4.1. How much does Privoxy slow my browsing down? This
-has to add extra time to browsing.
How much of an impact depends on many things, including the CPU of the host
- system, how aggressive the configuration is, which specific actions are being triggered,
- the size of the page, the bandwidth of the connection, etc.
Overall, it should not slow you down any in real terms, and may actually help
- speed things up since ads, banners and other junk are not typically being
- retrieved and displayed. The actual processing time required by
- Privoxy itself for each page, is relatively small
- in the overall scheme of things, and happens very quickly. This is typically
- more than offset by time saved not downloading and rendering ad images (if ad
- blocking is being used).
"Filtering" content via the filter or
- deanimate-gifs
- actions will certainly cause a perceived slowdown, since the entire document
- needs to be buffered before displaying. And on very large documents, filtering may have
- some measurable impact. How much depends on the page size, the actual
- definition of the filter(s), etc. See below. Most other actions have little
- to no impact on speed.
- Also, when filtering is enabled, typically there is a disabling of
- compression, (see prevent-compression).
- This can have an impact on speed as well. Again, the page size, etc. will
- determine how much of an impact.
4.2. I notice considerable
-delays in page requests compared to the old Junkbuster. What's wrong?
If you use any filter action,
- such as filtering banners by size, web-bugs etc, or the deanimate-gifs
- action, the entire document must be loaded into memory in order for the filtering
- mechanism to work, and nothing is sent to the browser during this time.
The loading time typically does not really change much in real numbers, but
- the feeling is different, because most browsers are able to start rendering
- incomplete content, giving the user a feeling of "it works". This effect is
- more noticeable on slower dialup connections. Extremely large documents
- may have some impact on the time to load the page where there is filtering
- being done. But overall, the difference should be very minimal. If there is a
- big impact, then probably some other situation is contributing (like
- anti-virus software).
-
Filtering is automatically disabled for inappropriate MIME types. But note
- that if the web server mis-reports the MIME type, then content that should
- not be filtered, could be. Privoxy only knows how
- to differentiate filterable content because of the MIME type as reported by
- the server, or because of some configuration setting that enables/disables
- filtering.
4.3. What are "http://config.privoxy.org/" and
-"http://p.p/"?
Since Privoxy sits between your web browser and the Internet,
- it can simply intercept requests for these addresses and answer them with its built-in
- "web server".
This also makes for a good test for your browser configuration: If entering the
- URL http://config.privoxy.org/
- takes you to a page saying "This is Privoxy ...", everything is OK.
- If you get a page saying "Privoxy is not working" instead, then
- your browser didn't use Privoxy for the request,
- hence it could not be intercepted, and you have accessed the real
- web site at config.privoxy.org.
With recent versions of Privoxy (version 2.9.x and
- later), the user interface features information on the run time status, the
- configuration, and even a built-in editor for the actions files.
Note that the built-in URLs from earlier versions of Junkbuster
- / Privoxy, http://example.com/show-proxy-args and http://i.j.b/,
- are no longer supported. If you still use such an old version, you should really consider
- upgrading to 3.0.6.
4.4. How can I submit new ads, or report
-problems?
Please see the Contact section for
-various ways to interact with the developers.
4.5. If I do submit missed ads, will
-they be included in future updates?
Whether such submissions are eventually included in the
- default.action configuration file depends on how
- significant the issue is. We of course want to address any potential
- problem with major, high-profile sites such as Google,
- Yahoo, etc. Any site with global or regional reach,
- has a good chance of being a candidate. But at the other end of the spectrum
- are any number of smaller, low-profile sites such as for local clubs or
- schools. Since their reach and impact are much less, they are best handled by
- inclusion in the user's user.action, and thus would be
- unlikely to be included.
4.6. Why doesn't anyone answer my support
-request?
Rest assured that it has been read and considered. Why it is not answered,
-could be for various reasons, including no one has a good answer for it, no
-one has had time to yet investigate it thoroughly, it has been reported
-numerous times already, or because not enough information was provided to help
-us help you. Your efforts are not wasted, and we do appreciate them.
4.7. How can I hide my IP address?
If you run both the browser and Privoxy locally, you cannot hide your IP
- address with Privoxy or ultimately any other
- software alone. The server needs to know your IP address so that it knows
- where to send the responses back.
There are many publicly usable "anonymous" proxies out there, which
- provide a further level of indirection between you and the web server.
However, these proxies are called "anonymous" because you don't need
- a password, not because they would offer any real anonymity.
- Most of them will log your IP address and make it available to the
- authorities in case you violate the law of the country they run in. In fact
- you can't even rule out that some of them only exist to *collect* information
- on (those suspicious) people with a more than average preference for privacy.
No. Your chances of remaining anonymous are greatly improved, but unless you
- chain Privoxy with Tor
- or a similar system and know what you're doing when it comes to configuring
- the rest of your system, it would be safest to assume that everything you do
- on the Web can be traced back to you.
