Privoxy Frequently Asked Questions

+ +

Privoxy Frequently Asked Questions -$Id: faq.sgml,v 1.25 2002/03/24 16:08:08 swa Exp $ + + + + + Copyright &my-copy; 2001-2008 by + Privoxy Developers + + + +$Id: faq.sgml,v 2.38 2008/01/19 17:52:39 hal9 Exp $ + + + + + + This is here to keep vim syntax file from breaking :/ + If I knew enough to fix it, I would. + PLEASE DO NOT REMOVE! HB: hal@foobox.net + + +]]> -The FAQ document gives users and developers alike answers to frequently asked -questions about -Privoxy. Privoxy is a web -proxy with advanced filtering capabilities for protecting privacy, filtering -web page content, managing cookies, controlling access, and removing ads, -banners, pop-ups and other obnoxious Internet -Junk. Privoxy has a very flexible configuration and -can be customized to suit individual needs and -tastes. Privoxy has application for both stand-alone -systems and multi-user networks. + This FAQ gives quick answers to frequently asked questions about + Privoxy. + It is not a substitute for the + Privoxy User Manual. + + + + What is Privoxy? &p-intro; + + -You can find the latest version of the document at http://ijbswa.sourceforge.net/faq/. -Please see the Contact section in the -user-manual if you want to contact the developers. + Please note that this document is a work in progress. This copy represents + the state at the release of version &p-version;. + You can find the latest version of the document at http://www.privoxy.org/faq/. + Please see the Contact section if you want to + contact the developers. @@ -58,325 +148,502 @@ Please see the Contact section in the - - - -Frequently Asked Questions - - - -General Information +General Information +Who should give &my-app; a try? + + Anyone who is interested in security, privacy, or in + finer-grained control over their web and Internet experience. + + -What is this new version of <application>Privoxy</application>? +Is Privoxy the best choice for +me? - The original Internet Junkbuster (tm) is a - coyrighted product of Junkbusters - Corporation. Development of this effort stopped some time ago as of - version 2.0.2. Stefan Waldherr started the ijbswa project on Sourceforge to rekindle - development. Other developers subsequently joined with Stefan, and have - since added many new features, refinements and enhancements. + &my-app; is certainly a good choice, especially for those who want more + control and security. Those with the willingness to read the documentation + and the ability to fine-tune their installation will benefit the most. - The new Privoxy started with the same - code base, but has changed significantly at this point. + One of Privoxy's + strengths is that it is highly configurable giving you the ability to + completely personalize your installation. Being familiar with, or at least + having an interest in learning about HTTP and other networking + protocols, HTML, and + Regular + Expressions + will be a big plus and will help you get the most out of &my-app;. + A new installation just includes a very basic configuration. The user + should take this as a starting point only, and enhance it as he or she + sees fit. In fact, the user is encouraged, and expected to, fine-tune the + configuration. + + Much of Privoxy's configuration can be done + with a Web browser. + But there are areas where configuration is done using a + text editor + to edit configuration files. Also note that the web-based action editor + doesn't use authentication and should only be enabled in environments + where all clients with access to &my-app; listening port can be trusted. + + - - -How does it differ from the old <application>Junkbuster?</application> +What is a <quote>proxy</quote>? How does +Privoxy work? - All the old features remain. The new Privoxy - still blocks ads and banners, still manages cookies, and still helps protect - your privacy. But, these are all enhanced, and many new features have been - added, all in the same vein. + A web proxy + is a service, based on a software such as + Privoxy, that clients (i.e. browsers) can use + instead of connecting directly to web servers on the Internet. The + clients then ask the proxy to fetch the objects they need (web pages, + images, movies etc) on their behalf, and when the proxy has done so, it + hands the results back to the client. It is a go-between. See + the Wikipedia proxy + definition for more. - The configuration has changed significantly as well. This is something that - users will notice right off the bat. The blocklist file does - not exist any more. This is replaced by actions files, such - as default.actions. This is where most of the per site - configuration is now. - + There are many reasons to use web proxies, such as security (firewalling), + efficiency (caching) and others, and there are any number of proxies + to accommodate those needs. - + + Privoxy is a proxy that is primarily focused on privacy + protection, ad and junk elimination and freeing the user from restrictions placed on his + activities. Sitting between your browser(s) and the Internet, + it is in a perfect position to filter outbound personal information that your + browser is leaking, as well as inbound junk. It uses a variety of techniques to do + this, all of which are under your complete control via the various configuration + files and options. Being a proxy also makes it easier to share + configurations among multiple browsers and/or users. + + -What are some of the new features? - - - + +Does Privoxy do anything more than ad blocking? + + Yes, ad blocking is but one possible use. There are many, many ways &my-app; + can be used to sanitize and customize web browsing. + + - - - Integrated browser based configuration and control utility (http://p.p). Browser-based tracing of rule - and filter effects. - - - - - - Blocking of annoying pop-up browser windows. - - +What is this new version of +<quote><citetitle>Junkbuster</citetitle></quote>? - - - HTTP/1.1 compliant (most, but not all 1.1 features are supported). - - + + &history; + - - - Support for Perl Compatible Regular Expressions in the configuration files, and - generally a more sophisticated and flexible configuration syntax over - previous versions. - - + - - - GIF de-animation. - - - - - - Web page content filtering (removes banners based on size, - invisible web-bugs, JavaScript, pop-ups, status bar abuse, - etc.) - - - - - - Bypass many click-tracking scripts (avoids script redirection). - - - - - - - Multi-threaded (POSIX and native threads). - - - - - Auto-detection and re-reading of config file changes. - - + +Why <quote>Privoxy</quote>? Why change the name from +Junkbuster at all? + + Though outdated, Junkbusters Corporation + continues to offer their original version of the Internet + Junkbuster, so publishing our + Junkbuster-derived software under the same name + led to confusion. + + + There are also potential legal complications from our use of the + Junkbuster name, which is a registered trademark of + Junkbusters Corporation. + There are, however, no objections from Junkbusters Corporation to the + Privoxy project itself, and they, in fact, still + share our ideals and goals. + + + The developers also believed that there are so many improvements over the original + code, that it was time to make a clean break from the past and make + a name in their own right. + + + Privoxy is the + Privacy Enhancing Proxy. Also, its content + modification and junk suppression gives you, the user, more + control, more freedom, and allows you to browse your personal and + private edition of the web. + + - - - User-customizable HTML templates (e.g. 404 error page). - - +How does Privoxy differ +from the old Junkbuster? + + Privoxy picks up where + Junkbuster left off. All the old features remain. + The new Privoxy still blocks ads and banners, + still manages cookies, and still + helps protect your privacy. But, most of these features have been enhanced, + and many new ones have been added, all in the same vein. + + + Privoxy's new features include: + - - - Improved cookie management features (e.g. session based cookies). - - + + &newfeatures; + - - - Builds from source on most UNIX-like systems. Packages available for: Linux - (RedHat, SuSE, or Debian), Windows, Sun Solaris, Mac OSX, OS/2, HP-UX 11 and AmigaOS. - - - + - - - In addition, the configuration is much more powerful and versatile over-all. - - + +How does Privoxy know what is +an ad, and what is not? + + Privoxy's approach to blocking ads is twofold: + + + First, there are certain patterns in the locations (URLs) + of banner images. This applies to both the path (you wouldn't guess how many + web sites serve their banners from a directory called banners!) + and the host (blocking the big banner hosting services like doublecklick.net + already helps a lot). Privoxy takes advantage of this + fact by using URL + patterns to sort out and block the requests for things that sound + like they would be ads or banners. + + + Second, banners tend to come in certain sizes. But you + can't tell the size of an image by its URL without downloading it, and if you + do, it's too late to save bandwidth. Therefore, Privoxy + also inspects the HTML sources of web pages while they are loaded, and replaces + references to images with standard banner sizes by dummy references, so that + your browser doesn't request them anymore in the first place. + + + Both of this involves a certain amount of guesswork and is, of course, freely + and readily configurable. + + - + +Can Privoxy make mistakes? +This does not sound very scientific. + + Actually, it's a black art ;-) And yes, it is always possible to have a broad + rule accidentally block or change something by mistake. You will almost surely + run into such situations at some point. It is tricky writing rules to + cover every conceivable possibility, and not occasionally get false positives. - + + But this should not be a big concern since the + Privoxy configuration is very flexible, and + includes tools to help identify these types of situations so they can be + addressed as needed, allowing you to customize your installation. + (See the Troubleshooting section below.) + -What is a <quote>proxy</quote>? How does -<application>Privoxy</application> work? - - When you connect to a web site with Privoxy, - you are really connecting to your locally running version of - Privoxy. Privoxy - intercepts your requests for the web page, and relays that to the - real web site. The web site sends the HTTP data stream - back to Privoxy, where - Privoxy can work its magic before it - relays this data back to your web browser. - + - - Since Privoxy sits between you and the - WWW, it is in a position to intercept and completely manage all web traffic and - HTTP content before it gets to your browser. - Privoxy uses various programming methods to do - this, all of which is under your control via the various configuration - files and options. - + +Will I have to configure Privoxy + before I can use it? + + That depends on your expectations. + The default installation should give you a good starting + point, and