General Information

X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Ffaq.sgml;h=0e9fec39a360e427fe630635d62c422733878976;hp=1be6014a2cb9929d7d493404d667f5be9ed0acd5;hb=239d854e98d927fc5613d8bae20d219370b0d6a7;hpb=ba716001594e02b151c058333bee05e81c84e779 diff --git a/doc/source/faq.sgml b/doc/source/faq.sgml index 1be6014a..0e9fec39 100644 --- a/doc/source/faq.sgml +++ b/doc/source/faq.sgml @@ -8,14 +8,16 @@ - - - - + + + + + +Privoxy"> ]> - Copyright &my-copy; 2001-2006 by - Privoxy Developers + Copyright &my-copy; 2001-2007 by + Privoxy Developers -$Id: faq.sgml,v 2.11 2006/07/18 14:48:50 david__schmidt Exp $ +$Id: faq.sgml,v 2.27 2007/10/22 19:47:05 fabiankeil Exp $ - &p-intro; + What is Privoxy? &p-intro; @@ -147,8 +149,84 @@ Hal. General Information +Who should use Privoxy? + + Anyone that is interested in security, privacy, or in + finer-grained control over their web and Internet experience. + Everyone is encouraged to try &my-app;. + + + +Is Privoxy the best choice for +me? + + &my-app; is certainly a good choice, especially for those who want more + control and security. Those that have the ability to fine-tune their installation + will benefit the most. One of Privoxy's + strength's is that it is highly configurable giving you the ability to + completely personalize your installation. Being familiar with, or at least + having an interest in learning about HTTP and other networking + protocols, HTML, + IP (Internet + Protocol), and + Regular + Expressions + will be a big plus and will help you get the most out of &my-app;. + A new installation just includes a very basic configuration. The user + should take this as a starting point only, and enhance it as he or she + sees fit. In fact, the user is encouraged, and expected to, fine-tune the + configuration. + + + Much of Privoxy's configuration can be done + with a Web browser. + But there are areas where configuration is done using a + text editor + to edit configuration files. + + + +What is a <quote>proxy</quote>? How does +Privoxy work? + + A web proxy + is a service, based on a software such as + Privoxy, that clients (i.e. browsers) can use + instead of connecting directly to web servers on the Internet. The + clients then ask the proxy to fetch the objects they need (web pages, + images, movies etc) on their behalf, and when the proxy has done so, it + hands the results back to the client. It is a go-between. See + the Wikipedia proxy + definition for more. + + + There are many reasons to use web proxies, such as security (firewalling), + efficiency (caching) and others, and there are any number of proxies + to accommodate those needs. + + + Privoxy is a proxy that is primarily focused on privacy + protection, ad and junk elimination and freeing the user from restrictions placed on his + activities. Sitting between your browser(s) and the Internet, + it is in a perfect position to filter outbound personal information that your + browser is leaking, as well as inbound junk. It uses a variety of techniques to do + this, all of which are under your complete control via the various configuration + files and options. Being a proxy also makes it easier to share + configurations among multiple browsers and/or users. + + + + +Does Privoxy do anything more than ad blocking? + + Yes, ad blocking is but one possible use. There are many, many ways &my-app; + can be used to sanitize and customize web browsing. + + -What is this new version of <application>Junkbuster</application>? +What is this new version of +<quote><citetitle>Junkbuster</citetitle></quote>? &history; @@ -159,16 +237,16 @@ Hal. Why <quote>Privoxy</quote>? Why change the name from -<application>Junkbuster</application> at all? +Junkbuster at all? - Junkbusters Corporation + Though outdated, Junkbusters Corporation continues to offer their original version of the Internet Junkbuster, so publishing our Junkbuster-derived software under the same name led to confusion. - There are also potential legal complications from the continued use of the + There are also potential legal complications from our use of the Junkbuster name, which is a registered trademark of Junkbusters Corporation. There are, however, no objections from Junkbusters Corporation to the @@ -189,15 +267,16 @@ Hal. - -How does <application>Privoxy</application> differ -from the old <application>Junkbuster?</application> +How does Privoxy differ +from the old Junkbuster? Privoxy picks up where Junkbuster left off. All the old features remain. The new Privoxy still blocks ads and banners, - still manages cookies, and still helps protect your privacy. But, these are - all greatly enhanced, and many, many new features have been added, all in the same vein. + still manages cookies, and still + helps protect your privacy. But, these are all greatly enhanced, and many, + many new features have been added, all in the same vein. The configuration has changed significantly as well. This is something that @@ -205,8 +284,8 @@ from the old Junkbuster? Junkbuster 2.0.x. The blocklist cookielist, imagelist and much more has been combined into the actions files, with a completely different - syntax. See the What's New - page for the latest updates. + syntax. What's New + page for the latest updates.]]> Privoxy's new features include: @@ -218,34 +297,8 @@ from the old Junkbuster? -What is a <quote>proxy</quote>? How does -<application>Privoxy</application> work? - - A web proxy is a service, based on a software such as Privoxy, - that clients (i.e. browsers) can use instead of connecting directly to the web - servers on the Internet. The clients then ask the proxy to fetch the objects - they need (web pages, images, movies etc) on their behalf, and when the proxy - has done so, it hands the results back to the client. - - - There are many reasons to use web proxies, such as security (firewalling), - efficiency (caching) and others, and there are just as many different proxies - to accommodate those needs. - - - Privoxy is a proxy that is primarily focused on privacy - protection, junk elimination and freeing the user from restrictions placed on his - activities. Sitting between your browser(s) and the Internet, - it is in a perfect position to filter outbound personal information that your - browser is leaking, as well as inbound junk. It uses a variety of techniques to do - this, all of which are under your control via the various configuration - files and options. - - - - -How does <application>Privoxy</application> know what is +<title id="knows">How does Privoxy know what is an ad, and what is not? Privoxy's approach to blocking ads is twofold: @@ -257,7 +310,8 @@ an ad, and what is not? and the host (blocking the big banner hosting services like doublecklick.net already helps a lot). Privoxy takes advantage of this fact by using URL - patterns to sort out and block the requests for banners. + patterns to sort out and block the requests for things that sound + like they would be ads or banners. Second, banners tend to come in certain sizes. But you @@ -269,12 +323,12 @@ an ad, and what is not? Both of this involves a certain amount of guesswork and is, of course, freely - configurable. + and readily configurable. -Can <application>Privoxy</application> make mistakes? +<title id="mistakes">Can Privoxy make mistakes? This does not sound very scientific. Actually, it's a black art ;-) And yes, it is always possible to have a broad @@ -293,16 +347,22 @@ This does not sound very scientific. - -Will I have to configure <application>Privoxy</application> +<title id="configornot">Will I have to configure Privoxy before I can use it? No, not really. The default installation should give you a good starting - point, and block most unwanted content. + point, and block most ads and unwanted content. Many of + the more advanced features are off by default, and would require you to + activate them. + + + You do have to set up your browser to use + Privoxy (see the Installation section below). - But you will certainly run into situations where there are false positives, + And you will certainly run into situations where there are false positives, or ads not being blocked that you may not want to see. In these cases, you would certainly benefit by customizing Privoxy's configuration to more closely match your individual situation. And we would @@ -312,9 +372,17 @@ This does not sound very scientific. + +Can Privoxy run as a server on a network? + + Yes, &my-app; runs as a server already, and can easily be configured to + serve more than one client. See + How can I set up Privoxy to act as a proxy for my LAN below. + + + My browser does the same things as -<application>Privoxy</application>. Why should I use -<application>Privoxy</application> at all? +Privoxy. Why should I use Privoxy at all? Modern browsers do indeed have some of the same functionality as Privoxy. Maybe this is @@ -323,19 +391,32 @@ This does not sound very scientific. In addition, a proxy is good choice if you use multiple browsers, or - have a LAN with multiple computers. This way all the configuration - is in one place, and you don't have to maintain a similar configuration - for possibly many browsers. + have a LAN with multiple computers since &my-app; can run as a server + application. This way all the configuration is in one place, and you don't + have to maintain a similar configuration for possibly many browsers or + users. - +Why should I trust Privoxy? + + The most important reason is because you have access to + everything, and you can control everything. You can + check every line of every configuration file yourself. You can check every + last bit of source code should you desire. And even if you can't read code, + there should be some comfort in knowing that thousands of other people can, + and some of them do read it. You can build the software from scratch, if you want, + so that you know the executable is clean, and that it is + yours. In fact, we encourage this level of scrutiny. It + is one reason we use &my-app; ourselves. + + Is there is a license or fee? What about a warranty? Registration? Privoxy is licensed under the GNU General Public License (GPL). + url="http://www.gnu.org/licenses/old-licenses/gpl-2.0.html">GNU General Public License (GPL) version 2. It is free to use, copy, modify or distribute as you wish under the terms of this license. Please see the Copyright section for more information on the license and copyright. Or the LICENSE file @@ -350,7 +431,56 @@ warranty? Registration? -I would like to help you, what do I do? + +Can Privoxy remove spyware? Adware? Viruses? + + No, at least not reliable enough to trust it. &my-app; is not designed to be + a malware removal tool and the default configuration doesn't even try to + filter out any malware. + + + &my-app; could help prevent contact from (known) sites that use such + tactics with appropriate configuration rules, and thus could conceivably + prevent contamination from such sites. + + + + + +Can I use Privoxy with other ad-blocking software? + + &my-app; should work fine with other proxies and other software in general. + + + But it is probably not necessary to use &my-app; in conjunction with other + ad-blocking products, and this could conceivably cause undesirable results. + It would be better to choose one software or the other and work a little to + tweak its configuration to your liking. + + + +I would like to help you, what can I do? + +Would you like to participate? + + Well, we always need help. There is something for + everybody who wants to help us. We welcome new developers, packagers, + testers, documentation writers or really anyone with a desire to help in + any way. You DO NOT need to be a + programmer. There are many other tasks available. In fact, + the programmers often can't spend as much time programming because of some + of the other, more mundane things that need to be done, like checking the + Tracker feedback sections. + + + So first thing, get an account on SourceForge.net + and mail your id to the developers + mailing list. Then, please read the Developer's Manual, at least + the pertinent sections. + + Contribute! @@ -372,30 +502,6 @@ warranty? Registration? -Would you like to participate? - - Well, helping the team is always a good idea. We welcome new developers, - packagers, testers, documentation writers or really anyone with a desire to help in - any way. You - DO NOT need to be a programmer. There - are many other tasks available. In fact, the programmers often can't spend - as much time programming because of some of the other, more mundane things - that need to be done, like checking the Tracker feedback sections. - - - So first thing, get an account on SourceForge.net - and mail your id to the developers - mailing list. Then, please read the Developer's Manual, at least - the pertinent sections. - - - Once we have added you to the team, you'll have access to the CVS repository, and - together we'll find a suitable task for you. - - @@ -407,12 +513,15 @@ warranty? Registration? Installation -Which browsers are supported by <application>Privoxy</application>? +Which browsers are supported by Privoxy? Any browser that can be configured to use a proxy, which - should be virtually all browsers. Direct browser support is not necessary - since Privoxy runs as a separate application and - talks to the browser in the standardized HTTP protocol, just like a web server + should be virtually all browsers, including + Firefox, Internet + Explorer, and Opera among others. + Direct browser support is not an absolute requirement since + Privoxy runs as a separate application and talks + to the browser in the standardized HTTP protocol, just like a web server does. @@ -426,7 +535,7 @@ Include supported.sgml here: -Can I use <application>Privoxy</application> with my email client? +Can I use Privoxy with my email client? As long as there is some way to set a HTTP proxy for the client, then yes, any application can be used, whether it is strictly speaking a @@ -445,7 +554,7 @@ Include supported.sgml here: Can I install - <application>Privoxy</application> over <application>Junkbuster</application>? + Privoxy over Junkbuster? We recommend you un-install Junkbuster first to minimize conflicts and confusion. You may want to @@ -453,7 +562,7 @@ Include supported.sgml here: files and syntax have substantially changed, so you will need to manually port your old patterns. See the note to upgraders and installation - chapter in the user manual + chapter in the User Manual for details. @@ -463,23 +572,25 @@ Include supported.sgml here: - -I just installed <application>Privoxy</application>. Is there anything +<sect2 renderas="sect3" id="firststep"> +<title>I just installed Privoxy. Is there anything special I have to do now? All browsers must be told to use Privoxy as a proxy by specifying the correct proxy address and port number - in the appropriate configuration area for the browser. See below. - You should also flush your browser's memory and disk cache to get rid of any - cached junk items, and remove any stored cookies. + in the appropriate configuration area for the browser. See + the User Manual for more + details. You should also flush your browser's memory and disk cache to get rid of any + cached junk items, and remove any stored + cookies. -What is the proxy address of <application>Privoxy</application>? +What is the proxy address of Privoxy? If you set up the Privoxy to run on the computer you browse from (rather than your ISP's server or some @@ -502,18 +613,20 @@ special I have to do now? Privoxy can also be used to proxy for a Local Area Network. In this case, your would enter either the IP address of the LAN host where Privoxy - is running, or the equivalent hostname. Port assignment would be - same as above. Note that Privoxy doesn't - listen on any LAN interfaces by default. + is running, or the equivalent hostname, e.g. 192.168.1.1. + Port assignment would be same as above. Note that + Privoxy doesn't listen on any LAN interfaces by + default. Privoxy does not currently handle - any other protocols such as FTP, SMTP, IM, IRC, ICQ, etc. + any other protocols such as FTP, SMTP, IM, IRC, ICQ, etc. Be sure that + proxying any of these other protocols is not activated. -I just installed <application>Privoxy</application>, and nothing is happening. +<title>I just installed Privoxy, and nothing is happening. All the ads are there. What's wrong? @@ -537,14 +650,14 @@ All the ads are there. What's wrong? on starting Privoxy and browser configuration, see the chapter on starting Privoxy in the - user manual. + User Manual. I get a <quote>Privoxy is not being used</quote> dummy page although -<application>Privoxy</application> is running and being used. +Privoxy is running and being used. First, make sure that Privoxy is really running and @@ -552,7 +665,7 @@ All the ads are there. What's wrong? should see the Privoxy main page. If not, see the chapter on starting Privoxy in the - user manual. + User Manual. @@ -565,12 +678,17 @@ All the ads are there. What's wrong? - The procedure for clearing the cache varies from browser to browser. As an - example, Mozilla users would click + The procedure for clearing the cache varies from browser to browser. For + example, Mozilla/Netscape users would click Edit --> Preferences --> Advanced --> Cache and then click both Clear Memory Cache and Clear Disk Cache. + And, Firefox users would click + Tools --> Options --> + Privacy --> Cache and + then click Clear Cache Now. + @@ -580,50 +698,20 @@ All the ads are there. What's wrong? Configuration - -Where can I get updated Actions Files? - - Based on your feedback and the continuing development, updated actions files will be - made available on the files section of - our project page. - - - - If you wish to receive an email notification whenever we release updates of - Privoxy or the actions file, subscribe - to our announce mailing list, ijbswa-announce@lists.sourceforge.net. - - - - -Can I use my old config files? - - The syntax, number, and purpose of configuration files has substantially - changed from Junkbuster and early versions - of Privoxy. The old files, like blocklist - will not work at all. If you are upgrading from a 2.0.x version, you will - need to port your configuration data to the new format. Note that even the - pattern syntax has changed! Even configuration files from the 2.9.x versions - will need to be adapted, as configuration syntax has been very much in flow - in the 2.9.x series. - - - Refer to the What's New - page for information on configuration changes that may occur from one release to another. - - - -What is an <quote>actions</quote> file? +What exactly is an <quote>actions</quote> file? + &my-app; utilizes the concept of + actions + that are used to manipulate and control web page data. Actions files - are where various actions - that Privoxy might take while processing a certain + are where these actions + that Privoxy could take while processing a certain request, are configured. Typically, you would define a set of default actions - that apply to all URLs, then add exceptions to these defaults where needed. + that apply globally to all URLs, then add exceptions to these defaults where needed. + There is a wide array of actions available that give the user a high degree + of control and flexibility on how to process each and every web page. @@ -632,9 +720,10 @@ All the ads are there. What's wrong? for single URLs, whole web sites, groups or parts thereof etc. Actions can also be grouped together and then applied to requests matching one or more patterns. There are many possible actions that might apply to any given site. As an example, - if you are blocking cookies as one of your default actions, but need to accept - cookies from a given site, you would need to define an exception for