Privoxy can remove various information about you,
- and allows you more freedom to decide which sites
- you can trust, and what details you want to reveal. But it neither
- hides your IP address, nor can it guarantee that the rest of the system
- behaves correctly. There are several possibilities how a web sites can find
- out who you are, even if you are using a strict Privoxy
- configuration and chained it with Tor.
Most of Privoxy's protection can be easily subverted
- by an insecure browser configuration, therefore you should use a browser that can
- be configured to only execute code from trusted sites, and be careful which sites you trust.
- For example there is no point in having Privoxy
- modify the User-Agent header, if websites can get all the information they want
- through JavaScript, ActiveX, Flash, Java etc.
A few browsers disclose the user's email address in certain situations, such
- as when transferring a file by FTP. Privoxy
- does not filter FTP. If you need this feature, or are concerned about the
- mail handler of your browser disclosing your email address, you might
- consider products such as NSClean.
Browsers available only as binaries could use non-standard headers to give
- out any information they can have access to: see the manufacturer's license
- agreement. It's impossible to anticipate and prevent every breach of privacy
- that might occur. The professionally paranoid prefer browsers available as
- source code, because anticipating their behavior is easier. Trust the source,
- Luke!
4.9. A test site says I am not using a Proxy.
Good! Actually, they are probably testing for some other kinds of proxies.
- Hiding yourself completely would require additional steps.
4.10. How do I use Privoxy
- together with Tor?
Before you configure Privoxy to use Tor
- (http://tor.eff.org/),
- please follow the User Manual chapters
- 2. Installation and
- 5. Startup to make sure
- Privoxy itself is setup correctly.
- If it is, refer to Tor's
- extensive documentation to learn how to install Tor,
- and make sure Tor's logfile says that
- "Tor has successfully opened a circuit" and it
- "looks like client functionality is working".
If either Tor or Privoxy
- isn't working, their combination most likely will neither. Testing them on their
- own will also help you to direct problem reports to the right audience.
- If Privoxy isn't working, don't bother the
- Tor developers. If Tor
- isn't working, don't send bug reports to the Privoxy Team.
If you verified that Privoxy and Tor
- are working, it is time to connect them. As far as Privoxy
- is concerned, Tor is just another proxy that can be reached
- by socks4 or socks4a. Most likely you are interested in Tor
- to increase your anonymity level, therefore you should use socks4a,
- to make sure Privoxy's DNS requests are
- done through Tor and thus invisible to your local network.
Since Privoxy 3.0.5, its
- main configuration file
- is already prepared for Tor, if you are using a
- default Tor configuration and run it on the same
- system as Privoxy, you just have to edit the
- forwarding section
- and uncomment the line:
# forward-socks4a / 127.0.0.1:9050 .
-
This is enough to reach the Internet, but additionally you should
- uncomment the following forward rules, to make sure your local network is still
- reachable through Privoxy:
+ How much of an impact depends on many things, including the CPU of
+ the host system, how aggressive the configuration is, which
+ specific actions are being triggered, the size of the page, the
+ bandwidth of the connection, etc.
+
+
+ Overall, it should not slow you down any in real terms, and may
+ actually help speed things up since ads, banners and other junk are
+ not typically being retrieved and displayed. The actual processing
+ time required by Privoxy itself
+ for each page, is relatively small in the overall scheme of things,
+ and happens very quickly. This is typically more than offset by
+ time saved not downloading and rendering ad images and other junk
+ content (if ad blocking is being used).
+
+
+ "Filtering" content via the filter or deanimate-gifs actions may cause a perceived
+ slowdown, since the entire document needs to be buffered before
+ displaying. And on very large documents, filtering may have some
+ measurable impact. How much depends on the page size, the actual
+ definition of the filter(s), etc. See below. Most other actions
+ have little to no impact on speed.
+
+
+ Also, when filtering is enabled but zlib support isn't available,
+ compression is often disabled (see prevent-compression). This can have an impact on speed
+ as well, although it's probably smaller than you might think.
+ Again, the page size, etc. will determine how much of an impact.
+
+ If you use any filter action, such as filtering banners by size,
+ web-bugs etc, or the deanimate-gifs action, the entire document must be
+ loaded into memory in order for the filtering mechanism to work,
+ and nothing is sent to the browser during this time.
+
+
+ The loading time typically does not really change much in real
+ numbers, but the feeling is different, because most browsers are
+ able to start rendering incomplete content, giving the user a
+ feeling of "it works". This effect is more noticeable on slower
+ dialup connections. Extremely large documents may have some impact
+ on the time to load the page where there is filtering being done.
+ But overall, the difference should be very minimal. If there is a
+ big impact, then probably some other situation is contributing
+ (like anti-virus software).
+
+
+ Filtering is automatically disabled for inappropriate MIME types.
