7 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
10 TITLE="Privoxy Frequently Asked Questions"
11 HREF="index.html"><LINK
14 HREF="configuration.html"><LINK
16 TITLE="Troubleshooting"
17 HREF="trouble.html"><LINK
20 HREF="../p_doc.css"></HEAD
31 SUMMARY="Header navigation table"
40 >Privoxy Frequently Asked Questions</TH
48 HREF="configuration.html"
86 >4.1. How much does <SPAN
89 > slow my browsing down? This
90 has to add extra time to browsing.</H3
92 > How much of an impact depends on many things, including the CPU of the host
93 system, how agressive the configuration is, which specific actions are being triggered,
94 the size of the page, etc.</P
96 > Overall, it should not slow you down any in real terms, and may actually help
97 speed things up since ads, banners and other junk are not typically being displayed.
98 The actual processing time required by <SPAN
102 itself for each page, is relatively small in the overall scheme of things,
103 and happens very quickly. This is typically more than offset by time saved
104 not downloading and rendering ad images (if ad blocking is being used).</P
109 > content via the <TT
112 HREF="../user-manual/actions-file.html#FILTER"
120 HREF="../user-manual/actions-file.html#DEANIMATE-GIFS"
125 actions will certainly cause a perceived slowdown, since the entire document
126 needs to be buffered before displaying. And on very large documents, there may be
127 some impact. How much depends on the page size, the actual definition of the
128 filter(s), etc. See below. Most other actions have little to no impact on
138 >4.2. I notice considerable
139 delays in page requests compared to the old Junkbuster. What's wrong?</H3
144 HREF="../user-manual/actions-file.html#FILTER"
149 such as filtering banners by size, web-bugs etc, or the <TT
152 HREF="../user-manual/actions-file.html#DEANIMATE-GIFS"
157 action, the entire document must be loaded into memory in order for the filtering
158 mechanism to work, and nothing is sent to the browser during this time.</P
160 > The loading time typically does not really change much in real numbers, but
161 the feeling is different, because most browsers are able to start rendering
162 incomplete content, giving the user a feeling of "it works". This effect is
163 more noticeable on slower dialup connections. Extremely large documents
164 may have some impact on the time to load the page where there is filtering
165 being done. But overall, the difference should be very minimal. If there is a
166 big impact, then probably some other problem is contributing.
169 > Filtering is automatically disabled for inappropriate MIME types. But note
170 that if the web server mis-reports the MIME type, then content that should
171 not be filtered, could be. <SPAN
175 to differentiate filterable content because of the MIME type as reported by
176 the server, or because of some configuration setting that enables/disables
186 >4.3. I just installed <SPAN
190 browsing has slowed to a crawl. What gives?</H3
192 > This should not happen, and for the overwhelming number of users world-wide,
193 it does not happen. I would suspect some inadvertent interaction of software
194 components such as anti-virus software, spyware protectors, personal
195 firewalls or similar components. Try disabling (or uninstalling) these one
196 at a time and see if that helps.</P
205 >4.4. What are "http://config.privoxy.org/" and
209 HREF="http://config.privoxy.org/"
211 >http://config.privoxy.org/</A
216 >'s built-in user interface, and
221 > is a shortcut for it.</P
226 > sits between your web browser and the Internet,
227 it can simply intercept requests for these addresses and answer them with its built-in
233 > This also makes for a good test for your browser configuration: If entering the
235 HREF="http://config.privoxy.org/"
237 >http://config.privoxy.org/</A
239 takes you to a page saying <SPAN
241 >"This is Privoxy ..."</SPAN
243 If you get a page saying <SPAN
245 >"Privoxy is not working"</SPAN
247 your browser didn't use <SPAN
251 hence it could not be intercepted, and you have accessed the <SPAN
258 web site at config.privoxy.org.</P
260 > With recent versions of <SPAN
264 later), the user interface features information on the run time status, the
265 configuration, and even a built-in editor for the <A
266 HREF="../user-manual/actions-file.html"
271 > Note that the built-in URLs from earlier versions of <SPAN
278 >, http://example.com/show-proxy-args and http://i.j.b/,
279 are no longer supported. If you still use such an old version, you should really consider
280 upgrading to 3.0.4.</P
289 >4.5. How can I submit new ads, or report
296 various ways to interact with the developers.</P
305 >4.6. Why doesn't anyone answer my support
308 >Rest assured that it has been read and considered. Why it is not answered,
309 could be for various reasons, including no one has a good answer for it, no
310 one has had time to yet investigate it thorougly, it has been reported
311 numerous times already, or because not enough information was provided to help
312 us help you. Your efforts are not wasted, and we do appreciate them.</P
321 >4.7. How can I hide my IP address?</H3
323 > If you run both the browser and the proxy locally, you cannot hide your IP
327 > or ultimately any other
328 software. The server needs to know your IP address so that it knows where to
329 send the responses back. </P
331 > There are many publicly usable "anonymous" proxies out there, which
332 provide a further level of indirection between you and the web server.</P
334 > However, these proxies are called "anonymous" because you don't need
335 a password, not because they would offer any real anonymity.