this - site in one of your actions files, preferably in user.action. + if you are blocking cookies + as one of your default actions, but need to accept cookies from a given site, + you would need to define an exception for this site in one of your actions + files, preferably in user.action. @@ -645,8 +734,8 @@ some of these actions. For a comprehensive discussion of the actions concept, please refer to the actions file - chapter in the user - manual. It includes a in the User + Manual. It includes a list of all actions and an actions file tutorial to get you started. @@ -674,16 +763,16 @@ way to do this? There are several different <quote>actions</quote> files. What are the differences? - As of Privoxy v2.9.15, three actions files - are being included, to be used for + Three actions files + are being included by the developers, to be used for different purposes: These are default.action, the main actions file which is actively maintained by the Privoxy - developers, user.action, where users are encouraged + developers and typically sets the default policies, user.action, where users are encouraged to make their private customizations, and standard.action, which is for internal Privoxy use only. Please see the actions chapter - in the user manual for a more + in the User Manual for a more detailed explanation. @@ -696,10 +785,66 @@ the differences? +Where can I get updated Actions Files? + + Based on your feedback and the continuing development, updates of + default.action will be + made available from time to time on the files section of + our project page. + + + + If you wish to receive an email notification whenever we release updates of + Privoxy or the actions file, subscribe + to our announce mailing list, ijbswa-announce@lists.sourceforge.net. + + + + +Can I use my old config files? + + The syntax and purpose of configuration files has remained roughly the + same throughout the 3.x series, but backwards compatibility is not guaranteed. + Also each release contains updated, improved versions and it is + therefore recommended to use the newer configuration files. + fast-redirects + has changed. See the What's New section + of the User Manual for details.]]> + + + But all configuration files have substantially + changed from the Junkbuster days, and early + versions of Privoxy 2.x. The old files, like + blocklist will not work at all. + + + Refer to the What's New + page for information on configuration changes that may occur from one release to another. + ]]> + + + +Why is the configuration so complicated? + + Complicated is in the eye of the beholder. Those that are + familiar with some of the underlying concepts, such as regular expression + syntax, take to it like a fish takes to water. Also, software that tries + hard to be user friendly, often lacks sophistication and + flexibility. There is always that trade-off there between power vs. + easy-of-use. Furthermore, anyone is welcome to contribute ideas and + implementations to enhance &my-app;. + + + How can I make my Yahoo/Hotmail/Gmail account work? The default configuration shouldn't impact the usability of any of these services. - It will, however, make all cookies temporary, so that your browser will forget your + It may, however, make all cookies + temporary, so that your browser will forget your login credentials in between browser sessions. If you would like not to have to log in manually each time you access those websites, simply turn off all cookie handling for them in the user.action file. An example for yahoo might @@ -711,11 +856,36 @@ the differences? { -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only } .login.yahoo.com + + These kinds of sites are often quite complex and heavy with + Javascript and + thus fragile. So if still a problem, + we have an alias just for such + sticky situations: + + + # Gmail is a _fragile_ site: +# +{ fragile } + # Gmail is ... + mail.google.com + + + Be sure to flush your browser's caches whenever making these kinds of + changes, just to make sure the changes take. + + + Make sure the domain, host and path are appropriate as well. Your browser can + tell you where you are specifically and you should use that information for + your configuration settings. Note that above it is not referenced as + gmail.com, which is a valid domain name. + What's the difference between the -<quote>Cautious</quote>, <quote>Medium</quote> and <quote>Adventuresome</quote> defaults? +Cautious, Medium and Advanced defaults? Configuring Privoxy is not entirely trivial. To help you get started, we provide you with three different default action @@ -730,16 +900,18 @@ the differences? Where the defaults are likely to break some sites, exceptions for known popular problem sites are included, but in general, the more aggressive your default settings are, the more exceptions - you will have to make later. See the Cautious setting. This is safest and will have the fewest + problems. See the User Manual - for a more deatiled discussion. + for a more detailed discussion. - It should be noted that the Adventuresome profile (formerly known - as the Advanced profile) is not only more - aggressive, but also includes fun and, extreme usage of most of - Privoxy's features. Use at your own risk! + It should be noted that the Advanced profile (formerly known + as the Adventuresome profile) is more + aggressive, and will make use of some of + Privoxy's advanced features. Use at your own risk! @@ -769,7 +941,7 @@ with a browser? Does that not raise security issues? Note that in the default configuration, only local users (i.e. those on localhost) can connect to Privoxy, - so this is not (normally) a security problem. + so this is (normally) not a security problem. @@ -795,11 +967,13 @@ with a browser? Does that not raise security issues? If you are familiar with regular expressions, and HTML, you can look at the provided default.filter with a text editor and define your own filters. This is potentially a very powerful feature, but - requires some expertise in both regular expressions and HTML/HTTP. You should + requires some expertise in both regular expressions and HTML/HTTP. + user.filter, so they won't - be overwritten during upgrades. The ability to define multiple filter files - in config is a new feature as of v. 3.0.4. + be overwritten during upgrades. + The ability to define multiple filter files + in config is a new feature as of v. 3.0.5.]]> @@ -811,8 +985,8 @@ with a browser? Does that not raise security issues? - -How can I set up <application>Privoxy</application> to act as a proxy for my +<sect2 renderas="sect3" id="lanconfig"> +<title>How can I set up Privoxy to act as a proxy for my LAN? By default, Privoxy only responds to requests @@ -888,7 +1062,7 @@ with a browser? Does that not raise security issues? If you want to see nothing, then change the set-image-blocker action to blank. This can be done by editing the - default.action file, or trough the user.action file, or through the web-based actions file editor. @@ -898,12 +1072,13 @@ with a browser? Does that not raise security issues? Why would anybody want to see a checkerboard pattern? Remember that telling which image is an ad and which - isn't, is mostly guesswork. While we hope that the standard configuration - is rather smart, it can and will make errors. The checkerboard image is visually - decent, but it shows you that and where images were blocked, which can be very + isn't, is an educated guess. While we hope that the standard configuration + is rather smart, it will make occasional mistakes. The checkerboard image is visually + decent, and it shows you where images have been blocked, which can be very helpful in case some navigation aid or otherwise innocent image was - erraneously blocked. Some people might also enjoy seeing how many banners - they don't have to see.. + erroneously blocked. It is recommended for new users so they can + see what is happening. Some people might also enjoy seeing how + many banners they don't have to see. @@ -936,77 +1111,91 @@ instead of the checkerboard image. Why and how do I get rid of this? -Can <application>Privoxy</application> run as a service -on Win2K/NT? +Can Privoxy run as a service +on Win2K/NT/XP? + +Windows service + functionality. See + the User Manual for details on how to install and configure + Privoxy as a service. + - Earlier versions could run as a system service using srvany.exe. + Earlier ]]>3.x versions could run as a system service using srvany.exe. See the discussion at http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118, for details, and a sample configuration. - - Version 3.0.1 fixes the problem where the icon and menu where not available - in the taskbar for this usage. - - - - Version 3.0.4, introduces full Windows service functionality, thus elimating - the srvany.exe requirement. - -How can I make <application>Privoxy</application> work with other -proxies like <application>Squid</application> or <application>TOR</application>? +How can I make Privoxy work with other +proxies like Squid or Tor? This can be done and is often useful to combine the benefits of Privoxy with those of a another proxy. See the forwarding chapter - in the user manual which - describes how to do this. + in the User Manual which + describes how to do this, and the + How do I use Privoxy together with + Tor section below. -Can I just set <application>Privoxy</application> to use port 80 +<title>Can I just set Privoxy to use port 80 and thus avoid individual browser configuration? No, its more complicated than that. This only works with special kinds - of proxies known as transparent proxies (see below). + of proxies known as intercepting proxies (see below). -Can <application>Privoxy</application> run as a <quote>transparent +<title>Can Privoxy run as a <quote>transparent </quote> proxy? - No, Privoxy currently does not have this ability, - though it is planned for a future