1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
8 CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
10 TITLE="Privoxy Frequently Asked Questions"
11 HREF="index.html"><LINK
14 HREF="configuration.html"><LINK
16 TITLE="Troubleshooting"
17 HREF="trouble.html"><LINK
20 HREF="../p_doc.css"></HEAD
31 SUMMARY="Header navigation table"
40 >Privoxy Frequently Asked Questions</TH
48 HREF="configuration.html"
85 >4.1. How much does Privoxy slow my browsing down? This
86 has to add extra time to browsing.</A
89 > How much of an impact depends on many things, including the CPU of the host
90 system, how aggressive the configuration is, which specific actions are being triggered,
91 the size of the page, the bandwidth of the connection, etc.</P
93 > Overall, it should not slow you down any in real terms, and may actually help
94 speed things up since ads, banners and other junk are not typically being
95 retrieved and displayed. The actual processing time required by
99 > itself for each page, is relatively small
100 in the overall scheme of things, and happens very quickly. This is typically
101 more than offset by time saved not downloading and rendering ad images and
102 other junk content (if ad blocking is being used).</P
107 > content via the <TT
110 HREF="../user-manual/actions-file.html#FILTER"
118 HREF="../user-manual/actions-file.html#DEANIMATE-GIFS"
123 actions may cause a perceived slowdown, since the entire document
124 needs to be buffered before displaying. And on very large documents,
125 filtering may have some measurable impact. How much depends on the page size,
126 the actual definition of the filter(s), etc. See below. Most other actions
127 have little to no impact on speed.</P
129 > Also, when filtering is enabled but zlib support isn't available, compression
130 is often disabled (see <A
131 HREF="../user-manual/actions-file.html#PREVENT-COMPRESSION"
133 >prevent-compression</A
135 This can have an impact on speed as well, although it's probably smaller than
136 you might think. Again, the page size, etc. will determine how much of an impact.</P
144 >4.2. I notice considerable
145 delays in page requests. What's wrong?</A
151 HREF="../user-manual/actions-file.html#FILTER"
156 such as filtering banners by size, web-bugs etc, or the <TT
159 HREF="../user-manual/actions-file.html#DEANIMATE-GIFS"
164 action, the entire document must be loaded into memory in order for the filtering
165 mechanism to work, and nothing is sent to the browser during this time.</P
167 > The loading time typically does not really change much in real numbers, but
168 the feeling is different, because most browsers are able to start rendering
169 incomplete content, giving the user a feeling of "it works". This effect is
170 more noticeable on slower dialup connections. Extremely large documents
171 may have some impact on the time to load the page where there is filtering
172 being done. But overall, the difference should be very minimal. If there is a
173 big impact, then probably some other situation is contributing (like
174 anti-virus software).
177 > Filtering is automatically disabled for inappropriate MIME types. But note
178 that if the web server mis-reports the MIME type, then content that should
179 not be filtered, could be. <SPAN
183 to differentiate filterable content because of the MIME type as reported by
184 the server, or because of some configuration setting that enables/disables
193 >4.3. What are "http://config.privoxy.org/" and
198 HREF="http://config.privoxy.org/"
200 >http://config.privoxy.org/</A
205 >'s built-in user interface, and
210 > is a shortcut for it.</P
215 > sits between your web browser and the Internet,
216 it can simply intercept requests for these addresses and answer them with its built-in
222 > This also makes for a good test for your browser configuration: If entering the
224 HREF="http://config.privoxy.org/"
226 >http://config.privoxy.org/</A
228 takes you to a page saying <SPAN
230 >"This is Privoxy ..."</SPAN
232 If you get a page saying <SPAN
234 >"Privoxy is not working"</SPAN
236 your browser didn't use <SPAN
240 hence it could not be intercepted, and you have accessed the <SPAN
247 web site at config.privoxy.org.</P
255 >4.4. How can I submit new ads, or report
263 various ways to interact with the developers.</P
271 >4.5. If I do submit missed ads, will
272 they be included in future updates?</A
275 > Whether such submissions are eventually included in the
279 > configuration file depends on how
280 significant the issue is. We of course want to address any potential
281 problem with major, high-profile sites such as <I
