1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Miscellaneous</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
<link rel="HOME" title="Privoxy Frequently Asked Questions" href="index.html">
<link rel="PREVIOUS" title="Configuration" href="configuration.html">
<link rel="NEXT" title="Troubleshooting" href="trouble.html">
<link rel="STYLESHEET" type="text/css" href="../p_doc.css">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body class="SECT1" bgcolor="#EEEEEE" text="#000000" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="NAVHEADER">
<table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<th colspan="3" align="center">Privoxy Frequently Asked Questions</th>
</tr>
<tr>
<td width="10%" align="left" valign="bottom"><a href="configuration.html" accesskey="P">Prev</a></td>
<td width="80%" align="center" valign="bottom"></td>
<td width="10%" align="right" valign="bottom"><a href="trouble.html" accesskey="N">Next</a></td>
</tr>
</table>
<hr align="left" width="100%">
</div>
<div class="SECT1">
<h1 class="SECT1"><a name="MISC" id="MISC">4. Miscellaneous</a></h1>
<div class="SECT2">
<h3 class="SECT2"><a name="SLOWSME" id="SLOWSME">4.1. How much does Privoxy slow my browsing down? This has to
add extra time to browsing.</a></h3>
<p>How much of an impact depends on many things, including the CPU of the host system, how aggressive the
configuration is, which specific actions are being triggered, the size of the page, the bandwidth of the
connection, etc.</p>
<p>Overall, it should not slow you down any in real terms, and may actually help speed things up since ads,
banners and other junk are not typically being retrieved and displayed. The actual processing time required by
<span class="APPLICATION">Privoxy</span> itself for each page, is relatively small in the overall scheme of
things, and happens very quickly. This is typically more than offset by time saved not downloading and rendering
ad images and other junk content (if ad blocking is being used).</p>
<p><span class="QUOTE">"Filtering"</span> content via the <tt class="LITERAL"><a href=
"../user-manual/actions-file.html#FILTER" target="_top">filter</a></tt> or <tt class="LITERAL"><a href=
"../user-manual/actions-file.html#DEANIMATE-GIFS" target="_top">deanimate-gifs</a></tt> actions may cause a
perceived slowdown, since the entire document needs to be buffered before displaying. And on very large
documents, filtering may have some measurable impact. How much depends on the page size, the actual definition of
the filter(s), etc. See below. Most other actions have little to no impact on speed.</p>
<p>Also, when filtering is enabled but zlib support isn't available, compression is often disabled (see <a href=
"../user-manual/actions-file.html#PREVENT-COMPRESSION" target="_top">prevent-compression</a>). This can have an
impact on speed as well, although it's probably smaller than you might think. Again, the page size, etc. will
determine how much of an impact.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="LOADINGTIMES" id="LOADINGTIMES">4.2. I notice considerable delays in page requests.
What's wrong?</a></h3>
<p>If you use any <tt class="LITERAL"><a href="../user-manual/actions-file.html#FILTER" target=
"_top">filter</a></tt> action, such as filtering banners by size, web-bugs etc, or the <tt class=
"LITERAL"><a href="../user-manual/actions-file.html#DEANIMATE-GIFS" target="_top">deanimate-gifs</a></tt> action,
the entire document must be loaded into memory in order for the filtering mechanism to work, and nothing is sent
to the browser during this time.</p>
<p>The loading time typically does not really change much in real numbers, but the feeling is different, because
most browsers are able to start rendering incomplete content, giving the user a feeling of "it works". This
effect is more noticeable on slower dialup connections. Extremely large documents may have some impact on the
time to load the page where there is filtering being done. But overall, the difference should be very minimal. If
there is a big impact, then probably some other situation is contributing (like anti-virus software).</p>
<p>Filtering is automatically disabled for inappropriate MIME types. But note that if the web server mis-reports
the MIME type, then content that should not be filtered, could be. <span class="APPLICATION">Privoxy</span> only
knows how to differentiate filterable content because of the MIME type as reported by the server, or because of
some configuration setting that enables/disables filtering.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="CONFIGURL" id="CONFIGURL">4.3. What are "http://config.privoxy.org/" and
"http://p.p/"?</a></h3>
<p><a href="http://config.privoxy.org/" target="_top">http://config.privoxy.org/</a> is the address of
<span class="APPLICATION">Privoxy</span>'s built-in user interface, and <a href="http://p.p/" target=
"_top">http://p.p/</a> is a shortcut for it.</p>
