7 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
10 TITLE="Privoxy Frequently Asked Questions"
11 HREF="index.html"><LINK
14 HREF="configuration.html"><LINK
16 TITLE="Troubleshooting"
17 HREF="trouble.html"><LINK
20 HREF="../p_doc.css"></HEAD
31 SUMMARY="Header navigation table"
40 >Privoxy Frequently Asked Questions</TH
48 HREF="configuration.html"
86 >4.1. How much does Privoxy slow my browsing down? This
87 has to add extra time to browsing.</H3
89 > How much of an impact depends on many things, including the CPU of the host
90 system, how aggressive the configuration is, which specific actions are being triggered,
91 the size of the page, etc.</P
93 > Overall, it should not slow you down any in real terms, and may actually help
94 speed things up since ads, banners and other junk are not typically being
95 retrieved and displayed. The actual processing time required by
99 > itself for each page, is relatively small
100 in the overall scheme of things, and happens very quickly. This is typically
101 more than offset by time saved not downloading and rendering ad images (if ad
102 blocking is being used).</P
107 > content via the <TT
110 HREF="../user-manual/actions-file.html#FILTER"
118 HREF="../user-manual/actions-file.html#DEANIMATE-GIFS"
123 actions will certainly cause a perceived slowdown, since the entire document
124 needs to be buffered before displaying. And on very large documents, there may be
125 some impact. How much depends on the page size, the actual definition of the
126 filter(s), etc. See below. Most other actions have little to no impact on
136 >4.2. I notice considerable
137 delays in page requests compared to the old Junkbuster. What's wrong?</H3
142 HREF="../user-manual/actions-file.html#FILTER"
147 such as filtering banners by size, web-bugs etc, or the <TT
150 HREF="../user-manual/actions-file.html#DEANIMATE-GIFS"
155 action, the entire document must be loaded into memory in order for the filtering
156 mechanism to work, and nothing is sent to the browser during this time.</P
158 > The loading time typically does not really change much in real numbers, but
159 the feeling is different, because most browsers are able to start rendering
160 incomplete content, giving the user a feeling of "it works". This effect is
161 more noticeable on slower dialup connections. Extremely large documents
162 may have some impact on the time to load the page where there is filtering
163 being done. But overall, the difference should be very minimal. If there is a
164 big impact, then probably some other problem is contributing.
167 > Filtering is automatically disabled for inappropriate MIME types. But note
168 that if the web server mis-reports the MIME type, then content that should
169 not be filtered, could be. <SPAN
173 to differentiate filterable content because of the MIME type as reported by
174 the server, or because of some configuration setting that enables/disables
184 >4.3. What are "http://config.privoxy.org/" and
188 HREF="http://config.privoxy.org/"
190 >http://config.privoxy.org/</A
195 >'s built-in user interface, and
200 > is a shortcut for it.</P
205 > sits between your web browser and the Internet,
206 it can simply intercept requests for these addresses and answer them with its built-in
212 > This also makes for a good test for your browser configuration: If entering the
214 HREF="http://config.privoxy.org/"
216 >http://config.privoxy.org/</A
218 takes you to a page saying <SPAN
220 >"This is Privoxy ..."</SPAN
222 If you get a page saying <SPAN
224 >"Privoxy is not working"</SPAN
226 your browser didn't use <SPAN
230 hence it could not be intercepted, and you have accessed the <SPAN
237 web site at config.privoxy.org.</P
239 > With recent versions of <SPAN
243 later), the user interface features information on the run time status, the
244 configuration, and even a built-in editor for the <A
245 HREF="../user-manual/actions-file.html"
250 > Note that the built-in URLs from earlier versions of <SPAN
257 >, http://example.com/show-proxy-args and http://i.j.b/,
258 are no longer supported. If you still use such an old version, you should really consider
259 upgrading to 3.0.4.</P
268 >4.4. How can I submit new ads, or report
275 various ways to interact with the developers.</P
284 >4.5. Why doesn't anyone answer my support
287 >Rest assured that it has been read and considered. Why it is not answered,
288 could be for various reasons, including no one has a good answer for it, no
289 one has had time to yet investigate it thoroughly, it has been reported
290 numerous times already, or because not enough information was provided to help
291 us help you. Your efforts are not wasted, and we do appreciate them.</P
300 >4.6. How can I hide my IP address?</H3
302 > If you run both the browser and the proxy locally, you cannot hide your IP
306 > or ultimately any other
307 software. The server needs to know your IP address so that it knows where to
308 send the responses back. </P
310 > There are many publicly usable "anonymous" proxies out there, which
311 provide a further level of indirection between you and the web server.</P
313 > However, these proxies are called "anonymous" because you don't need
314 a password, not because they would offer any real anonymity.
