Privoxy Frequently Asked Questions

+ +

Privoxy Frequently Asked Questions -$Id: faq.sgml,v 1.29 2002/03/25 05:23:57 hal9 Exp $ + + + + + Copyright &my-copy; 2001-2006 by + Privoxy Developers + + + +$Id: faq.sgml,v 2.15 2006/09/08 23:05:07 hal9 Exp $ + + + + + + This is here to keep vim syntax file from breaking :/ + If I knew enough to fix it, I would. + PLEASE DO NOT REMOVE! HB: hal@foobox.net + + +]]> -The FAQ document gives users and developers alike answers to frequently asked -questions about -Privoxy. Privoxy is a web -proxy with advanced filtering capabilities for protecting privacy, filtering -web page content, managing cookies, controlling access, and removing ads, -banners, pop-ups and other obnoxious Internet -Junk. Privoxy has a very flexible configuration and -can be customized to suit individual needs and -tastes. Privoxy has application for both stand-alone -systems and multi-user networks. + This FAQ gives quick answers to frequently asked questions about + Privoxy. + It can't and doesn't replace the + User Manual. + + + + &p-intro; + + -You can find the latest version of the document at http://ijbswa.sourceforge.net/faq/. -Please see the Contact section in the -user-manual if you want to contact the developers. + Please note that this document is a work in progress. This copy represents + the state at the release of version &p-version;. + You can find the latest version of the document at http://www.privoxy.org/faq/. + Please see the Contact section if you want to + contact the developers. @@ -58,217 +146,176 @@ Please see the Contact section in the - - - -Frequently Asked Questions - - +General Information -General Information +What is this new version of +<emphasis>Junkbuster</emphasis>? -What is this new version of <application>Privoxy</application>? - - The original Internet Junkbuster (tm) is a - copyrighted product of Junkbusters - Corporation. Development of this effort stopped some time ago as of - version 2.0.2. Stefan Waldherr started the ijbswa project on Sourceforge to rekindle - development. Other developers subsequently joined with Stefan, and have - since added many new features, refinements and enhancements. - - - The new Privoxy started with the same - Junkbuster code base, but has changed - significantly at this point. - + + &history; + - + - -Why <quote>Privoxy</quote>? Why a name change at all? + +Why <quote>Privoxy</quote>? Why change the name from +Junkbuster at all? - Privoxy is for Privacy Enhancing Proxy. - There are possible legal complications from the continued use of the - Junkbuster name, which is a trademark of - Junkbusters Corporation. - (There are no objections from Junkbusters Corporation to the - Privoxy project itself though, and they - in fact still share our ideals and goals.) + Junkbusters Corporation + continues to offer their original version of the Internet + Junkbuster, so publishing our + Junkbuster-derived software under the same name + led to confusion. + + + There are also potential legal complications from the continued use of the + Junkbuster name, which is a registered trademark of + Junkbusters Corporation. + There are, however, no objections from Junkbusters Corporation to the + Privoxy project itself, and they, in fact, still + share our ideals and goals. - - The developers also believed that there so many changes from the original + The developers also believed that there are so many improvements over the original code, that it was time to make a clean break from the past and make - a name in their own right, especially now with the pending release of - version 3.0. - + a name in their own right. - + + Privoxy is the + Privacy Enhancing Proxy. Also, its content + modification and junk suppression gives you, the user, more + control, more freedom, and allows you to browse your personal and + private edition of the web. + + -How does it differ from the old <application>Junkbuster?</application> - - All the old features remain. The new Privoxy - still blocks ads and banners, still manages cookies, and still helps protect - your privacy. But, these are all enhanced, and many new features have been - added, all in the same vein. +How does Privoxy differ +from the old Junkbuster? + + Privoxy picks up where + Junkbuster left off. All the old features remain. + The new Privoxy still blocks ads and banners, + still manages cookies, and still helps protect your privacy. But, these are + all greatly enhanced, and many, many new features have been added, all in the same vein. - The configuration has changed significantly as well. This is something that - users will notice right off the bat. The blocklist file does - not exist any more. This is replaced by actions files, such - as default.actions. This is where most of the per site - configuration is now. - - - - -What are some of the new features? - + The configuration has changed significantly as well. This is something that + users will notice right off the bat if upgrading from + Junkbuster 2.0.x. The blocklist + cookielist, imagelist and much more has been + combined into the actions files, with a completely different + syntax. See the What's New + page for the latest updates. + - - - - - Integrated browser based configuration and control utility (http://p.p). Browser-based tracing of rule - and filter effects. - - - - - - Blocking of annoying pop-up browser windows. - - - - - - HTTP/1.1 compliant (most, but not all 1.1 features are supported). - - - - - - Support for Perl Compatible Regular Expressions in the configuration files, and - generally a more sophisticated and flexible configuration syntax over - previous versions. - - - - - - GIF de-animation. - - - - - - Web page content filtering (removes banners based on size, - invisible web-bugs, JavaScript, pop-ups, status bar abuse, - etc.) - - - - - - Bypass many click-tracking scripts (avoids script redirection). - - - - - - - Multi-threaded (POSIX and native threads). - - + Privoxy's new features include: + - - - Auto-detection and re-reading of config file changes. - - + + &newfeatures; + - - - User-customizable HTML templates (e.g. 404 error page). - - + - - - Improved cookie management features (e.g. session based cookies). - - +What is a <quote>proxy</quote>? How does +Privoxy work? + + A web proxy is a service, based on a software such as Privoxy, + that clients (i.e. browsers) can use instead of connecting directly to the web + servers on the Internet. The clients then ask the proxy to fetch the objects + they need (web pages, images, movies etc) on their behalf, and when the proxy + has done so, it hands the results back to the client. + + + There are many reasons to use web proxies, such as security (firewalling), + efficiency (caching) and others, and there are just as many different proxies + to accommodate those needs. + + + Privoxy is a proxy that is primarily focused on privacy + protection, junk elimination and freeing the user from restrictions placed on his + activities. Sitting between your browser(s) and the Internet, + it is in a perfect position to filter outbound personal information that your + browser is leaking, as well as inbound junk. It uses a variety of techniques to do + this, all of which are under your control via the various configuration + files and options. + + - - - Builds from source on most UNIX-like systems. Packages available for: Linux - (RedHat, SuSE, or Debian), Windows, Sun Solaris, Mac OSX, OS/2, HP-UX 11 and AmigaOS. - - - - - - In addition, the configuration is much more powerful and versatile over-all. - - + +How does Privoxy know what is +an ad, and what is not? + + Privoxy's approach to blocking ads is twofold: + + + First, there are certain patterns in the locations (URLs) + of banner images. This applies to both the path (you wouldn't guess how many + web sites serve their banners from a directory called banners!) + and the host (blocking the big banner hosting services like doublecklick.net + already helps a lot). Privoxy takes advantage of this + fact by using URL + patterns to sort out and block the requests for banners. + + + Second, banners tend to come in certain sizes. But you + can't tell the size of an image by its URL without downloading it, and if you + do, it's too late to save bandwidth. Therefore, Privoxy + also inspects the HTML sources of web pages while they are loaded, and replaces + references to images with standard banner sizes by dummy references, so that + your browser doesn't request them anymore in the first place. + + + Both of this involves a certain amount of guesswork and is, of course, freely + configurable. + + - + +Can Privoxy make mistakes? +This does not sound very scientific. + + Actually, it's a black art ;-) And yes, it is always possible to have a broad + rule accidentally block or change something by mistake. You will almost surely + run into such situations at some point. It is tricky writing rules to + cover every conceivable possibility, and not occasionally get false positives. - + + But this should not be a big concern since the + Privoxy configuration is very flexible, and + includes tools to help identify these types of situations so they can be + addressed as needed, allowing you to customize your installation. + (See the Troubleshooting section below.) + -What is a <quote>proxy</quote>? How does -<application>Privoxy</application> work? - - When you connect to a web site with Privoxy, - you are really connecting to your locally running version of - Privoxy. Privoxy - intercepts your requests for the web page, and relays that to the - real web site. The web site sends the HTTP data stream - back to Privoxy, where - Privoxy can work its magic before it - relays this data back to your web browser. - + - - Since Privoxy sits between you and the - WWW, it is in a position to intercept and completely manage all web traffic and - HTTP content before it gets to your browser. - Privoxy uses various programming methods to do - this, all of which is under your control via the various configuration - files and options. - - - There are many kinds of proxies. Privoxy best - fits the filtering proxy category. - + +Will I have to configure Privoxy + before I can use it? + + No, not really. The default installation should give you a good starting + point, and block most unwanted content. + + + But you will certainly run into situations where there are false positives, + or ads not being blocked that you may not want to see. In these cases, you + would certainly benefit by customizing Privoxy's + configuration to more closely match your individual situation. And we would + encourage you to do this. This