How much of an impact depends on many things, including the CPU of
- the host system, how aggressive the configuration is, which specific
- actions are being triggered, the size of the page, the bandwidth of the
- connection, etc.
-
-
Overall, it should not slow you down any in real terms, and may
- actually help speed things up since ads, banners and other junk are not
- typically being retrieved and displayed. The actual processing time
- required by Privoxy itself for each
- page, is relatively small in the overall scheme of things, and happens
- very quickly. This is typically more than offset by time saved not
- downloading and rendering ad images and other junk content (if ad
- blocking is being used).
-
-
"Filtering" content via the filter or deanimate-gifs actions may cause a perceived slowdown,
- since the entire document needs to be buffered before displaying. And
- on very large documents, filtering may have some measurable impact. How
- much depends on the page size, the actual definition of the filter(s),
- etc. See below. Most other actions have little to no impact on
- speed.
-
-
Also, when filtering is enabled but zlib support isn't available,
- compression is often disabled (see prevent-compression). This can have an impact on speed as
- well, although it's probably smaller than you might think. Again, the
- page size, etc. will determine how much of an impact.
If you use any filter
- action, such as filtering banners by size, web-bugs etc, or the
- deanimate-gifs action, the entire document must be
- loaded into memory in order for the filtering mechanism to work, and
- nothing is sent to the browser during this time.
-
-
The loading time typically does not really change much in real
- numbers, but the feeling is different, because most browsers are able
- to start rendering incomplete content, giving the user a feeling of "it
- works". This effect is more noticeable on slower dialup connections.
- Extremely large documents may have some impact on the time to load the
- page where there is filtering being done. But overall, the difference
- should be very minimal. If there is a big impact, then probably some
- other situation is contributing (like anti-virus software).
-
-
Filtering is automatically disabled for inappropriate MIME types.
- But note that if the web server mis-reports the MIME type, then content
- that should not be filtered, could be. Privoxy only knows how to differentiate filterable
- content because of the MIME type as reported by the server, or because
- of some configuration setting that enables/disables filtering.
Since Privoxy sits between your web
- browser and the Internet, it can simply intercept requests for these
- addresses and answer them with its built-in "web
- server".
-
-
This also makes for a good test for your browser configuration: If
- entering the URL http://config.privoxy.org/ takes you to a page saying
- "This is Privoxy ...", everything is OK. If
- you get a page saying "Privoxy is not
- working" instead, then your browser didn't use Privoxy for the request, hence it could not be
- intercepted, and you have accessed the real web site at config.privoxy.org.
Whether such submissions are eventually included in the default.action configuration file depends on how
- significant the issue is. We of course want to address any potential
- problem with major, high-profile sites such as Google, Yahoo, etc. Any site
- with global or regional reach, has a good chance of being a candidate.
- But at the other end of the spectrum are any number of smaller,
- low-profile sites such as for local clubs or schools. Since their reach
- and impact are much less, they are best handled by inclusion in the
- user's user.action, and thus would be
- unlikely to be included.
Rest assured that it has been read and considered. Why it is not
- answered, could be for various reasons, including no one has a good
- answer for it, no one has had time to yet investigate it thoroughly, it
- has been reported numerous times already, or because not enough
- information was provided to help us help you. Your efforts are not
- wasted, and we do appreciate them.
If you run both the browser and Privoxy locally, you cannot hide your IP address
- with Privoxy or ultimately any other
- software alone. The server needs to know your IP address so that it
- knows where to send the responses back.
-
-
There are many publicly usable "anonymous" proxies out there, which
- provide a further level of indirection between you and the web
- server.
-
-
However, these proxies are called "anonymous" because you don't need
- to authenticate, not because they would offer any real anonymity. Most
- of them will log your IP address and make it available to the
- authorities in case you violate the law of the country they run in. In
- fact you can't even rule out that some of them only exist to *collect*
- information on (those suspicious) people with a more than average
- preference for privacy.
-
-
If you want to hide your IP address from most adversaries, you
- should consider chaining Privoxy with
- Tor. The
- configuration details can be found in How
- do I use Privoxy together with
- Tor section just below.
No. Your chances of remaining anonymous are improved, but unless you
- chain Privoxy with Tor or a similar proxy and know what you're
- doing when it comes to configuring the rest of your system, you should
- assume that everything you do on the Web can be traced back to you.
-
-
Privoxy can remove various
- information about you, and allows you more freedom to decide which sites you can
- trust, and what details you want to reveal. But it neither hides your
- IP address, nor can it guarantee that the rest of the system behaves
- correctly. There are several possibilities how a web sites can find out
- who you are, even if you are using a strict Privoxy configuration and chained it with
- Tor.
