X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fsource%2Ffaq.sgml;h=07997052503a67f79c4ddf2ef4d093624b69347d;hb=3fb5b49e4b9b2e99b1a12205f54ab0e22e77eade;hp=3494e3d101408e245bde27443f8a308c90740d3b;hpb=beebc6650fffc2169d51d901f229aede4670eb58;p=privoxy.git
diff --git a/doc/source/faq.sgml b/doc/source/faq.sgml
index 3494e3d1..07997052 100644
--- a/doc/source/faq.sgml
+++ b/doc/source/faq.sgml
@@ -1,5 +1,5 @@
+
@@ -8,7 +8,7 @@
-
+
@@ -17,6 +17,7 @@
+
Privoxy">
]>
- Copyright &my-copy; 2001-2006 by
- Privoxy Developers
+ Copyright &my-copy; 2001-2011 by
+ Privoxy Developers
-$Id: faq.sgml,v 2.24 2006/11/14 01:57:46 hal9 Exp $
+$Id: faq.sgml,v 2.91 2013/02/26 15:09:35 fabiankeil Exp $
+-->
@@ -136,7 +137,7 @@ Hal.
You can find the latest version of the document at http://www.privoxy.org/faq/.
Please see the Contact section if you want to
- contact the developers.
+ contact the developers.
@@ -149,56 +150,56 @@ Hal.
General Information
-Who should use Privoxy?
+Who should give &my-app; a try?
- Anyone that is interested in security, privacy, or in
+ Anyone who is interested in security, privacy, or in
finer-grained control over their web and Internet experience.
- Everyone is encouraged to try &my-app;.
Is Privoxy the best choice for
me?
- &my-app; is certainly a good choice, especially for those who want more
- control and security. Those that have the ability to fine-tune their installation
- will benefit the most. One of Privoxy's
- strength's is that it is highly configurable giving you the ability to
+ &my-app; is certainly a good choice, especially for those who want more
+ control and security. Those with the willingness to read the documentation
+ and the ability to fine-tune their installation will benefit the most.
+
+
+ One of Privoxy's
+ strengths is that it is highly configurable giving you the ability to
completely personalize your installation. Being familiar with, or at least
having an interest in learning about HTTP and other networking
- protocols, HTML,
- IP (Internet
- Protocol), and
+ protocols, HTML, and
Regular
Expressions
- will be a big plus and will help you get the most out of &my-app;.
- A new installation just includes a very basic configuration. The user
- should take this as a starting point only, and enhance it as he or she
- sees fit. In fact, the user is encouraged, and expected to, fine-tune the
+ will be a big plus and will help you get the most out of &my-app;.
+ A new installation just includes a very basic configuration. The user
+ should take this as a starting point only, and enhance it as he or she
+ sees fit. In fact, the user is encouraged, and expected to, fine-tune the
configuration.
- Much of Privoxy's configuration can be done
- with a Web browser.
- But there are areas where configuration is done using a
+ Much of Privoxy's configuration can be done
+ with a Web browser.
+ But there are areas where configuration is done using a
text editor
- to edit configuration files.
+ to edit configuration files. Also note that the web-based action editor
+ doesn't use authentication and should only be enabled in environments
+ where all clients with access to &my-app; listening port can be trusted.
What is a proxy? How does
Privoxy work?
- A web proxy
- is a service, based on a software such as
- Privoxy, that clients (i.e. browsers) can use
- instead of connecting directly to web servers on the Internet. The
- clients then ask the proxy to fetch the objects they need (web pages,
- images, movies etc) on their behalf, and when the proxy has done so, it
- hands the results back to the client. It is a go-between. See
- the Wikipedia proxy
- definition for more.
+ A web proxy
+ is a service, based on a software such as &my-app;, that clients
+ (i.e. browsers) can use instead of connecting to web servers directly.
+ The clients then ask the proxy to request objects (web pages, images, movies etc)
+ on their behalf and to forward the data to the clients.
+ It is a go-between. For details, see
+ Wikipedia's proxy definition.
There are many reasons to use web proxies, such as security (firewalling),
@@ -206,9 +207,9 @@ Privoxy work?
to accommodate those needs.
- Privoxy is a proxy that is primarily focused on privacy
- protection, ad and junk elimination and freeing the user from restrictions placed on his
- activities. Sitting between your browser(s) and the Internet,
+ &my-app; is a proxy that is primarily focused on
+ privacy enhancement, ad and junk elimination and freeing the user from
+ restrictions placed on his activities. Sitting between your browser(s) and the Internet,
it is in a perfect position to filter outbound personal information that your
browser is leaking, as well as inbound junk. It uses a variety of techniques to do
this, all of which are under your complete control via the various configuration
@@ -219,13 +220,13 @@ Privoxy work?
Does Privoxy do anything more than ad blocking?
-
- Yes, ad blocking is but one possible use. There are many, many ways &my-app;
- can be used to sanitize and customize web browsing.
+
+ Yes, ad blocking is but one possible use. There are many, many ways &my-app;
+ can be used to sanitize and customize web browsing.
-What is this new version of
+What is this new version of
Junkbuster?
@@ -239,27 +240,26 @@ Privoxy work? Why Privoxy? Why change the name from
Junkbuster at all?
- Though outdated, Junkbusters Corporation
- continues to offer their original version of the Internet
- Junkbuster, so publishing our
- Junkbuster-derived software under the same name
- led to confusion.
+ Though outdated, Junkbusters Corporation continued to offer their original
+ version of the Internet Junkbuster for a while,
+ so publishing our Junkbuster-derived software
+ under the same name would have led to confusion.
- There are also potential legal complications from our use of the
- Junkbuster name, which is a registered trademark of
- Junkbusters Corporation.
- There are, however, no objections from Junkbusters Corporation to the
- Privoxy project itself, and they, in fact, still
- share our ideals and goals.
+ There were also potential legal reasons not to use the
+ Junkbuster name, as it was (and maybe still is)
+ a registered trademark of Junkbusters Corporation.
+ There were, however, no objections from Junkbusters Corporation to the
+ Privoxy project itself, and they, in fact,
+ shared our ideals and goals.
- The developers also believed that there are so many improvements over the original
- code, that it was time to make a clean break from the past and make
- a name in their own right.
+ The Privoxy developers also believed that there were so many improvements
+ over the original code, that it was time to make a clean break from the past
+ and make a name in their own right.
- Privoxy is the
+ Privoxy is the
Privacy Enhancing Proxy. Also, its content
modification and junk suppression gives you, the user, more
control, more freedom, and allows you to browse your personal and
@@ -268,30 +268,21 @@ Junkbuster at all?
How does Privoxy differ
-from the old Junkbuster?
+from the old Junkbuster?
Privoxy picks up where
- Junkbuster left off. All the old features remain.
- The new Privoxy still blocks ads and banners,
+ Junkbuster left off.
+ Privoxy still blocks ads and banners,
still manages cookies, and still
- helps protect your privacy. But, these are all greatly enhanced, and many,
- many new features have been added, all in the same vein.
+ helps protect your privacy. But, most of these features have been enhanced,
+ and many new ones have been added, all in the same vein.
-
- The configuration has changed significantly as well. This is something that
- users will notice right off the bat if upgrading from
- Junkbuster 2.0.x. The blocklist
- cookielist, imagelist and much more has been
- combined into the actions files, with a completely different
- syntax. What's New
- page for the latest updates.]]>
-Privoxy's new features include:
-
+
&newfeatures;
@@ -310,7 +301,7 @@ an ad, and what is not?
and the host (blocking the big banner hosting services like doublecklick.net
already helps a lot). Privoxy takes advantage of this
fact by using URL
- patterns to sort out and block the requests for things that sound
+ patterns to sort out and block the requests for things that sound
like they would be ads or banners.
@@ -328,7 +319,7 @@ an ad, and what is not?
-Can Privoxy make mistakes?
+Can Privoxy make mistakes?
This does not sound very scientific.
Actually, it's a black art ;-) And yes, it is always possible to have a broad
@@ -351,21 +342,22 @@ This does not sound very scientific.Will I have to configure Privoxy
before I can use it?
- No, not really. The default installation should give you a good starting
- point, and block most ads and unwanted content. Many of
- the more advanced features are off by default, and would require you to
- activate them.
+ That depends on your expectations.
+ The default installation should give you a good starting
+ point, and block most ads and unwanted content,
+ but many of the more advanced features are off by default, and require
+ you to activate them.
You do have to set up your browser to use
Privoxy (see the Installation section below).
+ linkend="firststep">Installation section below).
And you will certainly run into situations where there are false positives,
or ads not being blocked that you may not want to see. In these cases, you
would certainly benefit by customizing Privoxy's
- configuration to more closely match your individual situation. And we would
+ configuration to more closely match your individual situation. And we
encourage you to do this. This is where the real power of
Privoxy lies!
@@ -374,7 +366,7 @@ This does not sound very scientific.
Can Privoxy run as a server on a network?
-
+
Yes, &my-app; runs as a server already, and can easily be configured to
serve more than one client. See
How can I set up Privoxy to act as a proxy for my LAN below.
@@ -386,16 +378,24 @@ Privoxy. Why should I use Privoxy at all?
Modern browsers do indeed have some of the same
functionality as Privoxy. Maybe this is
- adequate for you. But Privoxy is much more
- versatile and powerful, and can do a number of things that browsers just can't.
