Why <quote>Privoxy</quote>? Why change the name from +<sect2 renderas="sect3" id="whyprivoxy"> +<title>Why <quote>Privoxy</quote>? Why change the name from Junkbuster at all?

X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Ffaq.sgml;h=e7f71018b272de1d7f9f01f2bb4128c566735bbf;hp=17d59afb12dd491b25283716d112489f588373b2;hb=979620bb4c7aaaeb96f07b73b823c686d83cf14c;hpb=9600b87d16d405a4320ba1f11d14a400cce74e82 diff --git a/doc/source/faq.sgml b/doc/source/faq.sgml index 17d59afb..e7f71018 100644 --- a/doc/source/faq.sgml +++ b/doc/source/faq.sgml @@ -8,10 +8,10 @@ - - - - + + + + @@ -21,15 +21,11 @@ Privoxy"> ]> - Copyright &my-copy; 2001-2014 by - Privoxy Developers + Copyright &my-copy; 2001-2020 by + Privoxy Developers -$Id: faq.sgml,v 2.102 2014/10/06 10:20:09 fabiankeil Exp $ - @@ -135,14 +125,11 @@ Hal. Please note that this document is a work in progress. This copy represents the state at the release of version &p-version;. You can find the latest version of the document at http://www.privoxy.org/faq/. + url="https://www.privoxy.org/faq/">https://www.privoxy.org/faq/. Please see the Contact section if you want to contact the developers. - - - @@ -236,8 +223,8 @@ Privoxy work? - -Why <quote>Privoxy</quote>? Why change the name from +<sect2 renderas="sect3" id="whyprivoxy"> +<title>Why <quote>Privoxy</quote>? Why change the name from Junkbuster at all? Though outdated, Junkbusters Corporation continued to offer their original @@ -289,8 +276,7 @@ from the old Junkbuster? -How does Privoxy know what is -an ad, and what is not? +How does Privoxy know what is an ad, and what is not? Privoxy's approach to blocking ads is twofold: @@ -318,8 +304,8 @@ an ad, and what is not? - -Can Privoxy make mistakes? +<sect2 renderas="sect3" id="mistakes"> +<title>Can Privoxy make mistakes? This does not sound very scientific. Actually, it's a black art ;-) And yes, it is always possible to have a broad @@ -338,8 +324,8 @@ This does not sound very scientific. - -Will I have to configure Privoxy +<sect2 renderas="sect3" id="configornot"> +<title>Will I have to configure Privoxy before I can use it? That depends on your expectations. @@ -463,9 +449,9 @@ warranty? Registration? -I would like to help you, what can I do? +I would like to help you, what can I do? -Would you like to participate? +Would you like to participate? Well, we always need help. There is something for everybody who wants to help us. We welcome new developers, packagers, @@ -479,8 +465,8 @@ warranty? Registration? So first thing, subscribe to the Privoxy Users - or the Privoxy + url="https://lists.privoxy.org/mailman/listinfo/privoxy-users">Privoxy Users + or the Privoxy Developers mailing list, join the discussion, help out other users, provide general feedback or report problems you noticed. @@ -495,7 +481,7 @@ warranty? Registration? While it is partly out of date, it's still worth reading. - Our TODO list + Our TODO list may be of interest to you as well. Please let us know if you want to work on one of the items listed. @@ -504,43 +490,82 @@ warranty? Registration? Would you like to donate? Donations are welcome. Our - TODO list + TODO list is rather long and being able to pay one (or more) developers to work on Privoxy - a couple of weeks in a row would make a huge difference. + would make a huge difference, even if it was only for a couple of weeks. Donations may + also be used for Privoxy-related travel expenses (for example to attend conferences), + for hardware used for Privoxy development and for hosting expenses etc. Privoxy is an associated - project of Software + project of Software in the Public Interest (SPI), which allows us to receive - tax-deductible donations in the United States. If you want to donate through - SPI, please use SPI's donation page - to see what the options are. - - - - You can also donate to Privoxy using a bank account managed by - Zwiebelfreunde e.V.: - - - Name on Account: Zwiebelfreunde e.V. - IBAN: DE95430609671126825604 - BIC: GENODEM1GLS - Bank: GLS Bank - - - Donations made through Zwiebelfreunde e.V. are tax-deductible in Germany - and other countries that recognize German charitable clubs. Feel free to - use the Subject field to provide a name to be credited and a list of TODO - list items you are interested in the most. For example: Max Mustermann: #16, #1, #14. + tax-deductible donations in the United States. + You can donate via Paypal + and Click & Pledge. + For details, please have a look at + SPI's general donation page. If you have any questions regarding donations please mail to either the public user mailing list or, if it's a private matter, to - Fabian Keil (Privoxy's SPI liason) + Fabian Keil (Privoxy's SPI liaison) directly. + + + @@ -629,7 +654,6 @@ special I have to do now? details. You should also flush your browser's memory and disk cache to get rid of any cached junk items, and remove any stored cookies. - @@ -692,9 +716,9 @@ All the ads are there. What's wrong? Privoxy is not running at all. Check the log file. For instructions on starting Privoxy and browser configuration, - see the chapter + see the chapter on starting Privoxy in the - User Manual. + User Manual. @@ -707,9 +731,9 @@ Privoxy is running and being used. First, make sure that Privoxy is really running and being used by visiting http://p.p/. You should see the Privoxy main page. If not, see - the chapter + the chapter on starting Privoxy in the - User Manual. + User Manual. @@ -742,8 +766,8 @@ Privoxy is running and being used. Configuration - -What exactly is an <quote>actions</quote> file? + +What exactly is an <quote>actions</quote> file? &my-app; utilizes the concept of @@ -787,8 +811,8 @@ some of these actions. - -How are actions files configured? What is the easiest +<sect2 renderas="sect3" id="actconfig"> +<title>How are actions files configured? What is the easiest way to do this? @@ -821,15 +845,15 @@ the differences? Based on your feedback and the continuing development, updates of default.action will be made available from time to time on the files section of - our project page. + url="https://sourceforge.net/project/showfiles.php?group_id=11118">files section of + our project page. If you wish to receive an email notification whenever we release updates of Privoxy or the actions file, subscribe - to our announce mailing list, ijbswa-announce@lists.sourceforge.net. + url="https://lists.privoxy.org/mailman/listinfo/privoxy-announce">subscribe + to our announce mailing list, privoxy-announce@lists.privoxy.org. @@ -878,12 +902,10 @@ the differences? for them in the user.action file. An example for yahoo might look like: - # Allow all cookies for Yahoo login: # { -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only } .login.yahoo.com - These kinds of sites are often quite complex and heavy with Javascript and @@ -892,13 +914,11 @@ the differences? url="../user-manual/actions-file.html#ALIASES">alias just for such sticky situations: - # Gmail is a _fragile_ site: # { fragile } # Gmail is ... mail.google.com - Be sure to flush your browser's caches whenever making these kinds of changes, just to make sure the changes take. @@ -973,8 +993,8 @@ with a browser? Does that not raise security issues? - -What is the <filename>default.filter</filename> file? What is a <quote>filter</quote>? + +What is the <filename>default.filter</filename> file? What is a <quote>filter</quote>? The default.filter file is where filters as supplied by the developers are defined. @@ -1027,7 +1047,7 @@ with a browser? Does that not raise security issues? If you intend to develop your own filters, you might want to have a look at Privoxy-Filter-Test. + url="https://www.fabiankeil.de/sourcecode/pft/">Privoxy-Filter-Test. @@ -1049,10 +1069,8 @@ with a browser? Does that not raise security issues? should look like: - listen-address 192.168.1.1:8118 - Save the file, and restart Privoxy. Configure @@ -1064,10 +1082,8 @@ with a browser? Does that not raise security issues? all available interfaces: - listen-address :8118 - And then use Privoxy's @@ -1092,8 +1108,8 @@ with a browser? Does that not raise security issues? - -Instead of ads, now I get a checkerboard pattern. I don't want to see anything. + +Instead of ads, now I get a checkerboard pattern. I don't want to see anything. The replacement for blocked images can be controlled with the