315 Most of them will log your IP address and make it available to the
316 authorities in case you violate the law of the country they run in. In fact
317 you can't even rule out that some of them only exist to *collect* information
318 on (those suspicious) people with a more than average preference for privacy.</P
320 > Your best bet is to chain <SPAN
325 HREF="http://tor.eff.org/"
330 HREF="http://www.eff.org/"
333 > supported onion routing system.
334 The configuration details can be found in
341 > together with <SPAN
355 >4.7. Can Privoxy guarantee I am anonymous?</H3
357 > No. Your chances of remaining anonymous are greatly improved, but unless you
369 or a similar system and know what you're doing when it comes to configuring
370 the rest of your system, it would be safest to assume that everything you do
371 on the Web can be traced back to you.</P
376 > can remove various information about you,
383 > more freedom to decide which sites
384 you can trust, and what details you want to reveal. But it neither
385 hides your ip address, nor can it guarantee that the rest of the system
386 behaves correctly. There are several possibilities how a web sites can find
387 out who you are, even if you are using a strict <SPAN
391 configuration and chained it with <SPAN
399 > protection can be easily subverted
400 by an insecure browser configuration, therefore you should use a browser that can
401 be configured to only execute code from trusted sites, and be careful which sites you trust.
402 For example there is no point in having <SPAN
406 modify the User-Agent header, if websites can get all the information they want
407 through JavaScript, ActiveX, Flash, Java etc.</P
409 > A few browsers disclose the user's email address in certain situations, such
410 as when transferring a file by FTP. <SPAN
414 does not filter FTP. If you need this feature, or are concerned about the
415 mail handler of your browser disclosing your email address, you might
416 consider products such as <SPAN
421 > Browsers available only as binaries could use non-standard headers to give
422 out any information they can have access to: see the manufacturer's license
423 agreement. It's impossible to anticipate and prevent every breach of privacy
424 that might occur. The professionally paranoid prefer browsers available as
425 source code, because anticipating their behavior is easier. Trust the source,
435 >4.8. A test site says I am not using a Proxy.</H3
437 > Good! Actually, they are probably testing for some other kinds of proxies.
438 Hiding yourself completely would require additional steps.</P
447 >4.9. How do I use Privoxy
448 together with Tor?</H3
450 > Before you configure <SPAN
458 HREF="http://tor.eff.org/"
460 >http://tor.eff.org/</A
462 please follow the User Manual chapters
464 HREF="../user-manual/installation.html"
469 HREF="../user-manual/startup.html"
476 > itself is setup correctly.</P
479 If it is, refer to <A
480 HREF="http://tor.eff.org/documentation.html.en"
483 extensive documentation</A
484 > to learn how to install <SPAN
491 >'s logfile says that
494 >"Tor has successfully opened a circuit"</SPAN
498 >"looks like client functionality is working"</SPAN
508 isn't working, their combination most likely will neither. Testing them on their
509 own will also help you to direct problem reports to the right audience.
513 > isn't working, don't bother the
517 > developers. If <SPAN
521 isn't working, don't send bug reports to the <SPAN
526 > If you verified that <SPAN
533 are working, it is time to connect them. As far as <SPAN
540 > is just another proxy that can be reached
541 by socks4 or socks4a. Most likely you are interested in <SPAN
545 to increase your anonymity level, therefore you should use socks4a,
553 > and thus invisible to your local network.</P
558 > 3.0.4, its configuration (section 5.2)
559 is already prepared for <SPAN
562 >, if you are using a
566 > configuration and run it on the same
567 system as Privoxy, you just have to uncomment the line:</P
577 ># forward-socks4a / 127.0.0.1:9050 .
584 > This is enough to reach the Internet, but additionally you should
585 uncomment the following forward rules, to make sure your local network is still
586 reachable through Privoxy:</P
596 ># forward 192.168.*.*/ .
597 # forward 10.*.*.*/ .
598 # forward 127.*.*.*/ .
605 > Unencrypted connections to systems in these address ranges will
606 be as (un)secure as the local network is, but the alternative is
607 that you can't reach the network at all.