<p>Since <span class="APPLICATION">Privoxy</span> sits between your web browser and the Internet, it can simply
intercept requests for these addresses and answer them with its built-in <span class="QUOTE">"web
server"</span>.</p>
<p>This also makes for a good test for your browser configuration: If entering the URL <a href=
"http://config.privoxy.org/" target="_top">http://config.privoxy.org/</a> takes you to a page saying <span class=
"QUOTE">"This is Privoxy ..."</span>, everything is OK. If you get a page saying <span class="QUOTE">"Privoxy is
not working"</span> instead, then your browser didn't use <span class="APPLICATION">Privoxy</span> for the
request, hence it could not be intercepted, and you have accessed the <span class="emphasis"><i class=
"EMPHASIS">real</i></span> web site at config.privoxy.org.</p>
<p>Note that config.privoxy.org resolves to a public IP address. If you use config.privoxy.org as ping or
traceroute target you will reach the system on the Internet (Privoxy can't intercept ICMP requests). If you want
to ping the system Privoxy runs on, you should use its IP address or local DNS name (if it has got one).</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="NEWADS" id="NEWADS">4.4. How can I submit new ads, or report problems?</a></h3>
<p>Please see the <a href="contact.html">Contact section</a> for various ways to interact with the
developers.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="NEWADS2" id="NEWADS2">4.5. If I do submit missed ads, will they be included in future
updates?</a></h3>
<p>Whether such submissions are eventually included in the <tt class="FILENAME">default.action</tt> configuration
file depends on how significant the issue is. We of course want to address any potential problem with major,
high-profile sites such as <i class="CITETITLE">Google</i>, <i class="CITETITLE">Yahoo</i>, etc. Any site with
global or regional reach, has a good chance of being a candidate. But at the other end of the spectrum are any
number of smaller, low-profile sites such as for local clubs or schools. Since their reach and impact are much
less, they are best handled by inclusion in the user's <tt class="FILENAME">user.action</tt>, and thus would be
unlikely to be included.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="NOONECARES" id="NOONECARES">4.6. Why doesn't anyone answer my support
request?</a></h3>
<p>Rest assured that it has been read and considered. Why it is not answered, could be for various reasons,
including no one has a good answer for it, no one has had time to yet investigate it thoroughly, it has been
reported numerous times already, or because not enough information was provided to help us help you. Your efforts
are not wasted, and we do appreciate them.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="IP" id="IP">4.7. How can I hide my IP address?</a></h3>
<p>If you run both the browser and <span class="APPLICATION">Privoxy</span> locally, you cannot hide your IP
address with <span class="APPLICATION">Privoxy</span> or ultimately any other software alone. The server needs to
know your IP address so that it knows where to send the responses back.</p>
<p>There are many publicly usable "anonymous" proxies out there, which provide a further level of indirection
between you and the web server.</p>
<p>However, these proxies are called "anonymous" because you don't need to authenticate, not because they would
offer any real anonymity. Most of them will log your IP address and make it available to the authorities in case
you violate the law of the country they run in. In fact you can't even rule out that some of them only exist to
*collect* information on (those suspicious) people with a more than average preference for privacy.</p>
<p>If you want to hide your IP address from most adversaries, you should consider chaining <span class=
"APPLICATION">Privoxy</span> with <a href="https://www.torproject.org/" target="_top">Tor</a>. The configuration
details can be found in <a href="#TOR" target="_top">How do I use <span class="APPLICATION">Privoxy</span>
together with <span class="APPLICATION">Tor</span> section</a> just below.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="ANONFORSURE" id="ANONFORSURE">4.8. Can Privoxy guarantee I am anonymous?</a></h3>
<p>No. Your chances of remaining anonymous are improved, but unless you <a href="#TOR" target="_top">chain
<span class="APPLICATION">Privoxy</span> with <span class="APPLICATION">Tor</span></a> or a similar proxy and
know what you're doing when it comes to configuring the rest of your system, you should assume that everything
you do on the Web can be traced back to you.</p>
<p><span class="APPLICATION">Privoxy</span> can remove various information about you, and allows <span class=
"emphasis"><i class="EMPHASIS">you</i></span> more freedom to decide which sites you can trust, and what details
you want to reveal. But it neither hides your IP address, nor can it guarantee that the rest of the system
behaves correctly. There are several possibilities how a web sites can find out who you are, even if you are