block most ads and unwanted content, + but many of the more advanced features are off by default, and require + you to activate them. + + + You do have to set up your browser to use + Privoxy (see the Installation section below). + + + And you will certainly run into situations where there are false positives, + or ads not being blocked that you may not want to see. In these cases, you + would certainly benefit by customizing Privoxy's + configuration to more closely match your individual situation. And we + encourage you to do this. This is where the real power of + Privoxy lies! + - - There are many kinds of proxies. Privoxy best - fits the filtering proxy category. - + - + +Can Privoxy run as a server on a network? + + Yes, &my-app; runs as a server already, and can easily be configured to + serve more than one client. See + How can I set up Privoxy to act as a proxy for my LAN below. + + -My browser does the same things as -<application>Privoxy</application>. Why should I use -<application>Privoxy</application> at all? +My browser does the same things as +Privoxy. Why should I use Privoxy at all? Modern browsers do indeed have some of the same functionality as Privoxy. Maybe this is - adequate for you. But Privoxy is much more - verstatile and powerful, and can do a number of things that browsers just can't. + adequate for you. But Privoxy is very + versatile and powerful, and can probably do a number of things + your browser just can't. In addition, a proxy is good choice if you use multiple browsers, or - have a LAN with multiple computers. This way all the configuration - is in one place, and you don't have to maintain a similar configuration - for possibly many browsers. - + have a LAN with multiple computers since &my-app; can run as a server + application. This way all the configuration is in one place, and you don't + have to maintain a similar configuration for possibly many browsers or + users. - - + + Note, however, that it's recommended to leverage both your browser's + and Privoxy's privacy enhancing features + at the same time. While your browser probably lacks some features + &my-app; offers, it should also be able to do some things more + reliable, for example restricting and suppressing JavaScript. + + +Why should I trust Privoxy? + + The most important reason is because you have access to + everything, and you can control everything. You can + check every line of every configuration file yourself. You can check every + last bit of source code should you desire. And even if you can't read code, + there should be some comfort in knowing that other people can, + and do read it. You can build the software from scratch, if you want, + so that you know the executable is clean, and that it is + yours. In fact, we encourage this level of scrutiny. It + is one reason we use &my-app; ourselves. + + -Is there is a license or fee? What about a +<sect2 renderas="sect3" id="license"><title>Is there is a license or fee? What about a warranty? Registration? - Privoxy is licensed under the - GNU General Public License (GPL). It is free to use, copy, - modify or distribute as you wish under the terms of this license. - See http://www.gnu.org/copyleft/gpl.html - for specifics. - + Privoxy is free software and licensed under the GNU General Public License (GPL) version 2. + It is free to use, copy, modify or distribute as you wish under the terms of this + license. Please see the Copyright section for more + information on the license and copyright. Or the LICENSE file + that should be included. + - There is no warranty of any kind, expressed, implied or otherwise. That is - something that would cost real money ;-) There is no registration either. - Privoxy really is free - in every respect! - + There is no warranty of any kind, expressed, implied or otherwise. + That is something that would cost real money ;-) There is no registration either. - -I would like to help you, what do I do? + + + +Can Privoxy remove spyware? Adware? Viruses? + + No, at least not reliably enough to trust it. &my-app; is not designed to be + a malware removal tool and the default configuration doesn't even try to + filter out any malware. + + + &my-app; could help prevent contact from (known) sites that use such + tactics with appropriate configuration rules, and thus could conceivably + prevent contamination from such sites. However, keeping such a configuration + up to date would require a lot of time and effort that would be better spend + on keeping your software itself up to date so it doesn't have known + vulnerabilities. + + + -Money Money Money + +Can I use Privoxy with other ad-blocking software? + + &my-app; should work fine with other proxies and other software in general. + + + But it is probably not necessary to use &my-app; in conjunction with other + ad-blocking products, and this could conceivably cause undesirable results. + It might be better to choose one software or the other and work a little to + tweak its configuration to your liking. + - We, of course, welcome donations and use the money for domain registering, - regular world-wide get-togethers (hahaha). Anyway, we'll soon describe the - process how to donate money to the team. + Note that this is an advice specific to ad blocking. - + -You want to work with us? +I would like to help you, what can I do? + +Would you like to participate? - Well, helping the team is always a good idea. We welcome new developers, - RPM gurus or documentation makers. Simply get an account on sourceforge.net - and mail your id to the developer mailing list. Then read the - section Quickstart in the developers manual. + Well, we always need help. There is something for + everybody who wants to help us. We welcome new developers, packagers, + testers, documentation writers or really anyone with a desire to help in + any way. You DO NOT need to be a + programmer. There are many other tasks available. In fact, + the programmers often can't spend as much time programming because of some + of the other, more mundane things that need to be done, like checking the + Tracker feedback sections. + + + So first thing, get an account on SourceForge.net + and mail your id to the developers + mailing list. Then, please read the Developer's Manual, at least + the pertinent sections. + + You can also start helping out without SourceForge.net account, + simply by showing up on the mailing list, helping out other users, + providing general feedback or reporting problems you noticed. + + + +Contribute! -Once we have added you to the team, you'll have write access to the CVS -repository, and together we'll find a suitable task for you. + We, of course, welcome donations and could use money for domain registering, + buying software to test Privoxy with, and, of course, + for regular world-wide get-togethers (hahaha). If you enjoy the software and feel + like helping us with a donation, just drop us a note + and get your name on the list of contributors. - + +Software + + If you are a vendor of a web-related software like a browser, web server + or proxy, and would like us to ensure that Privoxy + runs smoothly with your product, you might consider supplying us with a + copy or license. We can't, however, guarantee that we will fix all potential + compatibility issues as a result. + + + + -Installation +Installation + + +Which browsers are supported by Privoxy? + + Any browser that can be configured to use a proxy, which + should be virtually all browsers, including + Firefox, Internet + Explorer, Opera, and + Safari among others. + Direct browser support is not an absolute requirement since + Privoxy runs as a separate application and talks + to the browser in the standardized HTTP protocol, just like a web server + does. + + + + +Which operating systems are supported? + +&supported; + + + +Can I use Privoxy with my email client? + + As long as there is some way to set a HTTP proxy for the client, then yes, + any application can be used, whether it is strictly speaking a + browser or not. Though this may not be the best approach for + dealing with some of the common abuses of HTML in email. See How can I configure Privoxy + with Outlook Express? below for more on + this. + + + Be aware that HTML email presents a number of unique security and privacy + related issues, that can require advanced skills to overcome. The developers + recommend using email clients that can be configured to convert HTML to plain + text for these reasons. + + -Can I install the new - <application>Privoxy</application> over the old one? + + + +I just installed Privoxy. Is there anything special I have to do now? - All browsers must be told to use Privoxy + All browsers should be told to use Privoxy as a proxy by specifying the correct proxy address and port number - in the appropriate configuration area for the browser. See below. + in the appropriate configuration area for the browser. It's possible + to combine &my-app; with a packet filter to intercept HTTP requests + even if the client isn't explicitly configured to use &my-app;, + but where possible, configuring the client is recommended. See + the User Manual for more + details. You should also flush your browser's memory and disk + cache to get rid of any cached junk items, and remove any stored + cookies. - - + -What is the proxy address of <application>Privoxy</application>? +What is the proxy address of Privoxy? If you set up the Privoxy to run on the computer you browse from (rather than your ISP's server or some - networked computer on a LAN), the proxy will be on localhost - (which is the special name used by every computer on the Internet to refer - to itself) and the port will be 8118 (unless you have Privoxy to run on a different port with the - listen-address config option). + networked computer on a LAN), the proxy will be on 127.0.0.1 + (sometimes referred to as localhost, + which is the special name used by every computer on the Internet to refer + to itself) and the port will be 8118 (unless you used the listen-address + config option to tell Privoxy to run on + a different port). When configuring your browser's proxy settings you typically enter - the word localhost in the boxes next to HTTP - and Secure (HTTPS) and then the number 8118 - for port. This tells your browser to send all web - requests to Privoxy instead of directly to the - Interenet. + the word localhost or the IP address 127.0.0.1 + in the boxes next to HTTP and Secure (HTTPS) and + then the number 8118 for port. + This tells your browser to send all web requests to Privoxy + instead of directly to the Internet. Privoxy can also be used to proxy for a Local Area Network. In this case, your would enter either the IP address of the LAN host where Privoxy - is running, or the equivalent hostname. Port assignment would be - same as above. + is running, or the equivalent hostname, e.g. 192.168.1.1. + Port assignment would be same as above. Note that + Privoxy doesn't listen on any LAN interfaces by + default. Privoxy does not currently handle - protocols such as FTP, SMTP, IM, IRC, ICQ, or other Internet - protocols. + any other