7 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
10 TITLE="Privoxy Frequently Asked Questions"
11 HREF="index.html"><LINK
14 HREF="configuration.html"><LINK
16 TITLE="Troubleshooting"
17 HREF="trouble.html"><LINK
20 HREF="../p_doc.css"></HEAD
31 SUMMARY="Header navigation table"
40 >Privoxy Frequently Asked Questions</TH
48 HREF="configuration.html"
86 >4.1. How much does Privoxy slow my browsing down? This
87 has to add extra time to browsing.</H3
89 > How much of an impact depends on many things, including the CPU of the host
90 system, how aggressive the configuration is, which specific actions are being triggered,
91 the size of the page, etc.</P
93 > Overall, it should not slow you down any in real terms, and may actually help
94 speed things up since ads, banners and other junk are not typically being
95 retrieved and displayed. The actual processing time required by
99 > itself for each page, is relatively small
100 in the overall scheme of things, and happens very quickly. This is typically
101 more than offset by time saved not downloading and rendering ad images (if ad
102 blocking is being used).</P
107 > content via the <TT
110 HREF="../user-manual/actions-file.html#FILTER"
118 HREF="../user-manual/actions-file.html#DEANIMATE-GIFS"
123 actions will certainly cause a perceived slowdown, since the entire document
124 needs to be buffered before displaying. And on very large documents, there may be
125 some impact. How much depends on the page size, the actual definition of the
126 filter(s), etc. See below. Most other actions have little to no impact on
136 >4.2. I notice considerable
137 delays in page requests compared to the old Junkbuster. What's wrong?</H3
142 HREF="../user-manual/actions-file.html#FILTER"
147 such as filtering banners by size, web-bugs etc, or the <TT
150 HREF="../user-manual/actions-file.html#DEANIMATE-GIFS"
155 action, the entire document must be loaded into memory in order for the filtering
156 mechanism to work, and nothing is sent to the browser during this time.</P
158 > The loading time typically does not really change much in real numbers, but
159 the feeling is different, because most browsers are able to start rendering
160 incomplete content, giving the user a feeling of "it works". This effect is
161 more noticeable on slower dialup connections. Extremely large documents
162 may have some impact on the time to load the page where there is filtering
163 being done. But overall, the difference should be very minimal. If there is a
164 big impact, then probably some other problem is contributing.
167 > Filtering is automatically disabled for inappropriate MIME types. But note
168 that if the web server mis-reports the MIME type, then content that should
169 not be filtered, could be. <SPAN
173 to differentiate filterable content because of the MIME type as reported by
174 the server, or because of some configuration setting that enables/disables
184 >4.3. What are "http://config.privoxy.org/" and
188 HREF="http://config.privoxy.org/"
190 >http://config.privoxy.org/</A
195 >'s built-in user interface, and
200 > is a shortcut for it.</P
205 > sits between your web browser and the Internet,
206 it can simply intercept requests for these addresses and answer them with its built-in
212 > This also makes for a good test for your browser configuration: If entering the
214 HREF="http://config.privoxy.org/"
216 >http://config.privoxy.org/</A
218 takes you to a page saying <SPAN
220 >"This is Privoxy ..."</SPAN
222 If you get a page saying <SPAN
224 >"Privoxy is not working"</SPAN
226 your browser didn't use <SPAN
230 hence it could not be intercepted, and you have accessed the <SPAN
237 web site at config.privoxy.org.</P
239 > With recent versions of <SPAN
243 later), the user interface features information on the run time status, the
244 configuration, and even a built-in editor for the <A
245 HREF="../user-manual/actions-file.html"
250 > Note that the built-in URLs from earlier versions of <SPAN
257 >, http://example.com/show-proxy-args and http://i.j.b/,
258 are no longer supported. If you still use such an old version, you should really consider
259 upgrading to 3.0.5.</P
268 >4.4. How can I submit new ads, or report
275 various ways to interact with the developers.</P
284 >4.5. Why doesn't anyone answer my support
287 >Rest assured that it has been read and considered. Why it is not answered,
288 could be for various reasons, including no one has a good answer for it, no
289 one has had time to yet investigate it thoroughly, it has been reported
290 numerous times already, or because not enough information was provided to help
291 us help you. Your efforts are not wasted, and we do appreciate them.</P
300 >4.6. How can I hide my IP address?</H3
302 > If you run both the browser and the proxy locally, you cannot hide your IP
306 > or ultimately any other
307 software. The server needs to know your IP address so that it knows where to
308 send the responses back. </P
310 > There are many publicly usable "anonymous" proxies out there, which
311 provide a further level of indirection between you and the web server.</P
313 > However, these proxies are called "anonymous" because you don't need
314 a password, not because they would offer any real anonymity.