-
-
Most of Privoxy's privacy-enhancing
- features can be easily subverted by an insecure browser configuration,
- therefore you should use a browser that can be configured to only
- execute code from trusted sites, and be careful which sites you trust.
- For example there is no point in having Privoxy modify the User-Agent header, if websites
- can get all the information they want through JavaScript, ActiveX,
- Flash, Java etc.
-
-
A few browsers disclose the user's email address in certain
- situations, such as when transferring a file by FTP. Privoxy does not filter FTP. If you need this
- feature, or are concerned about the mail handler of your browser
- disclosing your email address, you might consider products such as
- NSClean.
-
-
Browsers available only as binaries could use non-standard headers
- to give out any information they can have access to: see the
- manufacturer's license agreement. It's impossible to anticipate and
- prevent every breach of privacy that might occur. The professionally
- paranoid prefer browsers available as source code, because anticipating
- their behavior is easier. Trust the source, Luke!
Before you configure Privoxy to use
- Tor, please
- follow the User Manual chapters 2. Installation
- and 5. Startup
- to make sure Privoxy itself is setup
- correctly.
-
-
If it is, refer to Tor's
- extensive documentation to learn how to install Tor, and make sure Tor's logfile says that "Tor
- has successfully opened a circuit" and it "looks like client functionality is working".
-
-
If either Tor or Privoxy isn't working, their combination most
- likely will neither. Testing them on their own will also help you to
- direct problem reports to the right audience. If Privoxy isn't working, don't bother the
- Tor developers. If Tor isn't working, don't send bug reports to the
- Privoxy Team.
-
-
If you verified that Privoxy and
- Tor are working, it is time to connect
- them. As far as Privoxy is concerned,
- Tor is just another proxy that can be
- reached by socks4, socks4a and socks5. Most likely you are interested
- in Tor to increase your anonymity
- level, therefore you should use socks5, to make sure DNS requests are
- done through Tor and thus invisible to
- your local network. Using socks4a would work too, but with socks5 you
- get more precise error messages.
-
-
Privoxy'smain configuration file
- is already prepared for Tor, if you
- are using a default Tor configuration
- and run it on the same system as Privoxy, you just have to edit the forwarding
- section and uncomment the line:
-
-
-
-
-
-# forward-socks5t / 127.0.0.1:9050 .
-
-
-
-
-
-
-
Note that if you got Tor through one of the bundles, you may have to
- change the port from 9050 to 9150 (or even another one). For details,
- please check the documentation on the Tor website.
-
-
This is enough to reach the Internet, but additionally you might
- want to uncomment the following forward rules, to make sure your local
- network is still reachable through Privoxy:
How much of an impact depends on many things, including the CPU of the host
+ system, how aggressive the configuration is, which specific actions are being triggered,
+ the size of the page, the bandwidth of the connection, etc.
Overall, it should not slow you down any in real terms, and may actually help
+ speed things up since ads, banners and other junk are not typically being
+ retrieved and displayed. The actual processing time required by
+ Privoxy itself for each page, is relatively small
+ in the overall scheme of things, and happens very quickly. This is typically
+ more than offset by time saved not downloading and rendering ad images and
+ other junk content (if ad blocking is being used).
"Filtering" content via the filter or
+ deanimate-gifs
+ actions may cause a perceived slowdown, since the entire document
+ needs to be buffered before displaying. And on very large documents,
+ filtering may have some measurable impact. How much depends on the page size,
+ the actual definition of the filter(s), etc. See below. Most other actions
+ have little to no impact on speed.
Also, when filtering is enabled but zlib support isn't available, compression
+ is often disabled (see prevent-compression).
+ This can have an impact on speed as well, although it's probably smaller than
+ you might think. Again, the page size, etc. will determine how much of an impact.
If you use any filter action,
+ such as filtering banners by size, web-bugs etc, or the deanimate-gifs
+ action, the entire document must be loaded into memory in order for the filtering
+ mechanism to work, and nothing is sent to the browser during this time.
The loading time typically does not really change much in real numbers, but
+ the feeling is different, because most browsers are able to start rendering
+ incomplete content, giving the user a feeling of "it works". This effect is
+ more noticeable on slower dialup connections. Extremely large documents
+ may have some impact on the time to load the page where there is filtering
+ being done. But overall, the difference should be very minimal. If there is a
+ big impact, then probably some other situation is contributing (like
+ anti-virus software).
+
Filtering is automatically disabled for inappropriate MIME types. But note
+ that if the web server mis-reports the MIME type, then content that should
+ not be filtered, could be. Privoxy only knows how
+ to differentiate filterable content because of the MIME type as reported by
+ the server, or because of some configuration setting that enables/disables
+ filtering.
Since Privoxy sits between your web browser and the Internet,
+ it can simply intercept requests for these addresses and answer them with its built-in
+ "web server".
