7 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
10 TITLE="Privoxy Frequently Asked Questions"
11 HREF="index.html"><LINK
14 HREF="configuration.html"><LINK
16 TITLE="Troubleshooting"
17 HREF="trouble.html"><LINK
20 HREF="../p_doc.css"></HEAD
31 SUMMARY="Header navigation table"
40 >Privoxy Frequently Asked Questions</TH
48 HREF="configuration.html"
86 >4.1. How much does Privoxy slow my browsing down? This
87 has to add extra time to browsing.</H3
89 > How much of an impact depends on many things, including the CPU of the host
90 system, how aggressive the configuration is, which specific actions are being triggered,
91 the size of the page, the bandwidth of the connection, etc.</P
93 > Overall, it should not slow you down any in real terms, and may actually help
94 speed things up since ads, banners and other junk are not typically being
95 retrieved and displayed. The actual processing time required by
99 > itself for each page, is relatively small
100 in the overall scheme of things, and happens very quickly. This is typically
101 more than offset by time saved not downloading and rendering ad images (if ad
102 blocking is being used).</P
107 > content via the <TT
110 HREF="../user-manual/actions-file.html#FILTER"
118 HREF="../user-manual/actions-file.html#DEANIMATE-GIFS"
123 actions will certainly cause a perceived slowdown, since the entire document
124 needs to be buffered before displaying. And on very large documents, filtering may have
125 some measurable impact. How much depends on the page size, the actual
126 definition of the filter(s), etc. See below. Most other actions have little
127 to no impact on speed.</P
130 Also, when filtering is enabled, typically there is a disabling of
132 HREF="../user-manual/actions-file.html#PREVENT-COMPRESSION"
134 >prevent-compression</A
136 This can have an impact on speed as well. Again, the page size, etc. will
137 determine how much of an impact.</P
146 >4.2. I notice considerable
147 delays in page requests compared to the old Junkbuster. What's wrong?</H3
152 HREF="../user-manual/actions-file.html#FILTER"
157 such as filtering banners by size, web-bugs etc, or the <TT
160 HREF="../user-manual/actions-file.html#DEANIMATE-GIFS"
165 action, the entire document must be loaded into memory in order for the filtering
166 mechanism to work, and nothing is sent to the browser during this time.</P
168 > The loading time typically does not really change much in real numbers, but
169 the feeling is different, because most browsers are able to start rendering
170 incomplete content, giving the user a feeling of "it works". This effect is
171 more noticeable on slower dialup connections. Extremely large documents
172 may have some impact on the time to load the page where there is filtering
173 being done. But overall, the difference should be very minimal. If there is a
174 big impact, then probably some other situation is contributing (like
175 anti-virus software).
178 > Filtering is automatically disabled for inappropriate MIME types. But note
179 that if the web server mis-reports the MIME type, then content that should
180 not be filtered, could be. <SPAN
184 to differentiate filterable content because of the MIME type as reported by
185 the server, or because of some configuration setting that enables/disables
195 >4.3. What are "http://config.privoxy.org/" and
199 HREF="http://config.privoxy.org/"
201 >http://config.privoxy.org/</A
206 >'s built-in user interface, and
211 > is a shortcut for it.</P
216 > sits between your web browser and the Internet,
217 it can simply intercept requests for these addresses and answer them with its built-in
223 > This also makes for a good test for your browser configuration: If entering the
225 HREF="http://config.privoxy.org/"
227 >http://config.privoxy.org/</A
229 takes you to a page saying <SPAN
231 >"This is Privoxy ..."</SPAN
233 If you get a page saying <SPAN
235 >"Privoxy is not working"</SPAN
237 your browser didn't use <SPAN
241 hence it could not be intercepted, and you have accessed the <SPAN
248 web site at config.privoxy.org.</P
250 > With recent versions of <SPAN
254 later), the user interface features information on the run time status, the
255 configuration, and even a built-in editor for the <A
256 HREF="../user-manual/actions-file.html"
261 > Note that the built-in URLs from earlier versions of <SPAN
268 >, http://example.com/show-proxy-args and http://i.j.b/,