288 >, etc. Any site with global or regional reach,
289 has a good chance of being a candidate. But at the other end of the spectrum
290 are any number of smaller, low-profile sites such as for local clubs or
291 schools. Since their reach and impact are much less, they are best handled by
292 inclusion in the user's <TT
296 unlikely to be included. </P
304 >4.6. Why doesn't anyone answer my support
308 >Rest assured that it has been read and considered. Why it is not answered,
309 could be for various reasons, including no one has a good answer for it, no
310 one has had time to yet investigate it thoroughly, it has been reported
311 numerous times already, or because not enough information was provided to help
312 us help you. Your efforts are not wasted, and we do appreciate them.</P
320 >4.7. How can I hide my IP address?</A
323 > If you run both the browser and <SPAN
326 > locally, you cannot hide your IP
330 > or ultimately any other
331 software alone. The server needs to know your IP address so that it knows
332 where to send the responses back. </P
334 > There are many publicly usable "anonymous" proxies out there, which
335 provide a further level of indirection between you and the web server.</P
337 > However, these proxies are called "anonymous" because you don't need
338 to authenticate, not because they would offer any real anonymity.
339 Most of them will log your IP address and make it available to the
340 authorities in case you violate the law of the country they run in. In fact
341 you can't even rule out that some of them only exist to *collect* information
342 on (those suspicious) people with a more than average preference for privacy.</P
344 > If you want to hide your IP address from most adversaries,
345 you should consider chaining <SPAN
350 HREF="http://tor.eff.org/"
354 The configuration details can be found in
375 >4.8. Can Privoxy guarantee I am anonymous?</A
378 > No. Your chances of remaining anonymous are improved, but unless you
390 or a similar proxy and know what you're doing when it comes to configuring
391 the rest of your system, you should assume that everything you do
392 on the Web can be traced back to you.</P
397 > can remove various information about you,
404 > more freedom to decide which sites
405 you can trust, and what details you want to reveal. But it neither
406 hides your IP address, nor can it guarantee that the rest of the system
407 behaves correctly. There are several possibilities how a web sites can find
408 out who you are, even if you are using a strict <SPAN
412 configuration and chained it with <SPAN
420 > privacy-enhancing features can be easily subverted
421 by an insecure browser configuration, therefore you should use a browser that can
422 be configured to only execute code from trusted sites, and be careful which sites you trust.
423 For example there is no point in having <SPAN
427 modify the User-Agent header, if websites can get all the information they want
428 through JavaScript, ActiveX, Flash, Java etc.</P
430 > A few browsers disclose the user's email address in certain situations, such
431 as when transferring a file by FTP. <SPAN
435 does not filter FTP. If you need this feature, or are concerned about the
436 mail handler of your browser disclosing your email address, you might
437 consider products such as <SPAN
442 > Browsers available only as binaries could use non-standard headers to give
443 out any information they can have access to: see the manufacturer's license
444 agreement. It's impossible to anticipate and prevent every breach of privacy
445 that might occur. The professionally paranoid prefer browsers available as
446 source code, because anticipating their behavior is easier. Trust the source,
455 >4.9. A test site says I am not using a Proxy.</A
458 > Good! Actually, they are probably testing for some other kinds of proxies.
459 Hiding yourself completely would require additional steps.</P
467 >4.10. How do I use Privoxy
468 together with Tor?</A
471 > Before you configure <SPAN
476 HREF="https://www.torproject.org/"
485 HREF="../user-manual/installation.html"
490 HREF="../user-manual/startup.html"
497 > itself is setup correctly.</P
500 If it is, refer to <A
501 HREF="https://www.torproject.org/documentation.html"
504 extensive documentation</A
505 > to learn how to install <SPAN
512 >'s logfile says that
515 >"Tor has successfully opened a circuit"</SPAN
519 >"looks like client functionality is working"</SPAN
529 isn't working, their combination most likely will neither. Testing them on their
530 own will also help you to direct problem reports to the right audience.