using a strict <span class="APPLICATION">Privoxy</span> configuration and chained it with <span class=
"APPLICATION">Tor</span>.</p>
<p>Most of <span class="APPLICATION">Privoxy's</span> privacy-enhancing features can be easily subverted by an
insecure browser configuration, therefore you should use a browser that can be configured to only execute code
from trusted sites, and be careful which sites you trust. For example there is no point in having <span class=
"APPLICATION">Privoxy</span> modify the User-Agent header, if websites can get all the information they want
through JavaScript, ActiveX, Flash, Java etc.</p>
<p>A few browsers disclose the user's email address in certain situations, such as when transferring a file by
FTP. <span class="APPLICATION">Privoxy</span> does not filter FTP. If you need this feature, or are concerned
about the mail handler of your browser disclosing your email address, you might consider products such as
<span class="APPLICATION">NSClean</span>.</p>
<p>Browsers available only as binaries could use non-standard headers to give out any information they can have
access to: see the manufacturer's license agreement. It's impossible to anticipate and prevent every breach of
privacy that might occur. The professionally paranoid prefer browsers available as source code, because
anticipating their behavior is easier. Trust the source, Luke!</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="PROXYTEST" id="PROXYTEST">4.9. A test site says I am not using a Proxy.</a></h3>
<p>Good! Actually, they are probably testing for some other kinds of proxies. Hiding yourself completely would
require additional steps.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="TOR" id="TOR">4.10. How do I use Privoxy together with Tor?</a></h3>
<p>Before you configure <span class="APPLICATION">Privoxy</span> to use <a href="https://www.torproject.org/"
target="_top">Tor</a>, please follow the <i class="CITETITLE">User Manual</i> chapters <a href=
"../user-manual/installation.html" target="_top">2. Installation</a> and <a href="../user-manual/startup.html"
target="_top">5. Startup</a> to make sure <span class="APPLICATION">Privoxy</span> itself is setup correctly.</p>
<p>If it is, refer to <a href="https://www.torproject.org/documentation.html" target="_top">Tor's extensive
documentation</a> to learn how to install <span class="APPLICATION">Tor</span>, and make sure <span class=
"APPLICATION">Tor</span>'s logfile says that <span class="QUOTE">"Tor has successfully opened a circuit"</span>
and it <span class="QUOTE">"looks like client functionality is working"</span>.</p>
<p>If either <span class="APPLICATION">Tor</span> or <span class="APPLICATION">Privoxy</span> isn't working,
their combination most likely will neither. Testing them on their own will also help you to direct problem
reports to the right audience. If <span class="APPLICATION">Privoxy</span> isn't working, don't bother the
<span class="APPLICATION">Tor</span> developers. If <span class="APPLICATION">Tor</span> isn't working, don't
send bug reports to the <span class="APPLICATION">Privoxy</span> Team.</p>
<p>If you verified that <span class="APPLICATION">Privoxy</span> and <span class="APPLICATION">Tor</span> are
working, it is time to connect them. As far as <span class="APPLICATION">Privoxy</span> is concerned,
<span class="APPLICATION">Tor</span> is just another proxy that can be reached by socks4, socks4a and socks5.
Most likely you are interested in <span class="APPLICATION">Tor</span> to increase your anonymity level,
therefore you should use socks5, to make sure DNS requests are done through <span class="APPLICATION">Tor</span>
and thus invisible to your local network. Using socks4a would work too, but with socks5 you get more precise
error messages.</p>
<p><span class="APPLICATION">Privoxy's</span> <a href="../user-manual/config.html" target="_top">main
configuration file</a> is already prepared for <span class="APPLICATION">Tor</span>, if you are using a default
<span class="APPLICATION">Tor</span> configuration and run it on the same system as <span class=
"APPLICATION">Privoxy</span>, you just have to edit the <a href="../user-manual/config.html#FORWARDING" target=
"_top">forwarding section</a> and uncomment the line:</p>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
<pre class="SCREEN"> # forward-socks5t / 127.0.0.1:9050 .</pre>
</td>
</tr>
</table>
<p>Note that if you got Tor through one of the bundles, you may have to change the port from 9050 to 9150 (or
even another one). For details, please check the documentation on the <a href="https://torproject.org/" target=
"_top">Tor website</a>.</p>
<p>This is enough to reach the Internet, but additionally you might want to uncomment the following forward
rules, to make sure your local network is still reachable through Privoxy:</p>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
<pre class="SCREEN"> # forward 192.168.*.*/ .