is where the real power of + Privoxy lies! + - + -My browser does the same things as -<application>Privoxy</application>. Why should I use -<application>Privoxy</application> at all? +My browser does the same things as +Privoxy. Why should I use +Privoxy at all? Modern browsers do indeed have some of the same functionality as Privoxy. Maybe this is @@ -280,151 +327,200 @@ Please see the Contact section in the have a LAN with multiple computers. This way all the configuration is in one place, and you don't have to maintain a similar configuration for possibly many browsers. - - + -Is there is a license or fee? What about a +<sect2 renderas="sect3" id="license"><title>Is there is a license or fee? What about a warranty? Registration? - Privoxy is licensed under the - GNU General Public License (GPL). It is free to use, copy, - modify or distribute as you wish under the terms of this license. - See http://www.gnu.org/copyleft/gpl.html - for specifics. - + Privoxy is licensed under the GNU General Public License (GPL). + It is free to use, copy, modify or distribute as you wish under the terms of this + license. Please see the Copyright section for more + information on the license and copyright. Or the LICENSE file + that should be included. + - There is no warranty of any kind, expressed, implied or otherwise. That is - something that would cost real money ;-) There is no registration either. + There is no warranty of any kind, expressed, implied or otherwise. + That is something that would cost real money ;-) There is no registration either. Privoxy really is free in every respect! - - -I would like to help you, what do I do? + + +I would like to help you, what can I do? -Money Money Money +Would you like to participate? + + Well, we always need help. There is something for + everybody who wants to help us. We welcome new developers, packagers, + testers, documentation writers or really anyone with a desire to help in + any way. You DO NOT need to be a + programmer. There are many other tasks available. In fact, + the programmers often can't spend as much time programming because of some + of the other, more mundane things that need to be done, like checking the + Tracker feedback sections. + + + So first thing, get an account on SourceForge.net + and mail your id to the developers + mailing list. Then, please read the Developer's Manual, at least + the pertinent sections. + - We, of course, welcome donations and use the money for domain registering, - regular world-wide get-togethers (hahaha). Anyway, we'll soon describe the - process how to donate money to the team. + Once we have added you to the team, you'll have access to the CVS repository, and + together we'll find a suitable task for you. - + -You want to work with us? +Contribute! - Well, helping the team is always a good idea. We welcome new developers, - RPM gurus or documentation makers. Simply get an account on sourceforge.net - and mail your id to the developer mailing list. Then read the - section Quickstart in the developers manual. + We, of course, welcome donations and could use money for domain registering, + buying software to test Privoxy with, and, of course, + for regular world-wide get-togethers (hahaha). If you enjoy the software and feel + like helping us with a donation, just drop us a note. + + +Software -Once we have added you to the team, you'll have write access to the CVS -repository, and together we'll find a suitable task for you. + If you are a vendor of a web-related software like a browser, web server + or proxy, and would like us to ensure that Privoxy + runs smoothly with your product, you might consider supplying us with a + copy or license. We can't, however, guarantee that we will fix all potential + compatibility issues as a result. - - + + + -Installation +Installation - -Which browsers are supported by <application>Privoxy</application>? + +Which browsers are supported by Privoxy? - Any browser that can be configured to use a proxy, which - is probably almost all browsers. Direct browser support is not necessary - since Privoxy runs as a separate application and - just exchanges standard HTML data with your browser. + Any browser that can be configured to use a proxy, which + should be virtually all browsers, including + Firefox, Internet + Explorer, and Opera among others. + Direct browser support is not an absolute requirement since + Privoxy runs as a separate application and talks + to the browser in the standardized HTTP protocol, just like a web server + does. - + - + Which operating systems are supported? + +&supported; + + + +Can I use Privoxy with my email client? - Right now Win32, Mac OSX, OS/2, AmigaOS, Linux, and many - flavors of Unix. + As long as there is some way to set a HTTP proxy for the client, then yes, + any application can be used, whether it is strictly speaking a + browser or not. Though this may not be the best approach for + dealing with some of the common abuses of HTML in email. See How can I configure Privoxy + with Outlook Express? below for more on + this. - - Source code is available, so porting to other operating systems, - is always a possibility. - + Be aware that HTML email presents a number of unique security and privacy + related issues, that can require advanced skills to overcome. The developers + recommend using email clients that can be configured to convert HTML to plain + text for these reasons. - + -Can I install - <application>Privoxy</application> over <application>Junkbuster</application>? +Can I install + Privoxy over Junkbuster? - We recommend you uninstall Junkbuster + We recommend you un-install Junkbuster first to minimize conflicts and confusion. You may want to save your old configuration files for future reference. The configuration - is substantially changed. + files and syntax have substantially changed, so you will need to manually + port your old patterns. See the note + to upgraders and installation + chapter in the user manual + for details. - See the user-manual for - platform specific installation instructions. [FIXME: This is meant for after - the name change for 3.0!] + Note: Some installers may automatically un-install + Junkbuster, if present! - - - -I just installed <application>Privoxy</application>. Is there anything +</sect2> + +<sect2 renderas="sect3"> +<title id="firststep">I just installed Privoxy. Is there anything special I have to do now? All browsers must be told to use Privoxy as a proxy by specifying the correct proxy address and port number in the appropriate configuration area for the browser. See below. + You should also flush your browser's memory and disk cache to get rid of any + cached junk items, and remove any stored cookies. - + -What is the proxy address of <application>Privoxy</application>? +What is the proxy address of Privoxy? If you set up the Privoxy to run on the computer you browse from (rather than your ISP's server or some - networked computer on a LAN), the proxy will be on localhost - (which is the special name used by every computer on the Internet to refer - to itself) and the port will be 8118 (unless you have Privoxy to run on a different port with the - listen-address config option). + networked computer on a LAN), the proxy will be on 127.0.0.1 + (sometimes referred to as localhost, + which is the special name used by every computer on the Internet to refer + to itself) and the port will be 8118 (unless you have Privoxy + to run on a different port with the listen-address config option). When configuring your browser's proxy settings you typically enter - the word localhost in the boxes next to HTTP - and Secure (HTTPS) and then the number 8118 - for port. This tells your browser to send all web - requests to Privoxy instead of directly to the - Internet. + the word localhost or the IP address 127.0.0.1 + in the boxes next to HTTP and Secure (HTTPS) and + then the number 8118 for port. + This tells your browser to send all web requests to Privoxy + instead of directly to the Internet. Privoxy can also be used to proxy for a Local Area Network. In this case, your would enter either the IP address of the LAN host where Privoxy is running, or the equivalent hostname. Port assignment would be - same as above. + same as above. Note that Privoxy doesn't + listen on any LAN interfaces by default. Privoxy does not currently handle - protocols such as FTP, SMTP, IM, IRC, ICQ, or other Internet - protocols. + any other protocols such as FTP, SMTP, IM, IRC, ICQ, etc. Be sure that + proxying any of these other protocols is not activated. - + - -I just installed <application>Privoxy</application>, and nothing is happening. +<sect2 renderas="sect3" id="nothing"> +<title>I just installed Privoxy, and nothing is happening. All the ads are there. What's wrong? @@ -433,334 +529,324 @@ All the ads are there. What's wrong? the browser's caches to force a full re-reading of pages. You can verify that Privoxy is running, and your browser is correctly configured by entering the special URL: - http://p.p/. This should give you - a banner that says This is Privoxy and - access to Privoxy's internal configuration. - If you see this, then you are good to go. If not, the browser or - Privoxy are not set up correctly. + http://p.p/. + + This should take you to a page titled This is Privoxy.. with + access to Privoxy's internal configuration. + If you see this, then you are good to go. If you receive a page saying + Privoxy is not running, then the browser is not set up to use + your Privoxy installation. + If you receive anything else (probably nothing at all), it could either + be that the browser is not set up correctly, or that + Privoxy is not running at all. Check the log file. For instructions + on starting Privoxy and browser configuration, + see the chapter + on starting Privoxy in the + user manual. + + + + + +I get a <quote>Privoxy is not being used</quote> dummy page although +Privoxy is running and being used. + + First, make sure that Privoxy is really running and + being used by visiting http://p.p/. You + should see the Privoxy main page. If not, see + the chapter + on starting Privoxy in the + user manual. - + + Now if http://p.p/ works for you, but + other parts of Privoxy's web interface show + the dummy page, your browser has cached a redirection it encountered before + Privoxy was being used. You need to clear your + browser's cache. Note that shift-reloading the dummy page won't help, since + that'll only refresh the dummy page, not the redirection that lead you there. + + + The procedure for clearing the cache varies from browser to browser. For + example, Mozilla/Netscape users would click + Edit --> Preferences --> + Advanced --> Cache and + then click both Clear Memory Cache + and Clear Disk Cache. + And, Firefox users would click + Tools --> Options --> + Privacy --> Cache and + then click Clear Cache Now. + + + + -Configuration +Configuration -Can I use my old config files? +Where can I get updated Actions Files? - There are major changes to Junkbuster - configuration from version 2.0.x to 2.9.x and later. The older files will - not work at all. If this is the case, you will need to re-enter your old - data into the new configuration structure. This is probably also a good - recommendation even if upgrading from 2.9.x to 3.x since there were - many minor changes along the way. + Based on your feedback and the continuing development, updated actions files will be + made available on the files section of + our project page. - - + + If you wish to receive an email notification whenever we release updates of + Privoxy or the actions file, subscribe + to our announce mailing list, ijbswa-announce@lists.sourceforge.net. + + + + +Can I use my old config files? + + The syntax and purpose of configuration files has remained the same + throughout the 3.x series. Although each release contains updated, + improved versions and it is recommended to use the newer + configuration files. + + + But all configuration files have substantially + changed from the Junkbuster days, and early + versions of Privoxy 2.x. The old files, like + blocklist will not work at all. + + + Refer to the What's New + page for information on configuration changes that may occur from one release to another. + + + + What is an <quote>actions</quote> file? - actions files are where various actions that - Privoxy might take, are configured. - Typically, you would define a set of default actions that apply - to all URLs, then add exceptions to these defaults. + Actions files + are where various actions + that Privoxy could take while processing a certain + request, are configured. Typically, you would define a set of default actions + that apply to all URLs, then add exceptions to these defaults where needed. + There is a wide array of actions available that give the user a high degree + of control and flexibility on how to process each and every web page. - Actions can be defined on a per site basis, or for groups of sites. Actions - can also be grouped together and then applied to one or more sites. There - are many possible actions that might apply to any given site. As an example, - if we are blocking cookies as one of our default - actions, but need to accept cookies from a given - site, we would define this in our actions file. - - - - - Privoxy comes with several default - actions files, with varying degrees - of filtering and blocking, as starting points for your own - configuration (see below). + Actions can be defined on a URL pattern basis, i.e. + for single URLs, whole web sites, groups or parts thereof etc. Actions can also be + grouped together and then applied to requests matching one or more patterns. + There are many possible actions that might apply to any given site. As an example, + if you are blocking cookies as one of your default actions, but need to accept + cookies from a given site, you would need to define an exception for this + site in one of your actions files, preferably in user.action. - + - -The <quote>actions</quote>concept confuses me. Please list +<sect2 renderas="sect3" id="actionss"> +<title>The <quote>actions</quote> concept confuses me. Please list some of these <quote>actions</quote>. - These are all explained in the - user-manual. - Please refer to that. + For a comprehensive discussion of the actions concept, please refer + to the actions file + chapter in the user + manual. It includes a list of all actions + and an actions + file tutorial to get you started. - + - + How are actions files configured? What is the easiest way to do this? - The easiest way to do this, is to access Privoxy - with your web browser at http://p.p/, - and then select - "Edit the actions list" - from the selection list. You can also do this by editing the appropriate - file with a text editor. + Actions files are just text files in a special syntax and can be edited + with a text editor. But probably the easiest way is to access + Privoxy's user interface with your web browser + at http://config.privoxy.org/ + (Shortcut: http://p.p/) and then select + View & + change the current configuration from the menu. + + + +There are several different <quote>actions</quote> files. What are +the differences? - Please see the - user-manual for a - detailed explanation of these and other configuration files, and their - various options and syntax. + As of Privoxy v2.9.15, three actions files + are being included, to be used for + different purposes: These are + default.action, the main actions file + which is actively maintained by the Privoxy + developers, user.action, where users are encouraged + to make their private customizations, and standard.action, + which is for internal Privoxy use only. + Please see the actions chapter + in the user manual for a more + detailed explanation. - + + Earlier versions included three different versions of the + default.action file. The new scheme allows for + greater flexibility of local configuration, and for browser based + selection of pre-defined aggressiveness levels. + - - What are the differences between -intermediate.action, basic.action, etc.? + + + What's the difference between the +<quote>Cautious</quote>, <quote>Medium</quote> and <quote>Adventuresome</quote> defaults? -Configuring Privoxy is not easy. To help you get -started, we provide you with three different default configurations. The -following table shows you, which features are enabled in each configuration. + Configuring Privoxy is not entirely trivial. To + help you get started, we provide you with three different default action + profiles in the web based actions file editor at http://config.privoxy.org/show-status. + See the User + Manual for a list of actions, and how the default + profiles are set. - -Default Configurations - - - - - - - - - Feature - default.action - basic.action - intermediate.action - advanced.action - - - - - - - - - - - - - - - - - ad-filtering - ? - x - x - x - - - - blank image - ? - x - x - x - - - - de-animate GIFs - ? - x - x - x - - - - referer forging - ? - x - x - x - - - - jon's +no-cookies-keep (i.e. session cookies only) - ? - x - x - x - - - - no-popup windows - ? - - x - x - - - - fast redirects - ? - - x - x - - - - hide-referrer - ? - - x - x - - - - hide-useragent - ? - - x - x - - - - content-modification - ? - - - x - - - - feature-x - ? - - - - - - - feature-y - ? - - - - - - - feature-z - ? - - - - - - - -

+ + + Where the defaults are likely to break some sites, exceptions for + known popular problem sites are included, but in + general, the more aggressive your default settings are, the more exceptions + you will have to make later. See the User Manual + for a more detailed discussion. - - Why can I change the configuration with a -browser? Does that not raise security issues? + + It should be noted that the Adventuresome profile (formerly known + as the Advanced profile) is not only more + aggressive, but also includes fun and, extreme usage of most of + Privoxy's features. Use at your own risk! + + + + + Why can I change the configuration +with a browser? Does that not raise security issues? -What I don't understand, is how I can browser edit the config file as a -regular user, while the whole /etc/privoxy hierarchy belongs to the user -"privoxy", with only 644 perms. + It may seem strange that regular users can edit the config files with their + browsers, although the whole /etc/privoxy hierarchy + belongs to the user privoxy, with only 644 permissions. -When you use the browser-based editor, Privoxy -itself is writing to the config files. Because -Privoxy is running as the user "privoxy", it can -update the config files. + When you use the browser-based editor, Privoxy + itself is writing to the config files. Because + Privoxy is running as the user privoxy, + it can update the config files. -If you don't like this, setting "enable-edit-actions 0" in the config file -will disable the browser-based editor. If you're that paranoid, you should -also consider setting "enable-remote-toggle 0" to prevent browser-based -enabling/disabling of Privoxy. + If you run Privoxy for multiple untrusted users (e.g. in + a LAN), you will probably want to turn the web-based editor and remote toggle + features off by setting enable-edit-actions + 0 and enable-remote-toggle + 0 in the main configuration file. -Note that normally only local users can connect to Privoxy, so this is not -(normally) a security problem. + Note that in the default configuration, only local users (i.e. those on + localhost) can connect to Privoxy, + so this is not (normally) a security problem. - + - -What is a <quote>default.filter</quote>? + +What is the <filename>default.filter</filename> file? What is a <quote>filter</quote>? - The default.filter file is used to filter any - web page content. By filtering we mean it can modify, remove, - or change anything on the page, including HTML tags, and - JavaScript. Regular expressions are used to accomplish this, and operate - on a line by line basis. This is potentially a very powerful feature, but - requires some expertise. + The default.filter + file is where filters as supplied by the developers are defined. + Filters are a special subset of actions that can be used to modify or + remove, web page content on the fly. Filters apply to anything + in the page source (and optionally both client and server headers), including + HTML tags, and JavaScript. Regular expressions are used to accomplish this. + There are a number of pre-defined filters to deal with common annoyances. The + filters are only defined here, to invoke them, you need to use the + filter + action in one of the actions files. Filtering is automatically + disabled for inappropriate MIME types. If you are familiar with regular expressions, and HTML, you can look at - the provided default.filter with a text editor and see - some of things it can be used for. + the provided default.filter with a text editor and define + your own filters. This is potentially a very powerful feature, but + requires some expertise in both regular expressions and HTML/HTTP. You should + place any modifications to the default filters, or any new ones you create + in a separate file, such as user.filter, so they won't + be