X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fijbfaq.html;h=f9168a68d2783d47eafbd9b57648c2dbd527af82;hb=ae361fd41bf05e7eb5374150e1c6ddef75a03e9d;hp=ab7e7989f339d06152cd3918e7b3143d8f259df0;hpb=c75584ebcc79f939fb4ec9c8f842cef6692640c7;p=privoxy.git diff --git a/doc/ijbfaq.html b/doc/ijbfaq.html index ab7e7989..f9168a68 100644 --- a/doc/ijbfaq.html +++ b/doc/ijbfaq.html @@ -1,3186 +1,1999 @@ - + + + -
- - - - - - - - --Download for UNIX - - · (Download for Windows 95/NT) - - · (Other OS) - - · Configuring Browsers - - · Installation - - · For Companies - - · Blocking - - · Cookies - - · Anonymity - - · Security - - · (Technical Manual) -
--The -Internet Junkbuster -Proxy -TM -is -free -privacy-enhancing software that can be run on your PC or by your -ISP -or company. -It blocks requests for -URLs -(typically banner ads) -that match its -blockfile. -It also deletes unauthorized -cookies -and other -unwanted identifying -header information -that is exchanged between web servers and browsers. -These headers are not normally accessible to users -(even though they may contain information that's important to your privacy), -but with the -Internet Junkbuster -you can see almost -anything you want -and control everything you're likely to need. -You -decide what's junk. -SM -Many people -publish -their blockfiles to help others get started. -
- --No, none of these. -It's completely free of charge. -Junkbusters -offers you the software to copy, use, modify and distribute -as you wish, forever, at -no charge -under the -GNU General Public License. -
-It comes with -no warranty of any kind. -
-You don't have to register, -in fact we don't even provide a way to do so: -the practice of registering software is -usually just an -excuse -to send you solicitations and -sell your name -and information about your behavior. -You are welcome to obtain and use our software as anonymously you wish. -(Your -IP -address will naturally be -disclosed -when you download it, -so if you work for a web ad company -you might want to use a service such as the -lpwa.com -when you get it. -We -never -want to be given any information that you consider private or confidential.) -
-We are often asked why we give away a product that many -would happily pay for. -The answer is that we are determined to carry out our -mission: -to free the world from junk communications. -
- --For the latest information on availability, see the -Distribution Information -page. -We -don't -think it will ever run on -Windows 3.1. -But you don't need to have it running on your computer -if you get your -ISP -or Systems Administrator at -work -to run it. -
- -
-Try their sales or support department
-(depending on whether you are already a customer).
-You might send them email including the following
-URL:
-
- http://www.junkbusters.com/ht/en/ijbfaq.html#isps
-
-You could mention that many
-other
-ISPs
-provide it,
-and that you regard it as an important part of your decision on
-where to buy Internet service.
-
-Whoever starts the -Internet Junkbuster -chooses the options and the blockfile. -If your -ISP -runs it for you, they have to make these decision -(though -some -may give you a choice of proxies, -and a way to suggest new -URLs -to block). -If you run it on your computer, -You -decide what's junk. -SM -
- --It depends on your platform. -If you are using Windows 95 or NT, -see our separate page on -installing under Windows. -If you have a C compiler and are using almost any flavor of -UNIX ® -you -download it, compile it, start it running, -and then -configure your browser. -Several precompiled packages are also available through links in our -distribution page, -which lists all available platforms. -
-If you are using a platform for which we have no current -availability, -you are welcome to port the code. -If you do this and you would like us to consider publishing your ported version, -please -tell us. -
- --Just point your browser to -http://internet.junkbuster.com/cgi-bin/show-proxy-args -or to any -URL -ending in -show-proxy-args -(even if it doesn't exist). -It needn't exist because the -Internet Junkbuster 2.0 -intercepts the request, blocks it, -and returns in its place -information about itself. -Using the -URL -above is useful for checking that your browser really is -going through an -Internet Junkbuster, -because the -junkbuster.com -server returns a warning if the request actually gets to it. -Some people set the home page of their browser to such a -URL -to be sure that it is configured to use the proxy. -
-If you wish to check the header information -your proxy is actually sending, -a visit to -http://internet.junkbuster.com/cgi-bin/show-http-headers -will give you the more relevant ones first. -You might also like to turn the proxy -off -and compare the difference. (Don't forget to turn it back on again.) -
- --Once your browser is told to use a proxy such as the -Internet Junkbuster, -it thinks of it as its server for everything, -so this message means it can't talk to the proxy. -The -Internet Junkbuster -may not be running, -or you may have specified its proxy -address -incorrectly. -Check that the details you entered are correct. -If you have -telnet -you can try connecting to the appropriate port to see if the -Internet Junkbuster -is running. -If your -ISP -is running the -Internet Junkbuster, -you may want to check with them. -If you are running it yourself under -UNIX ®, -try looking at a -ps ax -to see if it is running. -The -port -specified in its options should be the same one as your -browser has configured. -
- -
-We'd be very interested to hear it, but please bear a few things in mind.
-
-If you find using our free product -harder than you're used to for consumer software, -there are many -commercial alternatives -that you could consider. -
-The answer to detailed technical questions may be answered in -manual page, -or in the source code. -Also double-check this page for an answer: -using the ``find'' feature on your browser for likely keywords may help. -Our site also has a -search -feature. -
-Many people post requests for help and responses on -Usenet. -
-If your -ISP -is providing -the -Internet Junkbuster -for you, -and your question is about how to use it, -check their web page before asking them. -
-Even though we don't offer the kind of -support you might expect if you paid a lot of money for a software product, -you can still ask us. -But before you do, please consider whether -you could ask someone closer to you. -And please be patient if we're slow to reply: we -never charge consumers -for our services, -so we have to subsidize consumers with revenue from companies, -and our resources are limited. -
-If your company or organization -would be interested in a maintenance contract -with phone and email support, -hard copy documentation and source code and pre-compiled binaries on tape -or disk, -please -ask us -for a quote. -
- --If you set up -the -Internet Junkbuster -to run on the computer you browse from -(rather than your -ISP's server -or some networked computer at work), -the proxy will be on -localhost -(which is the special name used by every computer on the Internet to -refer to itself) -and -the port will be -8000 -(unless you have told the -Internet Junkbuster -to -run on a different port with the -listen-address -option). -So you when -configuring your browser's proxy settings -you typically enter the word -localhost -in the two boxes next to - -HTTP -and - -Secure, -and the number -8000 -in the two boxes labelled -to the right of those boxes. -
-If your -ISP -or company is running -the -Internet Junkbuster -for you, -they will tell you the address to use. -It will be the name of the computer it's running on -(or possibly its numeric IP address), -plus a port number. -Port 8000 is the default, so assume this number if it is not specified. -Sometimes a colon is used to glue them together, -as in -junkbuster.fictitous-pro-privacy-isp.net:8000 -but -with most browsers -you do not type the colon, -you enter the address and port number in separate boxes. -
- -
-All current browsers can be told the address of a proxy to use.
-You enter the same information in two fields in your browser's proxy
-configuration screen (see list below): one for
-HTTP,
-and one for the Secure Protocol (assuming your browser supports
-SSL).
-If you find some information already entered for your proxy,
-see the
-next question.
-Here are the menus you go through to get to the proxy configuration settings.
-(We also recommend that you
-disable Java,
-which is a separate operation.)
-Make notes on the changes you make so you know how to undo them!
-You will need to know what you did
-in case you wish to
-discontinue
-using the proxy.
-
-Some -ISPs -and companies require all Web traffic to go through their proxy. -In this case you would find your proxy configuration with values already set, -possibly under -Automatic Proxy Configuration -(in the case of -Netscape -and -MS-IE 3.0 -and above). -It's probably a firewall proxy between your company and the outside world, -or a -caching proxy -if you're using an -ISP. -
-What needs to be done in this case is to -use the -forwardfile -option -to tell the -Internet Junkbuster -the address of the other proxy. -Specify a different (unused) port number -with the -listen-address -option, -and configure your browser to -use that port. -If you haven't done this kind of thing before, -it's probably best to consult your systems administrator or -ISP -about it; -check their web page first. -
- --Just go through the same procedure you used to start your -browser using the -Internet Junkbuster, -but remove the details you put in -(or if there was something there before, restore it). -You may need to use - -Save Options -to make this change permanent. -On Netscape 3.0 you can go through - -Options; - -Network Preferences; - -Proxies -and click on - -No Proxy -to turn it off, and later click on - -Manual Proxy Configuration -if you want to start using it again. -(No need to enter the again details under - -View -as you did the -first time; -they should remain there unchanged.) -
-This stops your browser talking to the proxy; -shutting down the proxy -is a different matter. -
- --Some browsers (such as MSIE-4) can be configured to dial your -ISP -automatically when you click on a link, -but this feature gets disabled if you specify a proxy running on your -own computer -(with address -localhost -or -127.0.0.1) -because these addresses don't require dialing. -The -Internet Junkbuster -knows nothing about dialing, so it doesn't work. -To make automatic dialing work, -make up a name such as -junkbuster.ijb -and use that name in the proxy settings -instead of -localhost, -and then add the line -127.0.0.1 junkbuster.ijb -to the file -c:\windows\hosts -(if there already is a line beginning with -127.0.0.1 -just add -junkbuster.ijb -at the end of it.) -
-This should also work Netscape Communicator 4 on -machines where IE-4 has been installed. -
- -
-If you are running Redhat
-Linux
-you may prefer to use the
-rpm
-instead of the following procedure.
-
-
-
-If you are running a version earlier than 2.0 you can start it with -junkbuster & -
-
-A binary is currently being supplied with the source code,
-but if you prefer to compile it yourself here is the likely procedure.
-Most of these steps are repeated in our checklist for
-installation under Windows.
-
-(Version 2.0.1 and above uses -the file -junkbstr.ini -as the config file -if it exists and no argument was given. If you have an earlier -version or if you want it to use a different config file, -simply specify that file as the argument.) -
-WinNT users can put it into their own -StartUp folders or the Administrator -can put it into the system's global StartUp folder. -For details on how to make this a service under NT -see our -Windows page. -
-Pick a page from somewhere (such as your bookmarks, or just one -that your browser was pointing to) -and - -Reload -it. -If you get a message along the lines of ``server not responding, -using cached copy instead,'' see the advice -above. -If the page reloads OK, check that your browser is actually -talking to the proxy by going to -http://internet.junkbuster.com/cgi-bin/show-proxy-args -or any -URL -ending in -show-proxy-args -(as described -below, -the proxy should intercept the request.) -When you see ``Internet Junkbuster Proxy Status,'' -you'll know it's working. -
- --You may need the -forwarding -feature to ``daisy chain'' the -Internet Junkbuster -to another proxy, perhaps an -anonymizing -proxy to -conceal -your -IP -address, -or a -caching proxy -from your -ISP, -or a -firewall -proxy between your company and the outside world. -Version 2.0 -can be even configured to forward -selectively -according to the -URL -requested: -for example, connecting directly to trusted hosts, -but going through an anonymizing or firewall proxy for all other hosts. -
-Network administrators might use it to provide -transparent access to multiple networks without -modifying browser configurations. -Most browsers also provide a way of -specifying hosts that the browser -connects to directly, bypassing the proxy. Some provide a method for -Automatic Proxy Configuration. -A well written -Internet Junkbuster -configuration can be much more flexible and powerful. -
-An -ISP's -caching proxy -would typically be called something like -cache.your-isp.net:8080 -(as described on you -ISP's -web page); -you would put this information in your -forwardfile -as described in our manual. -Your browser would be configured to -the -Internet Junkbuster -for -HTTP -and Security Proxies as before, -but you probably want to tell it to use the caching proxy -for -FTP -and other protocols. -If your -ISP -is running -the -Internet Junkbuster -for you, -they have probably already decided whether to chain with a caching proxy. -
- --There is support for some -gateways -in -Version 1.4 -and above. -The gateway protocol used to be specified on the command line; -it is -now specified -in the same file as -forwarding. -Note that the browser's proxy configuration must -not -specify a -SOCKS -host; -it should specify the proxy as described -above. -
- -
-To get the proxy to do as little as possible (which means not deleting any
-sensitive headers), place in your
-configuration file the following three lines (each ending in a space
-then a period) to stop it changing sensitive headers:
-
- referer .