+ But note that if the web server mis-reports the MIME type, then
+ content that should not be filtered, could be. Privoxy only knows how to differentiate
+ filterable content because of the MIME type as reported by the
+ server, or because of some configuration setting that
+ enables/disables filtering.
+
+ Since Privoxy sits between your
+ web browser and the Internet, it can simply intercept requests for
+ these addresses and answer them with its built-in "web server".
+
+
+ This also makes for a good test for your browser configuration: If
+ entering the URL http://config.privoxy.org/ takes you to a page saying
+ "This is Privoxy ...", everything is OK.
+ If you get a page saying "Privoxy is not
+ working" instead, then your browser didn't use Privoxy for the request, hence it could not be
+ intercepted, and you have accessed the real web site at config.privoxy.org.
+
+
+ Note that config.privoxy.org resolves to a public IP address. If
+ you use config.privoxy.org as ping or traceroute target you will
+ reach the system on the Internet (Privoxy can't intercept ICMP
+ requests). If you want to ping the system Privoxy runs on, you
+ should use its IP address or local DNS name (if it has got one).
+
+ Whether such submissions are eventually included in the default.action configuration file depends on how
+ significant the issue is. We of course want to address any
+ potential problem with major, high-profile sites such as Google, Yahoo, etc. Any
+ site with global or regional reach, has a good chance of being a
+ candidate. But at the other end of the spectrum are any number of
+ smaller, low-profile sites such as for local clubs or schools.
+ Since their reach and impact are much less, they are best handled
+ by inclusion in the user's user.action,
+ and thus would be unlikely to be included.
+
+ Rest assured that it has been read and considered. Why it is not
+ answered, could be for various reasons, including no one has a good
+ answer for it, no one has had time to yet investigate it
+ thoroughly, it has been reported numerous times already, or because
+ not enough information was provided to help us help you. Your
+ efforts are not wasted, and we do appreciate them.
+
+ If you run both the browser and Privoxy locally, you cannot hide your IP
+ address with Privoxy or ultimately
+ any other software alone. The server needs to know your IP address
+ so that it knows where to send the responses back.
+
+
+ There are many publicly usable "anonymous" proxies out there, which
+ provide a further level of indirection between you and the web
+ server.
+
+
+ However, these proxies are called "anonymous" because you don't
+ need to authenticate, not because they would offer any real
+ anonymity. Most of them will log your IP address and make it
+ available to the authorities in case you violate the law of the
+ country they run in. In fact you can't even rule out that some of
+ them only exist to *collect* information on (those suspicious)
+ people with a more than average preference for privacy.
+
+
+ If you want to hide your IP address from most adversaries, you
+ should consider chaining Privoxy
+ with Tor.
+ The configuration details can be found in How do I use Privoxy
+ together with Tor section just
+ below.
+
+ No. Your chances of remaining anonymous are improved, but unless
+ you chain Privoxy with Tor or a similar proxy and know what
+ you're doing when it comes to configuring the rest of your system,
+ you should assume that everything you do on the Web can be traced
+ back to you.
+
+
+ Privoxy can remove various
+ information about you, and allows you more freedom to decide which sites you
+ can trust, and what details you want to reveal. But it neither
+ hides your IP address, nor can it guarantee that the rest of the
+ system behaves correctly. There are several possibilities how a web
+ sites can find out who you are, even if you are using a strict
+ Privoxy configuration and chained
+ it with Tor.
+
+
+ Most of Privoxy's
+ privacy-enhancing features can be easily subverted by an insecure
+ browser configuration, therefore you should use a browser that can
+ be configured to only execute code from trusted sites, and be
+ careful which sites you trust. For example there is no point in
+ having Privoxy modify the
+ User-Agent header, if websites can get all the information they
+ want through JavaScript, ActiveX, Flash, Java etc.
+
+
+ A few browsers disclose the user's email address in certain
+ situations, such as when transferring a file by FTP. Privoxy does not filter FTP. If you need this
+ feature, or are concerned about the mail handler of your browser
+ disclosing your email address, you might consider products such as
+ NSClean.
+
+
+ Browsers available only as binaries could use non-standard headers
+ to give out any information they can have access to: see the
+ manufacturer's license agreement. It's impossible to anticipate and
+ prevent every breach of privacy that might occur. The
+ professionally paranoid prefer browsers available as source code,
+ because anticipating their behavior is easier. Trust the source,
+ Luke!
+
+ Before you configure Privoxy to
+ use Tor,
+ please follow the User Manual chapters 2.
+ Installation and 5. Startup to make sure Privoxy itself is setup correctly.
+
+
+ If it is, refer to Tor's
+ extensive documentation to learn how to install Tor, and make sure Tor's logfile says that "Tor has successfully opened a circuit" and it "looks like client functionality is working".