+ adequate for you. But Privoxy is very
+ versatile and powerful, and can probably do a number of things
+ your browser just can't.
- In addition, a proxy is good choice if you use multiple browsers, or
- have a LAN with multiple computers since &my-app; can run as a server
+ In addition, a proxy is good choice if you use multiple browsers, or
+ have a LAN with multiple computers since &my-app; can run as a server
application. This way all the configuration is in one place, and you don't
have to maintain a similar configuration for possibly many browsers or
users.
+
+ Note, however, that it's recommended to leverage both your browser's
+ and Privoxy's privacy enhancing features
+ at the same time. While your browser probably lacks some features
+ &my-app; offers, it should also be able to do some things more
+ reliable, for example restricting and suppressing JavaScript.
+ Why should I trust Privoxy?
@@ -403,30 +403,28 @@ Privoxy. Why should I use Privoxy at all?
The most important reason is because you have access to
everything, and you can control everything. You can
check every line of every configuration file yourself. You can check every
- last bit of source code should you desire. And even if you can't read code,
- there should be some comfort in knowing that thousands of other people can,
- and do read it. You can build the software from scratch, if you want, so
- that you know the executable is clean, and that it is
+ last bit of source code should you desire. And even if you can't read code,
+ there should be some comfort in knowing that other people can,
+ and do read it. You can build the software from scratch, if you want,
+ so that you know the executable is clean, and that it is
yours. In fact, we encourage this level of scrutiny. It
is one reason we use &my-app; ourselves.
-Is there is a license or fee? What about a
+Is there is a license or fee? What about a
warranty? Registration?
- Privoxy is licensed under the GNU General Public License (GPL).
+ Privoxy is free software and licensed under the GNU General Public License (GPL) version 2.
It is free to use, copy, modify or distribute as you wish under the terms of this
license. Please see the Copyright section for more
- information on the license and copyright. Or the LICENSE file
+ information on the license and copyright. Or the LICENSE file
that should be included.
There is no warranty of any kind, expressed, implied or otherwise.
That is something that would cost real money ;-) There is no registration either.
- Privoxy really is free
- in every respect!
@@ -434,10 +432,17 @@ warranty? Registration?Can Privoxy remove spyware? Adware? Viruses?
- No. &my-app; cannot remove anything. It is not a removal tool. It is a
- preventative. &my-app; can help prevent contact from sites that use such
+ No, at least not reliably enough to trust it. &my-app; is not designed to be
+ a malware removal tool and the default configuration doesn't even try to
+ filter out any malware.
+
+
+ &my-app; could help prevent contact from (known) sites that use such
tactics with appropriate configuration rules, and thus could conceivably
- prevent contamination from such sites.
+ prevent contamination from such sites. However, keeping such a configuration
+ up to date would require a lot of time and effort that would be better spend
+ on keeping your software itself up to date so it doesn't have known
+ vulnerabilities.
@@ -450,14 +455,17 @@ warranty? Registration?
But it is probably not necessary to use &my-app; in conjunction with other
ad-blocking products, and this could conceivably cause undesirable results.
- It would be better to choose one software or the other and work a little to
+ It might be better to choose one software or the other and work a little to
tweak its configuration to your liking.
+
+ Note that this is an advice specific to ad blocking.
+
-I would like to help you, what can I do?
+I would like to help you, what can I do?
-Would you like to participate?
+Would you like to participate?
Well, we always need help. There is something for
everybody who wants to help us. We welcome new developers, packagers,
@@ -466,38 +474,93 @@ warranty? Registration?
programmer. There are many other tasks available. In fact,
the programmers often can't spend as much time programming because of some
of the other, more mundane things that need to be done, like checking the
- Tracker feedback sections.
+ Tracker feedback sections or responding to user questions on the mailing
+ lists.
+
+
+ So first thing, subscribe to the Privoxy Users
+ or the Privoxy
+ Developers mailing list, join the discussion, help out other users, provide general
+ feedback or report problems you noticed.
- So first thing, get an account on SourceForge.net
- and mail your id to the developers
- mailing list. Then, please read the Developer's Manual, at least
- the pertinent sections.
+ so we don't confuse you with the other name-less users.
+
+
+ We also have a Developer's Manual.
+ While it is partly out of date, it's still worth reading.
+
+
+ Our TODO list
+ may be of interest to you as well.
+ Please let us know if you want to work on one of the items listed.
-Contribute!
+Would you like to donate?
- We, of course, welcome donations and could use money for domain registering,
- buying software to test Privoxy with, and, of course,
- for regular world-wide get-togethers (hahaha). If you enjoy the software and feel
- like helping us with a donation, just drop us a note.
+ Privoxy is developed by unpaid volunteers
+ and thus our current running costs are pretty low. Nevertheless, we
+ have plans that will cost money in the future. They include,
+ but aren't limited to spending money on:
+
-
-Software
- If you are a vendor of a web-related software like a browser, web server
- or proxy, and would like us to ensure that Privoxy
- runs smoothly with your product, you might consider supplying us with a
- copy or license. We can't, however, guarantee that we will fix all potential
- compatibility issues as a result.
+
+
+
+ Hardware to help make sure Privoxy
+ keeps running on platforms the developers currently can't test
+ on and can be ported to others.
+
+
+
+
+ Technical books to educate our developers about said platforms
+ or to improve their knowledge in general.
+
+
+
+
+ More reliable hosting,
+
+
+
+
+
+
+ We would like to get this money through donations made by our users.
-
+
+ Privoxy has therefore become an associated
+ project of Software
+ in the Public Interest (SPI), which allows us to receive donations.
+ In the United States they are tax-deductible, in a few other western countries
+ they might be tax-deductible in the future.
+
+
+
+ If you read this section before you may notice that paying for the
+ project domain privoxy.org is no longer on the list. It has been
+ transferred to SPI is sponsored by Mythic Beasts Ltd.
+
+
+
+ If you enjoy our software and feel like helping out with a donation,
+ please have a look at
+ SPI's donation page
+ to see what the options are. If you have any questions regarding donations
+ please mail to either the public user mailing list or, if it's a private
+ matter, to Fabian Keil
+ (Privoxy's SPI liason) directly.
+
+
@@ -511,10 +574,11 @@ warranty? Registration?
Which browsers are supported by Privoxy?
- Any browser that can be configured to use a proxy, which
+ Any browser that can be configured to use a proxy, which
should be virtually all browsers, including
Firefox, Internet
- Explorer, and Opera among others.
+ Explorer, Opera, and
+ Safari among others.
Direct browser support is not an absolute requirement since
Privoxy runs as a separate application and talks
to the browser in the standardized HTTP protocol, just like a web server
@@ -538,8 +602,8 @@ Include supported.sgml here:
browser or not. Though this may not be the best approach for
dealing with some of the common abuses of HTML in email. See How can I configure Privoxy
- with Outlook Express? below for more on
- this.
+ with Outlook? below for more on
+ this.
Be aware that HTML email presents a number of unique security and privacy
@@ -549,11 +613,12 @@ Include supported.sgml here:
-Can I install
+
-I just installed Privoxy. Is there anything
+I just installed Privoxy. Is there anything
special I have to do now?
- All browsers must be told to use Privoxy
- as a proxy by specifying the correct proxy address and port number
- in the appropriate configuration area for the browser. See
+ All browsers should be told to use Privoxy
+ as a proxy by specifying the correct proxy address and port number
+ in the appropriate configuration area for the browser. It's possible
+ to combine &my-app; with a packet filter to intercept HTTP requests
+ even if the client isn't explicitly configured to use &my-app;,
+ but where possible, configuring the client is recommended. See
the User Manual for more
- details. You should also flush your browser's memory and disk cache to get rid of any
- cached junk items, and remove any stored
+ details. You should also flush your browser's memory and disk
+ cache to get rid of any cached junk items, and remove any stored
cookies.
-
What is the proxy address of Privoxy?
If you set up the Privoxy to run on
the computer you browse from (rather than your ISP's server or some
- networked computer on a LAN), the proxy will be on 127.0.0.1
+ networked computer on a LAN), the proxy will be on 127.0.0.1
(sometimes referred to as localhost,
which is the special name used by every computer on the Internet to refer
- to itself) and the port will be 8118 (unless you have Privoxy
- to run on a different port with the listen-address config option).
+ to itself) and the port will be 8118 (unless you used the listen-address
+ config option to tell Privoxy to run on
+ a different port).
When configuring your browser's proxy settings you typically enter
the word localhost or the IP address 127.0.0.1
in the boxes next to HTTP and Secure (HTTPS) and
- then the number 8118 for port.
+ then the number 8118 for port.
This tells your browser to send all web requests to Privoxy
instead of directly to the Internet.
- Privoxy can also be used to proxy for
- a Local Area Network. In this case, your would enter either the IP
- address of the LAN host where Privoxy
+ Privoxy can also be used to proxy for
+ a Local Area Network. In this case, your would enter either the IP
+ address of the LAN host where Privoxy
is running, or the equivalent hostname, e.g. 192.168.1.1.
Port assignment would be same as above. Note that
Privoxy doesn't listen on any LAN interfaces by
@@ -616,8 +685,7 @@ special I have to do now?Privoxy does not currently handle
- any other protocols such as FTP, SMTP, IM, IRC, ICQ, etc. Be sure that
- proxying any of these other protocols is not activated.
