X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fijbfaq.html;h=f9168a68d2783d47eafbd9b57648c2dbd527af82;hb=ae361fd41bf05e7eb5374150e1c6ddef75a03e9d;hp=ab7e7989f339d06152cd3918e7b3143d8f259df0;hpb=c75584ebcc79f939fb4ec9c8f842cef6692640c7;p=privoxy.git diff --git a/doc/ijbfaq.html b/doc/ijbfaq.html index ab7e7989..f9168a68 100644 --- a/doc/ijbfaq.html +++ b/doc/ijbfaq.html @@ -1,3186 +1,1999 @@ - + + + - - - - - - - - - - -Internet Junkbuster Frequently Asked Questions - - - - - - - - - - -

Internet JUNKBUSTER Frequently Asked Questions -

- - -

-Download for UNIX - - · (Download for Windows 95/NT) - - · (Other OS) - - · Configuring Browsers - - · Installation - - · For Companies - - · Blocking - - · Cookies - - · Anonymity - - · Security - - · (Technical Manual) -

-
- -

-The Top Ten Questions - -

- -
For a list of the questions on this page (without the answers), -see our -Table of Contents. -It also contains detailed pointers into our pages -on -cookies -and on busting -junk e-mail, -junk mail -and -telemarketing calls. - -

-What is the Internet Junkbuster Proxy and what does it do for me? -

-The -Internet Junkbuster -Proxy -^TM -is -free -privacy-enhancing software that can be run on your PC or by your -ISP -or company. -It blocks requests for -URLs -(typically banner ads) -that match its -blockfile. -It also deletes unauthorized -cookies -and other -unwanted identifying -header information -that is exchanged between web servers and browsers. -These headers are not normally accessible to users -(even though they may contain information that's important to your privacy), -but with the -Internet Junkbuster -you can see almost -anything you want -and control everything you're likely to need. -You -decide what's junk. -^SM -Many people -publish -their blockfiles to help others get started. -

- -

-Is there a license fee / warranty / registration form / expiration? -

-No, none of these. -It's completely free of charge. -Junkbusters -offers you the software to copy, use, modify and distribute -as you wish, forever, at -no charge -under the -GNU General Public License. -

-It comes with -no warranty of any kind. -

-You don't have to register, -in fact we don't even provide a way to do so: -the practice of registering software is -usually just an -excuse -to send you solicitations and -sell your name -and information about your behavior. -You are welcome to obtain and use our software as anonymously you wish. -(Your -IP -address will naturally be -disclosed -when you download it, -so if you work for a web ad company -you might want to use a service such as the -lpwa.com -when you get it. -We -never -want to be given any information that you consider private or confidential.) -

-We are often asked why we give away a product that many -would happily pay for. -The answer is that we are determined to carry out our -mission: -to free the world from junk communications. -

- -

-Does it run on Windows? On a Mac? On the AOL browser? -

-For the latest information on availability, see the -Distribution Information -page. -We -don't -think it will ever run on -Windows 3.1. -But you don't need to have it running on your computer -if you get your -ISP -or Systems Administrator at -work -to run it. -

- -

-How can I get my ISP to run the Internet Junkbuster? -

-Try their sales or support department -(depending on whether you are already a customer). -You might send them email including the following -URL: -
- http://www.junkbusters.com/ht/en/ijbfaq.html#isps -
-You could mention that many -other -ISPs -provide it, -and that you regard it as an important part of your decision on -where to buy Internet service. -

- -

-Who chooses the options that control what is blocked? -

-Whoever starts the -Internet Junkbuster -chooses the options and the blockfile. -If your -ISP -runs it for you, they have to make these decision -(though -some -may give you a choice of proxies, -and a way to suggest new -URLs -to block). -If you run it on your computer, -You -decide what's junk. -^SM -

- -

-How do I download and run the program on my computer? -

-It depends on your platform. -If you are using Windows 95 or NT, -see our separate page on -installing under Windows. -If you have a C compiler and are using almost any flavor of -UNIX ® -you -download it, compile it, start it running, -and then -configure your browser. -Several precompiled packages are also available through links in our -distribution page, -which lists all available platforms. -

-If you are using a platform for which we have no current -availability, -you are welcome to port the code. -If you do this and you would like us to consider publishing your ported version, -please -tell us. -

- -

-How can I tell which blockfile and options are being used? -

-Just point your browser to -http://internet.junkbuster.com/cgi-bin/show-proxy-args -or to any -URL -ending in -show-proxy-args -(even if it doesn't exist). -It needn't exist because the -Internet Junkbuster 2.0 -intercepts the request, blocks it, -and returns in its place -information about itself. -Using the -URL -above is useful for checking that your browser really is -going through an -Internet Junkbuster, -because the -junkbuster.com -server returns a warning if the request actually gets to it. -Some people set the home page of their browser to such a -URL -to be sure that it is configured to use the proxy. -

-If you wish to check the header information -your proxy is actually sending, -a visit to -http://internet.junkbuster.com/cgi-bin/show-http-headers -will give you the more relevant ones first. -You might also like to turn the proxy -off -and compare the difference. (Don't forget to turn it back on again.) -

- -

-My browser started giving me ``server not responding'' messages -

-Once your browser is told to use a proxy such as the -Internet Junkbuster, -it thinks of it as its server for everything, -so this message means it can't talk to the proxy. -The -Internet Junkbuster -may not be running, -or you may have specified its proxy -address -incorrectly. -Check that the details you entered are correct. -If you have -telnet -you can try connecting to the appropriate port to see if the -Internet Junkbuster -is running. -If your -ISP -is running the -Internet Junkbuster, -you may want to check with them. -If you are running it yourself under -UNIX ®, -try looking at a -ps ax -to see if it is running. -The -port -specified in its options should be the same one as your -browser has configured. -

- -

-I've got this great idea for a new feature. Who do I tell? -

-We'd be very interested to hear it, but please bear a few things in mind. -

-Please check this FAQ to see if we've already considered -the idea, -such as -automatic detection -of banner ads -and -replacing ads -with something else such as a -transparent -GIF. -
-Don't tell us anything you want to keep confidential -or retain some right over. -
-We currently have a -long wish list of things that we may or may not do -in the near future, including -a version for your favorite computer and a plug-in version. -
-If you don't want to wait -you're welcome to improve on our code, publish your version on the Web, -and -tell us -where to find it. -Projects that are especially welcome -include -a port to the Mac -and extensions for -HTTP -1.1. -

- -

-My question isn't listed here. Who do I ask for support? -

-If you find using our free product -harder than you're used to for consumer software, -there are many -commercial alternatives -that you could consider. -

-The answer to detailed technical questions may be answered in -manual page, -or in the source code. -Also double-check this page for an answer: -using the ``find'' feature on your browser for likely keywords may help. -Our site also has a -search -feature. -

-Many people post requests for help and responses on -Usenet. -

-If your -ISP -is providing -the -Internet Junkbuster -for you, -and your question is about how to use it, -check their web page before asking them. -

-Even though we don't offer the kind of -support you might expect if you paid a lot of money for a software product, -you can still ask us. -But before you do, please consider whether -you could ask someone closer to you. -And please be patient if we're slow to reply: we -never charge consumers -for our services, -so we have to subsidize consumers with revenue from companies, -and our resources are limited. -

-If your company or organization -would be interested in a maintenance contract -with phone and email support, -hard copy documentation and source code and pre-compiled binaries on tape -or disk, -please -ask us -for a quote. -

-
- -

-Configuring your browser to talk to the Internet Junkbuster - -

- -
-

-What is the proxy address of the Internet Junkbuster? -

-If you set up -the -Internet Junkbuster -to run on the computer you browse from -(rather than your -ISP's server -or some networked computer at work), -the proxy will be on -localhost -(which is the special name used by every computer on the Internet to -refer to itself) -and -the port will be -8000 -(unless you have told the -Internet Junkbuster -to -run on a different port with the -listen-address -option). -So you when -configuring your browser's proxy settings -you typically enter the word -localhost -in the two boxes next to - -HTTP -and - -Secure, -and the number -8000 -in the two boxes labelled -to the right of those boxes. -

-If your -ISP -or company is running -the -Internet Junkbuster -for you, -they will tell you the address to use. -It will be the name of the computer it's running on -(or possibly its numeric IP address), -plus a port number. -Port 8000 is the default, so assume this number if it is not specified. -Sometimes a colon is used to glue them together, -as in -junkbuster.fictitous-pro-privacy-isp.net:8000 -but -with most browsers -you do not type the colon, -you enter the address and port number in separate boxes. -

- -

-How do I tell the browser where to find the Internet Junkbuster? -

-All current browsers can be told the address of a proxy to use. -You enter the same information in two fields in your browser's proxy -configuration screen (see list below): one for -HTTP, -and one for the Secure Protocol (assuming your browser supports -SSL). -If you find some information already entered for your proxy, -see the -next question. -Here are the menus you go through to get to the proxy configuration settings. -(We also recommend that you -disable Java, -which is a separate operation.) -Make notes on the changes you make so you know how to undo them! -You will need to know what you did -in case you wish to -discontinue -using the proxy. -

-For -Netscape -2.01, 2.02 and 3.0 -[Graphic Illustration]: - -Options; - -Network Preferences; - -Proxies; - -Manual Proxy Configuration View ; -enter -proxy address details -under - -HTTP -and - -Security Proxy; -click on - -OK; -click on the next - -OK. -
-With Netscape 2.0, -follow with - -Options, - -Save Options. -
-With Netscape 4.X series, you first have to go through - -Edit/Preferences. -[Graphic Illustration] -Then in the frame on the left, -click on triangle pointing to the right towards the word - -Advanced; -it will switch to a triangle pointing down; -and the words - -Cache, - -Proxies -and - -Disk Space -appear. -Click on - -Proxies -and the frame on the right will -display a banner saying - -Proxies Configure proxies to access the Internet. -Click the radio button labeled - -Manual proxy configuration -then click the button labeled - -View; -enter -proxy address details -under - -HTTP -and - -Security Proxy; -click on - -OK; -click on the next - -OK. -
-For -Internet Explorer 3.0: - -View; - -Options; - -Connections; -tick - -Connect through proxy server -box; - -Settings; -enter -proxy address details - -HTTP -Box, with port number in the second box; -same with - -Secure; -click on - -OK. -
-For Internet Explorer 2.0: - -View; - -Options; - -Proxy; -enter -proxy address details -click on - -OK. -
-On NT for MS-IE: - -Control Panel; - -Internet; - -Advanced; - -Proxy. -
-For MS-IE 4.0: seems to be almost the same as for -3.0, - -View; - -Internet Options; - -Connections; -tick - -Connect through proxy server -box; - -Settings; -enter -proxy address details - -HTTP -Box, with port number in the second box; -same with - -Secure; -click on - -OK. -Note that 4.0 has - -Advanced -settings to allow -HTTP -1.1 through proxies; -these must be disabled because the proxy does not currently understand -HTTP -1.1. -Please -tell us -if you see any other differences. -
-For NCSA Mosaic for Windows: - -Options, - -Preferences, - -Proxy; -enter -proxy address details -under - -HTTP. -
-For -Opera: - -Preferences, - -Proxy servers; -check the box next to HTTP; -enter the server and port number in the box on the other side; -click on - -OK. -
-For -Lynx, -Mosaic/X, -Grail, -and -W3O -Arena, -you can specify the proxy via environment variables -before starting the application. -This will probably be done with something like either -
- setenv http_proxy http://localhost:8000/ -
-or -
- http_proxy=http://junkbuster.fictitous-pro-privacy-isp.net:8000/ export http_proxy -
-depending on your shell and where the -Internet Junkbuster -lives. -

-If your browser is not listed here, -or if you notice an error, please -tell us -the correct procedure. -

- -

-What should I do if I find another proxy is already configured? -

-Some -ISPs -and companies require all Web traffic to go through their proxy. -In this case you would find your proxy configuration with values already set, -possibly under -Automatic Proxy Configuration -(in the case of -Netscape -and -MS-IE 3.0 -and above). -It's probably a firewall proxy between your company and the outside world, -or a -caching proxy -if you're using an -ISP. -

-What needs to be done in this case is to -use the -forwardfile -option -to tell the -Internet Junkbuster -the address of the other proxy. -Specify a different (unused) port number -with the -listen-address -option, -and configure your browser to -use that port. -If you haven't done this kind of thing before, -it's probably best to consult your systems administrator or -ISP -about it; -check their web page first. -

- -

-What if I want to stop using the Internet Junkbuster? -

-Just go through the same procedure you used to start your -browser using the -Internet Junkbuster, -but remove the details you put in -(or if there was something there before, restore it). -You may need to use - -Save Options -to make this change permanent. -On Netscape 3.0 you can go through - -Options; - -Network Preferences; - -Proxies -and click on - -No Proxy -to turn it off, and later click on - -Manual Proxy Configuration -if you want to start using it again. -(No need to enter the again details under - -View -as you did the -first time; -they should remain there unchanged.) -

-This stops your browser talking to the proxy; -shutting down the proxy -is a different matter. -

- -

-Automatic dialing isn't working any more. How do I fix it? -

-Some browsers (such as MSIE-4) can be configured to dial your -ISP -automatically when you click on a link, -but this feature gets disabled if you specify a proxy running on your -own computer -(with address -localhost -or -127.0.0.1) -because these addresses don't require dialing. -The -Internet Junkbuster -knows nothing about dialing, so it doesn't work. -To make automatic dialing work, -make up a name such as -junkbuster.ijb -and use that name in the proxy settings -instead of -localhost, -and then add the line -127.0.0.1 junkbuster.ijb -to the file -c:\windows\hosts -(if there already is a line beginning with -127.0.0.1 -just add -junkbuster.ijb -at the end of it.) -

-This should also work Netscape Communicator 4 on -machines where IE-4 has been installed. -

-
- -

-Setting up the Internet Junkbuster on your local computer - -

- -
The next two sections assume you wish to compile the code -with your own C compiler. -If you just want to use the -.exe -file provided for Windows, -see the -Windows Installation page. - -

-How do I compile the code under Unix? -

-If you are running Redhat -Linux -you may prefer to use the -rpm -instead of the following procedure. -