+
+
+ If either Tor or Privoxy isn't working, their combination most
+ likely will neither. Testing them on their own will also help you
+ to direct problem reports to the right audience. If Privoxy isn't working, don't bother the Tor developers. If Tor isn't working, don't send bug reports to
+ the Privoxy Team.
+
+
+ If you verified that Privoxy and
+ Tor are working, it is time to
+ connect them. As far as Privoxy is
+ concerned, Tor is just another
+ proxy that can be reached by socks4, socks4a and socks5. Most
+ likely you are interested in Tor
+ to increase your anonymity level, therefore you should use socks5,
+ to make sure DNS requests are done through Tor and thus invisible to your local network.
+ Using socks4a would work too, but with socks5 you get more precise
+ error messages.
+
+
+ Privoxy'smain configuration
+ file is already prepared for Tor, if you are using a default Tor configuration and run it on the same
+ system as Privoxy, you just have
+ to edit the forwarding section and uncomment the line:
+
+
+
+
+
+
+
+# forward-socks5t / 127.0.0.1:9050 .
+
+
+
+
+
+
+ Note that if you got Tor through one of the bundles, you may have
+ to change the port from 9050 to 9150 (or even another one). For
+ details, please check the documentation on the Tor website.
+
+
+ This is enough to reach the Internet, but additionally you might
+ want to uncomment the following forward rules, to make sure your
+ local network is still reachable through Privoxy:
+
Unencrypted connections to systems in these address ranges will
- be as (un)secure as the local network is, but the alternative is
- that you can't reach the network at all.
- If you also want to be able to reach servers in your local
- network by using their names, you will need additional
- exceptions that look like this:
# forward localhost/ .
-
Save the modified configuration file and open
- http://config.privoxy.org/show-status/
- in your browser, confirm that Privoxy has reloaded its configuration
- and that there are no other forward lines, unless you know that you need them. If everything looks good,
- refer to
- Tor
- Faq 4.2 to learn how to verify that you are really using Tor.
Afterward, please take the time to at least skim through the rest
- of Tor's documentation. Make sure you understand
- what Tor does, why it is no replacement for
- application level security, and why you shouldn't use it for unencrypted logins.
4.11. Might some things break because header information or
-content is being altered?
Definitely. It is common for sites to use browser type, browser version,
- HTTP header content, and various other techniques in order to dynamically
- decide what to display and how to display it. What you see, and what I see,
- might be very different. There are many, many ways that this can be handled,
- so having hard and fast rules, is tricky.
"User-Agent" is often used in this way to identify
- the browser, and adjust content accordingly. Changing this now (at least not
- further than removing the OS information) is not recommended, since so many
- sites do look for it. You may get undesirable results by changing just this
- one aspect.
Also, different browsers use different encodings of Russian and Czech
- characters, certain web servers convert pages on-the-fly according to the
- User Agent header. Giving a "User Agent" with the wrong
- operating system or browser manufacturer causes some sites in these languages
- to be garbled; Surfers to Eastern European sites should change it to
- something closer. And then some page access counters work by looking at the
- "Referer" header; they may fail or break if unavailable. The
- weather maps of Intellicast have been blocked by their server when no
- "Referer" or cookie is provided, is another example. (But you
- can forge both headers without giving information away). There are
- many other ways things that can go wrong when trying to fool a web server. The
- results of which could inadvertently cause pages to load incorrectly,
- partially, or even not at all. And there may be no obvious clues as to just
- what went wrong, or why. Nowhere will there be a message that says
- "Turn off fast-redirects or else!
- "
Similar thoughts apply to modifying JavaScript, and, to a lesser degree,
- HTML elements.
If you have problems with a site, you will have to adjust your configuration
- accordingly. Cookies are probably the most likely adjustment that may
- be required, but by no means the only one.
4.12. Can Privoxy act as a "caching" proxy to
-speed up web browsing?
No, it does not have this ability at all. You want something like
- Squid for this. And, yes,
- before you ask, Privoxy can co-exist
- with other kinds of proxies like Squid.
- See the forwarding
- chapter in the user
- manual for details.
4.13. What about as a firewall? Can Privoxy protect me?
Not in the way you mean, or in the way a true firewall can.
- Privoxy can help protect your privacy, but not
- protect you from intrusion attempts. It is, of course, perfectly possible
- and recommended to use both.
4.14. I have large empty spaces / a checkerboard pattern now where
-ads used to be. Why?
It is technically possible to eliminate banners and ads in a way that frees
- their allocated page space. This could easily be done by blocking with
- Privoxy's filters,
- and eliminating the entire image references from the
- HTML page source.
But, this would consume considerably more CPU resources (IOW, slow things
- down), would likely destroy the layout of some web pages which rely on the
- banners utilizing a certain amount of page space, and might fail in other
- cases, where the screen space is reserved (e.g. by HTML tables for instance).
- Also, making ads and banners disappear without any trace complicates
- troubleshooting, and would sooner or later be problematic.