protocols such as FTP, SMTP, IM, IRC, ICQ, etc. - + - -I just installed <application>Privoxy</application>, and nothing is happening. +<sect2 renderas="sect3" id="nothing"> +<title>I just installed Privoxy, and nothing is happening. All the ads are there. What's wrong? @@ -385,852 +652,2512 @@ All the ads are there. What's wrong? the browser's caches to force a full re-reading of pages. You can verify that Privoxy is running, and your browser is correctly configured by entering the special URL: - http://p.p/. This should give you - a banner that says This is Privoxy and - access to Privoxy's internal configuration. - If you see this, then you are good to go. If not, the browser or - Privoxy are not set up correctly. + http://p.p/. + + This should take you to a page titled This is Privoxy.. with + access to Privoxy's internal configuration. + If you see this, then you are good to go. If you receive a page saying + Privoxy is not running, then the browser is not set up to use + your Privoxy installation. + If you receive anything else (probably nothing at all), it could either + be that the browser is not set up correctly, or that + Privoxy is not running at all. Check the log file. For instructions + on starting Privoxy and browser configuration, + see the chapter + on starting Privoxy in the + User Manual. + + + + +I get a <quote>Privoxy is not being used</quote> dummy page although +Privoxy is running and being used. + + + First, make sure that Privoxy is really running and + being used by visiting http://p.p/. You + should see the Privoxy main page. If not, see + the chapter + on starting Privoxy in the + User Manual. - + + Now if http://p.p/ works for you, but + other parts of Privoxy's web interface show + the dummy page, your browser has cached a redirection it encountered before + Privoxy was being used. You need to clear your + browser's cache. Note that shift-reloading the dummy page won't help, since + that'll only refresh the dummy page, not the redirection that lead you there. + + + The procedure for clearing the cache varies from browser to browser. For + example, Mozilla/Netscape users would click + Edit --> Preferences --> + Advanced --> Cache and + then click both Clear Memory Cache + and Clear Disk Cache. + In some Firefox versions it's + Tools --> Options --> + Privacy --> Cache and + then click Clear Cache Now. + + + - - -Configuration -Can I use my old config files? - - There are major changes to Junkbuster - configuration from version 2.0.x to 2.9.x and later. The older files will - not work at all. If this is the case, you will need to re-enter your old - data into the new configuration structure. This is probably also a good - recommendation even if upgrading from 2.9.x to 3.x since there were - many minor changes along the way. - - + - -What is an <quote>actions</quote> file? +Configuration + +What exactly is an <quote>actions</quote> file? - actions files are where various actions that - Privoxy might take, are configured. - Typically, you would define a set of default actions that apply - to all URLs, then add exceptions to these defaults. + &my-app; utilizes the concept of + actions + that are used to manipulate and control web page data. + Actions files + are where these actions + that Privoxy could take while processing a certain + request, are configured. Typically, you would define a set of default actions + that apply globally to all URLs, then add exceptions to these defaults where needed. + There is a wide array of actions available that give the user a high degree + of control and flexibility on how to process each and every web page. - Actions can be defined on a per site basis, or for groups of sites. Actions - can also be grouped together and then applied to one or more sites. There - are many possible actions that might apply to any given site. As an example, - if we are blocking cookies as one of our default - actions, but need to accept cookies from a given - site, we would define this in our actions file. - - - - - Privoxy comes with several default - actions files, with varying degrees - of filtering and blocking, as starting points for your own - configuration (see below). + Actions can be defined on a URL pattern basis, i.e. + for single URLs, whole web sites, groups or parts thereof etc. Actions can also be + grouped together and then applied to requests matching one or more patterns. + There are many possible actions that might apply to any given site. As an example, + if you are blocking cookies + as one of your default actions, but need to accept cookies from a given site, + you would need to define an exception for this site in one of your actions + files, preferably in user.action. - + - -The <quote>actions</quote>concept confuses me. Please list +<sect2 renderas="sect3" id="actionss"> +<title>The <quote>actions</quote> concept confuses me. Please list some of these <quote>actions</quote>. - These are all explained in the - user-manual. - Please refer to that. + For a comprehensive discussion of the actions concept, please refer + to the actions file + chapter in the User + Manual. It includes a list of all actions + and an actions + file tutorial to get you started. - + - + How are actions files configured? What is the easiest way to do this? - The easiest way to do this, is to access Privoxy - with your web browser at http://p.p/, - and then select - "Edit the actions list" - from the selection list. You can also do this by editing the appropriate - file with a text editor. + Actions files are just text files in a special syntax and can be edited + with a text editor. But probably the easiest way is to access + Privoxy's user interface with your web browser + at http://config.privoxy.org/ + (Shortcut: http://p.p/) and then select + View & + change the current configuration from the menu. Note + that this feature must be explicitly enabled in the main config file + (see enable-edit-actions). + + + +There are several different <quote>actions</quote> files. What are +the differences? - Please see the - user-manual for a - detailed explanation of these and other configuration files, and their - various options and syntax. + Three actions files + are being included by the developers, to be used for + different purposes: These are + default.action, the main actions file + which is actively maintained by the Privoxy + developers and typically sets the default policies, user.action, where users are encouraged + to make their private customizations, and standard.action, + which is for internal Privoxy use only. + Please see the actions chapter + in the User Manual for a more + detailed explanation. - + + Earlier versions included three different versions of the + default.action file. The new scheme allows for + greater flexibility of local configuration, and for browser based + selection of pre-defined aggressiveness levels. + - - What are the differences between -intermediate.action, basic.action, etc.? + + +Can I use my old config files? -Configuring Privoxy is not easy. To help you get -started, we provide you with three different default configurations. The -following table shows you, which features are enabled in each configuration. + The syntax and purpose of configuration files has remained roughly the + same throughout the 3.x series, but backwards compatibility is not guaranteed. + Also each release contains updated, improved versions and it is + therefore strongly recommended to install the newer configuration files + and merge back your modifications. + + + +Why is the configuration so complicated? -Default Configurations - - - - - - - - - Feature - default.action - basic.action - intermediate.action - advanced.action - - - - - - - - - - - - - - - - - ad-filtering - ? - x - x - x - - - - blank image - ? - x - x - x - - - - de-animate GIFs - ? - x - x - x - - - - referer forging - ? - x - x - x - - - - jon's +no-cookies-keep (i.e. session cookies only) - ? - x - x - x - - - - no-popup windows - ? - - x - x - - - - fast redirects - ? - - x - x - - - - hide-referrer - ? - - x - x - - - - hide-useragent - ? - - x - x - - - - content-modification - ? - - - x - - - - feature-x - ? - - - - - - - feature-y - ? - - - - - - - feature-z - ? - - - - - - - -

- - + Complicated is in the eye of the beholder. Those that are + familiar with some of the underlying concepts, such as regular expression + syntax, take to it like a fish takes to water. Also, software that tries + hard to be user friendly, often lacks sophistication and + flexibility. There is always that trade-off there between power vs. + easy-of-use. Furthermore, anyone is welcome to contribute ideas and + implementations to enhance &my-app;. + + - Why can I change the configuration with a -browser? Does that not raise security issues? +How can I make my Yahoo/Hotmail/Gmail account work? -What I don't understand, is how I can browser edit the config file as a -regular user, while the whole /etc/privoxy hierarchy belongs to the user -"privoxy", with only 644 perms. + The default configuration shouldn't impact the usability of any of these services. + It may, however, make all cookies + temporary, so that your browser will forget your + login credentials in between browser sessions. If you would like not to have to log + in manually each time you access those websites, simply turn off all cookie handling + for them in the user.action file. An example for yahoo might + look like: -When you use the browser-based editor, Privoxy -itself is writing to the config files. Because -Privoxy is running as the user "privoxy", it can -update the config files. + # Allow all cookies for Yahoo login: +# +{ -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only } +.login.yahoo.com -If you don't like this, setting "enable-edit-actions 0" in the config file -will disable the browser-based editor. If you're that paranoid, you should -also consider setting "enable-remote-toggle 0" to prevent browser-based -enabling/disabling of Privoxy. + These kinds of sites are often quite complex and heavy with + Javascript and + thus fragile. So if still a problem, + we have an alias just for such + sticky situations: -Note that normally only local users can connect to Privoxy, so this is not -(normally) a security problem. + # Gmail is a _fragile_ site: +# +{ fragile } + # Gmail is ... + mail.google.com + + + Be sure to flush your browser's caches whenever making these kinds of + changes, just to make sure the changes take. + + + Make sure the domain, host and path are appropriate as well. Your browser can + tell you where you are specifically and you should use that information for + your configuration settings. Note that above it is not referenced as + gmail.com, which is a valid domain name. - - -How can I set up <application>Privoxy</application> to act as a proxy for my - LAN? - - By default, Privoxy only responds to requests - from localhost. To have it act as a server for a network, this needs to be - changed in the main config file where the Privoxy - configuration is located. In that file is a listen-address - option. It may be commented out with a # symbol. Make sure - it