This also makes for a good test for your browser configuration: If entering the
+ URL http://config.privoxy.org/
+ takes you to a page saying "This is Privoxy ...", everything is OK.
+ If you get a page saying "Privoxy is not working" instead, then
+ your browser didn't use Privoxy for the request,
+ hence it could not be intercepted, and you have accessed the real
+ web site at config.privoxy.org.
Note that config.privoxy.org resolves to a public IP address.
+ If you use config.privoxy.org as ping or traceroute target you will
+ reach the system on the Internet (Privoxy can't intercept ICMP requests).
+ If you want to ping the system Privoxy runs on,
+ you should use its IP address or local DNS name (if it has got one).
Whether such submissions are eventually included in the
+ default.action configuration file depends on how
+ significant the issue is. We of course want to address any potential
+ problem with major, high-profile sites such as Google,
+ Yahoo, etc. Any site with global or regional reach,
+ has a good chance of being a candidate. But at the other end of the spectrum
+ are any number of smaller, low-profile sites such as for local clubs or
+ schools. Since their reach and impact are much less, they are best handled by
+ inclusion in the user's user.action, and thus would be
+ unlikely to be included.
Rest assured that it has been read and considered. Why it is not answered,
+could be for various reasons, including no one has a good answer for it, no
+one has had time to yet investigate it thoroughly, it has been reported
+numerous times already, or because not enough information was provided to help
+us help you. Your efforts are not wasted, and we do appreciate them.
If you run both the browser and Privoxy locally, you cannot hide your IP
+ address with Privoxy or ultimately any other
+ software alone. The server needs to know your IP address so that it knows
+ where to send the responses back.
There are many publicly usable "anonymous" proxies out there, which
+ provide a further level of indirection between you and the web server.
However, these proxies are called "anonymous" because you don't need
+ to authenticate, not because they would offer any real anonymity.
+ Most of them will log your IP address and make it available to the
+ authorities in case you violate the law of the country they run in. In fact
+ you can't even rule out that some of them only exist to *collect* information
+ on (those suspicious) people with a more than average preference for privacy.
If you want to hide your IP address from most adversaries,
+ you should consider chaining Privoxy
+ with Tor.
+ The configuration details can be found in
+ How do I use Privoxy together
+ with Tor section
+ just below.
No. Your chances of remaining anonymous are improved, but unless you
+ chain Privoxy with Tor
+ or a similar proxy and know what you're doing when it comes to configuring
+ the rest of your system, you should assume that everything you do
+ on the Web can be traced back to you.
Privoxy can remove various information about you,
+ and allows you more freedom to decide which sites
+ you can trust, and what details you want to reveal. But it neither
+ hides your IP address, nor can it guarantee that the rest of the system
+ behaves correctly. There are several possibilities how a web sites can find
+ out who you are, even if you are using a strict Privoxy
+ configuration and chained it with Tor.
Most of Privoxy's privacy-enhancing features can be easily subverted
+ by an insecure browser configuration, therefore you should use a browser that can
+ be configured to only execute code from trusted sites, and be careful which sites you trust.
+ For example there is no point in having Privoxy
+ modify the User-Agent header, if websites can get all the information they want
+ through JavaScript, ActiveX, Flash, Java etc.
A few browsers disclose the user's email address in certain situations, such
+ as when transferring a file by FTP. Privoxy
+ does not filter FTP. If you need this feature, or are concerned about the
+ mail handler of your browser disclosing your email address, you might
+ consider products such as NSClean.
Browsers available only as binaries could use non-standard headers to give
+ out any information they can have access to: see the manufacturer's license
+ agreement. It's impossible to anticipate and prevent every breach of privacy
+ that might occur. The professionally paranoid prefer browsers available as
+ source code, because anticipating their behavior is easier. Trust the source,
+ Luke!
Before you configure Privoxy to use
+ Tor,
+ please follow the User Manual chapters
+ 2. Installation and
+ 5. Startup to make sure
+ Privoxy itself is setup correctly.
If it is, refer to Tor's
+ extensive documentation to learn how to install Tor,
+ and make sure Tor's logfile says that
+ "Tor has successfully opened a circuit" and it
+ "looks like client functionality is working".
If either Tor or Privoxy
+ isn't working, their combination most likely will neither. Testing them on their
+ own will also help you to direct problem reports to the right audience.
+ If Privoxy isn't working, don't bother the
+ Tor developers. If Tor
+ isn't working, don't send bug reports to the Privoxy Team.
If you verified that Privoxy and Tor
+ are working, it is time to connect them. As far as Privoxy
+ is concerned, Tor is just another proxy that can be reached
+ by socks4, socks4a and socks5. Most likely you are interested in Tor
+ to increase your anonymity level, therefore you should use socks5, to make sure DNS
+ requests are done through Tor and thus invisible to your
+ local network. Using socks4a would work too, but with socks5 you get more precise error
+ messages.