534 > isn't working, don't bother the
538 > developers. If <SPAN
542 isn't working, don't send bug reports to the <SPAN
547 > If you verified that <SPAN
554 are working, it is time to connect them. As far as <SPAN
561 > is just another proxy that can be reached
562 by socks4 or socks4a. Most likely you are interested in <SPAN
566 to increase your anonymity level, therefore you should use socks4a, to make sure DNS requests are
570 > and thus invisible to your local network.</P
577 HREF="../user-manual/config.html"
579 >main configuration file</A
581 is already prepared for <SPAN
584 >, if you are using a
588 > configuration and run it on the same
592 >, you just have to edit the
594 HREF="../user-manual/config.html#FORWARDING"
596 >forwarding section</A
598 and uncomment the line:</P
608 ># forward-socks4a / 127.0.0.1:9050 .
615 > This is enough to reach the Internet, but additionally you might want to
616 uncomment the following forward rules, to make sure your local network is still
617 reachable through Privoxy:</P
627 ># forward 192.168.*.*/ .
628 # forward 10.*.*.*/ .
629 # forward 127.*.*.*/ .
636 > Unencrypted connections to systems in these address ranges will
637 be as (un)secure as the local network is, but the alternative is
638 that your browser can't reach the network at all. Then again,
639 that may actually be desired and if you don't know for sure
640 that your browser has to be able to reach the local network,
641 there's no reason to allow it.</P
643 > If you want your browser to be able to reach servers in your local
644 network by using their names, you will need additional exceptions
645 that look like this:</P
655 ># forward localhost/ .
662 > Save the modified configuration file and open
664 HREF="http://config.privoxy.org/show-status"
666 >http://config.privoxy.org/show-status/</A
668 in your browser, confirm that <SPAN
671 > has reloaded its configuration
672 and that there are no other forward lines, unless you know that you need them. If everything looks good,
675 HREF="https://wiki.torproject.org/wiki/TheOnionRouter/TorFAQ#head-0e1cc2ac330ede8c6ad1ac0d0db0ac163b0e6143"
679 > to learn how to verify that you are really using <SPAN
684 > Afterward, please take the time to at least skim through the rest
688 > documentation. Make sure you understand
692 > does, why it is no replacement for
693 application level security, and why you probably don't want to
694 use it for unencrypted logins.</P
702 >4.11. Might some things break because header information or
703 content is being altered?</A
706 > Definitely. It is common for sites to use browser type, browser version,
707 HTTP header content, and various other techniques in order to dynamically
708 decide what to display and how to display it. What you see, and what I see,
709 might be very different. There are many, many ways that this can be handled,
710 so having hard and fast rules, is tricky.</P
715 > is sometimes used in this way to identify
716 the browser, and adjust content accordingly.</P
718 > Also, different browsers use different encodings of non-English
719 characters, certain web servers convert pages on-the-fly according to the
720 User Agent header. Giving a <SPAN
724 operating system or browser manufacturer causes some sites in these languages
725 to be garbled; Surfers to Eastern European sites should change it to
726 something closer. And then some page access counters work by looking at the
730 > header; they may fail or break if unavailable. The
731 weather maps of Intellicast have been blocked by their server when no
735 > or cookie is provided, is another example. (But you
736 can forge both headers without giving information away). There are
737 many other ways things can go wrong when trying to fool a web server. The
738 results of which could inadvertently cause pages to load incorrectly,
739 partially, or even not at all. And there may be no obvious clues as to just
740 what went wrong, or why. Nowhere will there be a message that says
756 > Similar thoughts apply to modifying JavaScript, and, to a lesser degree,
759 > If you have problems with a site, you will have to adjust your configuration
760 accordingly. Cookies are probably the most likely adjustment that may
761 be required, but by no means the only one.</P
769 >4.12. Can Privoxy act as a <SPAN
773 speed up web browsing?</A
776 > No, it does not have this ability at all. You want something like
778 HREF="http://www.squid-cache.org/"
783 HREF="http://www.pps.jussieu.fr/~jch/software/polipo/"
787 And, yes, before you ask, <SPAN
791 with other kinds of proxies like <SPAN
796 HREF="../user-manual/config.html#FORWARDING"
801 HREF="../user-manual/index.html"
813 >4.13. What about as a firewall? Can Privoxy protect me?</A
816 > Not in the way you mean, or in the way some firewall vendors claim they can.