is uncommented, and assign it the address of the LAN gateway interface, - and port number to use: - + + + What's the difference between the +<quote>Cautious</quote>, <quote>Medium</quote> and <quote>Advanced</quote> defaults? + + Configuring Privoxy is not entirely trivial. To + help you get started, we provide you with three different default action + profiles in the web based actions file editor at http://config.privoxy.org/show-status. + See the User + Manual for a list of actions, and how the default + profiles are set. + - - listen-address 192.168.1.1:8118 - + Where the defaults are likely to break some sites, exceptions for + known popular problem sites are included, but in + general, the more aggressive your default settings are, the more exceptions + you will have to make later. New users are best to start off in + Cautious setting. This is safest and will have the fewest + problems. See the User Manual + for a more detailed discussion. - Save the file, and restart Privoxy. Configure - all browsers on the network then to use this address and port number. + It should be noted that the Advanced profile (formerly known + as the Adventuresome profile) is more + aggressive, and will make use of some of + Privoxy's advanced features. Use at your own risk! - + + + Why can I change the configuration +with a browser? Does that not raise security issues? + + It may seem strange that regular users can edit the config files with their + browsers, although the whole /etc/privoxy hierarchy + belongs to the user privoxy, with only 644 permissions. + + + When you use the browser-based editor, Privoxy + itself is writing to the config files. Because + Privoxy is running as the user privoxy, + it can update its own config files. + + + If you run Privoxy for multiple untrusted users (e.g. in + a LAN) or aren't entirely in control of your own browser, you will probably want + to make sure that the the web-based editor and remote toggle features are + off by setting enable-edit-actions + 0 and enable-remote-toggle + 0 in the main configuration file. + + + As of &my-app; 3.0.7 these options are disabled by default. + + - -Instead of ads, now I get a checkboard pattern. I don't want to see anything. + +What is the <filename>default.filter</filename> file? What is a <quote>filter</quote>? + + The default.filter + file is where filters as supplied by the developers are defined. + Filters are a special subset of actions that can be used to modify or + remove web page content or headers on the fly. Content filters can + be applied to anything in the page source, + header filters can be applied to either server or client headers. + Regular expressions are used to accomplish this. + + + There are a number of pre-defined filters to deal with common annoyances. The + filters are only defined here, to invoke them, you need to use the + filter + action in one of the actions files. Content filtering is automatically + disabled for inappropriate MIME types, but if you now better than Privoxy + what should or should not be filtered you can filter any content you like. + - This is a configuration option for images that - Privoxy is stopping. You have the choice a checkerboard - pattern (this scales better), a transparent 1x1 GIF image, or a custom URL or - your choice. + Filters should + not be confused with blocks, which + is a completely different action, and is more typically used to block ads and + unwanted sites. - If you want to see nothing, then change the +image-blocker - action to +image-blocker{blank}. This can be done from the - Edit Actions List selection at http://p.p/. Or by hand editing the appropriate - actions file. This will only effect what is defined as images - though. + If you are familiar with regular expressions, and HTML, you can look at + the provided default.filter with a text editor and define + your own filters. This is potentially a very powerful feature, but + requires some expertise in both regular expressions and HTML/HTTP. + user.filter, so they won't + be overwritten during upgrades. + The ability to define multiple filter files + in config is a new feature as of v. 3.0.5.]]> + + + There is no GUI editor option for this part of the configuration, + but you can disable/enable the various pre-defined filters of the included + default.filter file with the web-based actions file editor. + Note that the custom actions editor must be explicitly enabled in + the main config file (see enable-edit-actions). - + + If you intend to develop your own filters, you might want to have a look at + Privoxy-Filter-Test. + + - -Why would anybody want to see the checkerboard? + +How can I set up Privoxy to act as a proxy for my + LAN? - This can be helpful for troubleshooting problems. It might also be good - for anyone new to Privoxy so that they can - see if their favorite pages are displaying correctly, and - Privoxy is not inadvertantly removing something - important. + By default, Privoxy only responds to requests + from 127.0.0.1 (localhost). To have it act as a server for + a network, this needs to be changed in the main configuration file. Look for + the listen-address + option, which may be commented out with a # symbol. Make sure + it is uncommented, and assign it the address of the LAN gateway interface, + and port number to use. Assuming your LAN address is 192.168.1.1 and you + wish to run Privoxy on port 8118, this line + should look like: - + + + listen-address 192.168.1.1:8118 + - -I see large red banners on some pages that say -<quote>Blocked</quote>. How do I get rid of this? - These are URLs that match something in one of - Privoxy's block actions (+block). It is meant - to be a warning so that you know something has been blocked and an easy way - for you to see why. These are handled differently than what has been defined - as images (e.g. ad banners). If you want them to be treated - as if they were images, so that they can be invisible, then move the - offending URL from the +block section to the - +imageblock section of your actions file. Alternately, you - could modify the block HTML template that - is used by Privoxy to display this, and make it - something more to your liking. + Save the file, and restart Privoxy. Configure + all browsers on the network then to use this address and port number. - + + Alternately, you can have Privoxy listen on + all available interfaces: + - + + + listen-address :8118 + - + + And then use Privoxy's + permit-access + feature to limit connections. A firewall in this situation is recommended + as well. + -Misc + + The above steps should be the same for any TCP network, regardless of + operating system. + - -How much does <application>Privoxy</application> slow my browsing down? This -has to add extra time to browsing. - It should not slow you down any in real terms, and may actually help - speed things up since ads, banners and other junk are not being displayed. - The actual processing time required by Privoxy - itself for each page, is relatively small in the overall scheme of things, - and happens very quickly. This is typically more than offset by time saved - not downloading and rendering ad images. + If you run Privoxy on a LAN with untrusted users, + we recommend that you double-check the access control and security + options! + + + + +Instead of ads, now I get a checkerboard pattern. I don't want to see anything. + + The replacement for blocked images can be controlled with the set-image-blocker + action. You have the choice of a checkerboard pattern, a transparent 1x1 GIF + image (aka blank), or a redirect to a custom image of your choice. + Note that this choice only has effect for images which are blocked as images, i.e. + whose URLs match both a handle-as-image + and block action. + - Filtering via the filterfile - mechanism may cause a perceived slowdown, since the entire page is buffered - before displaying. See below. + If you want to see nothing, then change the set-image-blocker + action to blank. This can be done by editing the + user.action file, or through the web-based actions file editor. - + + +Why would anybody want to see a checkerboard pattern? + + Remember that telling which image is an ad and which + isn't, is an educated guess. While we hope that the standard configuration + is rather smart, it will make occasional mistakes. The checkerboard image is visually + decent, and it shows you where images have been blocked, which can be very + helpful in case some navigation aid or otherwise innocent image was + erroneously blocked. It is recommended for new users so they can + see what is happening. Some people might also enjoy seeing how + many banners they don't have to see. + + -I noticed considerable -delays in page requests compared to the old Junkbuster. What's wrong? + +I see some images being replaced with text +instead of the checkerboard image. Why and how do I get rid of this? -Using the default filtering configuration, I noticed considerable delays in -page requests compared to the old Junkbuster. Loading pages with large contents -seemed to take forever, then suddenly delivering all the content at once. - + This happens when the banners are not embedded in the HTML code of the + page itself, but in separate HTML (sub)documents that are loaded into (i)frames + or (i)layers, and these external HTML documents are blocked. Being non-images + they get replaced by a substitute HTML page rather than a substitute image, + which wouldn't work out technically, since the browser expects and accepts + only HTML when it has requested an HTML document. + -The whole content must be loaded in order to filter, and nothing is is -sent to the browser during this time. The loading time does not really -change in real numbers, but the feeling is different, because most -browsers are able to start rendering incomplete content, giving the -user a feeling of "it works". - + The substitute page adapts to the available space and shows itself as a + miniature two-liner if loaded into small frames, or full-blown with a + large red "BLOCKED" banner if space allows. + -To modify the content of a page (i.e. make frames resizeable again, etc.) and -not just replace ads, Privoxy needs to download the -entire page first, do its content magic and then send the page to the browser. + If you prefer the banners to be blocked by images, you must see to it that + the HTML documents in which they are embedded are not blocked. Clicking + the See why link offered in the substitute page will show + you which rule blocked the page. After changing the rule and un-blocking + the HTML documents, the browser will try to load the actual banner images + and the usual image blocking will (hopefully!) kick in. - + -What is the "http://p.p/"? + +Can Privoxy run as a service +on Win2K/NT/XP? -Since Privoxy sits between your web browser and the Internet, it can be -programmed to handle certain pages specially. +Windows service + functionality. See + the User Manual for details on how to install and configure + Privoxy as a service. + + + Earlier ]]>3.x versions could run as a system service using srvany.exe. + See the discussion