release. Transparent proxies require - special handling of the request headers beyond what - Privoxy is now capable of. + The whole idea of Privoxy is to modify client requests + and server responses in all sorts of ways and therefore + it's not a transparent proxy as described in + RFC 2616. + + However, some people say transparent proxy when they + mean intercepting proxy. If you are one of them, + please read the next entry. + + + + +Can Privoxy run as a <quote>intercepting</quote> proxy? - Chaining Privoxy behind another proxy that has - this ability should work though. - See the forwarding chapter - in the user manual. As - a transparent proxy to be used for chaining we recommend Transproxy - (http://www.transproxy.nlc.net.au/). + Privoxy can't intercept traffic itself, + but it can handle requests that where intercepted and redirected + with a packet filter (like PF or iptables), as long as the Host + header is present. + + + As the Host header is required by HTTP/1.1 and as most web sites + don't work if it isn't set, this limitation shouldn't be a problem. + + + Please refer to your packet filter's documentation to learn how to + intercept and redirect traffic into Privoxy. Afterward you just have + to configure Privoxy to + accept intercepted requests. -How can I configure <application>Privoxy</application> for use with <application>Outlook - Express</application>? +How can I configure Privoxy for use with Outlook + Express? Outlook Express uses Internet Explorer components to both render HTML, and fetch any HTTP requests that may be embedded in an HTML email. @@ -1034,6 +1223,53 @@ and thus avoid individual browser configuration? + +I sometimes notice cookies sneaking through. How? + + Cookies can be + set in several ways. The classic method is via the + Set-Cookie HTTP header. This is straightforward, and an + easy one to manipulate, such as the &my-app; concept of + session-cookies-only. + There is also the possibility of using + Javascript to + set cookies (&my-app; calls these content-cookies). This + is trickier because the syntax can vary widely, and thus requires a certain + amount of guesswork. It is not realistic to catch all of these short of + disabling Javascript, which would break many sites. And lastly, if the + cookies are embedded in a HTTPS/SSL secure session via Javascript, they are beyond + Privoxy's reach. + + + All in all, &my-app; can help manage cookies in general, can help minimize + the loss of privacy posed by cookies, but can't realistically stop all + cookies. + + + + +Are all cookies bad? Why? + + No, in fact there are many beneficial uses of + cookies. Cookies are just a + method that browsers can use to store data between pages, or between browser + sessions. Sometimes there is a good reason for this, and the user's life is a + bit easier as a result. But there is a long history of some websites taking + advantage of this layer of trust, and using the data they glean from you and + your browsing habits for their own purposes, and maybe to your potential + detriment. Such sites are using you and storing their data on your system. + That is why the privacy conscious watch from whom those cookies come, and why + they really need to be there. + + + See the + Wikipedia cookie + definition for more. + + + How can I allow permanent cookies for my trusted sites? @@ -1041,7 +1277,7 @@ and thus avoid individual browser configuration? There are several actions that relate to cookies. The default behavior is to allow only session cookies, which means the cookies only last for the current browser session. This eliminates most kinds of abuse related - to cookies. But there may be cases where we want cookies to last. + to cookies. But there may be cases where you want cookies to last. To disable all cookie actions, so that cookies are allowed unrestricted, @@ -1053,7 +1289,7 @@ and thus avoid individual browser configuration? .example.com - Place the above in user.action. Note some of these may + Place the above in user.action. Note that some of these may be off by default anyway, so this might be redundant, but there is no harm being explicit in what you want to happen. user.action includes an alias for this situation, called @@ -1067,7 +1303,9 @@ and thus avoid individual browser configuration? Each instance of Privoxy has its own configuration, including such attributes as the TCP port that it listens on. What you can do is run multiple instances of Privoxy, each with - a unique listen-address and configuration path, and then + a unique + listen-address + configuration setting, and configuration path, and then each of these can have their own configurations. Think of it as per-port configuration. @@ -1078,28 +1316,29 @@ and thus avoid individual browser configuration? -Can I set-up <application>Privoxy</application> as a whitelist of +<title>Can I set-up Privoxy as a whitelist of <quote>good</quote> sites? - Sure. There are a couple of things you can do for simple whitelisting. + Sure. There are a couple of things you can do for simple white-listing. Here's one real easy one: ############################################################ # Blacklist ############################################################ - { +block } + { +block } / # Block *all* URLs ############################################################ # Whitelist ############################################################ - { -block } + { -block } kids.example.com toys.example.com games.example.com - This allows access to only those three sites. + This allows access to only those three sites by first blocking all URLs, and + then subsequently allowing three specific exceptions. A more interesting approach is Privoxy's @@ -1113,7 +1352,101 @@ and thus avoid individual browser configuration? are various other configuration options that should be disabled (described elsewhere here and in the User Manual) so that users can't modify their own configuration and easily circumvent the - whitelist. + whitelist. + + + + +How can I turn off ad-blocking? + + Ad blocking is achieved through a complex application of various &my-app; + actions. These + actions are deployed against simple images, banners, flash animations, + text pages, JavaScript, pop-ups and pop-unders, etc., so its not as simple as + just turning one or two actions off. The various actions that make up + &my-app; ad blocking are hard-coded into the default configuration files. It + has been assumed that everyone using &my-app; is interested in this + particular feature. + + + If you want to do without this, there are several approaches you can take: + You can manually undo the many block rules in + default.action. Or even easier, just create your own + default.action file from scratch without the many ad + blocking rules, and corresponding exceptions. Or lastly, if you are not + concerned about the additional blocks that are done for privacy reasons, you + can very easily over-ride all blocking with the + following very simple rule in your user.action: + + + + # Unblock everybody, everywhere + { -block } + / # UN-Block *all* URLs + + + Or even a more comprehensive reversing of various ad related actions: + + + + # Unblock everybody, everywhere, and turn off appropriate filtering, etc + { -block \ + -filter{banners-by-size} \ + -filter{banners-by-link} \ + allow-popups \ + } + / # UN-Block *all* URLs and allow ads + + + This last action in this compound statement, + allow-popups, is an alias that disables + various pop-up blocking features. + + + + +How can I have custom template pages, like the +<emphasis>BLOCKED</emphasis> page? + + &my-app; templates are specialized text files utilized by + &my-app; for various purposes and can easily be modified using any text + editor. All the template pages are installed in a sub-directory appropriately + named: templates. Knowing something about HTML syntax + will of course be helpful. You cannot rename any of these files, or create + completely new templates, that is not possible. But you can change the page + content to whatever you like. Be forewarned that these files are subject to + being overwritten during upgrades, so be sure to save any customizations. + + + + +How can I remove the <quote>Go There Anyway</quote> link from +the <emphasis>BLOCKED</emphasis> page? + + There is more than one way to do it. + + + Editing the BLOCKED template page (see above) may dissuade some users, but + this method is easily circumvented. Where you need this level of control, you + should build &my-app; from source, and enable various features that are + available as compile-time options. You should + configure the sources as follows: + + + + ./configure --disable-toggle --disable-editor --disable-force + + + This will create an executable with hard-coded security features so that + &my-app; does not allow easy bypassing of blocked sites, or changing the + current configuration via any connected user's web browser. + + + Note that all of these features can also be toggled on/off via options in + Privoxy's main config file which + means you don't have to recompile anything. @@ -1127,19 +1460,21 @@ and thus avoid individual browser configuration? Miscellaneous -How much does <application>Privoxy</application> slow my browsing down? This +<title id="slowsme">How much does Privoxy slow my browsing down? This has to add extra time to browsing. How much of an impact depends on many things, including the CPU of the host - system, how agressive the configuration is, which specific actions are being triggered, etc. + system, how aggressive the configuration is, which specific actions are being triggered, + the size of the page, the bandwidth of the connection, etc. Overall, it should not slow you down any in real terms, and may actually help - speed things up since ads, banners and other junk are not typically being displayed. - The actual processing time required by Privoxy - itself for each page, is