+ any other protocols such as FTP, SMTP, IM, IRC, ICQ, etc.
@@ -626,17 +694,17 @@ special I have to do now?
All the ads are there. What's wrong?
- Did you configure your browser to use Privoxy
+ Did you configure your browser to use Privoxy
as a proxy? It does not sound like it. See above. You might also try flushing
- the browser's caches to force a full re-reading of pages. You can verify
- that Privoxy is running, and your browser
- is correctly configured by entering the special URL:
- http://p.p/.
+ the browser's caches to force a full re-reading of pages. You can verify
+ that Privoxy is running, and your browser
+ is correctly configured by entering the special URL:
+ http://p.p/.
This should take you to a page titled This is Privoxy.. with
access to Privoxy's internal configuration.
- If you see this, then you are good to go. If you receive a page saying
+ If you see this, then you are good to go. If you receive a page saying
Privoxy is not running, then the browser is not set up to use
your Privoxy installation.
If you receive anything else (probably nothing at all), it could either
@@ -675,16 +743,16 @@ Privoxy is running and being used.
The procedure for clearing the cache varies from browser to browser. For
- example, Mozilla/Netscape users would click
+ example, Mozilla/Netscape users would click
Edit --> Preferences -->
Advanced --> Cache and
then click both Clear Memory Cache
and Clear Disk Cache.
- And, Firefox users would click
+ In some Firefox versions it's
Tools --> Options -->
Privacy --> Cache and
then click Clear Cache Now.
-
+
@@ -699,7 +767,7 @@ Privoxy is running and being used.
&my-app; utilizes the concept of
- actions
+ actions
that are used to manipulate and control web page data.
Actions files
are where these actions
@@ -709,7 +777,7 @@ Privoxy is running and being used.
There is a wide array of actions available that give the user a high degree
of control and flexibility on how to process each and every web page.
-
+
Actions can be defined on a URL pattern basis, i.e.
@@ -725,7 +793,7 @@ Privoxy is running and being used.
-The actions concept confuses me. Please list
+The actions concept confuses me. Please list
some of these actions.
For a comprehensive discussion of the actions concept, please refer
@@ -741,7 +809,7 @@ some of these actions.How are actions files configured? What is the easiest
-way to do this?
+way to do this?
Actions files are just text files in a special syntax and can be edited
@@ -750,7 +818,10 @@ way to do this?
at http://config.privoxy.org/
(Shortcut: http://p.p/) and then select
View &
- change the current configuration from the menu.
+ change the current configuration from the menu. Note
+ that this feature must be explicitly enabled in the main config file
+ (see enable-edit-actions).
@@ -759,33 +830,17 @@ way to do this?
There are several different actions files. What are
the differences?
- Three actions files
- are being included by the developers, to be used for
- different purposes: These are
- default.action, the main actions file
- which is actively maintained by the Privoxy
- developers and typically sets the default policies, user.action, where users are encouraged
- to make their private customizations, and standard.action,
- which is for internal Privoxy use only.
- Please see the actions chapter
- in the User Manual for a more
- detailed explanation.
-
-
-
- Earlier versions included three different versions of the
- default.action file. The new scheme allows for
- greater flexibility of local configuration, and for browser based
- selection of pre-defined aggressiveness levels.
+ Please have a look at the the actions chapter
+ in the User Manual for a detailed explanation.
Where can I get updated Actions Files?
- Based on your feedback and the continuing development, updates of
- default.action will be
- made available from time to time on the default.action will be
+ made available from time to time on the files section of
our project page.
@@ -794,52 +849,39 @@ the differences?
If you wish to receive an email notification whenever we release updates of
Privoxy or the actions file, subscribe
- to our announce mailing list, ijbswa-announce@lists.sourceforge.net.
+ to our announce mailing list, ijbswa-announce@lists.sourceforge.net.
Can I use my old config files?
- The syntax and purpose of configuration files has remained the same
- throughout the 3.x series. Although each release contains updated,
- improved versions and it is recommended to use the newer
- configuration files.
- fast-redirects
- has changed. See the What's New section
- of the User Manual for details.]]>
-
-
- But all configuration files have substantially
- changed from the Junkbuster days, and early
- versions of Privoxy 2.x. The old files, like
- blocklist will not work at all.
+ The syntax and purpose of configuration files has remained roughly the
+ same throughout the 3.x series, but backwards compatibility is not guaranteed.
+ Also each release contains updated, improved versions and it is
+ therefore strongly recommended to install the newer configuration files
+ and merge back your modifications.
-
- Refer to the What's New
- page for information on configuration changes that may occur from one release to another.
- ]]>
Why is the configuration so complicated?
- Complicated is in the eye of the beholder. Those that are
+ Complicated is in the eye of the beholder. Those that are
familiar with some of the underlying concepts, such as regular expression
syntax, take to it like a fish takes to water. Also, software that tries
hard to be user friendly, often lacks sophistication and
flexibility. There is always that trade-off there between power vs.
easy-of-use. Furthermore, anyone is welcome to contribute ideas and
- implementations to enhance &my-app;.
+ implementations to enhance &my-app;.
How can I make my Yahoo/Hotmail/Gmail account work?
The default configuration shouldn't impact the usability of any of these services.
- It may, however, make all cookies
+ It may, however, make all cookies
temporary, so that your browser will forget your
login credentials in between browser sessions. If you would like not to have to log
in manually each time you access those websites, simply turn off all cookie handling
@@ -853,9 +895,9 @@ the differences?
.login.yahoo.com
- These kinds of sites are often quite complex and heavy with
- Javascript and
- thus fragile. So if still a problem,
+ These kinds of sites are often quite complex and heavy with
+ Javascript and
+ thus fragile. So if still a problem,
we have an alias just for such
sticky situations:
@@ -873,8 +915,8 @@ the differences?
Make sure the domain, host and path are appropriate as well. Your browser can
- tell you where you are specifically and you should use that information for
- your configuration settings. Note that above it is not referenced as
+ tell you where you are specifically and you should use that information for
+ your configuration settings. Note that above it is not referenced as
gmail.com, which is a valid domain name.
@@ -888,7 +930,7 @@ the differences?
profiles in the web based actions file editor at http://config.privoxy.org/show-status.
See the User
- Manual for a list of actions, and how the default
+ Manual for a list of actions, and how the default
profiles are set.
@@ -896,23 +938,23 @@ the differences?
Where the defaults are likely to break some sites, exceptions for
known popular problem sites are included, but in
general, the more aggressive your default settings are, the more exceptions
- you will have to make later. New users are best to start off in
- Cautious setting. This is safest and will have the fewest
+ you will have to make later. New users are best to start off in
+ Cautious setting. This is safest and will have the fewest
problems. See the User Manual
for a more detailed discussion.
- It should be noted that the Advanced profile (formerly known
+ It should be noted that the Advanced profile (formerly known
as the Adventuresome profile) is more
- aggressive, and will make use of some of
+ aggressive, and will make use of some of
Privoxy's advanced features. Use at your own risk!
-Why can I change the configuration
+Why can I change the configuration
with a browser? Does that not raise security issues?
It may seem strange that regular users can edit the config files with their
@@ -923,21 +965,20 @@ with a browser? Does that not raise security issues?
When you use the browser-based editor, Privoxy
itself is writing to the config files. Because
Privoxy is running as the user privoxy,
- it can update the config files.
+ it can update its own config files.
If you run Privoxy for multiple untrusted users (e.g. in
- a LAN), you will probably want to turn the web-based editor and remote toggle
- features off by setting off by setting enable-edit-actions
0 and enable-remote-toggle
0 in the main configuration file.
- Note that in the default configuration, only local users (i.e. those on
- localhost) can connect to Privoxy,
- so this is not (normally) a security problem.
+ As of &my-app; 3.0.7 these options are disabled by default.
@@ -946,46 +987,66 @@ with a browser? Does that not raise security issues?
What is the default.filter file? What is a filter?
The default.filter
- file is where filters as supplied by the developers are defined.
+ file is where filters as supplied by the developers are defined.
Filters are a special subset of actions that can be used to modify or
- remove, web page content on the fly. Filters apply to anything
- in the page source (and optionally both client and server headers), including
- HTML tags, and JavaScript. Regular expressions are used to accomplish this.
+ remove web page content or headers on the fly. Content filters can
+ be applied to anything in the page source,
+ header filters can be applied to either server or client headers.
+ Regular expressions are used to accomplish this.
+
+
There are a number of pre-defined filters to deal with common annoyances. The
filters are only defined here, to invoke them, you need to use the
filter
- action in one of the actions files. Filtering is automatically
- disabled for inappropriate MIME types.
+ action in one of the actions files. Content filtering is automatically
+ disabled for inappropriate MIME types, but if you know better than Privoxy
+ what should or should not be filtered you can filter any content you like.
+
+
+ Filters should
+ not be confused with blocks, which
+ is a completely different action, and is more typically used to block ads and
+ unwanted sites.
- If you are familiar with regular expressions, and HTML, you can look at
+ If you are familiar with regular expressions, and HTML, you can look at
the provided default.filter with a text editor and define
your own filters. This is potentially a very powerful feature, but
- requires some expertise in both regular expressions and HTML/HTTP.