# forward 10.*.*.*/ .
# forward 127.*.*.*/ .</pre>
</td>
</tr>
</table>
<p>Unencrypted connections to systems in these address ranges will be as (un)secure as the local network is, but
the alternative is that your browser can't reach the network at all. Then again, that may actually be desired and
if you don't know for sure that your browser has to be able to reach the local network, there's no reason to
allow it.</p>
<p>If you want your browser to be able to reach servers in your local network by using their names, you will need
additional exceptions that look like this:</p>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
<pre class="SCREEN"> # forward localhost/ .</pre>
</td>
</tr>
</table>
<p>Save the modified configuration file and open <a href="http://config.privoxy.org/show-status" target=
"_top">http://config.privoxy.org/show-status</a> in your browser, confirm that <span class=
"APPLICATION">Privoxy</span> has reloaded its configuration and that there are no other forward lines, unless you
know that you need them. If everything looks good, refer to <a href=
"https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#IsMyConnectionPrivate" target="_top">Tor Faq 4.2</a>
to learn how to verify that you are really using <span class="APPLICATION">Tor</span>.</p>
<p>Afterward, please take the time to at least skim through the rest of <span class="APPLICATION">Tor's</span>
documentation. Make sure you understand what <span class="APPLICATION">Tor</span> does, why it is no replacement
for application level security, and why you probably don't want to use it for unencrypted logins.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="SITEBREAK" id="SITEBREAK">4.11. Might some things break because header information or
content is being altered?</a></h3>
<p>Definitely. It is common for sites to use browser type, browser version, HTTP header content, and various
other techniques in order to dynamically decide what to display and how to display it. What you see, and what I
see, might be very different. There are many, many ways that this can be handled, so having hard and fast rules,
is tricky.</p>
<p>The <span class="QUOTE">"User-Agent"</span> is sometimes used in this way to identify the browser, and adjust
content accordingly.</p>
<p>Also, different browsers use different encodings of non-English characters, certain web servers convert pages
on-the-fly according to the User Agent header. Giving a <span class="QUOTE">"User Agent"</span> with the wrong
operating system or browser manufacturer causes some sites in these languages to be garbled; Surfers to Eastern
European sites should change it to something closer. And then some page access counters work by looking at the
<span class="QUOTE">"Referer"</span> header; they may fail or break if unavailable. The weather maps of
Intellicast have been blocked by their server when no <span class="QUOTE">"Referer"</span> or cookie is provided,
is another example. (But you can forge both headers without giving information away). There are many other ways
things can go wrong when trying to fool a web server. The results of which could inadvertently cause pages to
load incorrectly, partially, or even not at all. And there may be no obvious clues as to just what went wrong, or
why. Nowhere will there be a message that says <span class="QUOTE">"<span class="emphasis"><i class=
"EMPHASIS">Turn off <tt class="LITERAL">fast-redirects</tt> or else!</i></span> "</span></p>
<p>Similar thoughts apply to modifying JavaScript, and, to a lesser degree, HTML elements.</p>
<p>If you have problems with a site, you will have to adjust your configuration accordingly. Cookies are probably
the most likely adjustment that may be required, but by no means the only one.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="CACHING" id="CACHING">4.12. Can Privoxy act as a <span class="QUOTE">"caching"</span>
proxy to speed up web browsing?</a></h3>
<p>No, it does not have this ability at all. You want something like <a href="http://www.squid-cache.org/"
target="_top">Squid</a> or <a href="https://www.irif.fr/~jch//software/polipo/" target="_top">Polipo</a> for
this. And, yes, before you ask, <span class="APPLICATION">Privoxy</span> can co-exist with other kinds of proxies
like <span class="APPLICATION">Squid</span>. See the <a href="../user-manual/config.html#FORWARDING" target=
"_top">forwarding chapter</a> in the <a href="../user-manual/index.html" target="_top">user manual</a> for
details.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="FIREWALL" id="FIREWALL">4.13. What about as a firewall? Can Privoxy protect
me?</a></h3>
<p>Not in the way you mean, or in the way some firewall vendors claim they can. <span class=
"APPLICATION">Privoxy</span> can help protect your privacy, but can't protect your system from intrusion
attempts. It is, of course, perfectly possible to use <span class="emphasis"><i class=
"EMPHASIS">both</i></span>.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="WASTED" id="WASTED">4.14. I have large empty spaces / a checkerboard pattern now where
ads used to be. Why?</a></h3>
<p>It is technically possible to eliminate banners and ads in a way that frees their allocated page space. This
could easily be done by blocking with <span class="APPLICATION">Privoxy's</span> filters, and eliminating the
<span class="emphasis"><i class="EMPHASIS">entire</i></span> image references from the HTML page source.</p>
<p>But, this would consume considerably more CPU resources (IOW, slow things down), would likely destroy the
layout of some web pages which rely on the banners utilizing a certain amount of page space, and might fail in