relatively small in the overall scheme of things, - and happens very quickly. This is typically more than offset by time saved - not downloading and rendering ad images (if ad blocking is being used). + speed things up since ads, banners and other junk are not typically being + retrieved and displayed. The actual processing time required by + Privoxy itself for each page, is relatively small + in the overall scheme of things, and happens very quickly. This is typically + more than offset by time saved not downloading and rendering ad images (if ad + blocking is being used). @@ -1147,16 +1482,24 @@ has to add extra time to browsing. url="../user-manual/actions-file.html#FILTER">filter or deanimate-gifs - actions will cause a perceived slowdown, since the entire document needs to be buffered - before displaying. On very large documents, there may be some impact. How - much depends on the page size, the actual definition of the filter(s), etc. See below. - Most other actions have little to no impact on speed. + actions may cause a perceived slowdown, since the entire document + needs to be buffered before displaying. And on very large documents, filtering may have + some measurable impact. How much depends on the page size, the actual + definition of the filter(s), etc. See below. Most other actions have little + to no impact on speed. + + + Also, when filtering is enabled but zlib support isn't available, compression + is often disabled (see prevent-compression). + This can have an impact on speed as well. Again, the page size, etc. will + determine how much of an impact. -I noticed considerable +<sect2 renderas="sect3" id="loadingtimes"><title>I notice considerable delays in page requests compared to the old Junkbuster. What's wrong? If you use any the feeling is different, because most browsers are able to start rendering incomplete content, giving the user a feeling of "it works". This effect is more noticeable on slower dialup connections. Extremely large documents - may have some impact on the time to load the page. But the overall difference - should be very minimal. If there is a big impact, then probably some other - problem is contributing. + may have some impact on the time to load the page where there is filtering + being done. But overall, the difference should be very minimal. If there is a + big impact, then probably some other situation is contributing (like + anti-virus software). Filtering is automatically disabled for inappropriate MIME types. But note @@ -1182,19 +1526,6 @@ delays in page requests compared to the old Junkbuster. What's wrong? to differentiate filterable content because of the MIME type as reported by the server, or because of some configuration setting that enables/disables filtering. - - - - - -I just installed <application>Privoxy</application>, and all my -browsing has slowed to a crawl. What gives? - - This should not happen, and for the overwhelming number of users world-wide, - it does not happen. I would suspect some inadvertent interaction of software - components such as anti-virus software, spyware protectors, personal - firewalls or similar components. Try disabling (or uninstalling) these one - at a time and see if that helps. @@ -1253,12 +1584,30 @@ various ways to interact with the developers. +If I do submit missed ads, will +they be included in future updates? + + Whether such submissions are eventually included in the + default.action configuration file depends on how + significant the issue is. We of course want to address any potential + problem with major, high-profile sites such as Google, + Yahoo, etc. Any site with global or regional reach, + has a good chance of being a candidate. But at the other end of the spectrum + are any number of smaller, low-profile sites such as for local clubs or + schools. Since their reach and impact are much less, they are best handled by + inclusion in the user's user.action, and thus would be + unlikely to be included. + + + + + Why doesn't anyone answer my support request? Rest assured that it has been read and considered. Why it is not answered, could be for various reasons, including no one has a good answer for it, no -one has had time to yet investigate it thorougly, it has been reported +one has had time to yet investigate it thoroughly, it has been reported numerous times already, or because not enough information was provided to help us help you. Your efforts are not wasted, and we do appreciate them. @@ -1268,49 +1617,59 @@ us help you. Your efforts are not wasted, and we do appreciate them. How can I hide my IP address? - If you run both the browser and the proxy locally, you cannot hide your IP + If you run both the browser and &my-app; locally, you cannot hide your IP address with Privoxy or ultimately any other - software. The server needs to know your IP address to send the answers back - to you. + software alone. The server needs to know your IP address so that it knows + where to send the responses back. - Fortunately there are many publicly usable anonymous proxies out there, which - solve the problem by providing a further level of indirection between you and - the web server, shared by many people, and thus letting your requests "drown" - in white noise of unrelated requests as far as user tracking is concerned. + There are many publicly usable "anonymous" proxies out there, which + provide a further level of indirection between you and the web server. - Most of them will, however, log your IP address and make it available to the - authorities in case you abuse that anonymity for criminal purposes. In fact + However, these proxies are called "anonymous" because you don't need + to authenticate, not because they would offer any real anonymity. + Most of them will log your IP address and make it available to the + authorities in case you violate the law of the country they run in. In fact you can't even rule out that some of them only exist to *collect* information on (those suspicious) people with a more than average preference for privacy. - You can find a list of anonymous public proxies at multiproxy.org and many - more through Google. A particularly interesting project is the JAP service - offered by the Technical University of Dresden (http://anon.inf.tu-dresden.de/index_en.html). - - - There is, however, even in the single-machine case the possibility to make the - server believe that your machine is in fact a shared proxy serving a large - LAN, and we are looking into that. + Your best bet is to chain Privoxy + with Tor, + an EFF supported onion routing system. + The configuration details can be found in + How do I use Privoxy together + with Tor section + just below. -Can <application>Privoxy</application> guarantee I am anonymous? +Can Privoxy guarantee I am anonymous? No. Your chances of remaining anonymous are greatly improved, but unless you - are an expert on Internet security it would be safest to assume that - everything you do on the Web can be traced back to you. + chain Privoxy with Tor + or a similar system and know what you're doing when it comes to configuring + the rest of your system, it would be safest to assume that everything you do + on the Web can be traced back to you. Privoxy can remove various information about you, and allows you more freedom to decide which sites - you can trust, and what details you want to reveal. But it's still possible - that web sites can find out who you are. Here's one way this can happen. + you can trust, and what details you want to reveal. But it neither + hides your IP address, nor can it guarantee that the rest of the system + behaves correctly. There are several possibilities how a web sites can find + out who you are, even if you are using a strict Privoxy + configuration and chained it with Tor. + + + Most of Privoxy's privacy-enhancing features can be easily subverted + by an insecure browser configuration, therefore you should use a browser that can + be configured to only execute code from trusted sites, and be careful which sites you trust. + For example there is no point in having Privoxy + modify the User-Agent header, if websites can get all the information they want + through JavaScript, ActiveX, Flash, Java etc. A few browsers disclose the user's email address in certain situations, such @@ -1330,25 +1689,129 @@ us help you. Your efforts are not wasted, and we do appreciate them. + +A test site says I am not using a Proxy. + + Good! Actually, they are probably testing for some other kinds of proxies. + Hiding yourself completely would require additional steps. + + + +How do I use Privoxy + together with Tor? + + Before you configure Privoxy to use + Tor, + please follow the User Manual chapters + 2. Installation and + 5. Startup to make sure + Privoxy itself is setup correctly. + + + If it is, refer to Tor's + extensive documentation to learn how to install Tor, + and make sure Tor's logfile says that + Tor has successfully opened a circuit and it + looks like client functionality is working. + + + If either Tor or Privoxy + isn't working, their combination most likely will neither. Testing them on their + own will also help you to direct problem reports to the right audience. + If Privoxy isn't working, don't bother the + Tor developers. If Tor + isn't working, don't send bug reports to the Privoxy Team. + + + If you verified that Privoxy and Tor + are working, it is time to connect them. As far as Privoxy + is concerned, Tor is just another proxy that can be reached + by socks4 or socks4a. Most likely you are interested in Tor + to increase your anonymity level, therefore you should use socks4a, to make sure DNS requests are + done through Tor and thus invisible to your local network. + + + + Since Privoxy 3.0.5, its + main configuration file + is already prepared for Tor, if you are using a + default Tor configuration and run it on the same + system as &my-app;, you just have to edit the + forwarding section + and uncomment the line: + + + +# forward-socks4a / 127.0.0.1:9050 . + + + + This is enough to reach the Internet, but additionally you might want to + uncomment the following forward rules, to make sure your local network is still + reachable through Privoxy: + + + +# forward 192.168.