315 Most of them will log your IP address and make it available to the
316 authorities in case you violate the law of the country they run in. In fact
317 you can't even rule out that some of them only exist to *collect* information
318 on (those suspicious) people with a more than average preference for privacy.</P
320 > Your best bet is to chain <SPAN
325 HREF="http://tor.eff.org/"
330 HREF="http://www.eff.org/"
333 > supported onion routing system.
334 The configuration details can be found in
341 > together with <SPAN
355 >4.7. Can Privoxy guarantee I am anonymous?</H3
357 > No. Your chances of remaining anonymous are greatly improved, but unless you
369 or a similar system and know what you're doing when it comes to configuring
370 the rest of your system, it would be safest to assume that everything you do
371 on the Web can be traced back to you.</P
376 > can remove various information about you,
383 > more freedom to decide which sites
384 you can trust, and what details you want to reveal. But it neither
385 hides your ip address, nor can it guarantee that the rest of the system
386 behaves correctly. There are several possibilities how a web sites can find
387 out who you are, even if you are using a strict <SPAN
391 configuration and chained it with <SPAN
399 > protection can be easily subverted
400 by an insecure browser configuration, therefore you should use a browser that can
401 be configured to only execute code from trusted sites, and be careful which sites you trust.
402 For example there is no point in having <SPAN
406 modify the User-Agent header, if websites can get all the information they want
407 through JavaScript, ActiveX, Flash, Java etc.</P
409 > A few browsers disclose the user's email address in certain situations, such
410 as when transferring a file by FTP. <SPAN
414 does not filter FTP. If you need this feature, or are concerned about the
415 mail handler of your browser disclosing your email address, you might
416 consider products such as <SPAN
421 > Browsers available only as binaries could use non-standard headers to give
422 out any information they can have access to: see the manufacturer's license
423 agreement. It's impossible to anticipate and prevent every breach of privacy
424 that might occur. The professionally paranoid prefer browsers available as
425 source code, because anticipating their behavior is easier. Trust the source,
435 >4.8. A test site says I am not using a Proxy.</H3
437 > Good! Actually, they are probably testing for some other kinds of proxies.
438 Hiding yourself completely would require additional steps.</P
447 >4.9. How do I use Privoxy
448 together with Tor?</H3
450 > Before you configure <SPAN
458 HREF="http://tor.eff.org/"
460 >http://tor.eff.org/</A
462 please follow the User Manual chapters
464 HREF="../user-manual/installation.html"
469 HREF="../user-manual/startup.html"
476 > itself is setup correctly.</P
479 If it is, refer to <A
480 HREF="http://tor.eff.org/documentation.html.en"
483 extensive documentation</A
484 > to learn how to install <SPAN
491 >'s logfile says that
494 >"Tor has successfully opened a circuit"</SPAN
498 >"looks like client functionality is working"</SPAN
508 isn't working, their combination most likely will neither. Testing them on their
509 own will also help you to direct problem reports to the right audience.
513 > isn't working, don't bother the
517 > developers. If <SPAN
521 isn't working, don't send bug reports to the <SPAN
526 > If you verified that <SPAN
533 are working, it is time to connect them. As far as <SPAN
540 > is just another proxy that can be reached
541 by socks4 or socks4a. Most likely you are interested in <SPAN
545 to increase your anonymity level, therefore you should use socks4a,
553 > and thus invisible to your local network.</P
558 > 3.0.5, its configuration (section 5.2)
559 is already prepared for <SPAN
562 >, if you are using a
566 > configuration and run it on the same
570 >, you just have to uncomment the line:</P
580 ># forward-socks4a / 127.0.0.1:9050 .
587 > This is enough to reach the Internet, but additionally you should
588 uncomment the following forward rules, to make sure your local network is still
589 reachable through Privoxy:</P
599 ># forward 192.168.*.*/ .
600 # forward 10.*.*.*/ .
601 # forward 127.*.*.*/ .
608 > Unencrypted connections to systems in these address ranges will
609 be as (un)secure as the local network is, but the alternative is
610 that you can't reach the network at all.