608 If you also want to be able to reach servers in your local
609 network by using their names, you will need additional
610 exceptions that look like this:</P
620 ># forward localhost/ .
627 > Save the modified configuration file and open
629 HREF="http://config.privoxy.org/show-status"
631 >http://config.privoxy.org/show-status/</A
633 in your browser, confirm that <SPAN
636 > has reloaded its configuration
637 and that there are no other forward lines, unless you know that you need them. I everything looks good,
640 HREF="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-0e1cc2ac330ede8c6ad1ac0d0db0ac163b0e6143"
644 > to learn how to verify that you are really using <SPAN
649 > Afterward, please take the time to at least skim through the rest
653 > documentation. Make sure you understand
657 > does, why it is no replacement for
658 application level security, and why you shouldn't use it for unencrypted logins.</P
667 >4.10. Might some things break because header information or
668 content is being altered?</H3
670 > Definitely. More and more sites use HTTP header content to decide what to
671 display and how to display it. There is many ways that this can be handled,
672 so having hard and fast rules, is tricky.</P
677 > in particular is often used in this way to identify
678 the browser, and adjust content accordingly. Changing this now (at least not
679 further than removing the OS information) is not recommended, since so many
680 sites do look for it. You may get undesirable results by changing this.</P
682 > For instance, different browsers use different encodings of Russian and Czech
683 characters, certain web servers convert pages on-the-fly according to the
684 User Agent header. Giving a <SPAN
688 operating system or browser manufacturer causes some sites in these languages
689 to be garbled; Surfers to Eastern European sites should change it to
690 something closer. And then some page access counters work by looking at the
694 > header; they may fail or break if unavailable. The
695 weather maps of Intellicast have been blocked by their server when no
699 > or cookie is provided, is another example. (But you
700 can forge both headers without giving information away). There are
701 many other ways things can go wrong when trying to fool a web server.</P
703 > Similar thoughts apply to modifying JavaScript, and, to a lesser degree,
706 > If you have problems with a site, you will have to adjust your configuration
707 accordingly. Cookies are probably the most likely adjustment that may
708 be required, but by no means the only one.</P
717 >4.11. Can Privoxy act as a <SPAN
721 speed up web browsing?</H3
723 > No, it does not have this ability at all. You want something like
725 HREF="http://www.squid-cache.org/"
728 > for this. And, yes,
729 before you ask, <SPAN
733 with other kinds of proxies like <SPAN
738 HREF="../user-manual/config.html#FORWARDING"
743 HREF="../user-manual/index.html"
756 >4.12. What about as a firewall? Can Privoxy protect me?</H3
758 > Not in the way you mean, or in the way a true firewall can.
762 > can help protect your privacy, but not
763 protect you from intrusion attempts. It is, of course, perfectly possible
764 and recommended to use <SPAN
779 >4.13. I have large empty spaces / a checkerboard pattern now where
780 ads used to be. Why?</H3
782 > It would be technically possible eliminate the banners in a way that frees
783 their screen estate in many cases, by doing all banner blocking with filters,
784 i.e. eliminating the whole image references from the HTML pages instead
785 of letting them stay in, and blocking the resulting requests for the
786 banners themselves.</P
788 > But this would consume considerable CPU resources, would likely destroy
789 the layout of many web pages which rely on the banners consuming a certain
790 amount of screen space, and would fail in other cases, where the screen space
791 is reserved e.g. by tables anyway. Also, making the banners disappear without
792 a visual trace complicates troubleshooting.</P
794 > So we won't support this in the default configuration, but you can of course
795 define appropriate filters yourself.</P
804 >4.14. How can Privoxy filter Secure (HTTPS) URLs?</H3
806 > Since secure HTTP connections are encrypted SSL sessions between your browser
807 and the secure site, and are meant to be reliably <SPAN
814 there is little that <SPAN
817 > can do but hand the raw
818 gibberish data though from one end to the other unprocessed.</P
820 > The only exception to this is blocking by host patterns, as the client needs
824 > the name of the remote server,
828 > can establish the connection.