-First -download the tar file -(~286k) -and -uncompress and extract the files from it with this command -
- uncompress -c ijb20.tar.Z | tar xf - -
-
-If your operating system is from -Sun -or -HP -examine the -Makefile -and make any changes indicated inside. -
-Run -
-
- make -
-
-Copy the sample configuration file -(junkbstr.ini, -previously called -sconfig.txt -and other names in earlier releases) -to some convenient place such as -/usr/local/lib/junkbuster/configfile -or whatever you choose. -The sample file has all the options commented out. -You can remove the -# -character on any that you want, but it may be better to -leave this until to later. -Run it asynchronously: -
-
- junkbuster configfile & -
-If you are running a version earlier than 2.0 you can start it with -junkbuster & -
-
-Configure your browser (described -above). -
-Verify that the -Internet Junkbuster -is working (described -above). -
-Decide on the options you really want, -kill -the -process -and start it again. The most popular option is -blockfile -to block ads. -A sample blockfile is provided as an illustration, -but it doesn't really stop many ads. -More comprehensive ones are available -elsewhere. -
-You'll probably want to add an entry to -/etc/rc.d/rc.local -or equivalent to start it at boot time. -(Any output you specify should be redirected to a file. -And don't forget the -& -at the end to run it asynchronously or your system will seize -up after the next reboot.) -

- -

-How do I compile the code under Windows? -

-A binary is currently being supplied with the source code, -but if you prefer to compile it yourself here is the likely procedure. -Most of these steps are repeated in our checklist for -installation under Windows. -

-First -click here to download the zip file -called -ijb20.zip -(~208k), -then uncompress and unpack the zip archive using a tool like -WinZip. -
-Now the distribution (source and sample files) -will be in a folder -called -ijb20. -Go into that folder and then edit the Makefile for -your system, -removing the comment character -(#) -in the lines related to Win32. -Then type: -
- nmake -
-This should create an executable called -junkbstr.exe. -For information on issues with various compilers, see the -Distribution Information -page. -
-Run the executable with the command: -
- junkbstr -
-The program will produce a message -indicating that it has started and is ready to serve. -
-(Version 2.0.1 and above uses -the file -junkbstr.ini -as the config file -if it exists and no argument was given. If you have an earlier -version or if you want it to use a different config file, -simply specify that file as the argument.) -
-Configure your browser (described -above). -
-Check the proxy is working (described -below). -
-To have the proxy start itself automatically -when you login to Win95, -drop the ``shortcut'' to the -junkbstr -executable into the StartUp folder: -
- C:\Windows\Start Menu\Programs\StartUp -
-You might want to change the shortcut's -Properties->Shortcut -to -Run: Minimized. -If you specify the -hide-console -option then the -DOS -window will vanish after it starts. -
-WinNT users can put it into their own -StartUp folders or the Administrator -can put it into the system's global StartUp folder. -For details on how to make this a service under NT -see our -Windows page. -

- -

-How do I check that the proxy is working? -

-Pick a page from somewhere (such as your bookmarks, or just one -that your browser was pointing to) -and - -Reload -it. -If you get a message along the lines of ``server not responding, -using cached copy instead,'' see the advice -above. -If the page reloads OK, check that your browser is actually -talking to the proxy by going to -http://internet.junkbuster.com/cgi-bin/show-proxy-args -or any -URL -ending in -show-proxy-args -(as described -below, -the proxy should intercept the request.) -When you see ``Internet Junkbuster Proxy Status,'' -you'll know it's working. -

- -

-How and why would I have this proxy chained with other proxies? -

-You may need the -forwarding -feature to ``daisy chain'' the -Internet Junkbuster -to another proxy, perhaps an -anonymizing -proxy to -conceal -your -IP -address, -or a -caching proxy -from your -ISP, -or a -firewall -proxy between your company and the outside world. -Version 2.0 -can be even configured to forward -selectively -according to the -URL -requested: -for example, connecting directly to trusted hosts, -but going through an anonymizing or firewall proxy for all other hosts. -

-Network administrators might use it to provide -transparent access to multiple networks without -modifying browser configurations. -Most browsers also provide a way of -specifying hosts that the browser -connects to directly, bypassing the proxy. Some provide a method for -Automatic Proxy Configuration. -A well written -Internet Junkbuster -configuration can be much more flexible and powerful. -

-An -ISP's -caching proxy -would typically be called something like -cache.your-isp.net:8080 -(as described on you -ISP's -web page); -you would put this information in your -forwardfile -as described in our manual. -Your browser would be configured to -the -Internet Junkbuster -for -HTTP -and Security Proxies as before, -but you probably want to tell it to use the caching proxy -for -FTP -and other protocols. -If your -ISP -is running -the -Internet Junkbuster -for you, -they have probably already decided whether to chain with a caching proxy. -

- -

-How does the Internet Junkbuster work with SOCKS gateways? -

-There is support for some -gateways -in -Version 1.4 -and above. -The gateway protocol used to be specified on the command line; -it is -now specified -in the same file as -forwarding. -Note that the browser's proxy configuration must -not -specify a -SOCKS -host; -it should specify the proxy as described -above. -

- -

-How do I configure it to be just a plain old proxy? -

-To get the proxy to do as little as possible (which means not deleting any -sensitive headers), place in your -configuration file the following three lines (each ending in a space -then a period) to stop it changing sensitive headers: -
-   referer . -
-   from . -
-   user-agent . -
-   cookiefile mycookiefile -
-The fourth line is also needed to specify a -cookiefile -that might be called -mycookiefile -containing a single line with a -* -character, to allow all cookies through. -

- -

-How do I shut down the proxy (to restart it)? -

-It depends on your platform. Under Windows, use - -Ctrl-Break -in the -DOS -window or -the old three-fingered salute of - -Ctrl-Alt-Delete -and select - -End Task. -Under -UNIX ® -you'll need to -kill -the -junkbuster -process. -If you don't know the process number to give to -kill, try this: -ps ax | grep junkbuster -
-

-
- -

-Information for companies - -

- -
-

-What do advertising companies think of this kind of technology? -

-We've seen only a few public comments from the advertising industry on this, -other than -SEC filings. -First, the president of the Internet Advertising Bureau told -CNET -that he wasn't worried by banner blockers. -Second, after the Federal Trade Commission's -workshop -where we gave a live demonstration of our proxy before -many eminent representatives of the industry, -the -Direct Marketing Association -made the following -statement in the closing paragraphs -of their -summary comments -to the Commission. -

-Clever shareware developers have come up with products that -can obliterate cookies and advertisements for those consumers -who have these concerns. -The Internet is a market that is so democratic and flexible -that it is easy for companies and software -developers to respond to a perceived market need. -

-Their attitude seems to be that they would prefer that -people use technical solutions -to protect their privacy than have protections -imposed by legislation or government regulations. -So, do you perceive a market need? -Then here are some ways to flex your democratic muscles. -

- -

-Should we provide the Internet Junkbuster for our employees? -

-That depends. Try this quick three-point test. -

-Do you want to spend your communications budget -on bandwidth that wastes your employees' time by forcing them to wait -for a lot of annoying distractions while they're trying to -do their jobs? -
-Do you want current and potential vendors -to know quantitative details about the -software and hardware platforms -that you have? -
-Do you want your competitors to be able to -track -exactly which of your -employees are checking out their web sites? -

-If the answer to all three questions is yes, -then you probably don't have any need for this kind of product. -

- -

-Can our company get commercial support for the software? -

-Yes, -ask us -for a quote on a maintenance contract with your choice of -phone and email support, -hard copy documentation, -source code and pre-compiled binaries on tape or disk, -and email alerting of upgrades and issues. -We also offer consulting services to help set up ``stealth browsing'' -capabilities to help reduce the footprints left while doing competitive -analysis and other Web work where confidentiality is critical. -

- -

-I run an ISP. What issues should I consider before offering it? -

-Many -ISPs -who offer the proxy to their customers have told us that -most of their customers are -delighted with it -(although one reported that a customer complaint that without banner ads, -surfing was like reading a novel: we recommend making it optional). -Many -ISPs -like it because it reduces bandwidth requirements. -To help get you started, -here's a checklist we've developed from working with a few -ISPs. -You may think of more, -and we'd be interested if you're willing to -share them -with us. -

-If you get more than one request for -the -Internet Junkbuster -you may want to tell your customers on your News page that you -already -know about it and are assessing it. -
-Try the software and -verify -that it performs satisfactorily. -
-Determine whether your customers perceive the service as -valuable -(and therefore worth the time to set up). -We've had reports of many delighted customers. -
-Assess the -level of -security -associated with the software. -If access is to be -restricted -(to just dial-in ports, for example) -how is this to be done? -
-Consider -whether to expect any additional load on computing resources required, -and any change in use of bandwidth due to the blocking of large -GIFs. -
-Choose the -options -you wish to provide. -
-Decide whether you want -to offer a choice of configurations, such some of these four. -
1. -Banners -Blocked, -Wafer with -No-Cookie-Copyright -notice -
2. -Cookies -not stopped -(cookiefile -with just a -* -in it), -User Agent -specified as -Lynx -
3. -Cookies from browser -allowed, -permitting -registered services -
4. -A proxy for -kids. -
-If you run a -caching proxy, -decide whether the -Internet Junkbuster -will chain with it by default, -and whether to offer an alternate with no caching. -(Some -ISPs -don't, because they want to give customers an incentive to use caching -and save bandwidth.) -
-Decide on a naming scheme for your -proxies. -If you're running only one -proxy on one machine, -the simplest way is to just use port 8000 on your main machine, -such as -our-isp.net. -But it would probably be safer to put an entry in your name server -and call it something like -junkbuster.our-isp.net. -If running several proxies, you could either use different ports -on the same machine, or if you have -the opportunity to distribute the load over -a few machines -you could -use different hostname aliases such as -banner.junkbuster.our-isp.net, -lynx.junkbuster.our-isp.net -and -oneway.junkbuster.our-isp.net -(corresponding to the examples in the previous point). -You may want to set up -Automatic Proxy Configuration. -
-Prepare a page -explaining the -Internet Junkbuster -to your customers. -Here's are some examples from -Australia, -Germany, -Florida, -New York/New Jersey/Pennsylvania, -North Carolina, -Texas, -and -Utah. -You are welcome to copy and modify -material -from -Junkbusters -according to the -GPL. -You might want to set up a process to check this page periodically -and update it when it changes. -(A few links can probably serve as well as lot of copying however.) -A typical page would probably specify the following. -
- -A brief explanation stating what -the -Internet Junkbuster -does, with a link to this page. -
- -The addresses of the proxy or proxies, -with their port number(s). -
- -The options used, -and how to view the contents of the blockfile (which you can place on -your web pages, -preferably in a file called -blocklist.html -or -blocklist.txt). -
- -An indication -of whether suggestions for the blocklist are considered, -and if so, how to submit them: to a particular email address, -via web-based form, etc. -
- -Instructions -on how to -configure a browser. -You may want to include details for only the two major browsers -and leave the others to a link. -
- -Procedures on how to report problems, give feedback etc. -
-
-Invite a small number of technologically sophisticated -customers to beta-test the service. -
-Announce general availability on your ``News'' page. -Tell us -if you would like to be included on a list of -ISPs -offering the -Internet Junkbuster. -

- -

-What's a Proxy Server Server and how can I make money as one? -

-Other organizations with web presence and some bandwidth to spare -can set up as -Proxy Server Servers - -(PS²s). -The idea here is to allow users to choose their proxy configuration, -and provide it to them on a semi-permanent basis. -Users would fill in a form specifying what options they want in -their proxy, -possibly even at a very high level, such as -``no ads'' -or ``no nudity.'' -This information is sent to a -CGI -script that -configures a proxy, starts it running, and returns its address and port number -(possibly along with configuration instructions for the browser -that the user specified.) -

-Users -could be charged -a subscription fee, -or the service could be thrown in free in the hope of -improving customer retention for some existing business -(which is what -ISPs -are doing). -It might be possible to make money by -inserting new ads in the holes left where others were blocked, -but the original owners might object. -PS²s -could differentiate themselves -by providing frequently updated and comprehensive -blocking of ads, or of offensive material based on their own grading system. -Some content providers might do it for the chance to be the -only company that the consumer permits to set cookies. -(Identification could even be done via cookies, -but this might not be popular with the kind of user who wants a proxy.) -PS²s -might sell specific or aggregate information about their -users' browsing habits, -so the agreement with users on whether they are permitted to do this -would be important to both sides. -

-If your organization -establishes a -Proxy Server Service -you would like publicized, -please -notify us. -

-
- -

-Blocking - -

- -
-

-Where can I get an example blockfile that stops most ads? -

-The sample blockfile we provide blocks almost nothing, -and we do not publish blockfiles that stop almost all banner ads. -But others have; you can find them by -asking Altavista. -You can add any part of the new file to your old one -(probably called -sblock.ini -if you haven't changed the default name in the latest version) -or your just replace it completely. -You -probably -don't need to restart the proxy. -

-If you develop an interesting blocklist and publish it on the Web, -you might want to include the word ``junkbuster'' in it -and use the word ``blocklist'' in the file name given in the -URL -so that others can find it with the query given in the previous sentence. -

- -

-If I see an ad I wish I hadn't, how do I stop it? -

-If your -ISP -is running the -Internet Junkbuster, -they should have a policy on whether they accept suggestions from -their customers on what to block. Consult their web page. -

-If you are running -the -Internet Junkbuster -yourself, you have complete control over what gets through. -Just add a pattern to cover the offending -URL -to your blockfile. -Version 1.3 and later automatically rereads the blockfile when it changes, -but if you're running an earlier version you'll -have to -stop it -and restart it. -

-To choose a pattern you'll first need to find the -URL -of the ad you want cover. -

-Some people use the -debug -1 -option to display each -URL -in a window as the request is sent to the server. -It's then usually an easy task to pick the offending -URL -from the list of recent candidates. -

-Alternatively, -you can use - -View Document Info -(or - -View Document Source -if your browser doesn't have that). -The - -Info -feature has the advantage of showing you the full -URL -including the host name, -which may not be specified in the source: -there you might see something like -SRC="/ads/click_here_or_die.gif" -indicating only the -path. -(The host name is assumed to be the same as the one the page came from.) -

-But ads often -come from a different site, in which case you -might see something like -SRC="grabem.n.trackem.com/Ad/Infinitum/SpaceID=1666" -or longer. -If the company looks like a pure ad warehouse -(as in the last case), -you may want to place just its domain name in the blockfile, -which blocks all -URLs -from that site. -

-If the ad comes from a server -that you really want some content from, -you can include enough of the path -to avoid zapping stuff you might want. -In the first example above, -/ads/ -would seem to be enough. -If you don't include the domain name, -the pattern applies to all sites, -so you don't want such patterns -to be too general: -for example -/ad -would block -/admin/salaries/ -on your company's internal site. -

-To speed the blocking of images, some -UNIX ® -users create a -shell script called -Image: -containing a line such as -echo $1 | sed s/http:..// >> $HOME/lib/blockfile -that adds its argument to the user's blockfile. -Once an offending image has been be found using - -View Document Info -it's easy to cut-and-paste the line (or part of it) into a shell window. -The same script can be linked to a file called -Frame: -to dealing with framed documents, -and -junkbuster: -to accept the output of the -debug -option. -