- user.filter, so they won't
- be overwritten during upgrades.
- The ability to define multiple filter files
+ requires some expertise in both regular expressions and HTML/HTTP.
+ user.filter, so they won't
+ be overwritten during upgrades.
+ The ability to define multiple filter files
in config is a new feature as of v. 3.0.5.]]>
- There is no GUI editor option for this part of the configuration,
- but you can disable/enable the various pre-defined filters of the included
+ There is no GUI editor option for this part of the configuration,
+ but you can disable/enable the various pre-defined filters of the included
default.filter file with the web-based actions file editor.
+ Note that the custom actions editor must be explicitly enabled in
+ the main config file (see enable-edit-actions).
+
+
+
+ If you intend to develop your own filters, you might want to have a look at
+ Privoxy-Filter-Test.
-How can I set up Privoxy to act as a proxy for my
+How can I set up Privoxy to act as a proxy for my
LAN?
- By default, Privoxy only responds to requests
+ By default, Privoxy only responds to requests
from 127.0.0.1 (localhost). To have it act as a server for
a network, this needs to be changed in the main configuration file. Look for
@@ -1004,12 +1065,12 @@ with a browser? Does that not raise security issues?
- Save the file, and restart Privoxy. Configure
+ Save the file, and restart Privoxy. Configure
all browsers on the network then to use this address and port number.
- Alternately, you can have Privoxy listen on
+ Alternately, you can have Privoxy listen on
all available interfaces:
@@ -1019,10 +1080,10 @@ with a browser? Does that not raise security issues?
- And then use Privoxy's
+ And then use Privoxy'spermit-access
- feature to limit connections. A firewall in this situation is recommended
+ url="../user-manual/config.html#PERMIT-ACCESS">permit-access
+ feature to limit connections. A firewall in this situation is recommended
as well.
@@ -1057,7 +1118,7 @@ with a browser? Does that not raise security issues?
If you want to see nothing, then change the set-image-blocker
- action to blank. This can be done by editing the
+ action to blank. This can be done by editing the
user.action file, or through the web-based actions file editor.
@@ -1072,7 +1133,7 @@ with a browser? Does that not raise security issues?
is rather smart, it will make occasional mistakes. The checkerboard image is visually
decent, and it shows you where images have been blocked, which can be very
helpful in case some navigation aid or otherwise innocent image was
- erroneously blocked. It is recommended for new users so they can
+ erroneously blocked. It is recommended for new users so they can
see what is happening. Some people might also enjoy seeing how
many banners they don't have to see.
@@ -1080,7 +1141,7 @@ with a browser? Does that not raise security issues?
-I see some images being replaced by a text
+I see some images being replaced with text
instead of the checkerboard image. Why and how do I get rid of this?
This happens when the banners are not embedded in the HTML code of the
@@ -1088,7 +1149,7 @@ instead of the checkerboard image. Why and how do I get rid of this?
or (i)layers, and these external HTML documents are blocked. Being non-images
they get replaced by a substitute HTML page rather than a substitute image,
which wouldn't work out technically, since the browser expects and accepts
- only HTML when it has requested an HTML document.
+ only HTML when it has requested an HTML document.
The substitute page adapts to the available space and shows itself as a
@@ -1107,15 +1168,15 @@ instead of the checkerboard image. Why and how do I get rid of this?
-Can Privoxy run as a service
+Can Privoxy run as a service
on Win2K/NT/XP?
Windows service
functionality. See
- the User Manual for details on how to install and configure
+ the User Manual for details on how to install and configure
Privoxy as a service.
-
+
Earlier ]]>3.x versions could run as a system service using srvany.exe.
See the discussion at
-How can I make Privoxy work with other
-proxies like Squid or Tor?
+How can I make Privoxy work with other proxies?
This can be done and is often useful to combine the benefits of
- Privoxy with those of a another proxy.
+ Privoxy with those of a another proxy,
+ for example to cache content.
See the forwarding chapter
in the User Manual which
- describes how to do this, and the
- How do I use Privoxy together with
- Tor section below.
+ describes how to do this. If you intend to use Privoxy with Tor,
+ please also have a look at
+ How do I use Privoxy together with Tor.
@@ -1145,8 +1206,9 @@ proxies like Squid or Tor?
and thus avoid individual browser configuration?
- No, its more complicated than that. This only works with special kinds
- of proxies known as transparent proxies (see below).
+ No, its more complicated than that. This only works with special kinds
+ of proxies known as intercepting proxies
+ (see below).
@@ -1155,32 +1217,57 @@ and thus avoid individual browser configuration?
Can Privoxy run as a transparent
proxy?
- No, Privoxy currently does not have this ability,
- though it may be added in a future release. Transparent proxies require
- special handling of the request headers beyond what
- Privoxy is now capable of.
+ The whole idea of Privoxy is to modify client requests
+ and server responses in all sorts of ways and therefore
+ it's not a transparent proxy as described in
+ RFC 2616.
+
+ However, some people say transparent proxy when they
+ mean intercepting proxy. If you are one of them,
+ please read the next entry.
+
+
+
+
+Can Privoxy run as a intercepting proxy?
- Chaining Privoxy behind another proxy that has
- this ability should work though.
- See the forwarding chapter
- in the User Manual. As
- a transparent proxy to be used for chaining we suggest Transproxy
- (http://transproxy.sourceforge.net/).
+ Privoxy can't intercept traffic itself,
+ but it can handle requests that where intercepted and redirected
+ with a packet filter (like PF or
+ iptables), as long as the Host
+ header is present.
+
+
+ As the Host header is required by HTTP/1.1 and as most
+ web sites rely on it anyway, this limitation shouldn't be a problem.
+
+
+ Please refer to your packet filter's documentation to learn how to
+ intercept and redirect traffic into Privoxy.
+ Afterward you just have to configure Privoxy to
+ accept
+ intercepted requests.
-How can I configure Privoxy for use with Outlook
- Express?
+How can I configure Privoxy for use with Outlook?
- Outlook Express uses Internet Explorer
- components to both render HTML, and fetch any HTTP requests that may be embedded in an HTML email.
- So however you have Privoxy configured to work
- with IE, this configuration should automatically be shared.
+ Versions of Outlook prior to Office 2007, use
+ Internet Explorer components to both render HTML,
+ and fetch any HTTP requests that may be embedded in an HTML email. So however
+ you have Privoxy configured to work with IE, this
+ configuration should automatically be shared, at least with older version of
+ Internet Explorer.
+
+
+ Starting with Office 2007, Microsoft is instead using the MS-Word rendering
+ engine with Outlook. It is unknown whether this can be configured to use a
+ proxy.
+
@@ -1191,14 +1278,14 @@ and thus avoid individual browser configuration?
of knowing which particular application makes a request, so there is no way to
distinguish between web pages and HTML mail.
Privoxy just blindly proxies all requests. In the
- case of Outlook Express (see above), OE uses
- IE anyway, and there is no way for Privoxy to ever
+ case of Outlook Express (see above), OE uses
+ IE anyway, and there is no way for Privoxy to ever
be able to distinguish between them (nor could any other proxy type application for
that matter).
- For a good discussion of some of the issues involved (including privacy and
- security issues), see
+ For a good discussion of some of the issues involved (including privacy and
+ security issues), see
http://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118.
@@ -1207,12 +1294,12 @@ and thus avoid individual browser configuration?
I sometimes notice cookies sneaking through. How?Cookies can be
- set in several ways. The classic method is via the
+ url="http://en.wikipedia.org/wiki/Browser_cookie">Cookies can be
+ set in several ways. The classic method is via the
Set-Cookie HTTP header. This is straightforward, and an
- easy one to manipulate, such as the &my-app; concept of
+ easy one to manipulate, such as the &my-app; concept of
session-cookies-only.
- There is also the possibility of using
+ There is also the possibility of using
Javascript to
set cookies (&my-app; calls these content-cookies). This
is trickier because the syntax can vary widely, and thus requires a certain
@@ -1231,20 +1318,20 @@ and thus avoid individual browser configuration?
Are all cookies bad? Why?
- No, in fact there are many beneficial uses of
+ No, in fact there are many beneficial uses of
cookies. Cookies are just a
method that browsers can use to store data between pages, or between browser
sessions. Sometimes there is a good reason for this, and the user's life is a
bit easier as a result. But there is a long history of some websites taking
- advantage of this layer of trust, and using the data they glean from you and
+ advantage of this layer of trust, and using the data they glean from you and
your browsing habits for their own purposes, and maybe to your potential
detriment. Such sites are using you and storing their data on your system.
- That is why the security conscious watch from whom those cookies come, and why
+ That is why the privacy conscious watch from whom those cookies come, and why
they really need to be there.
- See the
+ See the
Wikipedia cookie
definition for more.
@@ -1254,14 +1341,14 @@ and thus avoid individual browser configuration?
How can I allow permanent cookies for my trusted sites?
- There are several actions that relate to cookies. The default behavior is to
+ There are several actions that relate to cookies. The default behavior is to
allow only session cookies, which means the cookies only last
- for the current browser session. This eliminates most kinds of abuse related
- to cookies. But there may be cases where we want cookies to last.
+ for the current browser session. This eliminates most kinds of abuse related
+ to cookies. But there may be cases where you want cookies to last.