The better alternative is to instead let them stay, and block the resulting
- requests for the banners themselves as is now the case. This leaves either
- empty space, or the familiar checkerboard pattern.
So the developers won't support this in the default configuration, but you
- can of course define appropriate filters yourself to achieve this.
4.15. How can Privoxy filter Secure (HTTPS) URLs?
Since secure HTTP connections are encrypted SSL sessions between your browser
- and the secure site, and are meant to be reliably secure,
- there is little that Privoxy can do but hand the raw
- gibberish data though from one end to the other unprocessed.
The only exception to this is blocking by host patterns, as the client needs
- to tell Privoxy the name of the remote server,
- so that Privoxy can establish the connection.
- If that name matches a host-only pattern, the connection will be blocked.
As far as ad blocking is concerned, this is less of a restriction than it may
- seem, since ad sources are often identifiable by the host name, and often
- the banners to be placed in an encrypted page come unencrypted nonetheless
- for efficiency reasons, which exposes them to the full power of
- Privoxy's ad blocking.
"Content cookies" (those that are embedded in the actual HTML or
- JS page content, see filter{content-cookies}),
- in an SSL transaction will be impossible to block under these conditions.
- Fortunately, this does not seem to be a very common scenario since most
- cookies come by traditional means.
4.16. Privoxy runs as a "server". How
-secure is it? Do I need to take any special precautions?
There are no known exploits that might affect
- Privoxy. On Unix-like systems,
- Privoxy can run as a non-privileged
- user, which is how we recommend it be run. Also, by default
- Privoxy only listens to requests
- from "localhost" only. The server aspect of
- Privoxy is not itself directly exposed to the
- Internet in this configuration. If you want to have
- Privoxy serve as a LAN proxy, this will have to
- be opened up to allow for LAN requests. In this case, we'd recommend
- you specify only the LAN gateway address, e.g. 192.168.1.1, in the main
- Privoxy configuration file and check all access control and security
- options. All LAN hosts can then use this as their proxy address
- in the browser proxy configuration, but Privoxy
- will not listen on any external interfaces. ACLs can be defined in addition,
- and using a firewall is always good too. Better safe than sorry.
4.17. How can I temporarily disable Privoxy?
The easiest way is to access Privoxy with your
- browser by using the remote toggle URL: http://config.privoxy.org/toggle.
- See the Bookmarklets section
- of the User Manual for an easy way to access this
- feature.
4.18. When "disabled" is Privoxy totally
-out of the picture?
No, this just means all filtering and actions are disabled.
- Privoxy is still acting as a proxy, but just not
- doing any of the things that Privoxy would
- normally be expected to do. It is still a "middle-man" in
- the interaction between your browser and web sites. See below to bypass
- the proxy.
4.19. How can I tell Privoxy to totally ignore certain sites?
Bypassing a proxy, or proxying based on arbitrary criteria, is purely a browser
- configuration issue, not a Privoxy issue. Modern browsers typically do have
- settings for not proxying certain sites. Check your browser's help files.
4.20. My logs show Privoxy "crunches"
-ads, but also its own internal CGI pages. What is a "crunch"?
A "crunch" simply means Privoxy intercepted
- something, nothing more. Often this is indeed ads or
- banners, but Privoxy uses the same mechanism for
- trapping requests for its own internal pages. For instance, a request for
- Privoxy's configuration page at: http://config.privoxy.org, is
- intercepted (i.e. it does not go out to the 'net), and the familiar CGI
- configuration is returned to the browser, and the log consequently will show
- a "crunch".
4.21. Can Privoxy effect files that I download
-from a webserver? FTP server?
From the webserver's perspective, there is no difference between
- viewing a document (i.e. a page), and downloading a file. The same is true of
- Privoxy. If there is a match for a block pattern,
- it will still be blocked, and of course this is obvious.
-
Filtering is potentially more of a concern since the results are not always
- so obvious, and the effects of filtering are there whether the file is simply
- viewed, or downloaded. And potentially whether the content is some obnoxious
- advertisement, or Mr. Jimmy's latest/greatest source code jewel. Of course,
- one of these presumably is "bad" content that we don't want, and
- the other is "good" content that we do want.
- Privoxy is blind to the differences, and can only
- distinguish "good from bad" by the configuration parameters
- we give it.
Privoxy knows the differences in files according
- to the "Document Type" as reported by the webserver. If this is
- reported accurately (e.g. "application/zip" for a zip archive),
- then Privoxy knows to ignore these where
- appropriate. Privoxy potentially can filter HTML
- as well as plain text documents, subject to configuration parameters of
- course. Also, documents that are of an unknown type (generally assumed to be
- "text/plain") can be filtered, as will those that might be
- incorrectly reported by the webserver. If such a file is a downloaded file
- that is intended to be saved to disk, then any content that might have been
- altered by filtering, will be saved too, for these (probably rare) cases.