269 are no longer supported. If you still use such an old version, you should really consider
270 upgrading to 3.0.6.</P
279 >4.4. How can I submit new ads, or report
286 various ways to interact with the developers.</P
295 >4.5. If I do submit missed ads, will
296 they be included in future updates?</H3
298 > Whether such submissions are eventually included in the
302 > configuration file depends on how
303 significant the issue is. We of course want to address any potential
304 problem with major, high-profile sites such as <I
311 >, etc. Any site with global or regional reach,
312 has a good chance of being a candidate. But at the other end of the spectrum
313 are any number of smaller, low-profile sites such as for local clubs or
314 schools. Since their reach and impact are much less, they are best handled by
315 inclusion in the user's <TT
319 unlikely to be included. </P
328 >4.6. Why doesn't anyone answer my support
331 >Rest assured that it has been read and considered. Why it is not answered,
332 could be for various reasons, including no one has a good answer for it, no
333 one has had time to yet investigate it thoroughly, it has been reported
334 numerous times already, or because not enough information was provided to help
335 us help you. Your efforts are not wasted, and we do appreciate them.</P
344 >4.7. How can I hide my IP address?</H3
346 > If you run both the browser and <SPAN
349 > locally, you cannot hide your IP
353 > or ultimately any other
354 software alone. The server needs to know your IP address so that it knows
355 where to send the responses back. </P
357 > There are many publicly usable "anonymous" proxies out there, which
358 provide a further level of indirection between you and the web server.</P
360 > However, these proxies are called "anonymous" because you don't need
361 a password, not because they would offer any real anonymity.
362 Most of them will log your IP address and make it available to the
363 authorities in case you violate the law of the country they run in. In fact
364 you can't even rule out that some of them only exist to *collect* information
365 on (those suspicious) people with a more than average preference for privacy.</P
367 > Your best bet is to chain <SPAN
372 HREF="http://tor.eff.org/"
377 HREF="http://www.eff.org/"
380 > supported onion routing system.
381 The configuration details can be found in
388 > together with <SPAN
402 >4.8. Can Privoxy guarantee I am anonymous?</H3
404 > No. Your chances of remaining anonymous are greatly improved, but unless you
416 or a similar system and know what you're doing when it comes to configuring
417 the rest of your system, it would be safest to assume that everything you do
418 on the Web can be traced back to you.</P
423 > can remove various information about you,
430 > more freedom to decide which sites
431 you can trust, and what details you want to reveal. But it neither
432 hides your IP address, nor can it guarantee that the rest of the system
433 behaves correctly. There are several possibilities how a web sites can find
434 out who you are, even if you are using a strict <SPAN
438 configuration and chained it with <SPAN
446 > protection can be easily subverted
447 by an insecure browser configuration, therefore you should use a browser that can
448 be configured to only execute code from trusted sites, and be careful which sites you trust.
449 For example there is no point in having <SPAN
453 modify the User-Agent header, if websites can get all the information they want
454 through JavaScript, ActiveX, Flash, Java etc.</P
456 > A few browsers disclose the user's email address in certain situations, such
457 as when transferring a file by FTP. <SPAN
461 does not filter FTP. If you need this feature, or are concerned about the
462 mail handler of your browser disclosing your email address, you might
463 consider products such as <SPAN
468 > Browsers available only as binaries could use non-standard headers to give
469 out any information they can have access to: see the manufacturer's license
470 agreement. It's impossible to anticipate and prevent every breach of privacy
471 that might occur. The professionally paranoid prefer browsers available as
472 source code, because anticipating their behavior is easier. Trust the source,
482 >4.9. A test site says I am not using a Proxy.</H3
484 > Good! Actually, they are probably testing for some other kinds of proxies.
