X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Ffaq.sgml;h=5602b19fa61f2bce1fb29e9ce1213cc72d4601ed;hp=9857eb324ab11c12bbdf316a7e4b16ad2dd1260d;hb=043a1d495ada3ded930834bd238dbdc90bac47ef;hpb=d09495686ceb54f830dfecefcdfdde1061cc8f33
diff --git a/doc/source/faq.sgml b/doc/source/faq.sgml
index 9857eb32..5602b19f 100644
--- a/doc/source/faq.sgml
+++ b/doc/source/faq.sgml
@@ -8,7 +8,7 @@
-
+
@@ -26,9 +26,9 @@
This file belongs into
ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: faq.sgml,v 2.23 2006/10/21 22:19:52 hal9 Exp $
+ $Id: faq.sgml,v 2.38 2008/01/19 17:52:39 hal9 Exp $
- Copyright (C) 2001-2006 Privoxy Developers http://privoxy.org
+ Copyright (C) 2001-2008 Privoxy Developers http://www.privoxy.org/
See LICENSE.
Based partially on the Internet Junkbuster FAQ originally written by and
@@ -72,12 +72,12 @@
- Copyright &my-copy; 2001-2006 by
- Privoxy Developers
+ Copyright &my-copy; 2001-2008 by
+ Privoxy Developers
-$Id: faq.sgml,v 2.23 2006/10/21 22:19:52 hal9 Exp $
+$Id: faq.sgml,v 2.38 2008/01/19 17:52:39 hal9 Exp $General Information
-Who should use Privoxy?
+Who should give &my-app; a try?
- Anyone that is interested in security, privacy, or in
+ Anyone who is interested in security, privacy, or in
finer-grained control over their web and Internet experience.
- Everyone is encouraged to try &my-app;.
@@ -161,15 +160,16 @@ Hal.
me?
&my-app; is certainly a good choice, especially for those who want more
- control and security. Those that have the ability to fine-tune their installation
- will benefit the most. One of Privoxy's
- strength's is that it is highly configurable giving you the ability to
+ control and security. Those with the willingness to read the documentation
+ and the ability to fine-tune their installation will benefit the most.
+
+
+ One of Privoxy's
+ strengths is that it is highly configurable giving you the ability to
completely personalize your installation. Being familiar with, or at least
having an interest in learning about HTTP and other networking
- protocols, HTML,
- IP (Internet
- Protocol), and
+ protocols, HTML, and
Regular
Expressions
will be a big plus and will help you get the most out of &my-app;.
@@ -183,7 +183,9 @@ me?
with a Web browser.
But there are areas where configuration is done using a
text editor
- to edit configuration files.
+ to edit configuration files. Also note that the web-based action editor
+ doesn't use authentication and should only be enabled in environments
+ where all clients with access to &my-app; listening port can be trusted.
@@ -275,18 +277,9 @@ from the old Junkbuster?
The new Privoxy still blocks ads and banners,
still manages cookies, and still
- helps protect your privacy. But, these are all greatly enhanced, and many,
- many new features have been added, all in the same vein.
+ helps protect your privacy. But, most of these features have been enhanced,
+ and many new ones have been added, all in the same vein.
-
- The configuration has changed significantly as well. This is something that
- users will notice right off the bat if upgrading from
- Junkbuster 2.0.x. The blocklist
- cookielist, imagelist and much more has been
- combined into the actions files, with a completely different
- syntax. What's New
- page for the latest updates.]]>
-Privoxy's new features include:
@@ -351,10 +344,11 @@ This does not sound very scientific.
Will I have to configure Privoxy
before I can use it?
- No, not really. The default installation should give you a good starting
- point, and block most ads and unwanted content. Many of
- the more advanced features are off by default, and would require you to
- activate them.
+ That depends on your expectations.
+ The default installation should give you a good starting
+ point, and block most ads and unwanted content,
+ but many of the more advanced features are off by default, and require
+ you to activate them.
You do have to set up your browser to use
@@ -365,7 +359,7 @@ This does not sound very scientific.
And you will certainly run into situations where there are false positives,
or ads not being blocked that you may not want to see. In these cases, you
would certainly benefit by customizing Privoxy's
- configuration to more closely match your individual situation. And we would
+ configuration to more closely match your individual situation. And we
encourage you to do this. This is where the real power of
Privoxy lies!
@@ -386,8 +380,9 @@ Privoxy. Why should I use Privoxy at all?
Modern browsers do indeed have some of the same
functionality as Privoxy. Maybe this is
- adequate for you. But Privoxy is much more
- versatile and powerful, and can do a number of things that browsers just can't.
+ adequate for you. But Privoxy is very
+ versatile and powerful, and can probably do a number of things
+ your browser just can't.
In addition, a proxy is good choice if you use multiple browsers, or
@@ -396,6 +391,13 @@ Privoxy. Why should I use Privoxy at all?
have to maintain a similar configuration for possibly many browsers or
users.
+
+ Note, however, that it's recommended to leverage both your browser's
+ and Privoxy's privacy enhancing features
+ at the same time. While your browser probably lacks some features
+ &my-app; offers, it should also be able to do some things more
+ reliable, for example restricting and suppressing JavaScript.
+ Why should I trust Privoxy?
@@ -404,9 +406,9 @@ Privoxy. Why should I use Privoxy at all?
everything, and you can control everything. You can
check every line of every configuration file yourself. You can check every
last bit of source code should you desire. And even if you can't read code,
- there should be some comfort in knowing that thousands of other people can,
- and do read it. You can build the software from scratch, if you want, so
- that you know the executable is clean, and that it is
+ there should be some comfort in knowing that other people can,
+ and do read it. You can build the software from scratch, if you want,
+ so that you know the executable is clean, and that it is
yours. In fact, we encourage this level of scrutiny. It
is one reason we use &my-app; ourselves.