other cases, where the screen space is reserved (e.g. by HTML tables for instance). Also, making ads and banners
disappear without any trace complicates troubleshooting, and would sooner or later be problematic.</p>
<p>The better alternative is to instead let them stay, and block the resulting requests for the banners
themselves as is now the case. This leaves either empty space, or the familiar checkerboard pattern.</p>
<p>So the developers won't support this in the default configuration, but you can of course define appropriate
filters yourself to achieve this.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="SSL" id="SSL">4.15. How can Privoxy filter Secure (HTTPS) URLs?</a></h3>
<p>If you enable <a href="../user-manual/actions-file.html#HTTPS-INSPECTION" target="_top">https-inspection</a>
<span class="APPLICATION">Privoxy</span> will impersonate the destination server and can thus filter encrypted
requests and responses as well.</p>
<p>Without <a href="../user-manual/actions-file.html#HTTPS-INSPECTION" target="_top">https-inspection</a> secure
HTTP connections are encrypted SSL sessions between your browser and the secure site, and there is little that
<span class="APPLICATION">Privoxy</span> can do but hand the raw gibberish data though from one end to the other
unprocessed.</p>
<p>The only exception to this is blocking by host patterns, as the client needs to tell <span class=
"APPLICATION">Privoxy</span> the name of the remote server, so that <span class="APPLICATION">Privoxy</span> can
establish the connection. If that name matches a host-only pattern, the connection will be blocked.</p>
<p>As far as ad blocking is concerned, this is less of a restriction than it may seem, since ad sources are often
identifiable by the host name, and often the banners to be placed in an encrypted page come unencrypted
nonetheless for efficiency reasons, which exposes them to the full power of <span class=
"APPLICATION">Privoxy</span>'s ad blocking.</p>
<p><span class="QUOTE">"Content cookies"</span> (those that are embedded in the actual HTML or JS page content,
see <tt class="LITERAL"><a href="../user-manual/actions-file.html#FILTER-CONTENT-COOKIES" target=
"_top">filter{content-cookies}</a></tt>), in an SSL transaction will be impossible to block under these
conditions. Fortunately, this does not seem to be a very common scenario since most cookies come by traditional
means.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="HTTP2" id="HTTP2">4.16. Does Privoxy support HTTP/2?</a></h3>
<p>Privoxy currently doesn't parse HTTP/2 but applications can tunnel HTTP/2 through Privoxy if Privoxy is
configured to allow CONNECT requests (default) which are also used for HTTPS.</p>
<p>Adding HTTP/2 support is on the <a href=
"https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob_plain;f=TODO;hb=HEAD" target="_top">TODO</a> list but
currently nobody is known to work on it.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="SECURE" id="SECURE">4.17. Privoxy runs as a <span class="QUOTE">"server"</span>. How
secure is it? Do I need to take any special precautions?</a></h3>
<p>On Unix-like systems, <span class="APPLICATION">Privoxy</span> can run as a non-privileged user, which is how
we recommend it be run. Also, by default <span class="APPLICATION">Privoxy</span> listens to requests from
<span class="QUOTE">"localhost"</span> only.</p>
<p>The server aspect of <span class="APPLICATION">Privoxy</span> is not itself directly exposed to the Internet
in this configuration. If you want to have <span class="APPLICATION">Privoxy</span> serve as a LAN proxy, this
will have to be opened up to allow for LAN requests. In this case, we'd recommend you specify only the LAN
gateway address, e.g. 192.168.1.1, in the main <span class="APPLICATION">Privoxy</span> configuration file and
check all <a href="../user-manual/config.html#ACCESS-CONTROL" target="_top">access control and security
options</a>. All LAN hosts can then use this as their proxy address in the browser proxy configuration, but
<span class="APPLICATION">Privoxy</span> will not listen on any external interfaces. ACLs can be defined in
addition, and using a firewall is always good too. Better safe than sorry.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="TURNOFF" id="TURNOFF">4.18. Can I temporarily disable Privoxy?</a></h3>
<p><span class="APPLICATION">Privoxy</span> doesn't have a transparent proxy mode, but you can toggle off
blocking and content filtering.</p>
<p>The easiest way to do that is to point your browser to the remote toggle URL: <a href=
"http://config.privoxy.org/toggle" target="_top">http://config.privoxy.org/toggle</a>.</p>
<p>See the <a href="../user-manual/appendix.html#BOOKMARKLETS" target="_top">Bookmarklets section</a> of the
<i class="CITETITLE">User Manual</i> for an easy way to access this feature. Note that this is a feature that may
need to be enabled in the main <tt class="FILENAME">config</tt> file.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="REALLYOFF" id="REALLYOFF">4.19. When <span class="QUOTE">"disabled"</span> is Privoxy
totally out of the picture?</a></h3>
<p>No, this just means all optional filtering and actions are disabled. <span class="APPLICATION">Privoxy</span>
is still acting as a proxy, but just doing less of the things that <span class="APPLICATION">Privoxy</span> would
normally be expected to do. It is still a <span class="QUOTE">"middle-man"</span> in the interaction between your
browser and web sites. See below to bypass the proxy.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="TURNOFF2" id="TURNOFF2">4.20. How can I tell Privoxy to totally ignore certain