485 Hiding yourself completely would require additional steps.</P
494 >4.10. How do I use Privoxy
495 together with Tor?</H3
497 > Before you configure <SPAN
505 HREF="http://tor.eff.org/"
507 >http://tor.eff.org/</A
514 HREF="../user-manual/installation.html"
519 HREF="../user-manual/startup.html"
526 > itself is setup correctly.</P
529 If it is, refer to <A
530 HREF="http://tor.eff.org/documentation.html.en"
533 extensive documentation</A
534 > to learn how to install <SPAN
541 >'s logfile says that
544 >"Tor has successfully opened a circuit"</SPAN
548 >"looks like client functionality is working"</SPAN
558 isn't working, their combination most likely will neither. Testing them on their
559 own will also help you to direct problem reports to the right audience.
563 > isn't working, don't bother the
567 > developers. If <SPAN
571 isn't working, don't send bug reports to the <SPAN
576 > If you verified that <SPAN
583 are working, it is time to connect them. As far as <SPAN
590 > is just another proxy that can be reached
591 by socks4 or socks4a. Most likely you are interested in <SPAN
595 to increase your anonymity level, therefore you should use socks4a,
603 > and thus invisible to your local network.</P
610 HREF="../user-manual/config.html"
612 >main configuration file</A
614 is already prepared for <SPAN
617 >, if you are using a
621 > configuration and run it on the same
625 >, you just have to edit the
627 HREF="../user-manual/config.html#FORWARDING"
629 >forwarding section</A
631 and uncomment the line:</P
641 ># forward-socks4a / 127.0.0.1:9050 .
648 > This is enough to reach the Internet, but additionally you should
649 uncomment the following forward rules, to make sure your local network is still
650 reachable through Privoxy:</P
660 ># forward 192.168.*.*/ .
661 # forward 10.*.*.*/ .
662 # forward 127.*.*.*/ .
669 > Unencrypted connections to systems in these address ranges will
670 be as (un)secure as the local network is, but the alternative is
671 that you can't reach the network at all.
672 If you also want to be able to reach servers in your local
673 network by using their names, you will need additional
674 exceptions that look like this:</P
684 ># forward localhost/ .
691 > Save the modified configuration file and open
693 HREF="http://config.privoxy.org/show-status"
695 >http://config.privoxy.org/show-status/</A
697 in your browser, confirm that <SPAN
700 > has reloaded its configuration
701 and that there are no other forward lines, unless you know that you need them. If everything looks good,
704 HREF="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-0e1cc2ac330ede8c6ad1ac0d0db0ac163b0e6143"
708 > to learn how to verify that you are really using <SPAN
713 > Afterward, please take the time to at least skim through the rest
717 > documentation. Make sure you understand
721 > does, why it is no replacement for
722 application level security, and why you shouldn't use it for unencrypted logins.</P
731 >4.11. Might some things break because header information or
732 content is being altered?</H3
734 > Definitely. It is common for sites to use browser type, browser version,
735 HTTP header content, and various other techniques in order to dynamically
736 decide what to display and how to display it. What you see, and what I see,
737 might be very different. There are many, many ways that this can be handled,
738 so having hard and fast rules, is tricky.</P
743 > is often used in this way to identify
744 the browser, and adjust content accordingly. Changing this now (at least not
745 further than removing the OS information) is not recommended, since so many
746 sites do look for it. You may get undesirable results by changing just this
749 > Also, different browsers use different encodings of Russian and Czech
750 characters, certain web servers convert pages on-the-fly according to the
751 User Agent header. Giving a <SPAN
755 operating system or browser manufacturer causes some sites in these languages
756 to be garbled; Surfers to Eastern European sites should change it to
757 something closer. And then some page access counters work by looking at the
761 > header; they may fail or break if unavailable. The
762 weather maps of Intellicast have been blocked by their server when no
766 > or cookie is provided, is another example. (But you
767 can forge both headers without giving information away). There are
768 many other ways things that can go wrong when trying to fool a web server. The
769 results of which could inadvertently cause pages to load incorrectly,
770 partially, or even not at all. And there may be no obvious clues as to just
771 what went wrong, or why. Nowhere will there be a message that says
787 > Similar thoughts apply to modifying JavaScript, and, to a lesser degree,
790 > If you have problems with a site, you will have to adjust your configuration
791 accordingly. Cookies are probably the most likely adjustment that may
792 be required, but by no means the only one.</P
801 >4.12. Can Privoxy act as a <SPAN
805 speed up web browsing?</H3
807 > No, it does not have this ability at all. You want something like
809 HREF="http://www.squid-cache.org/"
812 > for this. And, yes,
813 before you ask, <SPAN
817 with other kinds of proxies like <SPAN
822 HREF="../user-manual/config.html#FORWARDING"
827 HREF="../user-manual/index.html"
840 >4.13. What about as a firewall? Can Privoxy protect me?</H3
842 > Not in the way you mean, or in the way a true firewall can.