Note that versions later than 3.0.2 do NOT filter document types reported as
- "text/plain". Prior to this, Privoxy
- did filter this document type.
In short, filtering is "ON" if a) the Document Type as reported
- by the webserver is appropriate and b) the configuration
- allows it (or at least does not disallow it). That's it. There is no magic
- cookie anywhere to say this is "good" and this is
- "bad". It's the configuration that let's it all happen or not.
If you download text files, you probably do not want these to be filtered,
- particularly if the content is source code, or other critical content. Source
- code sometimes might be mistaken for Javascript (i.e. the kind that might
- open a pop-up window). It is recommended to turn off filtering for download
- sites (particularly if the content may be plain text files and you are using
- version 3.0.2 or earlier) in your user.action file. And
- also, for any site or page where making any changes at
- all to the content is to be avoided.
Privoxy does not do FTP at all, only HTTP
- and HTTPS (SSL) protocols, so please don't try.
4.22. I just downloaded a Perl script, and Privoxy
-altered it! Yikes, what is wrong!
Please read above.
4.23. Should I continue to use a "HOSTS" file for ad-blocking?
One time-tested technique to defeat common ads is to trick the local DNS
- system by giving a phony IP address for the ad generator in the local
- HOSTS file, typically using 127.0.0.1, aka
- localhost. This effectively blocks the ad.
There is no reason to use this technique in conjunction with
- Privoxy. Privoxy
- does essentially the same thing, much more elegantly and with much more
- flexibility. A large HOSTS file, in fact, not only
- duplicates effort, but may get in the way. It is recommended to remove
- such entries from your HOSTS file. If you think
- your hosts list is neglected by Privoxy's
- configuration, consider adding your list to your user.action file:
{ +block }
+
+
+
+
+
+
+ Unencrypted connections to systems in these address ranges will be
+ as (un)secure as the local network is, but the alternative is that
+ your browser can't reach the network at all. Then again, that may
+ actually be desired and if you don't know for sure that your
+ browser has to be able to reach the local network, there's no
+ reason to allow it.
+
+
+ If you want your browser to be able to reach servers in your local
+ network by using their names, you will need additional exceptions
+ that look like this:
+
+
+
+
+
+
+
+# forward localhost/ .
+
+
+
+
+
+
+ Save the modified configuration file and open http://config.privoxy.org/show-status in your browser,
+ confirm that Privoxy has reloaded
+ its configuration and that there are no other forward lines, unless
+ you know that you need them. If everything looks good, refer to Tor Faq 4.2 to learn how to verify that you are
+ really using Tor.
+
+
+ Afterward, please take the time to at least skim through the rest
+ of Tor's documentation. Make sure
+ you understand what Tor does, why
+ it is no replacement for application level security, and why you
+ probably don't want to use it for unencrypted logins.
+
+ Definitely. It is common for sites to use browser type, browser
+ version, HTTP header content, and various other techniques in order
+ to dynamically decide what to display and how to display it. What
+ you see, and what I see, might be very different. There are many,
+ many ways that this can be handled, so having hard and fast rules,
+ is tricky.
+
+
+ The "User-Agent" is sometimes used in
+ this way to identify the browser, and adjust content accordingly.
+
+
+ Also, different browsers use different encodings of non-English
+ characters, certain web servers convert pages on-the-fly according
+ to the User Agent header. Giving a "User
+ Agent" with the wrong operating system or browser
+ manufacturer causes some sites in these languages to be garbled;
+ Surfers to Eastern European sites should change it to something
+ closer. And then some page access counters work by looking at the
+ "Referer" header; they may fail or break
+ if unavailable. The weather maps of Intellicast have been blocked
+ by their server when no "Referer" or
+ cookie is provided, is another example. (But you can forge both
+ headers without giving information away). There are many other ways
+ things can go wrong when trying to fool a web server. The results
+ of which could inadvertently cause pages to load incorrectly,
+ partially, or even not at all. And there may be no obvious clues as
+ to just what went wrong, or why. Nowhere will there be a message
+ that says "Turn off fast-redirects or
+ else! "
+
+
+ Similar thoughts apply to modifying JavaScript, and, to a lesser
+ degree, HTML elements.
+
+
+ If you have problems with a site, you will have to adjust your
+ configuration accordingly. Cookies are probably the most likely
+ adjustment that may be required, but by no means the only one.
+
+ No, it does not have this ability at all. You want something like
+ Squid or Polipo for this. And, yes, before you ask, Privoxy can co-exist with other kinds of
+ proxies like Squid. See the forwarding chapter in the user manual for
+ details.
+
+ Not in the way you mean, or in the way some firewall vendors claim
+ they can. Privoxy can help protect
+ your privacy, but can't protect your system from intrusion
+ attempts. It is, of course, perfectly possible to use both.