at http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118, + for details, and a sample configuration. + + + +How can I make Privoxy work with other +proxies like Squid or Tor? -With recent versions of Privoxy (version 2.9.x), you can get some -information about Privoxy and change some settings by going to -http://p.p/ or, equivalently, http://ijbswa.sourceforge.net/config/ -(Note that p.p is far easier to type but may not work in some -configurations). + This can be done and is often useful to combine the benefits of + Privoxy with those of a another proxy. + See the forwarding chapter + in the User Manual which + describes how to do this, and the + How do I use Privoxy together with + Tor section below. + + + +Can I just set Privoxy to use port 80 +and thus avoid individual browser configuration? -These pages are *not* forwarded to a server on the internet - instead they are -handled by a special web server which is built in to Privoxy. + No, its more complicated than that. This only works with special kinds + of proxies known as intercepting proxies (see below). + + + +Can Privoxy run as a <quote>transparent +</quote> proxy? -If you are not running Privoxy, then http://p.p/ will fail, and -http://ijbswa.sourceforge.net/config/ will return a web page telling you -you're not running Privoxy. + The whole idea of Privoxy is to modify client requests + and server responses in all sorts of ways and therefore + it's not a transparent proxy as described in + RFC 2616. - -If you have version 2.0.2, then the equivalent is -http://example.com/show-proxy-args (but you get far less information, and you -should really consider upgrading to 2.9.x). + However, some people say transparent proxy when they + mean intercepting proxy. If you are one of them, + please read the next entry. - - -Do you still maintain the blocklists? + + + +How can I configure Privoxy for use with Outlook + Express? - No. The format of the blocklists has changed significantly in the versions - 2.9.x. Once we have released the new version, there will again be - blocklists that you can update automatically. + Outlook Express uses Internet Explorer + components to both render HTML, and fetch any HTTP requests that may be embedded in an HTML email. + So however you have Privoxy configured to work + with IE, this configuration should automatically be shared. - + -How can I submit new ads? + +How can I have separate rules just for HTML mail? - As of now, please discontinue to submit new ad blocking infos. Once we - have released the new version, there will again be a form on the website, - which you can use to contribute new ads. + The short answer is, you can't. Privoxy has no way + of knowing which particular application makes a request, so there is no way to + distinguish between web pages and HTML mail. + Privoxy just blindly proxies all requests. In the + case of Outlook Express (see above), OE uses + IE anyway, and there is no way for Privoxy to ever + be able to distinguish between them (nor could any other proxy type application for + that matter). - - -How can I hide my IP address? - You cannot hide your IP address with Privoxy or any other software, since -the server needs to know your IP address to send the answer to you. + For a good discussion of some of the issues involved (including privacy and + security issues), see + http://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118. + + + +I sometimes notice cookies sneaking through. How? -Fortunately there are many publicly usable anonymous proxies out there, which -solve the problem by providing a further level of indirection between you and -the web server, shared by many people and thus letting your requests "drown" -in white noise of unrelated requests as far as user tracking is concerned. + Cookies can be + set in several ways. The classic method is via the + Set-Cookie HTTP header. This is straightforward, and an + easy one to manipulate, such as the &my-app; concept of + session-cookies-only. + There is also the possibility of using + Javascript to + set cookies (&my-app; calls these content-cookies). This + is trickier because the syntax can vary widely, and thus requires a certain + amount of guesswork. It is not realistic to catch all of these short of + disabling Javascript, which would break many sites. And lastly, if the + cookies are embedded in a HTTPS/SSL secure session via Javascript, they are beyond + Privoxy's reach. + + + All in all, &my-app; can help manage cookies in general, can help minimize + the loss of privacy posed by cookies, but can't realistically stop all + cookies. + + + +Are all cookies bad? Why? -Most of them will, however, log your IP address and make it available to the -authorities in case you abuse that anonymity for criminal purposes. In fact -you can't even rule out that some of them only exist to *collect* information -on (those suspicious) people with a more than average preference for privacy. + No, in fact there are many beneficial uses of + cookies. Cookies are just a + method that browsers can use to store data between pages, or between browser + sessions. Sometimes there is a good reason for this, and the user's life is a + bit easier as a result. But there is a long history of some websites taking + advantage of this layer of trust, and using the data they glean from you and + your browsing habits for their own purposes, and maybe to your potential + detriment. Such sites are using you and storing their data on your system. + That is why the privacy conscious watch from whom those cookies come, and why + they really need to be there. -You can find a list of anonymous public proxies at multiproxy.org and many -more through Google. + See the + Wikipedia cookie + definition for more. - + - - - - - - - + +How can I allow permanent cookies for my trusted sites? - -Can <application>Privoxy</application> guarantee I am anonymous? - No. Your chances of remaining anonymous are greatly improved, but unless you - are an expert on Internet security it would be safest to assume that - everything you do on the Web can be traced back to you. + There are several actions that relate to cookies. The default behavior is to + allow only session cookies, which means the cookies only last + for the current browser session. This eliminates most kinds of abuse related + to cookies. But there may be cases where you want cookies to last. - Privoxy can remove various information about you, - and allows you more freedom to decide which sites - you can trust. But it's still possible that web sites can find out who you - are. Here's one way this can happen. + To disable all cookie actions, so that cookies are allowed unrestricted, + both in and out, for example.com: - A few browsers disclose the user's email address in certain situations, such - as when transferring a file by FTP. Privoxy - does not filter FTP. If you need this feature, or are concerned about the - mail handler of your browser disclosing your email address, you might - consider products such as NSClean. + + { -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only -filter{content-cookies} } + .example.com - Browsers available only as binaries could use non-standard headers to give - out any information they can have access to: see the manufacturer's license - agreement. It's impossible to anticipate and prevent every breach of privacy - that might occur. The professionally paranoid prefer browsers available as - source code, because anticipating their behavior is easier. Trust the source, - Luke! + Place the above in user.action. Note that some of these may + be off by default anyway, so this might be redundant, but there is no harm + being explicit in what you want to happen. user.action + includes an alias for this situation, called + allow-all-cookies. + - - - -Might some things break because header information is -being altered? - + +Can I have separate configurations for different users? - Definitely. More and more sites use HTTP header content to decide what to - display and how to display it. There is many ways that this can be handled, - so having hard and fast rules, is tricky. + Each instance of Privoxy has its own + configuration, including such attributes as the TCP port that it listens on. + What you can do is run multiple instances of Privoxy, each with + a unique + listen-address + configuration setting, and configuration path, and then + each of these can have their own configurations. Think of it as per-port + configuration. - - - USER AGENT in particular is often used in this way to identify - the browser, and adjust content accordingly. Changing this now is not - recommended, since so many sites do look for this. You may get undesirable - results by changing this. + + Simple enough for a few users, but for large installations, consider having + groups of users that might share like configurations. + + +Can I set-up Privoxy as a whitelist of +<quote>good</quote> sites? - For instance, different browsers use different encodings of Russian and Czech - characters, certain web servers convert pages on-the-fly according to the - User Agent header. Giving a User Agent with the wrong - operating system or browser manufacturer causes some sites in these languages - to be garbled; Surfers to Eastern European sites should change it to - something closer. And then some page access counters work by looking at the - REFERER header; they may fail or break if unavailable. The - weather maps of Intellicast have been blocked by their server when no - REFERER or cookie is provided, is another example. There are - many, many other ways things can go wrong when trying to fool a web server. + Sure. There are a couple of things you can do for simple white-listing. + Here's one real easy one: - + + ############################################################ + # Blacklist + ############################################################ + { +block } + / # Block *all* URLs + + ############################################################ + # Whitelist + ############################################################ + { -block } + kids.example.com + toys.example.com + games.example.com - If you have problems with a site, you will have to adjust your configuration - accordingly. Cookies are probably the most likely adjustment that may - be required, but by no means the only one. - + This allows access to only those three sites by first blocking all URLs, and + then subsequently allowing three specific exceptions. - - - - - -Can <application>Privoxy</application> act as a <quote>caching</quote> proxy to -speed up web browsing? - No, it does not have this ability at all. You want something like - Squid for this. And, yes, - before you ask, Privoxy can co-exist - with other kinds of proxies like Squid. + Another approach is Privoxy's + trustfile concept, which incorporates the notion of + trusted referrers. See the Trust documentation + for details. - - - -What about as a firewall? Can <application>Privoxy</application> protect me? - Not in the way you mean, or in the way a true firewall can, or a proxy that - has this specific capability. Privoxy