846 > can help protect your privacy, but not
847 protect you from intrusion attempts. It is, of course, perfectly possible
848 and recommended to use <SPAN
863 >4.14. I have large empty spaces / a checkerboard pattern now where
864 ads used to be. Why?</H3
866 > It is technically possible to eliminate banners and ads in a way that frees
867 their allocated page space. This could easily be done by blocking with
872 and eliminating the <SPAN
878 > image references from the
879 HTML page source. </P
881 > But, this would consume considerably more CPU resources (IOW, slow things
882 down), would likely destroy the layout of some web pages which rely on the
883 banners utilizing a certain amount of page space, and might fail in other
884 cases, where the screen space is reserved (e.g. by HTML tables for instance).
885 Also, making ads and banners disappear without any trace complicates
886 troubleshooting, and would sooner or later be problematic.</P
888 > The better alternative is to instead let them stay, and block the resulting
889 requests for the banners themselves as is now the case. This leaves either
890 empty space, or the familiar checkerboard pattern.</P
892 > So the developers won't support this in the default configuration, but you
893 can of course define appropriate filters yourself to achieve this.</P
902 >4.15. How can Privoxy filter Secure (HTTPS) URLs?</H3
904 > Since secure HTTP connections are encrypted SSL sessions between your browser
905 and the secure site, and are meant to be reliably <SPAN
912 there is little that <SPAN
915 > can do but hand the raw
916 gibberish data though from one end to the other unprocessed.</P
918 > The only exception to this is blocking by host patterns, as the client needs
922 > the name of the remote server,
926 > can establish the connection.
927 If that name matches a host-only pattern, the connection will be blocked.</P
929 > As far as ad blocking is concerned, this is less of a restriction than it may
930 seem, since ad sources are often identifiable by the host name, and often
931 the banners to be placed in an encrypted page come unencrypted nonetheless
932 for efficiency reasons, which exposes them to the full power of
940 >"Content cookies"</SPAN
941 > (those that are embedded in the actual HTML or
942 JS page content, see <TT
945 HREF="../user-manual/actions-file.html#FILTER-CONTENT-COOKIES"
947 >filter{content-cookies}</A
950 in an SSL transaction will be impossible to block under these conditions.
951 Fortunately, this does not seem to be a very common scenario since most
952 cookies come by traditional means.</P
961 >4.16. Privoxy runs as a <SPAN
965 secure is it? Do I need to take any special precautions?</H3
967 > There are no known exploits that might affect
971 >. On Unix-like systems,
975 > can run as a non-privileged
976 user, which is how we recommend it be run. Also, by default
980 > only listens to requests
984 > only. The server aspect of
988 > is not itself directly exposed to the
989 Internet in this configuration. If you want to have
993 > serve as a LAN proxy, this will have to
994 be opened up to allow for LAN requests. In this case, we'd recommend
995 you specify only the LAN gateway address, e.g. 192.168.1.1, in the main
999 > configuration file and check all <A
1000 HREF="../user-manual/config.html#ACCESS-CONTROL"
1002 >access control and security
1004 >. All LAN hosts can then use this as their proxy address
1005 in the browser proxy configuration, but <SPAN
1009 will not listen on any external interfaces. ACLs can be defined in addition,
1010 and using a firewall is always good too. Better safe than sorry.</P
1019 >4.17. How can I temporarily disable Privoxy?</H3
1021 > The easiest way is to access <SPAN
1025 browser by using the remote toggle URL: <A
1026 HREF="http://config.privoxy.org/toggle"
1028 >http://config.privoxy.org/toggle</A
1031 HREF="../user-manual/appendix.html#BOOKMARKLETS"
1033 >Bookmarklets section</A
1038 > for an easy way to access this
1051 > is Privoxy totally
1052 out of the picture?</H3
1054 > No, this just means all filtering and actions are disabled.