overwritten during upgrades. The ability to define multiple filter files + in config is a new feature as of v. 3.0.4. - Presently, there is no GUI editor option for this part of the configuration, - but you can disable/enable various sections of the included default - file with the Actions List Editor from your browser. + There is no GUI editor option for this part of the configuration, + but you can disable/enable the various pre-defined filters of the included + default.filter file with the web-based actions file editor. - + - -How can I set up <application>Privoxy</application> to act as a proxy for my +<sect2 renderas="sect3"> +<title id="lanconfig">How can I set up Privoxy to act as a proxy for my LAN? By default, Privoxy only responds to requests - from localhost. To have it act as a server for a network, this needs to be - changed in the main config file where the Privoxy - configuration is located. In that file is a listen-address - option. It may be commented out with a # symbol. Make sure - it is uncommented, and assign it the address of the LAN gateway interface, - and port number to use: + from 127.0.0.1 (localhost). To have it act as a server for + a network, this needs to be changed in the main configuration file. Look for + the listen-address + option, which may be commented out with a # symbol. Make sure + it is uncommented, and assign it the address of the LAN gateway interface, + and port number to use. Assuming your LAN address is 192.168.1.1 and you + wish to run Privoxy on port 8118, this line + should look like: - listen-address 192.168.1.1:8118 - + listen-address 192.168.1.1:8118 @@ -768,234 +854,494 @@ Note that normally only local users can connect to Privoxy - + + Alternately, you can have Privoxy listen on + all available interfaces: + + + + listen-address :8118 + - -Instead of ads, now I get a checkerboard pattern. I don't want to see anything. - This is a configuration option for images that - Privoxy is stopping. You have the choice a checkerboard - pattern, a transparent 1x1 GIF image (aka blank), or a custom - URL or your choice. + And then use Privoxy's + permit-access + feature to limit connections. A firewall in this situation is recommended + as well. - If you want to see nothing, then change the +image-blocker - action to +image-blocker{blank}. This can be done from the - Edit Actions List selection at http://p.p/. Or by hand editing the appropriate - actions file. This will only effect what is defined as images - though. + The above steps should be the same for any TCP network, regardless of + operating system. + + + If you run Privoxy on a LAN with untrusted users, + we recommend that you double-check the access control and security + options! - + - -Why would anybody want to see a checkerboard pattern? + +Instead of ads, now I get a checkerboard pattern. I don't want to see anything. - This can be helpful for troubleshooting problems. It might also be good - for anyone new to Privoxy so that they can - see if their favorite pages are displaying correctly, and - Privoxy is not inadvertently removing something - important. + The replacement for blocked images can be controlled with the set-image-blocker + action. You have the choice of a checkerboard pattern, a transparent 1x1 GIF + image (aka blank), or a redirect to a custom image of your choice. + Note that this choice only has effect for images which are blocked as images, i.e. + whose URLs match both a handle-as-image + and block action. - - - - -I see large red banners on some pages that say -<quote>Blocked</quote>. How do I get rid of this? - These are URLs that match something in one of - Privoxy's block actions (+block). It is meant - to be a warning so that you know something has been blocked and an easy way - for you to see why. These are handled differently than what has been defined - as images (e.g. ad banners). If you want them to be treated - as if they were images, so that they can be made invisible, then move the - offending URL from the +block section to the - +imageblock section of your actions file. Alternately, you - could modify the block HTML template that - is used by Privoxy to display this, and make it - something more to your liking. + If you want to see nothing, then change the set-image-blocker + action to blank. This can be done by editing the + default.action file, or trough the web-based actions file editor. - + - -How can I make <application>Privoxy</application> work with other -proxies like <application>Squid</application>? + +Why would anybody want to see a checkerboard pattern? - This can be done. See the user manual, - which describes how to do this. - + Remember that telling which image is an ad and which + isn't, is mostly guesswork. While we hope that the standard configuration + is rather smart, it can and will make errors. The checkerboard image is visually + decent, but it shows you that and where images were blocked, which can be very + helpful in case some navigation aid or otherwise innocent image was + erroneously blocked. Some people might also enjoy seeing how many banners + they don't have to see.. - - - + +I see some images being replaced by a text +instead of the checkerboard image. Why and how do I get rid of this? + + This happens when the banners are not embedded in the HTML code of the + page itself, but in separate HTML (sub)documents that are loaded into (i)frames + or (i)layers, and these external HTML documents are blocked. Being non-images + they get replaced by a substitute HTML page rather than a substitute image, + which wouldn't work out technically, since the browser expects and accepts + only HTML when it has requested an HTML document. + + + The substitute page adapts to the available space and shows itself as a + miniature two-liner if loaded into small frames, or full-blown with a + large red "BLOCKED" banner if space allows. + + + If you prefer the banners to be blocked by images, you must see to it that + the HTML documents in which they are embedded are not blocked. Clicking + the See why link offered in the substitute page will show + you which rule blocked the page. After changing the rule and un-blocking + the HTML documents, the browser will try to load the actual banner images + and the usual image blocking will (hopefully!) kick in. + + -Miscellaneous - -How much does <application>Privoxy</application> slow my browsing down? This -has to add extra time to browsing. + +Can Privoxy run as a service +on Win2K/NT/XP? - It should not slow you down any in real terms, and may actually help - speed things up since ads, banners and other junk are not being displayed. - The actual processing time required by Privoxy - itself for each page, is relatively small in the overall scheme of things, - and happens very quickly. This is typically more than offset by time saved - not downloading and rendering ad images. + Yes. Version 3.0.4 introduces full Windows service + functionality. See + the User Manual for details on how to install and configure + Privoxy as a service. - - Filtering via the filterfile - mechanism may cause a perceived slowdown, since the entire page is buffered - before displaying. See below. + Earlier versions could run as a system service using srvany.exe. + See the discussion at http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118, + for details, and a sample configuration. + - + +How can I make Privoxy work with other +proxies like Squid or Tor? + + This can be done and is often useful to combine the benefits of + Privoxy with those of a another proxy. + See the forwarding chapter + in the user manual which + describes how to do this. + + + +Can I just set Privoxy to use port 80 +and thus avoid individual browser configuration? -I noticed considerable -delays in page requests compared to the old Junkbuster. What's wrong? -Using the default filtering configuration, I noticed considerable delays in -page requests compared to the old Junkbuster. Loading pages with large contents -seemed to take forever, then suddenly delivering all the content at once. - + No, its more complicated than that. This only works with special kinds + of proxies known as transparent proxies (see below). + + + + + +Can Privoxy run as a <quote>transparent +</quote> proxy? -The whole content must be loaded in order to filter, and nothing is is -sent to the browser during this time. The loading time does not really -change in real numbers, but the feeling is different, because most -browsers are able to start rendering incomplete content, giving the -user a feeling of "it works". - + No, Privoxy currently does not have this ability, + though it may be added in a future release. Transparent proxies require + special handling of the request headers beyond what + Privoxy is now capable of. + + -To modify the content of a page (i.e. make frames resizeable again, etc.) and -not just replace ads, Privoxy needs to download the -entire page first, do its content magic and then send the page to the browser. + Chaining Privoxy behind another proxy that has + this ability should work though. + See the forwarding chapter + in the user manual. As + a transparent proxy to be used for chaining we recommend Transproxy + (http://transproxy.sourceforge.net/). - + -What is the "http://p.p/"? + +How can I configure Privoxy for use with Outlook + Express? -Since Privoxy sits between your web browser and the Internet, it can be -programmed to handle certain pages specially. + Outlook Express uses Internet Explorer + components to both render HTML, and fetch any HTTP requests that may be embedded in an HTML email. + So however you have Privoxy configured to work + with IE, this configuration should automatically be shared. + + +How can I have separate rules just for HTML mail? -With recent versions of Privoxy (version 2.9.x), you can get some -information about Privoxy and change some settings by going to -http://p.p/ or, equivalently, http://ijbswa.sourceforge.net/config/ -(Note that p.p is far easier to type but may not work in some -configurations). + The short answer is, you can't. Privoxy has no way + of knowing which particular application makes a request, so there is no way to + distinguish between web pages and HTML mail. + Privoxy just blindly proxies all requests. In the + case of Outlook Express (see above), OE uses + IE anyway, and there is no way for Privoxy to ever + be able to distinguish between them (nor could any other proxy type application for + that matter). + + For a good discussion of some of the issues involved (including privacy and + security issues), see + http://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118. + + + + +How can I allow permanent cookies for my trusted sites? -These pages are *not* forwarded to a server on the Internet - instead they are -handled by a special web server which is built in to Privoxy. + There are several actions that relate to cookies. The default behavior is to + allow only session cookies, which means the cookies only last + for the current browser session. This eliminates most kinds of abuse related + to cookies. But there may be cases where we want cookies to last. + + + To disable all cookie actions, so that cookies are allowed unrestricted, + both in and out, for example.com: + + + + { -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only -filter{content-cookies} } + .example.com + + + Place the above in user.action. Note some of these may + be off by default anyway, so this might be redundant, but there is no harm + being explicit in what you want to happen. user.action + includes an alias for this situation, called + allow-all-cookies. + + +Can I have separate configurations for different users? -If you are not running Privoxy, then http://p.p/ will fail, and -http://ijbswa.sourceforge.net/config/ will return a web page telling you -you're not running Privoxy. + Each instance of Privoxy has its own + configuration, including such attributes as the TCP port that it listens on. + What you can do is run multiple instances of Privoxy, each with + a unique listen-address and configuration path, and then + each of these can have their own configurations. Think of it as per-port + configuration. + + Simple enough for a few users, but for large installations, consider having + groups of users that might share like configurations. + + + +Can I set-up Privoxy as a whitelist of +<quote>good</quote> sites? -If you have version 2.0.2, then the equivalent is -http://example.com/show-proxy-args (but you get far less information, and you -should really consider upgrading to 2.9.x). + Sure. There are a couple of things you can do for simple whitelisting. + Here's one real easy one: - + + ############################################################ + # Blacklist + ############################################################ + { +block } + / # Block *all* URLs + + ############################################################ + # Whitelist + ############################################################ + { -block } + kids.example.com + toys.example.com + games.example.com + + This allows access to only those three sites. + + + A more interesting approach is Privoxy's + trustfile concept, which incorporates the notion of + trusted referrers. See the User Manual Trust + documentation. + + + These are fairly simple approaches and are not completely foolproof. There + are various other configuration options that should be disabled (described + elsewhere here and in the User Manual) + so that users can't modify their own configuration and easily circumvent the + whitelist. + + - + + + -I get the message 'Bad File Descriptor', why? +Miscellaneous + + +How much does Privoxy slow my browsing down? This +has to add extra time to browsing. - Fillme. + How much of an impact depends on many things, including the CPU of the host + system, how aggressive the configuration is, which specific actions are being triggered, + the size of the page, etc. + + + Overall, it should not slow you down any in real terms, and may actually help + speed things up since ads, banners and other junk are not typically being displayed. + The actual processing time required by Privoxy + itself for each page, is relatively small in the overall scheme of things, + and happens very quickly. This is typically more than offset by time saved + not downloading and rendering ad images (if ad blocking is being used). - -How do I chain <application>Privoxy</application> with other proxies -(e.g. squid)? - Fillme. + Filtering content via the filter or + deanimate-gifs + actions will certainly cause a perceived slowdown, since the entire document + needs to be buffered before displaying. And on very large documents, there may be + some impact. How much depends on the page size, the actual definition of the + filter(s), etc. See below. Most other actions have little to no impact on + speed. - ---> -Do you still maintain the blocklists? + + + +I notice considerable +delays in page requests compared to the old Junkbuster. What's wrong? - No. The format of the blocklists has changed significantly in the versions - 2.9.x. Once we have released the new version, there will again be - blocklists that you can update automatically. + If you use any filter action, + such as filtering banners by size, web-bugs etc, or the deanimate-gifs + action, the entire document must be loaded into memory in order for the filtering + mechanism to work, and nothing is sent to the browser during this time. + + + The loading time typically does not really change much in real numbers, but + the feeling is different, because most browsers are able to start rendering + incomplete content, giving the user a feeling of "it works". This effect is + more noticeable on slower dialup connections. Extremely large documents + may have some impact on the time to load the page where there is filtering + being done. But overall, the difference should be very minimal. If there is a + big impact, then probably some other problem is contributing. + + + Filtering is automatically disabled for inappropriate MIME types. But note + that if the web server mis-reports the MIME type, then content that should + not be filtered, could be. Privoxy only knows how + to differentiate filterable content because of the MIME type as reported by + the server, or because of some configuration setting that enables/disables + filtering. + - + -How can I submit new ads? + +I just installed Privoxy, and all my +browsing has slowed to a crawl. What gives? - As of now, please discontinue to submit new ad blocking infos. Once we - have released the new version, there will again be a form on the website, - which you can use to contribute new ads. + This should not happen, and for the overwhelming number of users world-wide, + it does not happen. I would suspect some inadvertent interaction of software + components such as anti-virus software, spyware protectors, personal + firewalls or similar components. Try disabling (or uninstalling) these one + at a time and see if that helps. - + -How can I hide my IP address? +What are "http://config.privoxy.org/" and +"http://p.p/"? - You cannot hide your IP address with Privoxy or any other software, since -the server needs to know your IP address to send the answer to you. + http://config.privoxy.org/ is the + address of Privoxy's built-in user interface, and + http://p.p/ is a shortcut for it. -Fortunately there are many publicly usable anonymous proxies out there, which -solve the problem by providing a further level of indirection between you and -the web server, shared by many people and thus letting your requests "drown" -in white noise of unrelated requests as far as user tracking is concerned. + Since Privoxy sits between your web browser and the Internet, + it can simply intercept requests for these addresses and answer them with its built-in + web server. -Most of them will, however, log your IP address and make it available to the -authorities in case you abuse that anonymity for criminal purposes. In fact -you can't even rule out that some of them only exist to *collect* information -on (those suspicious) people with a more than average preference for privacy. + This also makes for a good test for your browser configuration: If entering the + URL http://config.privoxy.org/ + takes you to a page saying This is Privoxy ..., everything is OK. + If you get a page saying Privoxy is not working instead, then + your browser didn't use Privoxy for the request, + hence it could not be intercepted, and you have accessed the real + web site at config.privoxy.org. -You can find a list of anonymous public proxies at multiproxy.org and many -more through Google. + With recent versions of Privoxy (version 2.9.x and + later), the user interface features information on the run time status, the + configuration, and even a built-in editor for the actions files. + + + + Note that the built-in URLs from earlier versions of Junkbuster + / Privoxy, http://example.com/show-proxy-args and http://i.j.b/, + are no longer supported. If you still use such an old version, you should really consider + upgrading to &p-version;. + + + + +How can I submit new ads, or report +problems? + +Please see the Contact section for +various ways to interact with the developers. - - - - - - - - + - -Can <application>Privoxy</application> guarantee I am anonymous? +Why doesn't anyone answer my support +request? + +Rest assured that it has been read and considered. Why it is not answered, +could be for various reasons, including no one has a good answer for it, no +one has had time to yet investigate it thoroughly, it has been reported +numerous times already, or because not enough information was provided to help +us help you. Your efforts are not wasted, and we do appreciate them. + + + + + +How can I hide my IP address? + + If you run both the browser and the proxy locally, you cannot hide your IP + address with Privoxy or ultimately any other + software. The server needs to know your IP address so that it knows where to + send the responses back. + + + There are many publicly usable "anonymous" proxies out there, which + provide a further level of indirection between you and the web server. + + + However, these proxies are called "anonymous" because you don't need + a password, not because they would offer any real anonymity. + Most of them will log your IP address and make it available to the + authorities in case you violate the law of the country they run in. In fact + you can't even rule out that some of them only exist to *collect* information + on (those suspicious) people with a more than average preference for privacy. + + + Your best bet is to chain Privoxy + with Tor, + an EFF supported onion routing system. + The configuration details can be found in + How do I use Privoxy together with Tor?. + + + + + +Can Privoxy guarantee I am anonymous? No. Your chances of remaining anonymous are greatly improved, but unless you - are an expert on Internet security it would be safest to assume that - everything you do on the Web can be traced back to you. + chain Privoxy with Tor + or a similar system and know what you're doing when it comes to configuring + the rest of your system, it would be safest to assume