Privoxy's
+ main configuration file
+ is already prepared for Tor, if you are using a
+ default Tor configuration and run it on the same
+ system as Privoxy, you just have to edit the
+ forwarding section
+ and uncomment the line:
# forward-socks5t / 127.0.0.1:9050 .
+
Note that if you got Tor through one of the bundles, you may
+ have to change the port from 9050 to 9150 (or even another one).
+ For details, please check the documentation on the
+ Tor website.
This is enough to reach the Internet, but additionally you might want to
+ uncomment the following forward rules, to make sure your local network is still
+ reachable through Privoxy:
Unencrypted connections to systems in these address ranges will be
- as (un)secure as the local network is, but the alternative is that your
- browser can't reach the network at all. Then again, that may actually
- be desired and if you don't know for sure that your browser has to be
- able to reach the local network, there's no reason to allow it.
-
-
If you want your browser to be able to reach servers in your local
- network by using their names, you will need additional exceptions that
- look like this:
-
-
-
-
-
-# forward localhost/ .
-
-
-
-
-
-
-
Save the modified configuration file and open http://config.privoxy.org/show-status in your browser,
- confirm that Privoxy has reloaded its
- configuration and that there are no other forward lines, unless you
- know that you need them. If everything looks good, refer to Tor Faq 4.2 to learn how to verify that you are
- really using Tor.
-
-
Afterward, please take the time to at least skim through the rest of
- Tor's documentation. Make sure you
- understand what Tor does, why it is no
- replacement for application level security, and why you probably don't
- want to use it for unencrypted logins.
Definitely. It is common for sites to use browser type, browser
- version, HTTP header content, and various other techniques in order to
- dynamically decide what to display and how to display it. What you see,
- and what I see, might be very different. There are many, many ways that
- this can be handled, so having hard and fast rules, is tricky.
-
-
The "User-Agent" is sometimes used in
- this way to identify the browser, and adjust content accordingly.
-
-
Also, different browsers use different encodings of non-English
- characters, certain web servers convert pages on-the-fly according to
- the User Agent header. Giving a "User Agent"
- with the wrong operating system or browser manufacturer causes some
- sites in these languages to be garbled; Surfers to Eastern European
- sites should change it to something closer. And then some page access
- counters work by looking at the "Referer"
- header; they may fail or break if unavailable. The weather maps of
- Intellicast have been blocked by their server when no "Referer" or cookie is provided, is another example.
- (But you can forge both headers without giving information away). There
- are many other ways things can go wrong when trying to fool a web
- server. The results of which could inadvertently cause pages to load
- incorrectly, partially, or even not at all. And there may be no obvious
- clues as to just what went wrong, or why. Nowhere will there be a
- message that says "Turn off fast-redirects or
- else! "
-
-
Similar thoughts apply to modifying JavaScript, and, to a lesser
- degree, HTML elements.
-
-
If you have problems with a site, you will have to adjust your
- configuration accordingly. Cookies are probably the most likely
- adjustment that may be required, but by no means the only one.
No, it does not have this ability at all. You want something like
- Squid or
- Polipo for this. And, yes, before you ask, Privoxy can co-exist with other kinds of proxies
- like Squid. See the forwarding
- chapter in the user manual for details.
Not in the way you mean, or in the way some firewall vendors claim
- they can. Privoxy can help protect
- your privacy, but can't protect your system from intrusion attempts. It
- is, of course, perfectly possible to use both.
It is technically possible to eliminate banners and ads in a way
- that frees their allocated page space. This could easily be done by
- blocking with Privoxy's filters, and
- eliminating the entire image references from the HTML page
- source.
-
-
But, this would consume considerably more CPU resources (IOW, slow
- things down), would likely destroy the layout of some web pages which
- rely on the banners utilizing a certain amount of page space, and might
- fail in other cases, where the screen space is reserved (e.g. by HTML
- tables for instance). Also, making ads and banners disappear without
- any trace complicates troubleshooting, and would sooner or later be
- problematic.
-
-
The better alternative is to instead let them stay, and block the
- resulting requests for the banners themselves as is now the case. This
- leaves either empty space, or the familiar checkerboard pattern.
-
-
So the developers won't support this in the default configuration,
- but you can of course define appropriate filters yourself to achieve
- this.
Since secure HTTP connections are encrypted SSL sessions between
- your browser and the secure site, and are meant to be reliably
- secure, there is
- little that Privoxy can do but hand
- the raw gibberish data though from one end to the other
- unprocessed.
