. The port specified in its options should be + the same one as your browser has configured.

+ +

*  I've got this great idea for a + new feature. Who do I tell?

+ +

We'd be very interested to hear it, but please bear a few + things in mind.

+ +
    +
  1. Please check this FAQ to see if + we've already considered the idea, such as automatic + detection of banner ads and replacing ads with something else + such as a transparent GIF.
    2. + +
  2. Don't tell us anything you + want to keep confidential or retain some right over.
    3. + +
  3. We currently have a long wish list of + things that we may or may not do in the near future, + including a version for your favorite computer and a plug-in + version.
    4. + +
  4. If you don't want to wait you're + welcome to improve on our code, publish your version on the + Web, and tell us where to find it. Projects that are + especially welcome include a port to the Mac and extensions + for HTTP 1.1. (Meanwhile, be sure your browser is configured + not to use HTTP 1.1.)
    5. +
+ +

*  My question isn't listed here. + Who do I ask for support?

+ +

If you find using our free product + harder than you're used to for consumer software, there are + many commercial alternatives that you could consider.

+ +

The answer to detailed technical questions + may be answered in manual page, or in + the source code. Also double-check this page for an answer: + using the ``find'' feature on your browser for likely keywords + may help. Our site also has a search feature.

+ +

Many people post requests for help and + responses on Usenet.

+ +

If your ISP is providing the Internet + Junkbuster for you, and your question is about how to use it, + check their web page before asking them.

+ +

Even though we don't offer the kind of + support you might expect if you paid a lot of money for a + software product, you can still ask us. But before you do, + please consider whether you could ask someone closer to you. + And please be patient if we're slow to reply: we never charge + consumers for our services, so we have to subsidize consumers + with revenue from companies, and our resources are limited.

+ +

If your company or organization would be + interested in a maintenance contract with phone and email + support, hard copy documentation and source code and + pre-compiled binaries on tape or disk, please ask us for a + quote.

+ +

--- Back to Top of Page ---

+ +

Configuring your browser to talk to + the Internet Junkbuster

+ +

*  What is the proxy address of the + Internet Junkbuster?

+ +

If you set up the Internet + Junkbuster to run on the computer you browse from (rather than + your ISP's server or some networked computer at work), the + proxy will be on localhost (which is the special + name used by every computer on the Internet to refer to itself) + and the port will be 8000 (unless you have told + the Internet Junkbuster to run on a different port with the listen-address option). + So you when configuring your browser's proxy settings you + typically enter the word localhost in the two + boxes next to HTTP and + Secure, and the number 8000 in the two boxes + labeled to the right of those boxes. The + Internet Junkbuster does not currently handle other protocols + such as Gopher, FTP, or WAIS, so leave those setting unchanged. + Nor does it handle ICQ or Instant Messenger services.

+ +

If your ISP or company is running the + Internet Junkbuster for you, they will tell you the address to + use. It will be the name of the computer it's running on (or + possibly its numeric IP address), plus a port number. Port 8000 + is the default, so assume this number if it is not specified. + Sometimes a colon is used to glue them together, as in + junkbuster.fictitious-pro-privacy-isp.net:8000 but with + most browsers you do not type the colon, you enter the address + and port number in separate boxes.

+ +

*  How do I tell the browser where + to find the Internet Junkbuster?

+ +

All current browsers can be told the address of a proxy to + use. You enter the same information in two fields in your + browser's proxy configuration screen (see list below): one for + HTTP, and one for the Secure Protocol (assuming your browser + supports SSL). If you find some information already entered for + your proxy, see the next question. Here are the menus you go + through to get to the proxy configuration settings. (We also + recommend that you disable Java, which is a separate + operation.) Make notes on the changes you make so you + know how to undo them! You will need to know what you + did in case you wish to discontinue using the proxy.

+ +
    +
  1. For Netscape 2.01, 2.02 and 3.0 + [Graphic Illustration]: Options; Network Preferences; Proxies; Manual Proxy Configuration View ; enter proxy + address details under HTTP and Security Proxy; click on OK; click + on the next OK. [Return to Windows + Installation Procedure]
    + With Netscape 2.0, follow with Options, Save Options.
    + With Netscape 4.X series, you + first have to go through Edit/Preferences. + [Graphic Illustration] Then in the frame on the left, click + on triangle pointing to the right towards the word Advanced; it will switch to a triangle pointing + down; and the words Cache, + Proxies and Disk Space appear. Click on + Proxies and the frame on the right will + display a banner saying Proxies Configure + proxies to access the Internet. Click the radio button + labeled Manual proxy configuration then + click the button labeled View; enter proxy + address details under HTTP and Security Proxy; click on OK; click + on the next OK. [Return to Windows + Installation Procedure]
    2. + +
  2. For Internet Explorer 3.0 + [Graphic Illustration]: View; Options; Connections; tick Connect through proxy server box; Settings; enter proxy address details + HTTP Box, with port number in the second box; same with + Secure; click on OK. + [Return to Windows Installation Procedure]
    3. + +
  3. For Internet Explorer 2.0: View; Options; Proxy; enter proxy address details click on OK. [Return to Windows Installation + Procedure]
    4. + +
  4. On NT for MS-IE: Control + Panel; Internet; + Advanced; Proxy.
    5. + +
  5. For MS-IE 4.0: similar to 3.0: View; Internet Options; Connection; tick Access Internet using + a proxy server box; from there we have had reports of + different versions, either click on + Advanced or Settings; enter proxy + address details HTTP Box, with port number + in the second box; same with Secure; click + on OK. Note that 4.0 has + Advanced settings to allow HTTP 1.1 through proxies; + these must be disabled because the proxy does not currently + understand HTTP 1.1. Please tell us if you see any other + differences. [Return to Windows Installation Procedure]
    6. + +
  6. For MS-IE 5.0: similar to 4.0: Tools|Internet Options from the menu bar; Connections. Select either dial-up connection + or LAN (depending on how you connect to the Internet); press + Settings; and check the Use + Proxy Server box; enter proxy address details in the HTTP Box, with port number in the second box; + same with Secure; click on + OK buttons to get out. Note: You must also uncheck the HTTP 1.1 checkboxes + at the end of the Advanced options. This + seems to have been made the default in IE 5.0. [Return to + Windows Installation Procedure]
    7. + +
  7. For Netscape's level 5 browser, we + have no information. If you do, please tell us.
    8. + +
  8. For NCSA Mosaic for Windows: Options, Preferences, Proxy; enter proxy address details under HTTP.
    9. + +
  9. For Opera: + Preferences, Proxy servers; check the + box next to HTTP; enter the server and port number in the box + on the other side; click on OK.
    10. + +
  10. For Lynx, Mosaic/X, Grail, and + W3O Arena, you can specify the proxy via environment + variables before starting the application. This will probably + be done with something like either
    +    setenv http_proxy + http://localhost:8000/
    + or
    +     + http_proxy=http://junkbuster.fictitious-pro-privacy-isp.net:8000/ + export http_proxy
    + depending on your shell and where the Internet Junkbuster + lives.
    11. +
+ +

If your browser is not listed here, or if you notice an + error, please tell us the correct procedure.

+ +

*  What should I do if I find + another proxy is already configured?

+ +

Some ISPs and companies require all Web traffic to go + through their proxy. In this case you would find your proxy + configuration with values already set, possibly under Automatic Proxy Configuration (in the case of + Netscape and MS-IE 3.0 and above). It's probably a firewall + proxy between your company and the outside world, or a caching proxy if you're using an ISP.

+ +

What needs to be done in this case is to use + the forwardfile option to + tell the Internet Junkbuster the address of the other proxy. + Specify a different (unused) port number with the listen-address option, and + configure your browser to use that port. If you haven't done + this kind of thing before, it's probably best to consult your + systems administrator or ISP about it; check their web page + first.

+ +

+  What if I want to stop using + the Internet Junkbuster?

+ +

Just go through the same procedure you used to start your + browser using the Internet Junkbuster, but remove the details + you put in (or if there was something there before, restore + it). You may need to use Save Options to make + this change permanent. On Netscape 3.0 you can go through Options; Network Preferences; + Proxies and click on No + Proxy to turn it off, and later click on + Manual Proxy Configuration if you want to start using it + again. (No need to enter the again details under + View as you did the first time; they should remain there + unchanged.)

+ +

This stops your browser talking to the + proxy; shutting down the proxy is a different matter.

+ +

*  Automatic dialing isn't working + any more. How do I fix it?

+ +

Some browsers (such as MSIE-4) can be configured to dial + your ISP automatically when you click on a link, but this + feature (called "automatically connect" or "autoconnect") gets + disabled if you specify a proxy running on your own computer + (with address localhost or 127.0.0.1) + because these addresses don't require dialing. The Internet + Junkbuster knows nothing about dialing, so it doesn't work. To + make automatic dialing work, make up a name such as + junkbuster.ijb and use that name in the proxy settings + instead of localhost, and then add the line + 127.0.0.1 junkbuster.ijb to the file + c:\windows\hosts (if there already is a line beginning + with 127.0.0.1 just add + junkbuster.ijb at the end of it.)

+ +

This should also work Netscape + Communicator 4 on machines where IE-4 has been installed.

+ +

--- Back to Top of Page ---

+ +

Setting up the Internet Junkbuster on + your local computer

+ +

The next two sections assume you wish to compile the code + with your own C compiler. If you just + want to use the .exe file provided for Windows, + see the Windows Installation page.

+ +

*  How do I compile the code under + Unix?

+ +

If you are running Redhat Linux you may prefer to use the + rpm instead of the following procedure.

+ +
    +
  1. First download the tar file + (~286k) and uncompress and extract the + files from it with this command
    +    uncompress -c ijb20.tar.Z | tar xf + -
    2. + +
  2. If your operating system is from Sun or + HP examine the Makefile and make any changes + indicated inside.
    3. + +
  3. Run
    +
    +    make
    4. + +
  4. + Copy the sample configuration file + (junkbstr.ini, previously called + sconfig.txt and other names in earlier releases) to + some convenient place such as + /usr/local/lib/junkbuster/configfile or whatever you + choose. The sample file has all the options commented out. + You can remove the # character on any that you + want, but it may be better to leave this until to later. + Run it asynchronously:
    +
    +    junkbuster configfile & + + +

    If you are running a version earlier than 2.0 you can + start it with junkbuster &

    +
    5. + +
  5. Configure your browser (described + above).
    6. + +
  6. Verify that the Internet Junkbuster is + working (described above).
    7. + +
  7. Decide on the options you really + want, kill the process and start it again. The + most popular option is + blockfile to block ads. A + sample blockfile is provided as an illustration, but it + doesn't really stop many ads. More comprehensive ones are + available elsewhere.
    8. + +
  8. You'll probably want to add an entry to + /etc/rc.d/rc.local or equivalent to start it at + boot time. (Any output you specify should be redirected to a + file. And don't forget the & at the end to run it + asynchronously or your system will seize up after the next + reboot.)
    9. +
+ +

*  How do I compile the code under + Windows?

+ +

A .exe file (binary) is supplied with the + source code, but if you prefer to compile it yourself here is + the likely procedure. Most of these steps are repeated in our + checklist for installation under Windows.