829 If that name matches a host-only pattern, the connection will be blocked.</P
831 > As far as ad blocking is concerned, this is less of a restriction than it may
832 seem, since ad sources are often identifiable by the host name, and often
833 the banners to be placed in an encrypted page come unencrypted nonetheless
834 for efficiency reasons, which exposes them to the full power of
842 >"Content cookies"</SPAN
843 > (those that are embedded in the actual HTML or
844 JS page content, see <TT
847 HREF="../user-manual/actions-file.html#FILTER-CONTENT-COOKIES"
849 >filter{content-cookies}</A
852 in an SSL transaction will be impossible to block under these conditions.
853 Fortunately, this does not seem to be a very common scenario since most
854 cookies come by traditional means.</P
863 >4.15. Privoxy runs as a <SPAN
867 secure is it? Do I need to take any special precautions?</H3
869 > There are no known exploits that might affect
873 >. On Unix-like systems,
877 > can run as a non-privileged
878 user, which is how we recommend it be run. Also, by default
882 > only listens to requests
886 > only. The server aspect of
890 > is not itself directly exposed to the
891 Internet in this configuration. If you want to have
895 > serve as a LAN proxy, this will have to
896 be opened up to allow for LAN requests. In this case, we'd recommend
897 you specify only the LAN gateway address, e.g. 192.168.1.1, in the main
901 > configuration file and check all <A
902 HREF="../user-manual/config.html#ACCESS-CONTROL"
904 >access control and security
906 >. All LAN hosts can then use this as their proxy address
907 in the browser proxy configuration, but <SPAN
911 will not listen on any external interfaces. ACLs can be defined in addition,
912 and using a firewall is always good too. Better safe than sorry.</P
921 >4.16. How can I temporarily disable Privoxy?</H3
923 > The easiest way is to access <SPAN
927 browser by using the remote toggle URL: <A
928 HREF="http://config.privoxy.org/toggle"
930 >http://config.privoxy.org/toggle</A
933 HREF="../user-manual/appendix.html#BOOKMARKLETS"
935 >Bookmarklets section</A
940 > for an easy way to access this
954 out of the picture?</H3
956 > No, this just means all filtering and actions are disabled.
960 > is still acting as a proxy, but just not
961 doing any of the things that <SPAN
965 normally be expected to do. It is still a <SPAN
969 the interaction between your browser and web sites.</P
978 >4.18. My logs show Privoxy <SPAN
982 ads, but also its own internal CGI pages. What is a <SPAN
1000 >, nothing more. Often this is indeed ads or
1004 > uses the same mechanism for
1005 trapping requests for its own internal pages. For instance, a request for
1009 > configuration page at: <A
1010 HREF="http://config.privoxy.org"
1012 >http://config.privoxy.org</A
1014 intercepted (i.e. it does not go out to the 'net), and the familiar CGI
1015 configuration is returned to the browser, and the log consequently will show
1028 >4.19. Can Privoxy effect files that I download
1029 from a webserver? FTP server?</H3
1031 > From the webserver's perspective, there is no difference between
1032 viewing a document (i.e. a page), and downloading a file. The same is true of
1036 >. If there is a match for a <TT
1039 HREF="../user-manual/actions-file.html#BLOCK"
1044 it will still be blocked, and of course this is obvious.
1047 > Filtering is potentially more of a concern since the results are not always
1048 so obvious, and the effects of filtering are there whether the file is simply
1049 viewed, or downloaded. And potentially whether the content is some obnoxious
1050 advertisement, or Mr. Jimmy's latest/greatest source code jewel. Of course,
1051 one of these presumably is <SPAN
1054 > content that we don't want, and
1058 > content that we do want.