-
-
The only exception to this is blocking by host patterns, as the
- client needs to tell Privoxy the name
- of the remote server, so that Privoxy
- can establish the connection. If that name matches a host-only pattern,
- the connection will be blocked.
-
-
As far as ad blocking is concerned, this is less of a restriction
- than it may seem, since ad sources are often identifiable by the host
- name, and often the banners to be placed in an encrypted page come
- unencrypted nonetheless for efficiency reasons, which exposes them to
- the full power of Privoxy's ad
- blocking.
-
-
"Content cookies" (those that are
- embedded in the actual HTML or JS page content, see filter{content-cookies}), in an SSL transaction will be
- impossible to block under these conditions. Fortunately, this does not
- seem to be a very common scenario since most cookies come by
- traditional means.
On Unix-like systems, Privoxy can
- run as a non-privileged user, which is how we recommend it be run.
- Also, by default Privoxy listens to
- requests from "localhost" only.
-
-
The server aspect of Privoxy is not
- itself directly exposed to the Internet in this configuration. If you
- want to have Privoxy serve as a LAN
- proxy, this will have to be opened up to allow for LAN requests. In
- this case, we'd recommend you specify only the LAN gateway address,
- e.g. 192.168.1.1, in the main Privoxy
- configuration file and check all access
- control and security options. All LAN hosts can then use this as
- their proxy address in the browser proxy configuration, but
- Privoxy will not listen on any
- external interfaces. ACLs can be defined in addition, and using a
- firewall is always good too. Better safe than sorry.
See the Bookmarklets section of the User
- Manual for an easy way to access this feature. Note that this is a
- feature that may need to be enabled in the main config file.
No, this just means all optional filtering and actions are disabled.
- Privoxy is still acting as a proxy,
- but just doing less of the things that Privoxy would normally be expected to do. It is
- still a "middle-man" in the interaction
- between your browser and web sites. See below to bypass the proxy.
Bypassing a proxy, or proxying based on arbitrary criteria, is
- purely a browser configuration issue, not a Privoxy issue. Modern browsers typically do have
- settings for not proxying certain sites. Check your browser's help
- files.
A "crunch" simply means Privoxy intercepted something, nothing more.
- Often this is indeed ads or banners, but Privoxy uses the same mechanism for trapping
- requests for its own internal pages. For instance, a request for
- Privoxy's configuration page at:
- http://config.privoxy.org, is intercepted (i.e. it does not
- go out to the 'net), and the familiar CGI configuration is returned to
- the browser, and the log consequently will show a "crunch".
-
-
Since version 3.0.7, Privoxy will also log the crunch reason. If you
- are using an older version you might want to upgrade.
From the webserver's perspective, there is no difference between
- viewing a document (i.e. a page), and downloading a file. The same is
- true of Privoxy. If there is a match
- for a block
- pattern, it will still be blocked, and of course this is obvious.
-
-
Filtering is potentially more of a concern since the results are not
- always so obvious, and the effects of filtering are there whether the
- file is simply viewed, or downloaded. And potentially whether the
- content is some obnoxious advertisement, or Mr. Jimmy's latest/greatest
- source code jewel. Of course, one of these presumably is "bad" content that we don't want, and the other is
- "good" content that we do want. Privoxy is blind to the differences, and can only
- distinguish "good from bad" by the
- configuration parameters we give it.
-
-
Privoxy knows the differences in
- files according to the "Content Type" as
- reported by the webserver. If this is reported accurately (e.g.
- "application/zip" for a zip archive), then
- Privoxy knows to ignore these where
- appropriate. Privoxy potentially can
- filter HTML as well as plain text documents, subject to configuration
- parameters of course. Also, documents that are of an unknown type
- (generally assumed to be "text/plain") can
- be filtered, as will those that might be incorrectly reported by the
- webserver. If such a file is a downloaded file that is intended to be
- saved to disk, then any content that might have been altered by
- filtering, will be saved too, for these (probably rare) cases.
-
-
Note that versions later than 3.0.2 do NOT filter document types
- reported as "text/plain". Prior to this,
- Privoxy did filter this document
- type.
-
-
In short, filtering is "ON" if a) the
- content type as reported by the webserver is appropriate and b) the configuration
- allows it (or at least does not disallow it). That's it. There is no
- magic cookie anywhere to say this is "good"
- and this is "bad". It's the configuration
- that lets it all happen or not.
-
-
If you download text files, you probably do not want these to be
- filtered, particularly if the content is source code, or other critical
- content. Source code sometimes might be mistaken for Javascript (i.e.
- the kind that might open a pop-up window). It is recommended to turn
- off filtering for download sites (particularly if the content may be
- plain text files and you are using version 3.0.2 or earlier) in your
- user.action file. And also, for any site or
- page where making any changes at all to the content is to be
- avoided.
