1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
8 CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
10 TITLE="Privoxy Frequently Asked Questions"
11 HREF="index.html"><LINK
14 HREF="configuration.html"><LINK
16 TITLE="Troubleshooting"
17 HREF="trouble.html"><LINK
20 HREF="../p_doc.css"><META
21 HTTP-EQUIV="Content-Type"
23 charset=ISO-8859-1"></HEAD
34 SUMMARY="Header navigation table"
43 >Privoxy Frequently Asked Questions</TH
51 HREF="configuration.html"
88 >4.1. How much does Privoxy slow my browsing down? This
89 has to add extra time to browsing.</A
92 > How much of an impact depends on many things, including the CPU of the host
93 system, how aggressive the configuration is, which specific actions are being triggered,
94 the size of the page, the bandwidth of the connection, etc.</P
96 > Overall, it should not slow you down any in real terms, and may actually help
97 speed things up since ads, banners and other junk are not typically being
98 retrieved and displayed. The actual processing time required by
102 > itself for each page, is relatively small
103 in the overall scheme of things, and happens very quickly. This is typically
104 more than offset by time saved not downloading and rendering ad images and
105 other junk content (if ad blocking is being used).</P
110 > content via the <TT
113 HREF="../user-manual/actions-file.html#FILTER"
121 HREF="../user-manual/actions-file.html#DEANIMATE-GIFS"
126 actions may cause a perceived slowdown, since the entire document
127 needs to be buffered before displaying. And on very large documents,
128 filtering may have some measurable impact. How much depends on the page size,
129 the actual definition of the filter(s), etc. See below. Most other actions
130 have little to no impact on speed.</P
132 > Also, when filtering is enabled but zlib support isn't available, compression
133 is often disabled (see <A
134 HREF="../user-manual/actions-file.html#PREVENT-COMPRESSION"
136 >prevent-compression</A
138 This can have an impact on speed as well, although it's probably smaller than
139 you might think. Again, the page size, etc. will determine how much of an impact.</P
147 >4.2. I notice considerable
148 delays in page requests. What's wrong?</A
154 HREF="../user-manual/actions-file.html#FILTER"
159 such as filtering banners by size, web-bugs etc, or the <TT
162 HREF="../user-manual/actions-file.html#DEANIMATE-GIFS"
167 action, the entire document must be loaded into memory in order for the filtering
168 mechanism to work, and nothing is sent to the browser during this time.</P
170 > The loading time typically does not really change much in real numbers, but
171 the feeling is different, because most browsers are able to start rendering
172 incomplete content, giving the user a feeling of "it works". This effect is
173 more noticeable on slower dialup connections. Extremely large documents
174 may have some impact on the time to load the page where there is filtering
175 being done. But overall, the difference should be very minimal. If there is a
176 big impact, then probably some other situation is contributing (like
177 anti-virus software).
180 > Filtering is automatically disabled for inappropriate MIME types. But note
181 that if the web server mis-reports the MIME type, then content that should
182 not be filtered, could be. <SPAN
186 to differentiate filterable content because of the MIME type as reported by
187 the server, or because of some configuration setting that enables/disables
196 >4.3. What are "http://config.privoxy.org/" and
201 HREF="http://config.privoxy.org/"
203 >http://config.privoxy.org/</A
208 >'s built-in user interface, and
213 > is a shortcut for it.</P
218 > sits between your web browser and the Internet,
219 it can simply intercept requests for these addresses and answer them with its built-in
225 > This also makes for a good test for your browser configuration: If entering the
227 HREF="http://config.privoxy.org/"
229 >http://config.privoxy.org/</A
231 takes you to a page saying <SPAN
233 >"This is Privoxy ..."</SPAN
235 If you get a page saying <SPAN
237 >"Privoxy is not working"</SPAN
239 your browser didn't use <SPAN
243 hence it could not be intercepted, and you have accessed the <SPAN
250 web site at config.privoxy.org.</P
258 >4.4. How can I submit new ads, or report
266 various ways to interact with the developers.</P
274 >4.5. If I do submit missed ads, will
275 they be included in future updates?</A
278 > Whether such submissions are eventually included in the
282 > configuration file depends on how
283 significant the issue is. We of course want to address any potential