+ +
    +
  1. First click here to download the zip + file called ijb20.zip (~208k), then uncompress + and unpack the zip archive using a tool like WinZip.
    2. + +
  2. Now the distribution (source and + sample files) will be in a folder called ijb20. + Go into that folder and then edit the Makefile for your + system, removing the comment character (#) in + the lines related to Win32. Then type:
    +    nmake
    + This should create an executable called + junkbstr.exe. For information + on issues with various compilers, see the Distribution + Information page.
    3. + +
  3. + Run the executable with the + command:
    +    junkbstr
    + (Click on the icon with that name + that looks like a terminal, not like a notepad.) The + program will produce a message indicating that it has + started and is ready to serve. + +

    (Version 2.0.1 and above uses the file + junkbstr.ini as the config file if it exists + and no argument was given. If you have an earlier version + or if you want it to use a different config file, simply + specify that file as the argument.)

    +
    4. + +
  4. Configure your browser + (described above).
    5. + +
  5. Check the proxy is working (described + below).
    6. + +
  6. + To have the proxy start itself + automatically when you login to Win95, drop the + ``shortcut'' to the junkbstr executable into + the StartUp folder:
    +    C:\Windows\Start + Menu\Programs\StartUp
    + You might want to change the shortcut's + Properties->Shortcut to Run: + Minimized. If you specify the hide-console option then the + DOS window will vanish after it starts. + +

    WinNT users can put it into their own + StartUp folders or the Administrator can put it into the + system's global StartUp folder. For details on how to make + this a service under NT see our Windows page.

    +
    7. +
+ +

*  How do I check that the proxy is + working?

+ +

Pick a page from somewhere (such as your bookmarks, or just + one that your browser was pointing to) and + Reload it. If you get a message along the lines of ``server + not responding, using cached copy instead,'' see the advice + above. If the page reloads OK, check that your browser is + actually talking to the proxy by going to + http://internet.junkbuster.com/cgi-bin/show-proxy-args or any + URL ending in show-proxy-args (as described below, + the proxy should intercept the request.) When you see + ``Internet Junkbuster Proxy Status,'' you'll know it's + working.

+ +

*  How and why would I have this + proxy chained with other proxies?

+ +

You may need the + forwarding feature to ``daisy chain'' the Internet + Junkbuster to another proxy, perhaps an anonymizing proxy to + conceal your IP address, or a caching proxy from your ISP, or a + firewall proxy between your company and the outside world. + Version 2.0 and above can be even configured to forward selectively according to the + URL requested: for example, connecting directly to trusted + hosts, but going through an anonymizing or firewall proxy for + all other hosts.

+ +

Network administrators might use + it to provide transparent access to multiple networks without + modifying browser configurations. Most + browsers also provide a way of specifying hosts that the + browser connects to directly, bypassing the proxy. Some provide + a method for Automatic Proxy Configuration. A well written + Internet Junkbuster configuration can be much more flexible and + powerful.

+ +

An ISP's caching proxy would typically + be called something like cache.your-isp.net:8080 + (as described on you ISP's web page); you would put this + information in your + forwardfile as described in our manual. Your browser would + be configured to the Internet Junkbuster for HTTP and Security + Proxies as before, but you probably want to tell it to use the + caching proxy for FTP and other protocols. + If your ISP is running the Internet Junkbuster for you, + they have probably already decided whether to chain with a + caching proxy.

+ +

*  How does the Internet Junkbuster + work with SOCKS gateways?

+ +

There is support for some gateways in Version 1.4 and above. + The gateway protocol used to be specified on the command line; + it is now specified in the same file as forwarding. Note that the + browser's proxy configuration must not specify a + SOCKS host; it should specify the proxy as + described above.

+ +

*  How do I configure it to be just + a plain old proxy?

+ +

To get the proxy to do as little as possible (which means + not deleting any sensitive headers), place in your + configuration file the following three lines (each ending in a + space then a period) to stop it changing sensitive headers:
+    referer .
+    from .
+    user-agent .
+    cookiefile mycookiefile
+ The fourth line is also needed to specify a cookiefile that might be called + mycookiefile containing a single line with a + * character, to allow all cookies through.

+ +

*  How do I shut down the proxy (to + restart it)?

+ +

It depends on your platform.

+ +
    +
  1. Under Windows, you can click on the "X" + button at the top right of the DOS window (and answer Yes when Windows warns you it cannot shut down + the program automatically), or use + Ctrl-Break or the old three-fingered salute of Ctrl-Alt-Delete and select End + Task.
    2. + +
  2. Under UNIX ® you'll need to + kill the junkbuster process. If you don't know the process number to give + to kill, try this:
    +    ps ax | grep junkbuster
    3. +
+ +

--- Back to Top of Page ---

+ +

Information for companies

+ +

*  What do advertising companies + think of this kind of technology?

+ +

We've seen only a few public comments from the advertising + industry on this, other than SEC filings. First, the president + of the Internet Advertising Bureau told CNET that he wasn't + worried by banner blockers. Second, after the Federal Trade + Commission's workshop where we gave a live demonstration of our + proxy before many eminent representatives of the industry, the + Direct Marketing Association made the following statement in + the closing paragraphs of their summary comments to the + Commission.

+ +
+ Clever shareware developers have come up with products that + can obliterate cookies and advertisements for those consumers + who have these concerns. The Internet is a market that is so + democratic and flexible that it is easy for companies and + software developers to respond to a perceived market need. +
+ +

Their attitude seems to be that they would prefer that + people use technical solutions to protect their privacy than + have protections imposed by legislation or government + regulations. So, do you perceive a market need? Then here are + some ways to flex your democratic muscles.

+ +

+  Should we provide the + Internet Junkbuster for our employees?

+ +

That depends. Try this quick three-point test.

+ +
    +
  1. Do you want to spend your + communications budget on bandwidth that wastes your + employees' time by forcing them to wait for a lot of annoying + distractions while they're trying to do their jobs?
    2. + +
  2. Do you want current and + potential vendors to know quantitative details about the + software and hardware platforms that you have?
    3. + +
  3. Do you want your competitors + to be able to track exactly which of your employees are + checking out their web sites?
    4. +
+ +

If the answer to all three questions is yes, then you + probably don't have any need for this kind of product.

+ +

+  Can our company get + commercial support for the software?

+ +

Yes, ask us for a quote on a maintenance contract with your + choice of phone and email support, hard copy documentation, + source code and pre-compiled binaries on tape or disk, and + email alerting of upgrades and issues. We also offer consulting + services to help set up ``stealth browsing'' capabilities to + help reduce the footprints left while doing competitive + analysis and other Web work where confidentiality is + critical.

+ +

*  I run an ISP. What issues should + I consider before offering it?

+ +

Many ISPs who offer the proxy to their customers have told + us that most of their customers are delighted with it (although + one reported that a customer complaint that without banner ads, + surfing was like reading a novel: we recommend making it + optional). Many ISPs like it because it reduces bandwidth + requirements. To help get you started, here's a checklist we've + developed from working with a few ISPs. You may think of more, + and we'd be interested if you're willing to share them with + us.

+ +
    +
  1. If you get more than one request + for the Internet Junkbuster you may want to tell your + customers on your News page that you already know about it + and are assessing it.
    2. + +
  2. Try the software and verify that it + performs satisfactorily.
    3. + +
  3. Determine whether your customers + perceive the service as valuable (and therefore worth the + time to set up). We've had reports of many delighted + customers.
    4. + +
  4. Assess the level of security + associated with the software. If access is to be restricted + (to just dial-in ports, for example) how is this to be + done?
    5. + +
  5. Consider whether to expect any + additional load on computing resources required, and any + change in use of bandwidth due to the blocking of large + GIFs.
    6. + +
  6. Choose the + options you wish to provide.
    7. + +
  7. + Decide whether you want to offer a + choice of configurations, such some of these four. + +
      +
    1. Banners Blocked, Wafer with + No-Cookie-Copyright notice
      2. + +
    2. Cookies not stopped (cookiefile with just a + * in it), User Agent specified as Lynx
      3. + +
    3. Cookies from browser allowed, + permitting registered services
      4. + +
    4. A proxy for kids.
      5. +
    + If you run a caching proxy, decide + whether the Internet Junkbuster will chain with it by + default, and whether to offer an alternate with no caching. + (Some ISPs don't, because they want to give customers an + incentive to use caching and save bandwidth.) +
    8. + +
  8. Decide on a naming scheme for your + proxies. If you're running only one proxy on one machine, the + simplest way is to just use port 8000 on your main machine, + such as our-isp.net. But it would probably be + safer to put an entry in your name server and call it + something like junkbuster.our-isp.net. If + running several proxies, you could either use different ports + on the same machine, or if you have the opportunity to + distribute the load over a few machines you could use + different hostname aliases such as + banner.junkbuster.our-isp.net, + lynx.junkbuster.our-isp.net and + oneway.junkbuster.our-isp.net (corresponding to the + examples in the previous point). You may want to set up + Automatic Proxy Configuration.
    9. + +
  9. + Prepare a page explaining the + Internet Junkbuster to your customers. + Here's are some examples from Australia, Germany, Florida, + New York/New Jersey/Pennsylvania, North Carolina, Texas, + and Utah. You are welcome to copy and + modify material from Junkbusters according to the GPL. You + might want to set up a process to check this page + periodically and update it when it changes. (A few links + can probably serve as well as lot of copying however.) A + typical page would probably specify the following. + +
      +
    1. A brief explanation stating + what the Internet Junkbuster does, with a link to this + page.
      2. + +
    2. The addresses of the proxy or + proxies, with their port number(s).
      3. + +
    3. The options used, and how to + view the contents of the blockfile (which you can place + on your web pages, preferably in a file called + blocklist.html or + blocklist.txt).
      4. + +
    4. An indication of whether + suggestions for the blocklist are considered, and if so, + how to submit them: to a particular email address, via + web-based form, etc.
      5. + +
    5. Instructions on how to + configure a browser. You may want to include details for + only the two major browsers and leave the others to a + link.
      6. + +
    6. Procedures on how to report + problems, give feedback etc.
      7. +
    +
    10. + +
  10. Invite a small number of + technologically sophisticated customers to beta-test the + service.
    11. + +
  11. Announce general availability on + your ``News'' page. Tell us if you would like to be included + on a list of ISPs offering the Internet Junkbuster.
    12. +
+ +

--- Back to Top of Page ---

+ +

Blocking

+ +

+  Where can I get an example + blockfile that stops most ads?

+ +

The sample blockfile we provide blocks almost nothing, and + we do not publish blockfiles that stop almost all banner ads. + But others have; you can find them by asking Google. You can + add any part of the new file to your old one (probably called + sblock.ini if you haven't changed the default name + in the latest version) or your just replace it completely. You + probably don't need to restart the proxy.

+ +

If you develop an interesting blocklist + and publish it on the Web, you might want to include the word + ``junkbuster'' in it and use the word ``blocklist'' in the file + name given in the URL so that others can find it with the query + given in the previous sentence.