-
- from .
-
- user-agent .
-
- cookiefile mycookiefile
-
-The fourth line is also needed to specify a
-cookiefile
-that might be called
-mycookiefile
-containing a single line with a
-*
-character, to allow all cookies through.
-
-It depends on your platform. Under Windows, use
-
-Ctrl-Break
-in the
-DOS
-window or
-the old three-fingered salute of
-
-Ctrl-Alt-Delete
-and select
-
-End Task.
-Under
-UNIX ®
-you'll need to
-kill
-the
-junkbuster
-process.
-If you don't know the process number to give to
-kill, try this:
-ps ax | grep junkbuster
-
-
-We've seen only a few public comments from the advertising industry on this, -other than -SEC filings. -First, the president of the Internet Advertising Bureau told -CNET -that he wasn't worried by banner blockers. -Second, after the Federal Trade Commission's -workshop -where we gave a live demonstration of our proxy before -many eminent representatives of the industry, -the -Direct Marketing Association -made the following -statement in the closing paragraphs -of their -summary comments -to the Commission. -
-Clever shareware developers have come up with products that -can obliterate cookies and advertisements for those consumers -who have these concerns. -The Internet is a market that is so democratic and flexible -that it is easy for companies and software -developers to respond to a perceived market need. --Their attitude seems to be that they would prefer that -people use technical solutions -to protect their privacy than have protections -imposed by legislation or government regulations. -So, do you perceive a market need? -Then here are some ways to flex your democratic muscles. - - -
-That depends. Try this quick three-point test.
-
-Yes, -ask us -for a quote on a maintenance contract with your choice of -phone and email support, -hard copy documentation, -source code and pre-compiled binaries on tape or disk, -and email alerting of upgrades and issues. -We also offer consulting services to help set up ``stealth browsing'' -capabilities to help reduce the footprints left while doing competitive -analysis and other Web work where confidentiality is critical. -
- -
-Many
-ISPs
-who offer the proxy to their customers have told us that
-most of their customers are
-delighted with it
-(although one reported that a customer complaint that without banner ads,
-surfing was like reading a novel: we recommend making it optional).
-Many
-ISPs
-like it because it reduces bandwidth requirements.
-To help get you started,
-here's a checklist we've developed from working with a few
-ISPs.
-You may think of more,
-and we'd be interested if you're willing to
-share them
-with us.
-
-Other organizations with web presence and some bandwidth to spare -can set up as -Proxy Server Servers - -(PS2s). -The idea here is to allow users to choose their proxy configuration, -and provide it to them on a semi-permanent basis. -Users would fill in a form specifying what options they want in -their proxy, -possibly even at a very high level, such as -``no ads'' -or ``no nudity.'' -This information is sent to a -CGI -script that -configures a proxy, starts it running, and returns its address and port number -(possibly along with configuration instructions for the browser -that the user specified.) -
-Users -could be charged -a subscription fee, -or the service could be thrown in free in the hope of -improving customer retention for some existing business -(which is what -ISPs -are doing). -It might be possible to make money by -inserting new ads in the holes left where others were blocked, -but the original owners might object. -PS2s -could differentiate themselves -by providing frequently updated and comprehensive -blocking of ads, or of offensive material based on their own grading system. -Some content providers might do it for the chance to be the -only company that the consumer permits to set cookies. -(Identification could even be done via cookies, -but this might not be popular with the kind of user who wants a proxy.) -PS2s -might sell specific or aggregate information about their -users' browsing habits, -so the agreement with users on whether they are permitted to do this -would be important to both sides. -
-If your organization -establishes a -Proxy Server Service -you would like publicized, -please -notify us. -
- --The sample blockfile we provide blocks almost nothing, -and we do not publish blockfiles that stop almost all banner ads. -But others have; you can find them by -asking Altavista. -You can add any part of the new file to your old one -(probably called -sblock.ini -if you haven't changed the default name in the latest version) -or your just replace it completely. -You -probably -don't need to restart the proxy. -
-If you develop an interesting blocklist and publish it on the Web, -you might want to include the word ``junkbuster'' in it -and use the word ``blocklist'' in the file name given in the -URL -so that others can find it with the query given in the previous sentence. -
- --If your -ISP -is running the -Internet Junkbuster, -they should have a policy on whether they accept suggestions from -their customers on what to block. Consult their web page. -
-If you are running -the -Internet Junkbuster -yourself, you have complete control over what gets through. -Just add a pattern to cover the offending -URL -to your blockfile. -Version 1.3 and later automatically rereads the blockfile when it changes, -but if you're running an earlier version you'll -have to -stop it -and restart it. -
-To choose a pattern you'll first need to find the -URL -of the ad you want cover. -
-Some people use the -debug -1 -option to display each -URL -in a window as the request is sent to the server. -It's then usually an easy task to pick the offending -URL -from the list of recent candidates. -
-Alternatively, -you can use - -View Document Info -(or - -View Document Source -if your browser doesn't have that). -The - -Info -feature has the advantage of showing you the full -URL -including the host name, -which may not be specified in the source: -there you might see something like -SRC="/ads/click_here_or_die.gif" -indicating only the -path. -(The host name is assumed to be the same as the one the page came from.) -
-But ads often -come from a different site, in which case you -might see something like -SRC="grabem.n.trackem.com/Ad/Infinitum/SpaceID=1666" -or longer. -If the company looks like a pure ad warehouse -(as in the last case), -you may want to place just its domain name in the blockfile, -which blocks all -URLs -from that site. -
-If the ad comes from a server -that you really want some content from, -you can include enough of the path -to avoid zapping stuff you might want. -In the first example above, -/ads/ -would seem to be enough. -If you don't include the domain name, -the pattern applies to all sites, -so you don't want such patterns -to be too general: -for example -/ad -would block -/admin/salaries/ -on your company's internal site. -
-To speed the blocking of images, some -UNIX ® -users create a -shell script called -Image: -containing a line such as -echo $1 | sed s/http:..// >> $HOME/lib/blockfile -that adds its argument to the user's blockfile. -Once an offending image has been be found using - -View Document Info -it's easy to cut-and-paste the line (or part of it) into a shell window. -The same script can be linked to a file called -Frame: -to dealing with framed documents, -and -junkbuster: -to accept the output of the -debug -option. -
-When compiled without the -regular expressions -option, the -Internet Junkbuster -uses only very simple (and fast) matching methods. -The pattern -/banners -will not stop -/images/banners/huge.gif -getting through: you would have to include the pattern -/images/banners -or something that matches in full from the left. -So you can get what you want here, -the matcher understands -POSIX -regular expressions: -you can use -/*.*/banners -to block -and any -URL -containing -/banners -(even in the middle of the path). -(In Versions 1.1 through 1.4 -they were an option at compile time; -from Version 2.0 they have become the default.) -Regular expressions give you -many more features -than this, -but if you're not already familiar with them you probably won't -need to know anything beyond the -/*.*/ -idiom. -If you do, a -man egrep -is probably a good starting point). -
-Don't forget the -/ -(slash) -at the beginning of the path. -If you leave it out the line will be interpreted as a domain name, -so -ad -would block all sites from Andorra -(since -.ad -is the two-letter -country code -for that principality). -
-For a detailed technical description -of how pattern matching is done, -see the -manual. -
- --If the ad had been displayed before you included its -URL -in the blockfile, -it will probably be held in cache for some time, -so it will be displayed without the need for any request to the server. -Using the -debug -1 -option to show each -URL -as it is fetched is a good way to see exactly what is happening. -
-If new items seem to be getting through, -check that you are -really running -the proxy with the right blockfile in the options. -Check the blockfile for -exceptions. -
-Some sites may have different ways of inserting ads, -such as via -Java. -If you have ideas on how to block new kinds -of junk not currently covered, please -tell us. -
- --You can change the patterns so they don't cover it, -or use a simple feature in Version 1.1 and later: a line beginning with a -~ -character means that a -URL -blocked by previous patterns that matches the rest of -the line is let through. -For example, -the pattern -/ad -would block -/addasite.html -but not if followed by -~/addasite -in the blockfile. -Or suppose you want to see everything that comes from -a site you like, even if it looks like an ad: simply put -~aSiteYouLike.com -at the -end -of the blockfile. -(Order is important, because the last matching line wins.) -
-As well as unblocking -pages that were unintentionally blocked, -this feature is useful for unblocking ads from a specific source. -This might be because you are interested in those particular ones, -or if you have an explicit agreement to accept certain ads, -such as those from a free web-based email provider. -
- --Yes, but remember that -children who are technically sophisticated enough -to use the browsers' proxy configuration options -could of course bypass any proxy. -This kind of technology can be used as a gentle barrier to remind -or guide the child, -but nobody should expect it to replace the parent's role -in setting and enforcing standards of online behavior for their children. -
-Some -ISPs -are starting to provide specialized proxies to protect children. -There are two basic approaches: the ``black list'' and the ``white list'' -approach. -The black list approach allows the child -to go anywhere not explicitly prohibited; the white list permits visits -only to sites explicitly designated as acceptable. -
-It's very easy for -anyone to -compile a white list from a page of ``recommended -kids sites'' and to configure an -Internet Junkbuster -to allow access to those sites only. -If you compile with the -regex -option, -you can place a -* -(asterisk) as the first line of the blockfile (which blocks everything), -and then list -exceptions -after that. -Be careful to make the exception sufficiently broad: -for example, using -~www.uexpress.com/ups/comics/ch/ -as the exception for -Calvin and Hobbes -would block some of the graphic elements on the page; -you would probably want a wider exception such as -~www.uexpress.com/ups/ -to permit them. -
-Version 2.0 has an experimental feature -to permit only sites mentioned in a nominated -trusted site. -This allows organizations to build lists of sites for kids to browse, -and the software automatically restricts access to those on the list. -
-Many filtering -products -actually scan for keywords in -the text of pages they retrieve -before presenting it, -but -the -Internet Junkbuster -does not do this. -Building a perfectly reliable black list system is hard, -because it's very difficult to state -in advance -exactly -what is obscene or unsuitable. -For more info see our -links -page. -
- --You usually see a broken image icon, -but it depends on several factors beyond the proxy's control. -If asked for a -URL -matching its blockfile, the proxy returns an -HTML -page containing a message identifying itself -(currently the two words ``Internet Junkbuster'') -with a status 202 (Accepted) instead of the usual 200 (OK). -(Versions 1.X returned an error 404: Forbidden, which caused -strange behavior in some cases.) -Status 202 is described in the -HTTP -RFC -as indicating that the request has been accepted but not completed, -and that it might complete successfully in the future -(in our case, if the blockfile were changed). -