-When compiled without the -regular expressions -option, the -Internet Junkbuster -uses only very simple (and fast) matching methods. -The pattern -/banners -will not stop -/images/banners/huge.gif -getting through: you would have to include the pattern -/images/banners -or something that matches in full from the left. -So you can get what you want here, -the matcher understands -POSIX -regular expressions: -you can use -/*.*/banners -to block -and any -URL -containing -/banners -(even in the middle of the path). -(In Versions 1.1 through 1.4 -they were an option at compile time; -from Version 2.0 they have become the default.) -Regular expressions give you -many more features -than this, -but if you're not already familiar with them you probably won't -need to know anything beyond the -/*.*/ -idiom. -If you do, a -man egrep -is probably a good starting point). -

-Don't forget the -/ -(slash) -at the beginning of the path. -If you leave it out the line will be interpreted as a domain name, -so -ad -would block all sites from Andorra -(since -.ad -is the two-letter -country code -for that principality). -

-For a detailed technical description -of how pattern matching is done, -see the -manual. -

- -

-How come this ad is still getting through anyway? -

-If the ad had been displayed before you included its -URL -in the blockfile, -it will probably be held in cache for some time, -so it will be displayed without the need for any request to the server. -Using the -debug -1 -option to show each -URL -as it is fetched is a good way to see exactly what is happening. -

-If new items seem to be getting through, -check that you are -really running -the proxy with the right blockfile in the options. -Check the blockfile for -exceptions. -

-Some sites may have different ways of inserting ads, -such as via -Java. -If you have ideas on how to block new kinds -of junk not currently covered, please -tell us. -

- -

-How do I stop it blocking a URL that I actually want? -

-You can change the patterns so they don't cover it, -or use a simple feature in Version 1.1 and later: a line beginning with a -~ -character means that a -URL -blocked by previous patterns that matches the rest of -the line is let through. -For example, -the pattern -/ad -would block -/addasite.html -but not if followed by -~/addasite -in the blockfile. -Or suppose you want to see everything that comes from -a site you like, even if it looks like an ad: simply put -~aSiteYouLike.com -at the -end -of the blockfile. -(Order is important, because the last matching line wins.) -

-As well as unblocking -pages that were unintentionally blocked, -this feature is useful for unblocking ads from a specific source. -This might be because you are interested in those particular ones, -or if you have an explicit agreement to accept certain ads, -such as those from a free web-based email provider. -

- -

-Can I block sites I don't want my children to see? -

-Yes, but remember that -children who are technically sophisticated enough -to use the browsers' proxy configuration options -could of course bypass any proxy. -This kind of technology can be used as a gentle barrier to remind -or guide the child, -but nobody should expect it to replace the parent's role -in setting and enforcing standards of online behavior for their children. -

-Some -ISPs -are starting to provide specialized proxies to protect children. -There are two basic approaches: the ``black list'' and the ``white list'' -approach. -The black list approach allows the child -to go anywhere not explicitly prohibited; the white list permits visits -only to sites explicitly designated as acceptable. -

-It's very easy for -anyone to -compile a white list from a page of ``recommended -kids sites'' and to configure an -Internet Junkbuster -to allow access to those sites only. -If you compile with the -regex -option, -you can place a -* -(asterisk) as the first line of the blockfile (which blocks everything), -and then list -exceptions -after that. -Be careful to make the exception sufficiently broad: -for example, using -~www.uexpress.com/ups/comics/ch/ -as the exception for -Calvin and Hobbes -would block some of the graphic elements on the page; -you would probably want a wider exception such as -~www.uexpress.com/ups/ -to permit them. -

-Version 2.0 has an experimental feature -to permit only sites mentioned in a nominated -trusted site. -This allows organizations to build lists of sites for kids to browse, -and the software automatically restricts access to those on the list. -

-Many filtering -products -actually scan for keywords in -the text of pages they retrieve -before presenting it, -but -the -Internet Junkbuster -does not do this. -Building a perfectly reliable black list system is hard, -because it's very difficult to state -in advance -exactly -what is obscene or unsuitable. -For more info see our -links -page. -

- -

-What do I see when a page or graphic is blocked by the proxy? -

-You usually see a broken image icon, -but it depends on several factors beyond the proxy's control. -If asked for a -URL -matching its blockfile, the proxy returns an -HTML -page containing a message identifying itself -(currently the two words ``Internet Junkbuster'') -with a status 202 (Accepted) instead of the usual 200 (OK). -(Versions 1.X returned an error 404: Forbidden, which caused -strange behavior in some cases.) -Status 202 is described in the -HTTP -RFC -as indicating that the request has been accepted but not completed, -and that it might complete successfully in the future -(in our case, if the blockfile were changed). -

-The broken image icon is most common -because the browser is usually expecting a graphic. -But if it was expecting text, or if the page happens to be using certain -HTML -extensions -such as -layer -and your browser is a late model from Microsoft, -you may see the words ``Internet Junkbuster'' displayed as a hot link. -

-Clicking on the link takes you to an explanation of -the pattern in the blockfile that caused the block, -so that you can edit the blockfile and go back and reload if you really -want to see what was blocked. The explanatory link is generated by -the proxy and is automatically intercepted based on its ending in -ij-blocked-url; -even though the site is specified as -http://internet.junkbuster.com -no request should actually made to that site. -If one is, it means that the proxy was been removed after it -generated the link. -

-To summarize: -the identifying link to the blocking explanation -is usually turned into a broken image icon, -but it may be displayed on a page alone, -or they may may be restricted to the particular frame, layer or graphic area -specified in the page containing them. -The proxy has no way of knowing the context in which a -URL -will be used and cannot control how the blocking message will be rendered. -

- -

-Why not replace blocked banners with something invisible? -

-Many users have suggested to us -that blocked banners should be replaced by a something like a -1x1 transparent -GIF -to make the page would look as if there was nothing ever there. -Apart from making it harder to catch unintended blocking, -this might also displease the owners of the page, -who could argue that such a change constitutes a copyright infringement. -We think that merely failing to allow an included graphic to be accessed -would probably not be considered an infringement: -after all this is what happens when a browser -is configured not to load images automatically. -However, we are -not -lawyers, -so anyone in doubt should take appropriate advice. -

-In a context where the copyright issue is resolved -satisfactorily, -a proxy could simply return a status 301 or 302 and -specify a replacement -URL -in a -Location -and/or -URI -header. -An alternative would be to use inline code to return a -1 x 1 clear -GIF. -We do not publish sample code for this, -and we have no way of stopping -others -who have. -

- -

-Why not block banners based on the dimensions of the image? -

-Many users have pointed out that most banner ads come in standard sizes, -so why not block all -GIFs -of those sizes? -This would theoretically be without fetching the object -because the dimensions are usually given in the -IMG -tag, -but it would require substantial changes in the code, -and we doubt whether it would be much more effective than a good block list. -

- -

-What about non-graphic advertising within the pages I want? -

-The -Internet Junkbuster -deliberately -does not provide a way of automatically editing the contents of a page, -to remove textual advertising or -to repair the holes left by blocked banners. -Other packages such as -WebFilter -do. -

-For the same reason, -it has no way of stopping a new browser -window being created, because this is done through the -target -attribute in the -<a> -and -<base> -elements, -not through headers. -Nor do we plan to add a feature to -paralyze animated -GIFs. -

- -

-Does it block ads on the broadcasting ``push'' systems? How about pop-up ads? -

-We haven't tried it but we expect it would probably -work on image ads on push channels. -See also -adchoice. -

-Disabling -Javascript -stops some pop-up ads. -One problem is that some advertisers throw open a new -browser window to frame the ad. The ad is easily blocked, -but the empty window remains. You can kill it easily, but this is a chore. -We don't see how to stop them other than editing the -HTML -from the parent window, which we -don't -like to do. -

-The -TBTF -newsletter warned subscribers to push information that -in IE4, -LOGTARGET -allows -servers to determine the -URLs -viewed at their site even if accessed from cache or through a proxy. -If you use this browser see our instructions on -how to disable -this. -

-If you find you have experience using the proxy with push, -or have any other advice about it, please -tell us. -

-
- -

-Cookies - -

- -
For background information on cookies see our -page describing their dangers. - -

-Might some cookies still get through? How can I stop them? -

-Yes, you should expect the occasional cookie to make it through to your browser. -We know of at least three ways this can happen; -please -tell us -if you find any others. -One way is in secure documents, which are explained -below. -

-A -few -sites set cookies using a line such as -<META HTTP-EQUIV="Set-Cookie" CONTENT="flavor=chocolate"> -in the -HEAD -section of an -HTML -document. -Cookies can also be - -set and read -in -JavaScript. -To see if this is happening in a document, -view its source, look in the -head -for a section tagged -script language="JavaScript". -If it contains a reference to -document.cookie, -the page can manipulate your cookie file without sending any cookie headers. -The -Internet Junkbuster -does not tamper with these methods. -Fortunately they are rarely used at the moment. -If a cookie gets set, it should be stopped -by the proxy on its way back to the server when a page is requested, -but it can still be read in Javascript. -bu -

-To prevent cookies breaking through, -always -keep -cookie alerts -turned on in your browser, -and -disable -Java and Javascript. -Making the files -hard to write -may also help. -

- -

-Exactly how do cookies get created and stored anyway? -

-When a web site's server sends you a page it also sends -certain ``header information'' which your browser records but does not display. -One of these is a -Set-Cookie -header, which specifies the cookie information that the server wants your browser to record. -Similarly, when your browser requests a page it also sends headers, specifying -information such as the graphics formats it understands. -If a cookie has previously been set by a site that matches the -URL -it is about to request, -your browser adds a -Cookie -header quoting the previous information. -

-For more background information on how cookies -can damage your privacy, see our -page on cookies. -For highly detailed technical information see the -RFC. -The -Internet Junkbuster -will show you all headers you use the -debug -8 -option, -or you can get a sample from our -demonstration page. -

- -

-If cookies can't get through, will some things stop working for me? -

-Possibly. -Some personalized services including certain - -chat -rooms -require cookies. -Newspapers that require - -registration -or - -subscription -will not automatically recognize you if you don't send them the cookie they -assigned you. And there are a very small number of sites that do -strange things with cookies; they don't work for anyone that blocks -cookies by any means. -Some sites such as -Microsoft -explain that their content is so wonderfully compelling that -they will withhold it from you unless you submit to their -inserting cookies. -

-If you want such sites to be given your cookies, -you can use the -cookiefile -option provided you are running -Version 1.2 or later -yourself. -Simply include the domain name of those sites in the -cookiefile -specified by this option. -If it still doesn't work, -the problem may be in -other headers. -

-It's possible to let cookies out but not in, -which is enough to keep some sites happy, but not all of them: -one newspaper site seems to go into an endless frenzy -if deprived of fresh cookies. -A cookiefile containing -a single line consisting of the two characters ->* -(greater-than and star) permits server-bound cookies only. -The -* -is a -wildcard -that matches all domains. -

-If someone else is running the -Internet Junkbuster -for you and has a version -that - -passes server-bound cookies through, -you can try editing your browser's cookie -file to contain just the ones you want, -and restart your browser. -To subscribe to a new service like this -after you have started using the -Internet Junkbuster, -you can try the following: -tell your browser to -stop using -the -Internet Junkbuster, -fill out and submit your subscription details -(allowing that web site to set a cookie), -then -reconfigure your browser to use the -Internet Junkbuster -again -(and stop more cookies being sent). -This also requires the -cookiefile -option, -and its success depends on the Web site -not wanting to change your cookies at every session. -For this reason it does not work at some major newspaper sites, for example. -But you may prefer to -look at whether other sites provide the same -or better services without demanding the opportunity -to track your behavior. -The web is a buyer's market where most prices are zero: -very few people pay -for content with money, so why should you pay with your privacy? -

- -

-Can I control cookies on a per-site basis? -

-Yes, since version 1.2 the -Internet Junkbuster -has included advanced cookie management facilities. -Unless you specify otherwise, -cookies are discarded (``crumbled'') by the -Internet Junkbuster -whether they came from the server or the browser. -In Version 1.2 and later you can -use the -cookiefile -option -to specify when cookies are to be passed through intact. -It uses the same syntax and -matching -algorithm as the blockfile. -

-If the -URL -matches a pattern in the -cookiefile -then cookies are let through in both the browser's request for the -URL -and in the server's response. -One-way permissions can be -specified by starting the line with the -> -or -< -character. -For example, a cookiefile consisting of the four lines -
-   org -
-   >send-user-cookies.org -
-   <accept-server-cookies.org -
-   ~block-all-cookies.org -
-allows cookies to and from -.org -domains only, with the following exceptions: -

-Cookies sent from servers in the domain -send-user-cookies.org -are blocked on their way to the client, -but cookies sent by the browser to that domain are still be fed to them. -
-The cookies of -accept-server-cookies.org -check in to the proxy and are passed through to the browser, -but when they come back to the proxy they never check out. -
-All cookies to and from -block-all-cookies.org -are blocked. -

-If -the -junkbuster -was compiled with the regular expressions option -they may be used in paths. -Any logging to a -``cookie jar'' -is separate and not affected. -

-It's important to give hosts you want to be able -to set cookies sufficient breadth. For example, -instead of -www.yahoo.com -use -yahoo.com -because the company uses many different hosts ending in that domain. -

- -

-Can I make up my own fake cookies (wafers) to feed to servers? -

-Yes, -using the -wafer -option. -We coined the term -wafer -to describe cookies chosen by a user, -not the Web server. -Servers may not find wafers as tasty as the cookies -they make themselves. -But users may enjoy controlling servers' diets for various reasons, -such as the following. -