*.*/ . +# forward 10.*.*.*/ . +# forward 127.*.*.*/ . + + + + Unencrypted connections to systems in these address ranges will + be as (un)secure as the local network is, but the alternative is + that your browser can't reach the network at all. Then again, + that may actually be desired and if you don't know for sure + that your browser has to be able to reach the local network, + there's no reason to allow it. + + + If you want your browser to be able to reach servers in your local + network by using their names, you will need additional exceptions + that look like this: + + + +# forward localhost/ . + + + + Save the modified configuration file and open + http://config.privoxy.org/show-status/ + in your browser, confirm that Privoxy has reloaded its configuration + and that there are no other forward lines, unless you know that you need them. If everything looks good, + refer to + Tor + Faq 4.2 to learn how to verify that you are really using Tor. + + + Afterward, please take the time to at least skim through the rest + of Tor's documentation. Make sure you understand + what Tor does, why it is no replacement for + application level security, and why you shouldn't use it for unencrypted logins. + ]]> + + Might some things break because header information or content is being altered? - Definitely. More and more sites use HTTP header content to decide what to - display and how to display it. There is many ways that this can be handled, + Definitely. It is common for sites to use browser type, browser version, + HTTP header content, and various other techniques in order to dynamically + decide what to display and how to display it. What you see, and what I see, + might be very different. There are many, many ways that this can be handled, so having hard and fast rules, is tricky. - User-Agent in particular is often used in this way to identify - the browser, and adjust content accordingly. Changing this now (at least not - further than removing the OS information) is not recommended, since so many - sites do look for it. You may get undesirable results by changing this. + The User-Agent is sometimes used in this way to identify + the browser, and adjust content accordingly. - For instance, different browsers use different encodings of Russian and Czech + Also, different browsers use different encodings of Russian and Czech characters, certain web servers convert pages on-the-fly according to the User Agent header. Giving a User Agent with the wrong operating system or browser manufacturer causes some sites in these languages @@ -1358,7 +1821,12 @@ content is being altered? weather maps of Intellicast have been blocked by their server when no Referer or cookie is provided, is another example. (But you can forge both headers without giving information away). There are - many other ways things can go wrong when trying to fool a web server. + many other ways things that can go wrong when trying to fool a web server. The + results of which could inadvertently cause pages to load incorrectly, + partially, or even not at all. And there may be no obvious clues as to just + what went wrong, or why. Nowhere will there be a message that says + Turn off fast-redirects or else! + @@ -1376,12 +1844,13 @@ content is being altered? -Can <application>Privoxy</application> act as a <quote>caching</quote> proxy to +<title id="caching">Can Privoxy act as a <quote>caching</quote> proxy to speed up web browsing? No, it does not have this ability at all. You want something like - Squid for this. And, yes, - before you ask, Privoxy can co-exist + Squid or + Polipo for this. + And, yes, before you ask, Privoxy can co-exist with other kinds of proxies like Squid. See the forwarding chapter in the user @@ -1390,61 +1859,46 @@ speed up web browsing? -What about as a firewall? Can <application>Privoxy</application> protect me? +What about as a firewall? Can Privoxy protect me? - Not in the way you mean, or in the way a true firewall can. - Privoxy can help protect your privacy, but not - protect you from intrusion attempts. It is, of course, perfectly possible - and recommended to use both. + Not in the way you mean, or in the way some firewall vendors claim they can. + Privoxy can help protect your privacy, but can't + protect your system from intrusion attempts. It is, of course, perfectly possible + to use both. - - I have large empty spaces / a checkerboard pattern now where ads used to be. Why? - It would be technically possible eliminate the banners in a way that frees - their screen estate in many cases, by doing all banner blocking with filters, - i.e. eliminating the whole image references from the HTML pages instead - of letting them stay in, and blocking the resulting requests for the - banners themselves. + It is technically possible to eliminate banners and ads in a way that frees + their allocated page space. This could easily be done by blocking with + Privoxy's filters, + and eliminating the entire image references from the + HTML page source. - But this would consume considerable CPU resources, would likely destroy - the layout of many web pages which rely on the banners consuming a certain - amount of screen space, and would fail in other cases, where the screen space - is reserved e.g. by tables anyway. Also, making the banners disappear without - a visual trace complicates troubleshooting. + But, this would consume considerably more CPU resources (IOW, slow things + down), would likely destroy the layout of some web pages which rely on the + banners utilizing a certain amount of page space, and might fail in other + cases, where the screen space is reserved (e.g. by HTML tables for instance). + Also, making ads and banners disappear without any trace complicates + troubleshooting, and would sooner or later be problematic. - So we won't support this in the default configuration, but you can of course - define appropriate filters yourself. + The better alternative is to instead let them stay, and block the resulting + requests for the banners themselves as is now the case. This leaves either + empty space, or the familiar checkerboard pattern. + + + So the developers won't support this in the default configuration, but you + can of course define appropriate filters yourself to achieve this. -How can <application>Privoxy</application> filter Secure (HTTPS) URLs? +How can Privoxy filter Secure (HTTPS) URLs? Since secure HTTP connections are encrypted SSL sessions between your browser and the secure site, and are meant to be reliably secure, @@ -1476,17 +1930,17 @@ ads used to be. Why? -<application>Privoxy</application> runs as a <quote>server</quote>. How +<title id="secure">Privoxy runs as a <quote>server</quote>. How secure is it? Do I need to take any special precautions? - There are no known exploits that might affect - Privoxy. On Unix-like systems, - Privoxy can run as a non-privileged - user, which is how we recommend it be run. Also, by default - Privoxy only listens to requests - from localhost only. The server aspect of - Privoxy is not itself directly exposed to the - Internet in this configuration. If you want to have + On Unix-like systems, Privoxy can run as a non-privileged + user, which is how we recommend it be run. Also, by default + Privoxy listens to requests from localhost + only. + + + The server aspect of Privoxy is not itself directly + exposed to the Internet in this configuration. If you want to have Privoxy serve as a LAN proxy, this will have to be opened up to allow for LAN requests. In this case, we'd recommend you specify only the LAN gateway address, e.g. 192.168.1.1, in the main @@ -1501,7 +1955,7 @@ secure is it? Do I need to take any special precautions? -How can I temporarily disable <application>Privoxy</application>? +How can I temporarily disable Privoxy? The easiest way is to access Privoxy with your browser by using the remote toggle URL: + -When <quote>disabled</quote> is <application>Privoxy</application> totally +<title>When <quote>disabled</quote> is Privoxy totally out of the picture? - No, this just means all filtering and actions are disabled. + No, this just means all optional filtering and actions are disabled. Privoxy is still acting as a proxy, but just not doing any of the things that Privoxy would normally be expected to do. It is still a middle-man in - the interaction between your browser and web sites. + the interaction between your browser and web sites. See below to bypass + the proxy. + + + + +How can I tell Privoxy to totally ignore certain sites? + + Bypassing a proxy, or proxying based on arbitrary criteria, is purely a browser + configuration issue, not a &my-app; issue. Modern browsers typically do have + settings for not proxying certain sites. Check your browser's help files. + -My logs show <application>Privoxy</application> <quote>crunches</quote> -ads, but also its own CGI pages. What is a <quote>crunch</quote>? +My logs show Privoxy <quote>crunches</quote> +ads, but also its own internal CGI pages. What is a <quote>crunch</quote>? A crunch simply means Privoxy intercepted something, nothing more. Often this is indeed ads or @@ -1538,10 +2004,14 @@ ads, but also its own CGI pages. What is a crunch? configuration is returned to the browser, and the log consequently will show a crunch. + + Since version 3.0.7, Privoxy will also log the crunch reason. + If you are using an older version you might want to upgrade. + -Can <application>Privoxy</application> effect files that I download +<title>Can Privoxy effect files that I download from a webserver? FTP server? From the webserver's perspective, there is no difference