set-image-blocker @@ -1115,8 +1131,8 @@ with a browser? Does that not raise security issues? - -Why would anybody want to see a checkerboard pattern? + +Why would anybody want to see a checkerboard pattern? Remember that telling which image is an ad and which isn't, is an educated guess. While we hope that the standard configuration @@ -1130,8 +1146,8 @@ with a browser? Does that not raise security issues? - -I see some images being replaced with text +<sect2 renderas="sect3" id="blockedbytext"> +<title>I see some images being replaced with text instead of the checkerboard image. Why and how do I get rid of this? This happens when the banners are not embedded in the HTML code of the @@ -1163,14 +1179,14 @@ on Win2K/NT/XP? Windows service - functionality. See + functionality. See the User Manual for details on how to install and configure Privoxy as a service. Earlier ]]>3.x versions could run as a system service using srvany.exe. See the discussion at http://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118, + url="https://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118">https://sourceforge.net/tracker/?func=detail&atid=361118&aid=485617&group_id=11118, for details, and a sample configuration. @@ -1276,7 +1292,7 @@ and thus avoid individual browser configuration? For a good discussion of some of the issues involved (including privacy and security issues), see - http://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118. + https://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118. @@ -1296,7 +1312,8 @@ and thus avoid individual browser configuration? amount of guesswork. It is not realistic to catch all of these short of disabling Javascript, which would break many sites. And lastly, if the cookies are embedded in a HTTPS/SSL secure session via Javascript, they are beyond - Privoxy's reach. + Privoxy's reach unless you enable + https-inspection. All in all, &my-app; can help manage cookies in general, can help minimize @@ -1340,11 +1357,9 @@ and thus avoid individual browser configuration? To disable all cookie actions, so that cookies are allowed unrestricted, both in and out, for example.com: - { -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only -filter{content-cookies} } .example.com - Place the above in user.action. Note that some of these may be off by default anyway, so this might be redundant, but there is no harm @@ -1435,16 +1450,13 @@ and thus avoid individual browser configuration? can very easily over-ride all blocking with the following very simple rule in your user.action: - # Unblock everybody, everywhere { -block } / # UN-Block *all* URLs - Or even a more comprehensive reversing of various ad related actions: - # Unblock everybody, everywhere, and turn off appropriate filtering, etc { -block \ @@ -1453,7 +1465,6 @@ and thus avoid individual browser configuration? allow-popups \ } / # UN-Block *all* URLs and allow ads - This last action in this compound statement, allow-popups, is an during upgrades. You can, however, create completely new templates, place them in another directory and specify the alternate path in the main config. For details, have a look at the templdir option. + url="../user-manual/config.html#TEMPLDIR">templdir option. @@ -1494,10 +1505,8 @@ the BLOCKED page? available as compile-time options. You should configure the sources as follows: - ./configure --disable-toggle --disable-editor --disable-force - This will create an executable with hard-coded security features so that &my-app; does not allow easy bypassing of blocked sites, or changing the @@ -1520,8 +1529,8 @@ the BLOCKED page? Miscellaneous - -How much does Privoxy slow my browsing down? This +<sect2 renderas="sect3" id="slowsme"> +<title>How much does Privoxy slow my browsing down? This has to add extra time to browsing. How much of an impact depends on many things, including the CPU of the host @@ -1611,6 +1620,13 @@ delays in page requests. What's wrong? hence it could not be intercepted, and you have accessed the real web site at config.privoxy.org. + + Note that config.privoxy.org resolves to a public IP address. + If you use config.privoxy.org as ping or traceroute target