-Users who consider cookies to -be an unwelcome intrusion and a waste -of their disk space can respond in kind. -By writing ``signature wafers'' they can -express their feelings about cookies, -in a place that the people -in charge of them are most likely to notice. -
-Sites running a proxy -that logs cookies to a file -(such as the -Internet Junkbuster -does with the -jarfile -option on) -may want to notify -servers that their cookies are being intercepted, -deleted or copied. -One possible reason for doing this is the uncertain copyright status -of cookie strings. -Nothing -here should be taken as legal advice: we are simply raising a question -for any interested parties to consider, -and make no representation that such measures are necessary or sufficient. -Concerned proxy sites might decide to send a wafer -(named ``NOTICE'' for example) -containing text along the lines of the following. -
-
-TO WHOM IT MAY CONCERN - -
-
-Do not send me any copyrighted information other than the -document that I am requesting or any of its necessary components. -
-
-In particular do not send me any cookies that -are subject to a claim of copyright by anybody. -Take notice that I refuse to be bound by any license condition -(copyright or otherwise) applying to any cookie. - -
-Any company that tries to argue in court that the proxy site -was breaching their copyright in the cookies would -be met with the defense that the proxy site gave that company -the opportunity to protect its copyright by simply -not sending cookies after receiving the notice. -
-Cookies can be as long as four thousand characters, -so there's plenty of space for lawyerly verbosity, -but white space, commas, and semi-colons are -prohibited. -Spaces can be turned into underscores. -Alternatively, -a -URL -could be sent as the cookie value, -pointing to a document containing a notice, -perhaps with a suggestive value such as -
-http://www.junkbusters.com/ht/en/ijbfaq.html#licenses_on_cookies_refused -
-But including the notice directly would probably be preferable -because the addressee does not have to look it up. -
-The -Internet Junkbuster 2.0 -currently sends a full notice as a -``vanilla wafer'' -if cookies are being logged to a cookie jar -and no other wafers have been specified. -It can be suppressed with the -suppress-vanilla-wafer -option, -which might be used in situations where there is an established understanding -between the proxy and all who serve it. -

-Junkbusters provides a -CGI -script that lets you -see -your wafers as they appear to servers. -

-Wafers confuse a few fragile servers. -If this troubles you, don't use this option. -

-Any wafers specified are sent to -all sites regardless of the cookiefile. -They are appended after any genuine cookies, -to maintain compliance with -RFC 2109 -in the event that a path was specified for a cookie. -The -RFC's provisions regarding the -$ -character -(such as the -Version -attribute) -are transparent -to the proxy; it simply quotes what was recited by the browser. -

-If you want to send wafers only to specific sites, -you could try putting them your browser's cookie file in a format -conforming to the Netscape -specification, -and then specify in the proxy's cookiefile that cookies are to be -sent to -but not accepted from those sites, so they can't overwrite the file. -This may work with Netscape but not all other browsers. -

- -

-Why would anyone want to save their cookies in a ``cookie jar?'' -

-We provided this capability just in case anyone wants it. -There are a few possible reasons. -

-It's conceivable that -marketing companies might one day -buy -history files and cookie jars from consumers -in the same way that they currently pay them to fill out survey forms. -With this information they could -gather psychographic information, -see which competitors' sites the consumer has visited, -and discover what advertising is being targeted at them. -
-Some consumers might -employ semi-automated means of sorting through -their cookie jars, selecting which ones to place in their cookies -file for use by their browsers. -Their decisions could be based on payments offered, -privacy rating systems such as -TRUSTe -proposes, -or their own opinion of the company. -It could be done manually or with software. -
-Users may even start ``sharing'' cookies among themselves, -sending back cookies that servers generated for other visitors. -Servers that aren't expecting this possibility -will be misled about their visitors' identities. -Cookies could be shared among users on a single machine, -or across continents via -FTP -and anonymous remailers. -Privacy activists may promote -cookie disinformation campaigns -as a way to defend the public against abuse. -If a significant percentage of people send disinformative cookies, -user tracking via cookies may become less reliable and less used. -

-
- -

-Anonymity - -

- -
For details -on how your identity can be revealed while you surf, -see our page on -privacy. -Once you start using -the -Internet Junkbuster -you should find that much of the information -previously indicated on that page will no longer be provided. -If the -REMOTE HOST -indicating your IP address is too close for comfort, -see our suggestions -below -on how to -conceal -your IP address. -We also recommend that you -disable JavaScript -and -Java. - -

-If I use the Internet Junkbuster, will my anonymity be guaranteed? -

-No. Your chances of remaining anonymous are improved, -but unless you are an expert on Internet security -it would be safest to assume that everything you do on the Web -can be attributed to you personally. -

-The -Internet Junkbuster -removes various information about you, -but it's still possible that web sites can find out who you are. -Here's one way this can happen. -

-A few browsers -disclose the user's email address -in certain situations, such as when transferring a file by -FTP. -The -Internet Junkbuster 2.0 -does not filter the -FTP -stream. -If you need this feature, or are concerned about the mail handler -of your browser disclosing your email address, -you might consider -products such as -NSClean. -

-Browsers downloaded as binaries -could use non-standard headers to give out any information -they can have access to: see the manufacturer's license agreement. -It's impossible to anticipate and prevent every breach of privacy that -might occur. -The professionally paranoid prefer browsers available as source code, -because anticipating their behavior is easier. -

- -

-Why should I trust my ISP or Junkbusters with my browsing data? -

-You shouldn't have to trust us, and you certainly don't have to. -We do not run the proxy as a service, -where we could observe your online behavior. -We provide source code so that everyone can see that the proxy isn't -doing anything sneaky. -

-You are already trusting your -ISP -not to look at an awful lot of information on what you do. -They probably post a -privacy policy -on their site to reassure you. -If they run a proxy for you, using it could actually -make it slightly easier for them to monitor you, -but we doubt that any sane -ISP -would try this, -because if it were discovered customers would desert them. -

- -

-What private information from server-bound headers is removed? -

-The -Internet Junkbuster -pounces on the following -HTTP -headers in requests to servers, -unless instructed otherwise in the options. -

-The -FROM -header, -which a few browsers use to tell your email address to servers, -is dropped -unless the -from -option is set. -
-The -USER_AGENT -header -is changed to indicate that the browser is -currently Mozilla (Netscape) 3.01 Gold -with an unremarkable Macintosh configuration. -Misidentification helps resist certain -attacks. -If your browser and hardware happen to be accurately identified, -you might want to change the default. -(Earlier versions of the -Internet Junkbuster -indicated different details; -by altering them periodically we aim to hinder anyone trying to -infer -whether our proxy is present.) -If you don't like the idea -of incorrectly identifying your computer as a Mac, -set it accordingly. - -
-The -REFERER -header -(which indicates where the -URL -currently being requested was found) -is dropped. -A single static referer to replace all -real referers may be specified using the -referer -option. -Where no referer is provided by the browser, none is added; -the -add-header -option with arguments such as --x 'Referer: http://me.me.me' -can be used to send a bogus referer with every request. -

-In -Version 1.4 -and later you can use the --r @ -option to selectively disclose -REFERER -and -USER_AGENT -to only those sites you nominate. -

-Some browsers -send Referer and User-Agent information under different non-standard headers. -The -Internet Junkbuster 2.0 -stops -UA -headers, -but others may get through. -This information is also available via JavaScript, -so -disable disable -it. -Some search engines -encode the query you typed -in the -URL -that goes to advertisers to target a banner ad at you, -so you will need to block the ad as well as the referer header, -unless you want them (and anyone they might -buy data -from) -to know -everything you ever search for. -

-If you have JavaScript enabled (the default on -most browsers) servers can use it to obtain Referer and User Agent, -as well as your plug-ins. -We recommend -disabling -JavaScript and Java. -

-Currently no -HTTP -response headers (browser bound) -are removed, -not even the -Forwarded: -or -X-Forwarded-For: -headers. -Nor are any added, -unless requested. -We are considering a more flexible header management system for -a future version. -

- -

-Might some things break because header information is changed? -

-Possibly. If used with a browser less advanced than Netscape 3.0 or IE-3, -indicating an advanced browser -may encourage pages containing extensions that confuse your browser. -If this becomes a problem -upgrade your browser or -use the -user-agent -option to indicate an -older browser. -In -Version 1.4 -and later you can selectively reveal your real browser -to only those sites you nominate. -

-Because different browsers -use different encodings of Russian characters, -certain web servers convert pages on-the-fly according to the User Agent -header. Giving a User Agent with the wrong operating system or -browser manufacturer causes some Russian sites to be garbled; -Russian surfers should -change it -to something closer. -

-Some -page access counters -work by looking at the referer; -they may fail or break when deprived. -

-Some sites depend on getting a referer header, -such as -uclick.com, -which serves comic strips -for many newspaper sites, -including -Doonsbury -for the -Washington Post. -(If you click on that last link, you can then get to a page containing -the strip via the -same -URL -we've linked to under -Doonsbury, -but if you click on the -Doonsbury -link directly, it gives you an error message suggesting that you -use a browser that supports referers.) -In -Version 1.4 -and later you can use the --r @ -option -and place a line like ->uclick.com -in your cookiefile. -Wired News -used to use referer to decide whether to add a navigation column to -the page, but they have changed that. -

-The weather maps of -Intellicast -have been blocked by their server when no referer or cookie is provided. -You can use the same countermeasure with a line such as ->208.194.150.32 -(or simply get your weather information -elsewhere). -

-Some software vendors, including -Intuit -use -USER_AGENT -to decide which versions of their products to display to you. -With the -default -you get Mac versions. -

-As a last resort if a site you need doesn't seem to be working, -the -proxy configuration -of many browsers allow you to specify - -No Proxy For -any hostname you want. -

-We had reports that on some versions of Netscape the -What's New -feature did not work with the proxy, -but we think we fixed this in Version 2.0.1. -

- -

-How is misidentifying my browser good for security and privacy? -

-Almost -every -major release of both leading browsers has contained -bugs that allow malicious servers to compromise your privacy and security. -Known bugs are quickly fixed, but millions of copies of the affected -software remain out there, and yours is probably one of them. -The -header -that normally identifies your browser tells such servers exactly which attacks -to use against you. -By misidentifying your browser you reduce the likelihood that they -will be able to mount a successful attack. -

- -

-Does the Internet Junkbuster conceal my IP address? -

-Web sites get the IP address of any proxy or browser they serve pages to. -If you run the proxy on your own computer the IP address disclosed -is the same as your browser would, unless you use the -forwardfile -option is used to chain to another proxy, -in which case servers only get the last IP address in the chain. -Chaining slightly slows browsing of course, but it improves anonymity. -

-One public proxy that you can -forward to is -lpwa.com -port 8000. -Read about its privacy-enhancing -features and the authentication procedures first, -and note that it blocks -referer -in almost all cases, -as well as some -other headers. -

- -

-How can I set the proxy to remember my LPWA password? -

-After you log in to -LPWA -it tells your browser to send a -Proxy-authorization -header with each request. -Whenever you shut down the browser and start again with a new browser, -you need to log in again. -If you are the only person using the -Internet Junkbuster -proxy, you can avoid repeated logins to -LPWA -by telling the -Internet Junkbuster -to send the information by placing a line such as -
- add-header Proxy-authorization: Basic ZHVtbXk=. -
-in the configuration file. -The exact example above -does not work -because the code -ZHVtbXk=. -is a bogus one that -LPWA -would never generate; -follow the procedure below to generate a valid one. -

-Restart your -Internet Junkbuster -with -debug 8 -so you can see the -headers. -
-Log in to -LPWA -and go to any other site. -
-Find the -Proxy-authorization -header from the debug output and paste it -after the word -add-header -into the config file. -Also change the debug value back again. -
-Shut down your browser, start it up again, and -restart the proxy. Test that it works. -

-This trick is convenient for sole users, but is not suitable when -more than one person uses the proxy, because they will all get the -same -LPWA -identity. -

- -

-Does the Internet Junkbuster thwart identification by identd? -

-We think so, -provided you are not the user running the -proxy. -If your computer (or your -ISP's) -is running the -identd -demon, -servers can ask it for the identity of the -user making the request at time you request a page from them. -But if you're going through a proxy, -they will identify the user name associated with the proxy, not you. -A visit to -http://ident.junkbusters.com -lets you see what's happening. -This test is (quite rightly) blocked by many -firewalls; -just interrupt the transfer if you get an abnormal wait after clicking. -Running other applications -may also expose you via -identd; -the proxy of course doesn't help then. -

- -

-Can web sites tell that I'm using the Internet Junkbuster? -

-With the default options the proxy doesn't announce itself. -Obvious indications such as -Keep-Alive -headers are -deleted, -but sites might notice that you can cancel cookies faster than -any human could possibly click on a mouse. -(If you want to provide a -plausible explanation for this, -change the User Agent header to a -cookie-free -or -cookie-crunching -browser). -

-But when certain options -are used they could figure out something's going on, -even if they're not pushing cookies. -If you use blocking -they can tell from their logs that the graphics in their pages -are not being requested selectively. -The -add-forwarded-header -option explicitly announces to the server that a proxy is present, -and -sending them -wafers -is of course a dead giveaway. -

-
- -

-Security - -

- -
-

-What happens with Secure Documents (SSL, https:)? -

-If you enter a -``Secure Document Area,'' -cookies and other header information -such as User Agent and Referer -are sent encrypted, -so they cannot be filtered. -We recommend getting your browser to alert you when this happens. -(On Netscape: - -Options; - -Security; - -General; - -Show an alert before entering a secure document space.) -We also recommend adding the line -:443 -to the blockfile to stop all but sites specified in an exception -after that line from using SSL. -

-It may be possible to filter encrypted cookies -by combining the blocking proxy with a cryptographic proxy along -the lines of -SafePassage, -but we have not tried this. -

- -

-Will using this as my Security Proxy compromise security? -

-We're not security experts, but we don't think so. -The whole point of -SSL -is that the -contents of messages are - -encrypted -by the time -they leave the browser and the server. -Eavesdroppers (including proxies) can see where your messages are going -whether you are running a proxy or not, -but they only get to see the contents after they have been encrypted. -

- -

-Can I restrict use of the proxy to a set of nominated IP addresses? -

-Yes, we added an -access control -file in Version 2.0. -But before you use it please consider why you want to do it. -If the reason is security, -it probably means you need a firewall. -

-The -listen-address -option provides a way of binding the proxy to a single IP address/port. -The right way to do this is to choose a port inside your firewall, and -deny access to it to those outside the firewall. -The -Internet Junkbuster -is not a firewall proxy; -it should not be expected to solve security problems. -

-For background information on firewalls, -see -Yahoo -or a -magazine article -or these well-known books: -Firewalls and Internet Security: Repelling the Wily Hacker -by -William R. Cheswick -and -Steven M. Bellovin -or -Building Internet Firewalls -by -D. Brent Chapman -and -Elizabeth D. Zwicky. -There's - -free Linux software -available, -and a large number of -commercial -products and services. -For an excellent security overview, primer, and compendium reference, see -Practical Unix and Internet Security -by -Simson Garfinkel -and -Gene Spafford. -

- -

-Are there any security risks for ISPs or others who offer the proxy? -

-Yes. -As with any service offered over the Internet, -hackers can try to misuse it. -A well-run -ISP -will have professionals who are experienced at assessing and containing -these risks. -

-It's possible to set up your machine so -that other people can have access to your proxy, -but if you lack expertise in computer security -you probably shouldn't have your computer configured to offer -this or any other service to the outside world. -