-
-
Privoxy does not do FTP at all,
- only HTTP and HTTPS (SSL) protocols.
One time-tested technique to defeat common ads is to trick the local
- DNS system by giving a phony IP address for the ad generator in the
- local HOSTS file, typically using 127.0.0.1, aka localhost. This
- effectively blocks the ad.
-
-
There is no reason to use this technique in conjunction with
- Privoxy. Privoxy does essentially the same thing, much more
- elegantly and with much more flexibility. A large HOSTS file, in fact, not only duplicates effort, but
- may get in the way and seriously slow down your system. It is
- recommended to remove such entries from your HOSTS file. If you think your hosts list is neglected
- by Privoxy's configuration, consider
- adding your list to your user.action
- file:
-
-
-
-
-
- { +block }
+
Unencrypted connections to systems in these address ranges will
+ be as (un)secure as the local network is, but the alternative is
+ that your browser can't reach the network at all. Then again,
+ that may actually be desired and if you don't know for sure
+ that your browser has to be able to reach the local network,
+ there's no reason to allow it.
If you want your browser to be able to reach servers in your local
+ network by using their names, you will need additional exceptions
+ that look like this:
# forward localhost/ .
+
Save the modified configuration file and open
+ http://config.privoxy.org/show-status
+ in your browser, confirm that Privoxy has reloaded its configuration
+ and that there are no other forward lines, unless you know that you need them. If everything looks good,
+ refer to
+ Tor
+ Faq 4.2 to learn how to verify that you are really using Tor.
Afterward, please take the time to at least skim through the rest
+ of Tor's documentation. Make sure you understand
+ what Tor does, why it is no replacement for
+ application level security, and why you probably don't want to
+ use it for unencrypted logins.
Definitely. It is common for sites to use browser type, browser version,
+ HTTP header content, and various other techniques in order to dynamically
+ decide what to display and how to display it. What you see, and what I see,
+ might be very different. There are many, many ways that this can be handled,
+ so having hard and fast rules, is tricky.
The "User-Agent" is sometimes used in this way to identify
+ the browser, and adjust content accordingly.
Also, different browsers use different encodings of non-English
+ characters, certain web servers convert pages on-the-fly according to the
+ User Agent header. Giving a "User Agent" with the wrong
+ operating system or browser manufacturer causes some sites in these languages
+ to be garbled; Surfers to Eastern European sites should change it to
+ something closer. And then some page access counters work by looking at the
+ "Referer" header; they may fail or break if unavailable. The
+ weather maps of Intellicast have been blocked by their server when no
+ "Referer" or cookie is provided, is another example. (But you
+ can forge both headers without giving information away). There are
+ many other ways things can go wrong when trying to fool a web server. The
+ results of which could inadvertently cause pages to load incorrectly,
+ partially, or even not at all. And there may be no obvious clues as to just
+ what went wrong, or why. Nowhere will there be a message that says
+ "Turn off fast-redirects or else!
+ "
Similar thoughts apply to modifying JavaScript, and, to a lesser degree,
+ HTML elements.
If you have problems with a site, you will have to adjust your configuration
+ accordingly. Cookies are probably the most likely adjustment that may
+ be required, but by no means the only one.
No, it does not have this ability at all. You want something like
+ Squid or
+ Polipo for this.
+ And, yes, before you ask, Privoxy can co-exist
+ with other kinds of proxies like Squid.
+ See the forwarding
+ chapter in the user
+ manual for details.
Not in the way you mean, or in the way some firewall vendors claim they can.
+ Privoxy can help protect your privacy, but can't
+ protect your system from intrusion attempts. It is, of course, perfectly possible
+ to use both.
It is technically possible to eliminate banners and ads in a way that frees
+ their allocated page space. This could easily be done by blocking with
+ Privoxy's filters,
+ and eliminating the entire image references from the
+ HTML page source.
But, this would consume considerably more CPU resources (IOW, slow things
+ down), would likely destroy the layout of some web pages which rely on the
+ banners utilizing a certain amount of page space, and might fail in other
+ cases, where the screen space is reserved (e.g. by HTML tables for instance).
+ Also, making ads and banners disappear without any trace complicates
+ troubleshooting, and would sooner or later be problematic.
The better alternative is to instead let them stay, and block the resulting
+ requests for the banners themselves as is now the case. This leaves either
+ empty space, or the familiar checkerboard pattern.
So the developers won't support this in the default configuration, but you
+ can of course define appropriate filters yourself to achieve this.
Since secure HTTP connections are encrypted SSL sessions between your browser
+ and the secure site, and are meant to be reliably secure,
+ there is little that Privoxy can do but hand the raw
+ gibberish data though from one end to the other unprocessed.
The only exception to this is blocking by host patterns, as the client needs
+ to tell Privoxy the name of the remote server,
+ so that Privoxy can establish the connection.