+ +

*  If I see an ad I wish I hadn't, + how do I stop it?

+ +

If your ISP is running the Internet Junkbuster, they should + have a policy on whether they accept suggestions from their + customers on what to block. Consult their web page.

+ +

If you are running the Internet + Junkbuster yourself, you have complete control over what gets + through. Just add a pattern to cover the offending URL to your + blockfile. Version 1.3 and later automatically rereads the + blockfile when it changes, but if you're running an earlier + version you'll have to stop it and restart it.

+ +

To choose a pattern you'll first need + to find the URL of the ad you want cover.

+ +

Some people use the debug 1 option to display + each URL in a window as the request is sent to the server. It's + then usually an easy task to pick the offending URL from the + list of recent candidates.

+ +

Alternatively, you can use View Document Info (or View Document + Source if your browser doesn't have that). The Info feature has the advantage of showing you the full + URL including the host name, which may not be specified in the + source: there you might see something like + SRC="/ads/click_here_or_die.gif" indicating only the + path. (The host name is assumed to be the same + as the one the page came from.)

+ +

But ads often come from a different + site, in which case you might see something like + SRC="grabem.n.trackem.com/Ad/Infinitum/SpaceID=1666" or + longer. If the company looks like a + pure ad warehouse (as in the last case), you may want to place + just its domain name in the blockfile, which blocks all URLs + from that site.

+ +

If the ad comes from a server that you + really want some content from, you can include enough of the + path to avoid zapping stuff you might want. In the first + example above, /ads/ would seem to be enough. If + you don't include the domain name, the pattern applies to all + sites, so you don't want such patterns to be too general: for + example /ad would block + /admin/salaries/ on your company's internal site.

+ +

To speed the blocking of images, some + UNIX ® users create a shell script called + Image: containing a line such as echo $1 | sed + s/http:..// >> $HOME/lib/blockfile that adds its + argument to the user's blockfile. Once an offending image has + been be found using View Document Info it's + easy to cut-and-paste the line (or part of it) into a shell + window. The same script can be linked to a file called + Frame: to dealing with framed documents, and + junkbuster: to accept the output of the debug option.

+ +

When compiled without the + regular expressions option, the Internet Junkbuster + uses only very simple (and fast) matching methods. The pattern + /banners will not stop + /images/banners/huge.gif getting through: you would have + to include the pattern /images/banners or + something that matches in full from the left. + So you can get what you want here, the matcher understands + POSIX regular expressions: you can use + /*.*/banners to block and any URL containing + /banners (even in the middle of the path). (In Versions 1.1 through 1.4 they were an option at + compile time; from Version 2.0 they have become the default.) + Regular expressions give you many more features than this, but + if you're not already familiar with them you probably won't + need to know anything beyond the /*.*/ idiom. If + you do, a man egrep is probably a good starting + point).

+ +

Don't forget the / (slash) + at the beginning of the path. If you leave it out the line will + be interpreted as a domain name, so ad would block + all sites from Andorra (since .ad is the + two-letter country code for that principality).

+ +

For a detailed technical description of + how pattern matching is done, see the manual.

+ +

*  How come this ad is still getting + through anyway?

+ +

If the ad had been displayed before you included its URL in + the blockfile, it will probably be held in cache for some time, + so it will be displayed without the need for any request to the + server. Using the debug + 1 option to show each URL as it is fetched is a good way + to see exactly what is happening.

+ +

If new items seem to be getting + through, check that you are really running the proxy with the + right blockfile in the options. Check the blockfile for + exceptions.

+ +

Some sites may have different ways of + inserting ads, such as via Java. If you have ideas on how to + block new kinds of junk not currently covered, please tell + us.

+ +

+  How do I stop it blocking a + URL that I actually want?

+ +

You can change the patterns so they don't cover it, or use a + simple feature in Version 1.1 and later: a line beginning with + a ~ character means that a URL blocked by previous + patterns that matches the rest of the line is let through. For + example, the pattern /ad would block + /addasite.html but not if followed by + ~/addasite in the blockfile. Or suppose you want to see + everything that comes from a site you like, even if it looks + like an ad: simply put ~aSiteYouLike.com at the + end of the blockfile. (Order is important, because the + last matching line wins.)

+ +

As well as unblocking pages that were + unintentionally blocked, this feature is useful for unblocking + ads from a specific source. This might be because you are + interested in those particular ones, or if you have an explicit + agreement to accept certain ads, such as those from a free + web-based email provider.

+ +

If you want to find out exactly which + pattern in the blockfile a given URL matched, just click on the + words ``Internet Junkbuster'' which are displayed alone on a + page when your browser requests a blocked URL. The proxy + displays a message that pinpoints the pattern for you.

+ +

*  Can I block sites I don't want my + children to see?

+ +

Yes, but remember that children who are + technically sophisticated enough to use the browsers' proxy + configuration options could of course bypass any proxy. This + kind of technology can be used as a gentle barrier to remind or + guide the child, but nobody should expect it to replace the + parent's role in setting and enforcing standards of online + behavior for their children.

+ +

Some ISPs are starting to provide + specialized proxies to protect children. There are two basic + approaches: the ``black list'' and the ``white list'' approach. + The black list approach allows the child + to go anywhere not explicitly prohibited; the white list + permits visits only to sites explicitly designated as + acceptable.

+ +

It's very easy for anyone to compile + a white list from a page of ``recommended kids sites'' and to + configure an Internet Junkbuster to allow access to those sites + only. (If you publish such a list on the web, please tell us + its URL). Assuming your version isn't an old one without regex, + you can place a * (asterisk) as the first line of + the blockfile (which blocks everything), and then list + exceptions after that. Be careful to make the exception + sufficiently broad: for example, using + ~www.uexpress.com/ups/comics/ch/ as the exception for + Calvin and Hobbes would block some of the graphic + elements on the page; you would probably want a wider exception + such as ~www.uexpress.com/ups/ to permit them.

+ +

Version 2.0 has an experimental feature + to permit only sites mentioned in a nominated trusted site. This allows + organizations to build lists of sites for kids to browse, and + the software automatically restricts access to those on the + list.

+ +

Many filtering products actually scan for + keywords in the text of pages they retrieve before presenting + it, but the Internet Junkbuster does not do this. Building a + perfectly reliable black list system is hard, because it's very + difficult to state in advance exactly what is obscene or + unsuitable. For more info see our links page.

+ +

*  What do I see when a page or + graphic is blocked by the proxy?

+ +

You usually see a broken image icon, but it depends on + several factors beyond the proxy's control. If asked for a URL + matching its blockfile, the proxy returns an HTML page + containing a message identifying itself (currently the two + words ``Internet Junkbuster'') with a status 202 (Accepted) + instead of the usual 200 (OK). (Versions 1.X returned an error + 404: Forbidden, which caused strange behavior in some cases.) + Status 202 is described in the HTTP RFC as indicating that the + request has been accepted but not completed, and that it might + complete successfully in the future (in our case, if the + blockfile were changed).

+ +

The broken image icon is most common + because the browser is usually expecting a graphic. But if it + was expecting text, or if the page happens to be using certain + HTML extensions such as layer and your browser is + a late model from Microsoft, you may see the words ``Internet + Junkbuster'' displayed as a hot link.

+ +

Clicking on the link takes you to an + explanation of the pattern in the blockfile that caused the + block, so that you can edit the blockfile and go back and + reload if you really want to see what was blocked. The + explanatory link is generated by the proxy and is automatically + intercepted based on its ending in ij-blocked-url; + even though the site is specified as + http://internet.junkbuster.com no request should + actually made to that site. If one is, it means that the proxy + was been removed after it generated the link.

+ +

To summarize: the identifying link to + the blocking explanation is usually turned into a broken image + icon, but it may be displayed on a page alone, or they may may + be restricted to the particular frame, layer or graphic area + specified in the page containing them. The proxy has no way of + knowing the context in which a URL will be used and cannot + control how the blocking message will be rendered.

+ +

*  Why not replace blocked banners + with something invisible?

+ +

Many users have suggested to us that + blocked banners should be replaced by a something like a 1x1 + transparent GIF to make the page would look as if there was + nothing ever there. Apart from making it harder to catch + unintended blocking, this might also displease the owners of + the page, who could argue that such a change constitutes a + copyright infringement. We think that merely failing to allow + an included graphic to be accessed would probably not be + considered an infringement: after all this is what happens when + a browser is configured not to load images automatically. + However, we are not lawyers, so anyone in doubt should take + appropriate advice.

+ +

In a context where the copyright issue is + resolved satisfactorily, a proxy could simply return a status + 301 or 302 and specify a replacement URL in a + Location and/or URI header. An alternative + would be to use inline code to return a 1 x 1 clear GIF. We do + not publish sample code for this, and we have no way of + stopping others who have.

+ +

*  Why not block banners based on + the dimensions of the image?

+ +

Many users have pointed out that most banner ads come in + standard sizes, so why not block all GIFs of those sizes? This + would theoretically be without fetching the object because the + dimensions are usually given in the IMG tag, but + it would require substantial changes in the code, and we doubt + whether it would be much more effective than a good block + list.

+ +

*  What about non-graphic + advertising within the pages I want?

+ +

The Internet Junkbuster deliberately does not provide a way + of automatically editing the contents of a page, to remove + textual advertising or to repair the holes left by blocked + banners. Other packages such as WebFilter do.

+ +

For the same reason, it has no way of + stopping a new browser window being created, because this is + done through the target attribute in the + <a> and <base> elements, not + through headers. Nor do we plan to add a feature to paralyze + animated GIFs.

+ +

*  Does it block ads on the + broadcasting ``push'' systems? How about pop-up ads?

+ +

We haven't tried it but we expect it would probably work on + image ads on push channels. See also adchoice.

+ +

Disabling Javascript stops some pop-up + ads. One problem is that some advertisers throw open a new + browser window to frame the ad. The ad is easily blocked, but + the empty window remains. You can kill it easily, but this is a + chore. We don't see how to stop them other than editing the + HTML from the parent window, which we don't like to do.

+ +

The TBTF newsletter warned subscribers to + push information that in IE4, LOGTARGET + allows servers to determine the URLs viewed at their site even + if accessed from cache or through a proxy. If you use this + browser see our instructions on how to disable this.

+ +

If you find you have experience using + the proxy with push, or have any other advice about it, please + tell us.

+ +

--- Back to Top of Page ---

+ +

Cookies

+ +

For background information on cookies see our page + describing their dangers.

+ +

*  Might some cookies still + get through? How can I stop them?

+ +

Yes, you should expect the occasional cookie to make it + through to your browser. We know of at least three ways this + can happen; please tell us if you find any others. One way is + in secure documents, which are explained below.

+ +

A few sites set cookies using a line + such as <META HTTP-EQUIV="Set-Cookie" + CONTENT="flavor=chocolate"> in the HEAD + section of an HTML document. Cookies + can also be + + set and read in JavaScript. To see if this is happening in a + document, view its source, look in the head for a + section tagged script language="JavaScript". If it + contains a reference to document.cookie, the page + can manipulate your cookie file without sending any cookie + headers. The Internet Junkbuster does not tamper with these + methods. Fortunately they are rarely used at the moment. If a + cookie gets set, it should be stopped by the proxy on its way + back to the server when a page is requested, but it can still + be read in Javascript.