336 Most of them will log your IP address and make it available to the
337 authorities in case you violate the law of the country they run in. In fact
338 you can't even rule out that some of them only exist to *collect* information
339 on (those suspicious) people with a more than average preference for privacy.</P
341 > Your best bet is to chain <SPAN
346 HREF="http://tor.eff.org/"
351 HREF="http://www.eff.org/"
354 > supported onion routing system.
355 The configuration details can be found in
362 > together with <SPAN
378 > guarantee I am anonymous?</H3
380 > No. Your chances of remaining anonymous are greatly improved, but unless you
392 or a similar system and know what you're doing when it comes to configuring
393 the rest of your system, it would be safest to assume that everything you do
394 on the Web can be traced back to you.</P
399 > can remove various information about you,
406 > more freedom to decide which sites
407 you can trust, and what details you want to reveal. But it neither
408 hides your ip address, nor can it guarantee that the rest of the system
409 behaves correctly. There are several possibilities how a web sites can find
410 out who you are, even if you are using a strict <SPAN
414 configuration and chained it with <SPAN
422 > protection can be easily subverted
423 by an insecure browser configuration, therefore you should use a browser that can
424 be configured to only execute code from trusted sites, and be careful which sites you trust.
425 For example there is no point in having <SPAN
429 modify the User-Agent header, if websites can get all the information they want
430 through JavaScript, ActiveX, Flash, Java etc.</P
432 > A few browsers disclose the user's email address in certain situations, such
433 as when transferring a file by FTP. <SPAN
437 does not filter FTP. If you need this feature, or are concerned about the
438 mail handler of your browser disclosing your email address, you might
439 consider products such as <SPAN
444 > Browsers available only as binaries could use non-standard headers to give
445 out any information they can have access to: see the manufacturer's license
446 agreement. It's impossible to anticipate and prevent every breach of privacy
447 that might occur. The professionally paranoid prefer browsers available as
448 source code, because anticipating their behavior is easier. Trust the source,
458 >4.9. How do I use <SPAN
467 > Before you configure <SPAN
475 HREF="http://tor.eff.org/"
477 >http://tor.eff.org/</A
479 please follow the User Manual chapters
481 HREF="../user-manual/installation.html"
486 HREF="../user-manual/startup.html"
493 > itself is setup correctly.</P
496 If it is, refer to <A
497 HREF="http://tor.eff.org/documentation.html.en"
500 extensive documentation</A
501 > to learn how to install <SPAN
508 >'s logfile says that
511 >"Tor has successfully opened a circuit"</SPAN
515 >"[l]ooks like client functionality is working"</SPAN
525 isn't working, their combination most likely will neither. Testing them on their
526 own will also help you to direct problem reports to the right audience.
530 > isn't working, don't bother the
534 > developers. If <SPAN
538 isn't working, don't send bug reports to the <SPAN
543 > If you verified that <SPAN
550 are working, it is time to connect them. As far as <SPAN
557 > is just another proxy that can be reached
558 by socks4 or socks4a. Most likely you are interested in <SPAN
562 to increase your anonymity level, therefore you should use socks4a,
570 > and thus invisible to your local network.</P
575 > 3.0.4, its configuration (section 5.2)
576 is already prepared for <SPAN
579 >, if you are using a
583 > configuration and run it on the same
584 system as Privoxy, you just have to uncomment the line:</P
594 ># forward-socks4a / 127.0.0.1:9050 .
601 > This is enough to reach the internet, but additionally you should
602 uncomment the following forward rules, to make sure your local network is still
603 reachable through Privoxy:</P
613 ># forward 192.168.*.*/ .