+ If that name matches a host-only pattern, the connection will be blocked.
As far as ad blocking is concerned, this is less of a restriction than it may
+ seem, since ad sources are often identifiable by the host name, and often
+ the banners to be placed in an encrypted page come unencrypted nonetheless
+ for efficiency reasons, which exposes them to the full power of
+ Privoxy's ad blocking.
"Content cookies" (those that are embedded in the actual HTML or
+ JS page content, see filter{content-cookies}),
+ in an SSL transaction will be impossible to block under these conditions.
+ Fortunately, this does not seem to be a very common scenario since most
+ cookies come by traditional means.
Privoxy currently doesn't parse HTTP/2 but applications
+ can tunnel HTTP/2 through Privoxy if Privoxy is configured
+ to allow CONNECT requests (default) which are also used
+ for HTTPS.
Adding HTTP/2 support is on the TODO list but currently
+ nobody is known to work on it.
On Unix-like systems, Privoxy can run as a non-privileged
+ user, which is how we recommend it be run. Also, by default
+ Privoxy listens to requests from "localhost"
+ only.
The server aspect of Privoxy is not itself directly
+ exposed to the Internet in this configuration. If you want to have
+ Privoxy serve as a LAN proxy, this will have to
+ be opened up to allow for LAN requests. In this case, we'd recommend
+ you specify only the LAN gateway address, e.g. 192.168.1.1, in the main
+ Privoxy configuration file and check all access control and security
+ options. All LAN hosts can then use this as their proxy address
+ in the browser proxy configuration, but Privoxy
+ will not listen on any external interfaces. ACLs can be defined in addition,
+ and using a firewall is always good too. Better safe than sorry.
See the Bookmarklets section
+ of the User Manual for an easy way to access this
+ feature. Note that this is a feature that may need to be enabled in the main
+ config file.
No, this just means all optional filtering and actions are disabled.
+ Privoxy is still acting as a proxy, but just
+ doing less of the things that Privoxy would
+ normally be expected to do. It is still a "middle-man" in
+ the interaction between your browser and web sites. See below to bypass
+ the proxy.
Bypassing a proxy, or proxying based on arbitrary criteria, is purely a browser
+ configuration issue, not a Privoxy issue. Modern browsers typically do have
+ settings for not proxying certain sites. Check your browser's help files.
A "crunch" means Privoxy intercepted
+ something, nothing more. Often this is indeed ads or
+ banners, but Privoxy uses the same mechanism for
+ trapping requests for its own internal pages. For instance, a request for
+ Privoxy's configuration page at: http://config.privoxy.org, is
+ intercepted (i.e. it does not go out to the 'net), and the familiar CGI
+ configuration is returned to the browser, and the log consequently will show
+ a "crunch".
Since version 3.0.7, Privoxy will also log the crunch reason.
+ If you are using an older version you might want to upgrade.
From the webserver's perspective, there is no difference between
+ viewing a document (i.e. a page), and downloading a file. The same is true of
+ Privoxy. If there is a match for a block pattern,
+ it will still be blocked, and of course this is obvious.
+
Filtering is potentially more of a concern since the results are not always
+ so obvious, and the effects of filtering are there whether the file is simply
+ viewed, or downloaded. And potentially whether the content is some obnoxious
+ advertisement, or Mr. Jimmy's latest/greatest source code jewel. Of course,
+ one of these presumably is "bad" content that we don't want, and
+ the other is "good" content that we do want.
+ Privoxy is blind to the differences, and can only
+ distinguish "good from bad" by the configuration parameters
+ we give it.
Privoxy knows the differences in files according
+ to the "Content Type" as reported by the webserver. If this is
+ reported accurately (e.g. "application/zip" for a zip archive),
+ then Privoxy knows to ignore these where
+ appropriate. Privoxy potentially can filter HTML
+ as well as plain text documents, subject to configuration parameters of
+ course. Also, documents that are of an unknown type (generally assumed to be
+ "text/plain") can be filtered, as will those that might be
+ incorrectly reported by the webserver. If such a file is a downloaded file
+ that is intended to be saved to disk, then any content that might have been
+ altered by filtering, will be saved too, for these (probably rare) cases.
Note that versions later than 3.0.2 do NOT filter document types reported as
+ "text/plain". Prior to this, Privoxy
+ did filter this document type.
In short, filtering is "ON" if a) the content type as reported
+ by the webserver is appropriate and b) the configuration
+ allows it (or at least does not disallow it). That's it. There is no magic
+ cookie anywhere to say this is "good" and this is
+ "bad". It's the configuration that lets it all happen or not.