To disable all cookie actions, so that cookies are allowed unrestricted,
- both in and out, for example.com:
+ both in and out, for example.com:
@@ -1269,7 +1356,7 @@ and thus avoid individual browser configuration?
.example.com
- Place the above in user.action. Note some of these may
+ Place the above in user.action. Note that some of these may
be off by default anyway, so this might be redundant, but there is no harm
being explicit in what you want to happen. user.action
includes an alias for this situation, called
@@ -1282,14 +1369,14 @@ and thus avoid individual browser configuration?
Each instance of Privoxy has its own
configuration, including such attributes as the TCP port that it listens on.
- What you can do is run multiple instances of Privoxy, each with
- a unique
+ What you can do is run multiple instances of Privoxy, each with
+ a unique
listen-address
configuration setting, and configuration path, and then
each of these can have their own configurations. Think of it as per-port
configuration.
-
+
Simple enough for a few users, but for large installations, consider having
groups of users that might share like configurations.
@@ -1308,7 +1395,7 @@ and thus avoid individual browser configuration?
############################################################
{ +block }
/ # Block *all* URLs
-
+
############################################################
# Whitelist
############################################################
@@ -1317,36 +1404,36 @@ and thus avoid individual browser configuration?
toys.example.com
games.example.com
- This allows access to only those three sites by first blocking all URLs, and
+ This allows access to only those three sites by first blocking all URLs, and
then subsequently allowing three specific exceptions.
- A more interesting approach is Privoxy's
- trustfile concept, which incorporates the notion of
+ Another approach is Privoxy's
+ trustfile concept, which incorporates the notion of
trusted referrers. See the User Manual Trust
- documentation.
+ url="../user-manual/config.html#TRUSTFILE">Trust documentation
+ for details.
These are fairly simple approaches and are not completely foolproof. There
are various other configuration options that should be disabled (described
elsewhere here and in the User Manual)
so that users can't modify their own configuration and easily circumvent the
- whitelist.
+ whitelist.
How can I turn off ad-blocking?
- Ad blocking is achieved through a complex application of various &my-app;
- actions. These
- actions are deployed against simple images, banners, flash animations,
+ Ad blocking is achieved through a complex application of various &my-app;
+ actions. These
+ actions are deployed against simple images, banners, flash animations,
text pages, JavaScript, pop-ups and pop-unders, etc., so its not as simple as
just turning one or two actions off. The various actions that make up
&my-app; ad blocking are hard-coded into the default configuration files. It
has been assumed that everyone using &my-app; is interested in this
- particular feature.
+ particular feature.
If you want to do without this, there are several approaches you can take:
@@ -1356,7 +1443,7 @@ and thus avoid individual browser configuration?
blocking rules, and corresponding exceptions. Or lastly, if you are not
concerned about the additional blocks that are done for privacy reasons, you
can very easily over-ride all blocking with the
- following very simple rule in your user.action:
+ following very simple rule in your user.action:
@@ -1364,7 +1451,7 @@ and thus avoid individual browser configuration?
{ -block }
/ # UN-Block *all* URLs
-
+
Or even a more comprehensive reversing of various ad related actions:
@@ -1386,28 +1473,35 @@ and thus avoid individual browser configuration?
-How can I have custom template pages, like the
+How can I have custom template pages, like the
BLOCKED page?
&my-app; templates are specialized text files utilized by
&my-app; for various purposes and can easily be modified using any text
editor. All the template pages are installed in a sub-directory appropriately
named: templates. Knowing something about HTML syntax
- will of course be helpful. You cannot rename any of these files, or create
- completely new templates, that is not possible. But you can change the page
- content to whatever you like. Be forewarned that these files are subject to
- being overwritten during upgrades, so be sure to save any customizations.
+ will of course be helpful.
+
+
+ Be forewarned that the default templates are subject to being overwritten
+ during upgrades. You can, however, create completely new templates,
+ place them in another directory and specify the alternate path in the main
+ config. For details, have a look at the templdir option.
-How can I remove the Go There Anyway link from
+How can I remove the Go There Anyway link from
the BLOCKED page?
+
+ There is more than one way to do it (although Perl is not involved).
+
Editing the BLOCKED template page (see above) may dissuade some users, but
this method is easily circumvented. Where you need this level of control, you
- should build &my-app; from source, and enable various features that are
- available as compile-time options. You should
+ might want to build &my-app; from source, and disable various features that are
+ available as compile-time options. You should
configure the sources as follows:
@@ -1417,17 +1511,13 @@ the BLOCKED page?
This will create an executable with hard-coded security features so that
&my-app; does not allow easy bypassing of blocked sites, or changing the
- current configuration via any connected user's web browser. Some of these
- features can also be toggled on/off via options in
- Privoxy's main
- config file. But
- compiled-in compliance is a much better method of ensuring that a block is
- really a block.
+ current configuration via any connected user's web browser.
- Default builds of &my-app; are typically built with these features
- disabled.
+ Finally, all of these features can also be toggled on/off via options in
+ Privoxy's main config file which
+ means you don't have to recompile anything.
@@ -1441,21 +1531,21 @@ the BLOCKED page?
Miscellaneous
-How much does Privoxy slow my browsing down? This
+How much does Privoxy slow my browsing down? This
has to add extra time to browsing.
How much of an impact depends on many things, including the CPU of the host
- system, how aggressive the configuration is, which specific actions are being triggered,
+ system, how aggressive the configuration is, which specific actions are being triggered,
the size of the page, the bandwidth of the connection, etc.
- Overall, it should not slow you down any in real terms, and may actually help
+ Overall, it should not slow you down any in real terms, and may actually help
speed things up since ads, banners and other junk are not typically being
retrieved and displayed. The actual processing time required by
Privoxy itself for each page, is relatively small
in the overall scheme of things, and happens very quickly. This is typically
- more than offset by time saved not downloading and rendering ad images (if ad
- blocking is being used).
+ more than offset by time saved not downloading and rendering ad images and
+ other junk content (if ad blocking is being used).
@@ -1463,31 +1553,31 @@ has to add extra time to browsing.
url="../user-manual/actions-file.html#FILTER">filter or
deanimate-gifs
- actions will certainly cause a perceived slowdown, since the entire document
- needs to be buffered before displaying. And on very large documents, filtering may have
- some measurable impact. How much depends on the page size, the actual
- definition of the filter(s), etc. See below. Most other actions have little
- to no impact on speed.
-
-
- Also, when filtering is enabled, typically there is a disabling of
- compression, (see
+
+ Also, when filtering is enabled but zlib support isn't available, compression
+ is often disabled (see prevent-compression).
- This can have an impact on speed as well. Again, the page size, etc. will
- determine how much of an impact.
+ This can have an impact on speed as well, although it's probably smaller than
+ you might think. Again, the page size, etc. will determine how much of an impact.
I notice considerable
-delays in page requests compared to the old Junkbuster. What's wrong?
+delays in page requests. What's wrong?
If you use any filter action,
such as filtering banners by size, web-bugs etc, or the deanimate-gifs
- action, the entire document must be loaded into memory in order for the filtering
+ action, the entire document must be loaded into memory in order for the filtering
mechanism to work, and nothing is sent to the browser during this time.
@@ -1501,13 +1591,12 @@ delays in page requests compared to the old Junkbuster. What's wrong?
anti-virus software).
- Filtering is automatically disabled for inappropriate MIME types. But note
+ Filtering is automatically disabled for inappropriate MIME types. But note
that if the web server mis-reports the MIME type, then content that should
not be filtered, could be. Privoxy only knows how
to differentiate filterable content because of the MIME type as reported by
the server, or because of some configuration setting that enables/disables
filtering.
-
@@ -1515,11 +1604,11 @@ delays in page requests compared to the old Junkbuster. What's wrong?
"http://p.p/"?
http://config.privoxy.org/ is the
- address of Privoxy's built-in user interface, and
+ address of Privoxy's built-in user interface, and
http://p.p/ is a shortcut for it.
- Since Privoxy sits between your web browser and the Internet,
+ Since Privoxy sits between your web browser and the Internet,
it can simply intercept requests for these addresses and answer them with its built-in
web server.
@@ -1532,19 +1621,7 @@ delays in page requests compared to the old Junkbuster. What's wrong?
hence it could not be intercepted, and you have accessed the real
web site at config.privoxy.org.
-
- With recent versions of Privoxy (version 2.9.x and
- later), the user interface features information on the run time status, the
- configuration, and even a built-in editor for the actions files.
-
-
- Note that the built-in URLs from earlier versions of Junkbuster
- / Privoxy, http://example.com/show-proxy-args and http://i.j.b/,
- are no longer supported. If you still use such an old version, you should really consider
- upgrading to &p-version;.
-Can Privoxy guarantee I am anonymous?
- No. Your chances of remaining anonymous are greatly improved, but unless you
+ No. Your chances of remaining anonymous are improved, but unless you
chain Privoxy with Tor
- or a similar system and know what you're doing when it comes to configuring
- the rest of your system, it would be safest to assume that everything you do
+ or a similar proxy and know what you're doing when it comes to configuring
+ the rest of your system, you should assume that everything you do
on the Web can be traced back to you.