1058 > is still acting as a proxy, but just not
1059 doing any of the things that <SPAN
1063 normally be expected to do. It is still a <SPAN
1067 the interaction between your browser and web sites. See below to bypass
1077 >4.19. How can I tell Privoxy to totally ignore certain sites?</H3
1079 > Bypassing a proxy, or proxying based on arbitrary criteria, is purely a browser
1080 configuration issue, not a <SPAN
1083 > issue. Modern browsers typically do have
1084 settings for not proxying certain sites. Check your browser's help files.</P
1093 >4.20. My logs show Privoxy <SPAN
1097 ads, but also its own internal CGI pages. What is a <SPAN
1105 > simply means <SPAN
1115 >, nothing more. Often this is indeed ads or
1119 > uses the same mechanism for
1120 trapping requests for its own internal pages. For instance, a request for
1124 > configuration page at: <A
1125 HREF="http://config.privoxy.org"
1127 >http://config.privoxy.org</A
1129 intercepted (i.e. it does not go out to the 'net), and the familiar CGI
1130 configuration is returned to the browser, and the log consequently will show
1143 >4.21. Can Privoxy effect files that I download
1144 from a webserver? FTP server?</H3
1146 > From the webserver's perspective, there is no difference between
1147 viewing a document (i.e. a page), and downloading a file. The same is true of
1151 >. If there is a match for a <TT
1154 HREF="../user-manual/actions-file.html#BLOCK"
1159 it will still be blocked, and of course this is obvious.
1162 > Filtering is potentially more of a concern since the results are not always
1163 so obvious, and the effects of filtering are there whether the file is simply
1164 viewed, or downloaded. And potentially whether the content is some obnoxious
1165 advertisement, or Mr. Jimmy's latest/greatest source code jewel. Of course,
1166 one of these presumably is <SPAN
1169 > content that we don't want, and
1173 > content that we do want.
1177 > is blind to the differences, and can only
1180 >"good from bad"</SPAN
1181 > by the configuration parameters
1193 > knows the differences in files according
1196 >"Document Type"</SPAN
1197 > as reported by the webserver. If this is
1198 reported accurately (e.g. <SPAN
1200 >"application/zip"</SPAN
1201 > for a zip archive),
1205 > knows to ignore these where
1209 > potentially can filter HTML
1210 as well as plain text documents, subject to configuration parameters of
1211 course. Also, documents that are of an unknown type (generally assumed to be
1215 >) can be filtered, as will those that might be
1216 incorrectly reported by the webserver. If such a file is a downloaded file
1217 that is intended to be saved to disk, then any content that might have been
1218 altered by filtering, will be saved too, for these (probably rare) cases.</P
1220 > Note that versions later than 3.0.2 do NOT filter document types reported as
1224 >. Prior to this, <SPAN
1228 did filter this document type.</P
1230 > In short, filtering is <SPAN
1233 > if a) the Document Type as reported
1234 by the webserver is appropriate <SPAN
1240 > b) the configuration
1241 allows it (or at least does not disallow it). That's it. There is no magic
1242 cookie anywhere to say this is <SPAN
1249 >. It's the configuration that let's it all happen or not.</P
1251 > If you download text files, you probably do not want these to be filtered,
1252 particularly if the content is source code, or other critical content. Source
1253 code sometimes might be mistaken for Javascript (i.e. the kind that might