284 problem with major, high-profile sites such as <I
291 >, etc. Any site with global or regional reach,
292 has a good chance of being a candidate. But at the other end of the spectrum
293 are any number of smaller, low-profile sites such as for local clubs or
294 schools. Since their reach and impact are much less, they are best handled by
295 inclusion in the user's <TT
299 unlikely to be included. </P
307 >4.6. Why doesn't anyone answer my support
311 >Rest assured that it has been read and considered. Why it is not answered,
312 could be for various reasons, including no one has a good answer for it, no
313 one has had time to yet investigate it thoroughly, it has been reported
314 numerous times already, or because not enough information was provided to help
315 us help you. Your efforts are not wasted, and we do appreciate them.</P
323 >4.7. How can I hide my IP address?</A
326 > If you run both the browser and <SPAN
329 > locally, you cannot hide your IP
333 > or ultimately any other
334 software alone. The server needs to know your IP address so that it knows
335 where to send the responses back. </P
337 > There are many publicly usable "anonymous" proxies out there, which
338 provide a further level of indirection between you and the web server.</P
340 > However, these proxies are called "anonymous" because you don't need
341 to authenticate, not because they would offer any real anonymity.
342 Most of them will log your IP address and make it available to the
343 authorities in case you violate the law of the country they run in. In fact
344 you can't even rule out that some of them only exist to *collect* information
345 on (those suspicious) people with a more than average preference for privacy.</P
347 > If you want to hide your IP address from most adversaries,
348 you should consider chaining <SPAN
353 HREF="http://tor.eff.org/"
357 The configuration details can be found in
378 >4.8. Can Privoxy guarantee I am anonymous?</A
381 > No. Your chances of remaining anonymous are improved, but unless you
393 or a similar proxy and know what you're doing when it comes to configuring
394 the rest of your system, you should assume that everything you do
395 on the Web can be traced back to you.</P
400 > can remove various information about you,
407 > more freedom to decide which sites
408 you can trust, and what details you want to reveal. But it neither
409 hides your IP address, nor can it guarantee that the rest of the system
410 behaves correctly. There are several possibilities how a web sites can find
411 out who you are, even if you are using a strict <SPAN
415 configuration and chained it with <SPAN
423 > privacy-enhancing features can be easily subverted
424 by an insecure browser configuration, therefore you should use a browser that can
425 be configured to only execute code from trusted sites, and be careful which sites you trust.
426 For example there is no point in having <SPAN
430 modify the User-Agent header, if websites can get all the information they want
431 through JavaScript, ActiveX, Flash, Java etc.</P
433 > A few browsers disclose the user's email address in certain situations, such
434 as when transferring a file by FTP. <SPAN
438 does not filter FTP. If you need this feature, or are concerned about the
439 mail handler of your browser disclosing your email address, you might
440 consider products such as <SPAN
445 > Browsers available only as binaries could use non-standard headers to give
446 out any information they can have access to: see the manufacturer's license
447 agreement. It's impossible to anticipate and prevent every breach of privacy
448 that might occur. The professionally paranoid prefer browsers available as
449 source code, because anticipating their behavior is easier. Trust the source,
458 >4.9. A test site says I am not using a Proxy.</A
461 > Good! Actually, they are probably testing for some other kinds of proxies.
462 Hiding yourself completely would require additional steps.</P
470 >4.10. How do I use Privoxy
471 together with Tor?</A
474 > Before you configure <SPAN
479 HREF="https://www.torproject.org/"
488 HREF="../user-manual/installation.html"
493 HREF="../user-manual/startup.html"
500 > itself is setup correctly.</P
503 If it is, refer to <A
504 HREF="https://www.torproject.org/documentation.html"
507 extensive documentation</A
508 > to learn how to install <SPAN
515 >'s logfile says that
518 >"Tor has successfully opened a circuit"</SPAN
522 >"looks like client functionality is working"</SPAN
532 isn't working, their combination most likely will neither. Testing them on their
533 own will also help you to direct problem reports to the right audience.