sites?</a></h3>
<p>Bypassing a proxy, or proxying based on arbitrary criteria, is purely a browser configuration issue, not a
<span class="APPLICATION">Privoxy</span> issue. Modern browsers typically do have settings for not proxying
certain sites. Check your browser's help files.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="CRUNCH" id="CRUNCH">4.21. My logs show Privoxy <span class="QUOTE">"crunches"</span>
ads, but also its own internal CGI pages. What is a <span class="QUOTE">"crunch"</span>?</a></h3>
<p>A <span class="QUOTE">"crunch"</span> means <span class="APPLICATION">Privoxy</span> intercepted <span class=
"emphasis"><i class="EMPHASIS">something</i></span>, nothing more. Often this is indeed ads or banners, but
<span class="APPLICATION">Privoxy</span> uses the same mechanism for trapping requests for its own internal
pages. For instance, a request for <span class="APPLICATION">Privoxy's</span> configuration page at: <a href=
"http://config.privoxy.org" target="_top">http://config.privoxy.org</a>, is intercepted (i.e. it does not go out
to the 'net), and the familiar CGI configuration is returned to the browser, and the log consequently will show a
<span class="QUOTE">"crunch"</span>.</p>
<p>Since version 3.0.7, Privoxy will also log the crunch reason. If you are using an older version you might want
to upgrade.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="DOWNLOADS" id="DOWNLOADS">4.22. Can Privoxy affect files that I download from a
webserver? FTP server?</a></h3>
<p>From the webserver's perspective, there is no difference between viewing a document (i.e. a page), and
downloading a file. The same is true of <span class="APPLICATION">Privoxy</span>. If there is a match for a
<tt class="LITERAL"><a href="../user-manual/actions-file.html#BLOCK" target="_top">block</a></tt> pattern, it
will still be blocked, and of course this is obvious.</p>
<p>Filtering is potentially more of a concern since the results are not always so obvious, and the effects of
filtering are there whether the file is simply viewed, or downloaded. And potentially whether the content is some
obnoxious advertisement, or Mr. Jimmy's latest/greatest source code jewel. Of course, one of these presumably is
<span class="QUOTE">"bad"</span> content that we don't want, and the other is <span class="QUOTE">"good"</span>
content that we do want. <span class="APPLICATION">Privoxy</span> is blind to the differences, and can only
distinguish <span class="QUOTE">"good from bad"</span> by the configuration parameters <span class=
"emphasis"><i class="EMPHASIS">we</i></span> give it.</p>
<p><span class="APPLICATION">Privoxy</span> knows the differences in files according to the <span class=
"QUOTE">"Content Type"</span> as reported by the webserver. If this is reported accurately (e.g. <span class=
"QUOTE">"application/zip"</span> for a zip archive), then <span class="APPLICATION">Privoxy</span> knows to
ignore these where appropriate. <span class="APPLICATION">Privoxy</span> potentially can filter HTML as well as
plain text documents, subject to configuration parameters of course. Also, documents that are of an unknown type
(generally assumed to be <span class="QUOTE">"text/plain"</span>) can be filtered, as will those that might be
incorrectly reported by the webserver. If such a file is a downloaded file that is intended to be saved to disk,
then any content that might have been altered by filtering, will be saved too, for these (probably rare)
cases.</p>
<p>Note that versions later than 3.0.2 do NOT filter document types reported as <span class=
"QUOTE">"text/plain"</span>. Prior to this, <span class="APPLICATION">Privoxy</span> did filter this document
type.</p>
<p>In short, filtering is <span class="QUOTE">"ON"</span> if a) the content type as reported by the webserver is
appropriate <span class="emphasis"><i class="EMPHASIS">and</i></span> b) the configuration allows it (or at least
does not disallow it). That's it. There is no magic cookie anywhere to say this is <span class=
"QUOTE">"good"</span> and this is <span class="QUOTE">"bad"</span>. It's the configuration that lets it all
happen or not.</p>
<p>If you download text files, you probably do not want these to be filtered, particularly if the content is
source code, or other critical content. Source code sometimes might be mistaken for Javascript (i.e. the kind
that might open a pop-up window). It is recommended to turn off filtering for download sites (particularly if the
content may be plain text files and you are using version 3.0.2 or earlier) in your <tt class=
"FILENAME">user.action</tt> file. And also, for any site or page where making <span class="emphasis"><i class=
"EMPHASIS">any</i></span> changes at all to the content is to be avoided.</p>
<p><span class="APPLICATION">Privoxy</span> does not do FTP at all, only HTTP and HTTPS (SSL) protocols.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="DOWNLOADS2" id="DOWNLOADS2">4.23. I just downloaded a Perl script, and Privoxy altered
it! Yikes, what is wrong!</a></h3>
<p>Please read above.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="HOSTSFILE" id="HOSTSFILE">4.24. Should I continue to use a <span class=
"QUOTE">"HOSTS"</span> file for ad-blocking?</a></h3>
<p>One time-tested technique to defeat common ads is to trick the local DNS system by giving a phony IP address
for the ad generator in the local <tt class="FILENAME">HOSTS</tt> file, typically using <tt class=
"LITERAL">127.0.0.1</tt>, aka <tt class="LITERAL">localhost</tt>. This effectively blocks the ad.</p>
<p>There is no reason to use this technique in conjunction with <span class="APPLICATION">Privoxy</span>.