@@ -415,8 +417,8 @@ Privoxy. Why should I use Privoxy at all?
Is there is a license or fee? What about a
warranty? Registration?
- Privoxy is licensed under the GNU General Public License (GPL).
+ Privoxy is free software and licensed under the GNU General Public License (GPL) version 2.
It is free to use, copy, modify or distribute as you wish under the terms of this
license. Please see the Copyright section for more
information on the license and copyright. Or the LICENSE file
@@ -425,8 +427,6 @@ warranty? Registration?
There is no warranty of any kind, expressed, implied or otherwise.
That is something that would cost real money ;-) There is no registration either.
- Privoxy really is free
- in every respect!
@@ -434,10 +434,17 @@ warranty? Registration?
Can Privoxy remove spyware? Adware? Viruses?
- No. &my-app; cannot remove anything. It is not a removal tool. It is a
- preventative. &my-app; can help prevent contact from sites that use such
+ No, at least not reliably enough to trust it. &my-app; is not designed to be
+ a malware removal tool and the default configuration doesn't even try to
+ filter out any malware.
+
+
+ &my-app; could help prevent contact from (known) sites that use such
tactics with appropriate configuration rules, and thus could conceivably
- prevent contamination from such sites.
+ prevent contamination from such sites. However, keeping such a configuration
+ up to date would require a lot of time and effort that would be better spend
+ on keeping your software itself up to date so it doesn't have known
+ vulnerabilities.
@@ -450,9 +457,12 @@ warranty? Registration?
But it is probably not necessary to use &my-app; in conjunction with other
ad-blocking products, and this could conceivably cause undesirable results.
- It would be better to choose one software or the other and work a little to
+ It might be better to choose one software or the other and work a little to
tweak its configuration to your liking.
+
+ Note that this is an advice specific to ad blocking.
+I would like to help you, what can I do?
@@ -476,6 +486,11 @@ warranty? Registration?
url="../developer-manual/index.html">Developer's Manual, at least
the pertinent sections.
+
+ You can also start helping out without SourceForge.net account,
+ simply by showing up on the mailing list, helping out other users,
+ providing general feedback or reporting problems you noticed.
+ Contribute!
@@ -484,7 +499,8 @@ warranty? Registration?
buying software to test Privoxy with, and, of course,
for regular world-wide get-togethers (hahaha). If you enjoy the software and feel
like helping us with a donation, just drop us a note.
+ url="mailto: ijbswa-developers@lists.sourceforge.net">drop us a note
+ and get your name on the list of contributors.
@@ -514,7 +530,8 @@ warranty? Registration?
Any browser that can be configured to use a proxy, which
should be virtually all browsers, including
Firefox, Internet
- Explorer, and Opera among others.
+ Explorer, Opera, and
+ Safari among others.
Direct browser support is not an absolute requirement since
Privoxy runs as a separate application and talks
to the browser in the standardized HTTP protocol, just like a web server
@@ -549,6 +566,7 @@ Include supported.sgml here:
+
I just installed Privoxy. Is there anything
special I have to do now?
- All browsers must be told to use Privoxy
+ All browsers should be told to use Privoxy
as a proxy by specifying the correct proxy address and port number
- in the appropriate configuration area for the browser. See
+ in the appropriate configuration area for the browser. It's possible
+ to combine &my-app; with a packet filter to intercept HTTP requests
+ even if the client isn't explicitly configured to use &my-app;,
+ but where possible, configuring the client is recommended. See
the User Manual for more
- details. You should also flush your browser's memory and disk cache to get rid of any
- cached junk items, and remove any stored
+ details. You should also flush your browser's memory and disk
+ cache to get rid of any cached junk items, and remove any stored
cookies.
-
What is the proxy address of Privoxy?
If you set up the Privoxy to run on
@@ -593,9 +614,10 @@ special I have to do now?
networked computer on a LAN), the proxy will be on 127.0.0.1
(sometimes referred to as localhost,
which is the special name used by every computer on the Internet to refer
- to itself) and the port will be 8118 (unless you have Privoxy
- to run on a different port with the listen-address config option).
+ to itself) and the port will be 8118 (unless you used the listen-address
+ config option to tell Privoxy to run on
+ a different port).
When configuring your browser's proxy settings you typically enter
@@ -616,8 +638,7 @@ special I have to do now?
Privoxy does not currently handle
- any other protocols such as FTP, SMTP, IM, IRC, ICQ, etc. Be sure that
- proxying any of these other protocols is not activated.
+ any other protocols such as FTP, SMTP, IM, IRC, ICQ, etc.
@@ -680,11 +701,11 @@ Privoxy is running and being used.
Advanced --> Cache and
then click both Clear Memory Cache
and Clear Disk Cache.
- And, Firefox users would click
+ In some Firefox versions it's
Tools --> Options -->
Privacy --> Cache and
then click Clear Cache Now.
-
+
@@ -750,7 +771,10 @@ way to do this?
at http://config.privoxy.org/
(Shortcut: http://p.p/) and then select
View &
- change the current configuration from the menu.
+ change the current configuration from the menu. Note
+ that this feature must be explicitly enabled in the main config file
+ (see enable-edit-actions).
@@ -801,25 +825,12 @@ the differences?
Can I use my old config files?
- The syntax and purpose of configuration files has remained the same
- throughout the 3.x series. Although each release contains updated,
- improved versions and it is recommended to use the newer
- configuration files.
- fast-redirects
- has changed. See the What's New section
- of the User Manual for details.]]>
-
-
- But all configuration files have substantially
- changed from the Junkbuster days, and early
- versions of Privoxy 2.x. The old files, like
- blocklist will not work at all.
+ The syntax and purpose of configuration files has remained roughly the
+ same throughout the 3.x series, but backwards compatibility is not guaranteed.
+ Also each release contains updated, improved versions and it is
+ therefore strongly recommended to install the newer configuration files
+ and merge back your modifications.
-
- Refer to the What's New
- page for information on configuration changes that may occur from one release to another.
- ]]>
@@ -923,21 +934,20 @@ with a browser? Does that not raise security issues?
When you use the browser-based editor, Privoxy
itself is writing to the config files. Because
Privoxy is running as the user privoxy,
- it can update the config files.
+ it can update its own config files.
If you run Privoxy for multiple untrusted users (e.g. in
- a LAN), you will probably want to turn the web-based editor and remote toggle
- features off by setting off by setting enable-edit-actions
0 and enable-remote-toggle
0 in the main configuration file.
- Note that in the default configuration, only local users (i.e. those on
- localhost) can connect to Privoxy,
- so this is not (normally) a security problem.
+ As of &my-app; 3.0.7 these options are disabled by default.
@@ -946,17 +956,28 @@ with a browser? Does that not raise security issues?
What is the <filename>default.filter</filename> file? What is a <quote>filter</quote>?
The default.filter
- file is where filters as supplied by the developers are defined.
+ file is where filters as supplied by the developers are defined.
Filters are a special subset of actions that can be used to modify or
- remove, web page content on the fly. Filters apply to anything
- in the page source (and optionally both client and server headers), including
- HTML tags, and JavaScript. Regular expressions are used to accomplish this.
+ remove web page content or headers on the fly. Content filters can
+ be applied to anything in the page source,
+ header filters can be applied to either server or client headers.
+ Regular expressions are used to accomplish this.
+
+
There are a number of pre-defined filters to deal with common annoyances. The
filters are only defined here, to invoke them, you need to use the
filter
- action in one of the actions files. Filtering is automatically
- disabled for inappropriate MIME types.
+ action in one of the actions files. Content filtering is automatically
+ disabled for inappropriate MIME types, but if you now better than Privoxy
+ what should or should not be filtered you can filter any content you like.
+
+
+ Filters should
+ not be confused with blocks, which
+ is a completely different action, and is more typically used to block ads and
+ unwanted sites.
@@ -977,6 +998,15 @@ with a browser? Does that not raise security issues?
but you can disable/enable the various pre-defined filters of the included
default.filter file with the web-based actions file editor.
+ Note that the custom actions editor must be explicitly enabled in
+ the main config file (see enable-edit-actions).
+
+
+
+ If you intend to develop your own filters, you might want to have a look at
+ Privoxy-Filter-Test.
@@ -1080,7 +1110,7 @@ with a browser? Does that not raise security issues?
-I see some images being replaced by a text
+<title id="blockedbytext">I see some images being replaced with text
instead of the checkerboard image. Why and how do I get rid of this?
This happens when the banners are not embedded in the HTML code of the
@@ -1146,7 +1176,7 @@ and thus avoid individual browser configuration?
No, its more complicated than that. This only works with special kinds
- of proxies known as transparent proxies (see below).
+ of proxies known as intercepting proxies (see below).
@@ -1155,20 +1185,38 @@ and thus avoid individual browser configuration?
Can Privoxy run as a <quote>transparent
</quote> proxy?
- No, Privoxy currently does not have this ability,
- though it may be added in a future release. Transparent proxies require
- special handling of the request headers beyond what
- Privoxy is now capable of.
+ The whole idea of Privoxy is to modify client requests
+ and server responses in all sorts of ways and therefore
+ it's not a transparent proxy as described in
+ RFC 2616.
+
+
+ However, some people say transparent proxy when they
+ mean intercepting proxy. If you are one of them,
+ please read the next entry.
+
+
+
+Can Privoxy run as a <quote>intercepting</quote> proxy?
- Chaining Privoxy behind another proxy that has
- this ability should work though.
- See the forwarding chapter
- in the User Manual. As
- a transparent proxy to be used for chaining we suggest Transproxy
- (http://transproxy.sourceforge.net/).
+ Privoxy can't intercept traffic itself,
+ but it can handle requests that where intercepted and redirected
+ with a packet filter (like PF or
+ iptables), as long as the Host
+ header is present.
+
+
+ As the Host header is required by HTTP/1.1 and as most
+ web sites rely on it anyway, this limitation shouldn't be a problem.
+
+
+ Please refer to your packet filter's documentation to learn how to
+ intercept and redirect traffic into Privoxy.
+ Afterward you just have to configure Privoxy to
+ accept
+ intercepted requests.
@@ -1240,7 +1288,7 @@ and thus avoid individual browser configuration?
advantage of this layer of trust, and using the data they glean from you and
your browsing habits for their own purposes, and maybe to your potential
detriment. Such sites are using you and storing their data on your system.
- That is why the security conscious watch from whom those cookies come, and why
+ That is why the privacy conscious watch from whom those cookies come, and why
they really need to be there.
@@ -1257,7 +1305,7 @@ and thus avoid individual browser configuration?
There are several actions that relate to cookies. The default behavior is to
allow only session cookies, which means the cookies only last
for the current browser session. This eliminates most kinds of abuse related
- to cookies. But there may be cases where we want cookies to last.
+ to cookies. But there may be cases where you want cookies to last.
To disable all cookie actions, so that cookies are allowed unrestricted,
@@ -1269,7 +1317,7 @@ and thus avoid individual browser configuration?
.example.com
- Place the above in user.action. Note some of these may
+ Place the above in user.action. Note that some of these may
be off by default anyway, so this might be redundant, but there is no harm
being explicit in what you want to happen. user.action
includes an alias for this situation, called
@@ -1321,18 +1369,18 @@ and thus avoid individual browser configuration?
then subsequently allowing three specific exceptions.
- A more interesting approach is Privoxy's
+ Another approach is Privoxy'strustfile concept, which incorporates the notion of
trusted referrers. See the User Manual Trust
- documentation.
+ url="../user-manual/config.html#TRUSTFILE">Trust documentation
+ for details.
These are fairly simple approaches and are not completely foolproof. There
are various other configuration options that should be disabled (described
elsewhere here and in the User Manual)
so that users can't modify their own configuration and easily circumvent the
- whitelist.
+ whitelist.
@@ -1393,20 +1441,27 @@ and thus avoid individual browser configuration?
&my-app; for various purposes and can easily be modified using any text
editor. All the template pages are installed in a sub-directory appropriately
named: templates. Knowing something about HTML syntax
- will of course be helpful. You cannot rename any of these files, or create
- completely new templates, that is not possible. But you can change the page
- content to whatever you like. Be forewarned that these files are subject to
- being overwritten during upgrades, so be sure to save any customizations.
+ will of course be helpful.
+
+
+ Be forewarned that the default templates are subject to being overwritten
+ during upgrades. You can, however, create completely new templates,
+ place them in another directory and specify the alternate path in the main
+ config. For details, have a look at the templdir option.
How can I remove the <quote>Go There Anyway</quote> link from
the <emphasis>BLOCKED</emphasis> page?
+
+ There is more than one way to do it (although Perl is not involved).
+
Editing the BLOCKED template page (see above) may dissuade some users, but
this method is easily circumvented. Where you need this level of control, you
- should build &my-app; from source, and enable various features that are
+ might want to build &my-app; from source, and disable various features that are
available as compile-time options. You should
configure the sources as follows:
@@ -1417,17 +1472,13 @@ the BLOCKED page?
This will create an executable with hard-coded security features so that
&my-app; does not allow easy bypassing of blocked sites, or changing the
- current configuration via any connected user's web browser. Some of these
- features can also be toggled on/off via options in
- Privoxy's main
- config file. But
- compiled-in compliance is a much better method of ensuring that a block is
- really a block.
+ current configuration via any connected user's web browser.
- Default builds of &my-app; are typically built with these features
- disabled.
+ Finally, all of these features can also be toggled on/off via options in
+ Privoxy's main config file which
+ means you don't have to recompile anything.
@@ -1454,8 +1505,8 @@ has to add extra time to browsing.
retrieved and displayed. The actual processing time required by
Privoxy itself for each page, is relatively small
in the overall scheme of things, and happens very quickly. This is typically
- more than offset by time saved not downloading and rendering ad images (if ad
- blocking is being used).
+ more than offset by time saved not downloading and rendering ad images and
+ other junk content (if ad blocking is being used).
@@ -1463,25 +1514,25 @@ has to add extra time to browsing.
url="../user-manual/actions-file.html#FILTER">filter or
deanimate-gifs
- actions will certainly cause a perceived slowdown, since the entire document
- needs to be buffered before displaying. And on very large documents, filtering may have
- some measurable impact. How much depends on the page size, the actual
- definition of the filter(s), etc. See below. Most other actions have little
- to no impact on speed.
+ actions may cause a perceived slowdown, since the entire document
+ needs to be buffered before displaying. And on very large documents,
+ filtering may have some measurable impact. How much depends on the page size,
+ the actual definition of the filter(s), etc. See below. Most other actions
+ have little to no impact on speed.
-
- Also, when filtering is enabled, typically there is a disabling of
- compression, (see
+ Also, when filtering is enabled but zlib support isn't available, compression
+ is often disabled (see prevent-compression).
- This can have an impact on speed as well. Again, the page size, etc. will
- determine how much of an impact.
+ This can have an impact on speed as well, although it's probably smaller than
+ you might think. Again, the page size, etc. will determine how much of an impact.
I notice considerable
-delays in page requests compared to the old Junkbuster. What's wrong?
+delays in page requests. What's wrong?
If you use any filter action,
@@ -1507,7 +1558,6 @@ delays in page requests compared to the old Junkbuster. What's wrong?
to differentiate filterable content because of the MIME type as reported by
the server, or because of some configuration setting that enables/disables
filtering.
-
@@ -1532,19 +1582,7 @@ delays in page requests compared to the old Junkbuster. What's wrong?
hence it could not be intercepted, and you have accessed the real
web site at config.privoxy.org.
-
- With recent versions of Privoxy (version 2.9.x and
- later), the user interface features information on the run time status, the
- configuration, and even a built-in editor for the actions files.
-
-
- Note that the built-in URLs from earlier versions of Junkbuster
- / Privoxy, http://example.com/show-proxy-args and http://i.j.b/,
- are no longer supported. If you still use such an old version, you should really consider
- upgrading to &p-version;.
-Can Privoxy guarantee I am anonymous?
- No. Your chances of remaining anonymous are greatly improved, but unless you
+ No. Your chances of remaining anonymous are improved, but unless you
chain Privoxy with Tor
- or a similar system and know what you're doing when it comes to configuring
- the rest of your system, it would be safest to assume that everything you do
+ or a similar proxy and know what you're doing when it comes to configuring
+ the rest of your system, you should assume that everything you do
on the Web can be traced back to you.
@@ -1655,7 +1684,7 @@ us help you. Your efforts are not wasted, and we do appreciate them.
configuration and chained it with Tor.
- Most of Privoxy's protection can be easily subverted
+ Most of Privoxy's privacy-enhancing features can be easily subverted
by an insecure browser configuration, therefore you should use a browser that can
be configured to only execute code from trusted sites, and be careful which sites you trust.
For example there is no point in having Privoxy
@@ -1691,15 +1720,15 @@ us help you. Your efforts are not wasted, and we do appreciate them.
How do I use Privoxy
together with Tor?
- Before you configure Privoxy to use Tor
- (http://tor.eff.org/),
+ Before you configure Privoxy to use
+ Tor,
please follow the User Manual chapters
2. Installation and
5. Startup to make sure
Privoxy itself is setup correctly.
- If it is, refer to Tor's
+ If it is, refer to Tor's
extensive documentation to learn how to install Tor,
and make sure Tor's logfile says that
Tor has successfully opened a circuit and it
@@ -1718,8 +1747,7 @@ us help you. Your efforts are not wasted, and we do appreciate them.
are working, it is time to connect them. As far as Privoxy
is concerned, Tor is just another proxy that can be reached
by socks4 or socks4a. Most likely you are interested in Tor
- to increase your anonymity level, therefore you should use socks4a,
- to make sure Privoxy's DNS requests are
+ to increase your anonymity level, therefore you should use socks4a, to make sure DNS requests are
done through Tor and thus invisible to your local network.
@@ -1739,7 +1767,7 @@ us help you. Your efforts are not wasted, and we do appreciate them.
- This is enough to reach the Internet, but additionally you should
+ This is enough to reach the Internet, but additionally you might want to
uncomment the following forward rules, to make sure your local network is still
reachable through Privoxy:
@@ -1753,10 +1781,15 @@ us help you. Your efforts are not wasted, and we do appreciate them.
Unencrypted connections to systems in these address ranges will
be as (un)secure as the local network is, but the alternative is
- that you can't reach the network at all.
- If you also want to be able to reach servers in your local
- network by using their names, you will need additional
- exceptions that look like this:
+ that your browser can't reach the network at all. Then again,
+ that may actually be desired and if you don't know for sure
+ that your browser has to be able to reach the local network,
+ there's no reason to allow it.
+
+
+ If you want your browser to be able to reach servers in your local
+ network by using their names, you will need additional exceptions
+ that look like this:
@@ -1769,14 +1802,15 @@ us help you. Your efforts are not wasted, and we do appreciate them.
in your browser, confirm that Privoxy has reloaded its configuration
and that there are no other forward lines, unless you know that you need them. If everything looks good,
refer to
- Tor
+ Tor
Faq 4.2 to learn how to verify that you are really using Tor.
Afterward, please take the time to at least skim through the rest
of Tor's documentation. Make sure you understand
what Tor does, why it is no replacement for
- application level security, and why you shouldn't use it for unencrypted logins.
+ application level security, and why you probably don't want to
+ use it for unencrypted logins.
]]>
@@ -1793,15 +1827,12 @@ content is being altered?
- User-Agent is often used in this way to identify
- the browser, and adjust content accordingly. Changing this now (at least not
- further than removing the OS information) is not recommended, since so many
- sites do look for it. You may get undesirable results by changing just this
- one aspect.
+ The User-Agent is sometimes used in this way to identify
+ the browser, and adjust content accordingly.
- Also, different browsers use different encodings of Russian and Czech
+ Also, different browsers use different encodings of non-English
characters, certain web servers convert pages on-the-fly according to the
User Agent header. Giving a User Agent with the wrong
operating system or browser manufacturer causes some sites in these languages
@@ -1811,7 +1842,7 @@ content is being altered?
weather maps of Intellicast have been blocked by their server when no
Referer or cookie is provided, is another example. (But you
can forge both headers without giving information away). There are
- many other ways things that can go wrong when trying to fool a web server. The
+ many other ways things can go wrong when trying to fool a web server. The
results of which could inadvertently cause pages to load incorrectly,
partially, or even not at all. And there may be no obvious clues as to just
what went wrong, or why. Nowhere will there be a message that says
@@ -1838,8 +1869,9 @@ content is being altered?
speed up web browsing?
No, it does not have this ability at all. You want something like
- Squid for this. And, yes,
- before you ask, Privoxy can co-exist
+ Squid or
+ Polipo for this.
+ And, yes, before you ask, Privoxy can co-exist
with other kinds of proxies like Squid.
See the forwarding
chapter in the user
@@ -1850,10 +1882,10 @@ speed up web browsing?
What about as a firewall? Can Privoxy protect me?
- Not in the way you mean, or in the way a true firewall can.
- Privoxy can help protect your privacy, but not
- protect you from intrusion attempts. It is, of course, perfectly possible
- and recommended to use both.
+ Not in the way you mean, or in the way some firewall vendors claim they can.
+ Privoxy can help protect your privacy, but can't
+ protect your system from intrusion attempts. It is, of course, perfectly possible
+ to use both.
@@ -1922,14 +1954,14 @@ ads used to be. Why?
Privoxy runs as a <quote>server</quote>. How
secure is it? Do I need to take any special precautions?
- There are no known exploits that might affect
- Privoxy. On Unix-like systems,
- Privoxy can run as a non-privileged
- user, which is how we recommend it be run. Also, by default
- Privoxy only listens to requests
- from localhost only. The server aspect of
- Privoxy is not itself directly exposed to the
- Internet in this configuration. If you want to have
+ On Unix-like systems, Privoxy can run as a non-privileged
+ user, which is how we recommend it be run. Also, by default
+ Privoxy listens to requests from localhost
+ only.
+
+
+ The server aspect of Privoxy is not itself directly
+ exposed to the Internet in this configuration. If you want to have
Privoxy serve as a LAN proxy, this will have to
be opened up to allow for LAN requests. In this case, we'd recommend
you specify only the LAN gateway address, e.g. 192.168.1.1, in the main
@@ -1944,14 +1976,21 @@ secure is it? Do I need to take any special precautions?
-How can I temporarily disable Privoxy?
+Can I temporarily disable Privoxy?
- The easiest way is to access Privoxy with your
- browser by using the remote toggle URL:
+
+ The easiest way to do that is to point your browser
+ to the remote toggle URL: http://config.privoxy.org/toggle.
+
+
See the Bookmarklets section
of the User Manual for an easy way to access this
- feature.
+ feature. Note that this is a feature that may need to be enabled in the main
+ config file.
@@ -1960,9 +1999,9 @@ secure is it? Do I need to take any special precautions?
When <quote>disabled</quote> is Privoxy totally
out of the picture?
- No, this just means all filtering and actions are disabled.
- Privoxy is still acting as a proxy, but just not
- doing any of the things that Privoxy would
+ No, this just means all optional filtering and actions are disabled.
+ Privoxy is still acting as a proxy, but just
+ doing less of the things that Privoxy would
normally be expected to do. It is still a middle-man in
the interaction between your browser and web sites. See below to bypass
the proxy.
@@ -1993,6 +2032,10 @@ ads, but also its own internal CGI pages. What is a crunch?crunch.
+
+ Since version 3.0.7, Privoxy will also log the crunch reason.
+ If you are using an older version you might want to upgrade.
+
@@ -2018,7 +2061,7 @@ from a webserver? FTP server?
Privoxy knows the differences in files according
- to the Document Type as reported by the webserver. If this is
+ to the Content Type as reported by the webserver. If this is
reported accurately (e.g. application/zip for a zip archive),
then Privoxy knows to ignore these where
appropriate. Privoxy potentially can filter HTML
@@ -2035,11 +2078,11 @@ from a webserver? FTP server?
did filter this document type.
- In short, filtering is ON if a) the Document Type as reported
+ In short, filtering is ON if a) the content type as reported
by the webserver is appropriate and b) the configuration
allows it (or at least does not disallow it). That's it. There is no magic
cookie anywhere to say this is good and this is
- bad. It's the configuration that let's it all happen or not.
+ bad. It's the configuration that lets it all happen or not.
If you download text files, you probably do not want these to be filtered,
@@ -2078,8 +2121,8 @@ altered it! Yikes, what is wrong!
Privoxy. Privoxy
does essentially the same thing, much more elegantly and with much more
flexibility. A large HOSTS file, in fact, not only
- duplicates effort, but may get in the way. It is recommended to remove
- such entries from your HOSTS file. If you think
+ duplicates effort, but may get in the way and seriously slow down your system.
+ It is recommended to remove such entries from your HOSTS file. If you think
your hosts list is neglected by Privoxy's
configuration, consider adding your list to your user.action file:
@@ -2120,10 +2163,22 @@ and related issues?
is clearly labeled Text replacements for subversive browsing
fun! or you are using an older Privoxy version and have implicitly
activated it by choosing the Adventuresome profile in the
- web-based editor. Please upgrade!
+ web-based editor. Please upgrade.
+
+
+
+
+Does Privoxy produce <quote>valid</quote> HTML (or XHTML)?
+
+
+ Privoxy generates HTML in both its own templates, and possibly
+ whenever there are text substitutions via a &my-app; filter. While this
+ should always conform to the HTML 4.01 specifications, it has not been
+ validated against this or any other standard.
+
@@ -2143,7 +2198,7 @@ and related issues?
Privoxy is not running. Solution: verify
that &my-app; is installed correctly, has not crashed, and is indeed running.
- Look at Privoxy's logs to see what they say.
+ Turn on Privoxy's logging, and look at the logs to see what they say.
Or your browser is configured for a different port than what
Privoxy is using. Solution: verify that &my-app;
@@ -2194,7 +2249,8 @@ still getting through. How?
entirely different from the site URL itself. Most ads are hosted on different
servers than the main site itself. If you right-click on the ad, you should
be able to get all the relevant information you need. Alternately, you can
- find the correct URL by looking at Privoxy's logs.
+ find the correct URL by looking at Privoxy's logs
+ (you may need to enable logging in the main config file if its disabled).
Below is a slightly modified real-life log snippet that originates with one
@@ -2220,31 +2276,31 @@ Request: img.example.com/sr.js
Request: example.betamarker.com/example.html
Request: www.lik-sang.com/Banners/bestsellers/skyscraper.php?likref=BSellers
Request: img.example.com/pb.png
-Request: www.google-analytics.com/urchin.js crunch!
-Request: www.advertising-department.com/ats/switch.ps.php?26856 crunch!
+Request: www.google-analytics.com/urchin.js crunch! (Blocked)
+Request: www.advertising-department.com/ats/switch.ps.php?26856 crunch! (Blocked)
Request: img.example.com/p.gif
-Request: www.popuptraffic.com/assign.php?l=example&mode=behind crunch!
-Request: www.popuptraffic.com/scripts/popup.php?hid=5c3cf&tmpl=PBa.tmpl crunch!
-Request: www.popuptraffic.com/assign.php?l=example crunch!
+Request: www.popuptraffic.com/assign.php?l=example&mode=behind crunch! (Blocked)
+Request: www.popuptraffic.com/scripts/popup.php?hid=5c3cf&tmpl=PBa.tmpl crunch! (Blocked)
+Request: www.popuptraffic.com/assign.php?l=example crunch! (Blocked)
Request: www.lik-sang.com/Banners/best_sellers/best_sellers.css
-Request: www.adtrak.net/adx.js crunch!
+Request: www.adtrak.net/adx.js crunch! (Blocked)
Request: img.example.com/hbg.gif
Request: img.example.com/example.jpg
Request: img.example.com/mt.png
Request: img.example.com/mm.png
Request: img.example.com/mb.png
-Request: www.popuptraffic.com/scripts/popup.php?hid=a71b91fa5&tmpl=Ua.tmp crunch!
+Request: www.popuptraffic.com/scripts/popup.php?hid=a71b91fa5&tmpl=Ua.tmp crunch! (Blocked)
Request: www.example.com/tracker.js
Request: www.lik-sang.com/Banners/best_sellers/lsi_head.gif
-Request: www.adtrak.net/adjs.php?n=020548130&what=zone:61 crunch!
-Request: www.adtrak.net/adjs.php?n=463594413&what=zone:58&source=Ua crunch!
+Request: www.adtrak.net/adjs.php?n=020548130&what=zone:61 crunch! (Blocked)
+Request: www.adtrak.net/adjs.php?n=463594413&what=zone:58&source=Ua crunch! (Blocked)
Request: www.lik-sang.com/Banners/best_sellers/bottomani.swf
-Request: mmm.elitemediagroup.net/install.php?allowpop=no&popupmincook=0&allowsp2=1 crunch!
+Request: mmm.elitemediagroup.net/install.php?allowpop=no&popupmincook=0&allowsp2=1 crunch! (Blocked)
Request: www.example.com/tracker.js?screen=1400x1050&win=962x693
-Request: www.adtrak.net/adlog.php?bannerid=1309&clientid=439&zoneid=61 crunch!
+Request: www.adtrak.net/adlog.php?bannerid=1309&clientid=439&zoneid=61 crunch! (Blocked)
Request: 66.70.21.80/scripts/click.php?hid=5c3cf599a9efd0320d26&si
Request: 66.70.21.80/img/pixel.gif
-Request: www.adtrak.net/adlog.php?bannerid=1309&clientid=439&zoneid=58&source=Ua&block=86400 crunch!
+Request: www.adtrak.net/adlog.php?bannerid=1309&clientid=439&zoneid=58&source=Ua&block=86400 crunch! (Blocked)
Request: 66.70.21.80/scripts/click.php?hid=a71b9f6504b0c5681fa5&si=Ua
]]>
@@ -2263,7 +2319,9 @@ What can I do?
First verify that it is indeed a Privoxy problem,
by toggling off Privoxy through http://config.privoxy.org/toggle,
+ url="http://config.privoxy.org/toggle">http://config.privoxy.org/toggle
+ (the toggle feature may need to be enabled in the main
+ config),
and then shift-reloading the problem page (i.e. holding down the shift key
while clicking reload. Alternatively, flush your browser's disk and memory
caches).
@@ -2276,7 +2334,8 @@ What can I do?
and paste the full URL of the page in question into the prompt. See which
actions are being applied to the URL, and which matches in which actions
files are responsible for that. It might be helpful also to look at your logs
- for this site too, to see what else might be happening. Many sites are
+ for this site too, to see what else might be happening (note: logging may need
+ to be enabled in the main config file). Many sites are
complex and require a number of related pages to help present their content.
Look at what else might be used by the page in question, and what of that
might be required.
@@ -2403,8 +2462,8 @@ every time I start IE. What gives?
-
-In Mac OSX, I can't configure Microsoft Internet Explorer to use
+<sect2 id="macosxie" renderas="sect3">
+<title>In Mac OS X, I can't configure Microsoft Internet Explorer to use
Privoxy as the HTTP proxy.
Microsoft Internet Explorer (in versions like 5.1) respects system-wide
@@ -2418,8 +2477,8 @@ every time I start IE. What gives?
-
-In Mac OSX, I dragged the Privoxy folder to the trash in order to
+<sect2 renderas="sect3" id="macosxuninstall">
+<title>In Mac OS X, I dragged the Privoxy folder to the trash in order to
uninstall it. Now the finder tells me I don't have sufficient privileges to
empty the trash.
@@ -2438,12 +2497,12 @@ every time I start IE. What gives?
-
-In Mac OSX Panther (10.3), images often fail to load and/or I
+<sect2 renderas="sect3" id="macosximages">
+<title>In Mac OS X Panther (10.3), images often fail to load and/or I
experience random delays in page loading. I'm using
<literal>localhost</literal> as my browser's proxy setting.
- We believe this is due to an IPv6-related bug in OSX, but don't fully
+ We believe this is due to an IPv6-related bug in Mac OS X, but don't fully
understand the issue yet. In any case, changing the proxy setting to
127.0.0.1 instead of localhost
works around the problem.
@@ -2540,7 +2599,7 @@ Why?
This may also be caused by the demoronizer filter,
- in conjunction with a web server that is misreporting a file type. Binary
+ in conjunction with a web server that is misreporting the content type. Binary
files are exempted from Privoxy's filtering
(unless the web server by mistake says the file is something else). Either
upgrade Privoxy, or go to the most recent
@@ -2574,7 +2633,7 @@ Why?
On the other hand, if you use non-Microsoft products, and you occasionally
- notice wierd characters on pages, you might want to try it.
+ notice weird characters on pages, you might want to try it.
@@ -2611,9 +2670,11 @@ Why?
whatever the outcome was. And tries to give a coherent message if there seems
to be a problem. In some cases, this might otherwise be mitigated by the
browser itself which might try some work-arounds and alternate approaches (e.g
- adding www. to the URL). In other cases, if
- Privoxy is being chained with another proxy, this
- could complicate the issue, and cause undue
+ adding www. to the URL).