820 > can help protect your privacy, but can't
821 protect your system from intrusion attempts. It is, of course, perfectly possible
836 >4.14. I have large empty spaces / a checkerboard pattern now where
837 ads used to be. Why?</A
840 > It is technically possible to eliminate banners and ads in a way that frees
841 their allocated page space. This could easily be done by blocking with
846 and eliminating the <SPAN
852 > image references from the
853 HTML page source. </P
855 > But, this would consume considerably more CPU resources (IOW, slow things
856 down), would likely destroy the layout of some web pages which rely on the
857 banners utilizing a certain amount of page space, and might fail in other
858 cases, where the screen space is reserved (e.g. by HTML tables for instance).
859 Also, making ads and banners disappear without any trace complicates
860 troubleshooting, and would sooner or later be problematic.</P
862 > The better alternative is to instead let them stay, and block the resulting
863 requests for the banners themselves as is now the case. This leaves either
864 empty space, or the familiar checkerboard pattern.</P
866 > So the developers won't support this in the default configuration, but you
867 can of course define appropriate filters yourself to achieve this.</P
875 >4.15. How can Privoxy filter Secure (HTTPS) URLs?</A
878 > Since secure HTTP connections are encrypted SSL sessions between your browser
879 and the secure site, and are meant to be reliably <SPAN
886 there is little that <SPAN
889 > can do but hand the raw
890 gibberish data though from one end to the other unprocessed.</P
892 > The only exception to this is blocking by host patterns, as the client needs
896 > the name of the remote server,
900 > can establish the connection.
901 If that name matches a host-only pattern, the connection will be blocked.</P
903 > As far as ad blocking is concerned, this is less of a restriction than it may
904 seem, since ad sources are often identifiable by the host name, and often
905 the banners to be placed in an encrypted page come unencrypted nonetheless
906 for efficiency reasons, which exposes them to the full power of
914 >"Content cookies"</SPAN
915 > (those that are embedded in the actual HTML or
916 JS page content, see <TT
919 HREF="../user-manual/actions-file.html#FILTER-CONTENT-COOKIES"
921 >filter{content-cookies}</A
924 in an SSL transaction will be impossible to block under these conditions.
925 Fortunately, this does not seem to be a very common scenario since most
926 cookies come by traditional means.</P
934 >4.16. Privoxy runs as a <SPAN
938 secure is it? Do I need to take any special precautions?</A
941 > On Unix-like systems, <SPAN
944 > can run as a non-privileged
945 user, which is how we recommend it be run. Also, by default
949 > listens to requests from <SPAN
955 > The server aspect of <SPAN
958 > is not itself directly
959 exposed to the Internet in this configuration. If you want to have
963 > serve as a LAN proxy, this will have to
964 be opened up to allow for LAN requests. In this case, we'd recommend
965 you specify only the LAN gateway address, e.g. 192.168.1.1, in the main
969 > configuration file and check all <A
970 HREF="../user-manual/config.html#ACCESS-CONTROL"
972 >access control and security
974 >. All LAN hosts can then use this as their proxy address
975 in the browser proxy configuration, but <SPAN
979 will not listen on any external interfaces. ACLs can be defined in addition,
980 and using a firewall is always good too. Better safe than sorry.</P
988 >4.17. Can I temporarily disable Privoxy?</A
994 > doesn't have a transparent proxy mode,
995 but you can toggle off blocking and content filtering.</P
997 > The easiest way to do that is to point your browser
998 to the remote toggle URL: <A
999 HREF="http://config.privoxy.org/toggle"
1001 >http://config.privoxy.org/toggle</A
1005 HREF="../user-manual/appendix.html#BOOKMARKLETS"
1007 >Bookmarklets section</A
1012 > for an easy way to access this
1013 feature. Note that this is a feature that may need to be enabled in the main
1028 > is Privoxy totally
1029 out of the picture?</A
1032 > No, this just means all optional filtering and actions are disabled.