537 > isn't working, don't bother the
541 > developers. If <SPAN
545 isn't working, don't send bug reports to the <SPAN
550 > If you verified that <SPAN
557 are working, it is time to connect them. As far as <SPAN
564 > is just another proxy that can be reached
565 by socks4 or socks4a. Most likely you are interested in <SPAN
569 to increase your anonymity level, therefore you should use socks4a, to make sure DNS requests are
573 > and thus invisible to your local network.</P
580 HREF="../user-manual/config.html"
582 >main configuration file</A
584 is already prepared for <SPAN
587 >, if you are using a
591 > configuration and run it on the same
595 >, you just have to edit the
597 HREF="../user-manual/config.html#FORWARDING"
599 >forwarding section</A
601 and uncomment the line:</P
611 ># forward-socks4a / 127.0.0.1:9050 .
618 > This is enough to reach the Internet, but additionally you might want to
619 uncomment the following forward rules, to make sure your local network is still
620 reachable through Privoxy:</P
630 ># forward 192.168.*.*/ .
631 # forward 10.*.*.*/ .
632 # forward 127.*.*.*/ .
639 > Unencrypted connections to systems in these address ranges will
640 be as (un)secure as the local network is, but the alternative is
641 that your browser can't reach the network at all. Then again,
642 that may actually be desired and if you don't know for sure
643 that your browser has to be able to reach the local network,
644 there's no reason to allow it.</P
646 > If you want your browser to be able to reach servers in your local
647 network by using their names, you will need additional exceptions
648 that look like this:</P
658 ># forward localhost/ .
665 > Save the modified configuration file and open
667 HREF="http://config.privoxy.org/show-status"
669 >http://config.privoxy.org/show-status/</A
671 in your browser, confirm that <SPAN
674 > has reloaded its configuration
675 and that there are no other forward lines, unless you know that you need them. If everything looks good,
678 HREF="https://wiki.torproject.org/wiki/TheOnionRouter/TorFAQ#head-0e1cc2ac330ede8c6ad1ac0d0db0ac163b0e6143"
682 > to learn how to verify that you are really using <SPAN
687 > Afterward, please take the time to at least skim through the rest
691 > documentation. Make sure you understand
695 > does, why it is no replacement for
696 application level security, and why you probably don't want to
697 use it for unencrypted logins.</P
705 >4.11. Might some things break because header information or
706 content is being altered?</A
709 > Definitely. It is common for sites to use browser type, browser version,
710 HTTP header content, and various other techniques in order to dynamically
711 decide what to display and how to display it. What you see, and what I see,
712 might be very different. There are many, many ways that this can be handled,
713 so having hard and fast rules, is tricky.</P
718 > is sometimes used in this way to identify
719 the browser, and adjust content accordingly.</P
721 > Also, different browsers use different encodings of non-English
722 characters, certain web servers convert pages on-the-fly according to the
723 User Agent header. Giving a <SPAN
727 operating system or browser manufacturer causes some sites in these languages
728 to be garbled; Surfers to Eastern European sites should change it to
729 something closer. And then some page access counters work by looking at the
733 > header; they may fail or break if unavailable. The
734 weather maps of Intellicast have been blocked by their server when no
738 > or cookie is provided, is another example. (But you
739 can forge both headers without giving information away). There are
740 many other ways things can go wrong when trying to fool a web server. The
741 results of which could inadvertently cause pages to load incorrectly,
742 partially, or even not at all. And there may be no obvious clues as to just
743 what went wrong, or why. Nowhere will there be a message that says
759 > Similar thoughts apply to modifying JavaScript, and, to a lesser degree,
762 > If you have problems with a site, you will have to adjust your configuration
763 accordingly. Cookies are probably the most likely adjustment that may
764 be required, but by no means the only one.</P
772 >4.12. Can Privoxy act as a <SPAN
776 speed up web browsing?</A
779 > No, it does not have this ability at all. You want something like
781 HREF="http://www.squid-cache.org/"
786 HREF="http://www.pps.jussieu.fr/~jch/software/polipo/"
790 And, yes, before you ask, <SPAN
794 with other kinds of proxies like <SPAN
799 HREF="../user-manual/config.html#FORWARDING"
804 HREF="../user-manual/index.html"
816 >4.13. What about as a firewall? Can Privoxy protect me?</A
819 > Not in the way you mean, or in the way some firewall vendors claim they can.