that everything you do + on the Web can be traced back to you. Privoxy can remove various information about you, and allows you more freedom to decide which sites - you can trust. But it's still possible that web sites can find out who you - are. Here's one way this can happen. + you can trust, and what details you want to reveal. But it neither + hides your ip address, nor can it guarantee that the rest of the system + behaves correctly. There are several possibilities how a web sites can find + out who you are, even if you are using a strict Privoxy + configuration and chained it with Tor. + + + Most of Privoxy's protection can be easily subverted + by an insecure browser configuration, therefore you should use a browser that can + be configured to only execute code from trusted sites, and be careful which sites you trust. + For example there is no point in having Privoxy + modify the User-Agent header, if websites can get all the information they want + through JavaScript, ActiveX, Flash, Java etc. A few browsers disclose the user's email address in certain situations, such @@ -1013,11 +1359,98 @@ more through Google. Luke! - + - -Might some things break because header information is -being altered? +How do I use Privoxy + together with Tor? + + Before you configure Privoxy to use Tor + (http://tor.eff.org/), + please follow the User Manual chapters + 2. Installation and + 5. Startup to make sure + Privoxy itself is setup correctly. + + + If it is, refer to Tor's + extensive documentation to learn how to install Tor, + and make sure Tor's logfile says that + Tor has successfully opened a circuit and it + [l]ooks like client functionality is working. + + + If either Tor or Privoxy + isn't working, their combination most likely will neither. Testing them on their + own will also help you to direct problem reports to the right audience. + If Privoxy isn't working, don't bother the + Tor developers. If Tor + isn't working, don't send bug reports to the Privoxy Team. + + + If you verified that Privoxy and Tor + are working, it is time to connect them. As far as Privoxy + is concerned, Tor is just another proxy that can be reached + by socks4 or socks4a. Most likely you are interested in Tor + to increase your anonymity level, therefore you should use socks4a, + to make sure Privoxy's DNS requests are + done through Tor and thus invisible to your local network. + + + Since Privoxy 3.0.4, its configuration (section 5.2) + is already prepared for Tor, if you are using a + default Tor configuration and run it on the same + system as Privoxy, you just have to uncomment the line: + + + +# forward-socks4a / 127.0.0.1:9050 . + + + + This is enough to reach the Internet, but additionally you should + uncomment the following forward rules, to make sure your local network is still + reachable through Privoxy: + + + +# forward 192.168.*.*/ . +# forward 10.*.*.*/ . +# forward 127.*.*.*/ . + + + + Unencrypted connections to systems in these address ranges will + be as (un)secure as the local network is, but the alternative is + that you can't reach the network at all. + If you also want to be able to reach servers in your local + network by using their names, you will need additional + exceptions that look like this: + + + +# forward localhost/ . + + + + Save the modified configuration file and open + http://config.privoxy.org/show-status/ + in your browser, confirm that Privoxy has reloaded its configuration + and that there are no other forward lines, unless you know that you need them. I everything looks good, + refer to + Tor + Faq 4.2 to learn how to verify that you are really using Tor. + + + Afterward, please take the time to at least skim through the rest + of Tor's documentation. Make sure you understand + what Tor does, why it is no replacement for + application level security, and why you shouldn't use it for unencrypted logins. + + + + +Might some things break because header information or +content is being altered? Definitely. More and more sites use HTTP header content to decide what to @@ -1026,10 +1459,10 @@ being altered? - USER AGENT in particular is often used in this way to identify - the browser, and adjust content accordingly. Changing this now is not - recommended, since so many sites do look for this. You may get undesirable - results by changing this. + User-Agent in particular is often used in this way to identify + the browser, and adjust content accordingly. Changing this now (at least not + further than removing the OS information) is not recommended, since so many + sites do look for it. You may get undesirable results by changing this. @@ -1039,134 +1472,310 @@ being altered? operating system or browser manufacturer causes some sites in these languages to be garbled; Surfers to Eastern European sites should change it to something closer. And then some page access counters work by looking at the - REFERER header; they may fail or break if unavailable. The + Referer header; they may fail or break if unavailable. The weather maps of Intellicast have been blocked by their server when no - REFERER or cookie is provided, is another example. There are - many, many other ways things can go wrong when trying to fool a web server. + Referer or cookie is provided, is another example. (But you + can forge both headers without giving information away). There are + many other ways things can go wrong when trying to fool a web server. + + + + Similar thoughts apply to modifying JavaScript, and, to a lesser degree, + HTML elements. If you have problems with a site, you will have to adjust your configuration accordingly. Cookies are probably the most likely adjustment that may be required, but by no means the only one. - - + - -Can <application>Privoxy</application> act as a <quote>caching</quote> proxy to +<sect2 renderas="sect3"> +<title id="caching">Can Privoxy act as a <quote>caching</quote> proxy to speed up web browsing? No, it does not have this ability at all. You want something like Squid for this. And, yes, before you ask, Privoxy can co-exist - with other kinds of proxies like Squid. + with other kinds of proxies like Squid. + See the forwarding + chapter in the user + manual for details. - + - -What about as a firewall? Can <application>Privoxy</application> protect me? + +What about as a firewall? Can Privoxy protect me? - Not in the way you mean, or in the way a true firewall can, or a proxy that - has this specific capability. Privoxy can help - protect your privacy, but not really protect you from intrusion attempts. + Not in the way you mean, or in the way a true firewall can. + Privoxy can help protect your privacy, but not + protect you from intrusion attempts. It is, of course, perfectly possible + and recommended to use both. - - - - -The <application>Privoxy</application> logo that replaces ads is very blocky -and ugly looking. Can't a better font be used? + + +I have large empty spaces / a checkerboard pattern now where +ads used to be. Why? - This is not a font problem. The logo is an image that is created by - Privoxy on the fly. So as to not waste - memory, the image is rather small. The blockiness comes when the - image is scaled to fill a largish area. There is not much to be done - about this, other than to use one of the other - imageblock directives: pattern, - blank, or a URL of your choosing. + It would be technically possible eliminate the banners in a way that frees + their screen estate in many cases, by doing all banner blocking with filters, + i.e. eliminating the whole image references from the HTML pages instead + of letting them stay in, and blocking the resulting requests for the + banners themselves. -Given the above problem, we have decided to remove the logo option entirely -[as of v2.9.13]. + But this would consume considerable CPU resources, would likely destroy + the layout of many web pages which rely on the banners consuming a certain + amount of screen space, and would fail in other cases, where the screen space + is reserved e.g. by tables anyway. Also, making the banners disappear without + a visual trace complicates troubleshooting. - - - - -I have large empty spaces now where ads used to be. -Why does <application>Privoxy</application> leave these large gaps? - It would be easy enough to just eliminate this space altogether, rather than - fill it with blank space. But, this would create problems with many pages - that use the overall size of the ad to help organize the page layout and - position the various components of the page where they were intended to be. - It is best left this way. + So we won't support this in the default configuration, but you can of course + define appropriate filters yourself. + - - - -How can <application>Privoxy</application> filter Secure (HTTPS) URLs? + +How can Privoxy filter Secure (HTTPS) URLs? - This is a limitation since HTTPS transactions are encrypted SSL sessions - between your browser and the secure site, and are meant to be reliably - secure and private. This means that all cookies and HTTP - header information are also encrypted from the time they leave your browser, - to the site, and vice versa. Privoxy does not - try to unencrypt this information, so it just passes through as is. - Privoxy can still catch images and ads that - are embedded in the SSL stream though. + Since secure HTTP connections are encrypted SSL sessions between your browser + and the secure site, and are meant to be reliably secure, + there is little that Privoxy can do but hand the raw + gibberish data though from one end to the other unprocessed. + + + The only exception to this is blocking by host patterns, as the client needs + to tell Privoxy the name of the remote server, + so that Privoxy can establish the connection. + If that name matches a host-only pattern, the connection will be blocked. + + + As far as ad blocking is concerned, this is less of a restriction than it may + seem, since ad sources are often identifiable by the host name, and often + the banners to be placed in an encrypted page come unencrypted nonetheless + for efficiency reasons, which exposes them to the full power of + Privoxy's ad blocking. + + + Content cookies (those that are embedded in the actual HTML or + JS page content, see filter{content-cookies}), + in an SSL transaction will be impossible to block under these conditions. + Fortunately, this does not seem to be a very common scenario since most + cookies come by traditional means. - - + - -<application>Privoxy</application> runs as a <quote>server</quote>. How +<sect2 renderas="sect3"> +<title id="secure">Privoxy runs as a <quote>server</quote>. How