+ +

To prevent cookies breaking through, + always keep cookie alerts turned on in your + browser, and disable Java and Javascript. Making the files hard + to write may also help.

+ +

*  Exactly how do cookies get + created and stored anyway?

+ +

When a web site's server sends you a page it also sends + certain ``header information'' which your browser records but + does not display. One of these is a Set-Cookie + header, which specifies the cookie information that the server + wants your browser to record. Similarly, when your browser + requests a page it also sends headers, specifying information + such as the graphics formats it understands. If a cookie has + previously been set by a site that matches the URL it is about + to request, your browser adds a Cookie header + quoting the previous information.

+ +

For more background information on how + cookies can damage your privacy, see our page on cookies. For + highly detailed technical information see the RFC. The Internet + Junkbuster will show you all headers you use the debug 8 option, or you can + get a sample from our demonstration page.

+ +

*  If cookies can't get through, + will some things stop working for me?

+ +

Possibly. Some personalized services including certain + chat rooms require cookies. + Newspapers that require + + registration or + + subscription will not automatically recognize you if you don't + send them the cookie they assigned you. And there are a very + small number of sites that do strange things with cookies; they + don't work for anyone that blocks cookies by any means. Some + sites such as Microsoft explain that their content is so + wonderfully compelling that they will withhold it from you + unless you submit to their inserting cookies.

+ +

Many free Web-based email services + require cookies. Hotmail also seems to require allowing both + msn.com and passport.com to set + cookies.

+ +

If you want such sites to be given your + cookies, you can use the + cookiefile option provided you are running Version 1.2 or + later yourself. Simply include the domain name of those sites + in the cookiefile specified by this option. If it still + doesn't work, the problem may be in other headers.

+ +

It's possible to let cookies out but not + in, which is enough to keep some sites happy, but not all of + them: one newspaper site seems to go into an endless frenzy if + deprived of fresh cookies. A cookiefile containing a single + line consisting of the two characters >* + (greater-than and star) permits server-bound cookies only. The + * is a wildcard + that matches all domains.

+ +

If someone else is running the Internet + Junkbuster for you and has a version that + passes server-bound + cookies through, you can try editing your browser's cookie file + to contain just the ones you want, and restart your browser. To subscribe to a new service like this after + you have started using the Internet Junkbuster, you can try the + following: tell your browser to stop using the Internet + Junkbuster, fill out and submit your subscription details + (allowing that web site to set a cookie), then reconfigure your + browser to use the Internet Junkbuster again (and stop more + cookies being sent). This also requires the cookiefile option, and its success + depends on the Web site not wanting to change your cookies at + every session. For this reason it does not work at some major + newspaper sites, for example. But you may + prefer to look at whether other sites provide the same or + better services without demanding the opportunity to track your + behavior. The web is a buyer's market where most prices are + zero: very few people pay for content with money, so why should + you pay with your privacy?

+ +

*  Can I control cookies on a + per-site basis?

+ +

Yes, since version 1.2 the Internet + Junkbuster has included advanced cookie management facilities. + Unless you specify otherwise, cookies are discarded + (``crumbled'') by the Internet Junkbuster whether they came + from the server or the browser. In Version 1.2 and later you + can use the cookiefile + option to specify when cookies are to be passed through intact. + It uses the same syntax and + matching algorithm as the blockfile.

+ +

If the URL matches a pattern in the + cookiefile then cookies are let through in both + the browser's request for the URL and in the server's response. + One-way permissions can be specified + by starting the line with the > or + < character. For example, a cookiefile consisting of + the four lines
+    org
+     >send-user-cookies.org
+     + <accept-server-cookies.org
+     ~block-all-cookies.org
+ allows cookies to and from .org domains only, + with the following exceptions:
+

+ +
    +
  1. Cookies sent from servers in the domain + send-user-cookies.org are blocked on their way + to the client, but cookies sent by the browser to that domain + are still be fed to them.
    2. + +
  2. The cookies of + accept-server-cookies.org check in to the proxy and + are passed through to the browser, but when they come back to + the proxy they never check out.
    3. + +
  3. All cookies to and from + block-all-cookies.org are blocked.
    4. +
+ +

If the junkbuster + was compiled with the regular expressions option they may be + used in paths. Any logging to a ``cookie jar'' is separate and + not affected.

+ +

It's important to give hosts you want + to be able to set cookies sufficient breadth. For example, + instead of www.yahoo.com use + yahoo.com because the company uses many different hosts + ending in that domain.

+ +

*  Can I make up my own fake cookies + (wafers) to feed to servers?

+ +

Yes, using the wafer option. + We coined the term wafer to describe cookies + chosen by a user, not the Web server. Servers may not find + wafers as tasty as the cookies they make themselves. But users + may enjoy controlling servers' diets for various reasons, such + as the following.

+ +
    +
  1. Users who consider cookies to be + an unwelcome intrusion and a waste of their disk space can + respond in kind. By writing ``signature wafers'' they can + express their feelings about cookies, in a place that the + people in charge of them are most likely to notice.
    2. + +
  2. + Sites running a proxy that logs + cookies to a file (such as the Internet Junkbuster does + with the jarfile option + on) may want to notify servers that their cookies are being + intercepted, deleted or copied. One possible reason for + doing this is the uncertain copyright status of cookie + strings. Nothing here should be taken as legal advice: we + are simply raising a question for any interested parties to + consider, and make no representation that such measures are + necessary or sufficient. Concerned proxy sites might decide + to send a wafer (named ``NOTICE'' for example) containing + text along the lines of the following. + +
    +

    TO WHOM IT + MAY CONCERN
    +
    + Do not send me any copyrighted information other than + the document that I am requesting or any of its necessary + components.
    +
    + In particular do not send me any cookies that are + subject to a claim of copyright by anybody. Take notice + that I refuse to be bound by any license condition + (copyright or otherwise) applying to any cookie.

    +
    + Any company that tries to argue in court that the proxy + site was breaching their copyright in the cookies would be + met with the defense that the proxy site gave that company + the opportunity to protect its copyright by simply not + sending cookies after receiving the notice. + +

    Cookies can be as long as four + thousand characters, so there's plenty of space for + lawyerly verbosity, but white space, commas, and + semi-colons are prohibited. + Spaces can be turned into underscores. Alternatively, a URL + could be sent as the cookie value, pointing to a document + containing a notice, perhaps with a suggestive value such + as
    + + http://www.junkbusters.com/ht/en/ijbfaq.html#licenses_on_cookies_refused
    + + But including the notice directly would probably be + preferable because the addressee does not have to look it + up.

    + +

    The Internet Junkbuster 2.0.2 + currently sends a full notice as a ``vanilla wafer'' if + cookies are being logged to a cookie jar and no other + wafers have been specified. It can be suppressed with the + + suppress-vanilla-wafer option, which might be used in + situations where there is an established understanding + between the proxy and all who serve it.

    +
    3. +
+ +

Junkbusters provides a CGI script that + lets you see your wafers as they appear to servers.

+ +

Wafers confuse a few fragile + servers. Hotmail appears to be one of them. If this troubles + you, don't use this option.

+ +

Any wafers specified are sent to + all sites regardless of the cookiefile. + They are appended after any genuine cookies, to maintain + compliance with RFC 2109 in the event that a path was specified + for a cookie. The RFC's provisions regarding the $ + character (such as the Version attribute) are + transparent to the proxy; it simply quotes what was recited by + the browser.

+ +

If you want to send wafers only to + specific sites, you could try putting them your browser's + cookie file in a format conforming to the Netscape + specification, and then specify in the proxy's cookiefile that + cookies are to be sent to but not accepted from those sites, so + they can't overwrite the file. This may work with Netscape but + not all other browsers.

+ +

*  Why would anyone want to save + their cookies in a ``cookie jar?''

+ +

We provided this capability just in case anyone wants it. + There are a few possible reasons.

+ +
    +
  1. It's conceivable that marketing + companies might one day buy history files and cookie jars + from consumers in the same way that they currently pay them + to fill out survey forms. With this information they could + gather psychographic information, see which competitors' + sites the consumer has visited, and discover what advertising + is being targeted at them.
    2. + +
  2. Some consumers might employ + semi-automated means of sorting through their cookie jars, + selecting which ones to place in their cookies file for use + by their browsers. Their decisions could be based on payments + offered, privacy rating systems such as TRUSTe proposes, or + their own opinion of the company. It could be done manually + or with software. There's an Internet Draft on trust + certification of cookies.
    3. + +
  3. Users may even start ``sharing'' + cookies among themselves, sending back cookies that servers + generated for other visitors. Servers that aren't expecting + this possibility will be misled about their visitors' + identities. Cookies could be shared among users on a single + machine, or across continents via FTP and anonymous + remailers. Privacy activists may + promote cookie disinformation campaigns as a way to defend + the public against abuse. If a significant percentage of + people send disinformative cookies, user tracking via cookies + may become less reliable and less used.
    4. +
+ +

--- Back to Top of Page ---

+ +

Anonymity

+ +

For details on how your identity can be revealed while you + surf, see our page on privacy. Once you start using the + Internet Junkbuster you should find that much of the + information previously indicated on that page will no longer be + provided. If the REMOTE HOST indicating your IP + address is too close for comfort, see our suggestions below on + how to conceal your IP address. We also recommend that you + disable JavaScript and Java.

+ +

*  If I use the Internet Junkbuster, + will my anonymity be guaranteed?

+ +

No. Your chances of remaining anonymous are improved, but + unless you are an expert on Internet security it would be + safest to assume that everything you do on the Web can be + attributed to you personally.

+ +

The Internet Junkbuster removes various + information about you, but it's still possible that web sites + can find out who you are. Here's one way this can happen.

+ +

A few browsers disclose the user's email + address in certain situations, such as when transferring a file + by FTP. The Internet Junkbuster 2.0.2 does not filter the FTP + stream. If you need this feature, or are concerned about the + mail handler of your browser disclosing your email address, you + might consider products such as NSClean.

+ +

Browsers downloaded as binaries could + use non-standard headers to give out any information they can + have access to: see the manufacturer's license agreement. It's + impossible to anticipate and prevent every breach of privacy + that might occur. The professionally paranoid prefer browsers + available as source code, because anticipating their behavior + is easier.

+ +

*  Why should I trust my ISP or + Junkbusters with my browsing data?

+ +

You shouldn't have to trust us, and you certainly don't have + to. We do not run the proxy as a service, where we could + observe your online behavior. We provide source code so that + everyone can see that the proxy isn't doing anything + sneaky.

+ +

You are already trusting your ISP not to + look at an awful lot of information on what you do. They + probably post a privacy policy on their site to reassure you. + If they run a proxy for you, using it could actually make it + slightly easier for them to monitor you, but we doubt that any + sane ISP would try this, because if it were discovered + customers would desert them.

+ +

*  Can the proxy be used for logging + who looks at what?