823 > can help protect your privacy, but can't
824 protect your system from intrusion attempts. It is, of course, perfectly possible
839 >4.14. I have large empty spaces / a checkerboard pattern now where
840 ads used to be. Why?</A
843 > It is technically possible to eliminate banners and ads in a way that frees
844 their allocated page space. This could easily be done by blocking with
849 and eliminating the <SPAN
855 > image references from the
856 HTML page source. </P
858 > But, this would consume considerably more CPU resources (IOW, slow things
859 down), would likely destroy the layout of some web pages which rely on the
860 banners utilizing a certain amount of page space, and might fail in other
861 cases, where the screen space is reserved (e.g. by HTML tables for instance).
862 Also, making ads and banners disappear without any trace complicates
863 troubleshooting, and would sooner or later be problematic.</P
865 > The better alternative is to instead let them stay, and block the resulting
866 requests for the banners themselves as is now the case. This leaves either
867 empty space, or the familiar checkerboard pattern.</P
869 > So the developers won't support this in the default configuration, but you
870 can of course define appropriate filters yourself to achieve this.</P
878 >4.15. How can Privoxy filter Secure (HTTPS) URLs?</A
881 > Since secure HTTP connections are encrypted SSL sessions between your browser
882 and the secure site, and are meant to be reliably <SPAN
889 there is little that <SPAN
892 > can do but hand the raw
893 gibberish data though from one end to the other unprocessed.</P
895 > The only exception to this is blocking by host patterns, as the client needs
899 > the name of the remote server,
903 > can establish the connection.
904 If that name matches a host-only pattern, the connection will be blocked.</P
906 > As far as ad blocking is concerned, this is less of a restriction than it may
907 seem, since ad sources are often identifiable by the host name, and often
908 the banners to be placed in an encrypted page come unencrypted nonetheless
909 for efficiency reasons, which exposes them to the full power of
917 >"Content cookies"</SPAN
918 > (those that are embedded in the actual HTML or
919 JS page content, see <TT
922 HREF="../user-manual/actions-file.html#FILTER-CONTENT-COOKIES"
924 >filter{content-cookies}</A
927 in an SSL transaction will be impossible to block under these conditions.
928 Fortunately, this does not seem to be a very common scenario since most
929 cookies come by traditional means.</P
937 >4.16. Privoxy runs as a <SPAN
941 secure is it? Do I need to take any special precautions?</A
944 > On Unix-like systems, <SPAN
947 > can run as a non-privileged
948 user, which is how we recommend it be run. Also, by default
952 > listens to requests from <SPAN
958 > The server aspect of <SPAN
961 > is not itself directly
962 exposed to the Internet in this configuration. If you want to have
966 > serve as a LAN proxy, this will have to
967 be opened up to allow for LAN requests. In this case, we'd recommend
968 you specify only the LAN gateway address, e.g. 192.168.1.1, in the main
972 > configuration file and check all <A
973 HREF="../user-manual/config.html#ACCESS-CONTROL"
975 >access control and security
977 >. All LAN hosts can then use this as their proxy address
978 in the browser proxy configuration, but <SPAN
982 will not listen on any external interfaces. ACLs can be defined in addition,
983 and using a firewall is always good too. Better safe than sorry.</P
991 >4.17. Can I temporarily disable Privoxy?</A
997 > doesn't have a transparent proxy mode,
998 but you can toggle off blocking and content filtering.</P
1000 > The easiest way to do that is to point your browser
1001 to the remote toggle URL: <A
1002 HREF="http://config.privoxy.org/toggle"
1004 >http://config.privoxy.org/toggle</A
1008 HREF="../user-manual/appendix.html#BOOKMARKLETS"
1010 >Bookmarklets section</A
1015 > for an easy way to access this
1016 feature. Note that this is a feature that may need to be enabled in the main
1031 > is Privoxy totally
1032 out of the picture?</A
1035 > No, this just means all optional filtering and actions are disabled.