-The broken image icon is most common -because the browser is usually expecting a graphic. -But if it was expecting text, or if the page happens to be using certain -HTML -extensions -such as -layer -and your browser is a late model from Microsoft, -you may see the words ``Internet Junkbuster'' displayed as a hot link. -
-Clicking on the link takes you to an explanation of -the pattern in the blockfile that caused the block, -so that you can edit the blockfile and go back and reload if you really -want to see what was blocked. The explanatory link is generated by -the proxy and is automatically intercepted based on its ending in -ij-blocked-url; -even though the site is specified as -http://internet.junkbuster.com -no request should actually made to that site. -If one is, it means that the proxy was been removed after it -generated the link. -
-To summarize: -the identifying link to the blocking explanation -is usually turned into a broken image icon, -but it may be displayed on a page alone, -or they may may be restricted to the particular frame, layer or graphic area -specified in the page containing them. -The proxy has no way of knowing the context in which a -URL -will be used and cannot control how the blocking message will be rendered. -
- --Many users have suggested to us -that blocked banners should be replaced by a something like a -1x1 transparent -GIF -to make the page would look as if there was nothing ever there. -Apart from making it harder to catch unintended blocking, -this might also displease the owners of the page, -who could argue that such a change constitutes a copyright infringement. -We think that merely failing to allow an included graphic to be accessed -would probably not be considered an infringement: -after all this is what happens when a browser -is configured not to load images automatically. -However, we are -not -lawyers, -so anyone in doubt should take appropriate advice. -
-In a context where the copyright issue is resolved -satisfactorily, -a proxy could simply return a status 301 or 302 and -specify a replacement -URL -in a -Location -and/or -URI -header. -An alternative would be to use inline code to return a -1 x 1 clear -GIF. -We do not publish sample code for this, -and we have no way of stopping -others -who have. -
- --Many users have pointed out that most banner ads come in standard sizes, -so why not block all -GIFs -of those sizes? -This would theoretically be without fetching the object -because the dimensions are usually given in the -IMG -tag, -but it would require substantial changes in the code, -and we doubt whether it would be much more effective than a good block list. -
- --The -Internet Junkbuster -deliberately -does not provide a way of automatically editing the contents of a page, -to remove textual advertising or -to repair the holes left by blocked banners. -Other packages such as -WebFilter -do. -
-For the same reason, -it has no way of stopping a new browser -window being created, because this is done through the -target -attribute in the -<a> -and -<base> -elements, -not through headers. -Nor do we plan to add a feature to -paralyze animated -GIFs. -
- --We haven't tried it but we expect it would probably -work on image ads on push channels. -See also -adchoice. -
-Disabling -Javascript -stops some pop-up ads. -One problem is that some advertisers throw open a new -browser window to frame the ad. The ad is easily blocked, -but the empty window remains. You can kill it easily, but this is a chore. -We don't see how to stop them other than editing the -HTML -from the parent window, which we -don't -like to do. -
-The -TBTF -newsletter warned subscribers to push information that -in IE4, -LOGTARGET -allows -servers to determine the -URLs -viewed at their site even if accessed from cache or through a proxy. -If you use this browser see our instructions on -how to disable -this. -
-If you find you have experience using the proxy with push, -or have any other advice about it, please -tell us. -
- --Yes, you should expect the occasional cookie to make it through to your browser. -We know of at least three ways this can happen; -please -tell us -if you find any others. -One way is in secure documents, which are explained -below. -
-A -few -sites set cookies using a line such as -<META HTTP-EQUIV="Set-Cookie" CONTENT="flavor=chocolate"> -in the -HEAD -section of an -HTML -document. -Cookies can also be - -set and read -in -JavaScript. -To see if this is happening in a document, -view its source, look in the -head -for a section tagged -script language="JavaScript". -If it contains a reference to -document.cookie, -the page can manipulate your cookie file without sending any cookie headers. -The -Internet Junkbuster -does not tamper with these methods. -Fortunately they are rarely used at the moment. -If a cookie gets set, it should be stopped -by the proxy on its way back to the server when a page is requested, -but it can still be read in Javascript. -bu -
-To prevent cookies breaking through, -always -keep -cookie alerts -turned on in your browser, -and -disable -Java and Javascript. -Making the files -hard to write -may also help. -
- --When a web site's server sends you a page it also sends -certain ``header information'' which your browser records but does not display. -One of these is a -Set-Cookie -header, which specifies the cookie information that the server wants your browser to record. -Similarly, when your browser requests a page it also sends headers, specifying -information such as the graphics formats it understands. -If a cookie has previously been set by a site that matches the -URL -it is about to request, -your browser adds a -Cookie -header quoting the previous information. -
-For more background information on how cookies -can damage your privacy, see our -page on cookies. -For highly detailed technical information see the -RFC. -The -Internet Junkbuster -will show you all headers you use the -debug -8 -option, -or you can get a sample from our -demonstration page. -
- --Possibly. -Some personalized services including certain - -chat -rooms -require cookies. -Newspapers that require - -registration -or - -subscription -will not automatically recognize you if you don't send them the cookie they -assigned you. And there are a very small number of sites that do -strange things with cookies; they don't work for anyone that blocks -cookies by any means. -Some sites such as -Microsoft -explain that their content is so wonderfully compelling that -they will withhold it from you unless you submit to their -inserting cookies. -
-If you want such sites to be given your cookies, -you can use the -cookiefile -option provided you are running -Version 1.2 or later -yourself. -Simply include the domain name of those sites in the -cookiefile -specified by this option. -If it still doesn't work, -the problem may be in -other headers. -
-It's possible to let cookies out but not in, -which is enough to keep some sites happy, but not all of them: -one newspaper site seems to go into an endless frenzy -if deprived of fresh cookies. -A cookiefile containing -a single line consisting of the two characters ->* -(greater-than and star) permits server-bound cookies only. -The -* -is a -wildcard -that matches all domains. -
-If someone else is running the -Internet Junkbuster -for you and has a version -that - -passes server-bound cookies through, -you can try editing your browser's cookie -file to contain just the ones you want, -and restart your browser. -To subscribe to a new service like this -after you have started using the -Internet Junkbuster, -you can try the following: -tell your browser to -stop using -the -Internet Junkbuster, -fill out and submit your subscription details -(allowing that web site to set a cookie), -then -reconfigure your browser to use the -Internet Junkbuster -again -(and stop more cookies being sent). -This also requires the -cookiefile -option, -and its success depends on the Web site -not wanting to change your cookies at every session. -For this reason it does not work at some major newspaper sites, for example. -But you may prefer to -look at whether other sites provide the same -or better services without demanding the opportunity -to track your behavior. -The web is a buyer's market where most prices are zero: -very few people pay -for content with money, so why should you pay with your privacy? -
- --Yes, since version 1.2 the -Internet Junkbuster -has included advanced cookie management facilities. -Unless you specify otherwise, -cookies are discarded (``crumbled'') by the -Internet Junkbuster -whether they came from the server or the browser. -In Version 1.2 and later you can -use the -cookiefile -option -to specify when cookies are to be passed through intact. -It uses the same syntax and -matching -algorithm as the blockfile. -
-If the
-URL
-matches a pattern in the
-cookiefile
-then cookies are let through in both the browser's request for the
-URL
-and in the server's response.
-One-way permissions can be
-specified by starting the line with the
->
-or
-<
-character.
-For example, a cookiefile consisting of the four lines
-
- org
-
- >send-user-cookies.org
-
- <accept-server-cookies.org
-
- ~block-all-cookies.org
-
-allows cookies to and from
-.org
-domains only, with the following exceptions:
-
-If -the -junkbuster -was compiled with the regular expressions option -they may be used in paths. -Any logging to a -``cookie jar'' -is separate and not affected. -
-It's important to give hosts you want to be able -to set cookies sufficient breadth. For example, -instead of -www.yahoo.com -use -yahoo.com -because the company uses many different hosts ending in that domain. -
- -
-Yes,
-using the
-wafer
-option.
-We coined the term
-wafer
-to describe cookies chosen by a user,
-not the Web server.
-Servers may not find wafers as tasty as the cookies
-they make themselves.
-But users may enjoy controlling servers' diets for various reasons,
-such as the following.
-
--Any company that tries to argue in court that the proxy site -was breaching their copyright in the cookies would -be met with the defense that the proxy site gave that company -the opportunity to protect its copyright by simply -not sending cookies after receiving the notice. --TO WHOM IT MAY CONCERN - -
-
-Do not send me any copyrighted information other than the -document that I am requesting or any of its necessary components. -
-
-In particular do not send me any cookies that -are subject to a claim of copyright by anybody. -Take notice that I refuse to be bound by any license condition -(copyright or otherwise) applying to any cookie. - -
-Cookies can be as long as four thousand characters,
-so there's plenty of space for lawyerly verbosity,
-but white space, commas, and semi-colons are
-prohibited.
-Spaces can be turned into underscores.
-Alternatively,
-a
-URL
-could be sent as the cookie value,
-pointing to a document containing a notice,
-perhaps with a suggestive value such as
-
-http://www.junkbusters.com/ht/en/ijbfaq.html#licenses_on_cookies_refused
-
-But including the notice directly would probably be preferable
-because the addressee does not have to look it up.
-
-The -Internet Junkbuster 2.0 -currently sends a full notice as a -``vanilla wafer'' -if cookies are being logged to a cookie jar -and no other wafers have been specified. -It can be suppressed with the -suppress-vanilla-wafer -option, -which might be used in situations where there is an established understanding -between the proxy and all who serve it. -
-Junkbusters provides a -CGI -script that lets you -see -your wafers as they appear to servers. -
-Wafers confuse a few fragile servers. -If this troubles you, don't use this option. -
-Any wafers specified are sent to -all sites regardless of the cookiefile. -They are appended after any genuine cookies, -to maintain compliance with -RFC 2109 -in the event that a path was specified for a cookie. -The -RFC's provisions regarding the -$ -character -(such as the -Version -attribute) -are transparent -to the proxy; it simply quotes what was recited by the browser. -
-If you want to send wafers only to specific sites, -you could try putting them your browser's cookie file in a format -conforming to the Netscape -specification, -and then specify in the proxy's cookiefile that cookies are to be -sent to -but not accepted from those sites, so they can't overwrite the file. -This may work with Netscape but not all other browsers. -
- -
-We provided this capability just in case anyone wants it.
-There are a few possible reasons.