+ +

We don't want institutions to use this software as an + instrument of surveillance. We have deliberately not provided + options to add timestamps or records of which IP addresses + accessed which URLs. However, because we publish source code + anyone can modify it to do such things, and there is no way a + remote user can find out if this is happening. Again, you need + to be able to trust the entity providing your proxy service, + but you were probably in that position even before using a + proxy.

+ +

*  What private information from + server-bound headers is removed?

+ +

The Internet Junkbuster pounces on the following HTTP + headers in requests to servers, unless instructed otherwise in + the options.

+ +
    +
  1. The FROM header, which a + few browsers use to tell your email address to servers, is + dropped unless the from option + is set.
    2. + +
  2. The USER_AGENT header is changed to indicate that the browser is + currently Mozilla (Netscape) 3.01 Gold with an unremarkable + Macintosh configuration. Misidentification helps resist + certain attacks. If your browser and hardware happen to be + accurately identified, you might want to change the default. + (Earlier versions of the Internet Junkbuster indicated + different details; by altering them periodically we aim to + hinder anyone trying to infer whether our proxy is present.) + If you don't like the idea of incorrectly + identifying your computer as a Mac, set it accordingly. +
    3. + +
  3. The REFERER header + (which indicates where the URL currently being requested was + found) is dropped. A single static referer to replace all + real referers may be specified using the referer option. Where no referer is + provided by the browser, none is added; the add-header option with arguments + such as -x 'Referer: http://me.me.me' can be + used to send a bogus referer with every request.
    4. +
+ +

In Version 1.4 and later you can use the -r @ option to selectively disclose + REFERER and USER_AGENT to only those + sites you nominate.

+ +

Some browsers send Referer and User-Agent + information under different non-standard headers. The Internet + Junkbuster 2.0.2 stops UA headers, but others may + get through. This information is also available via JavaScript, + so disable it. Some search engines + encode the query you typed in the URL that goes to advertisers + to target a banner ad at you, so you will need to block the ad + as well as the referer header, unless you want them (and anyone + they might buy data from) to know everything you ever search + for.

+ +

If you have JavaScript enabled (the + default on most browsers) servers can use it to obtain Referer + and User Agent, as well as your plug-ins. We recommend + disabling JavaScript and Java.

+ +

Currently no HTTP response headers + (browser bound) are removed, not even the + Forwarded: or X-Forwarded-For: headers. Nor + are any added, unless requested. + We are considering a more flexible header management system for + a future version.

+ +

*  Might some things break because + header information is changed?

+ +

Possibly. If used with a browser less advanced than Netscape + 3.0 or IE-3, indicating an advanced browser may encourage pages + containing extensions that confuse your browser. If this + becomes a problem upgrade your browser or use the user-agent option to indicate an + older browser. In Version 1.4 and later you can selectively + reveal your real browser to only those sites you nominate.

+ +

Because different browsers use + different encodings of Russian and Czech characters, certain + web servers convert pages on-the-fly according to the User + Agent header. Giving a User Agent with the wrong operating + system or browser manufacturer causes some sites in these + languages to be garbled; Surfers to Eastern European sites + should change it to something + closer.

+ +

Some page access counters work by + looking at the referer; they may fail or break when + deprived.

+ +

Some sites depend on getting a referer + header, such as uclick.com, which serves comic + strips for many newspaper sites, including + Doonsbury for the Washington Post. (If you + click on that last link, you can then get to a page containing + the strip via the same URL we've linked to under + Doonsbury, but if you click on the + Doonsbury link directly, it gives you an error message + suggesting that you use a browser that supports referers.) In + Version 1.4 and later you can use the -r @ option and place a line like + >uclick.com in your cookiefile. Wired News used to + use referer to decide whether to add a navigation column to the + page, but they have changed that.

+ +

The weather maps of Intellicast + have been blocked by their server when no referer or cookie is + provided. You can use the same countermeasure with a line such + as >208.194.150.32 (or simply get your weather + information elsewhere).

+ +

Some software vendors, including + Download.com and Intuit use USER_AGENT to decide + which versions of their products to display to you. With the + default you get Mac versions.

+ +

As a last resort if a site you need + doesn't seem to be working, the proxy configuration of many + browsers allow you to specify No Proxy For + any hostname you want.

+ +

We had reports that on some versions of + Netscape the What's New feature did not work with the proxy, + but we think we fixed this in Version 2.0.1.

+ +

+  How is misidentifying my + browser good for security and privacy?

+ +

Almost every major release of both leading browsers has + contained bugs that allow malicious servers to compromise your + privacy and security. Known bugs are quickly fixed, but + millions of copies of the affected software remain out there, + and yours is probably one of them. The header that normally + identifies your browser tells such servers exactly which + attacks to use against you. By misidentifying your browser you + reduce the likelihood that they will be able to mount a + successful attack.

+ +

*  Does the Internet Junkbuster + conceal my IP address?

+ +

Web sites get the IP address of any proxy or browser they + serve pages to. If you run the proxy on your own computer the + IP address disclosed is the same as your browser would, unless + you use the forwardfile + option is used to chain to another proxy, in which case servers + only get the last IP address in the chain. Chaining slightly + slows browsing of course, but it improves anonymity.

+ +

*  Does the Internet Junkbuster + thwart identification by identd?

+ +

We think so, provided you are not the user running the + proxy. If your computer (or your ISP's) is running the + identd demon, servers can ask it for the identity of the + user making the request at time you request a page from them. + But if you're going through a proxy, they will identify the + user name associated with the proxy, not you. A visit to + http://ident.junkbusters.com lets you see what's happening. + This test is (quite rightly) blocked by many firewalls; just + interrupt the transfer if you get an abnormal wait after + clicking. Running other applications may also expose you via + identd; the proxy of course doesn't help then.

+ +

*  Can web sites tell that I'm using + the Internet Junkbuster?

+ +

With the default options the proxy doesn't announce itself. + Obvious indications such as Keep-Alive headers are deleted, but sites might notice that you + can cancel cookies faster than any human could possibly click + on a mouse. (If you want to provide a plausible explanation for + this, change the User Agent header to a cookie-free or + cookie-crunching browser).

+ +

But when certain options are used they + could figure out something's going on, even if they're not + pushing cookies. If you use blocking they can tell from their + logs that the graphics in their pages are not being requested + selectively. The + add-forwarded-header option explicitly announces to the + server that a proxy is present, and sending them wafers is of + course a dead giveaway.

+ +

--- Back to Top of Page ---

+ +

Security

+ +

*  What happens with Secure + Documents (SSL, https:)?

+ +

If you enter a ``Secure Document Area,'' cookies and other + header information such as User Agent and Referer are sent + encrypted, so they cannot be filtered. We recommend getting + your browser to alert you when this happens. (On Netscape: Options; Security; General; Show an alert before entering a + secure document space.) We also recommend adding the line + :443 to the blockfile to stop all but sites + specified in an exception after that line from using SSL.

+ +

It may be possible to filter encrypted + cookies by combining the blocking proxy with a cryptographic + proxy along the lines of SafePassage, but we have not tried + this.

+ +

*  Will using this as my Security + Proxy compromise security?

+ +

We're not security experts, but we don't think so. The whole + point of SSL is that the contents of messages are + + encrypted by the time they leave the browser and the server. + Eavesdroppers (including proxies) can see where your messages + are going whether you are running a proxy or not, but they only + get to see the contents after they have been encrypted.

+ +

*  Can I restrict use of the proxy + to a set of nominated IP addresses?

+ +

Yes, we added an access + control file in Version 2.0. But before you use it please + consider why you want to do it. If the reason is security, it + probably means you need a firewall.

+ +

The listen-address option provides + a way of binding the proxy to a single IP address/port. The + right way to do this is to choose a port inside your firewall, + and deny access to it to those outside the firewall. The + Internet Junkbuster is not a firewall proxy; it should not be + expected to solve security problems.

+ +

For background information on + firewalls, see Yahoo or a magazine article or these well-known + books: Firewalls and Internet Security: Repelling the + Wily Hacker by William R. Cheswick and Steven M. + Bellovin or Building Internet Firewalls by D. + Brent Chapman and Elizabeth D. Zwicky. There's + + free Linux software available, and a large number of commercial + products and services. For an excellent security overview, + primer, and compendium reference, see Practical Unix and + Internet Security by Simson Garfinkel and Gene + Spafford.

+ +

*  Are there any security risks for + ISPs or others who offer the proxy?

+ +

Yes. As with any service offered over the Internet, hackers + can try to misuse it. A well-run ISP will have professionals + who are experienced at assessing and containing these + risks.

+ +

It's possible to set up your machine + so that other people can have access to your proxy, but if you + lack expertise in computer security you probably shouldn't have + your computer configured to offer this or any other service to + the outside world.

+ +

Hackers can attempt to gain access to + the machine by various attacks, which we have tried to guard + against but don't guarantee to thwart. They can also use the + ``anonymizing'' quality of proxies to try to cover their tracks + while hacking other computers. For this reason we recommend + preventing it being used as an anonymous telnet by + putting the pattern :23 in the blockfile (it's + included as standard equipment). (Actually the current + implementation incidentally blocks telnet due to the way + headers are handled, but it's best not to rely on this.) If you + wish to block all ports except the default HTTP port 80, you + can put the lines
+    :
+    ~:80
+ at the beginning of the blockfile, but be aware that some + servers run on non-default ports (e.g. 8080). You might also + want to add the line ~:443 to allow SSL.

+ +

On UNIX ® systems it is neither + necessary nor desirable for the proxy to run as root.

+ +

Versions 2.0.1 and below may be + vulnerable to remote exploitation of a memory buffer bug; for + security reasons all users are encouraged to upgrade.

+ +

If you find any security holes in the + code please tell us, along with any suggestions you may have + for fixing it. However, we do not claim that we will be able to + do so.

+ +

We distribute this code in the hope + that people will find it useful, but we provide no warranty for + it, and we are not responsible for anyone's use or misuse of + it.

+ +

You may also want to check back + periodically for updated versions of the code. We do not + currently maintain a mailing list. To get quick updates, + bookmark our Distribution Information page.

+ +

--- Back to Top of Page ---

+ +

+ Website · + Manual · FAQ · GPL

+ +

+ Copyright © 1996-8 Junkbusters ® + Corporation. Copyright © 2001 + Jon + Foster. Copying and distribution permitted under the GNU General Public + License.