1254 open a pop-up window). It is recommended to turn off filtering for download
1255 sites (particularly if the content may be plain text files and you are using
1256 version 3.0.2 or earlier) in your <TT
1260 also, for any site or page where making <SPAN
1267 all to the content is to be avoided.</P
1272 > does not do FTP at all, only HTTP
1273 and HTTPS (SSL) protocols, so please don't try.</P
1282 >4.22. I just downloaded a Perl script, and Privoxy
1283 altered it! Yikes, what is wrong!</H3
1285 > Please read above.</P
1294 >4.23. Should I continue to use a <SPAN
1297 > file for ad-blocking?</H3
1299 > One time-tested technique to defeat common ads is to trick the local DNS
1300 system by giving a phony IP address for the ad generator in the local
1304 > file, typically using <TT
1311 >. This effectively blocks the ad.</P
1313 > There is no reason to use this technique in conjunction with
1321 does essentially the same thing, much more elegantly and with much more
1322 flexibility. A large <TT
1325 > file, in fact, not only
1326 duplicates effort, but may get in the way. It is recommended to remove
1327 such entries from your <TT
1330 > file. If you think
1331 your hosts list is neglected by <SPAN
1335 configuration, consider adding your list to your <TT
1351 ads.galore.example.com
1352 etc.example.com</PRE
1365 >4.24. Where can I find more information about Privoxy
1366 and related issues?</H3
1368 > Other references and sites of interest to <SPAN
1382 HREF="http://www.privoxy.org/"
1384 >http://www.privoxy.org/</A
1405 HREF="http://www.privoxy.org/faq/"
1407 >http://www.privoxy.org/faq/</A
1428 HREF="http://sourceforge.net/projects/ijbswa/"
1430 >http://sourceforge.net/projects/ijbswa/</A
1432 the Project Page for <SPAN
1437 HREF="http://sourceforge.net"
1456 HREF="http://config.privoxy.org/"
1458 >http://config.privoxy.org/</A
1460 the web-based user interface. <SPAN
1464 running for this to work. Shortcut: <A
1484 HREF="http://sourceforge.net/tracker/?group_id=11118&atid=460288"
1486 >http://sourceforge.net/tracker/?group_id=11118&atid=460288</A
1491 configuration related suggestions to the developers.
1508 HREF="http://www.junkbusters.com/ht/en/cookies.html"
1510 >http://www.junkbusters.com/ht/en/cookies.html</A
1512 an explanation how cookies are used to track web users.
1528 HREF="http://www.junkbusters.com/ijb.html"
1530 >http://www.junkbusters.com/ijb.html</A
1532 the original Internet Junkbuster.
1549 HREF="http://privacy.net/"
1551 >http://privacy.net/</A
1553 to check what information about you is leaked while you browse the web.
1569 HREF="http://www.squid-cache.org/"
1571 >http://www.squid-cache.org/</A
1573 caching proxy, which is often used together with <SPAN
1592 HREF="http://tor.eff.org/"
1594 >http://tor.eff.org/</A
1599 > can help anonymize web browsing,
1600 web publishing, instant messaging, IRC, SSH, and other applications.
1616 HREF="http://www.privoxy.org/developer-manual/"
1618 >http://www.privoxy.org/developer-manual/</A
1639 >4.25. I've noticed that Privoxy changes <SPAN
1646 >! Why are you manipulating my browsing?</H3
1648 > We're not. The text substitutions that you are seeing are disabled
1649 in the default configuration as shipped. You have either manually
1657 is clearly labeled <SPAN
1659 >"Text replacements for subversive browsing
1661 > or you are using an older Privoxy version and have implicitly
1662 activated it by choosing the <SPAN
1664 >"Adventuresome"</SPAN
1666 web-based editor. Please upgrade!</P
1674 SUMMARY="Footer navigation table"
1685 HREF="configuration.html"
1723 >Troubleshooting</TD