-
-No. Your chances of remaining anonymous are improved, -but unless you are an expert on Internet security -it would be safest to assume that everything you do on the Web -can be attributed to you personally. -
-The -Internet Junkbuster -removes various information about you, -but it's still possible that web sites can find out who you are. -Here's one way this can happen. -
-A few browsers -disclose the user's email address -in certain situations, such as when transferring a file by -FTP. -The -Internet Junkbuster 2.0 -does not filter the -FTP -stream. -If you need this feature, or are concerned about the mail handler -of your browser disclosing your email address, -you might consider -products such as -NSClean. -
-Browsers downloaded as binaries -could use non-standard headers to give out any information -they can have access to: see the manufacturer's license agreement. -It's impossible to anticipate and prevent every breach of privacy that -might occur. -The professionally paranoid prefer browsers available as source code, -because anticipating their behavior is easier. -
- --You shouldn't have to trust us, and you certainly don't have to. -We do not run the proxy as a service, -where we could observe your online behavior. -We provide source code so that everyone can see that the proxy isn't -doing anything sneaky. -
-You are already trusting your -ISP -not to look at an awful lot of information on what you do. -They probably post a -privacy policy -on their site to reassure you. -If they run a proxy for you, using it could actually -make it slightly easier for them to monitor you, -but we doubt that any sane -ISP -would try this, -because if it were discovered customers would desert them. -
- -
-The
-Internet Junkbuster
-pounces on the following
-HTTP
-headers in requests to servers,
-unless instructed otherwise in the options.
-
-Some browsers -send Referer and User-Agent information under different non-standard headers. -The -Internet Junkbuster 2.0 -stops -UA -headers, -but others may get through. -This information is also available via JavaScript, -so -disable disable -it. -Some search engines -encode the query you typed -in the -URL -that goes to advertisers to target a banner ad at you, -so you will need to block the ad as well as the referer header, -unless you want them (and anyone they might -buy data -from) -to know -everything you ever search for. -
-If you have JavaScript enabled (the default on -most browsers) servers can use it to obtain Referer and User Agent, -as well as your plug-ins. -We recommend -disabling -JavaScript and Java. -
-Currently no -HTTP -response headers (browser bound) -are removed, -not even the -Forwarded: -or -X-Forwarded-For: -headers. -Nor are any added, -unless requested. -We are considering a more flexible header management system for -a future version. -
- --Possibly. If used with a browser less advanced than Netscape 3.0 or IE-3, -indicating an advanced browser -may encourage pages containing extensions that confuse your browser. -If this becomes a problem -upgrade your browser or -use the -user-agent -option to indicate an -older browser. -In -Version 1.4 -and later you can selectively reveal your real browser -to only those sites you nominate. -
-Because different browsers -use different encodings of Russian characters, -certain web servers convert pages on-the-fly according to the User Agent -header. Giving a User Agent with the wrong operating system or -browser manufacturer causes some Russian sites to be garbled; -Russian surfers should -change it -to something closer. -
-Some -page access counters -work by looking at the referer; -they may fail or break when deprived. -
-Some sites depend on getting a referer header, -such as -uclick.com, -which serves comic strips -for many newspaper sites, -including -Doonsbury -for the -Washington Post. -(If you click on that last link, you can then get to a page containing -the strip via the -same -URL -we've linked to under -Doonsbury, -but if you click on the -Doonsbury -link directly, it gives you an error message suggesting that you -use a browser that supports referers.) -In -Version 1.4 -and later you can use the --r @ -option -and place a line like ->uclick.com -in your cookiefile. -Wired News -used to use referer to decide whether to add a navigation column to -the page, but they have changed that. -
-The weather maps of -Intellicast -have been blocked by their server when no referer or cookie is provided. -You can use the same countermeasure with a line such as ->208.194.150.32 -(or simply get your weather information -elsewhere). -
-Some software vendors, including -Intuit -use -USER_AGENT -to decide which versions of their products to display to you. -With the -default -you get Mac versions. -
-As a last resort if a site you need doesn't seem to be working, -the -proxy configuration -of many browsers allow you to specify - -No Proxy For -any hostname you want. -
-We had reports that on some versions of Netscape the -What's New -feature did not work with the proxy, -but we think we fixed this in Version 2.0.1. -
- --Almost -every -major release of both leading browsers has contained -bugs that allow malicious servers to compromise your privacy and security. -Known bugs are quickly fixed, but millions of copies of the affected -software remain out there, and yours is probably one of them. -The -header -that normally identifies your browser tells such servers exactly which attacks -to use against you. -By misidentifying your browser you reduce the likelihood that they -will be able to mount a successful attack. -
- --Web sites get the IP address of any proxy or browser they serve pages to. -If you run the proxy on your own computer the IP address disclosed -is the same as your browser would, unless you use the -forwardfile -option is used to chain to another proxy, -in which case servers only get the last IP address in the chain. -Chaining slightly slows browsing of course, but it improves anonymity. -
-One public proxy that you can -forward to is -lpwa.com -port 8000. -Read about its privacy-enhancing -features and the authentication procedures first, -and note that it blocks -referer -in almost all cases, -as well as some -other headers. -
- -
-After you log in to
-LPWA
-it tells your browser to send a
-Proxy-authorization
-header with each request.
-Whenever you shut down the browser and start again with a new browser,
-you need to log in again.
-If you are the only person using the
-Internet Junkbuster
-proxy, you can avoid repeated logins to
-LPWA
-by telling the
-Internet Junkbuster
-to send the information by placing a line such as
-
- add-header Proxy-authorization: Basic ZHVtbXk=.
-
-in the configuration file.
-The exact example above
-does not work
-because the code
-ZHVtbXk=.
-is a bogus one that
-LPWA
-would never generate;
-follow the procedure below to generate a valid one.
-
-We think so, -provided you are not the user running the -proxy. -If your computer (or your -ISP's) -is running the -identd -demon, -servers can ask it for the identity of the -user making the request at time you request a page from them. -But if you're going through a proxy, -they will identify the user name associated with the proxy, not you. -A visit to -http://ident.junkbusters.com -lets you see what's happening. -This test is (quite rightly) blocked by many -firewalls; -just interrupt the transfer if you get an abnormal wait after clicking. -Running other applications -may also expose you via -identd; -the proxy of course doesn't help then. -
- --With the default options the proxy doesn't announce itself. -Obvious indications such as -Keep-Alive -headers are -deleted, -but sites might notice that you can cancel cookies faster than -any human could possibly click on a mouse. -(If you want to provide a -plausible explanation for this, -change the User Agent header to a -cookie-free -or -cookie-crunching -browser). -
-But when certain options -are used they could figure out something's going on, -even if they're not pushing cookies. -If you use blocking -they can tell from their logs that the graphics in their pages -are not being requested selectively. -The -add-forwarded-header -option explicitly announces to the server that a proxy is present, -and -sending them -wafers -is of course a dead giveaway. -
- --If you enter a -``Secure Document Area,'' -cookies and other header information -such as User Agent and Referer -are sent encrypted, -so they cannot be filtered. -We recommend getting your browser to alert you when this happens. -(On Netscape: - -Options; - -Security; - -General; - -Show an alert before entering a secure document space.) -We also recommend adding the line -:443 -to the blockfile to stop all but sites specified in an exception -after that line from using SSL. -
-It may be possible to filter encrypted cookies -by combining the blocking proxy with a cryptographic proxy along -the lines of -SafePassage, -but we have not tried this. -
- --We're not security experts, but we don't think so. -The whole point of -SSL -is that the -contents of messages are - -encrypted -by the time -they leave the browser and the server. -Eavesdroppers (including proxies) can see where your messages are going -whether you are running a proxy or not, -but they only get to see the contents after they have been encrypted. -
- --Yes, we added an -access control -file in Version 2.0. -But before you use it please consider why you want to do it. -If the reason is security, -it probably means you need a firewall. -
-The -listen-address -option provides a way of binding the proxy to a single IP address/port. -The right way to do this is to choose a port inside your firewall, and -deny access to it to those outside the firewall. -The -Internet Junkbuster -is not a firewall proxy; -it should not be expected to solve security problems. -
-For background information on firewalls,
-see
-Yahoo
-or a
-magazine article
-or these well-known books:
-Firewalls and Internet Security: Repelling the Wily Hacker
-by
-
-Yes. -As with any service offered over the Internet, -hackers can try to misuse it. -A well-run -ISP -will have professionals who are experienced at assessing and containing -these risks. -
-It's possible to set up your machine so -that other people can have access to your proxy, -but if you lack expertise in computer security -you probably shouldn't have your computer configured to offer -this or any other service to the outside world. -
-Hackers can attempt to gain access
-to the machine by various attacks,
-which we have tried to guard against but don't guarantee to thwart.
-They can also use the ``anonymizing'' quality of proxies
-to try to cover their tracks while hacking other computers.
-For this reason we recommend preventing it being used
-as an anonymous
-telnet
-by putting the pattern
-:23
-in the blockfile (it's included as standard equipment).
-(Actually the current implementation incidentally blocks telnet due to the
-way headers are handled, but it's best not to rely on this.)
-If you wish to block all ports except the default
-HTTP
-port 80,
-you can put the lines
-
- :
-
- ~:80
-
-at the beginning of the blockfile, but be aware that some servers
-run on non-default ports (e.g. 8080). You might also want to add the line
-~:443
-to allow
-SSL.
-
-On -UNIX ® -systems it is neither necessary nor desirable for the proxy to run as root. -
-Versions 2.0.1 and below may be vulnerable to remote -exploitation of a memory buffer bug; for security reasons all users -are encouraged to -upgrade. -
-If you find any security holes in the code -please -tell us, -along with any suggestions you may have for fixing it. -However, we do not claim that we will be able to do so. -
-We distribute this code in the hope that people -will find it useful, but we provide -no warranty -for it, -and we are not responsible for anyone's use or misuse of it. -
-You may also want to check back periodically for updated versions of the code. -We do not -maintain a mailing list. -To get quick updates, bookmark our -Distribution Information -page. -
- - -Home - · -Next - - · Site Map - - · Legal - - · Privacy - - · Cookies - - · Banner Ads - - · Telemarketing - - · Mail - - · Spam - - - - --Copyright © 1996-8 Junkbusters -® Corporation. -Copying and distribution permitted under -the GNU -General Public License. - - -1998/10/31 -http://www.junkbusters.com/ht/en/ijbfaq.html - -
webmaster@junkbusters.com - - + ++ Website · + Manual · FAQ · GPL
+ +Configuring + Browsers · + IE 5.0 · + Installation · For Companies · Blocking Ads · + Cookies · Hotmail · Children · Forwarding/Chaining + · IP + · Anonymity + · Security
+ +Development of JunkBuster is ongoing and this document is + no longer current. However, it may provide some assistance. If + you have problems, please use the Yahoo Groups + mailing list (which includes an archive of mail), the + SourceForge.net project page, or + see the project's home + page. Please also bear in mind that versions 2.9.x of + JunkBuster are development releases, and are not production + quality.
+ +The Internet Junkbuster Proxy TM + is free privacy-enhancing software that can be run on your PC + or by your ISP or company. It blocks requests for URLs + (typically banner ads) that match its blockfile. It also + deletes unauthorized cookies and other unwanted identifying + header information that is exchanged between web servers and + browsers. These headers are not normally accessible to users + (even though they may contain information that's important to + your privacy), but with the Internet Junkbuster you can see + almost anything you want and + control everything you're likely to need. Many people publish + their blockfiles to help others get started.
+ +No, none of these. It's completely free of charge. + Junkbusters offers you the software to copy, use, modify and + distribute as you wish, forever, at no charge under the GNU + General Public License.
+ +It comes with no warranty of any + kind.
+ +You don't have to register, in fact + we don't even provide a way to do so: the practice of + registering software is usually just an excuse to send you + solicitations and sell your name and information about your + behavior. You are welcome to obtain and use our software as + anonymously you wish. (Your IP address will naturally be + disclosed when you download it; use anonymizing software if you + want to conceal this. We never want to be given any information + that you consider private or confidential.)
+ +We are often asked why we give away a + product that many would happily pay for. The answer is that we + are determined to carry out our mission: to free the world from + junk communications.
+ +For the latest information on availability, see the + Distribution Information page. We don't think it will ever run + on Windows 3.1. But you don't need to have it running on your + computer if you get your ISP or Systems Administrator at work + to run it.
+ +Try their sales or support department (depending on whether
+ you are already a customer). You might
+ send them email including the following URL:
+
+ http://www.junkbusters.com/ht/en/ijbfaq.html#isps
+ You could mention that many other ISPs
+ provide it, and that you regard it as an important part of your
+ decision on where to buy Internet service.
Whoever starts the Internet Junkbuster chooses the options + and the blockfile. If your ISP runs it for you, they have to + make these decision (though some may give you a choice of + proxies, and a way to suggest new URLs to block). If you run it + on your computer, you get to choose.
+ +It depends on your platform. If you are using Windows 95 or + NT, see our separate page on installing under Windows. If you + have a C compiler and are using almost any flavor of UNIX ® + you download it, compile it, start it running, and then + configure your browser. Several precompiled packages are also + available through links in our distribution page, which lists + all available platforms.
+ +If you are using a platform for which we + have no current availability, you are welcome to port the code. + If you do this and you would like us to consider publishing + your ported version, please tell us.
+ +Just point your browser to
+ http://internet.junkbuster.com/cgi-bin/show-proxy-args or to
+ any URL ending in show-proxy-args
(even if it
+ doesn't exist). It needn't exist because the Internet
+ Junkbuster intercepts the request, blocks it, and returns in
+ its place information about itself. Using the URL above is
+ useful for checking that your browser really is going through
+ an Internet Junkbuster, because the junkbuster.com
+ server returns a warning if the request actually gets to it.
+ Some people set the home page of their browser to such a URL to
+ be sure that it is configured to use the proxy.
If you wish to check the header + information your proxy is actually sending, a visit to + http://internet.junkbuster.com/cgi-bin/show_http_headers will + give you the more relevant ones first. You might also like to + turn the proxy off and compare the difference. (Don't forget to + turn it back on again.)
+ +Once your browser is told to use a proxy such as the
+ Internet Junkbuster, it thinks of it as its server for
+ everything, so this message means it can't talk to the proxy.
+ The Internet Junkbuster may not be running, or you may have
+ specified its proxy address incorrectly. Check that the details
+ you entered are correct. If you have telnet
you
+ can try connecting to the appropriate port to see if the
+ Internet Junkbuster is running. If your ISP is running the
+ Internet Junkbuster, you may want to check with them. If you
+ are running it yourself under UNIX ®, try looking at a
+ ps ax
to see if it is running. The port specified in its options should be
+ the same one as your browser has configured.
We'd be very interested to hear it, but please bear a few + things in mind.
+ +If you find using our free product + harder than you're used to for consumer software, there are + many commercial alternatives that you could consider.
+ +The answer to detailed technical questions + may be answered in manual page, or in + the source code. Also double-check this page for an answer: + using the ``find'' feature on your browser for likely keywords + may help. Our site also has a search feature.
+ +Many people post requests for help and + responses on Usenet.
+ +If your ISP is providing the Internet + Junkbuster for you, and your question is about how to use it, + check their web page before asking them.
+ +Even though we don't offer the kind of + support you might expect if you paid a lot of money for a + software product, you can still ask us. But before you do, + please consider whether you could ask someone closer to you. + And please be patient if we're slow to reply: we never charge + consumers for our services, so we have to subsidize consumers + with revenue from companies, and our resources are limited.
+ +If your company or organization would be + interested in a maintenance contract with phone and email + support, hard copy documentation and source code and + pre-compiled binaries on tape or disk, please ask us for a + quote.
+ + + +If you set up the Internet
+ Junkbuster to run on the computer you browse from (rather than
+ your ISP's server or some networked computer at work), the
+ proxy will be on localhost
(which is the special
+ name used by every computer on the Internet to refer to itself)
+ and the port will be 8000
(unless you have told
+ the Internet Junkbuster to run on a different port with the listen-address option).
+ So you when configuring your browser's proxy settings you
+ typically enter the word localhost
in the two
+ boxes next to HTTP and
+ Secure, and the number 8000
in the two boxes
+ labeled to the right of those boxes. The
+ Internet Junkbuster does not currently handle other protocols
+ such as Gopher, FTP, or WAIS, so leave those setting unchanged.
+ Nor does it handle ICQ or Instant Messenger services.
If your ISP or company is running the
+ Internet Junkbuster for you, they will tell you the address to
+ use. It will be the name of the computer it's running on (or
+ possibly its numeric IP address), plus a port number. Port 8000
+ is the default, so assume this number if it is not specified.
+ Sometimes a colon is used to glue them together, as in
+ junkbuster.fictitious-pro-privacy-isp.net:8000
but with
+ most browsers you do not type the colon, you enter the address
+ and port number in separate boxes.
All current browsers can be told the address of a proxy to + use. You enter the same information in two fields in your + browser's proxy configuration screen (see list below): one for + HTTP, and one for the Secure Protocol (assuming your browser + supports SSL). If you find some information already entered for + your proxy, see the next question. Here are the menus you go + through to get to the proxy configuration settings. (We also + recommend that you disable Java, which is a separate + operation.) Make notes on the changes you make so you + know how to undo them! You will need to know what you + did in case you wish to discontinue using the proxy.
+ +setenv http_proxy
+ http://localhost:8000/
+ http_proxy=http://junkbuster.fictitious-pro-privacy-isp.net:8000/
+ export http_proxy
If your browser is not listed here, or if you notice an + error, please tell us the correct procedure.
+ +Some ISPs and companies require all Web traffic to go + through their proxy. In this case you would find your proxy + configuration with values already set, possibly under Automatic Proxy Configuration (in the case of + Netscape and MS-IE 3.0 and above). It's probably a firewall + proxy between your company and the outside world, or a caching proxy if you're using an ISP.
+ +What needs to be done in this case is to use + the forwardfile option to + tell the Internet Junkbuster the address of the other proxy. + Specify a different (unused) port number with the listen-address option, and + configure your browser to use that port. If you haven't done + this kind of thing before, it's probably best to consult your + systems administrator or ISP about it; check their web page + first.
+ +Just go through the same procedure you used to start your + browser using the Internet Junkbuster, but remove the details + you put in (or if there was something there before, restore + it). You may need to use Save Options to make + this change permanent. On Netscape 3.0 you can go through Options; Network Preferences; + Proxies and click on No + Proxy to turn it off, and later click on + Manual Proxy Configuration if you want to start using it + again. (No need to enter the again details under + View as you did the first time; they should remain there + unchanged.)
+ +This stops your browser talking to the + proxy; shutting down the proxy is a different matter.
+ +Some browsers (such as MSIE-4) can be configured to dial
+ your ISP automatically when you click on a link, but this
+ feature (called "automatically connect" or "autoconnect") gets
+ disabled if you specify a proxy running on your own computer
+ (with address localhost
or 127.0.0.1
)
+ because these addresses don't require dialing. The Internet
+ Junkbuster knows nothing about dialing, so it doesn't work. To
+ make automatic dialing work, make up a name such as
+ junkbuster.ijb
and use that name in the proxy settings
+ instead of localhost
, and then add the line
+ 127.0.0.1 junkbuster.ijb
to the file
+ c:\windows\hosts
(if there already is a line beginning
+ with 127.0.0.1
just add
+ junkbuster.ijb
at the end of it.)
This should also work Netscape + Communicator 4 on machines where IE-4 has been installed.
+ + + +The next two sections assume you wish to compile the code
+ with your own C compiler. If you just
+ want to use the .exe
file provided for Windows,
+ see the Windows Installation page.
If you are running Redhat Linux you may prefer to use the + rpm instead of the following procedure.
+ +uncompress -c ijb20.tar.Z | tar xf
+ -
Makefile
and make any changes
+ indicated inside.make
junkbstr.ini
, previously called
+ sconfig.txt
and other names in earlier releases) to
+ some convenient place such as
+ /usr/local/lib/junkbuster/configfile
or whatever you
+ choose. The sample file has all the options commented out.
+ You can remove the #
character on any that you
+ want, but it may be better to leave this until to later.
+ Run it asynchronously:junkbuster configfile &
+
+
+ If you are running a version earlier than 2.0 you can
+ start it with junkbuster &
kill
the process and start it again. The
+ most popular option is
+ blockfile to block ads. A
+ sample blockfile is provided as an illustration, but it
+ doesn't really stop many ads. More comprehensive ones are
+ available elsewhere./etc/rc.d/rc.local
or equivalent to start it at
+ boot time. (Any output you specify should be redirected to a
+ file. And don't forget the & at the end to run it
+ asynchronously or your system will seize up after the next
+ reboot.)A .exe
file (binary) is supplied with the
+ source code, but if you prefer to compile it yourself here is
+ the likely procedure. Most of these steps are repeated in our
+ checklist for installation under Windows.
ijb20.zip
(~208k), then uncompress
+ and unpack the zip archive using a tool like WinZip.ijb20
.
+ Go into that folder and then edit the Makefile for your
+ system, removing the comment character (#
) in
+ the lines related to Win32. Then type:nmake
+ junkbstr.exe
. For information
+ on issues with various compilers, see the Distribution
+ Information page.junkbstr
(Version 2.0.1 and above uses the file
+ junkbstr.ini
as the config file if it exists
+ and no argument was given. If you have an earlier version
+ or if you want it to use a different config file, simply
+ specify that file as the argument.)
junkbstr
executable into
+ the StartUp folder:C:\Windows\Start
+ Menu\Programs\StartUp
+ Properties->Shortcut
to Run:
+ Minimized
. If you specify the hide-console option then the
+ DOS window will vanish after it starts.
+
+ WinNT users can put it into their own + StartUp folders or the Administrator can put it into the + system's global StartUp folder. For details on how to make + this a service under NT see our Windows page.
+Pick a page from somewhere (such as your bookmarks, or just
+ one that your browser was pointing to) and
+ Reload it. If you get a message along the lines of ``server
+ not responding, using cached copy instead,'' see the advice
+ above. If the page reloads OK, check that your browser is
+ actually talking to the proxy by going to
+ http://internet.junkbuster.com/cgi-bin/show-proxy-args or any
+ URL ending in show-proxy-args
(as described below,
+ the proxy should intercept the request.) When you see
+ ``Internet Junkbuster Proxy Status,'' you'll know it's
+ working.
You may need the + forwarding feature to ``daisy chain'' the Internet + Junkbuster to another proxy, perhaps an anonymizing proxy to + conceal your IP address, or a caching proxy from your ISP, or a + firewall proxy between your company and the outside world. + Version 2.0 and above can be even configured to forward selectively according to the + URL requested: for example, connecting directly to trusted + hosts, but going through an anonymizing or firewall proxy for + all other hosts.
+ +Network administrators might use + it to provide transparent access to multiple networks without + modifying browser configurations. Most + browsers also provide a way of specifying hosts that the + browser connects to directly, bypassing the proxy. Some provide + a method for Automatic Proxy Configuration. A well written + Internet Junkbuster configuration can be much more flexible and + powerful.
+ +An ISP's caching proxy would typically
+ be called something like cache.your-isp.net:8080
+ (as described on you ISP's web page); you would put this
+ information in your
+ forwardfile as described in our manual. Your browser would
+ be configured to the Internet Junkbuster for HTTP and Security
+ Proxies as before, but you probably want to tell it to use the
+ caching proxy for FTP and other protocols.
+ If your ISP is running the Internet Junkbuster for you,
+ they have probably already decided whether to chain with a
+ caching proxy.
There is support for some gateways in Version 1.4 and above.
+ The gateway protocol used to be specified on the command line;
+ it is now specified in the same file as forwarding. Note that the
+ browser's proxy configuration must not specify a
+ SOCKS
host; it should specify the proxy as
+ described above.
To get the proxy to do as little as possible (which means
+ not deleting any sensitive headers), place in your
+ configuration file the following three lines (each ending in a
+ space then a period) to stop it changing sensitive headers:
+ referer .
+ from .
+ user-agent .
+ cookiefile mycookiefile
+ The fourth line is also needed to specify a cookiefile that might be called
+ mycookiefile
containing a single line with a
+ *
character, to allow all cookies through.
It depends on your platform.
+ +
+ kill
the junkbuster
process. If you don't know the process number to give
+ to kill
, try this:ps ax | grep junkbuster
We've seen only a few public comments from the advertising + industry on this, other than SEC filings. First, the president + of the Internet Advertising Bureau told CNET that he wasn't + worried by banner blockers. Second, after the Federal Trade + Commission's workshop where we gave a live demonstration of our + proxy before many eminent representatives of the industry, the + Direct Marketing Association made the following statement in + the closing paragraphs of their summary comments to the + Commission.
+ ++ Clever shareware developers have come up with products that + can obliterate cookies and advertisements for those consumers + who have these concerns. The Internet is a market that is so + democratic and flexible that it is easy for companies and + software developers to respond to a perceived market need. ++ +
Their attitude seems to be that they would prefer that + people use technical solutions to protect their privacy than + have protections imposed by legislation or government + regulations. So, do you perceive a market need? Then here are + some ways to flex your democratic muscles.
+ +That depends. Try this quick three-point test.
+ +If the answer to all three questions is yes, then you + probably don't have any need for this kind of product.
+ +Yes, ask us for a quote on a maintenance contract with your + choice of phone and email support, hard copy documentation, + source code and pre-compiled binaries on tape or disk, and + email alerting of upgrades and issues. We also offer consulting + services to help set up ``stealth browsing'' capabilities to + help reduce the footprints left while doing competitive + analysis and other Web work where confidentiality is + critical.
+ +Many ISPs who offer the proxy to their customers have told + us that most of their customers are delighted with it (although + one reported that a customer complaint that without banner ads, + surfing was like reading a novel: we recommend making it + optional). Many ISPs like it because it reduces bandwidth + requirements. To help get you started, here's a checklist we've + developed from working with a few ISPs. You may think of more, + and we'd be interested if you're willing to share them with + us.
+ +*
in it), User Agent specified as Lynxour-isp.net.
But it would probably be
+ safer to put an entry in your name server and call it
+ something like junkbuster.our-isp.net.
If
+ running several proxies, you could either use different ports
+ on the same machine, or if you have the opportunity to
+ distribute the load over a few machines you could use
+ different hostname aliases such as
+ banner.junkbuster.our-isp.net
,
+ lynx.junkbuster.our-isp.net
and
+ oneway.junkbuster.our-isp.net
(corresponding to the
+ examples in the previous point). You may want to set up
+ Automatic Proxy Configuration.
+ blocklist.html
or
+ blocklist.txt
).The sample blockfile we provide blocks almost nothing, and
+ we do not publish blockfiles that stop almost all banner ads.
+ But others have; you can find them by asking Google. You can
+ add any part of the new file to your old one (probably called
+ sblock.ini
if you haven't changed the default name
+ in the latest version) or your just replace it completely. You
+ probably don't need to restart the proxy.
If you develop an interesting blocklist + and publish it on the Web, you might want to include the word + ``junkbuster'' in it and use the word ``blocklist'' in the file + name given in the URL so that others can find it with the query + given in the previous sentence.
+ +If your ISP is running the Internet Junkbuster, they should + have a policy on whether they accept suggestions from their + customers on what to block. Consult their web page.
+ +If you are running the Internet + Junkbuster yourself, you have complete control over what gets + through. Just add a pattern to cover the offending URL to your + blockfile. Version 1.3 and later automatically rereads the + blockfile when it changes, but if you're running an earlier + version you'll have to stop it and restart it.
+ +To choose a pattern you'll first need + to find the URL of the ad you want cover.
+ +Some people use the debug 1
option to display
+ each URL in a window as the request is sent to the server. It's
+ then usually an easy task to pick the offending URL from the
+ list of recent candidates.
Alternatively, you can use View Document Info (or View Document
+ Source if your browser doesn't have that). The Info feature has the advantage of showing you the full
+ URL including the host name, which may not be specified in the
+ source: there you might see something like
+ SRC="/ads/click_here_or_die.gif"
indicating only the
+ path. (The host name is assumed to be the same
+ as the one the page came from.)
But ads often come from a different
+ site, in which case you might see something like
+ SRC="grabem.n.trackem.com/Ad/Infinitum/SpaceID=1666"
or
+ longer. If the company looks like a
+ pure ad warehouse (as in the last case), you may want to place
+ just its domain name in the blockfile, which blocks all URLs
+ from that site.
If the ad comes from a server that you
+ really want some content from, you can include enough of the
+ path to avoid zapping stuff you might want. In the first
+ example above, /ads/
would seem to be enough. If
+ you don't include the domain name, the pattern applies to all
+ sites, so you don't want such patterns to be too general: for
+ example /ad
would block
+ /admin/salaries/
on your company's internal site.
To speed the blocking of images, some
+ UNIX ® users create a shell script called
+ Image:
containing a line such as echo $1 | sed
+ s/http:..// >> $HOME/lib/blockfile
that adds its
+ argument to the user's blockfile. Once an offending image has
+ been be found using View Document Info it's
+ easy to cut-and-paste the line (or part of it) into a shell
+ window. The same script can be linked to a file called
+ Frame:
to dealing with framed documents, and
+ junkbuster:
to accept the output of the debug option.
When compiled without the
+ regular expressions option, the Internet Junkbuster
+ uses only very simple (and fast) matching methods. The pattern
+ /banners
will not stop
+ /images/banners/huge.gif
getting through: you would have
+ to include the pattern /images/banners
or
+ something that matches in full from the left.
+ So you can get what you want here, the matcher understands
+ POSIX regular expressions: you can use
+ /*.*/banners
to block and any URL containing
+ /banners
(even in the middle of the path). (In Versions 1.1 through 1.4 they were an option at
+ compile time; from Version 2.0 they have become the default.)
+ Regular expressions give you many more features than this, but
+ if you're not already familiar with them you probably won't
+ need to know anything beyond the /*.*/
idiom. If
+ you do, a man egrep
is probably a good starting
+ point).
Don't forget the /
(slash)
+ at the beginning of the path. If you leave it out the line will
+ be interpreted as a domain name, so ad
would block
+ all sites from Andorra (since .ad
is the
+ two-letter country code for that principality).
For a detailed technical description of + how pattern matching is done, see the manual.
+ +If the ad had been displayed before you included its URL in
+ the blockfile, it will probably be held in cache for some time,
+ so it will be displayed without the need for any request to the
+ server. Using the debug
+ 1
option to show each URL as it is fetched is a good way
+ to see exactly what is happening.
If new items seem to be getting + through, check that you are really running the proxy with the + right blockfile in the options. Check the blockfile for + exceptions.
+ +Some sites may have different ways of + inserting ads, such as via Java. If you have ideas on how to + block new kinds of junk not currently covered, please tell + us.
+ +You can change the patterns so they don't cover it, or use a
+ simple feature in Version 1.1 and later: a line beginning with
+ a ~
character means that a URL blocked by previous
+ patterns that matches the rest of the line is let through. For
+ example, the pattern /ad
would block
+ /addasite.html
but not if followed by
+ ~/addasite
in the blockfile. Or suppose you want to see
+ everything that comes from a site you like, even if it looks
+ like an ad: simply put ~aSiteYouLike.com
at the
+ end of the blockfile. (Order is important, because the
+ last matching line wins.)
As well as unblocking pages that were + unintentionally blocked, this feature is useful for unblocking + ads from a specific source. This might be because you are + interested in those particular ones, or if you have an explicit + agreement to accept certain ads, such as those from a free + web-based email provider.
+ +If you want to find out exactly which + pattern in the blockfile a given URL matched, just click on the + words ``Internet Junkbuster'' which are displayed alone on a + page when your browser requests a blocked URL. The proxy + displays a message that pinpoints the pattern for you.
+ +Yes, but remember that children who are + technically sophisticated enough to use the browsers' proxy + configuration options could of course bypass any proxy. This + kind of technology can be used as a gentle barrier to remind or + guide the child, but nobody should expect it to replace the + parent's role in setting and enforcing standards of online + behavior for their children.
+ +Some ISPs are starting to provide + specialized proxies to protect children. There are two basic + approaches: the ``black list'' and the ``white list'' approach. + The black list approach allows the child + to go anywhere not explicitly prohibited; the white list + permits visits only to sites explicitly designated as + acceptable.
+ +It's very easy for anyone to compile
+ a white list from a page of ``recommended kids sites'' and to
+ configure an Internet Junkbuster to allow access to those sites
+ only. (If you publish such a list on the web, please tell us
+ its URL). Assuming your version isn't an old one without regex,
+ you can place a *
(asterisk) as the first line of
+ the blockfile (which blocks everything), and then list
+ exceptions after that. Be careful to make the exception
+ sufficiently broad: for example, using
+ ~www.uexpress.com/ups/comics/ch/
as the exception for
+ Calvin and Hobbes would block some of the graphic
+ elements on the page; you would probably want a wider exception
+ such as ~www.uexpress.com/ups/
to permit them.
Version 2.0 has an experimental feature + to permit only sites mentioned in a nominated trusted site. This allows + organizations to build lists of sites for kids to browse, and + the software automatically restricts access to those on the + list.
+ +Many filtering products actually scan for + keywords in the text of pages they retrieve before presenting + it, but the Internet Junkbuster does not do this. Building a + perfectly reliable black list system is hard, because it's very + difficult to state in advance exactly what is obscene or + unsuitable. For more info see our links page.
+ +You usually see a broken image icon, but it depends on + several factors beyond the proxy's control. If asked for a URL + matching its blockfile, the proxy returns an HTML page + containing a message identifying itself (currently the two + words ``Internet Junkbuster'') with a status 202 (Accepted) + instead of the usual 200 (OK). (Versions 1.X returned an error + 404: Forbidden, which caused strange behavior in some cases.) + Status 202 is described in the HTTP RFC as indicating that the + request has been accepted but not completed, and that it might + complete successfully in the future (in our case, if the + blockfile were changed).
+ +The broken image icon is most common
+ because the browser is usually expecting a graphic. But if it
+ was expecting text, or if the page happens to be using certain
+ HTML extensions such as layer
and your browser is
+ a late model from Microsoft, you may see the words ``Internet
+ Junkbuster'' displayed as a hot link.
Clicking on the link takes you to an
+ explanation of the pattern in the blockfile that caused the
+ block, so that you can edit the blockfile and go back and
+ reload if you really want to see what was blocked. The
+ explanatory link is generated by the proxy and is automatically
+ intercepted based on its ending in ij-blocked-url
;
+ even though the site is specified as
+ http://internet.junkbuster.com
no request should
+ actually made to that site. If one is, it means that the proxy
+ was been removed after it generated the link.
To summarize: the identifying link to + the blocking explanation is usually turned into a broken image + icon, but it may be displayed on a page alone, or they may may + be restricted to the particular frame, layer or graphic area + specified in the page containing them. The proxy has no way of + knowing the context in which a URL will be used and cannot + control how the blocking message will be rendered.
+ +Many users have suggested to us that + blocked banners should be replaced by a something like a 1x1 + transparent GIF to make the page would look as if there was + nothing ever there. Apart from making it harder to catch + unintended blocking, this might also displease the owners of + the page, who could argue that such a change constitutes a + copyright infringement. We think that merely failing to allow + an included graphic to be accessed would probably not be + considered an infringement: after all this is what happens when + a browser is configured not to load images automatically. + However, we are not lawyers, so anyone in doubt should take + appropriate advice.
+ +In a context where the copyright issue is
+ resolved satisfactorily, a proxy could simply return a status
+ 301 or 302 and specify a replacement URL in a
+ Location
and/or URI
header. An alternative
+ would be to use inline code to return a 1 x 1 clear GIF. We do
+ not publish sample code for this, and we have no way of
+ stopping others who have.
Many users have pointed out that most banner ads come in
+ standard sizes, so why not block all GIFs of those sizes? This
+ would theoretically be without fetching the object because the
+ dimensions are usually given in the IMG
tag, but
+ it would require substantial changes in the code, and we doubt
+ whether it would be much more effective than a good block
+ list.
The Internet Junkbuster deliberately does not provide a way + of automatically editing the contents of a page, to remove + textual advertising or to repair the holes left by blocked + banners. Other packages such as WebFilter do.
+ +For the same reason, it has no way of
+ stopping a new browser window being created, because this is
+ done through the target
attribute in the
+ <a>
and <base>
elements, not
+ through headers. Nor do we plan to add a feature to paralyze
+ animated GIFs.
We haven't tried it but we expect it would probably work on + image ads on push channels. See also adchoice.
+ +Disabling Javascript stops some pop-up + ads. One problem is that some advertisers throw open a new + browser window to frame the ad. The ad is easily blocked, but + the empty window remains. You can kill it easily, but this is a + chore. We don't see how to stop them other than editing the + HTML from the parent window, which we don't like to do.
+ +The TBTF newsletter warned subscribers to + push information that in IE4, LOGTARGET + allows servers to determine the URLs viewed at their site even + if accessed from cache or through a proxy. If you use this + browser see our instructions on how to disable this.
+ +If you find you have experience using + the proxy with push, or have any other advice about it, please + tell us.
+ + + +For background information on cookies see our page + describing their dangers.
+ +Yes, you should expect the occasional cookie to make it + through to your browser. We know of at least three ways this + can happen; please tell us if you find any others. One way is + in secure documents, which are explained below.
+ +A few sites set cookies using a line
+ such as <META HTTP-EQUIV="Set-Cookie"
+ CONTENT="flavor=chocolate">
in the HEAD
+ section of an HTML document. Cookies
+ can also be
+
+ set and read in JavaScript. To see if this is happening in a
+ document, view its source, look in the head
for a
+ section tagged script language="JavaScript"
. If it
+ contains a reference to document.cookie
, the page
+ can manipulate your cookie file without sending any cookie
+ headers. The Internet Junkbuster does not tamper with these
+ methods. Fortunately they are rarely used at the moment. If a
+ cookie gets set, it should be stopped by the proxy on its way
+ back to the server when a page is requested, but it can still
+ be read in Javascript.
To prevent cookies breaking through, + always keep cookie alerts turned on in your + browser, and disable Java and Javascript. Making the files hard + to write may also help.
+ +When a web site's server sends you a page it also sends
+ certain ``header information'' which your browser records but
+ does not display. One of these is a Set-Cookie
+ header, which specifies the cookie information that the server
+ wants your browser to record. Similarly, when your browser
+ requests a page it also sends headers, specifying information
+ such as the graphics formats it understands. If a cookie has
+ previously been set by a site that matches the URL it is about
+ to request, your browser adds a Cookie
header
+ quoting the previous information.
For more background information on how
+ cookies can damage your privacy, see our page on cookies. For
+ highly detailed technical information see the RFC. The Internet
+ Junkbuster will show you all headers you use the debug 8
option, or you can
+ get a sample from our demonstration page.
Possibly. Some personalized services including certain + chat rooms require cookies. + Newspapers that require + + registration or + + subscription will not automatically recognize you if you don't + send them the cookie they assigned you. And there are a very + small number of sites that do strange things with cookies; they + don't work for anyone that blocks cookies by any means. Some + sites such as Microsoft explain that their content is so + wonderfully compelling that they will withhold it from you + unless you submit to their inserting cookies.
+ +Many free Web-based email services
+ require cookies. Hotmail also seems to require allowing both
+ msn.com
and passport.com
to set
+ cookies.
If you want such sites to be given your + cookies, you can use the + cookiefile option provided you are running Version 1.2 or + later yourself. Simply include the domain name of those sites + in the cookiefile specified by this option. If it still + doesn't work, the problem may be in other headers.
+ +It's possible to let cookies out but not
+ in, which is enough to keep some sites happy, but not all of
+ them: one newspaper site seems to go into an endless frenzy if
+ deprived of fresh cookies. A cookiefile containing a single
+ line consisting of the two characters >*
+ (greater-than and star) permits server-bound cookies only. The
+ *
is a wildcard
+ that matches all domains.
If someone else is running the Internet + Junkbuster for you and has a version that + passes server-bound + cookies through, you can try editing your browser's cookie file + to contain just the ones you want, and restart your browser. To subscribe to a new service like this after + you have started using the Internet Junkbuster, you can try the + following: tell your browser to stop using the Internet + Junkbuster, fill out and submit your subscription details + (allowing that web site to set a cookie), then reconfigure your + browser to use the Internet Junkbuster again (and stop more + cookies being sent). This also requires the cookiefile option, and its success + depends on the Web site not wanting to change your cookies at + every session. For this reason it does not work at some major + newspaper sites, for example. But you may + prefer to look at whether other sites provide the same or + better services without demanding the opportunity to track your + behavior. The web is a buyer's market where most prices are + zero: very few people pay for content with money, so why should + you pay with your privacy?
+ +Yes, since version 1.2 the Internet + Junkbuster has included advanced cookie management facilities. + Unless you specify otherwise, cookies are discarded + (``crumbled'') by the Internet Junkbuster whether they came + from the server or the browser. In Version 1.2 and later you + can use the cookiefile + option to specify when cookies are to be passed through intact. + It uses the same syntax and + matching algorithm as the blockfile.
+ +If the URL matches a pattern in the
+ cookiefile then cookies are let through in both
+ the browser's request for the URL and in the server's response.
+ One-way permissions can be specified
+ by starting the line with the >
or
+ <
character. For example, a cookiefile consisting of
+ the four lines
+ org
+ >send-user-cookies.org
+
+ <accept-server-cookies.org
+ ~block-all-cookies.org
+ allows cookies to and from .org
domains only,
+ with the following exceptions:
+
send-user-cookies.org
are blocked on their way
+ to the client, but cookies sent by the browser to that domain
+ are still be fed to them.
+ accept-server-cookies.org
check in to the proxy and
+ are passed through to the browser, but when they come back to
+ the proxy they never check out.
+ block-all-cookies.org
are blocked.If the junkbuster
+ was compiled with the regular expressions option they may be
+ used in paths. Any logging to a ``cookie jar'' is separate and
+ not affected.
It's important to give hosts you want
+ to be able to set cookies sufficient breadth. For example,
+ instead of www.yahoo.com
use
+ yahoo.com
because the company uses many different hosts
+ ending in that domain.
Yes, using the wafer option. + We coined the term wafer to describe cookies + chosen by a user, not the Web server. Servers may not find + wafers as tasty as the cookies they make themselves. But users + may enjoy controlling servers' diets for various reasons, such + as the following.
+ +++ Any company that tries to argue in court that the proxy + site was breaching their copyright in the cookies would be + met with the defense that the proxy site gave that company + the opportunity to protect its copyright by simply not + sending cookies after receiving the notice. + +TO WHOM IT + MAY CONCERN
+
+
+ Do not send me any copyrighted information other than + the document that I am requesting or any of its necessary + components.
+
+ In particular do not send me any cookies that are + subject to a claim of copyright by anybody. Take notice + that I refuse to be bound by any license condition + (copyright or otherwise) applying to any cookie.
Cookies can be as long as four
+ thousand characters, so there's plenty of space for
+ lawyerly verbosity, but white space, commas, and
+ semi-colons are prohibited.
+ Spaces can be turned into underscores. Alternatively, a URL
+ could be sent as the cookie value, pointing to a document
+ containing a notice, perhaps with a suggestive value such
+ as
+
+ http://www.junkbusters.com/ht/en/ijbfaq.html#licenses_on_cookies_refused
+
+ But including the notice directly would probably be
+ preferable because the addressee does not have to look it
+ up.
The Internet Junkbuster 2.0.2 + currently sends a full notice as a ``vanilla wafer'' if + cookies are being logged to a cookie jar and no other + wafers have been specified. It can be suppressed with the + + suppress-vanilla-wafer option, which might be used in + situations where there is an established understanding + between the proxy and all who serve it.
+Junkbusters provides a CGI script that + lets you see your wafers as they appear to servers.
+ +Wafers confuse a few fragile + servers. Hotmail appears to be one of them. If this troubles + you, don't use this option.
+ +Any wafers specified are sent to
+ all sites regardless of the cookiefile.
+ They are appended after any genuine cookies, to maintain
+ compliance with RFC 2109 in the event that a path was specified
+ for a cookie. The RFC's provisions regarding the $
+ character (such as the Version
attribute) are
+ transparent to the proxy; it simply quotes what was recited by
+ the browser.
If you want to send wafers only to + specific sites, you could try putting them your browser's + cookie file in a format conforming to the Netscape + specification, and then specify in the proxy's cookiefile that + cookies are to be sent to but not accepted from those sites, so + they can't overwrite the file. This may work with Netscape but + not all other browsers.
+ +We provided this capability just in case anyone wants it. + There are a few possible reasons.
+ +For details on how your identity can be revealed while you
+ surf, see our page on privacy. Once you start using the
+ Internet Junkbuster you should find that much of the
+ information previously indicated on that page will no longer be
+ provided. If the REMOTE HOST
indicating your IP
+ address is too close for comfort, see our suggestions below on
+ how to conceal your IP address. We also recommend that you
+ disable JavaScript and Java.