+ +

+ http://sourceforge.net/projects/ijbswa/

+ + diff --git a/doc/ijbman.html b/doc/ijbman.html index 710cddb0..d810c680 100644 --- a/doc/ijbman.html +++ b/doc/ijbman.html @@ -1,920 +1,708 @@ - + + + - - - - - - - - - - -Internet Junkbuster Technical Information - - - - - - - - - -
-

Internet JUNKBUSTER Technical Information -

-
- -

-Options - - · Checking Options - - · Installation - - · Copyright - - · (FAQ) -

-
-
-

-Manual Page - -

-
-
A copy of this page -in standard -man -macro format -is included in the -tar archive. - -

<Feedback>  -Name -

-

-junkbuster -- The -Internet Junkbuster -Proxy -TM -

- -

<Feedback>  -Synopsis -

-

-junkbuster -configfile -(Version 2.0 onwards) -
-junkbstr.exe -configfile -(Windows) -
-junkbuster -[-a] -[-y] -[-s] -[-c] -[-v] -
-[-u user_agent] -[-r referer] -[-t from] -
-[-b blockfile] -[-j jarfile] -[-l logfile] -
-[-w NAME=VALUE] -[-x Header_text] -
-[-h [bind_host_address][:bind_port]] -
-[-f forward_host[:port]] -[-d N] -
-[-g gw_protocol[:[gw_host][:gw_port]]] -
-(Version 1.4 and earlier) -

- -

<Feedback>  -Description -

-

-junkbuster -is an instrumentable proxy that filters the -HTTP -stream between -web servers and browsers. -Its main purpose is to enhance privacy. -

-Versions before 2.0 used command-line options; -Versions from 2.0 onward use a configuration file. -The following descriptions of the options first give the older -command-line usage, then the new configfile line. -

-In Versions 2.0.1 upwards on Windows, -a start-up message is printed and the configuration is read from the file -junkbstr.ini -if it exists and no argument was given. -

-All files except the configfile -are checked for changes before each page is fetched, -so they may edited without restarting the proxy. -

Options -

-

-b blockfile
blockfile  blockfile
-Block -requests to -URLs -matching any pattern given in the lines of the -blockfile. -The -junkbuster -instead returns status 202, indicating that the request has been accepted -(though not completed), -and a -message identifying itself -(though the browser may -display only a broken image icon). -(Versions before 2.0 returned an error 403 (Forbidden).) -The syntax of a pattern is -[domain][:port][/path] -(the -http:// -or -https:// -protocol part is omitted). -To decide if a pattern matches a target, the domains are compared first, -then the paths. -

-To compare the domains, -the pattern domain and the target -domain specified in the -URL -are each broken into their components. -(Components are separated by the -. -(period) character.) -Next each of the target components -is compared with the corresponding pattern component: last with last, -next-to-last with next-to-last, and so on. -(This is called -right-anchored -matching.) -If all of the pattern components find their match in the target, -then the domains are considered a match. -Case is irrelevant when comparing domain components. -

-A successfully -matching pattern can be an anchored substring of a target, but -not vice versa. -Thus if a pattern doesn't specify a domain, -it matches all domains. -Furthermore, when comparing two components, -the components must either match in their entirety or up to a wildcard -* -(star character) in the pattern. The wildcard feature -implements only a "prefix" match capability ("abc*" vs. "abcdefg"), -not suffix matching ("*efg" vs. "abcdefg") or -infix matching ("abc*efg" vs. "abcdefg"). -The feature is restricted to the domain component; -it is unrelated to the optional -regular expression -feature in the path -(described below). -

-If a numeric port -is specified in the pattern domain, then the target port must -match as well. The default port in a target is port 80. -

-If the domain and port match, -then the target -URL -path is checked for -a match against the path in the pattern. -Paths are compared with a simple case-sensitive -left-anchored substring comparison. -Once again, the pattern can be an -anchored substring of the target, but not vice versa. -A path of -/ -(slash) would match all paths. Wildcards are not considered in -path comparisons. -

-For example, the target -URL -
-   the.yellow-brick-road.com/TinMan/has_no_brain -
-would be matched (and blocked) by the following patterns -
-   yellow-brick-road.com -
-and -
-   Yellow*.COM -
-and -
-   /TinM -
-but not -
-   follow.the.yellow-brick-road.com -
-or -
-   /tinman -
-

-Comments in a blockfile start with a -# -(hash) character and end at a new line. -Blank lines are also ignored. -

-Lines beginning with a -~ -(tilde) character are taken to be -exceptions: -a -URL -blocked by previous patterns that matches the rest of -the line is let through. (The last match wins.) -

-Patterns -may contain -POSIX -regular expressions -provided the -junkbuster -was compiled with this option -(the default in Version 2.0 on). -The idiom -/*.*/ad -can then be used -to match any -URL -containing -/ad -(such as -http://nomatterwhere.com/images/advert/g3487.gif -for example). -These expressions -don't work -in the domain part. -

-In version 1.3 and later -the blockfile and cookiefile are checked for changes before each request. -

-w NAME=VALUE
wafer  NAME=VALUE
-Specifies a pair to be sent as a cookie with every request -to the server. -(Such boring cookies are called -wafers.) -This option may be called more than once to generate multiple wafers. -The original -Netscape specification -prohibited -semi-colons, commas and white space; -these characters will be -URL-encoded -if used in wafers. - - -The Path and Domain attributes are not currently supported. -

-c cookiefile
cookiefile  cookiefile
-Enforce the cookie management policy specified in the -cookiefile. -If this option is not used all cookies are silently crunched, -so that users who never want cookies aren't bothered by browsers -asking whether each cookie should be accepted. -However, cookies can -still get through -via -JavaScript -and -SSL, -so alerts should be left on. -

-In Version 1.2 and later -this option must be followed by a -filename -containing instructions on which sites are allowed to -receive and set cookies. -By default cookies are dropped in both the browser's request -and the server's response, unless the -URL -requested matches an entry in the -cookiefile. -The matching algorithm is the same as for the blockfile. -A leading -> -character allows -server-bound -cookies only; -a -< -allows only browser-bound cookies; -a -~ -character stops cookies in -both directions. -Thus a cookiefile containing a single line with the two characters ->* -will pass on all cookies to servers but not give any new ones to the browser. -

-j jarfile
jarfile  jarfile
-All Set-cookie attempts by the server are -logged -to -jarfile. -If no wafer is specified, -one containing a -canned notice -(the -vanilla wafer) -is added as an alert to the server -unless the -suppress-vanilla-wafer - -option is invoked. -

-v
suppress-vanilla-wafer
-Suppress the vanilla wafer. -

-t from
from  from
-If the browser -discloses an email address -in the -FROM -header (most don't), -replace it with -from. -If -from -is set to -. -(the period character) -the -FROM -is passed to the server unchanged. -The default is to delete the -FROM -header. -

-r referer
referer  referer
-Whenever the browser discloses the -URL -that -led to -the current request, -replace it with -referer. -If -referer -is set to -. -(period) -the -URL -is passed to the server unchanged. -In -Version 1.4 -and later, if referer is set to -@ -(at) the -URL -is sent in cases where the cookiefile -specifies that a cookie would be sent. -(No way to send bogus referers selectively is provided.) -The default is to delete Referer. -

-Version 2.0 also accepts the spelling -referrer, -which most dictionaries consider correct. -

-u user-agent
user-agent  user-agent
-Information disclosed by the browser -about itself -is replaced with the value -user-agent. -If -user-agent -is set to -. -(period) -the -User-Agent -header is passed to the server unchanged, -along with any -UA -headers produced by -MS-IE -(which would otherwise be deleted). -In -Version 1.4 -and later, if -user-agent -is set to -@ -(at) these headers are sent unchanged in cases where the cookiefile -specifies that a cookie would be sent, -otherwise only default -User-Agent -header is sent. -That default -is Mozilla/3.0 (Netscape) -with an unremarkable -Macintosh -configuration. -If used with a browser less advanced than Mozilla/3.0 or IE-3, the default -may encourage pages containing extensions that confuse the browser. - -

-h [host][:port]
listen-address  [host][:port]
-If -host -is specified, -bind the -junkbuster -to that -IP -address. -If a -port -is specified, use it. -The default -port -is 8000; -the default host is -localhost. -Before Version 2.0.2, -the default was to bind to all -IP -addresses -(INADDR_ANY); -but this has been restricted to -localhost -to avoid unintended security breaches. -(To open the proxy to all, use the line -
-   listen-address :8000 -
-in the configuration file.) -

-f forward_host[:port]
forwardfile  forwardfile
-Version 1.X required all -HTTP -requests from the client to be forwarded to the same destination. -Version 2.0 takes its routing specification from a -forwardfile, -allowing selection of the proxy (a.k.a. forwarding host) and gateway -according to the -URL. -Here is a typical line. -
+ + Internet Junkbuster Technical Information + + + + + + +

+ Website · Manual · FAQ · GPL

+ +

Internet + JUNKBUSTER + Technical Information

+ +

+ Options · + Checking Options · Installation · Copyright · (FAQ)

+ +

This document is out of date

+ +

Development of JunkBuster is ongoing and this document is + no longer current. However, it may provide some assistance. If + you have problems, please use the Yahoo Groups + mailing list (which includes an archive of mail), the + SourceForge.net project page, or + see the project's home + page. Please also bear in mind that versions 2.9.x of + JunkBuster are development releases, and are not production + quality.

+ +

Manual Page

+ +

A copy of this page in standard man macro + format is included in the tar + archive.

+ +

*  Name

+ +

junkbuster - The Internet Junkbuster + Proxy + TM

+ +

*  Synopsis

+ +

junkbuster configfile (Unix)
+ junkbstr.exe [configfile] + (Windows)

+ +

+  Description

+ +

junkbuster is an instrumentable proxy + that filters the HTTP stream between web servers and browsers. + Its main purposes are to block adverts and enhance privacy.

+ +

It is configured using a configuration + file and several files listing URL patterns.  The + configuration file must be specified on the command line.  + The Windows version will default to using the configuration + file junkbstr.ini if it exists and no argument was + given.

+ +

All files except the main configuration + file are checked for changes before each page is fetched, so + they may edited without restarting the proxy.

+ +

Options

+ +
+
blockfile   + blockfile
+ +
+

Block requests to + URLs matching any pattern given in the lines of the + blockfile. The junkbuster instead + returns status 202, indicating that the request has been + accepted (though not completed), and a message identifying itself (though + the browser may display only a broken image icon).  + The syntax of a pattern is + [domain][:port][/path] (the http:// or + https:// protocol part is omitted). To decide + if a pattern matches a target, the domains are compared + first, then the paths.

+ +

To compare the domains, the + pattern domain and the target domain specified in the URL + are each broken into their components. (Components are + separated by the . (period) character.) Next + each of the target components is compared with the + corresponding pattern component: last with last, + next-to-last with next-to-last, and so on. (This is called + right-anchored matching.) If all of the + pattern components find their match in the target, then the + domains are considered a match. Case is irrelevant when + comparing domain components.

+ +

A successfully matching pattern + can be an anchored substring of a target, but not vice + versa. Thus if a pattern doesn't specify a domain, it + matches all domains. Furthermore, + when comparing two components, the components must either + match in their entirety or up to a wildcard * + (star character) in the pattern. The wildcard feature + implements only a "prefix" match capability ("abc*" vs. + "abcdefg"), not suffix matching ("*efg" vs. "abcdefg") or + infix matching ("abc*efg" vs. "abcdefg"). The feature is + restricted to the domain component; it is unrelated to the + optional regular expression feature in the path (described below).

+ +

If a numeric port is specified in + the pattern domain, then the target port must match as + well. The default port in a target is port 80.

+ +

If the domain and port match, then + the target URL path is checked for a match against the path + in the pattern. Paths are compared with a simple + case-sensitive left-anchored substring comparison. Once + again, the pattern can be an anchored substring of the + target, but not vice versa. A path of / + (slash) would match all paths. Wildcards are not considered + in path comparisons.