1036 > is still acting as a proxy, but just
1037 doing less of the things that <SPAN
1041 normally be expected to do. It is still a <SPAN
1045 the interaction between your browser and web sites. See below to bypass
1054 >4.19. How can I tell Privoxy to totally ignore certain sites?</A
1057 > Bypassing a proxy, or proxying based on arbitrary criteria, is purely a browser
1058 configuration issue, not a <SPAN
1061 > issue. Modern browsers typically do have
1062 settings for not proxying certain sites. Check your browser's help files.</P
1070 >4.20. My logs show Privoxy <SPAN
1074 ads, but also its own internal CGI pages. What is a <SPAN
1083 > simply means <SPAN
1093 >, nothing more. Often this is indeed ads or
1097 > uses the same mechanism for
1098 trapping requests for its own internal pages. For instance, a request for
1102 > configuration page at: <A
1103 HREF="http://config.privoxy.org"
1105 >http://config.privoxy.org</A
1107 intercepted (i.e. it does not go out to the 'net), and the familiar CGI
1108 configuration is returned to the browser, and the log consequently will show
1114 > Since version 3.0.7, Privoxy will also log the crunch reason.
1115 If you are using an older version you might want to upgrade.</P
1123 >4.21. Can Privoxy effect files that I download
1124 from a webserver? FTP server?</A
1127 > From the webserver's perspective, there is no difference between
1128 viewing a document (i.e. a page), and downloading a file. The same is true of
1132 >. If there is a match for a <TT
1135 HREF="../user-manual/actions-file.html#BLOCK"
1140 it will still be blocked, and of course this is obvious.
1143 > Filtering is potentially more of a concern since the results are not always
1144 so obvious, and the effects of filtering are there whether the file is simply
1145 viewed, or downloaded. And potentially whether the content is some obnoxious
1146 advertisement, or Mr. Jimmy's latest/greatest source code jewel. Of course,
1147 one of these presumably is <SPAN
1150 > content that we don't want, and
1154 > content that we do want.
1158 > is blind to the differences, and can only
1161 >"good from bad"</SPAN
1162 > by the configuration parameters
1174 > knows the differences in files according
1177 >"Content Type"</SPAN
1178 > as reported by the webserver. If this is
1179 reported accurately (e.g. <SPAN
1181 >"application/zip"</SPAN
1182 > for a zip archive),
1186 > knows to ignore these where
1190 > potentially can filter HTML
1191 as well as plain text documents, subject to configuration parameters of
1192 course. Also, documents that are of an unknown type (generally assumed to be
1196 >) can be filtered, as will those that might be
1197 incorrectly reported by the webserver. If such a file is a downloaded file
1198 that is intended to be saved to disk, then any content that might have been
1199 altered by filtering, will be saved too, for these (probably rare) cases.</P
1201 > Note that versions later than 3.0.2 do NOT filter document types reported as
1205 >. Prior to this, <SPAN
1209 did filter this document type.</P
1211 > In short, filtering is <SPAN
1214 > if a) the content type as reported
1215 by the webserver is appropriate <SPAN
1221 > b) the configuration
1222 allows it (or at least does not disallow it). That's it. There is no magic
1223 cookie anywhere to say this is <SPAN
1230 >. It's the configuration that lets it all happen or not.</P
1232 > If you download text files, you probably do not want these to be filtered,
1233 particularly if the content is source code, or other critical content. Source
1234 code sometimes might be mistaken for Javascript (i.e. the kind that might
1235 open a pop-up window). It is recommended to turn off filtering for download
1236 sites (particularly if the content may be plain text files and you are using
1237 version 3.0.2 or earlier) in your <TT
1241 also, for any site or page where making <SPAN
1248 all to the content is to be avoided.</P
1253 > does not do FTP at all, only HTTP
1254 and HTTPS (SSL) protocols, so please don't try.</P
1262 >4.22. I just downloaded a Perl script, and Privoxy
1263 altered it! Yikes, what is wrong!</A
1266 > Please read above.</P
1274 >4.23. Should I continue to use a <SPAN
1277 > file for ad-blocking?</A
1280 > One time-tested technique to defeat common ads is to trick the local DNS
1281 system by giving a phony IP address for the ad generator in the local
1285 > file, typically using <TT
1292 >. This effectively blocks the ad.</P
1294 > There is no reason to use this technique in conjunction with
1302 does essentially the same thing, much more elegantly and with much more
1303 flexibility. A large <TT
1306 > file, in fact, not only
1307 duplicates effort, but may get in the way and seriously slow down your system.