<span class="APPLICATION">Privoxy</span> does essentially the same thing, much more elegantly and with much more
flexibility. A large <tt class="FILENAME">HOSTS</tt> file, in fact, not only duplicates effort, but may get in
the way and seriously slow down your system. It is recommended to remove such entries from your <tt class=
"FILENAME">HOSTS</tt> file. If you think your hosts list is neglected by <span class=
"APPLICATION">Privoxy's</span> configuration, consider adding your list to your <tt class=
"FILENAME">user.action</tt> file:</p>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
<pre class="SCREEN"> { +block }
www.ad.example1.com
ad.example2.com
ads.galore.example.com
etc.example.com</pre>
</td>
</tr>
</table>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="SEEALSO" id="SEEALSO">4.25. Where can I find more information about Privoxy and
related issues?</a></h3>
<p>Other references and sites of interest to <span class="APPLICATION">Privoxy</span> users:</p>
<table border="0">
<tbody>
<tr>
<td><a href="https://www.privoxy.org/" target="_top">https://www.privoxy.org/</a>, the <span class=
"APPLICATION">Privoxy</span> Home page.</td>
</tr>
</tbody>
</table>
<table border="0">
<tbody>
<tr>
<td><a href="https://www.privoxy.org/faq/" target="_top">https://www.privoxy.org/faq/</a>, the <span class=
"APPLICATION">Privoxy</span> FAQ.</td>
</tr>
</tbody>
</table>
<table border="0">
<tbody>
<tr>
<td><a href="https://www.privoxy.org/developer-manual/" target=
"_top">https://www.privoxy.org/developer-manual/</a>, the <span class="APPLICATION">Privoxy</span>
developer manual.</td>
</tr>
</tbody>
</table>
<table border="0">
<tbody>
<tr>
<td><a href="https://sourceforge.net/projects/ijbswa/" target=
"_top">https://sourceforge.net/projects/ijbswa/</a>, the Project Page for <span class=
"APPLICATION">Privoxy</span> on <a href="https://sourceforge.net" target="_top">SourceForge</a>.</td>
</tr>
</tbody>
</table>
<table border="0">
<tbody>
<tr>
<td><a href="http://config.privoxy.org/" target="_top">http://config.privoxy.org/</a>, the web-based user
interface. <span class="APPLICATION">Privoxy</span> must be running for this to work. Shortcut: <a href=
"http://p.p/" target="_top">http://p.p/</a></td>
</tr>
</tbody>
</table>
<table border="0">
<tbody>
<tr>
<td><a href="https://sourceforge.net/p/ijbswa/actionsfile-feedback/" target=
"_top">https://sourceforge.net/p/ijbswa/actionsfile-feedback/</a>, to submit <span class=
"QUOTE">"misses"</span> and other configuration related suggestions to the developers.</td>
</tr>
</tbody>
</table>
<table border="0">
<tbody>
<tr>
<td><a href="http://www.squid-cache.org/" target="_top">http://www.squid-cache.org/</a>, a popular caching
proxy, which is often used together with <span class="APPLICATION">Privoxy</span>.</td>
</tr>
</tbody>
</table>
<table border="0">
<tbody>
<tr>
<td><a href="https://www.irif.fr/~jch/software/polipo/" target=
"_top">https://www.irif.fr/~jch/software/polipo/</a>, <span class="APPLICATION">Polipo</span> is a caching
proxy with advanced features like pipelining, multiplexing and caching of partial instances. In many setups
it can be used as <span class="APPLICATION">Squid</span> replacement.</td>
</tr>
</tbody>
</table>
<table border="0">
<tbody>
<tr>
<td><a href="https://www.torproject.org/" target="_top">https://www.torproject.org/</a>, <span class=
"APPLICATION">Tor</span> can help anonymize web browsing, web publishing, instant messaging, IRC, SSH, and
other applications.</td>
</tr>
</tbody>
</table>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="MICROSUCK" id="MICROSUCK">4.26. I've noticed that Privoxy changes <span class=
"QUOTE">"Microsoft"</span> to <span class="QUOTE">"MicroSuck"</span>! Why are you manipulating my
browsing?</a></h3>
<p>We're not. The text substitutions that you are seeing are disabled in the default configuration as shipped.