614 # forward 10.*.*.*/ .
615 # forward 127.*.*.*/ .
622 > Unencrypted connections to systems in these address ranges will
623 be as (un)secure as the local network is, but the alternative is
624 that you can't reach the network at all.
625 If you also want to be able to reach servers in your local
626 network by using their names, you will need additional
627 exceptions that look like this:</P
637 ># forward localhost/ .
644 > Save the modified configuration file and open
646 HREF="http://config.privoxy.org/show-status"
648 >http://config.privoxy.org/show-status/</A
650 in your browser, confirm that <SPAN
653 > has reloaded its configuration
654 and that there are no other forward lines, unless you know that you need them. I everything looks good,
657 HREF="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-0e1cc2ac330ede8c6ad1ac0d0db0ac163b0e6143"
661 > to learn how to verify that you are really using <SPAN
666 > Afterwards, please take the time to at least skim through the rest
670 > documentation. Make sure you understand
674 > does, why it is no replacement for
675 application level security, and why you shouldn't use it for unencrypted logins.</P
684 >4.10. Might some things break because header information or
685 content is being altered?</H3
687 > Definitely. More and more sites use HTTP header content to decide what to
688 display and how to display it. There is many ways that this can be handled,
689 so having hard and fast rules, is tricky.</P
694 > in particular is often used in this way to identify
695 the browser, and adjust content accordingly. Changing this now (at least not
696 further than removing the OS information) is not recommended, since so many
697 sites do look for it. You may get undesirable results by changing this.</P
699 > For instance, different browsers use different encodings of Russian and Czech
700 characters, certain web servers convert pages on-the-fly according to the
701 User Agent header. Giving a <SPAN
705 operating system or browser manufacturer causes some sites in these languages
706 to be garbled; Surfers to Eastern European sites should change it to
707 something closer. And then some page access counters work by looking at the
711 > header; they may fail or break if unavailable. The
712 weather maps of Intellicast have been blocked by their server when no
716 > or cookie is provided, is another example. (But you
717 can forge both headers without giving information away). There are
718 many other ways things can go wrong when trying to fool a web server.</P
720 > Similar thoughts apply to modifying JavaScript, and, to a lesser degree,
723 > If you have problems with a site, you will have to adjust your configuration
724 accordingly. Cookies are probably the most likely adjustment that may
725 be required, but by no means the only one.</P
741 speed up web browsing?</H3
743 > No, it does not have this ability at all. You want something like
745 HREF="http://www.squid-cache.org/"
748 > for this. And, yes,
749 before you ask, <SPAN
753 with other kinds of proxies like <SPAN
758 HREF="../user-manual/config.html#FORWARDING"
763 HREF="../user-manual/index.html"
776 >4.12. What about as a firewall? Can <SPAN
781 > Not in the way you mean, or in the way a true firewall can.
785 > can help protect your privacy, but not
786 protect you from intrusion attempts. It is, of course, perfectly possible
787 and recommended to use <SPAN
802 >4.13. I have large empty spaces / a checkerboard pattern now where
803 ads used to be. Why?</H3
805 > It would be technically possible eliminate the banners in a way that frees
806 their screen estate in many cases, by doing all banner blocking with filters,
807 i.e. eliminating the whole image references from the HTML pages instead
808 of letting them stay in, and blocking the resulting requests for the
809 banners themselves.</P
811 > But this would consume considerable CPU resources, would likely destroy
812 the layout of many web pages which rely on the banners consuming a certain
813 amount of screen space, and would fail in other cases, where the screen space
814 is reserved e.g. by tables anyway. Also, making the banners disappear without
815 a visual trace complicates troubleshooting.</P
817 > So we won't support this in the default configuration, but you can of course
818 define appropriate filters yourself.</P
830 > filter Secure (HTTPS) URLs?</H3
832 > Since secure HTTP connections are encrypted SSL sessions between your browser
833 and the secure site, and are meant to be reliably <SPAN
840 there is little that <SPAN
843 > can do but hand the raw
844 gibberish data though from one end to the other unprocessed.</P
846 > The only exception to this is blocking by host patterns, as the client needs
850 > the name of the remote server,
854 > can establish the connection.