If you download text files, you probably do not want these to be filtered,
+ particularly if the content is source code, or other critical content. Source
+ code sometimes might be mistaken for Javascript (i.e. the kind that might
+ open a pop-up window). It is recommended to turn off filtering for download
+ sites (particularly if the content may be plain text files and you are using
+ version 3.0.2 or earlier) in your user.action file. And
+ also, for any site or page where making any changes at
+ all to the content is to be avoided.
Privoxy does not do FTP at all, only HTTP
+ and HTTPS (SSL) protocols.
One time-tested technique to defeat common ads is to trick the local DNS
+ system by giving a phony IP address for the ad generator in the local
+ HOSTS file, typically using 127.0.0.1, aka
+ localhost. This effectively blocks the ad.
There is no reason to use this technique in conjunction with
+ Privoxy. Privoxy
+ does essentially the same thing, much more elegantly and with much more
+ flexibility. A large HOSTS file, in fact, not only
+ duplicates effort, but may get in the way and seriously slow down your system.
+ It is recommended to remove such entries from your HOSTS file. If you think
+ your hosts list is neglected by Privoxy's
+ configuration, consider adding your list to your user.action file:
We're not. The text substitutions that you are seeing are disabled
- in the default configuration as shipped. You have either manually
- activated the "fun"
- filter which is clearly labeled "Text replacements
- for subversive browsing fun!" or you are using an older Privoxy
- version and have implicitly activated it by choosing the "Advanced" profile in the web-based editor. Please
- upgrade.
Privoxy generates HTML in both its own "templates", and possibly whenever there are text
- substitutions via a Privoxy filter.
- While this should always conform to the HTML 4.01 specifications, it
- has not been validated against this or any other standard.
We didn't. We make Privoxy available for download, but we don't go
- around installing it on other people's systems behind their back. If
- you discover Privoxy running on your system and are sure you didn't
- install it yourself, somebody else did. You may not even be running the
- real Privoxy, but maybe something else that only pretends to be
- Privoxy, or maybe something that is based on the real Privoxy, but has
- been modified.
-
-
Lately there have been reports of problems with some kind of Privoxy
- versions that come preinstalled on some Netbooks. Some of the problems
- described are inconsistent with the behaviour of official Privoxy
- versions, which suggests that the preinstalled software may contain
- vendor modifications that we don't know about and thus can't debug.
-
-
Privoxy's license allows vendor
- modifications, but the vendor has to comply with the license, which
- involves informing the user about the changes and to make the changes
- available under the same license as Privoxy itself.
-
-
If you are having trouble with a modified Privoxy version, please
- try to talk to whoever made the modifications before reporting the
- problem to us. Please also try to convince whoever made the
- modifications to talk to us. If you think somebody gave you a modified
- Privoxy version without complying to the license, please let us
- know.
http://www.pps.univ-paris-diderot.fr/~jch/software/polipo/,
+ Polipo is a caching proxy with advanced features
+ like pipelining, multiplexing and caching of partial instances. In many setups
+ it can be used as Squid replacement.
+
https://www.torproject.org/,
+ Tor can help anonymize web browsing,
+ web publishing, instant messaging, IRC, SSH, and other applications.
+
We're not. The text substitutions that you are seeing are disabled
+ in the default configuration as shipped. You have either manually
+ activated the "fun" filter which
+ is clearly labeled "Text replacements for subversive browsing
+ fun!" or you are using an older Privoxy version and have implicitly
+ activated it by choosing the "Advanced" profile in the
+ web-based editor. Please upgrade.
Privoxy generates HTML in both its own "templates", and possibly
+ whenever there are text substitutions via a Privoxy filter. While this
+ should always conform to the HTML 4.01 specifications, it has not been
+ validated against this or any other standard.
We didn't. We make Privoxy available for download, but we don't go
+ around installing it on other people's systems behind their back.
+ If you discover Privoxy running on your system and are sure you didn't
+ install it yourself, somebody else did. You may not even be running
+ the real Privoxy, but maybe something else that only pretends to be
+ Privoxy, or maybe something that is based on the real Privoxy,
+ but has been modified.
Lately there have been reports of problems with some kind of
+ "parental control" software based on Privoxy that came preinstalled on
+ certain ASUS Netbooks.
+ The problems described are inconsistent with the behaviour of official
+ Privoxy versions, which suggests that the preinstalled software may
+ contain vendor modifications that we don't know about and thus can't debug.
Privoxy's license allows vendor
+ modifications, but the vendor has to comply with the license,
+ which involves informing the user about the changes and to make
+ the changes available under the same license as Privoxy itself.
If you are having trouble with a modified Privoxy version,
+ please try to talk to whoever made the modifications before
+ reporting the problem to us. Please also try to convince
+ whoever made the modifications to talk to us. If you think
+ somebody gave you a modified Privoxy version without complying
+ to the license, please let us know.