You have either manually activated the <span class="QUOTE">"<tt class="LITERAL">fun</tt>"</span> filter which is
clearly labeled <span class="QUOTE">"Text replacements for subversive browsing fun!"</span> or you are using an
older Privoxy version and have implicitly activated it by choosing the <span class="QUOTE">"Advanced"</span>
profile in the web-based editor. Please upgrade.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="VALID" id="VALID">4.27. Does Privoxy produce <span class="QUOTE">"valid"</span> HTML
(or XHTML)?</a></h3>
<p>Privoxy generates HTML in both its own <span class="QUOTE">"templates"</span>, and possibly whenever there are
text substitutions via a <span class="APPLICATION">Privoxy</span> filter. While this should always conform to the
HTML 4.01 specifications, it has not been validated against this or any other standard.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="SURPRISE-PRIVOXY" id="SURPRISE-PRIVOXY">4.28. How did you manage to get Privoxy on my
computer without my consent?</a></h3>
<p>We didn't. We make Privoxy available for download, but we don't go around installing it on other people's
systems behind their back. If you discover Privoxy running on your system and are sure you didn't install it
yourself, somebody else did. You may not even be running the real Privoxy, but maybe something else that only
pretends to be Privoxy, or maybe something that is based on the real Privoxy, but has been modified.</p>
<p>Lately there have been reports of problems with some kind of "parental control" software based on Privoxy that
came preinstalled on certain <a href="https://sourceforge.net/p/ijbswa/bugs/813/" target="_top">ASUS
Netbooks</a>. The problems described are inconsistent with the behaviour of official Privoxy versions, which
suggests that the preinstalled software may contain vendor modifications that we don't know about and thus can't
debug.</p>
<p>Privoxy's <a href="copyright.html">license</a> allows vendor modifications, but the vendor has to comply with
the license, which involves informing the user about the changes and to make the changes available under the same
license as Privoxy itself.</p>
<p>If you are having trouble with a modified Privoxy version, please try to talk to whoever made the
modifications before reporting the problem to us. Please also try to convince whoever made the modifications to
talk to us. If you think somebody gave you a modified Privoxy version without complying to the license, please
let us know.</p>
</div>
<div class="SECT2">
<h3 class="SECT2"><a name="SUPPOSEDLY-INFECTED-TARBALL" id="SUPPOSEDLY-INFECTED-TARBALL">4.29. Is the Privoxy
source tarball infected by a virus?</a></h3>
<p>If you verified the OpenPGP signature the tarball should be fine.</p>
<p>Starting with the 4.0.0 release the source tarball contains a new test framework. Some of the test cases
contain hex-encoded data, for exampe see <a href=
"https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob;f=tests/cts/gzip-compression/data/test10;hb=HEAD" target=
"_top">gzip decompression test 10</a>. While none of the test cases contain viruses they may contain patterns
that viruses also contain, for example there is a <a href=
"https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob;f=tests/cts/content-filters/data/test33;hb=HEAD" target=
"_top">test case for the obsolete ie-exploits filter</a>.</p>
<p>The tests don't get executed automatically and if you feel safer you can remove the tests/cts directory before
building Privoxy ...</p>
</div>
</div>
<div class="NAVFOOTER">
<hr align="left" width="100%">
<table summary="Footer navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="33%" align="left" valign="top"><a href="configuration.html" accesskey="P">Prev</a></td>
<td width="34%" align="center" valign="top"><a href="index.html" accesskey="H">Home</a></td>
<td width="33%" align="right" valign="top"><a href="trouble.html" accesskey="N">Next</a></td>
</tr>
<tr>
<td width="33%" align="left" valign="top">Configuration</td>
<td width="34%" align="center" valign="top"> </td>
<td width="33%" align="right" valign="top">Troubleshooting</td>
</tr>
</table>
</div>
</body>
</html>
|