can help - protect your privacy, but not really protect you from intrusion attempts. + These are fairly simple approaches and are not completely foolproof. There + are various other configuration options that should be disabled (described + elsewhere here and in the User Manual) + so that users can't modify their own configuration and easily circumvent the + whitelist. - - - - -The <application>Privoxy</application> logo that replaces ads is very blocky -and ugly looking. Can't a better font be used? + + +How can I turn off ad-blocking? + + Ad blocking is achieved through a complex application of various &my-app; + actions. These + actions are deployed against simple images, banners, flash animations, + text pages, JavaScript, pop-ups and pop-unders, etc., so its not as simple as + just turning one or two actions off. The various actions that make up + &my-app; ad blocking are hard-coded into the default configuration files. It + has been assumed that everyone using &my-app; is interested in this + particular feature. + + + If you want to do without this, there are several approaches you can take: + You can manually undo the many block rules in + default.action. Or even easier, just create your own + default.action file from scratch without the many ad + blocking rules, and corresponding exceptions. Or lastly, if you are not + concerned about the additional blocks that are done for privacy reasons, you + can very easily over-ride all blocking with the + following very simple rule in your user.action: + + + + # Unblock everybody, everywhere + { -block } + / # UN-Block *all* URLs + + + Or even a more comprehensive reversing of various ad related actions: + - This is not a font problem. The logo is an image that is created by - Privoxy on the fly. So as to not waste - memory, the image is rather small. The blockiness comes when the - image is scaled to fill a largish area. There is not much to be done - about this, other than to use one of the other - imageblock directives: pattern, - blank, or a URL of your chosing. + + # Unblock everybody, everywhere, and turn off appropriate filtering, etc + { -block \ + -filter{banners-by-size} \ + -filter{banners-by-link} \ + allow-popups \ + } + / # UN-Block *all* URLs and allow ads -Given the above problem, we have decided to remove the logo option entirely. + This last action in this compound statement, + allow-popups, is an alias that disables + various pop-up blocking features. - - + - -I have large empty spaces now where ads used to be. -Why does <application>Privoxy</application> leave these large gaps? + +How can I have custom template pages, like the +<emphasis>BLOCKED</emphasis> page? - It would be easy enough to just eliminate this space altogether, rather than - fill it with blank space. But, this would create problems with many pages - that use the overall size of the ad to help organize the page layout and - position the various components of the page where they were intended to be. - It is best left this way. + &my-app; templates are specialized text files utilized by + &my-app; for various purposes and can easily be modified using any text + editor. All the template pages are installed in a sub-directory appropriately + named: templates. Knowing something about HTML syntax + will of course be helpful. - - - - -How can <application>Privoxy</application> filter Secure (HTTPS) URLs? - This is a limitation since HTTPS transactions are encrypted SSL sessions - between your browser and the secure site, and are meant to be reliably - secure and private. This means that all cookies and HTTP - header information are also encrypted from the time they leave your browser, - to the site, and vice versa. Privoxy does not - try to unencrypt this information, so it just passes through as is. - Privoxy can still catch images and ads that - are embedded in the SSL stream though. + Be forewarned that the default templates are subject to being overwritten + during upgrades. You can, however, create completely new templates, + place them in another directory and specify the alternate path in the main + config. For details, have a look at the templdir option. + - - - - -<application>Privoxy</application> runs as a <quote>server</quote>. How -secure is it? Do I need to take any special precautions? + +How can I remove the <quote>Go There Anyway</quote> link from +the <emphasis>BLOCKED</emphasis> page? - There are no known exploits that might effect - Privoxy. On Unix-like systems, - Privoxy can run as a non-privileged - user, which is how we recommend it be run. Also, by default - Privoxy only listens to requests - from localhost. It is not itself directly exposed to the - Internet in this configuration. If you want to have - Privoxy serve as a LAN proxy, this will have to - be opened up to allow for LAN requests. In this case, we'd recommend - you specify only the LAN gateway address, e.g. 192.168.1.1 in the main - Privoxy config file. All LAN hosts can then use - this as their proxy address in the browser proxy configuration. In this way, - Privoxy will not listen on any external ports. - Of course, a firewall is always good too. Better safe than sorry. + There is more than one way to do it (although Perl is not involved). - - - - -What is a <quote>default.filter</quote>? - The default.filter is used to filter any - page content. By filtering we mean it can modify, remove, - or change anything on the page, including HTML tags, and - JavaScript. Regular expressions are used to accomplish this. This is - potentially a very powerful feature, but requires some expertise. + Editing the BLOCKED template page (see above) may dissuade some users, but + this method is easily circumvented. Where you need this level of control, you + might want to build &my-app; from source, and disable various features that are + available as compile-time options. You should + configure the sources as follows: - - If you are familiar with regular expressions, and HTML, you can look at - the provided default.filter with a text editor and see - some of things it can be used for. + + ./configure --disable-toggle --disable-editor --disable-force - - Presently, there is no GUI editor option for this part of the configuration. + This will create an executable with hard-coded security features so that + &my-app; does not allow easy bypassing of blocked sites, or changing the + current configuration via any connected user's web browser. + + + Finally, all of these features can also be toggled on/off via options in + Privoxy's main config file which + means you don't have to recompile anything. - - + + + + - -Troubleshooting +Miscellaneous - -I just upgraded and am getting <quote>connection refused</quote> -with every web page? + +How much does Privoxy slow my browsing down? This +has to add extra time to browsing. - Either Privoxy is not running, or your - browser is configured for a different port than what - Privoxy is using. + How much of an impact depends on many things, including the CPU of the host + system, how aggressive the configuration is, which specific actions are being triggered, + the size of the page, the bandwidth of the connection, etc. - - The old Privoxy (and also - Junkbuster) used port 8000 by - default. This has been changed to port 8118 now, due to a conflict - with NAS (Network Audio Service), which uses port 8000. If you haven't, - you need to change your browser to the new port number, or alternately - change Privoxy's listen-address - setting in the config file used to start - Privoxy. + Overall, it should not slow you down any in real terms, and may actually help + speed things up since ads, banners and other junk are not typically being + retrieved and displayed. The actual processing time required by + Privoxy itself for each page, is relatively small + in the overall scheme of things, and happens very quickly. This is typically + more than offset by time saved not downloading and rendering ad images and + other junk content (if ad blocking is being used). - - - -I just added a new rule, but the steenkin ad is -still getting through. How? - If the ad had been displayed before you added its URL, it will probably be - held in the browser's cache for some time, so it will be displayed without - the need for any request to the server, and Privoxy - will not be in the picture. The best thing to do is try flusing the browser's - caches. And then try again. + Filtering content via the filter or + deanimate-gifs + actions may cause a perceived slowdown, since the entire document + needs to be buffered before displaying. And on very large documents, + filtering may have some measurable impact. How much depends on the page size, + the actual definition of the filter(s), etc. See below. Most other actions + have little to no impact on speed. - - If this doesn't help, you probably have an error in the rule you - applied. Try pasting the full URL of the offending ad into http://ijbswa.sourceforge.net/config/show-url-info - and see if any actions match your new rule. + Also, when filtering is enabled but zlib support isn't available, compression + is often disabled (see prevent-compression). + This can have an impact on speed as well, although it's probably smaller than + you might think. Again, the page size, etc. will determine how much of an impact. - + - -One of my favorite sites does not work with <application>Privoxy</application>. -What can I do? +I notice considerable +delays in page requests. What's wrong? - First verify that it is indeed a Privoxy problem, - by disabling Privoxy filtering and blocking. - Go to http://p.p/ and click on - Toggle Privoxy On or Off, then disable it. Now try that - page again. + If you use any filter action, + such as filtering banners by size, web-bugs etc, or the deanimate-gifs + action, the entire document must be loaded into memory in order for the filtering + mechanism to work, and nothing is sent to the browser during this time. - - If still a problem, go to Show which actions apply to a URL and - why from http://p.p/ and paste - the full URL of the page in question into the prompt. See which actions are - being applied to the URL. Now, armed with this information, go to Edit - the actions list. Here you should see various sections that have - various Privoxy features disabled for specific - sites. Disabled actions will have a - (minus - sign) in front of them. Add your problem page URL to one of these sections - that looks like it is disabling the feature that is causing the - problem. Re-try the page. There might be some trial and error involved. This - is discussed in a little more detail in the user-manual - appendix. - + The loading time typically does not really change much in real numbers, but + the feeling is different, because most browsers are able to start rendering + incomplete content, giving the user a feeling of "it works". This effect is + more noticeable on slower dialup connections. Extremely large documents + may have some impact on the time to load the page where there is filtering + being done. But overall, the difference should be very minimal. If there is a + big