Privoxy can remove various information about you,
- and allows you more freedom to decide which sites
- you can trust, and what details you want to reveal. But it neither
+ and allows you more freedom to decide which sites
+ you can trust, and what details you want to reveal. But it neither
hides your IP address, nor can it guarantee that the rest of the system
behaves correctly. There are several possibilities how a web sites can find
out who you are, even if you are using a strict Privoxy
configuration and chained it with Tor.
- Most of Privoxy's protection can be easily subverted
+ Most of Privoxy's privacy-enhancing features can be easily subverted
by an insecure browser configuration, therefore you should use a browser that can
be configured to only execute code from trusted sites, and be careful which sites you trust.
For example there is no point in having Privoxy
@@ -1691,15 +1759,15 @@ us help you. Your efforts are not wasted, and we do appreciate them.
How do I use Privoxy
together with Tor?
- Before you configure Privoxy to use Tor
- (http://tor.eff.org/),
+ Before you configure Privoxy to use
+ Tor,
please follow the User Manual chapters
2. Installation and
5. Startup to make sure
Privoxy itself is setup correctly.
-
- If it is, refer to Tor's
+
+ If it is, refer to Tor's
extensive documentation to learn how to install Tor,
and make sure Tor's logfile says that
Tor has successfully opened a circuit and it
@@ -1717,13 +1785,13 @@ us help you. Your efforts are not wasted, and we do appreciate them.
If you verified that Privoxy and Tor
are working, it is time to connect them. As far as Privoxy
is concerned, Tor is just another proxy that can be reached
- by socks4 or socks4a. Most likely you are interested in Tor
- to increase your anonymity level, therefore you should use socks4a,
- to make sure Privoxy's DNS requests are
- done through Tor and thus invisible to your local network.
+ by socks4, socks4a and socks5. Most likely you are interested in Tor
+ to increase your anonymity level, therefore you should use socks5, to make sure DNS
+ requests are done through Tor and thus invisible to your
+ local network. Using socks4a would work too, but with socks5 you get more precise error
+ messages.
-
Since Privoxy 3.0.5, its
main configuration file
@@ -1735,11 +1803,11 @@ us help you. Your efforts are not wasted, and we do appreciate them.
-# forward-socks4a / 127.0.0.1:9050 .
+# forward-socks5 / 127.0.0.1:9050 .
- This is enough to reach the Internet, but additionally you should
+ This is enough to reach the Internet, but additionally you might want to
uncomment the following forward rules, to make sure your local network is still
reachable through Privoxy:
@@ -1753,10 +1821,15 @@ us help you. Your efforts are not wasted, and we do appreciate them.
Unencrypted connections to systems in these address ranges will
be as (un)secure as the local network is, but the alternative is
- that you can't reach the network at all.
- If you also want to be able to reach servers in your local
- network by using their names, you will need additional
- exceptions that look like this:
+ that your browser can't reach the network at all. Then again,
+ that may actually be desired and if you don't know for sure
+ that your browser has to be able to reach the local network,
+ there's no reason to allow it.
+
+
+ If you want your browser to be able to reach servers in your local
+ network by using their names, you will need additional exceptions
+ that look like this:
@@ -1765,19 +1838,20 @@ us help you. Your efforts are not wasted, and we do appreciate them.
Save the modified configuration file and open
- http://config.privoxy.org/show-status/
+ http://config.privoxy.org/show-status
in your browser, confirm that Privoxy has reloaded its configuration
and that there are no other forward lines, unless you know that you need them. If everything looks good,
refer to
- Tor
+ Tor
Faq 4.2 to learn how to verify that you are really using Tor.
Afterward, please take the time to at least skim through the rest
of Tor's documentation. Make sure you understand
what Tor does, why it is no replacement for
- application level security, and why you shouldn't use it for unencrypted logins.
- ]]>
+ application level security, and why you probably don't want to
+ use it for unencrypted logins.
+
@@ -1785,7 +1859,7 @@ us help you. Your efforts are not wasted, and we do appreciate them.
content is being altered?
- Definitely. It is common for sites to use browser type, browser version,
+ Definitely. It is common for sites to use browser type, browser version,
HTTP header content, and various other techniques in order to dynamically
decide what to display and how to display it. What you see, and what I see,
might be very different. There are many, many ways that this can be handled,
@@ -1793,15 +1867,12 @@ content is being altered?
- User-Agent is often used in this way to identify
- the browser, and adjust content accordingly. Changing this now (at least not
- further than removing the OS information) is not recommended, since so many
- sites do look for it. You may get undesirable results by changing just this
- one aspect.
+ The User-Agent is sometimes used in this way to identify
+ the browser, and adjust content accordingly.
- Also, different browsers use different encodings of Russian and Czech
+ Also, different browsers use different encodings of non-English
characters, certain web servers convert pages on-the-fly according to the
User Agent header. Giving a User Agent with the wrong
operating system or browser manufacturer causes some sites in these languages
@@ -1811,11 +1882,11 @@ content is being altered?
weather maps of Intellicast have been blocked by their server when no
Referer or cookie is provided, is another example. (But you
can forge both headers without giving information away). There are
- many other ways things that can go wrong when trying to fool a web server. The
+ many other ways things can go wrong when trying to fool a web server. The
results of which could inadvertently cause pages to load incorrectly,
partially, or even not at all. And there may be no obvious clues as to just
- what went wrong, or why. Nowhere will there be a message that says
- Turn off fast-redirects or else!
+ what went wrong, or why. Nowhere will there be a message that says
+ Turn off fast-redirects or else!
@@ -1825,8 +1896,8 @@ content is being altered?
- If you have problems with a site, you will have to adjust your configuration
- accordingly. Cookies are probably the most likely adjustment that may
+ If you have problems with a site, you will have to adjust your configuration
+ accordingly. Cookies are probably the most likely adjustment that may
be required, but by no means the only one.
@@ -1834,12 +1905,13 @@ content is being altered?
-Can Privoxy act as a caching proxy to
+Can Privoxy act as a caching proxy to
speed up web browsing?
- No, it does not have this ability at all. You want something like
- Squid for this. And, yes,
- before you ask, Privoxy can co-exist
+ No, it does not have this ability at all. You want something like
+ Squid or
+ Polipo for this.
+ And, yes, before you ask, Privoxy can co-exist
with other kinds of proxies like Squid.
See the forwarding
chapter in the user
@@ -1850,10 +1922,10 @@ speed up web browsing?What about as a firewall? Can Privoxy protect me?
- Not in the way you mean, or in the way a true firewall can.
- Privoxy can help protect your privacy, but not
- protect you from intrusion attempts. It is, of course, perfectly possible
- and recommended to use both.
+ Not in the way you mean, or in the way some firewall vendors claim they can.
+ Privoxy can help protect your privacy, but can't
+ protect your system from intrusion attempts. It is, of course, perfectly possible
+ to use both.
@@ -1862,10 +1934,10 @@ speed up web browsing?
ads used to be. Why?
It is technically possible to eliminate banners and ads in a way that frees
- their allocated page space. This could easily be done by blocking with
+ their allocated page space. This could easily be done by blocking with
Privoxy's filters,
and eliminating the entire image references from the
- HTML page source.
+ HTML page source.
But, this would consume considerably more CPU resources (IOW, slow things
@@ -1904,35 +1976,35 @@ ads used to be. Why?
As far as ad blocking is concerned, this is less of a restriction than it may
seem, since ad sources are often identifiable by the host name, and often
the banners to be placed in an encrypted page come unencrypted nonetheless
- for efficiency reasons, which exposes them to the full power of
+ for efficiency reasons, which exposes them to the full power of
Privoxy's ad blocking.
Content cookies (those that are embedded in the actual HTML or
JS page content, see filter{content-cookies}),
- in an SSL transaction will be impossible to block under these conditions.
- Fortunately, this does not seem to be a very common scenario since most
+ url="../user-manual/actions-file.html#FILTER-CONTENT-COOKIES">filter{content-cookies}),
+ in an SSL transaction will be impossible to block under these conditions.
+ Fortunately, this does not seem to be a very common scenario since most
cookies come by traditional means.
-Privoxy runs as a server. How
+Privoxy runs as a server. How
secure is it? Do I need to take any special precautions?
- There are no known exploits that might affect
- Privoxy. On Unix-like systems,
- Privoxy can run as a non-privileged
- user, which is how we recommend it be run. Also, by default
- Privoxy only listens to requests
- from localhost only. The server aspect of
- Privoxy is not itself directly exposed to the
- Internet in this configuration. If you want to have
+ On Unix-like systems, Privoxy can run as a non-privileged
+ user, which is how we recommend it be run. Also, by default
+ Privoxy listens to requests from localhost
+ only.
+
+
+ The server aspect of Privoxy is not itself directly
+ exposed to the Internet in this configuration. If you want to have
Privoxy serve as a LAN proxy, this will have to
be opened up to allow for LAN requests. In this case, we'd recommend
- you specify only the LAN gateway address, e.g. 192.168.1.1, in the main
+ you specify only the LAN gateway address, e.g. 192.168.1.1, in the main
Privoxy configuration file and check all access control and security
options. All LAN hosts can then use this as their proxy address
@@ -1944,27 +2016,34 @@ secure is it? Do I need to take any special precautions?
-How can I temporarily disable Privoxy?
+Can I temporarily disable Privoxy?