between @@ -1554,7 +2024,7 @@ from a webserver? FTP server? Filtering is potentially more of a concern since the results are not always so obvious, and the effects of filtering are there whether the file is simply viewed, or downloaded. And potentially whether the content is some obnoxious - advertizement, or Mr. Jimmy's latest/greatest source code jewel. Of course, + advertisement, or Mr. Jimmy's latest/greatest source code jewel. Of course, one of these presumably is bad content that we don't want, and the other is good content that we do want. Privoxy is blind to the differences, and can only @@ -1563,7 +2033,7 @@ from a webserver? FTP server? Privoxy knows the differences in files according - to the Document Type as reported by the webserver. If this is + to the Content Type as reported by the webserver. If this is reported accurately (e.g. application/zip for a zip archive), then Privoxy knows to ignore these where appropriate. Privoxy potentially can filter HTML @@ -1575,16 +2045,16 @@ from a webserver? FTP server? altered by filtering, will be saved too, for these (probably rare) cases. - Note that versions later than 3.0.2 do NOT filter document types of + Note that versions later than 3.0.2 do NOT filter document types reported as text/plain. Prior to this, Privoxy did filter this document type. - In short, filtering is ON if a) the Document Type as reported + In short, filtering is ON if a) the content type as reported by the webserver is appropriate and b) the configuration allows it (or at least does not disallow it). That's it. There is no magic cookie anywhere to say this is good and this is - bad. It's the configuration that let's it all happen or not. + bad. It's the configuration that lets it all happen or not. If you download text files, you probably do not want these to be filtered, @@ -1598,21 +2068,48 @@ from a webserver? FTP server? Privoxy does not do FTP at all, only HTTP - protocols, so please don't even try. + and HTTPS (SSL) protocols, so please don't try. -I just downloaded a Perl script, and <application>Privoxy</application> +<title>I just downloaded a Perl script, and Privoxy altered it! Yikes, what is wrong! Please read above. + +Should I continue to use a <quote>HOSTS</quote> file for ad-blocking? + + One time-tested technique to defeat common ads is to trick the local DNS + system by giving a phony IP address for the ad generator in the local + HOSTS file, typically using 127.0.0.1, aka + localhost. This effectively blocks the ad. + + + There is no reason to use this technique in conjunction with + Privoxy. Privoxy + does essentially the same thing, much more elegantly and with much more + flexibility. A large HOSTS file, in fact, not only + duplicates effort, but may get in the way and seriously slow down your system. + It is recommended to remove such entries from your HOSTS file. If you think + your hosts list is neglected by Privoxy's + configuration, consider adding your list to your user.action file: + + + + { +block } + www.ad.example1.com + ad.example2.com + ads.galore.example.com + etc.example.com + + -Where can I find more information about <application>Privoxy</application> +<title>Where can I find more information about Privoxy and related issues? &seealso; @@ -1636,12 +2133,24 @@ and related issues? in the default configuration as shipped. You have either manually activated the fun filter which is clearly labeled Text replacements for subversive browsing - fun! or you have implicitly activated it by choosing the - Adventuresome profile in the web-based editor (formerly known - as the Advanced profile). + fun! or you are using an older Privoxy version and have implicitly + activated it by choosing the Adventuresome profile in the + web-based editor. Please upgrade! + +Does Privoxy produce <quote>valid</quote> HTML (or XHTML)? + + + Privoxy generates HTML in both its own templates, and possibly + whenever there are text substitutions via a &my-app; filter. While this + should always conform to the HTML 4.01 specifications, it has not been + validated against this or any other standard. + + + + @@ -1651,28 +2160,47 @@ and related issues? Troubleshooting -I am getting <quote>connection refused</quote> -with every web page? +I cannot connect to any websites. Or, I am getting +<quote>connection refused</quote> message with every web page. Why? - Either Privoxy is not running, or your - browser is configured for a different port than what - Privoxy is using. + There are several possibilities: - - Early Privoxy versions (and also - Junkbuster) used port 8000 by - default. This has been changed to port 8118 now, due to a conflict - with NAS (Network Audio Service), which uses port 8000. If you haven't, - you need to change your browser to the new port number, or alternately - change the listen-address - option in Privoxy's main configuration file. + + +Privoxy is not running. Solution: verify + that &my-app; is installed correctly, has not crashed, and is indeed running. + Look at Privoxy's logs to see what they say. + + Or your browser is configured for a different port than what + Privoxy is using. Solution: verify that &my-app; + and your browser are set to the same port (listen-address). + + Or if using a forwarding rule, you have a configuration problem or a + problem with a host in the forwarding chain. Solution: temporarily alter your + configuration and take the forwarders out of the equation. + + + Or you have a firewall that is interfering and blocking you. Solution: + try disabling or removing the firewall as a simple test. + + + + +Why am I getting a 503 Error (WSAECONNREFUSED) on every page? + + More than likely this is a problem with your TCP/IP networking. ZoneAlarm has + been reported to cause this symptom -- even if not running! The solution is + to either fight the ZA configuration, or uninstall ZoneAlarm, and then find + something better behaved in its place. Other personal firewall type products + may cause similar type problems if not configured correctly. + + + I just added a new rule, but the steenkin ad is still getting through. How? @@ -1680,8 +2208,7 @@ still getting through. How? If the ad had been displayed before you added its URL, it will probably be held in the browser's cache for some time, so it will be displayed without the need for any request to the server, and Privoxy - will not be in the picture. The best thing to do is try flushing the browser's - caches. And then try again. + will not be involved. Flush the browser's caches, and then try again. @@ -1689,13 +2216,75 @@ still getting through. How? applied. Try pasting the full URL of the offending ad into http://config.privoxy.org/show-url-info and see if it really matches your new rule. Blocking ads is like blocking - spam: a lot of tinkering is required to stay ahead of the game. + spam: a lot of tinkering is required to stay ahead of the game. And + remember you need to block the URL of the ad in question, which may be + entirely different from the site URL itself. Most ads are hosted on different + servers than the main site itself. If you right-click on the ad, you should + be able to get all the relevant information you need. Alternately, you can + find the correct URL by looking at Privoxy's logs. + + + Below is a slightly modified real-life log snippet that originates with one + requested URL: www.example.com (name of site was changed + for this example, the number of requests is real). You can see in this the + complexity of what goes into making up this one page. There + are eight different domains involved here, with thirty two separate URLs + requested in all, making up all manner of images, Shockwave Flash, + JavaScript, CSS stylesheets, scripts, and other related content. Some of this + content is obviously good or bad, but not all. + Many of the more questionable looking requests, are going to outside domains + that seem to be identifying themselves with suspicious looking names, making + our job a little easier. &my-app; has crunched (meaning caught + and BLOCKED) quite a few items in this example, but perhaps missed a few as well. + + + + + + + + Despite 12 out of 32 requests being blocked, the page looked, and seemed to + behave perfectly normal (minus some ads, of course). -One of my favorite sites does not work with <application>Privoxy</application>. +<title >One of my favorite sites does not work with Privoxy. What can I do? @@ -1708,14 +2297,20 @@ What can I do? - If still a problem, go to http://config.privoxy.org/show-url-info - and paste the full URL of the page in question into the prompt. See which actions - are being applied to the URL, and which matches in which actions files are - responsible for that. Now, armed with this information, go to required. + Now, armed with this information, go to + http://config.privoxy.org/show-status - and select the appropriate actions files for editing. - + and select the appropriate actions files for editing. You can now either look for a section which disables the actions that you suspect to cause the problem and add a pattern for your site there, @@ -1736,9 +2331,15 @@ What can I do? Troubleshooting actions is discussed in more detail in the user-manual appendix. + url="../user-manual/appendix.html#ACTIONSANAT">User Manual appendix, + Troubleshooting: the Anatomy of an Action. There is also an actions tutorial. + url="../user-manual/actions-file.html#ACT-EXAMPLES">actions tutorial + with general configuration information and examples. + + + As a last resort, you can always see if your browser has a setting that will + bypass the proxy setting for selective sites. Modern browsers can do this. @@ -1746,7 +2347,7 @@ What can I do? -After installing <application>Privoxy</application>, I have to log in +<title>After installing Privoxy, I have to log in every time I start IE. What gives? @@ -1796,13 +2397,13 @@ every time I start IE. What gives? -I cannot connect to any FTP