855 If that name matches a host-only pattern, the connection will be blocked.</P
857 > As far as ad blocking is concerned, this is less of a restriction than it may
858 seem, since ad sources are often identifiable by the host name, and often
859 the banners to be placed in an encrypted page come unencrypted nonetheless
860 for efficiency reasons, which exposes them to the full power of
868 >"Content cookies"</SPAN
869 > (those that are embedded in the actual HTML or
870 JS page content, see <TT
873 HREF="../user-manual/actions-file.html#FILTER-CONTENT-COOKIES"
875 >filter{content-cookies}</A
878 in an SSL transaction will be impossible to block under these conditions.
879 Fortunately, this does not seem to be a very common scenario since most
880 cookies come by traditional means.</P
896 secure is it? Do I need to take any special precautions?</H3
898 > There are no known exploits that might affect
902 >. On Unix-like systems,
906 > can run as a non-privileged
907 user, which is how we recommend it be run. Also, by default
911 > only listens to requests
915 > only. The server aspect of
919 > is not itself directly exposed to the
920 Internet in this configuration. If you want to have
924 > serve as a LAN proxy, this will have to
925 be opened up to allow for LAN requests. In this case, we'd recommend
926 you specify only the LAN gateway address, e.g. 192.168.1.1, in the main
930 > configuration file and check all <A
931 HREF="../user-manual/config.html#ACCESS-CONTROL"
933 >access control and security
935 >. All LAN hosts can then use this as their proxy address
936 in the browser proxy configuration, but <SPAN
940 will not listen on any external interfaces. ACLs can be defined in addition,
941 and using a firewall is always good too. Better safe than sorry.</P
950 >4.16. How can I temporarily disable <SPAN
955 > The easiest way is to access <SPAN
959 browser by using the remote toggle URL: <A
960 HREF="http://config.privoxy.org/toggle"
962 >http://config.privoxy.org/toggle</A
965 HREF="../user-manual/appendix.html#BOOKMARKLETS"
967 >Bookmarklets section</A
972 > for an easy way to access this
989 out of the picture?</H3
991 > No, this just means all filtering and actions are disabled.
995 > is still acting as a proxy, but just not
996 doing any of the things that <SPAN
1000 normally be expected to do. It is still a <SPAN
1004 the interaction between your browser and web sites.</P
1013 >4.18. My logs show <SPAN
1020 ads, but also its own internal CGI pages. What is a <SPAN
1028 > simply means <SPAN
1038 >, nothing more. Often this is indeed ads or
1042 > uses the same mechanism for
1043 trapping requests for its own internal pages. For instance, a request for
1047 > configuration page at: <A
1048 HREF="http://config.privoxy.org"
1050 >http://config.privoxy.org</A
1052 intercepted (i.e. it does not go out to the 'net), and the familiar CGI
1053 configuration is returned to the browser, and the log consequently will show
1069 > effect files that I download
1070 from a webserver? FTP server?</H3
1072 > From the webserver's perspective, there is no difference between
1073 viewing a document (i.e. a page), and downloading a file. The same is true of
1077 >. If there is a match for a <TT
1080 HREF="../user-manual/actions-file.html#BLOCK"
1085 it will still be blocked, and of course this is obvious.
1088 > Filtering is potentially more of a concern since the results are not always
1089 so obvious, and the effects of filtering are there whether the file is simply
1090 viewed, or downloaded. And potentially whether the content is some obnoxious
1091 advertizement, or Mr. Jimmy's latest/greatest source code jewel. Of course,
1092 one of these presumably is <SPAN
1095 > content that we don't want, and
1099 > content that we do want.