- The easiest way is to access Privoxy with your
- browser by using the remote toggle URL:
+
+ The easiest way to do that is to point your browser
+ to the remote toggle URL: http://config.privoxy.org/toggle.
- See the Bookmarklets section
- of the User Manual for an easy way to access this
- feature.
+
+
+ See the Bookmarklets section
+ of the User Manual for an easy way to access this
+ feature. Note that this is a feature that may need to be enabled in the main
+ config file.
-When disabled is Privoxy totally
+When disabled is Privoxy totally
out of the picture?
- No, this just means all filtering and actions are disabled.
- Privoxy is still acting as a proxy, but just not
- doing any of the things that Privoxy would
- normally be expected to do. It is still a middle-man in
- the interaction between your browser and web sites. See below to bypass
+ No, this just means all optional filtering and actions are disabled.
+ Privoxy is still acting as a proxy, but just
+ doing less of the things that Privoxy would
+ normally be expected to do. It is still a middle-man in
+ the interaction between your browser and web sites. See below to bypass
the proxy.
@@ -1980,10 +2059,10 @@ out of the picture?
-My logs show Privoxy crunches
+My logs show Privoxy crunches
ads, but also its own internal CGI pages. What is a crunch?
- A crunch simply means Privoxy intercepted
+ A crunch simply means Privoxy intercepted
something, nothing more. Often this is indeed ads or
banners, but Privoxy uses the same mechanism for
trapping requests for its own internal pages. For instance, a request for
@@ -1993,6 +2072,10 @@ ads, but also its own internal CGI pages. What is a crunch?crunch.
+
+ Since version 3.0.7, Privoxy will also log the crunch reason.
+ If you are using an older version you might want to upgrade.
+
@@ -2003,7 +2086,7 @@ from a webserver? FTP server?
viewing a document (i.e. a page), and downloading a file. The same is true of
Privoxy. If there is a match for a block pattern,
- it will still be blocked, and of course this is obvious.
+ it will still be blocked, and of course this is obvious.
Filtering is potentially more of a concern since the results are not always
@@ -2018,7 +2101,7 @@ from a webserver? FTP server?
Privoxy knows the differences in files according
- to the Document Type as reported by the webserver. If this is
+ to the Content Type as reported by the webserver. If this is
reported accurately (e.g. application/zip for a zip archive),
then Privoxy knows to ignore these where
appropriate. Privoxy potentially can filter HTML
@@ -2030,16 +2113,16 @@ from a webserver? FTP server?
altered by filtering, will be saved too, for these (probably rare) cases.
- Note that versions later than 3.0.2 do NOT filter document types reported as
+ Note that versions later than 3.0.2 do NOT filter document types reported as
text/plain. Prior to this, Privoxy
did filter this document type.
- In short, filtering is ON if a) the Document Type as reported
+ In short, filtering is ON if a) the content type as reported
by the webserver is appropriate and b) the configuration
allows it (or at least does not disallow it). That's it. There is no magic
cookie anywhere to say this is good and this is
- bad. It's the configuration that let's it all happen or not.
+ bad. It's the configuration that lets it all happen or not.
If you download text files, you probably do not want these to be filtered,
@@ -2052,8 +2135,8 @@ from a webserver? FTP server?
all to the content is to be avoided.
- Privoxy does not do FTP at all, only HTTP
- and HTTPS (SSL) protocols, so please don't try.
+ Privoxy does not do FTP at all, only HTTP
+ and HTTPS (SSL) protocols.
@@ -2069,18 +2152,18 @@ altered it! Yikes, what is wrong!
Should I continue to use a HOSTS file for ad-blocking?
One time-tested technique to defeat common ads is to trick the local DNS
- system by giving a phony IP address for the ad generator in the local
- HOSTS file, typically using 127.0.0.1, aka
+ system by giving a phony IP address for the ad generator in the local
+ HOSTS file, typically using 127.0.0.1, aka
localhost. This effectively blocks the ad.
- There is no reason to use this technique in conjunction with
+ There is no reason to use this technique in conjunction with
Privoxy. Privoxy
- does essentially the same thing, much more elegantly and with much more
+ does essentially the same thing, much more elegantly and with much more
flexibility. A large HOSTS file, in fact, not only
- duplicates effort, but may get in the way. It is recommended to remove
- such entries from your HOSTS file. If you think
- your hosts list is neglected by Privoxy's
+ duplicates effort, but may get in the way and seriously slow down your system.
+ It is recommended to remove such entries from your HOSTS file. If you think
+ your hosts list is neglected by Privoxy's
configuration, consider adding your list to your user.action file:
@@ -2102,15 +2185,15 @@ and related issues?
-I've noticed that Privoxy changes Microsoft to
+I've noticed that Privoxy changes Microsoft to
MicroSuck! Why are you manipulating my browsing?
@@ -2119,8 +2202,8 @@ and related issues?
activated the fun filter which
is clearly labeled Text replacements for subversive browsing
fun! or you are using an older Privoxy version and have implicitly
- activated it by choosing the Adventuresome profile in the
- web-based editor. Please upgrade!
+ activated it by choosing the Advanced profile in the
+ web-based editor. Please upgrade.
@@ -2131,7 +2214,43 @@ and related issues?
Privoxy generates HTML in both its own templates, and possibly
whenever there are text substitutions via a &my-app; filter. While this
should always conform to the HTML 4.01 specifications, it has not been
- validated against this or any other standard.
+ validated against this or any other standard.
+
+
+
+
+How did you manage to get Privoxy on my computer without my consent?
+
+
+ We didn't. We make Privoxy available for download, but we don't go
+ around installing it on other people's systems behind their back.
+ If you discover Privoxy running on your system and are sure you didn't
+ install it yourself, somebody else did. You may not even be running
+ the real Privoxy, but maybe something else that only pretends to be
+ Privoxy, or maybe something that is based on the real Privoxy,
+ but has been modified.
+
+
+ Lately there have been reports of problems with some kind of
+ Privoxy versions that come preinstalled on some Netbooks.
+ Some of the problems described are inconsistent with the behaviour
+ of official Privoxy versions, which suggests that the preinstalled
+ software may contain vendor modifications that we don't know about
+ and thus can't debug.
+
+
+ Privoxy's license allows vendor
+ modifications, but the vendor has to comply with the license,
+ which involves informing the user about the changes and to make
+ the changes available under the same license as Privoxy itself.
+
+
+ If you are having trouble with a modified Privoxy version,
+ please try to talk to whoever made the modifications before
+ reporting the problem to us. Please also try to convince
+ whoever made the modifications to talk to us. If you think
+ somebody gave you a modified Privoxy version without complying
+ to the license, please let us know.
@@ -2153,9 +2272,9 @@ and related issues?
-Privoxy is not running. Solution: verify
+Privoxy is not running. Solution: verify
that &my-app; is installed correctly, has not crashed, and is indeed running.
- Look at Privoxy's logs to see what they say.
+ Turn on Privoxy's logging, and look at the logs to see what they say.
Or your browser is configured for a different port than what
Privoxy is using. Solution: verify that &my-app;
@@ -2166,7 +2285,7 @@ and related issues?
configuration and take the forwarders out of the equation.
- Or you have a firewall that is interfering and blocking you. Solution:
+ Or you have a firewall that is interfering and blocking you. Solution:
try disabling or removing the firewall as a simple test.
@@ -2187,7 +2306,7 @@ and related issues?
-I just added a new rule, but the steenkin ad is
+I just added a new rule, but the steenkin ad is
still getting through. How?
If the ad had been displayed before you added its URL, it will probably be
@@ -2201,15 +2320,16 @@ still getting through. How?
applied. Try pasting the full URL of the offending ad into http://config.privoxy.org/show-url-info
and see if it really matches your new rule. Blocking ads is like blocking
- spam: a lot of tinkering is required to stay ahead of the game. And
- remember you need to block the URL of the ad in question, which may be
+ spam: a lot of tinkering is required to stay ahead of the game. And
+ remember you need to block the URL of the ad in question, which may be
entirely different from the site URL itself. Most ads are hosted on different
servers than the main site itself. If you right-click on the ad, you should
- be able to get all the relevant information you need. Alternately, you can
- find the correct URL by looking at Privoxy's logs.
+ be able to get all the relevant information you need. Alternately, you can
+ find the correct URL by looking at Privoxy's logs
+ (you may need to enable logging in the main config file if its disabled).
- Below is a slightly modified real-life log snippet that originates with one
+ Below is a slightly modified real-life log snippet that originates with one
requested URL: www.example.com (name of site was changed
for this example, the number of requests is real). You can see in this the
complexity of what goes into making up this one page. There
@@ -2219,8 +2339,8 @@ still getting through. How?
content is obviously good or bad, but not all.
Many of the more questionable looking requests, are going to outside domains
that seem to be identifying themselves with suspicious looking names, making
- our job a little easier. &my-app; has crunched (meaning caught
- and BLOCKED) quite a few items in this example, but perhaps missed a few as well.
+ our job a little easier. &my-app; has crunched (meaning caught
+ and BLOCKED) quite a few items in this example, but perhaps missed a few as well.
@@ -2232,31 +2352,31 @@ Request: img.example.com/sr.js
Request: example.betamarker.com/example.html
Request: www.lik-sang.com/Banners/bestsellers/skyscraper.php?likref=BSellers
Request: img.example.com/pb.png
-Request: www.google-analytics.com/urchin.js crunch!