sites. <application>Privoxy</application> - seems to be blocking me. +I cannot connect to any FTP sites. Privoxy + is blocking me. Privoxy cannot act as a proxy for FTP traffic, so do not configure your browser to use Privoxy as an FTP proxy. The same is true for any protocol other than HTTP - or HTTPS. + or HTTPS (SSL). Most browsers understand FTP as well as HTTP. If you connect to a site, with @@ -1813,10 +2414,13 @@ every time I start IE. What gives? To complicate matters, some systems may have a generic proxy - setting, which will silently enable both HTTP and FTP - proxying! So it is possible to accidentally enable FTP proxying in these - cases. And of course, if this happens, Privoxy - will indeed cause problems since it does not know FTP. + setting, which will enable various protocols, including + both HTTP and FTP proxying! So it is possible to + accidentally enable FTP proxying in these cases. And of course, if this + happens, Privoxy will indeed cause problems since + it does not know FTP. Just disable the FTP setting + and all will be well again. Will Privoxy ever proxy FTP traffic? Unlikely. @@ -1828,7 +2432,7 @@ every time I start IE. What gives? In Mac OSX, I can't configure Microsoft Internet Explorer to use - <application>Privoxy</application> as the HTTP proxy. + Privoxy as the HTTP proxy. Microsoft Internet Explorer (in versions like 5.1) respects system-wide network settings. In order to change the HTTP proxy, open System @@ -1877,7 +2481,7 @@ every time I start IE. What gives? I get a completely blank page at one site. <quote>View Source</quote> shows only: <markup><![CDATA[<html><body></body></html>]]></markup>. Without - <application>Privoxy</application> the page loads fine. + Privoxy the page loads fine. Chances are that the site suffers from a bug in PHP, @@ -1903,18 +2507,6 @@ every time I start IE. What gives? - - -Why am I getting a 503 Error (WSAECONNREFUSED) on every page? - - More than likely this is a problem with your TCP/IP networking. ZoneAlarm has - been reported to cause this symptom -- even if not running. The solution is - to either fight the ZA configuration, or uninstall ZoneAlarm, and then find - something better behaved in its place. Other personal firewall type products - may cause similar type problems if not configured correctly. - - - My logs show many <quote>Unable to get my own hostname</quote> lines. Why? @@ -1931,21 +2523,27 @@ Why? result in a much slower response from Privoxy on some platforms due to DNS timeouts. + + This can be caused by a problem with the local HOSTS + file. If this file has been changed from the original, try reverting it to + see if that helps. Make sure whatever name(s) are used for the local system, + that they resolve both ways. + -When I try to launch <application>Privoxy</application>, I get an +<title>When I try to launch Privoxy, I get an error message <quote>port 8118 is already in use</quote> (or similar wording). Why? Port 8118 is Privoxy's default TCP listening port. Typically this message would mean that there is already one instance of Privoxy running, and - you are actually trying to start a second Privoxy - on the same port, which will not work. (You can have multiple instances but - they must be assigned different ports.) How and why this might happen varies - from platform to platform, but you need to check your installation and - start-up procedures. + your system is actually trying to start a second + Privoxy on the same port, which will not work. + (You can have multiple instances but they must be assigned different ports.) + How and why this might happen varies from platform to platform, but you need + to check your installation and start-up procedures. @@ -1964,12 +2562,12 @@ Why? - Why are binary files (such as images) corrupted when <application>Privoxy</application> + Why are binary files (such as images) corrupted when Privoxy is used? This may also be caused by the demoronizer filter, - in conjunction with a web server that is misreporting a file type. Binary + in conjunction with a web server that is misreporting the content type. Binary files are exempted from Privoxy's filtering (unless the web server by mistake says the file is something else). Either upgrade Privoxy, or go to the most recent @@ -2013,7 +2611,8 @@ Why? Privoxy is attempting to disable malicious - Javascript in this case, with the unsolicited-popups + Javascript + in this case, with the unsolicited-popups filter. Privoxy cannot tell very well good code snippets from bad code snippets. @@ -2029,7 +2628,7 @@ Why? I am getting too many DNS errors like <quote>404 No Such Domain</quote>. Why - can't <application>Privoxy</application> do this better? + can't Privoxy do this better? There are potentially several factors here. First of all, the DNS resolution @@ -2038,7 +2637,7 @@ Why? merely initiates the process and hands it off, and then later reports whatever the outcome was. And tries to give a coherent message if there seems to be a problem. In some cases, this might otherwise be mitigated by the - browser itself which might try some work-arounds and alernate approaches (e.g + browser itself which might try some work-arounds and alternate approaches (e.g adding www. to the URL). In other cases, if Privoxy is being chained with another proxy, this could complicate the issue, and cause undue @@ -2047,15 +2646,16 @@ Why? the messenger which is reporting whatever problem occurred downstream, and not the root cause of the error. + - In any case, v. 3.0.4 includes various improvements to help + In any case, newer versions include various improvements to help Privoxy better handle these cases. - +]]> - At one site <application>Privoxy</application> just hangs, and starts taking + At one site Privoxy just hangs, and starts taking all CPU. Why is this? @@ -2071,6 +2671,29 @@ Why? + +I just installed Privoxy, and all my +browsing has slowed to a crawl. What gives? + + This should not happen, and for the overwhelming number of users world-wide, + it does not happen. I would suspect some inadvertent interaction of software + components such as anti-virus software, spyware protectors, personal + firewalls or similar components. Try disabling (or uninstalling) these one + at a time and see if that helps. + + + + +Why do my filters work on some sites but not on others? + + It's probably due to compression. It is a common practice for web servers to + send their content compressed in order to speed things up, and + then let the browser uncompress them. When compiled with zlib support + &my-app; can decompress content before filtering, otherwise you may want to enable +prevent-compression. + + @@ -2147,10 +2770,79 @@ Why? The GNU General Public License should be included with this file. If not, you can view it at http://www.gnu.org/copyleft/gpl.html - or write to the Free Software Foundation, Inc., 59 - Temple Place - Suite 330, Boston, MA 02111-1307, USA. + or write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA $Log: faq.sgml,v $ +Revision 2.27 2007/10/22 19:47:05 fabiankeil +- Bump version and copyright. +- Adjust Tor section to make it clear that forward exceptions + aren't required and may not even be desired. +- A bunch of other minor rewordings. +- Fix markup problems Roland noticed (hopefully without adding new ones). + +Revision 2.26 2007/08/05 15:37:55 fabiankeil +- Don't claim that thousands of people read our code. +- Specify the GPL version and link to GPLv2 instead of v3. +- Note that configuration syntax may change between releases. +- Mention zlib support. +- Answer the "transparent proxy" question properly. +- Add "intercepting proxy" entry. +- Mention Polipo. +- Rephrase some other sentences for various reasons. + +Revision 2.25 2007/07/18 11:00:34 hal9 +Add misc note about valid mark-up in Privoxy. + +Revision 2.24 2006/11/14 01:57:46 hal9 +Dump all docs prior to 3.0.6 release. Various minor changes to faq and user +manual. + +Revision 2.23 2006/10/21 22:19:52 hal9 +Two new FAQs, a rewrite or two, and some touch ups. + +Revision 2.22 2006/10/14 20:33:10 hal9 +Three new FAQ's re: templates and blocking, and various minor touch-ups/improvements. + +Revision 2.21 2006/10/03 14:40:51 fabiankeil +Added links from the Tor faq to the +configuration chapter in the User Manual. + +Revision 2.20 2006/09/26 10:12:37 fabiankeil +Spelling fix. + +Revision 2.19 2006/09/22 10:54:32 hal9 +Change references to 3.0.4 to 3.0.5 and minor adjustments. + +Revision 2.18 2006/09/22 01:27:55 hal9 +Final commit of probably various minor changes here and there. Unless +something changes this should be ready for pending release. + +Revision 2.17 2006/09/17 14:56:32 hal9 +This includes yet several more new FAQs, some improved wording, enhanced +mark-up, various hyper links to wikipedia to explain key terminology to the +uninitiated, etc. This is ready for release IMO pending final tagging of cvs +and Privoxy version stamping. + +Revision 2.16 2006/09/10 15:30:46 hal9 +Spell check. + +Revision 2.15 2006/09/08 23:05:07 hal9 +Fix broken links. Add faq on hosts files. Move most of new windows service +feature to user manual and reference in faq. Various other small changes. + +Revision 2.14 2006/09/05 13:25:12 david__schmidt +Add Windows service invocation stuff (duplicated) in FAQ and in user manual under Windows startup. One probably ought to reference the other. + +Revision 2.13 2006/09/04 19:20:33 fabiankeil +Adjusted anonymity related sections to match reality. +Added a section about using Privoxy with Tor. + +Revision 2.12 2006/09/03 14:15:30 hal9 +Various updates, including 7 or 8 new FAQs, and updates/changes to various +other ones to better reflect improvements, additions and changes for the +upcoming release. This is close to final form for 3.0.4 IMHO. + Revision 2.11 2006/07/18 14:48:50 david__schmidt Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) with what was really the latest development (the v_3_0_branch branch)