-Hackers can attempt to gain access -to the machine by various attacks, -which we have tried to guard against but don't guarantee to thwart. -They can also use the ``anonymizing'' quality of proxies -to try to cover their tracks while hacking other computers. -For this reason we recommend preventing it being used -as an anonymous -telnet -by putting the pattern -:23 -in the blockfile (it's included as standard equipment). -(Actually the current implementation incidentally blocks telnet due to the -way headers are handled, but it's best not to rely on this.) -If you wish to block all ports except the default -HTTP -port 80, -you can put the lines -
- : -
- ~:80 -
-at the beginning of the blockfile, but be aware that some servers -run on non-default ports (e.g. 8080). You might also want to add the line -~:443 -to allow -SSL. -

-On -UNIX ® -systems it is neither necessary nor desirable for the proxy to run as root. -

-Versions 2.0.1 and below may be vulnerable to remote -exploitation of a memory buffer bug; for security reasons all users -are encouraged to -upgrade. -

-If you find any security holes in the code -please -tell us, -along with any suggestions you may have for fixing it. -However, we do not claim that we will be able to do so. -

-We distribute this code in the hope that people -will find it useful, but we provide -no warranty -for it, -and we are not responsible for anyone's use or misuse of it. -

-You may also want to check back periodically for updated versions of the code. -We do not -maintain a mailing list. -To get quick updates, bookmark our -Distribution Information -page. -

- -Home - · -Next - - · Site Map - - · Legal - - · Privacy - - · Cookies - - · Banner Ads - - · Telemarketing - - · Mail - - · Spam - - - - -

webmaster@junkbusters.com

- - + + Internet Junkbuster Frequently Asked Questions + + + + + + +

+ Website · + Manual · FAQ · GPL

+ +

Internet + JUNKBUSTER + Frequently Asked Questions

+ +

Configuring + Browsers · + IE 5.0 · + Installation · For Companies · Blocking Ads · + Cookies · Hotmail · Children · Forwarding/Chaining + · IP + · Anonymity + · Security

+ +

This document is out of date

+ +

Development of JunkBuster is ongoing and this document is + no longer current. However, it may provide some assistance. If + you have problems, please use the Yahoo Groups + mailing list (which includes an archive of mail), the + SourceForge.net project page, or + see the project's home + page. Please also bear in mind that versions 2.9.x of + JunkBuster are development releases, and are not production + quality.

+ +

The Top Ten Questions

+ +

What is the Internet Junkbuster + Proxy and what does it do for me?

+ +

The Internet Junkbuster Proxy ^TM + is free privacy-enhancing software that can be run on your PC + or by your ISP or company. It blocks requests for URLs + (typically banner ads) that match its blockfile. It also + deletes unauthorized cookies and other unwanted identifying + header information that is exchanged between web servers and + browsers. These headers are not normally accessible to users + (even though they may contain information that's important to + your privacy), but with the Internet Junkbuster you can see + almost anything you want and + control everything you're likely to need. Many people publish + their blockfiles to help others get started.

+ +

Is there a license fee / warranty + / registration form / expiration?

+ +

No, none of these. It's completely free of charge. + Junkbusters offers you the software to copy, use, modify and + distribute as you wish, forever, at no charge under the GNU + General Public License.

+ +

It comes with no warranty of any + kind.

+ +

You don't have to register, in fact + we don't even provide a way to do so: the practice of + registering software is usually just an excuse to send you + solicitations and sell your name and information about your + behavior. You are welcome to obtain and use our software as + anonymously you wish. (Your IP address will naturally be + disclosed when you download it; use anonymizing software if you + want to conceal this. We never want to be given any information + that you consider private or confidential.)

+ +

We are often asked why we give away a + product that many would happily pay for. The answer is that we + are determined to carry out our mission: to free the world from + junk communications.

+ +

Does it run on Windows? On a Mac? + On the AOL browser?

+ +

For the latest information on availability, see the + Distribution Information page. We don't think it will ever run + on Windows 3.1. But you don't need to have it running on your + computer if you get your ISP or Systems Administrator at work + to run it.

+ +

How can I get my ISP to run the + Internet Junkbuster?

+ +

Try their sales or support department (depending on whether + you are already a customer). You might + send them email including the following URL:
+ + http://www.junkbusters.com/ht/en/ijbfaq.html#isps
+ You could mention that many other ISPs + provide it, and that you regard it as an important part of your + decision on where to buy Internet service.

+ +

Who chooses the options that + control what is blocked?

+ +

Whoever starts the Internet Junkbuster chooses the options + and the blockfile. If your ISP runs it for you, they have to + make these decision (though some may give you a choice of + proxies, and a way to suggest new URLs to block). If you run it + on your computer, you get to choose.

+ +

How do I download and run the + program on my computer?

+ +

It depends on your platform. If you are using Windows 95 or + NT, see our separate page on installing under Windows. If you + have a C compiler and are using almost any flavor of UNIX ® + you download it, compile it, start it running, and then + configure your browser. Several precompiled packages are also + available through links in our distribution page, which lists + all available platforms.

+ +

If you are using a platform for which we + have no current availability, you are welcome to port the code. + If you do this and you would like us to consider publishing + your ported version, please tell us.

+ +

How can I tell which blockfile + and options are being used?

+ +

Just point your browser to + http://internet.junkbuster.com/cgi-bin/show-proxy-args or to + any URL ending in show-proxy-args (even if it + doesn't exist). It needn't exist because the Internet + Junkbuster intercepts the request, blocks it, and returns in + its place information about itself. Using the URL above is + useful for checking that your browser really is going through + an Internet Junkbuster, because the junkbuster.com + server returns a warning if the request actually gets to it. + Some people set the home page of their browser to such a URL to + be sure that it is configured to use the proxy.

+ +

If you wish to check the header + information your proxy is actually sending, a visit to + http://internet.junkbuster.com/cgi-bin/show_http_headers will + give you the more relevant ones first. You might also like to + turn the proxy off and compare the difference. (Don't forget to + turn it back on again.)

+ +

My browser started giving me + ``server not responding'' messages

+ +

Once your browser is told to use a proxy such as the + Internet Junkbuster, it thinks of it as its server for + everything, so this message means it can't talk to the proxy. + The Internet Junkbuster may not be running, or you may have + specified its proxy address incorrectly. Check that the details + you entered are correct. If you have telnet you + can try connecting to the appropriate port to see if the + Internet Junkbuster is running. If your ISP is running the + Internet Junkbuster, you may want to check with them. If you + are running it yourself under UNIX ®, try looking at a + ps ax to see if it is running. The port specified in its options should be + the same one as your browser has configured.

+ +

I've got this great idea for a + new feature. Who do I tell?

+ +

We'd be very interested to hear it, but please bear a few + things in mind.

+ +

Please check this FAQ to see if + we've already considered the idea, such as automatic + detection of banner ads and replacing ads with something else + such as a transparent GIF.
Don't tell us anything you + want to keep confidential or retain some right over.
We currently have a long wish list of + things that we may or may not do in the near future, + including a version for your favorite computer and a plug-in + version.
If you don't want to wait you're + welcome to improve on our code, publish your version on the + Web, and tell us where to find it. Projects that are + especially welcome include a port to the Mac and extensions + for HTTP 1.1. (Meanwhile, be sure your browser is configured + not to use HTTP 1.1.)

+ +

My question isn't listed here. + Who do I ask for support?

+ +

If you find using our free product + harder than you're used to for consumer software, there are + many commercial alternatives that you could consider.

+ +

The answer to detailed technical questions + may be answered in manual page, or in + the source code. Also double-check this page for an answer: + using the ``find'' feature on your browser for likely keywords + may help. Our site also has a search feature.

+ +

Many people post requests for help and + responses on Usenet.

+ +

If your ISP is providing the Internet + Junkbuster for you, and your question is about how to use it, + check their web page before asking them.

+ +

Even though we don't offer the kind of + support you might expect if you paid a lot of money for a + software product, you can still ask us. But before you do, + please consider whether you could ask someone closer to you. + And please be patient if we're slow to reply: we never charge + consumers for our services, so we have to subsidize consumers + with revenue from companies, and our resources are limited.

+ +

If your company or organization would be + interested in a maintenance contract with phone and email + support, hard copy documentation and source code and + pre-compiled binaries on tape or disk, please ask us for a + quote.

+ +

Configuring your browser to talk to + the Internet Junkbuster

+ +

What is the proxy address of the + Internet Junkbuster?

+ +

If you set up the Internet + Junkbuster to run on the computer you browse from (rather than + your ISP's server or some networked computer at work), the + proxy will be on localhost (which is the special + name used by every computer on the Internet to refer to itself) + and the port will be 8000 (unless you have told + the Internet Junkbuster to run on a different port with the listen-address option). + So you when configuring your browser's proxy settings you + typically enter the word localhost in the two + boxes next to HTTP and + Secure, and the number 8000 in the two boxes + labeled to the right of those boxes. The + Internet Junkbuster does not currently handle other protocols + such as Gopher, FTP, or WAIS, so leave those setting unchanged. + Nor does it handle ICQ or Instant Messenger services.

+ +

If your ISP or company is running the + Internet Junkbuster for you, they will tell you the address to + use. It will be the name of the computer it's running on (or + possibly its numeric IP address), plus a port number. Port 8000 + is the default, so assume this number if it is not specified. + Sometimes a colon is used to glue them together, as in + junkbuster.fictitious-pro-privacy-isp.net:8000 but with + most browsers you do not type the colon, you enter the address + and port number in separate boxes.

+ +

How do I tell the browser where + to find the Internet Junkbuster?

+ +

All current browsers can be told the address of a proxy to + use. You enter the same information in two fields in your + browser's proxy configuration screen (see list below): one for + HTTP, and one for the Secure Protocol (assuming your browser + supports SSL). If you find some information already entered for + your proxy, see the next question. Here are the menus you go + through to get to the proxy configuration settings. (We also + recommend that you disable Java, which is a separate + operation.) Make notes on the changes you make so you + know how to undo them! You will need to know what you + did in case you wish to discontinue using the proxy.

+ +

For Netscape 2.01, 2.02 and 3.0 + [Graphic Illustration]: Options; Network Preferences; Proxies; Manual Proxy Configuration View ; enter proxy + address details under HTTP and Security Proxy; click on OK; click + on the next OK. [Return to Windows + Installation Procedure]
+ With Netscape 2.0, follow with Options, Save Options.
+ With Netscape 4.X series, you + first have to go through Edit/Preferences. + [Graphic Illustration] Then in the frame on the left, click + on triangle pointing to the right towards the word Advanced; it will switch to a triangle pointing + down; and the words Cache, + Proxies and Disk Space appear. Click on + Proxies and the frame on the right will + display a banner saying Proxies Configure + proxies to access the Internet. Click the radio button + labeled Manual proxy configuration then + click the button labeled View; enter proxy + address details under HTTP and Security Proxy; click on OK; click + on the next OK. [Return to Windows + Installation Procedure]
For Internet Explorer 3.0 + [Graphic Illustration]: View; Options; Connections; tick Connect through proxy server box; Settings; enter proxy address details + HTTP Box, with port number in the second box; same with + Secure; click on OK. + [Return to Windows Installation Procedure]
For Internet Explorer 2.0: View; Options; Proxy; enter proxy address details click on OK. [Return to Windows Installation + Procedure]
On NT for MS-IE: Control + Panel; Internet; + Advanced; Proxy.
For MS-IE 4.0: similar to 3.0: View; Internet Options; Connection; tick Access Internet using + a proxy server box; from there we have had reports of + different versions, either click on + Advanced or Settings; enter proxy + address details HTTP Box, with port number + in the second box; same with Secure; click + on OK. Note that 4.0 has + Advanced settings to allow HTTP 1.1 through proxies; + these must be disabled because the proxy does not currently + understand HTTP 1.1. Please tell us if you see any other + differences. [Return to Windows Installation Procedure]
For MS-IE 5.0: similar to 4.0: Tools|Internet Options from the menu bar; Connections. Select either dial-up connection + or LAN (depending on how you connect to the Internet); press + Settings; and check the Use + Proxy Server box; enter proxy address details in the HTTP Box, with port number in the second box; + same with Secure; click on + OK buttons to get out. Note: You must also uncheck the HTTP 1.1 checkboxes + at the end of the Advanced options. This + seems to have been made the default in IE 5.0. [Return to + Windows Installation Procedure]
For Netscape's level 5 browser, we + have no information. If you do, please tell us.
For NCSA Mosaic for Windows: Options, Preferences, Proxy; enter proxy address details under HTTP.
For Opera: + Preferences, Proxy servers; check the + box next to HTTP; enter the server and port number in the box + on the other side; click on OK.
For Lynx, Mosaic/X, Grail, and + W3O Arena, you can specify the proxy via environment + variables before starting the application. This will probably + be done with something like either
+ setenv http_proxy + http://localhost:8000/
+ or
+ + http_proxy=http://junkbuster.fictitious-pro-privacy-isp.net:8000/ + export http_proxy
+ depending on your shell and where the Internet Junkbuster + lives.

+ +

If your browser is not listed here, or if you notice an + error, please tell us the correct procedure.

+ +

What should I do if I find + another proxy is already configured?

+ +

Some ISPs and companies require all Web traffic to go + through their proxy. In this case you would find your proxy + configuration with values already set, possibly under Automatic Proxy Configuration (in the case of + Netscape and MS-IE 3.0 and above). It's probably a firewall + proxy between your company and the outside world, or a caching proxy if you're using an ISP.

+ +

What needs to be done in this case is to use + the forwardfile option to + tell the Internet Junkbuster the address of the other proxy. + Specify a different (unused) port number with the listen-address option, and + configure your browser to use that port. If you haven't done + this kind of thing before, it's probably best to consult your + systems administrator or ISP about it; check their web page + first.

+ +

What if I want to stop using + the Internet Junkbuster?

+ +

Just go through the same procedure you used to start your + browser using the Internet Junkbuster, but remove the details + you put in (or if there was something there before, restore + it). You may need to use Save Options to make + this change permanent. On Netscape 3.0 you can go through Options; Network Preferences; + Proxies and click on No + Proxy to turn it off, and later click on + Manual Proxy Configuration if you want to start using it + again. (No need to enter the again details under + View as you did the first time; they should remain there + unchanged.)

+ +

This stops your browser talking to the + proxy; shutting down the proxy is a different matter.

+ +

Automatic dialing isn't working + any more. How do I fix it?