1062 > is blind to the differences, and can only
1065 >"good from bad"</SPAN
1066 > by the configuration parameters
1078 > knows the differences in files according
1081 >"Document Type"</SPAN
1082 > as reported by the webserver. If this is
1083 reported accurately (e.g. <SPAN
1085 >"application/zip"</SPAN
1086 > for a zip archive),
1090 > knows to ignore these where
1094 > potentially can filter HTML
1095 as well as plain text documents, subject to configuration parameters of
1096 course. Also, documents that are of an unknown type (generally assumed to be
1100 >) can be filtered, as will those that might be
1101 incorrectly reported by the webserver. If such a file is a downloaded file
1102 that is intended to be saved to disk, then any content that might have been
1103 altered by filtering, will be saved too, for these (probably rare) cases.</P
1105 > Note that versions later than 3.0.2 do NOT filter document types reported as
1109 >. Prior to this, <SPAN
1113 did filter this document type.</P
1115 > In short, filtering is <SPAN
1118 > if a) the Document Type as reported
1119 by the webserver is appropriate <SPAN
1125 > b) the configuration
1126 allows it (or at least does not disallow it). That's it. There is no magic
1127 cookie anywhere to say this is <SPAN
1134 >. It's the configuration that let's it all happen or not.</P
1136 > If you download text files, you probably do not want these to be filtered,
1137 particularly if the content is source code, or other critical content. Source
1138 code sometimes might be mistaken for Javascript (i.e. the kind that might
1139 open a pop-up window). It is recommended to turn off filtering for download
1140 sites (particularly if the content may be plain text files and you are using
1141 version 3.0.2 or earlier) in your <TT
1145 also, for any site or page where making <SPAN
1152 all to the content is to be avoided.</P
1157 > does not do FTP at all, only HTTP
1158 and HTTPS (SSL) protocols, so please don't try.</P
1167 >4.20. I just downloaded a Perl script, and Privoxy
1168 altered it! Yikes, what is wrong!</H3
1170 > Please read above.</P
1179 >4.21. Should I continue to use a <SPAN
1182 > file for ad-blocking?</H3
1184 > One time-tested technique to defeat common ads is to trick the local DNS
1185 system by giving a phony IP address for the ad generator in the local
1189 > file, typically using <TT
1196 >. This effectively blocks the ad.</P
1198 > There is no reason to use this technique in conjunction with
1206 does essentially the same thing, much more elegantly and with much more
1207 flexibility. A large <TT
1210 > file, in fact, not only
1211 duplicates effort, but may get in the way. It is recommended to remove
1212 such entries from your <TT
1215 > file. If you think
1216 your hosts list is neglected by <SPAN
1220 configuration, consider adding your list to your <TT
1236 ads.galore.example.com
1237 etc.example.com</PRE
1250 >4.22. Where can I find more information about Privoxy
1251 and related issues?</H3
1253 > Other references and sites of interest to <SPAN
1267 HREF="http://www.privoxy.org/"
1269 >http://www.privoxy.org/</A
1290 HREF="http://www.privoxy.org/faq/"
1292 >http://www.privoxy.org/faq/</A
1313 HREF="http://sourceforge.net/projects/ijbswa/"
1315 >http://sourceforge.net/projects/ijbswa/</A
1317 the Project Page for <SPAN
1322 HREF="http://sourceforge.net"
1341 HREF="http://config.privoxy.org/"
1343 >http://config.privoxy.org/</A
1345 the web-based user interface. <SPAN
1349 running for this to work. Shortcut: <A
1369 HREF="http://sourceforge.net/tracker/?group_id=11118&atid=460288"
1371 >http://sourceforge.net/tracker/?group_id=11118&atid=460288</A
1376 configuration related suggestions to the developers.
1393 HREF="http://www.junkbusters.com/ht/en/cookies.html"
1395 >http://www.junkbusters.com/ht/en/cookies.html</A
1397 an explanation how cookies are used to track web users.
1413 HREF="http://www.junkbusters.com/ijb.html"
1415 >http://www.junkbusters.com/ijb.html</A
1417 the original Internet Junkbuster.
1434 HREF="http://privacy.net/"
1436 >http://privacy.net/</A
1438 to check what information about you is leaked while you browse the web.
1454 HREF="http://www.squid-cache.org/"
1456 >http://www.squid-cache.org/</A
1458 caching proxy, which is often used together with <SPAN
1477 HREF="http://tor.eff.org/"
1479 >http://tor.eff.org/</A
1484 > can help anonymize web browsing,
1485 web publishing, instant messaging, IRC, SSH, and other applications.
1501 HREF="http://www.privoxy.org/developer-manual/"
1503 >http://www.privoxy.org/developer-manual/</A
1524 >4.23. I've noticed that Privoxy changes <SPAN
1531 >! Why are you manipulating my browsing?</H3
1533 > We're not. The text substitutions that you are seeing are disabled
1534 in the default configuration as shipped. You have either manually
1542 is clearly labeled <SPAN
1544 >"Text replacements for subversive browsing
1546 > or you are using an older Privoxy version and have implicitly
1547 activated it by choosing the <SPAN
1549 >"Adventuresome"</SPAN
1551 web-based editor.</P
1559 SUMMARY="Footer navigation table"
1570 HREF="configuration.html"
1608 >Troubleshooting</TD