1039 > is still acting as a proxy, but just
1040 doing less of the things that <SPAN
1044 normally be expected to do. It is still a <SPAN
1048 the interaction between your browser and web sites. See below to bypass
1057 >4.19. How can I tell Privoxy to totally ignore certain sites?</A
1060 > Bypassing a proxy, or proxying based on arbitrary criteria, is purely a browser
1061 configuration issue, not a <SPAN
1064 > issue. Modern browsers typically do have
1065 settings for not proxying certain sites. Check your browser's help files.</P
1073 >4.20. My logs show Privoxy <SPAN
1077 ads, but also its own internal CGI pages. What is a <SPAN
1086 > simply means <SPAN
1096 >, nothing more. Often this is indeed ads or
1100 > uses the same mechanism for
1101 trapping requests for its own internal pages. For instance, a request for
1105 > configuration page at: <A
1106 HREF="http://config.privoxy.org"
1108 >http://config.privoxy.org</A
1110 intercepted (i.e. it does not go out to the 'net), and the familiar CGI
1111 configuration is returned to the browser, and the log consequently will show
1117 > Since version 3.0.7, Privoxy will also log the crunch reason.
1118 If you are using an older version you might want to upgrade.</P
1126 >4.21. Can Privoxy effect files that I download
1127 from a webserver? FTP server?</A
1130 > From the webserver's perspective, there is no difference between
1131 viewing a document (i.e. a page), and downloading a file. The same is true of
1135 >. If there is a match for a <TT
1138 HREF="../user-manual/actions-file.html#BLOCK"
1143 it will still be blocked, and of course this is obvious.
1146 > Filtering is potentially more of a concern since the results are not always
1147 so obvious, and the effects of filtering are there whether the file is simply
1148 viewed, or downloaded. And potentially whether the content is some obnoxious
1149 advertisement, or Mr. Jimmy's latest/greatest source code jewel. Of course,
1150 one of these presumably is <SPAN
1153 > content that we don't want, and
1157 > content that we do want.
1161 > is blind to the differences, and can only
1164 >"good from bad"</SPAN
1165 > by the configuration parameters
1177 > knows the differences in files according
1180 >"Content Type"</SPAN
1181 > as reported by the webserver. If this is
1182 reported accurately (e.g. <SPAN
1184 >"application/zip"</SPAN
1185 > for a zip archive),
1189 > knows to ignore these where
1193 > potentially can filter HTML
1194 as well as plain text documents, subject to configuration parameters of
1195 course. Also, documents that are of an unknown type (generally assumed to be
1199 >) can be filtered, as will those that might be
1200 incorrectly reported by the webserver. If such a file is a downloaded file
1201 that is intended to be saved to disk, then any content that might have been
1202 altered by filtering, will be saved too, for these (probably rare) cases.</P
1204 > Note that versions later than 3.0.2 do NOT filter document types reported as
1208 >. Prior to this, <SPAN
1212 did filter this document type.</P
1214 > In short, filtering is <SPAN
1217 > if a) the content type as reported
1218 by the webserver is appropriate <SPAN
1224 > b) the configuration
1225 allows it (or at least does not disallow it). That's it. There is no magic
1226 cookie anywhere to say this is <SPAN
1233 >. It's the configuration that lets it all happen or not.</P
1235 > If you download text files, you probably do not want these to be filtered,
1236 particularly if the content is source code, or other critical content. Source
1237 code sometimes might be mistaken for Javascript (i.e. the kind that might
1238 open a pop-up window). It is recommended to turn off filtering for download
1239 sites (particularly if the content may be plain text files and you are using
1240 version 3.0.2 or earlier) in your <TT
1244 also, for any site or page where making <SPAN
1251 all to the content is to be avoided.</P
1256 > does not do FTP at all, only HTTP
1257 and HTTPS (SSL) protocols.</P
1265 >4.22. I just downloaded a Perl script, and Privoxy
1266 altered it! Yikes, what is wrong!</A
1269 > Please read above.</P
1277 >4.23. Should I continue to use a <SPAN
1280 > file for ad-blocking?</A
1283 > One time-tested technique to defeat common ads is to trick the local DNS
1284 system by giving a phony IP address for the ad generator in the local
1288 > file, typically using <TT
1295 >. This effectively blocks the ad.</P
1297 > There is no reason to use this technique in conjunction with
1305 does essentially the same thing, much more elegantly and with much more
1306 flexibility. A large <TT
1309 > file, in fact, not only
1310 duplicates effort, but may get in the way and seriously slow down your system.