+
+ It is technically possible to eliminate banners and ads in a way
+ that frees their allocated page space. This could easily be done by
+ blocking with Privoxy's filters,
+ and eliminating the entire image references from the HTML page
+ source.
+
+
+ But, this would consume considerably more CPU resources (IOW, slow
+ things down), would likely destroy the layout of some web pages
+ which rely on the banners utilizing a certain amount of page space,
+ and might fail in other cases, where the screen space is reserved
+ (e.g. by HTML tables for instance). Also, making ads and banners
+ disappear without any trace complicates troubleshooting, and would
+ sooner or later be problematic.
+
+
+ The better alternative is to instead let them stay, and block the
+ resulting requests for the banners themselves as is now the case.
+ This leaves either empty space, or the familiar checkerboard
+ pattern.
+
+
+ So the developers won't support this in the default configuration,
+ but you can of course define appropriate filters yourself to
+ achieve this.
+
+ Since secure HTTP connections are encrypted SSL sessions between
+ your browser and the secure site, and are meant to be reliably
+ secure, there
+ is little that Privoxy can do but
+ hand the raw gibberish data though from one end to the other
+ unprocessed.
+
+
+ The only exception to this is blocking by host patterns, as the
+ client needs to tell Privoxy the
+ name of the remote server, so that Privoxy can establish the connection. If that
+ name matches a host-only pattern, the connection will be blocked.
+
+
+ As far as ad blocking is concerned, this is less of a restriction
+ than it may seem, since ad sources are often identifiable by the
+ host name, and often the banners to be placed in an encrypted page
+ come unencrypted nonetheless for efficiency reasons, which exposes
+ them to the full power of Privoxy's ad blocking.
+
+
+ "Content cookies" (those that are
+ embedded in the actual HTML or JS page content, see filter{content-cookies}), in an SSL transaction
+ will be impossible to block under these conditions. Fortunately,
+ this does not seem to be a very common scenario since most cookies
+ come by traditional means.
+
+ On Unix-like systems, Privoxy can
+ run as a non-privileged user, which is how we recommend it be run.
+ Also, by default Privoxy listens
+ to requests from "localhost" only.
+
+
+ The server aspect of Privoxy is
+ not itself directly exposed to the Internet in this configuration.
+ If you want to have Privoxy serve
+ as a LAN proxy, this will have to be opened up to allow for LAN
+ requests. In this case, we'd recommend you specify only the LAN
+ gateway address, e.g. 192.168.1.1, in the main Privoxy configuration file and check all access control and security options. All LAN hosts can
+ then use this as their proxy address in the browser proxy
+ configuration, but Privoxy will
+ not listen on any external interfaces. ACLs can be defined in
+ addition, and using a firewall is always good too. Better safe than
+ sorry.
+
+ See the Bookmarklets section of the User
+ Manual for an easy way to access this feature. Note that this
+ is a feature that may need to be enabled in the main config file.
+
+ No, this just means all optional filtering and actions are
+ disabled. Privoxy is still acting
+ as a proxy, but just doing less of the things that Privoxy would normally be expected to do. It
+ is still a "middle-man" in the
+ interaction between your browser and web sites. See below to bypass
+ the proxy.
+
+ Bypassing a proxy, or proxying based on arbitrary criteria, is
+ purely a browser configuration issue, not a Privoxy issue. Modern browsers typically do
+ have settings for not proxying certain sites. Check your browser's
+ help files.
+
+ A "crunch" simply means Privoxy intercepted something, nothing more. Often this is
+ indeed ads or banners, but Privoxy
+ uses the same mechanism for trapping requests for its own internal
+ pages. For instance, a request for Privoxy's configuration page at: http://config.privoxy.org, is intercepted (i.e. it does
+ not go out to the 'net), and the familiar CGI configuration is
+ returned to the browser, and the log consequently will show a "crunch".
+
+
+ Since version 3.0.7, Privoxy will also log the crunch reason. If
+ you are using an older version you might want to upgrade.
+
+ From the webserver's perspective, there is no difference between
+ viewing a document (i.e. a page), and downloading a file. The same
+ is true of Privoxy. If there is a
+ match for a block pattern, it will still be blocked, and of
+ course this is obvious.
+
+
+ Filtering is potentially more of a concern since the results are
+ not always so obvious, and the effects of filtering are there
+ whether the file is simply viewed, or downloaded. And potentially
+ whether the content is some obnoxious advertisement, or Mr. Jimmy's
+ latest/greatest source code jewel. Of course, one of these
+ presumably is "bad" content that we
+ don't want, and the other is "good"
+ content that we do want. Privoxy
+ is blind to the differences, and can only distinguish "good from bad" by the configuration parameters
+ we give it.
+
+
+ Privoxy knows the differences in
+ files according to the "Content Type" as
+ reported by the webserver. If this is reported accurately (e.g.