1103 > is blind to the differences, and can only
1106 >"good from bad"</SPAN
1107 > by the configuration parameters
1119 > knows the differences in files according
1122 >"Document Type"</SPAN
1123 > as reported by the webserver. If this is
1124 reported accurately (e.g. <SPAN
1126 >"application/zip"</SPAN
1127 > for a zip archive),
1131 > knows to ignore these where
1135 > potentially can filter HTML
1136 as well as plain text documents, subject to configuration parameters of
1137 course. Also, documents that are of an unknown type (generally assumed to be
1141 >) can be filtered, as will those that might be
1142 incorrectly reported by the webserver. If such a file is a downloaded file
1143 that is intended to be saved to disk, then any content that might have been
1144 altered by filtering, will be saved too, for these (probably rare) cases.</P
1146 > Note that versions later than 3.0.2 do NOT filter document types reported as
1150 >. Prior to this, <SPAN
1154 did filter this document type.</P
1156 > In short, filtering is <SPAN
1159 > if a) the Document Type as reported
1160 by the webserver is appropriate <SPAN
1166 > b) the configuration
1167 allows it (or at least does not disallow it). That's it. There is no magic
1168 cookie anywhere to say this is <SPAN
1175 >. It's the configuration that let's it all happen or not.</P
1177 > If you download text files, you probably do not want these to be filtered,
1178 particularly if the content is source code, or other critical content. Source
1179 code sometimes might be mistaken for Javascript (i.e. the kind that might
1180 open a pop-up window). It is recommended to turn off filtering for download
1181 sites (particularly if the content may be plain text files and you are using
1182 version 3.0.2 or earlier) in your <TT
1186 also, for any site or page where making <SPAN
1193 all to the content is to be avoided.</P
1198 > does not do FTP at all, only HTTP
1199 protocols, so please don't try.</P
1208 >4.20. I just downloaded a Perl script, and <SPAN
1212 altered it! Yikes, what is wrong!</H3
1214 > Please read above.</P
1223 >4.21. Should I continue to use a <SPAN
1226 > file for ad-blocking?</H3
1228 > One time-tested technique to defeat common ads is to trick the local DNS
1229 system by giving a phony IP address for the ad generator in the local
1233 > file, typically using <TT
1240 >. This effectively blocks the ad.</P
1242 > There is no reason to use this technique in conjunction with
1250 does essentially the same thing, much more elegantly and with much more
1251 flexibility. A large <TT
1254 > file, in fact, not only
1255 duplicates effort, but may get in the way. It is recommended to remove
1256 such entries from your <TT
1259 > file. If you think
1260 your hosts list is neglected by <SPAN
1264 configuration, consider adding your list to your <TT
1280 ads.galore.example.com
1281 etc.example.com</PRE
1294 >4.22. Where can I find more information about <SPAN
1298 and related issues?</H3
1300 > Other references and sites of interest to <SPAN
1314 HREF="http://www.privoxy.org/"
1316 >http://www.privoxy.org/</A
1337 HREF="http://www.privoxy.org/faq/"
1339 >http://www.privoxy.org/faq/</A
1360 HREF="http://sourceforge.net/projects/ijbswa/"
1362 >http://sourceforge.net/projects/ijbswa/</A
1364 the Project Page for <SPAN
1369 HREF="http://sourceforge.net"
1388 HREF="http://config.privoxy.org/"
1390 >http://config.privoxy.org/</A
1392 the web-based user interface. <SPAN
1396 running for this to work. Shortcut: <A
1416 HREF="http://sourceforge.net/tracker/?group_id=11118&atid=460288"
1418 >http://sourceforge.net/tracker/?group_id=11118&atid=460288</A
1423 configuration related suggestions to the developers.
1440 HREF="http://www.junkbusters.com/ht/en/cookies.html"
1442 >http://www.junkbusters.com/ht/en/cookies.html</A
1444 an explanation how cookies are used to track web users.
1460 HREF="http://www.junkbusters.com/ijb.html"
1462 >http://www.junkbusters.com/ijb.html</A
1464 the original Internet Junkbuster.
1481 HREF="http://privacy.net/"
1483 >http://privacy.net/</A
1485 to check what information about you is leaked while you browse the web.
1501 HREF="http://www.squid-cache.org/"
1503 >http://www.squid-cache.org/</A
1505 caching proxy, which is often used together with <SPAN
1524 HREF="http://tor.eff.org/"
1526 >http://tor.eff.org/</A
1531 > can help anonymize web browsing,
1532 web publishing, instant messaging, IRC, SSH, and other applications.
1548 HREF="http://www.privoxy.org/developer-manual/"
1550 >http://www.privoxy.org/developer-manual/</A
1571 >4.23. I've noticed that Privoxy changes <SPAN
1578 >! Why are you manipulating my browsing?</H3
1580 > We're not. The text substitutions that you are seeing are disabled
1581 in the default configuration as shipped. You have either manually
1589 is clearly labeled <SPAN
1591 >"Text replacements for subversive browsing
1593 > or you are using an older Privoxy version and have implicitly
1594 activated it by choosing the <SPAN
1596 >"Adventuresome"</SPAN
1598 web-based editor.</P
1606 SUMMARY="Footer navigation table"
1617 HREF="configuration.html"
1655 >Troubleshooting</TD
projects / privoxy.git / blob