+ +

Some browsers (such as MSIE-4) can be configured to dial + your ISP automatically when you click on a link, but this + feature (called "automatically connect" or "autoconnect") gets + disabled if you specify a proxy running on your own computer + (with address localhost or 127.0.0.1) + because these addresses don't require dialing. The Internet + Junkbuster knows nothing about dialing, so it doesn't work. To + make automatic dialing work, make up a name such as + junkbuster.ijb and use that name in the proxy settings + instead of localhost, and then add the line + 127.0.0.1 junkbuster.ijb to the file + c:\windows\hosts (if there already is a line beginning + with 127.0.0.1 just add + junkbuster.ijb at the end of it.)

+ +

This should also work Netscape + Communicator 4 on machines where IE-4 has been installed.

+ +

Setting up the Internet Junkbuster on + your local computer

+ +

The next two sections assume you wish to compile the code + with your own C compiler. If you just + want to use the .exe file provided for Windows, + see the Windows Installation page.

+ +

How do I compile the code under + Unix?

+ +

If you are running Redhat Linux you may prefer to use the + rpm instead of the following procedure.

+ +

First download the tar file + (~286k) and uncompress and extract the + files from it with this command
+ uncompress -c ijb20.tar.Z | tar xf + -
If your operating system is from Sun or + HP examine the Makefile and make any changes + indicated inside.
Run
+
+ make
+ Copy the sample configuration file + (junkbstr.ini, previously called + sconfig.txt and other names in earlier releases) to + some convenient place such as + /usr/local/lib/junkbuster/configfile or whatever you + choose. The sample file has all the options commented out. + You can remove the # character on any that you + want, but it may be better to leave this until to later. + Run it asynchronously:
+
+ junkbuster configfile & + + +
If you are running a version earlier than 2.0 you can + start it with junkbuster &
+
Configure your browser (described + above).
Verify that the Internet Junkbuster is + working (described above).
Decide on the options you really + want, kill the process and start it again. The + most popular option is + blockfile to block ads. A + sample blockfile is provided as an illustration, but it + doesn't really stop many ads. More comprehensive ones are + available elsewhere.
You'll probably want to add an entry to + /etc/rc.d/rc.local or equivalent to start it at + boot time. (Any output you specify should be redirected to a + file. And don't forget the & at the end to run it + asynchronously or your system will seize up after the next + reboot.)

+ +

How do I compile the code under + Windows?

+ +

A .exe file (binary) is supplied with the + source code, but if you prefer to compile it yourself here is + the likely procedure. Most of these steps are repeated in our + checklist for installation under Windows.

+ +

First click here to download the zip + file called ijb20.zip (~208k), then uncompress + and unpack the zip archive using a tool like WinZip.
Now the distribution (source and + sample files) will be in a folder called ijb20. + Go into that folder and then edit the Makefile for your + system, removing the comment character (#) in + the lines related to Win32. Then type:
+ nmake
+ This should create an executable called + junkbstr.exe. For information + on issues with various compilers, see the Distribution + Information page.
+ Run the executable with the + command:
+ junkbstr
+ (Click on the icon with that name + that looks like a terminal, not like a notepad.) The + program will produce a message indicating that it has + started and is ready to serve. + +
(Version 2.0.1 and above uses the file + junkbstr.ini as the config file if it exists + and no argument was given. If you have an earlier version + or if you want it to use a different config file, simply + specify that file as the argument.)
+
Configure your browser + (described above).
Check the proxy is working (described + below).
+ To have the proxy start itself + automatically when you login to Win95, drop the + ``shortcut'' to the junkbstr executable into + the StartUp folder:
+ C:\Windows\Start + Menu\Programs\StartUp
+ You might want to change the shortcut's + Properties->Shortcut to Run: + Minimized. If you specify the hide-console option then the + DOS window will vanish after it starts. + +
WinNT users can put it into their own + StartUp folders or the Administrator can put it into the + system's global StartUp folder. For details on how to make + this a service under NT see our Windows page.
+

+ +

How do I check that the proxy is + working?

+ +

Pick a page from somewhere (such as your bookmarks, or just + one that your browser was pointing to) and + Reload it. If you get a message along the lines of ``server + not responding, using cached copy instead,'' see the advice + above. If the page reloads OK, check that your browser is + actually talking to the proxy by going to + http://internet.junkbuster.com/cgi-bin/show-proxy-args or any + URL ending in show-proxy-args (as described below, + the proxy should intercept the request.) When you see + ``Internet Junkbuster Proxy Status,'' you'll know it's + working.

+ +

How and why would I have this + proxy chained with other proxies?

+ +

You may need the + forwarding feature to ``daisy chain'' the Internet + Junkbuster to another proxy, perhaps an anonymizing proxy to + conceal your IP address, or a caching proxy from your ISP, or a + firewall proxy between your company and the outside world. + Version 2.0 and above can be even configured to forward selectively according to the + URL requested: for example, connecting directly to trusted + hosts, but going through an anonymizing or firewall proxy for + all other hosts.

+ +

Network administrators might use + it to provide transparent access to multiple networks without + modifying browser configurations. Most + browsers also provide a way of specifying hosts that the + browser connects to directly, bypassing the proxy. Some provide + a method for Automatic Proxy Configuration. A well written + Internet Junkbuster configuration can be much more flexible and + powerful.

+ +

An ISP's caching proxy would typically + be called something like cache.your-isp.net:8080 + (as described on you ISP's web page); you would put this + information in your + forwardfile as described in our manual. Your browser would + be configured to the Internet Junkbuster for HTTP and Security + Proxies as before, but you probably want to tell it to use the + caching proxy for FTP and other protocols. + If your ISP is running the Internet Junkbuster for you, + they have probably already decided whether to chain with a + caching proxy.

+ +

How does the Internet Junkbuster + work with SOCKS gateways?

+ +

There is support for some gateways in Version 1.4 and above. + The gateway protocol used to be specified on the command line; + it is now specified in the same file as forwarding. Note that the + browser's proxy configuration must not specify a + SOCKS host; it should specify the proxy as + described above.

+ +

How do I configure it to be just + a plain old proxy?

+ +

To get the proxy to do as little as possible (which means + not deleting any sensitive headers), place in your + configuration file the following three lines (each ending in a + space then a period) to stop it changing sensitive headers:
+    referer .
+    from .
+    user-agent .
+    cookiefile mycookiefile
+ The fourth line is also needed to specify a cookiefile that might be called + mycookiefile containing a single line with a + * character, to allow all cookies through.

+ +

How do I shut down the proxy (to + restart it)?

+ +

It depends on your platform.

+ +

Under Windows, you can click on the "X" + button at the top right of the DOS window (and answer Yes when Windows warns you it cannot shut down + the program automatically), or use + Ctrl-Break or the old three-fingered salute of Ctrl-Alt-Delete and select End + Task.
Under UNIX ® you'll need to + kill the junkbuster process. If you don't know the process number to give + to kill, try this:
+ ps ax | grep junkbuster

+ +

Information for companies

+ +

What do advertising companies + think of this kind of technology?

+ +

We've seen only a few public comments from the advertising + industry on this, other than SEC filings. First, the president + of the Internet Advertising Bureau told CNET that he wasn't + worried by banner blockers. Second, after the Federal Trade + Commission's workshop where we gave a live demonstration of our + proxy before many eminent representatives of the industry, the + Direct Marketing Association made the following statement in + the closing paragraphs of their summary comments to the + Commission.

+ +

+ Clever shareware developers have come up with products that + can obliterate cookies and advertisements for those consumers + who have these concerns. The Internet is a market that is so + democratic and flexible that it is easy for companies and + software developers to respond to a perceived market need. +

+ +

Their attitude seems to be that they would prefer that + people use technical solutions to protect their privacy than + have protections imposed by legislation or government + regulations. So, do you perceive a market need? Then here are + some ways to flex your democratic muscles.

+ +

Should we provide the + Internet Junkbuster for our employees?

+ +

That depends. Try this quick three-point test.

+ +

Do you want to spend your + communications budget on bandwidth that wastes your + employees' time by forcing them to wait for a lot of annoying + distractions while they're trying to do their jobs?
Do you want current and + potential vendors to know quantitative details about the + software and hardware platforms that you have?
Do you want your competitors + to be able to track exactly which of your employees are + checking out their web sites?

+ +

If the answer to all three questions is yes, then you + probably don't have any need for this kind of product.

+ +

Can our company get + commercial support for the software?

+ +

Yes, ask us for a quote on a maintenance contract with your + choice of phone and email support, hard copy documentation, + source code and pre-compiled binaries on tape or disk, and + email alerting of upgrades and issues. We also offer consulting + services to help set up ``stealth browsing'' capabilities to + help reduce the footprints left while doing competitive + analysis and other Web work where confidentiality is + critical.

+ +

I run an ISP. What issues should + I consider before offering it?

+ +

Many ISPs who offer the proxy to their customers have told + us that most of their customers are delighted with it (although + one reported that a customer complaint that without banner ads, + surfing was like reading a novel: we recommend making it + optional). Many ISPs like it because it reduces bandwidth + requirements. To help get you started, here's a checklist we've + developed from working with a few ISPs. You may think of more, + and we'd be interested if you're willing to share them with + us.

+ +

If you get more than one request + for the Internet Junkbuster you may want to tell your + customers on your News page that you already know about it + and are assessing it.
Try the software and verify that it + performs satisfactorily.
Determine whether your customers + perceive the service as valuable (and therefore worth the + time to set up). We've had reports of many delighted + customers.
Assess the level of security + associated with the software. If access is to be restricted + (to just dial-in ports, for example) how is this to be + done?
Consider whether to expect any + additional load on computing resources required, and any + change in use of bandwidth due to the blocking of large + GIFs.
Choose the + options you wish to provide.
+ Decide whether you want to offer a + choice of configurations, such some of these four. + +
1. Banners Blocked, Wafer with + No-Cookie-Copyright notice
2. Cookies not stopped (cookiefile with just a + * in it), User Agent specified as Lynx
3. Cookies from browser allowed, + permitting registered services
4. A proxy for kids.
+ If you run a caching proxy, decide + whether the Internet Junkbuster will chain with it by + default, and whether to offer an alternate with no caching. + (Some ISPs don't, because they want to give customers an + incentive to use caching and save bandwidth.) +
Decide on a naming scheme for your + proxies. If you're running only one proxy on one machine, the + simplest way is to just use port 8000 on your main machine, + such as our-isp.net. But it would probably be + safer to put an entry in your name server and call it + something like junkbuster.our-isp.net. If + running several proxies, you could either use different ports + on the same machine, or if you have the opportunity to + distribute the load over a few machines you could use + different hostname aliases such as + banner.junkbuster.our-isp.net, + lynx.junkbuster.our-isp.net and + oneway.junkbuster.our-isp.net (corresponding to the + examples in the previous point). You may want to set up + Automatic Proxy Configuration.
+ Prepare a page explaining the + Internet Junkbuster to your customers. + Here's are some examples from Australia, Germany, Florida, + New York/New Jersey/Pennsylvania, North Carolina, Texas, + and Utah. You are welcome to copy and + modify material from Junkbusters according to the GPL. You + might want to set up a process to check this page + periodically and update it when it changes. (A few links + can probably serve as well as lot of copying however.) A + typical page would probably specify the following. + +
1. A brief explanation stating + what the Internet Junkbuster does, with a link to this + page.
2. The addresses of the proxy or + proxies, with their port number(s).
3. The options used, and how to + view the contents of the blockfile (which you can place + on your web pages, preferably in a file called + blocklist.html or + blocklist.txt).
4. An indication of whether + suggestions for the blocklist are considered, and if so, + how to submit them: to a particular email address, via + web-based form, etc.
5. Instructions on how to + configure a browser. You may want to include details for + only the two major browsers and leave the others to a + link.
6. Procedures on how to report + problems, give feedback etc.
+
Invite a small number of + technologically sophisticated customers to beta-test the + service.
Announce general availability on + your ``News'' page. Tell us if you would like to be included + on a list of ISPs offering the Internet Junkbuster.

+ +

Blocking

+ +

Where can I get an example + blockfile that stops most ads?

+ +

The sample blockfile we provide blocks almost nothing, and + we do not publish blockfiles that stop almost all banner ads. + But others have; you can find them by asking Google. You can + add any part of the new file to your old one (probably called + sblock.ini if you haven't changed the default name + in the latest version) or your just replace it completely. You + probably don't need to restart the proxy.

+ +

If you develop an interesting blocklist + and publish it on the Web, you might want to include the word + ``junkbuster'' in it and use the word ``blocklist'' in the file + name given in the URL so that others can find it with the query + given in the previous sentence.

+ +

If I see an ad I wish I hadn't, + how do I stop it?

+ +

If your ISP is running the Internet Junkbuster, they should + have a policy on whether they accept suggestions from their + customers on what to block. Consult their web page.

+ +

If you are running the Internet + Junkbuster yourself, you have complete control over what gets + through. Just add a pattern to cover the offending URL to your + blockfile. Version 1.3 and later automatically rereads the + blockfile when it changes, but if you're running an earlier + version you'll have to stop it and restart it.

+ +

To choose a pattern you'll first need + to find the URL of the ad you want cover.

+ +

Some people use the debug 1 option to display + each URL in a window as the request is sent to the server. It's + then usually an easy task to pick the offending URL from the + list of recent candidates.

+ +

Alternatively, you can use View Document Info (or View Document + Source if your browser doesn't have that). The Info feature has the advantage of showing you the full + URL including the host name, which may not be specified in the + source: there you might see something like + SRC="/ads/click_here_or_die.gif" indicating only the + path. (The host name is assumed to be the same + as the one the page came from.)

+ +

But ads often come from a different + site, in which case you might see something like + SRC="grabem.n.trackem.com/Ad/Infinitum/SpaceID=1666" or + longer. If the company looks like a + pure ad warehouse (as in the last case), you may want to place + just its domain name in the blockfile, which blocks all URLs + from that site.

+ +

If the ad comes from a server that you + really want some content from, you can include enough of the + path to avoid zapping stuff you might want. In the first + example above, /ads/ would seem to be enough. If + you don't include the domain name, the pattern applies to all + sites, so you don't want such patterns to be too general: for + example /ad would block + /admin/salaries/ on your company's internal site.

+ +

To speed the blocking of images, some + UNIX ® users create a shell script called + Image: containing a line such as echo $1 | sed + s/http:..// >> $HOME/lib/blockfile that adds its + argument to the user's blockfile. Once an offending image has + been be found using View Document Info it's + easy to cut-and-paste the line (or part of it) into a shell + window. The same script can be linked to a file called + Frame: to dealing with framed documents, and + junkbuster: to accept the output of the debug option.