+ +

For example, the target URL
+     + the.yellow-brick-road.com/TinMan/has_no_brain
+ would be matched (and blocked) by the following + patterns
+     yellow-brick-road.com
+ and
+    Yellow*.COM
+ and
+    /TinM
+ but not
+     + follow.the.yellow-brick-road.com
+ or
+    /tinman
+

+ +

Comments in a blockfile start + with a # (hash) character and end at a new + line. Blank lines are also ignored.

+ +

Lines beginning with a + ~ (tilde) character are taken to be exceptions: a URL blocked by + previous patterns that matches the rest of the line is let + through. (The last match wins.)

+ +

Patterns may contain POSIX regular expressions provided the + junkbuster was compiled with this + option (the default in Version 2.0 on). The idiom + /*.*/ad can then be used to match any URL containing + /ad (such as + http://nomatterwhere.com/images/advert/g3487.gif for + example). These expressions don't + work in the domain part.

+ +

In version 1.3 and later the + blockfile and cookiefile are checked for changes before + each request.

+
+ +
wafer   + NAME=VALUE
+ +
+

Specifies a pair to be sent as a cookie with every + request to the server. + (Such boring cookies are called wafers.) This option + may be called more than once to generate multiple wafers. + The original Netscape specification prohibited semi-colons, + commas and white space; these characters will be + URL-encoded if used in wafers. + + + The Path and Domain attributes are not currently + supported.

+
+ +
cookiefile   + cookiefile
+ +
+

Enforce the cookie management policy specified in the + cookiefile. If this option is not + used all cookies are silently crunched, so that users who + never want cookies aren't bothered by browsers asking + whether each cookie should be accepted. However, cookies + can still get + through via + JavaScript and SSL, so alerts should be left on.

+ +

In Version 1.2 and later this + option must be followed by a + filename containing instructions on which sites are + allowed to receive and set cookies. By + default cookies are dropped in both the browser's request + and the server's response, unless the URL requested matches + an entry in the cookiefile. The matching algorithm + is the same as for the blockfile. A leading + > character allows server-bound cookies only; a + < allows only browser-bound cookies; a + ~ character stops cookies in both directions. Thus a + cookiefile containing a single line with the two characters + >* will pass on all cookies to servers but + not give any new ones to the browser.

+
+ +
jarfile   + jarfile
+ +
+

All Set-cookie attempts by the server are logged to jarfile. If no wafer + is specified, one containing a canned notice (the vanilla + wafer) is added as an alert to the server unless the suppress-vanilla-wafer + option is invoked.

+
+ +
suppress-vanilla-wafer
+ +
+

Suppress the vanilla wafer.

+
+ +
from  from
+ +
+

If the browser discloses an + email address in the FROM header (most + don't), replace it with from. If from is set + to . (the period character) the FROM is + passed to the server unchanged. The default is to delete + the FROM header.

+
+ +
referer   + referer
+ +
+

Whenever the browser discloses the URL that led to the current request, + replace it with referer. If referer is set to + . (period) the URL is passed to the server + unchanged. If referer is set to @ (at) the URL is + sent in cases where the cookiefile specifies that a cookie + would be sent. (No way to send bogus referers selectively + is provided.) The default is to delete Referer.

+ +

Junkbuster also accepts the + spelling referrer, which most dictionaries + consider correct.

+
+ +
user-agent   + user-agent
+ +
+

Information disclosed by the browser about itself is replaced with the + value user-agent. If user-agent is set to + . (period) the User-Agent header is passed + to the server unchanged, along with any UA + headers produced by MS-IE (which would otherwise be + deleted). If user-agent is set to @ (at) + these headers are sent unchanged in cases where the + cookiefile specifies that a cookie would be sent, otherwise + only default User-Agent header is sent. That + default is Mozilla/3.0 (Netscape) with an unremarkable Macintosh configuration. If + used with a browser less advanced than Mozilla/3.0 or IE-3, + the default may encourage pages containing extensions that + confuse the browser.

+
+ +
listen-address   + [host][:port]
+ +
+

If host is specified, bind the + junkbuster to that IP address. If a port + is specified, use it. The default port is 8000; the default + host is localhost.

+ +

This default host setting means that you can only + connect to the proxy from ther local computer. This is a + security measure - if you allow anyone to use the proxy, + then hackers or fraudsters could use it to help hide their + identity. It also provides a lot of protection against any + undiscovered security flaws in JunkBuster - if they can't + connect to it, then they can't attack it.

+ +

If you change this value, we recommend you either + set the host to localhost:
+    listen-address + localhost:8080
+ or, if you want to share a single internet + connection over your internal network, then set it to the + address of your internal ethernet card:
+    listen-address + 10.1.1.1:8080
+ (replace 10.1.1.1 with your internal IP address), + or set up an aclfile. To + make the proxy accessible from everywhere (e.g. if you're + using an access control list or if you just don't care + about security), specify just the port number - e.g:
+    listen-address :8000
+ (This binds the proxy to all IP addresses + (INADDR_ANY)).

+
+ +
forwardfile   + forwardfile
+ +
+

Junkbuster has a flexible syntax for forwarding HTTP + requests. This is used e.g. if you are behind a firewall + and need to connect through it, or if you want to use a + cacheing proxy to speed up your web browsing.

+ +

Every line in the forwardfile consists of four + components, seperated by whitespace. These are:
+
+ target   forward_to   via_gateway_type +   gateway

+ +

target is a pattern used to select which line of + the forwardfile is used. "*" is the most + commonly used value, and matches every URL. As usual, the + last matching target wins. (If no pattern matches, a + direct connection will be used)

+ +

forward_to specifies the HTTP proxy server to + use, or "." for none. This is used to connect + to a cacheing proxy such as Squid, and for most types of + firewall. The port number defaults to 8000 if it is not + specified.

+ +

Here is a typical line.

 *         lpwa.com:8000      .      .
-

-Each line contains four fields: -target, -forward_to, -via_gateway_type -and -gateway. -As usual, the -last -target -domain that matches the requested -URL -wins, -and the -* -character alone matches any domain. -The target domain need not be a fully qualified -hostname; it can be a general domain such as -com -or -co.uk -or even just a port number. -For example, because -LPWA -does not handle -SSL, -the line above will typically be followed by a line such as -
+ +

The target domain need not be a fully qualified + hostname; it can be a general domain such as + com or co.uk or even just a port + number. For example, because LPWA does not handle SSL, the line above will + typically be followed by a line such as

-:443  .      .      .
+:443    .      .      .
-to allow SSL transactions to proceed directly. -The cautious would also -add an entry in their blockfile to stop transactions -to port 443 for all but specified trusted sites. -

-If the winning -forward_to -field is -. -(the dot character) the proxy connects -directly to the server given in the -URL, -otherwise it forwards to the host and port number specified. -The default port is 8000. -The -via_gateway_type -and -gateway -fields also use a dot to indicate no gateway protocol. -The gateway protocols are explained -below. -

-The example line above in a forwardfile alone -would send everything through port 8000 at -lpwa.com -with no gateway protocol, -and is equivalent to the old --f lpwa.com:8000 -with no --g -option. -For more information see the example file provided with the distribution. -

-Configure with care: no loop detection is performed. -When setting up chains of proxies that might loop back, try adding -Squid. -

-g gw_protocol[:[gw_host][:gw_port]]
-Use -gw_protocol -as the gateway protocol. -This option was introduced in Version 1.4, -but was folded into the -forwardfile -option in Version 2.0. -The default is to use no gateway protocol; -this may be explicitly specified as -direct -on the command line -or the dot character in the forwardfile. -The -SOCKS4 -protocol may be specified as -socks -or -socks4. -The -SOCKS4A -protocol is specified as -socks4a. -The -SOCKS5 -protocol is not currently supported. -The default -SOCKS -gw_port -is 1080. -

-The user's browser should -not -be -configured -to use -SOCKS; -the proxy conducts the negotiations, not the browser. -

-The user identification capabilities of -SOCKS4 -are deliberately not used; -the user is always identified to the -SOCKS -server as -userid=anonymous. -If the server's policy is to reject requests from -anonymous, -the proxy will not work. -Use a -debug -value of 3 -to see the status returned by the server. -

-d N
debug  N
-Set debug mode. -The most common value is 1, -to -pinpoint -offensive -URLs, -so they can be added to the blockfile. -The value of -N -is a bitwise -logical-OR -of the following values: -
-1 = URLs (show each URL requested by the browser);
-2 = Connections (show each connection to or from the proxy);
-4 = I/O (log I/O errors);
-8 = Headers (as each header is scanned, show the header and what is done to it);
-16 = Log everything (including debugging traces and the contents of the pages).
-Multiple -debug -lines are permitted; they are logical OR-ed together. -

-Because most browsers send several requests in parallel -the debugging output may appear intermingled, so the -single-threaded -option is recommended when using -debug -with -N -greater than 1. - -

-y
add-forwarded-header
-Add -X-Forwarded-For -headers to the server-bound -HTTP -stream -indicating the client -IP -address -to the server, -in the new style of -Squid 1.1.4. -If you want the traditional -HTTP_FORWARDED -response header, add it manually with the --x -option. - -

-x HeaderText
add-header  HeaderText
-Add the -HeaderText -verbatim to requests to the server. -Typical uses include -adding old-style forwarding notices such as -Forwarded: by http://pro-privacy-isp.net -and reinstating the -Proxy-Connection: Keep-Alive -header -(which the -junkbuster -deletes so as -not -to reveal its existence). -No checking is done for correctness or plausibility, -so it can be used to throw any old trash into the server-bound -HTTP -stream. -Please don't litter. - -

-s
single-threaded
-Doesn't -fork() -a separate process -(or create a separate thread) -to handle each connection. -Useful when debugging to keep the process single threaded. -

-l logfile
logfile  logfile
-Write all debugging data into -logfile. -The default -logfile -is the standard output. -


aclfile  aclfile
-Unless this option is used, the proxy talks to anyone who can connect to it, -and everyone who can has equal permissions on where they can go. -An access file allows restrictions to be placed on these two policies, -by distinguishing some -source -IP -addresses and/or -some -destination -addresses. -(If a -forwarder or a gateway -is being used, its address is considered the destination address, -not the ultimate -IP -address of the -URL -requested.) -

-Each line of the access file begins with -either the word -permit -or -deny -followed by source and (optionally) destination addresses -to be matched against those of the -HTTP -request. -The last matching line specifies the result: if it was a -deny -line or if no line matched, -the request will be refused. -

-A source or destination -can be specified as a single numeric -IP -address, -or with a hostname, provided that the host's name -can be resolved to a numeric address: this cannot be used to block all -.mil -domains for example, -because there is no single address associated with that domain name. -Either form may be followed by a slash and an integer -N, -specifying a subnet mask of -N -bits. -For example, -permit 207.153.200.72/24 -matches the entire Class-C subnet from -207.153.200.0 -through 207.153.200.255. -(A netmask of 255.255.255.0 corresponds to 24 bits of -ones in the netmask, as with -*_MASKLEN=24.) -A value of 16 would be used for a Class-B subnet. -A value of zero for -N -in the subnet mask length will cause any address to match; -this can be used to express a default rule. -For more information see the example file provided with the distribution. -