impact, then probably some other situation is contributing (like + anti-virus software). + + + Filtering is automatically disabled for inappropriate MIME types. But note + that if the web server mis-reports the MIME type, then content that should + not be filtered, could be. Privoxy only knows how + to differentiate filterable content because of the MIME type as reported by + the server, or because of some configuration setting that enables/disables + filtering. + +What are "http://config.privoxy.org/" and +"http://p.p/"? - Alternately, if you are comfortable with a text editor, you can accomplish - the same thing by editing the appropriate actions file. + http://config.privoxy.org/ is the + address of Privoxy's built-in user interface, and + http://p.p/ is a shortcut for it. - - - - -What time is it? - Time for you to go! + Since Privoxy sits between your web browser and the Internet, + it can simply intercept requests for these addresses and answer them with its built-in + web server. + + + This also makes for a good test for your browser configuration: If entering the + URL http://config.privoxy.org/ + takes you to a page saying This is Privoxy ..., everything is OK. + If you get a page saying Privoxy is not working instead, then + your browser didn't use Privoxy for the request, + hence it could not be intercepted, and you have accessed the real + web site at config.privoxy.org. - - - - - - -Contact the developers -Please see the user manual for information on how to contact the developers. +How can I submit new ads, or report +problems? + +Please see the Contact section for +various ways to interact with the developers. - - -Copyright and History -Please see the user manual for information on Copyright and History. + + +If I do submit missed ads, will +they be included in future updates? + + Whether such submissions are eventually included in the + default.action configuration file depends on how + significant the issue is. We of course want to address any potential + problem with major, high-profile sites such as Google, + Yahoo, etc. Any site with global or regional reach, + has a good chance of being a candidate. But at the other end of the spectrum + are any number of smaller, low-profile sites such as for local clubs or + schools. Since their reach and impact are much less, they are best handled by + inclusion in the user's user.action, and thus would be + unlikely to be included. - - -See also -Please see the user manual for information on references. + + + +Why doesn't anyone answer my support +request? + +Rest assured that it has been read and considered. Why it is not answered, +could be for various reasons, including no one has a good answer for it, no +one has had time to yet investigate it thoroughly, it has been reported +numerous times already, or because not enough information was provided to help +us help you. Your efforts are not wasted, and we do appreciate them. - - - + &seealso; + + + + + + +I've noticed that Privoxy changes <quote>Microsoft</quote> to +<quote>MicroSuck</quote>! Why are you manipulating my browsing? + + + We're not. The text substitutions that you are seeing are disabled + in the default configuration as shipped. You have either manually + activated the fun filter which + is clearly labeled Text replacements for subversive browsing + fun! or you are using an older Privoxy version and have implicitly + activated it by choosing the Adventuresome profile in the + web-based editor. Please upgrade. + + + + +Does Privoxy produce <quote>valid</quote> HTML (or XHTML)? + + + Privoxy generates HTML in both its own templates, and possibly + whenever there are text substitutions via a &my-app; filter. While this + should always conform to the HTML 4.01 specifications, it has not been + validated against this or any other standard. + + + + + + + + + + +Troubleshooting + + +I cannot connect to any websites. Or, I am getting +<quote>connection refused</quote> message with every web page. Why? + + There are several possibilities: + + + + +Privoxy is not running. Solution: verify + that &my-app; is installed correctly, has not crashed, and is indeed running. + Turn on Privoxy's logging, and look at the logs to see what they say. + + Or your browser is configured for a different port than what + Privoxy is using. Solution: verify that &my-app; + and your browser are set to the same port (listen-address). + + Or if using a forwarding rule, you have a configuration problem or a + problem with a host in the forwarding chain. Solution: temporarily alter your + configuration and take the forwarders out of the equation. + + + Or you have a firewall that is interfering and blocking you. Solution: + try disabling or removing the firewall as a simple test. + + + + + + + + +Why am I getting a 503 Error (WSAECONNREFUSED) on every page? + + More than likely this is a problem with your TCP/IP networking. ZoneAlarm has + been reported to cause this symptom -- even if not running! The solution is + to either fight the ZA configuration, or uninstall ZoneAlarm, and then find + something better behaved in its place. Other personal firewall type products + may cause similar type problems if not configured correctly. + + + + +I just added a new rule, but the steenkin ad is +still getting through. How? + + If the ad had been displayed before you added its URL, it will probably be + held in the browser's cache for some time, so it will be displayed without + the need for any request to the server, and Privoxy + will not be involved. Flush the browser's caches, and then try again. + + + + If this doesn't help, you probably have an error in the rule you + applied. Try pasting the full URL of the offending ad into http://config.privoxy.org/show-url-info + and see if it really matches your new rule. Blocking ads is like blocking + spam: a lot of tinkering is required to stay ahead of the game. And + remember you need to block the URL of the ad in question, which may be + entirely different from the site URL itself. Most ads are hosted on different + servers than the main site itself. If you right-click on the ad, you should + be able to get all the relevant information you need. Alternately, you can + find the correct URL by looking at Privoxy's logs + (you may need to enable logging in the main config file if its disabled). + + + Below is a slightly modified real-life log snippet that originates with one + requested URL: www.example.com (name of site was changed + for this example, the number of requests is real). You can see in this the + complexity of what goes into making up this one page. There + are eight different domains involved here, with thirty two separate URLs + requested in all, making up all manner of images, Shockwave Flash, + JavaScript, CSS stylesheets, scripts, and other related content. Some of this + content is obviously good or bad, but not all. + Many of the more questionable looking requests, are going to outside domains + that seem to be identifying themselves with suspicious looking names, making + our job a little easier. &my-app; has crunched (meaning caught + and BLOCKED) quite a few items in this example, but perhaps missed a few as well. + + + + + + + + Despite 12 out of 32 requests being blocked, the page looked, and seemed to + behave perfectly normal (minus some ads, of course). + + + + + +One of my favorite sites does not work with Privoxy. +What can I do? + + + First verify that it is indeed a Privoxy problem, + by toggling off Privoxy through http://config.privoxy.org/toggle + (the toggle feature may need to be enabled in the main + config), + and then shift-reloading the problem page (i.e. holding down the shift key + while clicking reload. Alternatively, flush your browser's disk and memory + caches). + + + + If the problem went away, we know we have a configuration related problem. + Now go to http://config.privoxy.org/show-url-info + and paste the full URL of the page in question into the prompt. See which + actions are being applied to the URL, and which matches in which actions + files are responsible for that. It might be helpful also to look at your logs + for this site too, to see what else might be happening (note: logging may need + to be enabled in the main config file). Many sites are + complex and require a number of related pages to help present their content. + Look at what else might be used by the page in question, and what of that + might be required. + Now, armed with this information, go to + http://config.privoxy.org/show-status + and select the appropriate actions files for editing. + + You can now either look for a section which disables the actions that + you suspect to cause the problem and add a pattern for your site there, + or make up a completely new section for your site. In any case, the recommended + way is to disable only the prime suspect, reload the problem page, and only + if the problem persists, disable more and more actions until you have + identified the culprit. You may or may not want to turn the other actions + on again. Remember to flush your browser's caches in between any such changes! + + + Alternately, if you are comfortable with a text editor, you can accomplish + the same thing by editing the appropriate actions file. Probably the easiest + way to deal with such problems when editing by hand is to add your + site to a { fragile } section in user.action, + which is an alias that turns off most dangerous + actions, but is also likely to turn off more actions then needed, and thus lower + your privacy and protection more than necessary, + + + Troubleshooting actions is discussed in more detail in the User Manual appendix, + Troubleshooting: the Anatomy of an Action. + There is also an actions tutorial + with general configuration information and examples. + + + As a last resort, you can always see if your browser has a setting that will + bypass the proxy setting for selective sites. Modern browsers can do this. + + + + + + + +After installing Privoxy, I have to log in +every time I start IE. What gives? + + + This is a quirk that effects the installation of + Privoxy, in conjunction with Internet Explorer and + Internet Connection Sharing on Windows 2000 and Windows XP. The symptoms may + appear to be corrupted or invalid DUN settings, or passwords. + + + + When setting up an NT based Windows system with + Privoxy you may find that things do not seem to be + doing what you expect. When you set your system up you will probably have set + up Internet Connection Sharing (ICS) with Dial up Networking (DUN) when + logged in with administrator privileges. You will probably have made this DUN + connection available to other accounts that you may have set-up on your + system. E.g. Mum or Dad sets up the system and makes accounts suitably + configured for the kids. + + + + When setting up Privoxy in this environment you + will have to alter the proxy set-up of Internet Explorer (IE) for the + specific DUN connection on which you wish to use + Privoxy. When you do this the ICS DUN set-up + becomes user specific. In this instance you will see no difference if you + change the DUN