+ +

When compiled without the + regular expressions option, the Internet Junkbuster + uses only very simple (and fast) matching methods. The pattern + /banners will not stop + /images/banners/huge.gif getting through: you would have + to include the pattern /images/banners or + something that matches in full from the left. + So you can get what you want here, the matcher understands + POSIX regular expressions: you can use + /*.*/banners to block and any URL containing + /banners (even in the middle of the path). (In Versions 1.1 through 1.4 they were an option at + compile time; from Version 2.0 they have become the default.) + Regular expressions give you many more features than this, but + if you're not already familiar with them you probably won't + need to know anything beyond the /*.*/ idiom. If + you do, a man egrep is probably a good starting + point).

+ +

Don't forget the / (slash) + at the beginning of the path. If you leave it out the line will + be interpreted as a domain name, so ad would block + all sites from Andorra (since .ad is the + two-letter country code for that principality).

+ +

For a detailed technical description of + how pattern matching is done, see the manual.

+ +

How come this ad is still getting + through anyway?

+ +

If the ad had been displayed before you included its URL in + the blockfile, it will probably be held in cache for some time, + so it will be displayed without the need for any request to the + server. Using the debug + 1 option to show each URL as it is fetched is a good way + to see exactly what is happening.

+ +

If new items seem to be getting + through, check that you are really running the proxy with the + right blockfile in the options. Check the blockfile for + exceptions.

+ +

Some sites may have different ways of + inserting ads, such as via Java. If you have ideas on how to + block new kinds of junk not currently covered, please tell + us.

+ +

How do I stop it blocking a + URL that I actually want?

+ +

You can change the patterns so they don't cover it, or use a + simple feature in Version 1.1 and later: a line beginning with + a ~ character means that a URL blocked by previous + patterns that matches the rest of the line is let through. For + example, the pattern /ad would block + /addasite.html but not if followed by + ~/addasite in the blockfile. Or suppose you want to see + everything that comes from a site you like, even if it looks + like an ad: simply put ~aSiteYouLike.com at the + end of the blockfile. (Order is important, because the + last matching line wins.)

+ +

As well as unblocking pages that were + unintentionally blocked, this feature is useful for unblocking + ads from a specific source. This might be because you are + interested in those particular ones, or if you have an explicit + agreement to accept certain ads, such as those from a free + web-based email provider.

+ +

If you want to find out exactly which + pattern in the blockfile a given URL matched, just click on the + words ``Internet Junkbuster'' which are displayed alone on a + page when your browser requests a blocked URL. The proxy + displays a message that pinpoints the pattern for you.

+ +

Can I block sites I don't want my + children to see?

+ +

Yes, but remember that children who are + technically sophisticated enough to use the browsers' proxy + configuration options could of course bypass any proxy. This + kind of technology can be used as a gentle barrier to remind or + guide the child, but nobody should expect it to replace the + parent's role in setting and enforcing standards of online + behavior for their children.

+ +

Some ISPs are starting to provide + specialized proxies to protect children. There are two basic + approaches: the ``black list'' and the ``white list'' approach. + The black list approach allows the child + to go anywhere not explicitly prohibited; the white list + permits visits only to sites explicitly designated as + acceptable.

+ +

It's very easy for anyone to compile + a white list from a page of ``recommended kids sites'' and to + configure an Internet Junkbuster to allow access to those sites + only. (If you publish such a list on the web, please tell us + its URL). Assuming your version isn't an old one without regex, + you can place a * (asterisk) as the first line of + the blockfile (which blocks everything), and then list + exceptions after that. Be careful to make the exception + sufficiently broad: for example, using + ~www.uexpress.com/ups/comics/ch/ as the exception for + Calvin and Hobbes would block some of the graphic + elements on the page; you would probably want a wider exception + such as ~www.uexpress.com/ups/ to permit them.

+ +

Version 2.0 has an experimental feature + to permit only sites mentioned in a nominated trusted site. This allows + organizations to build lists of sites for kids to browse, and + the software automatically restricts access to those on the + list.

+ +

Many filtering products actually scan for + keywords in the text of pages they retrieve before presenting + it, but the Internet Junkbuster does not do this. Building a + perfectly reliable black list system is hard, because it's very + difficult to state in advance exactly what is obscene or + unsuitable. For more info see our links page.

+ +

What do I see when a page or + graphic is blocked by the proxy?

+ +

You usually see a broken image icon, but it depends on + several factors beyond the proxy's control. If asked for a URL + matching its blockfile, the proxy returns an HTML page + containing a message identifying itself (currently the two + words ``Internet Junkbuster'') with a status 202 (Accepted) + instead of the usual 200 (OK). (Versions 1.X returned an error + 404: Forbidden, which caused strange behavior in some cases.) + Status 202 is described in the HTTP RFC as indicating that the + request has been accepted but not completed, and that it might + complete successfully in the future (in our case, if the + blockfile were changed).

+ +

The broken image icon is most common + because the browser is usually expecting a graphic. But if it + was expecting text, or if the page happens to be using certain + HTML extensions such as layer and your browser is + a late model from Microsoft, you may see the words ``Internet + Junkbuster'' displayed as a hot link.

+ +

Clicking on the link takes you to an + explanation of the pattern in the blockfile that caused the + block, so that you can edit the blockfile and go back and + reload if you really want to see what was blocked. The + explanatory link is generated by the proxy and is automatically + intercepted based on its ending in ij-blocked-url; + even though the site is specified as + http://internet.junkbuster.com no request should + actually made to that site. If one is, it means that the proxy + was been removed after it generated the link.

+ +

To summarize: the identifying link to + the blocking explanation is usually turned into a broken image + icon, but it may be displayed on a page alone, or they may may + be restricted to the particular frame, layer or graphic area + specified in the page containing them. The proxy has no way of + knowing the context in which a URL will be used and cannot + control how the blocking message will be rendered.

+ +

Why not replace blocked banners + with something invisible?

+ +

Many users have suggested to us that + blocked banners should be replaced by a something like a 1x1 + transparent GIF to make the page would look as if there was + nothing ever there. Apart from making it harder to catch + unintended blocking, this might also displease the owners of + the page, who could argue that such a change constitutes a + copyright infringement. We think that merely failing to allow + an included graphic to be accessed would probably not be + considered an infringement: after all this is what happens when + a browser is configured not to load images automatically. + However, we are not lawyers, so anyone in doubt should take + appropriate advice.

+ +

In a context where the copyright issue is + resolved satisfactorily, a proxy could simply return a status + 301 or 302 and specify a replacement URL in a + Location and/or URI header. An alternative + would be to use inline code to return a 1 x 1 clear GIF. We do + not publish sample code for this, and we have no way of + stopping others who have.

+ +

Why not block banners based on + the dimensions of the image?

+ +

Many users have pointed out that most banner ads come in + standard sizes, so why not block all GIFs of those sizes? This + would theoretically be without fetching the object because the + dimensions are usually given in the IMG tag, but + it would require substantial changes in the code, and we doubt + whether it would be much more effective than a good block + list.

+ +

What about non-graphic + advertising within the pages I want?

+ +

The Internet Junkbuster deliberately does not provide a way + of automatically editing the contents of a page, to remove + textual advertising or to repair the holes left by blocked + banners. Other packages such as WebFilter do.

+ +

For the same reason, it has no way of + stopping a new browser window being created, because this is + done through the target attribute in the + <a> and <base> elements, not + through headers. Nor do we plan to add a feature to paralyze + animated GIFs.

+ +

Does it block ads on the + broadcasting ``push'' systems? How about pop-up ads?

+ +

We haven't tried it but we expect it would probably work on + image ads on push channels. See also adchoice.

+ +

Disabling Javascript stops some pop-up + ads. One problem is that some advertisers throw open a new + browser window to frame the ad. The ad is easily blocked, but + the empty window remains. You can kill it easily, but this is a + chore. We don't see how to stop them other than editing the + HTML from the parent window, which we don't like to do.

+ +

The TBTF newsletter warned subscribers to + push information that in IE4, LOGTARGET + allows servers to determine the URLs viewed at their site even + if accessed from cache or through a proxy. If you use this + browser see our instructions on how to disable this.

+ +

If you find you have experience using + the proxy with push, or have any other advice about it, please + tell us.

+ +

Cookies

+ +

For background information on cookies see our page + describing their dangers.

+ +

Might some cookies still + get through? How can I stop them?

+ +

Yes, you should expect the occasional cookie to make it + through to your browser. We know of at least three ways this + can happen; please tell us if you find any others. One way is + in secure documents, which are explained below.

+ +

A few sites set cookies using a line + such as <META HTTP-EQUIV="Set-Cookie" + CONTENT="flavor=chocolate"> in the HEAD + section of an HTML document. Cookies + can also be + + set and read in JavaScript. To see if this is happening in a + document, view its source, look in the head for a + section tagged script language="JavaScript". If it + contains a reference to document.cookie, the page + can manipulate your cookie file without sending any cookie + headers. The Internet Junkbuster does not tamper with these + methods. Fortunately they are rarely used at the moment. If a + cookie gets set, it should be stopped by the proxy on its way + back to the server when a page is requested, but it can still + be read in Javascript.

+ +

To prevent cookies breaking through, + always keep cookie alerts turned on in your + browser, and disable Java and Javascript. Making the files hard + to write may also help.

+ +

Exactly how do cookies get + created and stored anyway?

+ +

When a web site's server sends you a page it also sends + certain ``header information'' which your browser records but + does not display. One of these is a Set-Cookie + header, which specifies the cookie information that the server + wants your browser to record. Similarly, when your browser + requests a page it also sends headers, specifying information + such as the graphics formats it understands. If a cookie has + previously been set by a site that matches the URL it is about + to request, your browser adds a Cookie header + quoting the previous information.

+ +

For more background information on how + cookies can damage your privacy, see our page on cookies. For + highly detailed technical information see the RFC. The Internet + Junkbuster will show you all headers you use the debug 8 option, or you can + get a sample from our demonstration page.

+ +

If cookies can't get through, + will some things stop working for me?

+ +

Possibly. Some personalized services including certain + chat rooms require cookies. + Newspapers that require + + registration or + + subscription will not automatically recognize you if you don't + send them the cookie they assigned you. And there are a very + small number of sites that do strange things with cookies; they + don't work for anyone that blocks cookies by any means. Some + sites such as Microsoft explain that their content is so + wonderfully compelling that they will withhold it from you + unless you submit to their inserting cookies.

+ +

Many free Web-based email services + require cookies. Hotmail also seems to require allowing both + msn.com and passport.com to set + cookies.

+ +

If you want such sites to be given your + cookies, you can use the + cookiefile option provided you are running Version 1.2 or + later yourself. Simply include the domain name of those sites + in the cookiefile specified by this option. If it still + doesn't work, the problem may be in other headers.

+ +

It's possible to let cookies out but not + in, which is enough to keep some sites happy, but not all of + them: one newspaper site seems to go into an endless frenzy if + deprived of fresh cookies. A cookiefile containing a single + line consisting of the two characters >* + (greater-than and star) permits server-bound cookies only. The + * is a wildcard + that matches all domains.

+ +

If someone else is running the Internet + Junkbuster for you and has a version that + passes server-bound + cookies through, you can try editing your browser's cookie file + to contain just the ones you want, and restart your browser. To subscribe to a new service like this after + you have started using the Internet Junkbuster, you can try the + following: tell your browser to stop using the Internet + Junkbuster, fill out and submit your subscription details + (allowing that web site to set a cookie), then reconfigure your + browser to use the Internet Junkbuster again (and stop more + cookies being sent). This also requires the cookiefile option, and its success + depends on the Web site not wanting to change your cookies at + every session. For this reason it does not work at some major + newspaper sites, for example. But you may + prefer to look at whether other sites provide the same or + better services without demanding the opportunity to track your + behavior. The web is a buyer's market where most prices are + zero: very few people pay for content with money, so why should + you pay with your privacy?

+ +

Can I control cookies on a + per-site basis?

+ +

Yes, since version 1.2 the Internet + Junkbuster has included advanced cookie management facilities. + Unless you specify otherwise, cookies are discarded + (``crumbled'') by the Internet Junkbuster whether they came + from the server or the browser. In Version 1.2 and later you + can use the cookiefile + option to specify when cookies are to be passed through intact. + It uses the same syntax and + matching algorithm as the blockfile.

+ +

If the URL matches a pattern in the + cookiefile then cookies are let through in both + the browser's request for the URL and in the server's response. + One-way permissions can be specified + by starting the line with the > or + < character. For example, a cookiefile consisting of + the four lines
+    org
+     >send-user-cookies.org
+     + <accept-server-cookies.org
+     ~block-all-cookies.org
+ allows cookies to and from .org domains only, + with the following exceptions:
+

+ +

Cookies sent from servers in the domain + send-user-cookies.org are blocked on their way + to the client, but cookies sent by the browser to that domain + are still be fed to them.
The cookies of + accept-server-cookies.org check in to the proxy and + are passed through to the browser, but when they come back to + the proxy they never check out.
All cookies to and from + block-all-cookies.org are blocked.

+ +

If the junkbuster + was compiled with the regular expressions option they may be + used in paths. Any logging to a ``cookie jar'' is separate and + not affected.

+ +

It's important to give hosts you want + to be able to set cookies sufficient breadth. For example, + instead of www.yahoo.com use + yahoo.com because the company uses many different hosts + ending in that domain.

+ +

Can I make up my own fake cookies + (wafers) to feed to servers?

+ +

Yes, using the wafer option. + We coined the term wafer to describe cookies + chosen by a user, not the Web server. Servers may not find + wafers as tasty as the cookies they make themselves. But users + may enjoy controlling servers' diets for various reasons, such + as the following.

+ +

Users who consider cookies to be + an unwelcome intrusion and a waste of their disk space can + respond in kind. By writing ``signature wafers'' they can + express their feelings about cookies, in a place that the + people in charge of them are most likely to notice.
+ Sites running a proxy that logs + cookies to a file (such as the Internet Junkbuster does + with the jarfile option + on) may want to notify servers that their cookies are being + intercepted, deleted or copied. One possible reason for + doing this is the uncertain copyright status of cookie + strings. Nothing here should be taken as legal advice: we + are simply raising a question for any interested parties to + consider, and make no representation that such measures are + necessary or sufficient. Concerned proxy sites might decide + to send a wafer (named ``NOTICE'' for example) containing + text along the lines of the following. + +
+
TO WHOM IT + MAY CONCERN
+
+ Do not send me any copyrighted information other than + the document that I am requesting or any of its necessary + components.
+
+ In particular do not send me any cookies that are + subject to a claim of copyright by anybody. Take notice + that I refuse to be bound by any license condition + (copyright or otherwise) applying to any cookie.
+
+ Any company that tries to argue in court that the proxy + site was breaching their copyright in the cookies would be + met with the defense that the proxy site gave that company + the opportunity to protect its copyright by simply not + sending cookies after receiving the notice. + +
Cookies can be as long as four + thousand characters, so there's plenty of space for + lawyerly verbosity, but white space, commas, and + semi-colons are prohibited. + Spaces can be turned into underscores. Alternatively, a URL + could be sent as the cookie value, pointing to a document + containing a notice, perhaps with a suggestive value such + as
+ + http://www.junkbusters.com/ht/en/ijbfaq.html#licenses_on_cookies_refused
+ + But including the notice directly would probably be + preferable because the addressee does not have to look it + up.
+ +
The Internet Junkbuster 2.0.2 + currently sends a full notice as a ``vanilla wafer'' if + cookies are being logged to a cookie jar and no other + wafers have been specified. It can be suppressed with the + + suppress-vanilla-wafer option, which might be used in + situations where there is an established understanding + between the proxy and all who serve it.
+

+ +

Junkbusters provides a CGI script that + lets you see your wafers as they appear to servers.