-If you like these access controls -you should probably have -firewall; -they are not intended to replace one. -


trustfile  trustfile
-This feature is experimental, has not been fully documented and is -very subject to change. -The goal is for parents to be able to choose a page or site whose -links they regard suitable for their -young children -and for the proxy to allow access only to sites mentioned there. -To do this the proxy examines the -referer -variable on each page request to check they resulted from -a click on the ``trusted referer'' site: if so the referred site -is added to a list of trusted sites, so that the child can -then move around that site. -There are several uncertainties in this scheme that experience may be -able to iron out; check back in the months ahead. -


trust_info_url  trust_info_url
-When access is denied due to lack of a trusted referer, this -URL -is displayed with a message pointing the user to it for further information. -


hide-console
-In the Windows version only, instructs the program -to disconnect from and hide the command console after starting. -

-a
-(Obsolete) Accept the server's -Set-cookie -headers, passing them through to the browser. -This option was removed in Version 1.2 -and replaced by an improvement to the --c -option. -
-

- -

<Feedback>  -Installation and Use -

-

-Browsers must be told where to find the -junkbuster -(e.g. -localhost -port 8000). -To set the -HTTP -proxy in Netscape 3.0, -go through: - -Options; - -Network Preferences; - -Proxies; - -Manual Proxy Configuration; - -View. -See the -FAQ -for other browsers. -The -Security Proxy -should also be set to the same values, -otherwise -shttp: -URLs -won't work. -

-Note the limitations -explained in the -FAQ. -

- -

<Feedback>  -Checking Options -

-

-To allow users to -check -that a -junkbuster -is running and how it is configured, -it intercepts requests for any -URL -ending in -/show-proxy-args -and blocks it, -returning instead returns information on its -version number and -current configuration -including the contents of its blockfile. -To get an explicit warning that no -junkbuster -intervened if the proxy was not configured, -it's best to point it to a -URL -that does this, such as -http://internet.junkbuster.com/cgi-bin/show-proxy-args -on Junkbusters's website. -

- -

<Feedback>  -See Also -

-

-http://www.junkbusters.com/ht/en/ijbfaq.html -
-http://www.junkbusters.com/ht/en/cookies.html -
-http://internet.junkbuster.com/cgi-bin/show-proxy-args -
-http://www.cis.ohio-state.edu/htbin/rfc/rfc2109.html -
-http://squid.nlanr.net/Squid/ -
-http://www-math.uni-paderborn.de/~axel/ -

- -

<Feedback>  -Copyright and GPL -

-

-Written and copyright by the Anonymous Coders and Junkbusters Corporation -and made available under the -GNU General Public License (GPL). -This software comes with -NO WARRANTY. -Internet Junkbuster -Proxy -is a -trademark -of Junkbusters Corporation. -

-

--- Back to Top of Page ---

- -Home - · - - - · Site Map - - · Legal - - · Privacy - - · Cookies - - · Banner Ads - - · Telemarketing - - · Mail - - · Spam - -
- -
- - -

-Copyright © 1996-8 Junkbusters -® Corporation. -Copying and distribution permitted under -the GNU -General Public License. - - -1998/10/31 -http://www.junkbusters.com/ht/en/ijbman.html - -

webmaster@junkbusters.com
- - + +

to allow SSL transactions to proceed directly. The + cautious would also add an entry in their blockfile to stop + transactions to port 443 for all but specified trusted + sites.

+ +

Configure with care: no loop + detection is performed. When setting up chains of proxies + that might loop back, try adding + Squid.

+ +

via_gateway_type and gateway are used to + support SOCKS proxies. Some firewalls provide this type of + proxy. If you do not not want to use a SOCKS proxy, specify + both of these fields as ".".

+ +

Note that + JunkBuster is a SOCKS client, not a SOCKS + server. The user's browser should not be configured to use + SOCKS; the proxy conducts the negotiations, not the + browser.

+ +

The SOCKS4 protocol may be specified by + setting via_gateway_type to socks or + socks4. The SOCKS4A protocol is + specified as socks4a. The SOCKS5 + protocol is not currently supported.

+ +

gateway should be the host and port of the SOCKS + server. If you just specify a hostname, then the port + number defaults to 1080.

+ +

The user identification capabilities of + SOCKS4 are deliberately not used; the user is always + identified to the SOCKS server as + userid=anonymous. If the server's policy is to + reject requests from anonymous, the proxy will + not work. Use a debug value of 3 to see + the status returned by the server.

+ +

If you specify both a HTTP proxy (with + forward_to) and a SOCKS proxy (with gateway) + then the SOCKS proxy is used to connect to the HTTP proxy. + If you just specify a SOCKS proxy, it is used to connect + directly to the websites.

+
+ +
debug  N
+ +
+

Set debug mode. The most common value is 1, to pinpoint offensive URLs, so they + can be added to the blockfile. The value of N is a + bitwise logical-OR of the following values:
+ 1 = URLs (show each URL requested by the browser);
+ 2 = Connections (show each connection to or from the + proxy);
+ 4 = I/O (log I/O errors);
+ 8 = Headers (as each header is scanned, show the header + and what is done to it);
+ 16 = Log everything (including debugging traces and the + contents of the pages).
+ 32 = Record accesses in Common Log Format, as used by most + web and proxy servers.

+ +

Multiple debug lines are + permitted; they are logical OR-ed together.

+ +

Because most browsers send several + requests in parallel the debugging output may appear + intermingled, so the + single-threaded option is recommended when using debug with N greater than 1. +

+
+ +
add-forwarded-header
+ +
+

Add X-Forwarded-For headers to the + server-bound HTTP stream indicating the client IP address + to the server, in the new + style of Squid 1.1.4. If you want the + traditional HTTP_FORWARDED response header, + add it manually with the -x option. This + also allows other X-Forwarded-For headers to + be transmitted - usually they are discarded.

+
+ +
add-header   + HeaderText
+ +
+

Add the HeaderText verbatim to requests to the + server. Typical uses include adding old-style forwarding + notices such as Forwarded: by + http://pro-privacy-isp.net and reinstating the + Proxy-Connection: Keep-Alive header (which the + junkbuster deletes so as not to reveal its existence). No + checking is done for correctness or plausibility, so it can + be used to throw any old trash into the server-bound HTTP + stream. Please don't litter. +

+
+ +
single-threaded
+ +
+

Doesn't fork() a separate process (or + create a separate thread) to handle each connection. Useful + when debugging to keep the process single threaded.

+
+ +
logfile   + logfile
+ +
+

Write all debugging data into logfile. The + default logfile is the standard output.

+
+ +

+ aclfile   + aclfile
+ +
+

Unless this option is used, the proxy talks to anyone + who can connect to it, and everyone who can has equal + permissions on where they can go. An access file allows + restrictions to be placed on these two policies, by + distinguishing some source IP addresses + and/or some destination addresses. (If a + forwarder or a gateway is being + used, its address is considered the destination address, + not the ultimate IP address of the URL requested.)

+ +

Each line of the access file begins + with either the word permit or + deny followed by source and (optionally) destination + addresses to be matched against those of the HTTP request. + The last matching line specifies the result: if it was a + deny line or if no line matched, the request + will be refused.

+ +

A source or destination can be + specified as a single numeric IP address, or with a + hostname, provided that the host's name can be resolved to + a numeric address: this cannot be used to block all + .mil domains for example, because there is no single + address associated with that domain name. Either form may + be followed by a slash and an integer N, + specifying a subnet mask of N bits. For + example, permit 207.153.200.72/24 matches the + entire Class-C subnet from 207.153.200.0 through + 207.153.200.255. (A netmask of 255.255.255.0 corresponds to + 24 bits of ones in the netmask, as with + *_MASKLEN=24.) A value of 16 would be used for a + Class-B subnet. A value of zero for N in the + subnet mask length will cause any address to match; this + can be used to express a default rule. For more information + see the example file provided with the distribution.

+ +

If you like these access controls + you should probably have + firewall; they are not intended to replace one.

+
+ +

+ trustfile   + trustfile
+ +
+

This feature is experimental, has not been fully + documented and is very subject to change. The goal is for + parents to be able to choose a page or site whose links + they regard suitable for their young children and for the proxy + to allow access only to sites mentioned there. To do this + the proxy examines the referer variable + on each page request to check they resulted from a click on + the ``trusted referer'' site: if so the referred site is + added to a list of trusted sites, so that the child can + then move around that site. There are several uncertainties + in this scheme that experience may be able to iron out; + check back in the months ahead.

+
+ +

+ + trust_info_url   + trust_info_url
+ +
+

When access is denied due to lack of a trusted referer, + this URL is displayed with a message pointing the user to + it for further information.

+
+ +

+ hide-console
+ +
+

In the Windows command-line version only, instructs the + program to disconnect from and hide the command console + after starting.

+
+
+ +

*  Installation and Use

+ +

Browsers must be told where to find the + junkbuster (e.g. localhost port 8000). + To set the HTTP proxy in Netscape 3.0, go through: Options; Network Preferences; Proxies; Manual Proxy + Configuration; View. See the FAQ for other browsers. The Security Proxy should also be set to + the same values, otherwise shttp: URLs won't + work.

+ +

Note the limitations explained in + the FAQ.

+ +

*  Checking Options

+ +

To allow users to check that + a junkbuster is running and how it is + configured, it intercepts requests for any URL ending in + /show-proxy-args and blocks it, returning instead + returns information on its version number and current + configuration including the contents of its blockfile. To get + an explicit warning that no junkbuster + intervened if the proxy was not configured, it's best to point + it to a URL that does this, such as + http://internet.junkbuster.com/cgi-bin/show-proxy-args on + Junkbusters's website.

+ +

*  See Also

+ +

+ http://www.junkbusters.com/ht/en/ijbfaq.html
+ + http://www.junkbusters.com/ht/en/cookies.html
+ + http://internet.junkbuster.com/cgi-bin/show-proxy-args
+ http://www.cis.ohio-state.edu/htbin/rfc/rfc2109.html
+ + http://squid.nlanr.net/Squid/
+ + + http://www-math.uni-paderborn.de/~axel/

+ +

+  Copyright and GPL

+ +

Written and copyright by the Anonymous Coders and + Junkbusters Corporation and made available under the GNU General Public License (GPL). This software + comes with NO WARRANTY. Internet + Junkbuster Proxy is a + trademark of Junkbusters Corporation.

+ +

--- Back to Top of Page ---

+ +

+ Website · Manual · FAQ · GPL

+ +

+ Copyright © 1996-8 Junkbusters ® + Corporation. Copyright © 2001 + Jon + Foster. Copying and distribution permitted under the GNU General Public + License.

+ +

+ http://sourceforge.net/projects/ijbswa/

+ + diff --git a/doc/top.gif b/doc/top.gif new file mode 100755 index 00000000..8380083d Binary files /dev/null and b/doc/top.gif differ