+ "application/zip" for a zip archive),
+ then Privoxy knows to ignore these
+ where appropriate. Privoxy
+ potentially can filter HTML as well as plain text documents,
+ subject to configuration parameters of course. Also, documents that
+ are of an unknown type (generally assumed to be "text/plain") can be filtered, as will those that
+ might be incorrectly reported by the webserver. If such a file is a
+ downloaded file that is intended to be saved to disk, then any
+ content that might have been altered by filtering, will be saved
+ too, for these (probably rare) cases.
+
+
+ Note that versions later than 3.0.2 do NOT filter document types
+ reported as "text/plain". Prior to this,
+ Privoxy did filter this document
+ type.
+
+
+ In short, filtering is "ON" if a) the
+ content type as reported by the webserver is appropriate and b) the
+ configuration allows it (or at least does not disallow it). That's
+ it. There is no magic cookie anywhere to say this is "good" and this is "bad".
+ It's the configuration that lets it all happen or not.
+
+
+ If you download text files, you probably do not want these to be
+ filtered, particularly if the content is source code, or other
+ critical content. Source code sometimes might be mistaken for
+ Javascript (i.e. the kind that might open a pop-up window). It is
+ recommended to turn off filtering for download sites (particularly
+ if the content may be plain text files and you are using version
+ 3.0.2 or earlier) in your user.action
+ file. And also, for any site or page where making any changes at all to the
+ content is to be avoided.
+
+
+ Privoxy does not do FTP at all,
+ only HTTP and HTTPS (SSL) protocols.
+
+ One time-tested technique to defeat common ads is to trick the
+ local DNS system by giving a phony IP address for the ad generator
+ in the local HOSTS file, typically using
+ 127.0.0.1, aka localhost. This effectively blocks the ad.
+
+
+ There is no reason to use this technique in conjunction with Privoxy. Privoxy does essentially the same thing, much
+ more elegantly and with much more flexibility. A large HOSTS file, in fact, not only duplicates effort,
+ but may get in the way and seriously slow down your system. It is
+ recommended to remove such entries from your HOSTS file. If you think your hosts list is
+ neglected by Privoxy's
+ configuration, consider adding your list to your user.action file:
+
4.25. I've noticed that Privoxy changes "Microsoft" to
-"MicroSuck"! Why are you manipulating my browsing?
We're not. The text substitutions that you are seeing are disabled
- in the default configuration as shipped. You have either manually
- activated the "fun" filter which
- is clearly labeled "Text replacements for subversive browsing
- fun!" or you are using an older Privoxy version and have implicitly
- activated it by choosing the "Adventuresome" profile in the
- web-based editor. Please upgrade!
+ http://www.pps.univ-paris-diderot.fr/~jch/software/polipo/,
+ Polipo is a caching proxy
+ with advanced features like pipelining, multiplexing and
+ caching of partial instances. In many setups it can be used
+ as Squid replacement.
+
+
+
+
+
+
+
+
+ https://www.torproject.org/, Tor can help anonymize web browsing, web
+ publishing, instant messaging, IRC, SSH, and other
+ applications.
+
+ We're not. The text substitutions that you are seeing are disabled
+ in the default configuration as shipped. You have either manually
+ activated the "fun" filter which is clearly labeled "Text replacements for subversive browsing
+ fun!" or you are using an older Privoxy version and have
+ implicitly activated it by choosing the "Advanced" profile in the web-based editor. Please
+ upgrade.
+
+ Privoxy generates HTML in both its own "templates", and possibly whenever there are text
+ substitutions via a Privoxy
+ filter. While this should always conform to the HTML 4.01
+ specifications, it has not been validated against this or any other
+ standard.
+
+ We didn't. We make Privoxy available for download, but we don't go
+ around installing it on other people's systems behind their back.
+ If you discover Privoxy running on your system and are sure you
+ didn't install it yourself, somebody else did. You may not even be
+ running the real Privoxy, but maybe something else that only
+ pretends to be Privoxy, or maybe something that is based on the
+ real Privoxy, but has been modified.
+
+
+ Lately there have been reports of problems with some kind of
+ "parental control" software based on Privoxy that came preinstalled
+ on certain ASUS Netbooks. The problems described are
+ inconsistent with the behaviour of official Privoxy versions, which
+ suggests that the preinstalled software may contain vendor
+ modifications that we don't know about and thus can't debug.
+
+
+ Privoxy's license allows vendor
+ modifications, but the vendor has to comply with the license, which
+ involves informing the user about the changes and to make the
+ changes available under the same license as Privoxy itself.
+
+
+ If you are having trouble with a modified Privoxy version, please
+ try to talk to whoever made the modifications before reporting the
+ problem to us. Please also try to convince whoever made the
+ modifications to talk to us. If you think somebody gave you a
+ modified Privoxy version without complying to the license, please
+ let us know.
+