1308 It is recommended to remove such entries from your <TT
1311 > file. If you think
1312 your hosts list is neglected by <SPAN
1316 configuration, consider adding your list to your <TT
1332 ads.galore.example.com
1333 etc.example.com</PRE
1345 >4.24. Where can I find more information about Privoxy
1346 and related issues?</A
1349 > Other references and sites of interest to <SPAN
1363 HREF="http://www.privoxy.org/"
1365 >http://www.privoxy.org/</A
1386 HREF="http://www.privoxy.org/faq/"
1388 >http://www.privoxy.org/faq/</A
1409 HREF="http://sourceforge.net/projects/ijbswa/"
1411 >http://sourceforge.net/projects/ijbswa/</A
1413 the Project Page for <SPAN
1418 HREF="http://sourceforge.net"
1437 HREF="http://config.privoxy.org/"
1439 >http://config.privoxy.org/</A
1441 the web-based user interface. <SPAN
1445 running for this to work. Shortcut: <A
1465 HREF="http://sourceforge.net/tracker/?group_id=11118&atid=460288"
1467 >http://sourceforge.net/tracker/?group_id=11118&atid=460288</A
1472 configuration related suggestions to the developers.
1489 HREF="http://www.junkbusters.com/ht/en/cookies.html"
1491 >http://www.junkbusters.com/ht/en/cookies.html</A
1493 an explanation how cookies are used to track web users.
1509 HREF="http://www.junkbusters.com/ijb.html"
1511 >http://www.junkbusters.com/ijb.html</A
1513 the original Internet Junkbuster.
1529 HREF="http://privacy.net/"
1531 >http://privacy.net/</A
1533 to check what information about you is leaked while you browse the web.
1549 HREF="http://www.squid-cache.org/"
1551 >http://www.squid-cache.org/</A
1553 caching proxy, which is often used together with <SPAN
1572 HREF="http://www.pps.jussieu.fr/~jch/software/polipo/"
1574 >http://www.pps.jussieu.fr/~jch/software/polipo/</A
1579 > is a caching proxy with advanced features
1580 like pipelining, multiplexing and caching of partial instances. In many setups
1581 it can be used as <SPAN
1600 HREF="http://tor.eff.org/"
1602 >http://tor.eff.org/</A
1607 > can help anonymize web browsing,
1608 web publishing, instant messaging, IRC, SSH, and other applications.
1624 HREF="http://www.privoxy.org/developer-manual/"
1626 >http://www.privoxy.org/developer-manual/</A
1646 >4.25. I've noticed that Privoxy changes <SPAN
1653 >! Why are you manipulating my browsing?</A
1656 > We're not. The text substitutions that you are seeing are disabled
1657 in the default configuration as shipped. You have either manually
1665 is clearly labeled <SPAN
1667 >"Text replacements for subversive browsing
1669 > or you are using an older Privoxy version and have implicitly
1670 activated it by choosing the <SPAN
1672 >"Adventuresome"</SPAN
1674 web-based editor. Please upgrade.</P
1682 >4.26. Does Privoxy produce <SPAN
1685 > HTML (or XHTML)?</A
1688 > Privoxy generates HTML in both its own <SPAN
1692 whenever there are text substitutions via a <SPAN
1695 > filter. While this
1696 should always conform to the HTML 4.01 specifications, it has not been
1697 validated against this or any other standard. </P
1705 SUMMARY="Footer navigation table"
1716 HREF="configuration.html"
1754 >Troubleshooting</TD