secure is it? Do I need to take any special precautions? - There are no known exploits that might effect + There are no known exploits that might affect Privoxy. On Unix-like systems, Privoxy can run as a non-privileged user, which is how we recommend it be run. Also, by default Privoxy only listens to requests - from localhost. It is not itself directly exposed to the + from localhost only. The server aspect of + Privoxy is not itself directly exposed to the Internet in this configuration. If you want to have Privoxy serve as a LAN proxy, this will have to be opened up to allow for LAN requests. In this case, we'd recommend - you specify only the LAN gateway address, e.g. 192.168.1.1 in the main - Privoxy config file. All LAN hosts can then use - this as their proxy address in the browser proxy configuration. In this way, - Privoxy will not listen on any external ports. - Of course, a firewall is always good too. Better safe than sorry. + you specify only the LAN gateway address, e.g. 192.168.1.1, in the main + Privoxy configuration file and check all access control and security + options. All LAN hosts can then use this as their proxy address + in the browser proxy configuration, but Privoxy + will not listen on any external interfaces. ACLs can be defined in addition, + and using a firewall is always good too. Better safe than sorry. - + - -How can I temporarily disable <application>Privoxy</application>? + +How can I temporarily disable Privoxy? The easiest way is to access Privoxy with your - browser by using the special URL: http://p.p/ - and select "Toggle Privoxy on or off" from that page. + browser by using the remote toggle URL: http://config.privoxy.org/toggle. + See the Bookmarklets section + of the User Manual for an easy way to access this + feature. + + + +When <quote>disabled</quote> is Privoxy totally +out of the picture? + + No, this just means all filtering and actions are disabled. + Privoxy is still acting as a proxy, but just not + doing any of the things that Privoxy would + normally be expected to do. It is still a middle-man in + the interaction between your browser and web sites. - + + + +My logs show Privoxy <quote>crunches</quote> +ads, but also its own internal CGI pages. What is a <quote>crunch</quote>? + + A crunch simply means Privoxy intercepted + something, nothing more. Often this is indeed ads or + banners, but Privoxy uses the same mechanism for + trapping requests for its own internal pages. For instance, a request for + Privoxy's configuration page at: http://config.privoxy.org, is + intercepted (i.e. it does not go out to the 'net), and the familiar CGI + configuration is returned to the browser, and the log consequently will show + a crunch. + + + + +Can Privoxy effect files that I download +from a webserver? FTP server? + + From the webserver's perspective, there is no difference between + viewing a document (i.e. a page), and downloading a file. The same is true of + Privoxy. If there is a match for a block pattern, + it will still be blocked, and of course this is obvious. + + + Filtering is potentially more of a concern since the results are not always + so obvious, and the effects of filtering are there whether the file is simply + viewed, or downloaded. And potentially whether the content is some obnoxious + advertizement, or Mr. Jimmy's latest/greatest source code jewel. Of course, + one of these presumably is bad content that we don't want, and + the other is good content that we do want. + Privoxy is blind to the differences, and can only + distinguish good from bad by the configuration parameters + we give it. + + + Privoxy knows the differences in files according + to the Document Type as reported by the webserver. If this is + reported accurately (e.g. application/zip for a zip archive), + then Privoxy knows to ignore these where + appropriate. Privoxy potentially can filter HTML + as well as plain text documents, subject to configuration parameters of + course. Also, documents that are of an unknown type (generally assumed to be + text/plain) can be filtered, as will those that might be + incorrectly reported by the webserver. If such a file is a downloaded file + that is intended to be saved to disk, then any content that might have been + altered by filtering, will be saved too, for these (probably rare) cases. + + + Note that versions later than 3.0.2 do NOT filter document types reported as + text/plain. Prior to this, Privoxy + did filter this document type. + + + In short, filtering is ON if a) the Document Type as reported + by the webserver is appropriate and b) the configuration + allows it (or at least does not disallow it). That's it. There is no magic + cookie anywhere to say this is good and this is + bad. It's the configuration that let's it all happen or not. + + + If you download text files, you probably do not want these to be filtered, + particularly if the content is source code, or other critical content. Source + code sometimes might be mistaken for Javascript (i.e. the kind that might + open a pop-up window). It is recommended to turn off filtering for download + sites (particularly if the content may be plain text files and you are using + version 3.0.2 or earlier) in your user.action file. And + also, for any site or page where making any changes at + all to the content is to be avoided. + + + Privoxy does not do FTP at all, only HTTP + protocols, so please don't try. + + + + +I just downloaded a Perl script, and Privoxy +altered it! Yikes, what is wrong! + + Please read above. + + + + +Should I continue to use a <quote>HOSTS</quote> file for ad-blocking? + + One time-tested technique to defeat common ads is to trick the local DNS + system by giving a phony IP address for the ad generator in the local + HOSTS file, typically using 127.0.0.1, aka + localhost. This effectively blocks the ad. + + + There is no reason to use this technique in conjunction with + Privoxy. Privoxy + does essentially the same thing, much more elegantly and with much more + flexibility. A large HOSTS file, in fact, not only + duplicates effort, but may get in the way. It is recommended to remove + such entries from your HOSTS file. If you think + your hosts list is neglected by Privoxy's + configuration, consider adding your list to your user.action file: + + + + { +block } + www.ad.example1.com + ad.example2.com + ads.galore.example.com + etc.example.com + + + + +Where can I find more information about Privoxy +and related issues? + + &seealso; + + + + + + +I've noticed that Privoxy changes <quote>Microsoft</quote> to +<quote>MicroSuck</quote>! Why are you manipulating my browsing? + + We're not. The text substitutions that you are seeing are disabled + in the default configuration as shipped. You have either manually + activated the fun filter which + is clearly labeled Text replacements for subversive browsing + fun! or you are using an older Privoxy version and have implicitly + activated it by choosing the Adventuresome profile in the + web-based editor. + + + - -Troubleshooting + +Troubleshooting - -I just upgraded and am getting <quote>connection refused</quote> +<sect2 renderas="sect3"> +<title id="refused">I am getting <quote>connection refused</quote> with every web page? Either Privoxy is not running, or your @@ -1175,19 +1784,20 @@ with every web page? - The old Privoxy (and also + Early Privoxy 2.x versions (and also Junkbuster) used port 8000 by default. This has been changed to port 8118 now, due to a conflict with NAS (Network Audio Service), which uses port 8000. If you haven't, you need to change your browser to the new port number, or alternately - change Privoxy's listen-address - setting in the config file used to start - Privoxy. + change the listen-address + option in Privoxy's main configuration file. - + - + I just added a new rule, but the steenkin ad is still getting through. How? @@ -1201,98 +1811,453 @@ still getting through. How? If this doesn't help, you probably have an error in the rule you applied. Try pasting the full URL of the offending ad into http://ijbswa.sourceforge.net/config/show-url-info - and see if any actions match your new rule. + url="http://config.privoxy.org/show-url-info">http://config.privoxy.org/show-url-info + and see if it really matches your new rule. Blocking ads is like blocking + spam: a lot of tinkering is required to stay ahead of the game. - + - -One of my favorite sites does not work with <application>Privoxy</application>. +<sect2 id="badsite" renderas="sect3"> +<title >One of my favorite sites does not work with Privoxy. What can I do? First verify that it is indeed a Privoxy problem, - by disabling Privoxy filtering and blocking. - Go to http://p.p/ and click on - Toggle Privoxy On or Off, then disable it. Now try that - page again. + by toggling off Privoxy through http://config.privoxy.org/toggle, + and then shift-reloading the problem page (i.e. holding down the shift key + while clicking reload. Alternatively, flush your browser's disk and memory + caches). - If still a problem, go to Show which actions apply to a URL and - why from http://p.p/ and paste - the full URL of the page in question into the prompt. See which actions are - being applied to the URL. Now, armed with this information, go to Edit - the actions list. Here you should see various sections that have - various Privoxy features disabled for specific - sites. Disabled actions will have a - (minus - sign) in front of them. Add your problem page URL to one of these sections - that looks like it is disabling the feature that is causing the - problem. Re-try the page. There might be some trial and error involved. This - is discussed in a little more detail in the user-manual - appendix. + If still a problem, go to http://config.privoxy.org/show-url-info + and paste the full URL of the page in question into the prompt. See which actions + are being applied to the URL, and which matches in which actions files are + responsible for that. Now, armed with this information, go to http://config.privoxy.org/show-status + and select the appropriate actions files for editing. + + + You can now either look for a section which disables the actions that + you suspect to cause the problem and add a pattern for your site there, + or make up a completely new section for your site. In any case, the recommended + way is to disable only the prime suspect, reload the problem page, and only + if the problem persists, disable more and more actions until you have + identified the culprit. You may or may not want to turn the other actions + on again. Remember to flush your browser's