you will + reach the system on the Internet (Privoxy can't intercept ICMP requests). + If you want to ping the system Privoxy runs on, + you should use its IP address or local DNS name (if it has got one). + @@ -1694,8 +1710,8 @@ us help you. Your efforts are not wasted, and we do appreciate them. - -Can Privoxy guarantee I am anonymous? + +Can Privoxy guarantee I am anonymous? No. Your chances of remaining anonymous are improved, but unless you chain Privoxy with Tor @@ -1738,8 +1754,8 @@ us help you. Your efforts are not wasted, and we do appreciate them. - -A test site says I am not using a Proxy. + +A test site says I am not using a Proxy. Good! Actually, they are probably testing for some other kinds of proxies. Hiding yourself completely would require additional steps. @@ -1791,23 +1807,26 @@ us help you. Your efforts are not wasted, and we do appreciate them. forwarding section and uncomment the line: - # forward-socks5t / 127.0.0.1:9050 . - + + + Note that if you got Tor through one of the bundles, you may + have to change the port from 9050 to 9150 (or even another one). + For details, please check the documentation on the + Tor website. + This is enough to reach the Internet, but additionally you might want to uncomment the following forward rules, to make sure your local network is still reachable through Privoxy: - # forward 192.168.*.*/ . # forward 10.*.*.*/ . # forward 127.*.*.*/ . - - + Unencrypted connections to systems in these address ranges will be as (un)secure as the local network is, but the alternative is @@ -1821,11 +1840,9 @@ us help you. Your efforts are not wasted, and we do appreciate them. network by using their names, you will need additional exceptions that look like this: - # forward localhost/ . - - + Save the modified configuration file and open http://config.privoxy.org/show-status @@ -1844,8 +1861,8 @@ us help you. Your efforts are not wasted, and we do appreciate them. - -Might some things break because header information or +<sect2 renderas="sect3" id="sitebreak"> +<title>Might some things break because header information or content is being altered? @@ -1894,8 +1911,8 @@ content is being altered? - -Can Privoxy act as a <quote>caching</quote> proxy to +<sect2 renderas="sect3" id="caching"> +<title>Can Privoxy act as a <quote>caching</quote> proxy to speed up web browsing? No, it does not have this ability at all. You want something like @@ -1909,8 +1926,8 @@ speed up web browsing? - -What about as a firewall? Can Privoxy protect me? + +What about as a firewall? Can Privoxy protect me? Not in the way you mean, or in the way some firewall vendors claim they can. Privoxy can help protect your privacy, but can't @@ -1919,8 +1936,8 @@ speed up web browsing? - -I have large empty spaces / a checkerboard pattern now where +<sect2 renderas="sect3" id="wasted"> +<title>I have large empty spaces / a checkerboard pattern now where ads used to be. Why? It is technically possible to eliminate banners and ads in a way that frees @@ -1948,12 +1965,20 @@ ads used to be. Why? - -How can Privoxy filter Secure (HTTPS) URLs? + +How can Privoxy filter Secure (HTTPS) URLs? - Since secure HTTP connections are encrypted SSL sessions between your browser - and the secure site, and are meant to be reliably secure, - there is little that Privoxy can do but hand the raw + If you enable + https-inspection + Privoxy will impersonate the destination + server and can thus filter encrypted requests and responses as well. + + + Without + https-inspection + secure HTTP connections are encrypted SSL sessions between your + browser and the secure site, and there is little + that Privoxy can do but hand the raw gibberish data though from one end to the other unprocessed. @@ -1980,8 +2005,23 @@ ads used to be. Why? - -Privoxy runs as a <quote>server</quote>. How +<sect2 renderas="sect3" id="http2"> +<title>Does Privoxy support HTTP/2? + + Privoxy currently doesn't parse HTTP/2 but applications + can tunnel HTTP/2 through Privoxy if Privoxy is configured + to allow CONNECT requests (default) which are also used + for HTTPS. + + + Adding HTTP/2 support is on the + TODO + list but currently nobody is known to