-Request: www.advertising-department.com/ats/switch.ps.php?26856 crunch!
+Request: www.google-analytics.com/urchin.js crunch! (Blocked)
+Request: www.advertising-department.com/ats/switch.ps.php?26856 crunch! (Blocked)
Request: img.example.com/p.gif
-Request: www.popuptraffic.com/assign.php?l=example&mode=behind crunch!
-Request: www.popuptraffic.com/scripts/popup.php?hid=5c3cf&tmpl=PBa.tmpl crunch!
-Request: www.popuptraffic.com/assign.php?l=example crunch!
+Request: www.popuptraffic.com/assign.php?l=example&mode=behind crunch! (Blocked)
+Request: www.popuptraffic.com/scripts/popup.php?hid=5c3cf&tmpl=PBa.tmpl crunch! (Blocked)
+Request: www.popuptraffic.com/assign.php?l=example crunch! (Blocked)
Request: www.lik-sang.com/Banners/best_sellers/best_sellers.css
-Request: www.adtrak.net/adx.js crunch!
+Request: www.adtrak.net/adx.js crunch! (Blocked)
Request: img.example.com/hbg.gif
Request: img.example.com/example.jpg
Request: img.example.com/mt.png
Request: img.example.com/mm.png
Request: img.example.com/mb.png
-Request: www.popuptraffic.com/scripts/popup.php?hid=a71b91fa5&tmpl=Ua.tmp crunch!
+Request: www.popuptraffic.com/scripts/popup.php?hid=a71b91fa5&tmpl=Ua.tmp crunch! (Blocked)
Request: www.example.com/tracker.js
Request: www.lik-sang.com/Banners/best_sellers/lsi_head.gif
-Request: www.adtrak.net/adjs.php?n=020548130&what=zone:61 crunch!
-Request: www.adtrak.net/adjs.php?n=463594413&what=zone:58&source=Ua crunch!
+Request: www.adtrak.net/adjs.php?n=020548130&what=zone:61 crunch! (Blocked)
+Request: www.adtrak.net/adjs.php?n=463594413&what=zone:58&source=Ua crunch! (Blocked)
Request: www.lik-sang.com/Banners/best_sellers/bottomani.swf
-Request: mmm.elitemediagroup.net/install.php?allowpop=no&popupmincook=0&allowsp2=1 crunch!
+Request: mmm.elitemediagroup.net/install.php?allowpop=no&popupmincook=0&allowsp2=1 crunch! (Blocked)
Request: www.example.com/tracker.js?screen=1400x1050&win=962x693
-Request: www.adtrak.net/adlog.php?bannerid=1309&clientid=439&zoneid=61 crunch!
+Request: www.adtrak.net/adlog.php?bannerid=1309&clientid=439&zoneid=61 crunch! (Blocked)
Request: 66.70.21.80/scripts/click.php?hid=5c3cf599a9efd0320d26&si
Request: 66.70.21.80/img/pixel.gif
-Request: www.adtrak.net/adlog.php?bannerid=1309&clientid=439&zoneid=58&source=Ua&block=86400 crunch!
+Request: www.adtrak.net/adlog.php?bannerid=1309&clientid=439&zoneid=58&source=Ua&block=86400 crunch! (Blocked)
Request: 66.70.21.80/scripts/click.php?hid=a71b9f6504b0c5681fa5&si=Ua
]]>
@@ -2273,9 +2393,11 @@ Request: 66.70.21.80/scripts/click.php?hid=a71b9f6504b0c5681fa5&si=Ua
What can I do?
- First verify that it is indeed a Privoxy problem,
+ First verify that it is indeed a Privoxy problem,
by toggling off Privoxy through http://config.privoxy.org/toggle,
+ url="http://config.privoxy.org/toggle">http://config.privoxy.org/toggle
+ (the toggle feature may need to be enabled in the main
+ config),
and then shift-reloading the problem page (i.e. holding down the shift key
while clicking reload. Alternatively, flush your browser's disk and memory
caches).
@@ -2288,7 +2410,8 @@ What can I do?
and paste the full URL of the page in question into the prompt. See which
actions are being applied to the URL, and which matches in which actions
files are responsible for that. It might be helpful also to look at your logs
- for this site too, to see what else might be happening. Many sites are
+ for this site too, to see what else might be happening (note: logging may need
+ to be enabled in the main config file). Many sites are
complex and require a number of related pages to help present their content.
Look at what else might be used by the page in question, and what of that
might be required.
@@ -2306,13 +2429,13 @@ What can I do?
on again. Remember to flush your browser's caches in between any such changes!
- Alternately, if you are comfortable with a text editor, you can accomplish
- the same thing by editing the appropriate actions file. Probably the easiest
+ Alternately, if you are comfortable with a text editor, you can accomplish
+ the same thing by editing the appropriate actions file. Probably the easiest
way to deal with such problems when editing by hand is to add your
site to a { fragile } section in user.action,
which is an alias that turns off most dangerous
actions, but is also likely to turn off more actions then needed, and thus lower
- your privacy and protection more than necessary,
+ your privacy and protection more than necessary,
Troubleshooting actions is discussed in more detail in the
with general configuration information and examples.
- As a last resort, you can always see if your browser has a setting that will
+ As a last resort, you can always see if your browser has a setting that will
bypass the proxy setting for selective sites. Modern browsers can do this.
@@ -2370,7 +2493,7 @@ every time I start IE. What gives?
set-up DUN connection and each LAN connection in IE store the settings for
each user individually. As such this enforces individual configurations
rather than common ones. Hence the first time you use a DUN connection after
- re-booting your system it may not perform as you expect, and prompt you for
+ re-booting your system it may not perform as you expect, and prompt you for
the password. Just set and save the password again and all should be OK.
@@ -2385,16 +2508,16 @@ every time I start IE. What gives?
I cannot connect to any FTP sites. Privoxy
is blocking me.
- Privoxy cannot act as a proxy for FTP traffic,
+ Privoxy cannot act as a proxy for FTP traffic,
so do not configure your browser to use Privoxy
as an FTP proxy. The same is true for any protocol other than HTTP
- or HTTPS (SSL).
+ or HTTPS (SSL).
Most browsers understand FTP as well as HTTP. If you connect to a site, with
a URL like ftp://ftp.example.com, your browser is making
- an FTP connection, and not a HTTP connection. So while your browser may
- speak FTP, Privoxy does not, and cannot proxy
+ an FTP connection, and not a HTTP connection. So while your browser may
+ speak FTP, Privoxy does not, and cannot proxy
such traffic.
@@ -2404,7 +2527,7 @@ every time I start IE. What gives?
accidentally enable FTP proxying in these cases. And of course, if this
happens, Privoxy will indeed cause problems since
it does not know FTP. Just disable the FTP setting
+ message if a FTP connection is attempted.]]> Just disable the FTP setting
and all will be well again.
@@ -2415,54 +2538,58 @@ every time I start IE. What gives?
-
-In Mac OSX, I can't configure Microsoft Internet Explorer to use
+
+In Mac OS X, I can't configure Microsoft Internet Explorer to use
Privoxy as the HTTP proxy.
Microsoft Internet Explorer (in versions like 5.1) respects system-wide
network settings. In order to change the HTTP proxy, open System
Preferences, and click on the Network icon. In the settings pane that
- comes up, click on the Proxies tab. Ensure the "Web Proxy (HTTP)" checkbox
- is checked and enter 127.0.0.1 in the entry field.
+ comes up, click on the Proxies tab. Ensure the "Web Proxy (HTTP)" checkbox
+ is checked and enter 127.0.0.1 in the entry field.
Enter 8118 in the Port field. The next time you start
IE, it should reflect these values.
-
-In Mac OSX, I dragged the Privoxy folder to the trash in order to
- uninstall it. Now the finder tells me I don't have sufficient privileges to
+
+In Mac OS X, I dragged the Privoxy folder to the trash in order to
+ uninstall it. Now the finder tells me I don't have sufficient privileges to
empty the trash.
+
+ Note: This ONLY applies to privoxy 3.0.6 and earlier.
+
Just dragging the Privoxy folder to the trash is
- not enough to delete it. Privoxy supplies an
+ not enough to delete it. Privoxy supplies an
uninstall.command file that takes care of
- these details. Open the trash, drag the uninstall.command
- file out of the trash and double-click on it. You will be prompted for
+ these details. Open the trash, drag the uninstall.command
+ file out of the trash and double-click on it. You will be prompted for
confirmation and the administration password.
-
+
- The trash may still appear full after this command; emptying the trash
+ The trash may still appear full after this command; emptying the trash
from the desktop should make it appear empty again.
-
-In Mac OSX Panther (10.3), images often fail to load and/or I
+
+In Mac OS X Panther (10.3), images often fail to load and/or I
experience random delays in page loading. I'm using
localhost as my browser's proxy setting.
- We believe this is due to an IPv6-related bug in OSX, but don't fully
- understand the issue yet. In any case, changing the proxy setting to
+ We believe this is due to an IPv6-related bug in Mac OS X, but don't fully
+ understand the issue yet. In any case, changing the proxy setting to
127.0.0.1 instead of localhost
works around the problem.
+
I get a completely blank page at one site. View Source
shows only: