X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Ffaq.sgml;h=6422f84189812c68f04bb1543f260e62286cd026;hp=a7d7da681c4f1fc4ac6f79250b8e10c420a175c5;hb=6b12a8f1704e127a1553e08541cd007dbdfc462e;hpb=64e44fa87bee034e21ac06c9de42a4c0e50d57a6 diff --git a/doc/source/faq.sgml b/doc/source/faq.sgml index a7d7da68..6422f841 100644 --- a/doc/source/faq.sgml +++ b/doc/source/faq.sgml @@ -1,5 +1,5 @@ + @@ -8,8 +8,8 @@ - - + + @@ -26,10 +26,8 @@ Purpose : FAQ This file belongs into ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/ - - $Id: faq.sgml,v 2.65 2009/07/18 16:24:39 fabiankeil Exp $ - Copyright (C) 2001-2009 Privoxy Developers http://www.privoxy.org/ + Copyright (C) 2001-2018 Privoxy Developers https://www.privoxy.org/ See LICENSE. Based partially on the Internet Junkbuster FAQ originally written by and @@ -39,12 +37,12 @@ - + How are you? - + Fine. @@ -52,12 +50,12 @@ ======================================================================== - NOTE: Please read developer-manual/documentation.html before touching + NOTE: Please read developer-manual/documentation.html before touching this file! - Please we keep the info in this file as version independent as possible - so we only have to maintain one FAQ. Where significant changes are - made to Privoxy configuration, please note the change in such a way that + Please we keep the info in this file as version independent as possible + so we only have to maintain one FAQ. Where significant changes are + made to Privoxy configuration, please note the change in such a way that it makes sense to both users of older and newer versions. ======================================================================== @@ -73,23 +71,23 @@ - Copyright &my-copy; 2001-2009 by - Privoxy Developers + Copyright &my-copy; 2001-2018 by + Privoxy Developers -$Id: faq.sgml,v 2.65 2009/07/18 16:24:39 fabiankeil Exp $ +$Id: faq.sgml,v 2.135 2017/03/27 10:22:27 fabiankeil Exp $ +--> @@ -135,14 +133,11 @@ Hal. Please note that this document is a work in progress. This copy represents the state at the release of version &p-version;. You can find the latest version of the document at http://www.privoxy.org/faq/. + url="https://www.privoxy.org/faq/">https://www.privoxy.org/faq/. Please see the Contact section if you want to - contact the developers. + contact the developers. - - - @@ -152,7 +147,7 @@ Hal. General Information Who should give &my-app; a try? - Anyone who is interested in security, privacy, or in + Anyone who is interested in security, privacy, or in finer-grained control over their web and Internet experience. @@ -160,7 +155,7 @@ Hal. Is Privoxy the best choice for me? - &my-app; is certainly a good choice, especially for those who want more + &my-app; is certainly a good choice, especially for those who want more control and security. Those with the willingness to read the documentation and the ability to fine-tune their installation will benefit the most. @@ -170,19 +165,19 @@ me? completely personalize your installation. Being familiar with, or at least having an interest in learning about HTTP and other networking - protocols, HTML, and + protocols, HTML, and Regular Expressions - will be a big plus and will help you get the most out of &my-app;. - A new installation just includes a very basic configuration. The user - should take this as a starting point only, and enhance it as he or she - sees fit. In fact, the user is encouraged, and expected to, fine-tune the + will be a big plus and will help you get the most out of &my-app;. + A new installation just includes a very basic configuration. The user + should take this as a starting point only, and enhance it as he or she + sees fit. In fact, the user is encouraged, and expected to, fine-tune the configuration. - Much of Privoxy's configuration can be done + Much of Privoxy's configuration can be done with a Web browser. - But there are areas where configuration is done using a + But there are areas where configuration is done using a text editor to edit configuration files. Also note that the web-based action editor doesn't use authentication and should only be enabled in environments @@ -220,13 +215,13 @@ Privoxy work? Does Privoxy do anything more than ad blocking? - - Yes, ad blocking is but one possible use. There are many, many ways &my-app; - can be used to sanitize and customize web browsing. + + Yes, ad blocking is but one possible use. There are many, many ways &my-app; + can be used to sanitize and customize web browsing. -What is this new version of +<sect2 renderas="sect3" id="newjb"><title>What is this new version of <quote><citetitle>Junkbuster</citetitle></quote>? @@ -236,31 +231,30 @@ Privoxy work? - -Why <quote>Privoxy</quote>? Why change the name from +<sect2 renderas="sect3" id="whyprivoxy"> +<title>Why <quote>Privoxy</quote>? Why change the name from Junkbuster at all? - Though outdated, Junkbusters Corporation - continues to offer their original version of the Internet - Junkbuster, so publishing our - Junkbuster-derived software under the same name - led to confusion. + Though outdated, Junkbusters Corporation continued to offer their original + version of the Internet Junkbuster for a while, + so publishing our Junkbuster-derived software + under the same name would have led to confusion. - There are also potential legal complications from our use of the - Junkbuster name, which is a registered trademark of - Junkbusters Corporation. - There are, however, no objections from Junkbusters Corporation to the - Privoxy project itself, and they, in fact, still - share our ideals and goals. + There were also potential legal reasons not to use the + Junkbuster name, as it was (and maybe still is) + a registered trademark of Junkbusters Corporation. + There were, however, no objections from Junkbusters Corporation to the + Privoxy project itself, and they, in fact, + shared our ideals and goals. - The developers also believed that there are so many improvements over the original - code, that it was time to make a clean break from the past and make - a name in their own right. + The Privoxy developers also believed that there were so many improvements + over the original code, that it was time to make a clean break from the past + and make a name in their own right. - Privoxy is the + Privoxy is the Privacy Enhancing Proxy. Also, its content modification and junk suppression gives you, the user, more control, more freedom, and allows you to browse your personal and @@ -269,11 +263,11 @@ Junkbuster at all? How does Privoxy differ -from the old Junkbuster? +from the old Junkbuster? Privoxy picks up where Junkbuster left off. - The new Privoxy still blocks ads and banners, + Privoxy still blocks ads and banners, still manages cookies, and still helps protect your privacy. But, most of these features have been enhanced, @@ -283,15 +277,14 @@ from the old Junkbuster? Privoxy's new features include: - + &newfeatures; -How does Privoxy know what is -an ad, and what is not? +How does Privoxy know what is an ad, and what is not? Privoxy's approach to blocking ads is twofold: @@ -302,7 +295,7 @@ an ad, and what is not? and the host (blocking the big banner hosting services like doublecklick.net already helps a lot). Privoxy takes advantage of this fact by using URL - patterns to sort out and block the requests for things that sound + patterns to sort out and block the requests for things that sound like they would be ads or banners. @@ -319,8 +312,8 @@ an ad, and what is not? - -Can Privoxy make mistakes? +<sect2 renderas="sect3" id="mistakes"> +<title>Can Privoxy make mistakes? This does not sound very scientific. Actually, it's a black art ;-) And yes, it is always possible to have a broad @@ -339,20 +332,20 @@ This does not sound very scientific. - -Will I have to configure Privoxy +<sect2 renderas="sect3" id="configornot"> +<title>Will I have to configure Privoxy before I can use it? That depends on your expectations. The default installation should give you a good starting point, and block most ads and unwanted content, but many of the more advanced features are off by default, and require - you to activate them. + you to activate them. You do have to set up your browser to use Privoxy (see the Installation section below). + linkend="firststep">Installation section below). And you will certainly run into situations where there are false positives, @@ -367,7 +360,7 @@ This does not sound very scientific. Can Privoxy run as a server on a network? - + Yes, &my-app; runs as a server already, and can easily be configured to serve more than one client. See How can I set up Privoxy to act as a proxy for my LAN below. @@ -384,8 +377,8 @@ Privoxy. Why should I use Privoxy at all? your browser just can't. - In addition, a proxy is good choice if you use multiple browsers, or - have a LAN with multiple computers since &my-app; can run as a server + In addition, a proxy is good choice if you use multiple browsers, or + have a LAN with multiple computers since &my-app; can run as a server application. This way all the configuration is in one place, and you don't have to maintain a similar configuration for possibly many browsers or users. @@ -395,7 +388,7 @@ Privoxy. Why should I use Privoxy at all? and Privoxy's privacy enhancing features at the same time. While your browser probably lacks some features &my-app; offers, it should also be able to do some things more - reliable, for example restricting and suppressing JavaScript. + reliably, for example restricting and suppressing JavaScript. @@ -404,8 +397,8 @@ Privoxy. Why should I use Privoxy at all? The most important reason is because you have access to everything, and you can control everything. You can check every line of every configuration file yourself. You can check every - last bit of source code should you desire. And even if you can't read code, - there should be some comfort in knowing that other people can, + last bit of source code should you desire. And even if you can't read code, + there should be some comfort in knowing that other people can, and do read it. You can build the software from scratch, if you want, so that you know the executable is clean, and that it is yours. In fact, we encourage this level of scrutiny. It @@ -413,14 +406,14 @@ Privoxy. Why should I use Privoxy at all? -Is there is a license or fee? What about a +<sect2 renderas="sect3" id="license"><title>Is there is a license or fee? What about a warranty? Registration? Privoxy is free software and licensed under the GNU General Public License (GPL) version 2. It is free to use, copy, modify or distribute as you wish under the terms of this license. Please see the Copyright section for more - information on the license and copyright. Or the LICENSE file + information on the license and copyright. Or the LICENSE file that should be included. @@ -464,9 +457,9 @@ warranty? Registration? -I would like to help you, what can I do? +I would like to help you, what can I do? -Would you like to participate? +Would you like to participate? Well, we always need help. There is something for everybody who wants to help us. We welcome new developers, packagers, @@ -480,14 +473,14 @@ warranty? Registration? So first thing, subscribe to the Privoxy Users - or the Privoxy + url="https://lists.privoxy.org/mailman/listinfo/privoxy-users">Privoxy Users + or the Privoxy Developers mailing list, join the discussion, help out other users, provide general feedback or report problems you noticed. If you intend to help out with the trackers, you also might want to get an account on SourceForge.net + url="https://sourceforge.net/user/registration">get an account on SourceForge.net so we don't confuse you with the other name-less users. @@ -504,41 +497,108 @@ warranty? Registration? + + @@ -552,10 +612,10 @@ warranty? Registration? Which browsers are supported by Privoxy? - Any browser that can be configured to use a proxy, which + Any browser that can be configured to use a proxy, which should be virtually all browsers, including Firefox, Internet - Explorer, Opera, and + Explorer, Opera, and Safari among others. Direct browser support is not an absolute requirement since Privoxy runs as a separate application and talks @@ -581,7 +641,7 @@ Include supported.sgml here: dealing with some of the common abuses of HTML in email. See How can I configure Privoxy with Outlook? below for more on - this. + this. Be aware that HTML email presents a number of unique security and privacy @@ -592,11 +652,11 @@ Include supported.sgml here: -I just installed Privoxy. Is there anything +<title>I just installed Privoxy. Is there anything special I have to do now? - All browsers should be told to use Privoxy - as a proxy by specifying the correct proxy address and port number + All browsers should be told to use Privoxy + as a proxy by specifying the correct proxy address and port number in the appropriate configuration area for the browser. It's possible to combine &my-app; with a packet filter to intercept HTTP requests even if the client isn't explicitly configured to use &my-app;, - but where possible, configuring the client is recommended. See + but where possible, configuring the client is recommended. See the User Manual for more details. You should also flush your browser's memory and disk - cache to get rid of any cached junk items, and remove any stored + cache to get rid of any cached junk items, and remove any stored cookies. @@ -636,7 +696,7 @@ special I have to do now? If you set up the Privoxy to run on the computer you browse from (rather than your ISP's server or some - networked computer on a LAN), the proxy will be on 127.0.0.1 + networked computer on a LAN), the proxy will be on 127.0.0.1 (sometimes referred to as localhost, which is the special name used by every computer on the Internet to refer to itself) and the port will be 8118 (unless you used the When configuring your browser's proxy settings you typically enter the word localhost or the IP address 127.0.0.1 in the boxes next to HTTP and Secure (HTTPS) and - then the number 8118 for port. + then the number 8118 for port. This tells your browser to send all web requests to Privoxy instead of directly to the Internet. - Privoxy can also be used to proxy for - a Local Area Network. In this case, your would enter either the IP - address of the LAN host where Privoxy + Privoxy can also be used to proxy for + a Local Area Network. In this case, your would enter either the IP + address of the LAN host where Privoxy is running, or the equivalent hostname, e.g. 192.168.1.1. Port assignment would be same as above. Note that Privoxy doesn't listen on any LAN interfaces by @@ -672,17 +732,17 @@ special I have to do now? All the ads are there. What's wrong? - Did you configure your browser to use Privoxy + Did you configure your browser to use Privoxy as a proxy? It does not sound like it. See above. You might also try flushing - the browser's caches to force a full re-reading of pages. You can verify - that Privoxy is running, and your browser - is correctly configured by entering the special URL: - http://p.p/. + the browser's caches to force a full re-reading of pages. You can verify + that Privoxy is running, and your browser + is correctly configured by entering the special URL: + http://p.p/. This should take you to a page titled This is Privoxy.. with access to Privoxy's internal configuration. - If you see this, then you are good to go. If you receive a page saying + If you see this, then you are good to go. If you receive a page saying Privoxy is not running, then the browser is not set up to use your Privoxy installation. If you receive anything else (probably nothing at all), it could either @@ -690,9 +750,9 @@ All the ads are there. What's wrong? Privoxy is not running at all. Check the log file. For instructions on starting Privoxy and browser configuration, - see the chapter + see the chapter on starting Privoxy in the - User Manual. + User Manual. @@ -705,9 +765,9 @@ Privoxy is running and being used. First, make sure that Privoxy is really running and being used by visiting http://p.p/. You should see the Privoxy main page. If not, see - the chapter + the chapter on starting Privoxy in the - User Manual. + User Manual. @@ -721,7 +781,7 @@ Privoxy is running and being used. The procedure for clearing the cache varies from browser to browser. For - example, Mozilla/Netscape users would click + example, Mozilla/Netscape users would click Edit --> Preferences --> Advanced --> Cache and then click both Clear Memory Cache @@ -740,12 +800,12 @@ Privoxy is running and being used. Configuration - -What exactly is an <quote>actions</quote> file? + +What exactly is an <quote>actions</quote> file? &my-app; utilizes the concept of - actions + actions that are used to manipulate and control web page data. Actions files are where these actions @@ -755,7 +815,7 @@ Privoxy is running and being used. There is a wide array of actions available that give the user a high degree of control and flexibility on how to process each and every web page. - + Actions can be defined on a URL pattern basis, i.e. @@ -771,7 +831,7 @@ Privoxy is running and being used. -The <quote>actions</quote> concept confuses me. Please list +<title>The <quote>actions</quote> concept confuses me. Please list some of these <quote>actions</quote>. For a comprehensive discussion of the actions concept, please refer @@ -785,9 +845,9 @@ some of these actions. - -How are actions files configured? What is the easiest -way to do this? + +How are actions files configured? What is the easiest +way to do this? Actions files are just text files in a special syntax and can be edited @@ -796,8 +856,8 @@ way to do this? at http://config.privoxy.org/ (Shortcut: http://p.p/) and then select View & - change the current configuration from the menu. Note - that this feature must be explicitly enabled in the main config file + change the current configuration from the menu. Note + that this feature must be explicitly enabled in the main config file (see enable-edit-actions). @@ -816,18 +876,18 @@ the differences? Where can I get updated Actions Files? - Based on your feedback and the continuing development, updates of + Based on your feedback and the continuing development, updates of default.action will be made available from time to time on the files section of - our project page. + url="https://sourceforge.net/project/showfiles.php?group_id=11118">files section of + our project page. If you wish to receive an email notification whenever we release updates of Privoxy or the actions file, subscribe - to our announce mailing list, ijbswa-announce@lists.sourceforge.net. + url="https://lists.privoxy.org/mailman/listinfo/privoxy-announce">subscribe + to our announce mailing list, privoxy-announce@lists.privoxy.org. @@ -845,21 +905,31 @@ the differences? Why is the configuration so complicated? - Complicated is in the eye of the beholder. Those that are - familiar with some of the underlying concepts, such as regular expression - syntax, take to it like a fish takes to water. Also, software that tries - hard to be user friendly, often lacks sophistication and - flexibility. There is always that trade-off there between power vs. - easy-of-use. Furthermore, anyone is welcome to contribute ideas and - implementations to enhance &my-app;. + Complicated is in the eye of the beholder. + + + Privoxy is currently mainly written by and for people who are already + familiar with the underlying concepts like regular expressions, HTTP and HTML, + or are willing to become familiar with them to be able to get the most + out of a powerful and flexible tool such as Privoxy. + + + While everybody is expected to be able to get a Privoxy default installation + up and running, fine-tuning requires a certain amount of background + information and Privoxy's documentation mainly concentrates on the + Privoxy-specific parts while only providing references to the rest. + + + If you or anyone you know has the skills, time and energy to + reduce the barrier of entry, please get involved. How can I make my Yahoo/Hotmail/Gmail account work? The default configuration shouldn't impact the usability of any of these services. - It may, however, make all cookies + It may, however, make all cookies temporary, so that your browser will forget your login credentials in between browser sessions. If you would like not to have to log in manually each time you access those websites, simply turn off all cookie handling @@ -873,9 +943,9 @@ the differences? .login.yahoo.com - These kinds of sites are often quite complex and heavy with - Javascript and - thus fragile. So if still a problem, + These kinds of sites are often quite complex and heavy with + Javascript and + thus fragile. So if still a problem, we have an alias just for such sticky situations: @@ -893,8 +963,8 @@ the differences? Make sure the domain, host and path are appropriate as well. Your browser can - tell you where you are specifically and you should use that information for - your configuration settings. Note that above it is not referenced as + tell you where you are specifically and you should use that information for + your configuration settings. Note that above it is not referenced as gmail.com, which is a valid domain name. @@ -908,7 +978,7 @@ the differences? profiles in the web based actions file editor at http://config.privoxy.org/show-status. See the User - Manual for a list of actions, and how the default + Manual for a list of actions, and how the default profiles are set. @@ -916,23 +986,23 @@ the differences? Where the defaults are likely to break some sites, exceptions for known popular problem sites are included, but in general, the more aggressive your default settings are, the more exceptions - you will have to make later. New users are best to start off in - Cautious setting. This is safest and will have the fewest + you will have to make later. New users are best to start off in + Cautious setting. This is safest and will have the fewest problems. See the User Manual for a more detailed discussion. - It should be noted that the Advanced profile (formerly known + It should be noted that the Advanced profile (formerly known as the Adventuresome profile) is more - aggressive, and will make use of some of + aggressive, and will make use of some of Privoxy's advanced features. Use at your own risk! - Why can I change the configuration +<sect2 renderas="sect3" id="browseconfig"> <title>Why can I change the configuration with a browser? Does that not raise security issues? It may seem strange that regular users can edit the config files with their @@ -948,7 +1018,7 @@ with a browser? Does that not raise security issues? If you run Privoxy for multiple untrusted users (e.g. in a LAN) or aren't entirely in control of your own browser, you will probably want - to make sure that the the web-based editor and remote toggle features are + to make sure that the web-based editor and remote toggle features are off by setting enable-edit-actions 0 and - -What is the <filename>default.filter</filename> file? What is a <quote>filter</quote>? + +What is the <filename>default.filter</filename> file? What is a <quote>filter</quote>? The default.filter file is where filters as supplied by the developers are defined. @@ -978,7 +1048,7 @@ with a browser? Does that not raise security issues? filter action in one of the actions files. Content filtering is automatically - disabled for inappropriate MIME types, but if you now better than Privoxy + disabled for inappropriate MIME types, but if you know better than Privoxy what should or should not be filtered you can filter any content you like. @@ -990,21 +1060,21 @@ with a browser? Does that not raise security issues? - If you are familiar with regular expressions, and HTML, you can look at + If you are familiar with regular expressions, and HTML, you can look at the provided default.filter with a text editor and define your own filters. This is potentially a very powerful feature, but - requires some expertise in both regular expressions and HTML/HTTP. - user.filter, so they won't - be overwritten during upgrades. - The ability to define multiple filter files + requires some expertise in both regular expressions and HTML/HTTP. + user.filter, so they won't + be overwritten during upgrades. + The ability to define multiple filter files in config is a new feature as of v. 3.0.5.]]> - There is no GUI editor option for this part of the configuration, - but you can disable/enable the various pre-defined filters of the included + There is no GUI editor option for this part of the configuration, + but you can disable/enable the various pre-defined filters of the included default.filter file with the web-based actions file editor. Note that the custom actions editor must be explicitly enabled in @@ -1015,16 +1085,16 @@ with a browser? Does that not raise security issues? If you intend to develop your own filters, you might want to have a look at Privoxy-Filter-Test. + url="https://www.fabiankeil.de/sourcecode/pft/">Privoxy-Filter-Test. -How can I set up Privoxy to act as a proxy for my +<title>How can I set up Privoxy to act as a proxy for my LAN? - By default, Privoxy only responds to requests + By default, Privoxy only responds to requests from 127.0.0.1 (localhost). To have it act as a server for a network, this needs to be changed in the main configuration file. Look for @@ -1043,12 +1113,12 @@ with a browser? Does that not raise security issues? - Save the file, and restart Privoxy. Configure + Save the file, and restart Privoxy. Configure all browsers on the network then to use this address and port number. - Alternately, you can have Privoxy listen on + Alternately, you can have Privoxy listen on all available interfaces: @@ -1058,10 +1128,10 @@ with a browser? Does that not raise security issues? - And then use Privoxy's + And then use Privoxy's permit-access - feature to limit connections. A firewall in this situation is recommended + url="../user-manual/config.html#PERMIT-ACCESS">permit-access + feature to limit connections. A firewall in this situation is recommended as well. @@ -1080,8 +1150,8 @@ with a browser? Does that not raise security issues? - -Instead of ads, now I get a checkerboard pattern. I don't want to see anything. + +Instead of ads, now I get a checkerboard pattern. I don't want to see anything. The replacement for blocked images can be controlled with the set-image-blocker @@ -1096,30 +1166,30 @@ with a browser? Does that not raise security issues? If you want to see nothing, then change the set-image-blocker - action to blank. This can be done by editing the + action to blank. This can be done by editing the user.action file, or through the web-based actions file editor. - -Why would anybody want to see a checkerboard pattern? + +Why would anybody want to see a checkerboard pattern? Remember that telling which image is an ad and which isn't, is an educated guess. While we hope that the standard configuration is rather smart, it will make occasional mistakes. The checkerboard image is visually decent, and it shows you where images have been blocked, which can be very helpful in case some navigation aid or otherwise innocent image was - erroneously blocked. It is recommended for new users so they can + erroneously blocked. It is recommended for new users so they can see what is happening. Some people might also enjoy seeing how many banners they don't have to see. - -I see some images being replaced with text +<sect2 renderas="sect3" id="blockedbytext"> +<title>I see some images being replaced with text instead of the checkerboard image. Why and how do I get rid of this? This happens when the banners are not embedded in the HTML code of the @@ -1127,7 +1197,7 @@ instead of the checkerboard image. Why and how do I get rid of this? or (i)layers, and these external HTML documents are blocked. Being non-images they get replaced by a substitute HTML page rather than a substitute image, which wouldn't work out technically, since the browser expects and accepts - only HTML when it has requested an HTML document. + only HTML when it has requested an HTML document. The substitute page adapts to the available space and shows itself as a @@ -1146,36 +1216,36 @@ instead of the checkerboard image. Why and how do I get rid of this? -Can Privoxy run as a service +<title>Can Privoxy run as a service on Win2K/NT/XP? Windows service functionality. See - the User Manual for details on how to install and configure + the User Manual for details on how to install and configure Privoxy as a service. - + Earlier ]]>3.x versions could run as a system service using srvany.exe. See the discussion at http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118, + url="https://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118">https://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118, for details, and a sample configuration. -How can I make Privoxy work with other -proxies like Squid or Tor? +How can I make Privoxy work with other proxies? This can be done and is often useful to combine the benefits of - Privoxy with those of a another proxy. + Privoxy with those of a another proxy, + for example to cache content. See the forwarding chapter in the User Manual which - describes how to do this, and the - How do I use Privoxy together with - Tor section below. + describes how to do this. If you intend to use Privoxy with Tor, + please also have a look at + How do I use Privoxy together with Tor. @@ -1184,8 +1254,9 @@ proxies like Squid or Tor? and thus avoid individual browser configuration? - No, its more complicated than that. This only works with special kinds - of proxies known as intercepting proxies (see below). + No, its more complicated than that. This only works with special kinds + of proxies known as intercepting proxies + (see below). @@ -1202,7 +1273,7 @@ and thus avoid individual browser configuration? However, some people say transparent proxy when they mean intercepting proxy. If you are one of them, - please read the next entry. + please read the next entry. @@ -1214,7 +1285,7 @@ and thus avoid individual browser configuration? but it can handle requests that where intercepted and redirected with a packet filter (like PF or iptables), as long as the Host - header is present. + header is present. As the Host header is required by HTTP/1.1 and as most @@ -1255,15 +1326,15 @@ and thus avoid individual browser configuration? of knowing which particular application makes a request, so there is no way to distinguish between web pages and HTML mail. Privoxy just blindly proxies all requests. In the - case of Outlook Express (see above), OE uses - IE anyway, and there is no way for Privoxy to ever + case of Outlook Express (see above), OE uses + IE anyway, and there is no way for Privoxy to ever be able to distinguish between them (nor could any other proxy type application for that matter). - For a good discussion of some of the issues involved (including privacy and - security issues), see - http://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118. + For a good discussion of some of the issues involved (including privacy and + security issues), see + https://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118. @@ -1271,12 +1342,12 @@ and thus avoid individual browser configuration? I sometimes notice cookies sneaking through. How? Cookies can be - set in several ways. The classic method is via the + url="http://en.wikipedia.org/wiki/Browser_cookie">Cookies can be + set in several ways. The classic method is via the Set-Cookie HTTP header. This is straightforward, and an - easy one to manipulate, such as the &my-app; concept of + easy one to manipulate, such as the &my-app; concept of session-cookies-only. - There is also the possibility of using + There is also the possibility of using Javascript to set cookies (&my-app; calls these content-cookies). This is trickier because the syntax can vary widely, and thus requires a certain @@ -1295,20 +1366,20 @@ and thus avoid individual browser configuration? Are all cookies bad? Why? - No, in fact there are many beneficial uses of + No, in fact there are many beneficial uses of cookies. Cookies are just a method that browsers can use to store data between pages, or between browser sessions. Sometimes there is a good reason for this, and the user's life is a bit easier as a result. But there is a long history of some websites taking - advantage of this layer of trust, and using the data they glean from you and + advantage of this layer of trust, and using the data they glean from you and your browsing habits for their own purposes, and maybe to your potential detriment. Such sites are using you and storing their data on your system. That is why the privacy conscious watch from whom those cookies come, and why they really need to be there. - See the + See the Wikipedia cookie definition for more. @@ -1318,14 +1389,14 @@ and thus avoid individual browser configuration? How can I allow permanent cookies for my trusted sites? - There are several actions that relate to cookies. The default behavior is to + There are several actions that relate to cookies. The default behavior is to allow only session cookies, which means the cookies only last - for the current browser session. This eliminates most kinds of abuse related + for the current browser session. This eliminates most kinds of abuse related to cookies. But there may be cases where you want cookies to last. To disable all cookie actions, so that cookies are allowed unrestricted, - both in and out, for example.com: + both in and out, for example.com: @@ -1346,14 +1417,14 @@ and thus avoid individual browser configuration? Each instance of Privoxy has its own configuration, including such attributes as the TCP port that it listens on. - What you can do is run multiple instances of Privoxy, each with - a unique + What you can do is run multiple instances of Privoxy, each with + a unique listen-address configuration setting, and configuration path, and then each of these can have their own configurations. Think of it as per-port configuration. - + Simple enough for a few users, but for large installations, consider having groups of users that might share like configurations. @@ -1372,7 +1443,7 @@ and thus avoid individual browser configuration? ############################################################ { +block } / # Block *all* URLs - + ############################################################ # Whitelist ############################################################ @@ -1381,12 +1452,12 @@ and thus avoid individual browser configuration? toys.example.com games.example.com - This allows access to only those three sites by first blocking all URLs, and + This allows access to only those three sites by first blocking all URLs, and then subsequently allowing three specific exceptions. - Another approach is Privoxy's - trustfile concept, which incorporates the notion of + Another approach is Privoxy's + trustfile concept, which incorporates the notion of trusted referrers. See the Trust documentation for details. @@ -1403,14 +1474,14 @@ and thus avoid individual browser configuration? How can I turn off ad-blocking? - Ad blocking is achieved through a complex application of various &my-app; - actions. These - actions are deployed against simple images, banners, flash animations, + Ad blocking is achieved through a complex application of various &my-app; + actions. These + actions are deployed against simple images, banners, flash animations, text pages, JavaScript, pop-ups and pop-unders, etc., so its not as simple as just turning one or two actions off. The various actions that make up &my-app; ad blocking are hard-coded into the default configuration files. It has been assumed that everyone using &my-app; is interested in this - particular feature. + particular feature. If you want to do without this, there are several approaches you can take: @@ -1420,7 +1491,7 @@ and thus avoid individual browser configuration? blocking rules, and corresponding exceptions. Or lastly, if you are not concerned about the additional blocks that are done for privacy reasons, you can very easily over-ride all blocking with the - following very simple rule in your user.action: + following very simple rule in your user.action: @@ -1428,7 +1499,7 @@ and thus avoid individual browser configuration? { -block } / # UN-Block *all* URLs - + Or even a more comprehensive reversing of various ad related actions: @@ -1450,7 +1521,7 @@ and thus avoid individual browser configuration? -How can I have custom template pages, like the +<title>How can I have custom template pages, like the <emphasis>BLOCKED</emphasis> page? &my-app; templates are specialized text files utilized by @@ -1464,12 +1535,12 @@ and thus avoid individual browser configuration? during upgrades. You can, however, create completely new templates, place them in another directory and specify the alternate path in the main config. For details, have a look at the templdir option. + url="../user-manual/config.html#templdir">templdir option. -How can I remove the <quote>Go There Anyway</quote> link from +<title>How can I remove the <quote>Go There Anyway</quote> link from the <emphasis>BLOCKED</emphasis> page? There is more than one way to do it (although Perl is not involved). @@ -1478,7 +1549,7 @@ the BLOCKED page? Editing the BLOCKED template page (see above) may dissuade some users, but this method is easily circumvented. Where you need this level of control, you might want to build &my-app; from source, and disable various features that are - available as compile-time options. You should + available as compile-time options. You should configure the sources as follows: @@ -1507,16 +1578,16 @@ the BLOCKED page? Miscellaneous - -How much does Privoxy slow my browsing down? This +<sect2 renderas="sect3" id="slowsme"> +<title>How much does Privoxy slow my browsing down? This has to add extra time to browsing. How much of an impact depends on many things, including the CPU of the host - system, how aggressive the configuration is, which specific actions are being triggered, + system, how aggressive the configuration is, which specific actions are being triggered, the size of the page, the bandwidth of the connection, etc. - Overall, it should not slow you down any in real terms, and may actually help + Overall, it should not slow you down any in real terms, and may actually help speed things up since ads, banners and other junk are not typically being retrieved and displayed. The actual processing time required by Privoxy itself for each page, is relatively small @@ -1554,7 +1625,7 @@ delays in page requests. What's wrong? url="../user-manual/actions-file.html#FILTER">filter action, such as filtering banners by size, web-bugs etc, or the deanimate-gifs - action, the entire document must be loaded into memory in order for the filtering + action, the entire document must be loaded into memory in order for the filtering mechanism to work, and nothing is sent to the browser during this time. @@ -1568,7 +1639,7 @@ delays in page requests. What's wrong? anti-virus software). - Filtering is automatically disabled for inappropriate MIME types. But note + Filtering is automatically disabled for inappropriate MIME types. But note that if the web server mis-reports the MIME type, then content that should not be filtered, could be. Privoxy only knows how to differentiate filterable content because of the MIME type as reported by @@ -1581,11 +1652,11 @@ delays in page requests. What's wrong? "http://p.p/"? http://config.privoxy.org/ is the - address of Privoxy's built-in user interface, and + address of Privoxy's built-in user interface, and http://p.p/ is a shortcut for it. - Since Privoxy sits between your web browser and the Internet, + Since Privoxy sits between your web browser and the Internet, it can simply intercept requests for these addresses and answer them with its built-in web server. @@ -1598,6 +1669,13 @@ delays in page requests. What's wrong? hence it could not be intercepted, and you have accessed the real web site at config.privoxy.org. + + Note that config.privoxy.org resolves to a public IP address. + If you use config.privoxy.org as ping or traceroute target you will + reach the system on the Internet (Privoxy can't intercept ICMP requests). + If you want to ping the system Privoxy runs on, + you should use its IP address or local DNS name (if it has got one). + @@ -1606,7 +1684,7 @@ delays in page requests. What's wrong? Do you still maintain the blocklists? No. The patterns for blocking now reside (among other things) in the actions files, which are + url="../user-manual/actions-file.html">actions files, which are actively maintained instead. See next question ... @@ -1620,25 +1698,25 @@ various ways to interact with the developers. -If I do submit missed ads, will +<sect2 renderas="sect3" id="newads2"><title>If I do submit missed ads, will they be included in future updates? Whether such submissions are eventually included in the - default.action configuration file depends on how - significant the issue is. We of course want to address any potential - problem with major, high-profile sites such as Google, - Yahoo, etc. Any site with global or regional reach, + default.action configuration file depends on how + significant the issue is. We of course want to address any potential + problem with major, high-profile sites such as Google, + Yahoo, etc. Any site with global or regional reach, has a good chance of being a candidate. But at the other end of the spectrum are any number of smaller, low-profile sites such as for local clubs or schools. Since their reach and impact are much less, they are best handled by inclusion in the user's user.action, and thus would be - unlikely to be included. + unlikely to be included. -Why doesn't anyone answer my support +<sect2 renderas="sect3" id="noonecares"><title>Why doesn't anyone answer my support request? Rest assured that it has been read and considered. Why it is not answered, @@ -1656,7 +1734,7 @@ us help you. Your efforts are not wasted, and we do appreciate them. If you run both the browser and &my-app; locally, you cannot hide your IP address with Privoxy or ultimately any other software alone. The server needs to know your IP address so that it knows - where to send the responses back. + where to send the responses back. There are many publicly usable "anonymous" proxies out there, which @@ -1681,8 +1759,8 @@ us help you. Your efforts are not wasted, and we do appreciate them. - -Can Privoxy guarantee I am anonymous? + +Can Privoxy guarantee I am anonymous? No. Your chances of remaining anonymous are improved, but unless you chain Privoxy with Tor @@ -1692,8 +1770,8 @@ us help you. Your efforts are not wasted, and we do appreciate them. Privoxy can remove various information about you, - and allows you more freedom to decide which sites - you can trust, and what details you want to reveal. But it neither + and allows you more freedom to decide which sites + you can trust, and what details you want to reveal. But it neither hides your IP address, nor can it guarantee that the rest of the system behaves correctly. There are several possibilities how a web sites can find out who you are, even if you are using a strict Privoxy @@ -1725,8 +1803,8 @@ us help you. Your efforts are not wasted, and we do appreciate them. - -A test site says I am not using a Proxy. + +A test site says I am not using a Proxy. Good! Actually, they are probably testing for some other kinds of proxies. Hiding yourself completely would require additional steps. @@ -1743,7 +1821,7 @@ us help you. Your efforts are not wasted, and we do appreciate them. 5. Startup to make sure Privoxy itself is setup correctly. - + If it is, refer to Tor's extensive documentation to learn how to install Tor, and make sure Tor's logfile says that @@ -1762,14 +1840,15 @@ us help you. Your efforts are not wasted, and we do appreciate them. If you verified that Privoxy and Tor are working, it is time to connect them. As far as Privoxy is concerned, Tor is just another proxy that can be reached - by socks4 or socks4a. Most likely you are interested in Tor - to increase your anonymity level, therefore you should use socks4a, to make sure DNS requests are - done through Tor and thus invisible to your local network. + by socks4, socks4a and socks5. Most likely you are interested in Tor + to increase your anonymity level, therefore you should use socks5, to make sure DNS + requests are done through Tor and thus invisible to your + local network. Using socks4a would work too, but with socks5 you get more precise error + messages. - - Since Privoxy 3.0.5, its + Privoxy's main configuration file is already prepared for Tor, if you are using a default Tor configuration and run it on the same @@ -1779,9 +1858,16 @@ us help you. Your efforts are not wasted, and we do appreciate them. -# forward-socks5 / 127.0.0.1:9050 . +# forward-socks5t / 127.0.0.1:9050 . + + Note that if you got Tor through one of the bundles, you may + have to change the port from 9050 to 9150 (or even another one). + For details, please check the documentation on the + Tor website. + + This is enough to reach the Internet, but additionally you might want to uncomment the following forward rules, to make sure your local network is still @@ -1814,7 +1900,7 @@ us help you. Your efforts are not wasted, and we do appreciate them. Save the modified configuration file and open - http://config.privoxy.org/show-status/ + http://config.privoxy.org/show-status in your browser, confirm that Privoxy has reloaded its configuration and that there are no other forward lines, unless you know that you need them. If everything looks good, refer to @@ -1827,15 +1913,15 @@ us help you. Your efforts are not wasted, and we do appreciate them. what Tor does, why it is no replacement for application level security, and why you probably don't want to use it for unencrypted logins. - ]]> + - -Might some things break because header information or +<sect2 renderas="sect3" id="sitebreak"> +<title>Might some things break because header information or content is being altered? - Definitely. It is common for sites to use browser type, browser version, + Definitely. It is common for sites to use browser type, browser version, HTTP header content, and various other techniques in order to dynamically decide what to display and how to display it. What you see, and what I see, might be very different. There are many, many ways that this can be handled, @@ -1861,8 +1947,8 @@ content is being altered? many other ways things can go wrong when trying to fool a web server. The results of which could inadvertently cause pages to load incorrectly, partially, or even not at all. And there may be no obvious clues as to just - what went wrong, or why. Nowhere will there be a message that says - Turn off fast-redirects or else! + what went wrong, or why. Nowhere will there be a message that says + Turn off fast-redirects or else! @@ -1872,22 +1958,22 @@ content is being altered? - If you have problems with a site, you will have to adjust your configuration - accordingly. Cookies are probably the most likely adjustment that may + If you have problems with a site, you will have to adjust your configuration + accordingly. Cookies are probably the most likely adjustment that may be required, but by no means the only one. - -Can Privoxy act as a <quote>caching</quote> proxy to +<sect2 renderas="sect3" id="caching"> +<title>Can Privoxy act as a <quote>caching</quote> proxy to speed up web browsing? - No, it does not have this ability at all. You want something like + No, it does not have this ability at all. You want something like Squid or Polipo for this. - And, yes, before you ask, Privoxy can co-exist + And, yes, before you ask, Privoxy can co-exist with other kinds of proxies like Squid. See the forwarding chapter in the user @@ -1895,25 +1981,25 @@ speed up web browsing? - -What about as a firewall? Can Privoxy protect me? + +What about as a firewall? Can Privoxy protect me? - Not in the way you mean, or in the way some firewall vendors claim they can. + Not in the way you mean, or in the way some firewall vendors claim they can. Privoxy can help protect your privacy, but can't protect your system from intrusion attempts. It is, of course, perfectly possible to use both. - -I have large empty spaces / a checkerboard pattern now where +<sect2 renderas="sect3" id="wasted"> +<title>I have large empty spaces / a checkerboard pattern now where ads used to be. Why? It is technically possible to eliminate banners and ads in a way that frees - their allocated page space. This could easily be done by blocking with + their allocated page space. This could easily be done by blocking with Privoxy's filters, and eliminating the entire image references from the - HTML page source. + HTML page source. But, this would consume considerably more CPU resources (IOW, slow things @@ -1934,8 +2020,8 @@ ads used to be. Why? - -How can Privoxy filter Secure (HTTPS) URLs? + +How can Privoxy filter Secure (HTTPS) URLs? Since secure HTTP connections are encrypted SSL sessions between your browser and the secure site, and are meant to be reliably secure, @@ -1952,35 +2038,49 @@ ads used to be. Why? As far as ad blocking is concerned, this is less of a restriction than it may seem, since ad sources are often identifiable by the host name, and often the banners to be placed in an encrypted page come unencrypted nonetheless - for efficiency reasons, which exposes them to the full power of + for efficiency reasons, which exposes them to the full power of Privoxy's ad blocking. Content cookies (those that are embedded in the actual HTML or JS page content, see filter{content-cookies}), - in an SSL transaction will be impossible to block under these conditions. - Fortunately, this does not seem to be a very common scenario since most + url="../user-manual/actions-file.html#FILTER-CONTENT-COOKIES">filter{content-cookies}), + in an SSL transaction will be impossible to block under these conditions. + Fortunately, this does not seem to be a very common scenario since most cookies come by traditional means. - -Privoxy runs as a <quote>server</quote>. How +<sect2 renderas="sect3" id="http2"> +<title>Does Privoxy support HTTP/2? + + Privoxy currently doesn't parse HTTP/2 but applications + can tunnel HTTP/2 through Privoxy if Privoxy is configured + to allow CONNECT requests (default) which are also used + for HTTPS. + + + Adding HTTP/2 support is on the TODO list but currently + nobody is known to work on it. + + + + +Privoxy runs as a <quote>server</quote>. How secure is it? Do I need to take any special precautions? - On Unix-like systems, Privoxy can run as a non-privileged + On Unix-like systems, Privoxy can run as a non-privileged user, which is how we recommend it be run. Also, by default Privoxy listens to requests from localhost only. - The server aspect of Privoxy is not itself directly + The server aspect of Privoxy is not itself directly exposed to the Internet in this configuration. If you want to have Privoxy serve as a LAN proxy, this will have to be opened up to allow for LAN requests. In this case, we'd recommend - you specify only the LAN gateway address, e.g. 192.168.1.1, in the main + you specify only the LAN gateway address, e.g. 192.168.1.1, in the main Privoxy configuration file and check all access control and security options. All LAN hosts can then use this as their proxy address @@ -2003,23 +2103,23 @@ secure is it? Do I need to take any special precautions? url="http://config.privoxy.org/toggle">http://config.privoxy.org/toggle. - See the Bookmarklets section - of the User Manual for an easy way to access this - feature. Note that this is a feature that may need to be enabled in the main + See the Bookmarklets section + of the User Manual for an easy way to access this + feature. Note that this is a feature that may need to be enabled in the main config file. -When <quote>disabled</quote> is Privoxy totally +<title>When <quote>disabled</quote> is Privoxy totally out of the picture? No, this just means all optional filtering and actions are disabled. - Privoxy is still acting as a proxy, but just + Privoxy is still acting as a proxy, but just doing less of the things that Privoxy would - normally be expected to do. It is still a middle-man in - the interaction between your browser and web sites. See below to bypass + normally be expected to do. It is still a middle-man in + the interaction between your browser and web sites. See below to bypass the proxy. @@ -2035,10 +2135,10 @@ out of the picture? -My logs show Privoxy <quote>crunches</quote> +<title>My logs show Privoxy <quote>crunches</quote> ads, but also its own internal CGI pages. What is a <quote>crunch</quote>? - A crunch simply means Privoxy intercepted + A crunch means Privoxy intercepted something, nothing more. Often this is indeed ads or banners, but Privoxy uses the same mechanism for trapping requests for its own internal pages. For instance, a request for @@ -2055,14 +2155,14 @@ ads, but also its own internal CGI pages. What is a crunch? -Can Privoxy effect files that I download +<title>Can Privoxy affect files that I download from a webserver? FTP server? From the webserver's perspective, there is no difference between viewing a document (i.e. a page), and downloading a file. The same is true of Privoxy. If there is a match for a block pattern, - it will still be blocked, and of course this is obvious. + it will still be blocked, and of course this is obvious. Filtering is potentially more of a concern since the results are not always @@ -2089,7 +2189,7 @@ from a webserver? FTP server? altered by filtering, will be saved too, for these (probably rare) cases. - Note that versions later than 3.0.2 do NOT filter document types reported as + Note that versions later than 3.0.2 do NOT filter document types reported as text/plain. Prior to this, Privoxy did filter this document type. @@ -2111,7 +2211,7 @@ from a webserver? FTP server? all to the content is to be avoided. - Privoxy does not do FTP at all, only HTTP + Privoxy does not do FTP at all, only HTTP and HTTPS (SSL) protocols. @@ -2128,18 +2228,18 @@ altered it! Yikes, what is wrong! Should I continue to use a <quote>HOSTS</quote> file for ad-blocking? One time-tested technique to defeat common ads is to trick the local DNS - system by giving a phony IP address for the ad generator in the local - HOSTS file, typically using 127.0.0.1, aka + system by giving a phony IP address for the ad generator in the local + HOSTS file, typically using 127.0.0.1, aka localhost. This effectively blocks the ad. - There is no reason to use this technique in conjunction with + There is no reason to use this technique in conjunction with Privoxy. Privoxy - does essentially the same thing, much more elegantly and with much more + does essentially the same thing, much more elegantly and with much more flexibility. A large HOSTS file, in fact, not only duplicates effort, but may get in the way and seriously slow down your system. - It is recommended to remove such entries from your HOSTS file. If you think - your hosts list is neglected by Privoxy's + It is recommended to remove such entries from your HOSTS file. If you think + your hosts list is neglected by Privoxy's configuration, consider adding your list to your user.action file: @@ -2161,15 +2261,15 @@ and related issues? -I've noticed that Privoxy changes <quote>Microsoft</quote> to +<title>I've noticed that Privoxy changes <quote>Microsoft</quote> to <quote>MicroSuck</quote>! Why are you manipulating my browsing? @@ -2190,7 +2290,43 @@ and related issues? Privoxy generates HTML in both its own templates, and possibly whenever there are text substitutions via a &my-app; filter. While this should always conform to the HTML 4.01 specifications, it has not been - validated against this or any other standard. + validated against this or any other standard. + + + + +How did you manage to get Privoxy on my computer without my consent? + + + We didn't. We make Privoxy available for download, but we don't go + around installing it on other people's systems behind their back. + If you discover Privoxy running on your system and are sure you didn't + install it yourself, somebody else did. You may not even be running + the real Privoxy, but maybe something else that only pretends to be + Privoxy, or maybe something that is based on the real Privoxy, + but has been modified. + + + Lately there have been reports of problems with some kind of + "parental control" software based on Privoxy that came preinstalled on + certain ASUS Netbooks. + The problems described are inconsistent with the behaviour of official + Privoxy versions, which suggests that the preinstalled software may + contain vendor modifications that we don't know about and thus can't debug. + + + Privoxy's license allows vendor + modifications, but the vendor has to comply with the license, + which involves informing the user about the changes and to make + the changes available under the same license as Privoxy itself. + + + If you are having trouble with a modified Privoxy version, + please try to talk to whoever made the modifications before + reporting the problem to us. Please also try to convince + whoever made the modifications to talk to us. If you think + somebody gave you a modified Privoxy version without complying + to the license, please let us know. @@ -2203,8 +2339,8 @@ and related issues? Troubleshooting - -I cannot connect to any websites. Or, I am getting +<sect2 renderas="sect3" id="refused"> +<title>I cannot connect to any websites. Or, I am getting <quote>connection refused</quote> message with every web page. Why? There are several possibilities: @@ -2212,7 +2348,7 @@ and related issues? -Privoxy is not running. Solution: verify +Privoxy is not running. Solution: verify that &my-app; is installed correctly, has not crashed, and is indeed running. Turn on Privoxy's logging, and look at the logs to see what they say. @@ -2225,7 +2361,7 @@ and related issues? configuration and take the forwarders out of the equation. - Or you have a firewall that is interfering and blocking you. Solution: + Or you have a firewall that is interfering and blocking you. Solution: try disabling or removing the firewall as a simple test. @@ -2245,8 +2381,8 @@ and related issues? - -I just added a new rule, but the steenkin ad is +<sect2 renderas="sect3" id="flushit"> +<title>I just added a new rule, but the steenkin ad is still getting through. How? If the ad had been displayed before you added its URL, it will probably be @@ -2260,16 +2396,16 @@ still getting through. How? applied. Try pasting the full URL of the offending ad into http://config.privoxy.org/show-url-info and see if it really matches your new rule. Blocking ads is like blocking - spam: a lot of tinkering is required to stay ahead of the game. And - remember you need to block the URL of the ad in question, which may be + spam: a lot of tinkering is required to stay ahead of the game. And + remember you need to block the URL of the ad in question, which may be entirely different from the site URL itself. Most ads are hosted on different servers than the main site itself. If you right-click on the ad, you should - be able to get all the relevant information you need. Alternately, you can + be able to get all the relevant information you need. Alternately, you can find the correct URL by looking at Privoxy's logs (you may need to enable logging in the main config file if its disabled). - Below is a slightly modified real-life log snippet that originates with one + Below is a slightly modified real-life log snippet that originates with one requested URL: www.example.com (name of site was changed for this example, the number of requests is real). You can see in this the complexity of what goes into making up this one page. There @@ -2279,8 +2415,8 @@ still getting through. How? content is obviously good or bad, but not all. Many of the more questionable looking requests, are going to outside domains that seem to be identifying themselves with suspicious looking names, making - our job a little easier. &my-app; has crunched (meaning caught - and BLOCKED) quite a few items in this example, but perhaps missed a few as well. + our job a little easier. &my-app; has crunched (meaning caught + and BLOCKED) quite a few items in this example, but perhaps missed a few as well. @@ -2328,12 +2464,12 @@ Request: 66.70.21.80/scripts/click.php?hid=a71b9f6504b0c5681fa5&si=Ua - -One of my favorite sites does not work with Privoxy. +<sect2 renderas="sect3" id="badsite"> +<title>One of my favorite sites does not work with Privoxy. What can I do? - First verify that it is indeed a Privoxy problem, + First verify that it is indeed a Privoxy problem, by toggling off Privoxy through http://config.privoxy.org/toggle (the toggle feature may need to be enabled in the main @@ -2369,13 +2505,13 @@ What can I do? on again. Remember to flush your browser's caches in between any such changes! - Alternately, if you are comfortable with a text editor, you can accomplish - the same thing by editing the appropriate actions file. Probably the easiest + Alternately, if you are comfortable with a text editor, you can accomplish + the same thing by editing the appropriate actions file. Probably the easiest way to deal with such problems when editing by hand is to add your site to a { fragile } section in user.action, which is an alias that turns off most dangerous actions, but is also likely to turn off more actions then needed, and thus lower - your privacy and protection more than necessary, + your privacy and protection more than necessary, Troubleshooting actions is discussed in more detail in the with general configuration information and examples. - As a last resort, you can always see if your browser has a setting that will + As a last resort, you can always see if your browser has a setting that will bypass the proxy setting for selective sites. Modern browsers can do this. @@ -2399,7 +2535,7 @@ What can I do? every time I start IE. What gives? - This is a quirk that effects the installation of + This is a quirk that affects the installation of Privoxy, in conjunction with Internet Explorer and Internet Connection Sharing on Windows 2000 and Windows XP. The symptoms may appear to be corrupted or invalid DUN settings, or passwords. @@ -2433,7 +2569,7 @@ every time I start IE. What gives? set-up DUN connection and each LAN connection in IE store the settings for each user individually. As such this enforces individual configurations rather than common ones. Hence the first time you use a DUN connection after - re-booting your system it may not perform as you expect, and prompt you for + re-booting your system it may not perform as you expect, and prompt you for the password. Just set and save the password again and all should be OK. @@ -2448,16 +2584,16 @@ every time I start IE. What gives? I cannot connect to any FTP sites. Privoxy is blocking me. - Privoxy cannot act as a proxy for FTP traffic, + Privoxy cannot act as a proxy for FTP traffic, so do not configure your browser to use Privoxy as an FTP proxy. The same is true for any protocol other than HTTP - or HTTPS (SSL). + or HTTPS (SSL). Most browsers understand FTP as well as HTTP. If you connect to a site, with a URL like ftp://ftp.example.com, your browser is making - an FTP connection, and not a HTTP connection. So while your browser may - speak FTP, Privoxy does not, and cannot proxy + an FTP connection, and not a HTTP connection. So while your browser may + speak FTP, Privoxy does not, and cannot proxy such traffic. @@ -2467,7 +2603,7 @@ every time I start IE. What gives? accidentally enable FTP proxying in these cases. And of course, if this happens, Privoxy will indeed cause problems since it does not know FTP. Just disable the FTP setting + message if a FTP connection is attempted.]]> Just disable the FTP setting and all will be well again. @@ -2479,14 +2615,14 @@ every time I start IE. What gives? -In Mac OS X, I can't configure Microsoft Internet Explorer to use +<title>In Mac OS X, I can't configure Microsoft Internet Explorer to use Privoxy as the HTTP proxy. Microsoft Internet Explorer (in versions like 5.1) respects system-wide network settings. In order to change the HTTP proxy, open System Preferences, and click on the Network icon. In the settings pane that - comes up, click on the Proxies tab. Ensure the "Web Proxy (HTTP)" checkbox - is checked and enter 127.0.0.1 in the entry field. + comes up, click on the Proxies tab. Ensure the "Web Proxy (HTTP)" checkbox + is checked and enter 127.0.0.1 in the entry field. Enter 8118 in the Port field. The next time you start IE, it should reflect these values. @@ -2494,12 +2630,12 @@ every time I start IE. What gives? -In Mac OS X, I dragged the Privoxy folder to the trash in order to +<title>In Mac OS X, I dragged the Privoxy folder to the trash in order to uninstall it. Now the finder tells me I don't have sufficient privileges to empty the trash. Note: This ONLY applies to privoxy 3.0.6 and earlier. - + Just dragging the Privoxy folder to the trash is not enough to delete it. Privoxy supplies an @@ -2507,14 +2643,13 @@ every time I start IE. What gives? these details. Open the trash, drag the uninstall.command file out of the trash and double-click on it. You will be prompted for confirmation and the administration password. - + - The trash may still appear full after this command; emptying the trash + The trash may still appear full after this command; emptying the trash from the desktop should make it appear empty again. - In Mac OS X Panther (10.3), images often fail to load and/or I @@ -2522,40 +2657,27 @@ every time I start IE. What gives? localhost as my browser's proxy setting. We believe this is due to an IPv6-related bug in Mac OS X, but don't fully - understand the issue yet. In any case, changing the proxy setting to + understand the issue yet. In any case, changing the proxy setting to 127.0.0.1 instead of localhost works around the problem. - - -I get a completely blank page at one site. <quote>View Source</quote> - shows only: <markup><![CDATA[<html><body></body></html>]]></markup>. Without - Privoxy the page loads fine. - - Chances are that the site suffers from a bug in - PHP, - which results in empty pages being sent if the client explicitly requests - an uncompressed page, like Privoxy does. - This bug has been fixed in PHP 4.2.3. - + +I just upgraded to Mac OS X 10.9 (Mavericks) and now &my-app; has stopped + working. - To find out if this is in fact the source of the problem, try adding - the site to a -prevent-compression section in - user.action: - - - # Make exceptions for ill-behaved sites: - # - {-prevent-compression} - .example.com - - If that works, you may also want to report the problem to the - site's webmasters, telling them to use zlib.output_compression - instead of ob_gzhandler in their PHP applications (workaround) - or upgrade to PHP 4.2.3 or later (fix). + The upgrade process to Mac OS X Mavericks (10.9) from an earlier version of OS + X deletes all user accounts that are either not part of OS X itself or are + not interactive user accounts (ones you log in with). Since, for the sake of + security, &my-app; runs as a non-privileged user that is created by its + installer (_privoxy), it can no longer start up once that account gets deleted. + The solution is to perform a complete uninstall using the supplied + uninstall.command