caches in between any such changes! + + + Alternately, if you are comfortable with a text editor, you can accomplish + the same thing by editing the appropriate actions file. Probably the easiest + way to deal with such problems when editing by hand is to add your + site to a { fragile } section in user.action, + which is an alias that turns off most dangerous + actions, but is also likely to turn off more actions then needed, and thus lower + your privacy and protection more than necessary, + + + Troubleshooting actions is discussed in more detail in the user-manual appendix. + There is also an actions tutorial. + + + + + + +After installing Privoxy, I have to log in +every time I start IE. What gives? + + + This is a quirk that effects the installation of + Privoxy, in conjunction with Internet Explorer and + Internet Connection Sharing on Windows 2000 and Windows XP. The symptoms may + appear to be corrupted or invalid DUN settings, or passwords. - Alternately, if you are comfortable with a text editor, you can accomplish - the same thing by editing the appropriate actions file. + When setting up an NT based Windows system with + Privoxy you may find that things do not seem to be + doing what you expect. When you set your system up you will probably have set + up Internet Connection Sharing (ICS) with Dial up Networking (DUN) when + logged in with administrator privileges. You will probably have made this DUN + connection available to other accounts that you may have set-up on your + system. E.g. Mum or Dad sets up the system and makes accounts suitably + configured for the kids. - + + When setting up Privoxy in this environment you + will have to alter the proxy set-up of Internet Explorer (IE) for the + specific DUN connection on which you wish to use + Privoxy. When you do this the ICS DUN set-up + becomes user specific. In this instance you will see no difference if you + change the DUN connection under the account used to set-up the connection. + However when you do this from another user you will notice that the DUN + connection changes to make available to "Me only". You will also find that + you have to store the password under each different user! + - -What time is it? - Time for you to go! + The reason for this is that each user's set-up for IE is user specific. Each + set-up DUN connection and each LAN connection in IE store the settings for + each user individually. As such this enforces individual configurations + rather than common ones. Hence the first time you use a DUN connection after + re-booting your system it may not perform as you expect, and prompt you for + the password. Just set and save the password again and all should be OK. - + +[Thanks to Ray Griffith for this submission.] + - + + +I cannot connect to any FTP sites. Privoxy + is blocking me. + + Privoxy cannot act as a proxy for FTP traffic, + so do not configure your browser to use Privoxy + as an FTP proxy. The same is true for any protocol other than HTTP + or HTTPS (SSL). + + + Most browsers understand FTP as well as HTTP. If you connect to a site, with + a URL like ftp://ftp.example.com, your browser is making + an FTP connection, and not a HTTP connection. So while your browser may + speak FTP, Privoxy does not, and cannot proxy + such traffic. + + + To complicate matters, some systems may have a generic proxy + setting, which will silently various protocols, including + both HTTP and FTP proxying! So it is possible to + accidentally enable FTP proxying in these cases. And of course, if this + happens, Privoxy will indeed cause problems since + it does not know FTP. Newer version will give a sane error message if a FTP + connection is attempted. + + + Will Privoxy ever proxy FTP traffic? Unlikely. + There just is not much reason, and the work to make this happen is more than + it may seem. + + + + + +In Mac OSX, I can't configure Microsoft Internet Explorer to use + Privoxy as the HTTP proxy. + + Microsoft Internet Explorer (in versions like 5.1) respects system-wide + network settings. In order to change the HTTP proxy, open System + Preferences, and click on the Network icon. In the settings pane that + comes up, click on the Proxies tab. Ensure the "Web Proxy (HTTP)" checkbox + is checked and enter 127.0.0.1 in the entry field. + Enter 8118 in the Port field. The next time you start + IE, it should reflect these values. + + - + +In Mac OSX Panther (10.3), images often fail to load and/or I + experience random delays in page loading. I'm using + <literal>localhost</literal> as my browser's proxy setting. + + We believe this is due to an IPv6-related bug in OSX, but don't fully + understand the issue yet. In any case, changing the proxy setting to + 127.0.0.1 instead of localhost + works around the problem. + + + + + +I get a completely blank page at one site. <quote>View Source</quote> + shows only: <markup><![CDATA[<html><body></body></html>]]></markup>. Without + Privoxy the page loads fine. + + Chances are that the site suffers from a bug in + PHP, + which results in empty pages being sent if the client explicitly requests + an uncompressed page, like Privoxy does. + This bug has been fixed in PHP 4.2.3. + + + To find out if this is in fact the source of the problem, try adding + the site to a -prevent-compression section in + user.action: + + + # Make exceptions for ill-behaved sites: + # + {-prevent-compression} + .example.com + + If that works, you may also want to report the problem to the + site's webmasters, telling them to use zlib.output_compression + instead of ob_gzhandler in their PHP applications (workaround) + or upgrade to PHP 4.2.3 or later (fix). + + + + + +Why am I getting a 503 Error (WSAECONNREFUSED) on every page? + + More than likely this is a problem with your TCP/IP networking. ZoneAlarm has + been reported to cause this symptom -- even if not running. The solution is + to either fight the ZA configuration, or uninstall ZoneAlarm, and then find + something better behaved in its place. Other personal firewall type products + may cause similar type problems if not configured correctly. + + + + +My logs show many <quote>Unable to get my own hostname</quote> lines. +Why? - Fillme. + Privoxy tries to get the hostname of the system + its running on from the IP address of the system interface it is bound to + (from the config file + listen-address setting). If the system cannot supply + this information, Privoxy logs this condition. - ---> + + Typically, this would be considered a minor system configuration error. It is + not a fatal error to Privoxy however, but may + result in a much slower response from Privoxy on + some platforms due to DNS timeouts. + + - - - -Copyright and History -Please see the user manual for information on Copyright and History. + + + + + What is the <quote>demoronizer</quote> and why is it there? + + + The original demoronizer was a Perl script that cleaned up HTML pages which + were created with certain Microsoft products. MS has used proprietary extensions + to standardized font encodings (ISO 8859-1), which has caused problems for pages + that are viewed with non-Microsoft products (and are expecting to see a + standard set of fonts). The demoronizer corrected these errors so the pages + displayed correctly. Privoxy borrowed from this + script, introducing a filter based on the original demoronizer, which in turn could + correct these errors on the fly. + + + But this is only needed in some situations, and will cause serious problems in some + other situations. + + + If you are using Microsoft products, you do not need it. If you need to view + pages with UTF-8 characters (such as Cyrillic or Chinese), then it will + cause corruption of the fonts, and thus should not be on. + + + On the other hand, if you use non-Microsoft products, and you occasionally + notice wierd characters on pages, you might want to try it. + + + + + + Why do I keep seeing <quote>PrivoxyWindowOpen()</quote> in raw source code? + + + Privoxy is attempting to disable malicious + Javascript in this case, with the unsolicited-popups + filter. Privoxy cannot tell very well + good code snippets from bad code snippets. + + If you see this in HTML source, and the page displays without problems, then + this is good, and likely some pop-up window was disabled. If you see this + where it is causing a problem, such as a downloaded program source code file, + then you should set an exception for this site or page such that the + integrity of the page stays in tact by disabling all filtering. + + + + + + I am getting too many DNS errors like <quote>404 No Such Domain</quote>. Why + can't Privoxy do this better? + + + There are potentially several factors here. First of all, the DNS resolution + is done by the underlying operating system -- not + Privoxy itself. Privoxy + merely initiates the process and hands it off, and then later reports + whatever the outcome was. And tries to give a coherent message if there seems + to be a problem. In some cases, this might otherwise be mitigated by the + browser itself which might try some work-arounds and alternate approaches (e.g + adding www. to the URL). In other cases, if + Privoxy is being chained with another proxy, this + could complicate the issue, and cause undue + delays and timeouts. In the case of a socks4a proxy, the socks + server handles all the DNS. Privoxy would just be + the messenger which is reporting whatever problem occurred + downstream, and not the root cause of the error. + + + In any case, v. 3.0.4 includes various improvements to help + Privoxy better handle these cases. + + + + + + At one site Privoxy just hangs, and starts taking + all CPU. Why is this? + + + This is probably a manifestation of the 100% cpu problem that + occurs on pages containing many (thousands upon thousands) of blank lines. The blank lines + are in the raw HTML source of the page, and the browser just ignores them. But the + pattern matching in Privoxy's page filtering + mechanism is trying to match against absurdly long strings and this becomes + very CPU-intensive, taking a long, long time to complete. Until a better + solution comes along, disable filtering on these pages, particularly the + js-annoyances and unsolicited-popups + filters. + + + + + + + Contacting the developers, Bug Reporting and Feature Requests + + &contacting; + + + +Privoxy Copyright, License and History + + + ©right; + + + + + Portions of this document are borrowed from the original + Junkbuster (tm) FAQ, and modified as + appropriate for Privoxy. + + + + License + + &license; + + + + + + History + + &history; + + + + + + + + + + + + +