No. Your chances of remaining anonymous are improved, but + unless you are an expert on Internet security it would be + safest to assume that everything you do on the Web can be + attributed to you personally.
+ +The Internet Junkbuster removes various + information about you, but it's still possible that web sites + can find out who you are. Here's one way this can happen.
+ +A few browsers disclose the user's email + address in certain situations, such as when transferring a file + by FTP. The Internet Junkbuster 2.0.2 does not filter the FTP + stream. If you need this feature, or are concerned about the + mail handler of your browser disclosing your email address, you + might consider products such as NSClean.
+ +Browsers downloaded as binaries could + use non-standard headers to give out any information they can + have access to: see the manufacturer's license agreement. It's + impossible to anticipate and prevent every breach of privacy + that might occur. The professionally paranoid prefer browsers + available as source code, because anticipating their behavior + is easier.
+ +You shouldn't have to trust us, and you certainly don't have + to. We do not run the proxy as a service, where we could + observe your online behavior. We provide source code so that + everyone can see that the proxy isn't doing anything + sneaky.
+ +You are already trusting your ISP not to + look at an awful lot of information on what you do. They + probably post a privacy policy on their site to reassure you. + If they run a proxy for you, using it could actually make it + slightly easier for them to monitor you, but we doubt that any + sane ISP would try this, because if it were discovered + customers would desert them.
+ +We don't want institutions to use this software as an + instrument of surveillance. We have deliberately not provided + options to add timestamps or records of which IP addresses + accessed which URLs. However, because we publish source code + anyone can modify it to do such things, and there is no way a + remote user can find out if this is happening. Again, you need + to be able to trust the entity providing your proxy service, + but you were probably in that position even before using a + proxy.
+ +The Internet Junkbuster pounces on the following HTTP + headers in requests to servers, unless instructed otherwise in + the options.
+ +FROM
header, which a
+ few browsers use to tell your email address to servers, is
+ dropped unless the from option
+ is set.USER_AGENT
header is changed to indicate that the browser is
+ currently Mozilla (Netscape) 3.01 Gold with an unremarkable
+ Macintosh configuration. Misidentification helps resist
+ certain attacks. If your browser and hardware happen to be
+ accurately identified, you might want to change the default.
+ (Earlier versions of the Internet Junkbuster indicated
+ different details; by altering them periodically we aim to
+ hinder anyone trying to infer whether our proxy is present.)
+ If you don't like the idea of incorrectly
+ identifying your computer as a Mac, set it accordingly.
+ REFERER
header
+ (which indicates where the URL currently being requested was
+ found) is dropped. A single static referer to replace all
+ real referers may be specified using the referer option. Where no referer is
+ provided by the browser, none is added; the add-header option with arguments
+ such as -x 'Referer: http://me.me.me'
can be
+ used to send a bogus referer with every request.In Version 1.4 and later you can use the -r @ option to selectively disclose
+ REFERER
and USER_AGENT
to only those
+ sites you nominate.
Some browsers send Referer and User-Agent
+ information under different non-standard headers. The Internet
+ Junkbuster 2.0.2 stops UA
headers, but others may
+ get through. This information is also available via JavaScript,
+ so disable it. Some search engines
+ encode the query you typed in the URL that goes to advertisers
+ to target a banner ad at you, so you will need to block the ad
+ as well as the referer header, unless you want them (and anyone
+ they might buy data from) to know everything you ever search
+ for.
If you have JavaScript enabled (the + default on most browsers) servers can use it to obtain Referer + and User Agent, as well as your plug-ins. We recommend + disabling JavaScript and Java.
+ +Currently no HTTP response headers
+ (browser bound) are removed, not even the
+ Forwarded:
or X-Forwarded-For:
headers. Nor
+ are any added, unless requested.
+ We are considering a more flexible header management system for
+ a future version.
Possibly. If used with a browser less advanced than Netscape + 3.0 or IE-3, indicating an advanced browser may encourage pages + containing extensions that confuse your browser. If this + becomes a problem upgrade your browser or use the user-agent option to indicate an + older browser. In Version 1.4 and later you can selectively + reveal your real browser to only those sites you nominate.
+ +Because different browsers use + different encodings of Russian and Czech characters, certain + web servers convert pages on-the-fly according to the User + Agent header. Giving a User Agent with the wrong operating + system or browser manufacturer causes some sites in these + languages to be garbled; Surfers to Eastern European sites + should change it to something + closer.
+ +Some page access counters work by + looking at the referer; they may fail or break when + deprived.
+ +Some sites depend on getting a referer
+ header, such as uclick.com
, which serves comic
+ strips for many newspaper sites, including
+ Doonsbury for the Washington Post. (If you
+ click on that last link, you can then get to a page containing
+ the strip via the same URL we've linked to under
+ Doonsbury, but if you click on the
+ Doonsbury link directly, it gives you an error message
+ suggesting that you use a browser that supports referers.) In
+ Version 1.4 and later you can use the -r @ option and place a line like
+ >uclick.com
in your cookiefile. Wired News used to
+ use referer to decide whether to add a navigation column to the
+ page, but they have changed that.
The weather maps of Intellicast
+ have been blocked by their server when no referer or cookie is
+ provided. You can use the same countermeasure with a line such
+ as >208.194.150.32
(or simply get your weather
+ information elsewhere).
Some software vendors, including
+ Download.com and Intuit use USER_AGENT
to decide
+ which versions of their products to display to you. With the
+ default you get Mac versions.
As a last resort if a site you need + doesn't seem to be working, the proxy configuration of many + browsers allow you to specify No Proxy For + any hostname you want.
+ +We had reports that on some versions of + Netscape the What's New feature did not work with the proxy, + but we think we fixed this in Version 2.0.1.
+ +Almost every major release of both leading browsers has + contained bugs that allow malicious servers to compromise your + privacy and security. Known bugs are quickly fixed, but + millions of copies of the affected software remain out there, + and yours is probably one of them. The header that normally + identifies your browser tells such servers exactly which + attacks to use against you. By misidentifying your browser you + reduce the likelihood that they will be able to mount a + successful attack.
+ +Web sites get the IP address of any proxy or browser they + serve pages to. If you run the proxy on your own computer the + IP address disclosed is the same as your browser would, unless + you use the forwardfile + option is used to chain to another proxy, in which case servers + only get the last IP address in the chain. Chaining slightly + slows browsing of course, but it improves anonymity.
+ +We think so, provided you are not the user running the
+ proxy. If your computer (or your ISP's) is running the
+ identd
demon, servers can ask it for the identity of the
+ user making the request at time you request a page from them.
+ But if you're going through a proxy, they will identify the
+ user name associated with the proxy, not you. A visit to
+ http://ident.junkbusters.com lets you see what's happening.
+ This test is (quite rightly) blocked by many firewalls; just
+ interrupt the transfer if you get an abnormal wait after
+ clicking. Running other applications may also expose you via
+ identd
; the proxy of course doesn't help then.
With the default options the proxy doesn't announce itself. + Obvious indications such as Keep-Alive headers are deleted, but sites might notice that you + can cancel cookies faster than any human could possibly click + on a mouse. (If you want to provide a plausible explanation for + this, change the User Agent header to a cookie-free or + cookie-crunching browser).
+ +But when certain options are used they + could figure out something's going on, even if they're not + pushing cookies. If you use blocking they can tell from their + logs that the graphics in their pages are not being requested + selectively. The + add-forwarded-header option explicitly announces to the + server that a proxy is present, and sending them wafers is of + course a dead giveaway.
+ + + +If you enter a ``Secure Document Area,'' cookies and other
+ header information such as User Agent and Referer are sent
+ encrypted, so they cannot be filtered. We recommend getting
+ your browser to alert you when this happens. (On Netscape: Options; Security; General; Show an alert before entering a
+ secure document space.) We also recommend adding the line
+ :443
to the blockfile to stop all but sites
+ specified in an exception after that line from using SSL.
It may be possible to filter encrypted + cookies by combining the blocking proxy with a cryptographic + proxy along the lines of SafePassage, but we have not tried + this.
+ +We're not security experts, but we don't think so. The whole + point of SSL is that the contents of messages are + + encrypted by the time they leave the browser and the server. + Eavesdroppers (including proxies) can see where your messages + are going whether you are running a proxy or not, but they only + get to see the contents after they have been encrypted.
+ +Yes, we added an access + control file in Version 2.0. But before you use it please + consider why you want to do it. If the reason is security, it + probably means you need a firewall.
+ +The listen-address option provides + a way of binding the proxy to a single IP address/port. The + right way to do this is to choose a port inside your firewall, + and deny access to it to those outside the firewall. The + Internet Junkbuster is not a firewall proxy; it should not be + expected to solve security problems.
+ +For background information on + firewalls, see Yahoo or a magazine article or these well-known + books: Firewalls and Internet Security: Repelling the + Wily Hacker by William R. Cheswick and Steven M. + Bellovin or Building Internet Firewalls by D. + Brent Chapman and Elizabeth D. Zwicky. There's + + free Linux software available, and a large number of commercial + products and services. For an excellent security overview, + primer, and compendium reference, see Practical Unix and + Internet Security by Simson Garfinkel and Gene + Spafford.
+ +Yes. As with any service offered over the Internet, hackers + can try to misuse it. A well-run ISP will have professionals + who are experienced at assessing and containing these + risks.
+ +It's possible to set up your machine + so that other people can have access to your proxy, but if you + lack expertise in computer security you probably shouldn't have + your computer configured to offer this or any other service to + the outside world.
+ +Hackers can attempt to gain access to
+ the machine by various attacks, which we have tried to guard
+ against but don't guarantee to thwart. They can also use the
+ ``anonymizing'' quality of proxies to try to cover their tracks
+ while hacking other computers. For this reason we recommend
+ preventing it being used as an anonymous telnet
by
+ putting the pattern :23
in the blockfile (it's
+ included as standard equipment). (Actually the current
+ implementation incidentally blocks telnet due to the way
+ headers are handled, but it's best not to rely on this.) If you
+ wish to block all ports except the default HTTP port 80, you
+ can put the lines
+ :
+ ~:80
+ at the beginning of the blockfile, but be aware that some
+ servers run on non-default ports (e.g. 8080). You might also
+ want to add the line ~:443
to allow SSL.
On UNIX ® systems it is neither + necessary nor desirable for the proxy to run as root.
+ +Versions 2.0.1 and below may be + vulnerable to remote exploitation of a memory buffer bug; for + security reasons all users are encouraged to upgrade.
+ +If you find any security holes in the + code please tell us, along with any suggestions you may have + for fixing it. However, we do not claim that we will be able to + do so.
+ +We distribute this code in the hope + that people will find it useful, but we provide no warranty for + it, and we are not responsible for anyone's use or misuse of + it.
+ +You may also want to check back + periodically for updated versions of the code. We do not + currently maintain a mailing list. To get quick updates, + bookmark our Distribution Information page.
+ + + ++ Website · + Manual · FAQ · GPL
+ ++ Copyright © 1996-8 Junkbusters ® + Corporation. Copyright © 2001 + Jon + Foster. Copying and distribution permitted under the GNU General Public + License.
+ + + +