+
+
+ In other cases, if Privoxy is being chained
+ with another proxy, this could complicate the issue, and cause undue
delays and timeouts. In the case of a socks4a proxy, the socks
server handles all the DNS. Privoxy would just be
the messenger which is reporting whatever problem occurred
@@ -2621,7 +2682,7 @@ Why?
- In any case, newer versions include various improvements to help
+ In any case, versions newer than 3.0.3 include various improvements to help
Privoxy better handle these cases.
]]>
@@ -2661,11 +2722,10 @@ browsing has slowed to a crawl. What gives?
It's probably due to compression. It is a common practice for web servers to
send their content compressed in order to speed things up, and
- then let the browser uncompress them. &my-app; does not (yet)
- support compression. But we can force the web server to bend to our will ;-)
- So for filtering, make sure you have prevent-compression
- turned ON!
+ then let the browser uncompress them. When compiled with zlib support
+ &my-app; can decompress content before filtering, otherwise you may want to enable
+prevent-compression.
@@ -2748,6 +2808,65 @@ browsing has slowed to a crawl. What gives?
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
$Log: faq.sgml,v $
+Revision 2.38 2008/01/19 17:52:39 hal9
+Re-commit to fix various minor issues for new release.
+
+Revision 2.37 2008/01/19 15:03:05 hal9
+Doc sources tagged for 3.0.8 release.
+
+Revision 2.36 2008/01/17 01:49:51 hal9
+Change copyright notice for docs s/2007/2008/. All these will be rebuilt soon
+enough.
+
+Revision 2.35 2007/11/19 17:57:59 fabiankeil
+A bunch of rewordings, minor updates and fixes.
+
+Revision 2.34 2007/11/19 02:38:11 hal9
+Minor revisions and rebuild
+
+Revision 2.33 2007/11/15 03:30:20 hal9
+Results of spell check.
+
+Revision 2.32 2007/11/13 03:03:42 hal9
+Various changes to reflect new features and revised configuration for the
+upcoming release.
+
+Revision 2.31 2007/11/05 02:34:53 hal9
+Various changes in preparation for the upcoming release. Much yet to be done.
+
+Revision 2.30 2007/11/04 15:16:40 hal9
+Fix one silly typo.
+
+Revision 2.29 2007/11/04 15:12:47 hal9
+Various minor adjustments.
+
+Revision 2.28 2007/10/27 15:14:16 fabiankeil
+Change Tor links to use the new domain torproject.org.
+
+Revision 2.27 2007/10/22 19:47:05 fabiankeil
+- Bump version and copyright.
+- Adjust Tor section to make it clear that forward exceptions
+ aren't required and may not even be desired.
+- A bunch of other minor rewordings.
+- Fix markup problems Roland noticed (hopefully without adding new ones).
+
+Revision 2.26 2007/08/05 15:37:55 fabiankeil
+- Don't claim that thousands of people read our code.
+- Specify the GPL version and link to GPLv2 instead of v3.
+- Note that configuration syntax may change between releases.
+- Mention zlib support.
+- Answer the "transparent proxy" question properly.
+- Add "intercepting proxy" entry.
+- Mention Polipo.
+- Rephrase some other sentences for various reasons.
+
+Revision 2.25 2007/07/18 11:00:34 hal9
+Add misc note about valid mark-up in Privoxy.
+
+Revision 2.24 2006/11/14 01:57:46 hal9
+Dump all docs prior to 3.0.6 release. Various minor changes to faq and user
+manual.
+
Revision 2.23 2006/10/21 22:19:52 hal9
Two new FAQs, a rewrite or two, and some touch ups.
@@ -2801,7 +2920,7 @@ Revision 1.61.2.41 2004/04/05 13:44:05 oes
Fixed allow-all-cookies alias name; closes SR #929746
Revision 1.61.2.40 2004/01/30 17:00:33 oes
-Added OSX Panther problem
+Added Mac OS X Panther problem
Revision 1.61.2.39 2004/01/29 22:53:08 hal9
Minor changes for exempting docs of text/plain. Change copyright date.
@@ -2888,28 +3007,28 @@ Revision 1.61.2.15 2002/08/10 11:34:22 oes
Add disclaimer about probably being out-of-date
Revision 1.61.2.14 2002/08/07 02:53:43 hal9
-Fix some minor markup errors, and move one OSX Q/A to troubleshooting section.
+Fix some minor markup errors, and move one Mac OS X Q/A to troubleshooting section.
Revision 1.61.2.13 2002/08/06 11:55:32 oes
Added missing close tag
Revision 1.61.2.12 2002/08/06 11:43:46 david__schmidt
-Updated OSX uninstall FAQ... we have an uninstall script now.
+Updated Mac OS X uninstall FAQ... we have an uninstall script now.
Revision 1.61.2.11 2002/08/06 08:54:03 oes
Style police: Fixed formatting details
Revision 1.61.2.10 2002/08/02 14:00:25 david__schmidt
-Made the OSX removal commands far less dangerous
+Made the Mac OS X removal commands far less dangerous
Revision 1.61.2.9 2002/08/02 13:14:45 oes
-Added warning about sudo rm -r for Mac OSX deinstallation; moved this item to install section
+Added warning about sudo rm -r for Mac OS X deinstallation; moved this item to install section
Revision 1.61.2.8 2002/08/02 02:01:42 david__schmidt
-Add FAQ item for MSIE on OSX HTTP proxy confusion
+Add FAQ item for MSIE on Mac OS X HTTP proxy confusion
Revision 1.61.2.7 2002/08/02 01:46:01 david__schmidt
-Added FAQ item for Mac OSX uninstall woes
+Added FAQ item for Mac OS X uninstall woes
Revision 1.61.2.6 2002/07/30 20:04:56 hal9
Fix typo: 'schould'.