1311 It is recommended to remove such entries from your <TT
1314 > file. If you think
1315 your hosts list is neglected by <SPAN
1319 configuration, consider adding your list to your <TT
1335 ads.galore.example.com
1336 etc.example.com</PRE
1348 >4.24. Where can I find more information about Privoxy
1349 and related issues?</A
1352 > Other references and sites of interest to <SPAN
1366 HREF="http://www.privoxy.org/"
1368 >http://www.privoxy.org/</A
1389 HREF="http://www.privoxy.org/faq/"
1391 >http://www.privoxy.org/faq/</A
1412 HREF="http://sourceforge.net/projects/ijbswa/"
1414 >http://sourceforge.net/projects/ijbswa/</A
1416 the Project Page for <SPAN
1421 HREF="http://sourceforge.net"
1440 HREF="http://config.privoxy.org/"
1442 >http://config.privoxy.org/</A
1444 the web-based user interface. <SPAN
1448 running for this to work. Shortcut: <A
1468 HREF="http://sourceforge.net/tracker/?group_id=11118&atid=460288"
1470 >http://sourceforge.net/tracker/?group_id=11118&atid=460288</A
1475 configuration related suggestions to the developers.
1492 HREF="http://www.junkbusters.com/ht/en/cookies.html"
1494 >http://www.junkbusters.com/ht/en/cookies.html</A
1496 an explanation how cookies are used to track web users.
1512 HREF="http://www.junkbusters.com/ijb.html"
1514 >http://www.junkbusters.com/ijb.html</A
1516 the original Internet Junkbuster.
1532 HREF="http://privacy.net/"
1534 >http://privacy.net/</A
1536 to check what information about you is leaked while you browse the web.
1552 HREF="http://www.squid-cache.org/"
1554 >http://www.squid-cache.org/</A
1556 caching proxy, which is often used together with <SPAN
1575 HREF="http://www.pps.jussieu.fr/~jch/software/polipo/"
1577 >http://www.pps.jussieu.fr/~jch/software/polipo/</A
1582 > is a caching proxy with advanced features
1583 like pipelining, multiplexing and caching of partial instances. In many setups
1584 it can be used as <SPAN
1603 HREF="http://tor.eff.org/"
1605 >http://tor.eff.org/</A
1610 > can help anonymize web browsing,
1611 web publishing, instant messaging, IRC, SSH, and other applications.
1627 HREF="http://www.privoxy.org/developer-manual/"
1629 >http://www.privoxy.org/developer-manual/</A
1649 >4.25. I've noticed that Privoxy changes <SPAN
1656 >! Why are you manipulating my browsing?</A
1659 > We're not. The text substitutions that you are seeing are disabled
1660 in the default configuration as shipped. You have either manually
1668 is clearly labeled <SPAN
1670 >"Text replacements for subversive browsing
1672 > or you are using an older Privoxy version and have implicitly
1673 activated it by choosing the <SPAN
1677 web-based editor. Please upgrade.</P
1685 >4.26. Does Privoxy produce <SPAN
1688 > HTML (or XHTML)?</A
1691 > Privoxy generates HTML in both its own <SPAN
1695 whenever there are text substitutions via a <SPAN
1698 > filter. While this
1699 should always conform to the HTML 4.01 specifications, it has not been
1700 validated against this or any other standard. </P
1708 SUMMARY="Footer navigation table"
1719 HREF="configuration.html"
1757 >Troubleshooting</TD