work on it. + + + + +Privoxy runs as a <quote>server</quote>. How secure is it? Do I need to take any special precautions? On Unix-like systems, Privoxy can run as a non-privileged @@ -2052,7 +2092,7 @@ out of the picture? My logs show Privoxy <quote>crunches</quote> ads, but also its own internal CGI pages. What is a <quote>crunch</quote>? - A crunch simply means Privoxy intercepted + A crunch means Privoxy intercepted something, nothing more. Often this is indeed ads or banners, but Privoxy uses the same mechanism for trapping requests for its own internal pages. For instance, a request for @@ -2069,7 +2109,7 @@ ads, but also its own internal CGI pages. What is a crunch? -Can Privoxy effect files that I download +<title>Can Privoxy affect files that I download from a webserver? FTP server? From the webserver's perspective, there is no difference between @@ -2156,14 +2196,12 @@ altered it! Yikes, what is wrong! your hosts list is neglected by Privoxy's configuration, consider adding your list to your user.action file: - { +block } www.ad.example1.com ad.example2.com ads.galore.example.com etc.example.com - @@ -2222,11 +2260,11 @@ and related issues? Lately there have been reports of problems with some kind of - Privoxy versions that come preinstalled on some Netbooks. - Some of the problems described are inconsistent with the behaviour - of official Privoxy versions, which suggests that the preinstalled - software may contain vendor modifications that we don't know about - and thus can't debug. + "parental control" software based on Privoxy that came preinstalled on + certain ASUS Netbooks. + The problems described are inconsistent with the behaviour of official + Privoxy versions, which suggests that the preinstalled software may + contain vendor modifications that we don't know about and thus can't debug. Privoxy's license allows vendor @@ -2253,13 +2291,12 @@ and related issues? Troubleshooting - -I cannot connect to any websites. Or, I am getting +<sect2 renderas="sect3" id="refused"> +<title>I cannot connect to any websites. Or, I am getting <quote>connection refused</quote> message with every web page. Why? There are several possibilities: - Privoxy is not running. Solution: verify @@ -2279,7 +2316,6 @@ and related issues? try disabling or removing the firewall as a simple test. - @@ -2295,8 +2331,8 @@ and related issues? - -I just added a new rule, but the steenkin ad is +<sect2 renderas="sect3" id="flushit"> +<title>I just added a new rule, but the steenkin ad is still getting through. How? If the ad had been displayed before you added its URL, it will probably be @@ -2332,7 +2368,6 @@ still getting through. How? our job a little easier. &my-app; has crunched (meaning caught and BLOCKED) quite a few items in this example, but perhaps missed a few as well. - - Despite 12 out of 32 requests being blocked, the page looked, and seemed to behave perfectly normal (minus some ads, of course). @@ -2378,8 +2412,8 @@ Request: 66.70.21.80/scripts/click.php?hid=a71b9f6504b0c5681fa5&si=Ua - -One of my favorite sites does not work with Privoxy. +<sect2 renderas="sect3" id="badsite"> +<title>One of my favorite sites does not work with Privoxy. What can I do? @@ -2449,7 +2483,7 @@ What can I do? every time I start IE. What gives? - This is a quirk that effects the installation of + This is a quirk that affects the installation of Privoxy, in conjunction with Internet Explorer and Internet Connection Sharing on Windows 2000 and Windows XP. The symptoms may appear to be corrupted or invalid DUN settings, or passwords. @@ -2595,37 +2629,6 @@ every time I start IE. What gives? - - - -I get a completely blank page at one site. <quote>View Source</quote> - shows only: <markup><![CDATA[<html><body></body></html>]]></markup>. Without - Privoxy the page loads fine. - - Chances are that the site suffers from a bug in - PHP, - which results in empty pages being sent if the client explicitly requests - an uncompressed page, like Privoxy does. - This bug has been fixed in PHP 4.2.3. - - - To find out if this is in fact the source of the problem, try adding - the site to a -prevent-compression section in - user.action: - - - # Make exceptions for ill-behaved sites: - # - {-prevent-compression} - .example.com - - If that works, you may also want to report the problem to the - site's webmasters, telling them to use zlib.output_compression - instead of ob_gzhandler in their PHP applications (workaround) - or upgrade to PHP 4.2.3 or later (fix). - - - My logs show many <quote>Unable to get my own hostname</quote> lines. Why? @@ -2691,7 +2694,7 @@ Why? Upgrading Privoxy, or going to the most recent default.action file available from SourceForge + url="https://sourceforge.net/project/showfiles.php?group_id=11118">SourceForge might be worth a try, too. @@ -2861,14 +2864,12 @@ browsing has slowed to a crawl. What gives? To do that, enable logging to figure out which requests get blocked by &my-app; and add the hosts (no path patterns) to a section like this: - - Additionally you have to configure your browser to contact 127.0.0.1:0 directly (instead of through &my-app;). @@ -2929,6 +2930,104 @@ browsing has slowed to a crawl. What gives? + +What are tainted sockets and how do I prevent them? + + &my-app; marks sockets as tainted when it can't use them to + serve additional requests. + This does not necessarily mean that something went wrong and + information about tainted sockets is only logged if connection + debugging is enabled (debug 2). + + + For example server sockets that were used for CONNECT requests + (which are used to tunnel https:// requests) are considered tainted + once the client closed its connection to &my-app;. + Technically &my-app; could keep the connection to the server open, + but the server would not accept requests that do not belong to the + previous TLS/SSL session (and the client may even have terminated + the session). + + + Server sockets are also marked tainted when a client requests a + resource, but closes the connection before &my-app; has completely + received (and forwarded) the resource to the client. + In this case the server would (probably) accept additional requests, + but &my-app; could not get the response without completely reading + the leftovers from the previous response. + + + These are just two examples, there are currently a bit more than + 25 scenarios in which a socket is considered tainted. + + + While sockets can also be marked tainted as a result of a technical + problem that may be worth fixing, the problem will be explicitly + logged as error. + + + + +After adding my custom filters, &my-app; crashes when visitting certain websites + + This can happen if your custom filters require more memory than &my-app; + is allowed to use. + Usually the problem is that the operating system enforces a stack size limit + that isn't sufficient. + + + Unless the problem occurs with the filters available in the default configuration, + this is not considered a Privoxy bug. + + + To prevent the crashes you can rewrite your filter to use less resources, + increase the relevant memory limit or recompile pcre to use less stack space. + For details please see the + pcrestack man page + and the documentation of your operating system. + + + + +What to do if editing the config file of privoxy is access denied? + + Your userid probably isn't allowed to edit the file. + + On Windows you can use the windows equivalent of sudo: + + runas /user:administrator "notepad \privoxy\config.txt" + + + or fix the file permissions: + +C:\Privoxy>icacls config.txt +config.txt BUILTIN\Administrators:(I)(F) + NT AUTHORITY\SYSTEM:(I)(F) + BUILTIN\Users:(I)(RX) + NT AUTHORITY\Authenticated Users:(I)(M) + +Successfully processed 1 files; Failed processing 0 files + +C:\Privoxy>icacls config.txt /grant Lee:F +processed file: config.txt +Successfully processed 1 files; Failed processing 0 files + +C:\Privoxy>icacls config.txt +config.txt I3668\Lee:(F) + BUILTIN\Administrators:(I)(F) + NT AUTHORITY\SYSTEM:(I)(F) + BUILTIN\Users:(I)(RX) + NT AUTHORITY\Authenticated Users:(I)(M) + +Successfully processed 1 files; Failed processing 0 files + +C:\Privoxy> + + + or try to point-n-click your way through adjusting the file + permissions in windows explorer. + + @@ -2985,10 +3084,7 @@ browsing has slowed to a crawl. What gives? --> -