+ +

Wafers confuse a few fragile + servers. Hotmail appears to be one of them. If this troubles + you, don't use this option.

+ +

Any wafers specified are sent to + all sites regardless of the cookiefile. + They are appended after any genuine cookies, to maintain + compliance with RFC 2109 in the event that a path was specified + for a cookie. The RFC's provisions regarding the $ + character (such as the Version attribute) are + transparent to the proxy; it simply quotes what was recited by + the browser.

+ +

If you want to send wafers only to + specific sites, you could try putting them your browser's + cookie file in a format conforming to the Netscape + specification, and then specify in the proxy's cookiefile that + cookies are to be sent to but not accepted from those sites, so + they can't overwrite the file. This may work with Netscape but + not all other browsers.

+ +

Why would anyone want to save + their cookies in a ``cookie jar?''

+ +

We provided this capability just in case anyone wants it. + There are a few possible reasons.

+ +

It's conceivable that marketing + companies might one day buy history files and cookie jars + from consumers in the same way that they currently pay them + to fill out survey forms. With this information they could + gather psychographic information, see which competitors' + sites the consumer has visited, and discover what advertising + is being targeted at them.
Some consumers might employ + semi-automated means of sorting through their cookie jars, + selecting which ones to place in their cookies file for use + by their browsers. Their decisions could be based on payments + offered, privacy rating systems such as TRUSTe proposes, or + their own opinion of the company. It could be done manually + or with software. There's an Internet Draft on trust + certification of cookies.
Users may even start ``sharing'' + cookies among themselves, sending back cookies that servers + generated for other visitors. Servers that aren't expecting + this possibility will be misled about their visitors' + identities. Cookies could be shared among users on a single + machine, or across continents via FTP and anonymous + remailers. Privacy activists may + promote cookie disinformation campaigns as a way to defend + the public against abuse. If a significant percentage of + people send disinformative cookies, user tracking via cookies + may become less reliable and less used.

+ +

Anonymity

+ +

For details on how your identity can be revealed while you + surf, see our page on privacy. Once you start using the + Internet Junkbuster you should find that much of the + information previously indicated on that page will no longer be + provided. If the REMOTE HOST indicating your IP + address is too close for comfort, see our suggestions below on + how to conceal your IP address. We also recommend that you + disable JavaScript and Java.

+ +

If I use the Internet Junkbuster, + will my anonymity be guaranteed?

+ +

No. Your chances of remaining anonymous are improved, but + unless you are an expert on Internet security it would be + safest to assume that everything you do on the Web can be + attributed to you personally.

+ +

The Internet Junkbuster removes various + information about you, but it's still possible that web sites + can find out who you are. Here's one way this can happen.

+ +

A few browsers disclose the user's email + address in certain situations, such as when transferring a file + by FTP. The Internet Junkbuster 2.0.2 does not filter the FTP + stream. If you need this feature, or are concerned about the + mail handler of your browser disclosing your email address, you + might consider products such as NSClean.

+ +

Browsers downloaded as binaries could + use non-standard headers to give out any information they can + have access to: see the manufacturer's license agreement. It's + impossible to anticipate and prevent every breach of privacy + that might occur. The professionally paranoid prefer browsers + available as source code, because anticipating their behavior + is easier.

+ +

Why should I trust my ISP or + Junkbusters with my browsing data?

+ +

You shouldn't have to trust us, and you certainly don't have + to. We do not run the proxy as a service, where we could + observe your online behavior. We provide source code so that + everyone can see that the proxy isn't doing anything + sneaky.

+ +

You are already trusting your ISP not to + look at an awful lot of information on what you do. They + probably post a privacy policy on their site to reassure you. + If they run a proxy for you, using it could actually make it + slightly easier for them to monitor you, but we doubt that any + sane ISP would try this, because if it were discovered + customers would desert them.

+ +

Can the proxy be used for logging + who looks at what?

+ +

We don't want institutions to use this software as an + instrument of surveillance. We have deliberately not provided + options to add timestamps or records of which IP addresses + accessed which URLs. However, because we publish source code + anyone can modify it to do such things, and there is no way a + remote user can find out if this is happening. Again, you need + to be able to trust the entity providing your proxy service, + but you were probably in that position even before using a + proxy.

+ +

What private information from + server-bound headers is removed?

+ +

The Internet Junkbuster pounces on the following HTTP + headers in requests to servers, unless instructed otherwise in + the options.

+ +

The FROM header, which a + few browsers use to tell your email address to servers, is + dropped unless the from option + is set.
The USER_AGENT header is changed to indicate that the browser is + currently Mozilla (Netscape) 3.01 Gold with an unremarkable + Macintosh configuration. Misidentification helps resist + certain attacks. If your browser and hardware happen to be + accurately identified, you might want to change the default. + (Earlier versions of the Internet Junkbuster indicated + different details; by altering them periodically we aim to + hinder anyone trying to infer whether our proxy is present.) + If you don't like the idea of incorrectly + identifying your computer as a Mac, set it accordingly. +
The REFERER header + (which indicates where the URL currently being requested was + found) is dropped. A single static referer to replace all + real referers may be specified using the referer option. Where no referer is + provided by the browser, none is added; the add-header option with arguments + such as -x 'Referer: http://me.me.me' can be + used to send a bogus referer with every request.

+ +

In Version 1.4 and later you can use the -r @ option to selectively disclose + REFERER and USER_AGENT to only those + sites you nominate.

+ +

Some browsers send Referer and User-Agent + information under different non-standard headers. The Internet + Junkbuster 2.0.2 stops UA headers, but others may + get through. This information is also available via JavaScript, + so disable it. Some search engines + encode the query you typed in the URL that goes to advertisers + to target a banner ad at you, so you will need to block the ad + as well as the referer header, unless you want them (and anyone + they might buy data from) to know everything you ever search + for.

+ +

If you have JavaScript enabled (the + default on most browsers) servers can use it to obtain Referer + and User Agent, as well as your plug-ins. We recommend + disabling JavaScript and Java.

+ +

Currently no HTTP response headers + (browser bound) are removed, not even the + Forwarded: or X-Forwarded-For: headers. Nor + are any added, unless requested. + We are considering a more flexible header management system for + a future version.

+ +

Might some things break because + header information is changed?

+ +

Possibly. If used with a browser less advanced than Netscape + 3.0 or IE-3, indicating an advanced browser may encourage pages + containing extensions that confuse your browser. If this + becomes a problem upgrade your browser or use the user-agent option to indicate an + older browser. In Version 1.4 and later you can selectively + reveal your real browser to only those sites you nominate.

+ +

Because different browsers use + different encodings of Russian and Czech characters, certain + web servers convert pages on-the-fly according to the User + Agent header. Giving a User Agent with the wrong operating + system or browser manufacturer causes some sites in these + languages to be garbled; Surfers to Eastern European sites + should change it to something + closer.

+ +

Some page access counters work by + looking at the referer; they may fail or break when + deprived.

+ +

Some sites depend on getting a referer + header, such as uclick.com, which serves comic + strips for many newspaper sites, including + Doonsbury for the Washington Post. (If you + click on that last link, you can then get to a page containing + the strip via the same URL we've linked to under + Doonsbury, but if you click on the + Doonsbury link directly, it gives you an error message + suggesting that you use a browser that supports referers.) In + Version 1.4 and later you can use the -r @ option and place a line like + >uclick.com in your cookiefile. Wired News used to + use referer to decide whether to add a navigation column to the + page, but they have changed that.

+ +

The weather maps of Intellicast + have been blocked by their server when no referer or cookie is + provided. You can use the same countermeasure with a line such + as >208.194.150.32 (or simply get your weather + information elsewhere).

+ +

Some software vendors, including + Download.com and Intuit use USER_AGENT to decide + which versions of their products to display to you. With the + default you get Mac versions.

+ +

As a last resort if a site you need + doesn't seem to be working, the proxy configuration of many + browsers allow you to specify No Proxy For + any hostname you want.

+ +

We had reports that on some versions of + Netscape the What's New feature did not work with the proxy, + but we think we fixed this in Version 2.0.1.

+ +

How is misidentifying my + browser good for security and privacy?

+ +

Almost every major release of both leading browsers has + contained bugs that allow malicious servers to compromise your + privacy and security. Known bugs are quickly fixed, but + millions of copies of the affected software remain out there, + and yours is probably one of them. The header that normally + identifies your browser tells such servers exactly which + attacks to use against you. By misidentifying your browser you + reduce the likelihood that they will be able to mount a + successful attack.

+ +

Does the Internet Junkbuster + conceal my IP address?

+ +

Web sites get the IP address of any proxy or browser they + serve pages to. If you run the proxy on your own computer the + IP address disclosed is the same as your browser would, unless + you use the forwardfile + option is used to chain to another proxy, in which case servers + only get the last IP address in the chain. Chaining slightly + slows browsing of course, but it improves anonymity.

+ +

Does the Internet Junkbuster + thwart identification by identd?

+ +

We think so, provided you are not the user running the + proxy. If your computer (or your ISP's) is running the + identd demon, servers can ask it for the identity of the + user making the request at time you request a page from them. + But if you're going through a proxy, they will identify the + user name associated with the proxy, not you. A visit to + http://ident.junkbusters.com lets you see what's happening. + This test is (quite rightly) blocked by many firewalls; just + interrupt the transfer if you get an abnormal wait after + clicking. Running other applications may also expose you via + identd; the proxy of course doesn't help then.

+ +

Can web sites tell that I'm using + the Internet Junkbuster?

+ +

With the default options the proxy doesn't announce itself. + Obvious indications such as Keep-Alive headers are deleted, but sites might notice that you + can cancel cookies faster than any human could possibly click + on a mouse. (If you want to provide a plausible explanation for + this, change the User Agent header to a cookie-free or + cookie-crunching browser).

+ +

But when certain options are used they + could figure out something's going on, even if they're not + pushing cookies. If you use blocking they can tell from their + logs that the graphics in their pages are not being requested + selectively. The + add-forwarded-header option explicitly announces to the + server that a proxy is present, and sending them wafers is of + course a dead giveaway.

+ +

Security

+ +

What happens with Secure + Documents (SSL, https:)?

+ +

If you enter a ``Secure Document Area,'' cookies and other + header information such as User Agent and Referer are sent + encrypted, so they cannot be filtered. We recommend getting + your browser to alert you when this happens. (On Netscape: Options; Security; General; Show an alert before entering a + secure document space.) We also recommend adding the line + :443 to the blockfile to stop all but sites + specified in an exception after that line from using SSL.

+ +

It may be possible to filter encrypted + cookies by combining the blocking proxy with a cryptographic + proxy along the lines of SafePassage, but we have not tried + this.

+ +

Will using this as my Security + Proxy compromise security?

+ +

We're not security experts, but we don't think so. The whole + point of SSL is that the contents of messages are + + encrypted by the time they leave the browser and the server. + Eavesdroppers (including proxies) can see where your messages + are going whether you are running a proxy or not, but they only + get to see the contents after they have been encrypted.

+ +

Can I restrict use of the proxy + to a set of nominated IP addresses?

+ +

Yes, we added an access + control file in Version 2.0. But before you use it please + consider why you want to do it. If the reason is security, it + probably means you need a firewall.

+ +

The listen-address option provides + a way of binding the proxy to a single IP address/port. The + right way to do this is to choose a port inside your firewall, + and deny access to it to those outside the firewall. The + Internet Junkbuster is not a firewall proxy; it should not be + expected to solve security problems.

+ +

For background information on + firewalls, see Yahoo or a magazine article or these well-known + books: Firewalls and Internet Security: Repelling the + Wily Hacker by William R. Cheswick and Steven M. + Bellovin or Building Internet Firewalls by D. + Brent Chapman and Elizabeth D. Zwicky. There's + + free Linux software available, and a large number of commercial + products and services. For an excellent security overview, + primer, and compendium reference, see Practical Unix and + Internet Security by Simson Garfinkel and Gene + Spafford.

+ +

Are there any security risks for + ISPs or others who offer the proxy?

+ +

Yes. As with any service offered over the Internet, hackers + can try to misuse it. A well-run ISP will have professionals + who are experienced at assessing and containing these + risks.

+ +

It's possible to set up your machine + so that other people can have access to your proxy, but if you + lack expertise in computer security you probably shouldn't have + your computer configured to offer this or any other service to + the outside world.

+ +

Hackers can attempt to gain access to + the machine by various attacks, which we have tried to guard + against but don't guarantee to thwart. They can also use the + ``anonymizing'' quality of proxies to try to cover their tracks + while hacking other computers. For this reason we recommend + preventing it being used as an anonymous telnet by + putting the pattern :23 in the blockfile (it's + included as standard equipment). (Actually the current + implementation incidentally blocks telnet due to the way + headers are handled, but it's best not to rely on this.) If you + wish to block all ports except the default HTTP port 80, you + can put the lines
+ :
+ ~:80
+ at the beginning of the blockfile, but be aware that some + servers run on non-default ports (e.g. 8080). You might also + want to add the line ~:443 to allow SSL.

+ +

On UNIX ® systems it is neither + necessary nor desirable for the proxy to run as root.

+ +

Versions 2.0.1 and below may be + vulnerable to remote exploitation of a memory buffer bug; for + security reasons all users are encouraged to upgrade.

+ +

If you find any security holes in the + code please tell us, along with any suggestions you may have + for fixing it. However, we do not claim that we will be able to + do so.

+ +

We distribute this code in the hope + that people will find it useful, but we provide no warranty for + it, and we are not responsible for anyone's use or misuse of + it.

+ +

You may also want to check back + periodically for updated versions of the code. We do not + currently maintain a mailing list. To get quick updates, + bookmark our Distribution Information page.

+ +

+ Website · + Manual · FAQ · GPL

+ +

+ http://sourceforge.net/projects/ijbswa/

+ +