script (either back up your + configuration files or select to not have the uninstaller remove them when it + prompts you) and then reinstall &my-app; using the installer package and merge + in your configuration. @@ -2567,7 +2689,7 @@ Why? its running on from the IP address of the system interface it is bound to (from the config file listen-address setting). If the system cannot supply - this information, Privoxy logs this condition. + this information, Privoxy logs this condition. Typically, this would be considered a minor system configuration error. It is @@ -2588,11 +2710,11 @@ Why? -When I try to launch Privoxy, I get an +<title>When I try to launch Privoxy, I get an error message <quote>port 8118 is already in use</quote> (or similar wording). Why? - Port 8118 is Privoxy's default TCP + Port 8118 is Privoxy's default TCP listening port. Typically this message would mean that there is already one instance of Privoxy running, and your system is actually trying to start a second @@ -2608,11 +2730,24 @@ Why? Pages with UTF-8 fonts are garbled. - This is caused by the demoronizer filter. You should either - upgrade Privoxy, or at least upgrade to the most - recent default.action file available from SourceForge. - Or you can simply disable the demoronizer filter. + This may be the result of an overly aggressive filter. The filters that + are enabled in the default configuration aren't expected to cause problems + like this. If you enabled the demoronizer filter, please + try temporarily disabling it. + + + If that doesn't help, temporarily disable all filters to see if another + filter could be the culprit. If the problem disappears, enable the filters + one by one, until the problem reappears and the offending filter is found. + + + Once the problem-causing filter is known, it can be fixed or disabled. + + + Upgrading Privoxy, or going to the most recent + default.action file available from SourceForge + might be worth a try, too. @@ -2622,13 +2757,11 @@ Why? is used? - This may also be caused by the demoronizer filter, - in conjunction with a web server that is misreporting the content type. Binary - files are exempted from Privoxy's filtering - (unless the web server by mistake says the file is something else). Either - upgrade Privoxy, or go to the most recent - default.action file available from SourceForge. + This may also be caused by an (overly aggressive + filter in conjunction with a web server that is misreporting the content + type. By default binary files are exempted from + Privoxy's filtering + (unless the web server by mistake says the file is something else). @@ -2637,26 +2770,26 @@ Why? What is the demoronizer and why is it there? - The original demoronizer was a Perl script that cleaned up HTML pages which - were created with certain Microsoft products. MS has used proprietary extensions + The original demoronizer was a Perl script that cleaned up HTML pages which + were created with certain Microsoft products. MS has used proprietary extensions to standardized font encodings (ISO 8859-1), which has caused problems for pages that are viewed with non-Microsoft products (and are expecting to see a standard set of fonts). The demoronizer corrected these errors so the pages displayed correctly. Privoxy borrowed from this script, introducing a filter based on the original demoronizer, which in turn could - correct these errors on the fly. + correct these errors on the fly. - But this is only needed in some situations, and will cause serious problems in some + But this is only needed in some situations, and will cause serious problems in some other situations. - If you are using Microsoft products, you do not need it. If you need to view - pages with UTF-8 characters (such as Cyrillic or Chinese), then it will + If you are using Microsoft products, you do not need it. If you need to view + pages with UTF-8 characters (such as Cyrillic or Chinese), then it will cause corruption of the fonts, and thus should not be on. - On the other hand, if you use non-Microsoft products, and you occasionally + On the other hand, if you use non-Microsoft products, and you occasionally notice weird characters on pages, you might want to try it. @@ -2666,16 +2799,16 @@ Why? Why do I keep seeing PrivoxyWindowOpen() in raw source code? - Privoxy is attempting to disable malicious - Javascript + Privoxy is attempting to disable malicious + Javascript in this case, with the unsolicited-popups - filter. Privoxy cannot tell very well + filter. Privoxy cannot tell very well good code snippets from bad code snippets. - If you see this in HTML source, and the page displays without problems, then - this is good, and likely some pop-up window was disabled. If you see this - where it is causing a problem, such as a downloaded program source code file, + If you see this in HTML source, and the page displays without problems, then + this is good, and likely some pop-up window was disabled. If you see this + where it is causing a problem, such as a downloaded program source code file, then you should set an exception for this site or page such that the integrity of the page stays in tact by disabling all filtering. @@ -2713,13 +2846,13 @@ Why? - At one site Privoxy just hangs, and starts taking + At one site Privoxy just hangs, and starts taking all CPU. Why is this? This is probably a manifestation of the 100% cpu problem that - occurs on pages containing many (thousands upon thousands) of blank lines. The blank lines - are in the raw HTML source of the page, and the browser just ignores them. But the + occurs on pages containing many (thousands upon thousands) of blank lines. The blank lines + are in the raw HTML source of the page, and the browser just ignores them. But the pattern matching in Privoxy's page filtering mechanism is trying to match against absurdly long strings and this becomes very CPU-intensive, taking a long, long time to complete. @@ -2847,10 +2980,108 @@ browsing has slowed to a crawl. What gives? If you compiled &my-app; with threading support (on POSIX-based systems), the Conditional #defines section on http://config.privoxy.org/show-status - will list FEATURE_PTHREAD as enabled. + will list FEATURE_PTHREAD as enabled. + +What are tainted sockets and how do I prevent them? + + &my-app; marks sockets as tainted when it can't use them to + serve additional requests. + This does not necessarily mean that something went wrong and + information about tainted sockets is only logged if connection + debugging is enabled (debug 2). + + + For example server sockets that were used for CONNECT requests + (which are used to tunnel https:// requests) are considered tainted + once the client closed its connection to &my-app;. + Technically &my-app; could keep the connection to the server open, + but the server would not accept requests that do not belong to the + previous TLS/SSL session (and the client may even have terminated + the session). + + + Server sockets are also marked tainted when a client requests a + resource, but closes the connection before &my-app; has completely + received (and forwarded) the resource to the client. + In this case the server would (probably) accept additional requests, + but &my-app; could not get the response without completely reading + the leftovers from the previous response. + + + These are just two examples, there are currently a bit more than + 25 scenarios in which a socket is considered tainted. + + + While sockets can also be marked tainted as a result of a technical + problem that may be worth fixing, the problem will be explicitly + logged as error. + + + + +After adding my custom filters, &my-app; crashes when visitting certain websites + + This can happen if your custom filters require more memory than &my-app; + is allowed to use. + Usually the problem is that the operating system enforces a stack size limit + that isn't sufficient. + + + Unless the problem occurs with the filters available in the default configuration, + this is not considered a Privoxy bug. + + + To prevent the crashes you can rewrite your filter to use less ressources, + increase the relevant memory limit or recompile pcre to use less stack space. + For details please see the + pcrestack man page + and the documentation of your operating system. + + + + +What to do if editing the config file of privoxy is access denied? + + Your userid probably isn't allowed to edit the file. + + On Windows you can use the windows equivalent of sudo: + runas /user:administrator "notepad \privoxy\config.txt" + + + + or fix the file permissions: +C:\Privoxy>icacls config.txt +config.txt BUILTIN\Administrators:(I)(F) + NT AUTHORITY\SYSTEM:(I)(F) + BUILTIN\Users:(I)(RX) + NT AUTHORITY\Authenticated Users:(I)(M) + +Successfully processed 1 files; Failed processing 0 files + +C:\Privoxy>icacls config.txt /grant Lee:F +processed file: config.txt +Successfully processed 1 files; Failed processing 0 files + +C:\Privoxy>icacls config.txt +config.txt I3668\Lee:(F) + BUILTIN\Administrators:(I)(F) + NT AUTHORITY\SYSTEM:(I)(F) + BUILTIN\Users:(I)(RX) + NT AUTHORITY\Authenticated Users:(I)(M) + +Successfully processed 1 files; Failed processing 0 files + +C:\Privoxy> + + + + or try to point-n-click your way through adjusting the file + permissions in windows explorer. + + @@ -2860,18 +3091,18 @@ browsing has slowed to a crawl. What gives? &contacting; - + Privoxy Copyright, License and History ©right; - + Portions of this document are borrowed from the original - Junkbuster (tm) FAQ, and modified as + Junkbuster (tm) FAQ, and modified as appropriate for Privoxy. @@ -2892,8 +3123,8 @@ browsing has slowed to a crawl. What gives? - - + + -