connection under the account used to set-up the connection. + However when you do this from another user you will notice that the DUN + connection changes to make available to "Me only". You will also find that + you have to store the password under each different user! + + + + The reason for this is that each user's set-up for IE is user specific. Each + set-up DUN connection and each LAN connection in IE store the settings for + each user individually. As such this enforces individual configurations + rather than common ones. Hence the first time you use a DUN connection after + re-booting your system it may not perform as you expect, and prompt you for + the password. Just set and save the password again and all should be OK. + + + +[Thanks to Ray Griffith for this submission.] + + + + + + +I cannot connect to any FTP sites. Privoxy + is blocking me. + + Privoxy cannot act as a proxy for FTP traffic, + so do not configure your browser to use Privoxy + as an FTP proxy. The same is true for any protocol other than HTTP + or HTTPS (SSL). + + + Most browsers understand FTP as well as HTTP. If you connect to a site, with + a URL like ftp://ftp.example.com, your browser is making + an FTP connection, and not a HTTP connection. So while your browser may + speak FTP, Privoxy does not, and cannot proxy + such traffic. + + + To complicate matters, some systems may have a generic proxy + setting, which will enable various protocols, including + both HTTP and FTP proxying! So it is possible to + accidentally enable FTP proxying in these cases. And of course, if this + happens, Privoxy will indeed cause problems since + it does not know FTP. Just disable the FTP setting + and all will be well again. + + + Will Privoxy ever proxy FTP traffic? Unlikely. + There just is not much reason, and the work to make this happen is more than + it may seem. + + + + + +In Mac OS X, I can't configure Microsoft Internet Explorer to use + Privoxy as the HTTP proxy. + + Microsoft Internet Explorer (in versions like 5.1) respects system-wide + network settings. In order to change the HTTP proxy, open System + Preferences, and click on the Network icon. In the settings pane that + comes up, click on the Proxies tab. Ensure the "Web Proxy (HTTP)" checkbox + is checked and enter 127.0.0.1 in the entry field. + Enter 8118 in the Port field. The next time you start + IE, it should reflect these values. + + + + + +In Mac OS X, I dragged the Privoxy folder to the trash in order to + uninstall it. Now the finder tells me I don't have sufficient privileges to + empty the trash. + + Just dragging the Privoxy folder to the trash is + not enough to delete it. Privoxy supplies an + uninstall.command file that takes care of + these details. Open the trash, drag the uninstall.command + file out of the trash and double-click on it. You will be prompted for + confirmation and the administration password. + + + The trash may still appear full after this command; emptying the trash + from the desktop should make it appear empty again. + + + + + + +In Mac OS X Panther (10.3), images often fail to load and/or I + experience random delays in page loading. I'm using + <literal>localhost</literal> as my browser's proxy setting. + + We believe this is due to an IPv6-related bug in Mac OS X, but don't fully + understand the issue yet. In any case, changing the proxy setting to + 127.0.0.1 instead of localhost + works around the problem. + + + + + +I get a completely blank page at one site. <quote>View Source</quote> + shows only: <markup><![CDATA[<html><body></body></html>]]></markup>. Without + Privoxy the page loads fine. + + Chances are that the site suffers from a bug in + PHP, + which results in empty pages being sent if the client explicitly requests + an uncompressed page, like Privoxy does. + This bug has been fixed in PHP 4.2.3. + + + To find out if this is in fact the source of the problem, try adding + the site to a -prevent-compression section in + user.action: + + + # Make exceptions for ill-behaved sites: + # + {-prevent-compression} + .example.com + + If that works, you may also want to report the problem to the + site's webmasters, telling them to use zlib.output_compression + instead of ob_gzhandler in their PHP applications (workaround) + or upgrade to PHP 4.2.3 or later (fix). + + + + +My logs show many <quote>Unable to get my own hostname</quote> lines. +Why? + + Privoxy tries to get the hostname of the system + its running on from the IP address of the system interface it is bound to + (from the config file + listen-address setting). If the system cannot supply + this information, Privoxy logs this condition. + + + Typically, this would be considered a minor system configuration error. It is + not a fatal error to Privoxy however, but may + result in a much slower response from Privoxy on + some platforms due to DNS timeouts. + + + This can be caused by a problem with the local HOSTS + file. If this file has been changed from the original, try reverting it to + see if that helps. Make sure whatever name(s) are used for the local system, + that they resolve both ways. + + + + +When I try to launch Privoxy, I get an +error message <quote>port 8118 is already in use</quote> (or similar wording). +Why? + + Port 8118 is Privoxy's default TCP + listening port. Typically this message would mean that there + is already one instance of Privoxy running, and + your system is actually trying to start a second + Privoxy on the same port, which will not work. + (You can have multiple instances but they must be assigned different ports.) + How and why this might happen varies from platform to platform, but you need + to check your installation and start-up procedures. + + + + + + Pages with UTF-8 fonts are garbled. + + + This is caused by the demoronizer filter. You should either + upgrade Privoxy, or at least upgrade to the most + recent default.action file available from SourceForge. + Or you can simply disable the demoronizer filter. + + + + + + Why are binary files (such as images) corrupted when Privoxy + is used? + + + This may also be caused by the demoronizer filter, + in conjunction with a web server that is misreporting the content type. Binary + files are exempted from Privoxy's filtering + (unless the web server by mistake says the file is something else). Either + upgrade Privoxy, or go to the most recent + default.action file available from SourceForge. + + + + + + What is the <quote>demoronizer</quote> and why is it there? + + + The original demoronizer was a Perl script that cleaned up HTML pages which + were created with certain Microsoft products. MS has used proprietary extensions + to standardized font encodings (ISO 8859-1), which has caused problems for pages + that are viewed with non-Microsoft products (and are expecting to see a + standard set of fonts). The demoronizer corrected these errors so the pages + displayed correctly. Privoxy borrowed from this + script, introducing a filter based on the original demoronizer, which in turn could + correct these errors on the fly. + + + But this is only needed in some situations, and will cause serious problems in some + other situations. + + + If you are using Microsoft products, you do not need it. If you need to view + pages with UTF-8 characters (such as Cyrillic or Chinese), then it will + cause corruption of the fonts, and thus should not be on. + + + On the other hand, if you use non-Microsoft products, and you occasionally + notice weird characters on pages, you might want to try it. + + + + + + Why do I keep seeing <quote>PrivoxyWindowOpen()</quote> in raw source code? + + + Privoxy is attempting to disable malicious + Javascript + in this case, with the unsolicited-popups + filter. Privoxy cannot tell very well + good code snippets from bad code snippets. + + + If you see this in HTML source, and the page displays without problems, then + this is good, and likely some pop-up window was disabled. If you see this + where it is causing a problem, such as a downloaded program source code file, + then you should set an exception for this site or page such that the + integrity of the page stays in tact by disabling all filtering. + + + + + + I am getting too many DNS errors like <quote>404 No Such Domain</quote>. Why + can't Privoxy do this better? + + + There are potentially several factors here. First of all, the DNS resolution + is done by the underlying operating system -- not + Privoxy itself. Privoxy + merely initiates the process and hands it off, and then later reports + whatever the outcome was. And tries to give a coherent message if there seems + to be a problem. In some cases, this might otherwise be mitigated by the + browser itself which might try some work-arounds and alternate approaches (e.g + adding www. to the URL). + + + In other cases, if Privoxy is being chained + with another proxy, this could complicate the issue, and cause undue + delays and timeouts. In the case of a socks4a proxy, the socks + server handles all the DNS. Privoxy would just be + the messenger which is reporting whatever problem occurred + downstream, and not the root cause of the error. + + + In any case, versions newer than 3.0.3 include various improvements to help + Privoxy better handle these cases. +]]> + + + + + At one site Privoxy just hangs, and starts taking + all CPU. Why is this? + + + This is probably a manifestation of the 100% cpu problem that + occurs on pages containing many (thousands upon thousands) of blank lines. The blank lines + are in the raw HTML source of the page, and the browser just ignores them. But the + pattern matching in Privoxy's page filtering + mechanism is trying to match against absurdly long strings and this becomes + very CPU-intensive, taking a long, long time to complete. Until a better + solution comes along, disable filtering on these pages, particularly the + js-annoyances and unsolicited-popups + filters. + + + + +I just installed Privoxy, and all my +browsing has slowed to a crawl. What gives? + + This should not happen, and for the overwhelming number of users world-wide, + it does not happen. I would suspect some inadvertent interaction of software + components such as anti-virus software, spyware protectors, personal + firewalls or similar components. Try disabling (or uninstalling) these one + at a time and see if that helps. + + + + +Why do my filters work on some sites but not on others? + + It's probably due to compression. It is a common practice for web servers to + send their content compressed in order to speed things up, and + then let the browser uncompress them. When compiled with zlib support + &my-app; can decompress content before filtering, otherwise you may want to enable +prevent-compression. + + + + + + + + Contacting the developers, Bug Reporting and Feature Requests + + &contacting; + + + + +Privoxy Copyright, License and History + + + ©right; + + + + + Portions of this document are borrowed from the original + Junkbuster (tm) FAQ, and modified as + appropriate for Privoxy. + + + + License + + &license; + + + + + + History + + &history; + + + + + + + + + + + + + + + +