611 If you also want to be able to reach servers in your local
612 network by using their names, you will need additional
613 exceptions that look like this:</P
623 ># forward localhost/ .
630 > Save the modified configuration file and open
632 HREF="http://config.privoxy.org/show-status"
634 >http://config.privoxy.org/show-status/</A
636 in your browser, confirm that <SPAN
639 > has reloaded its configuration
640 and that there are no other forward lines, unless you know that you need them. I everything looks good,
643 HREF="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-0e1cc2ac330ede8c6ad1ac0d0db0ac163b0e6143"
647 > to learn how to verify that you are really using <SPAN
652 > Afterward, please take the time to at least skim through the rest
656 > documentation. Make sure you understand
660 > does, why it is no replacement for
661 application level security, and why you shouldn't use it for unencrypted logins.</P
670 >4.10. Might some things break because header information or
671 content is being altered?</H3
673 > Definitely. More and more sites use HTTP header content to decide what to
674 display and how to display it. There is many ways that this can be handled,
675 so having hard and fast rules, is tricky.</P
680 > in particular is often used in this way to identify
681 the browser, and adjust content accordingly. Changing this now (at least not
682 further than removing the OS information) is not recommended, since so many
683 sites do look for it. You may get undesirable results by changing this.</P
685 > For instance, different browsers use different encodings of Russian and Czech
686 characters, certain web servers convert pages on-the-fly according to the
687 User Agent header. Giving a <SPAN
691 operating system or browser manufacturer causes some sites in these languages
692 to be garbled; Surfers to Eastern European sites should change it to
693 something closer. And then some page access counters work by looking at the
697 > header; they may fail or break if unavailable. The
698 weather maps of Intellicast have been blocked by their server when no
702 > or cookie is provided, is another example. (But you
703 can forge both headers without giving information away). There are
704 many other ways things can go wrong when trying to fool a web server.</P
706 > Similar thoughts apply to modifying JavaScript, and, to a lesser degree,
709 > If you have problems with a site, you will have to adjust your configuration
710 accordingly. Cookies are probably the most likely adjustment that may
711 be required, but by no means the only one.</P
720 >4.11. Can Privoxy act as a <SPAN
724 speed up web browsing?</H3
726 > No, it does not have this ability at all. You want something like
728 HREF="http://www.squid-cache.org/"
731 > for this. And, yes,
732 before you ask, <SPAN
736 with other kinds of proxies like <SPAN
741 HREF="../user-manual/config.html#FORWARDING"
746 HREF="../user-manual/index.html"
759 >4.12. What about as a firewall? Can Privoxy protect me?</H3
761 > Not in the way you mean, or in the way a true firewall can.
765 > can help protect your privacy, but not
766 protect you from intrusion attempts. It is, of course, perfectly possible
767 and recommended to use <SPAN
782 >4.13. I have large empty spaces / a checkerboard pattern now where
783 ads used to be. Why?</H3
785 > It would be technically possible eliminate the banners in a way that frees
786 their screen estate in many cases, by doing all banner blocking with filters,
787 i.e. eliminating the whole image references from the HTML pages instead
788 of letting them stay in, and blocking the resulting requests for the
789 banners themselves.</P
791 > But this would consume considerable CPU resources, would likely destroy
792 the layout of many web pages which rely on the banners consuming a certain
793 amount of screen space, and would fail in other cases, where the screen space
794 is reserved e.g. by tables anyway. Also, making the banners disappear without
795 a visual trace complicates troubleshooting.</P
797 > So we won't support this in the default configuration, but you can of course
798 define appropriate filters yourself.</P
807 >4.14. How can Privoxy filter Secure (HTTPS) URLs?</H3
809 > Since secure HTTP connections are encrypted SSL sessions between your browser
810 and the secure site, and are meant to be reliably <SPAN
817 there is little that <SPAN
820 > can do but hand the raw
821 gibberish data though from one end to the other unprocessed.</P
823 > The only exception to this is blocking by host patterns, as the client needs
827 > the name of the remote server,
831 > can establish the connection.
832 If that name matches a host-only pattern, the connection will be blocked.</P
834 > As far as ad blocking is concerned, this is less of a restriction than it may
835 seem, since ad sources are often identifiable by the host name, and often
836 the banners to be placed in an encrypted page come unencrypted nonetheless
837 for efficiency reasons, which exposes them to the full power of
845 >"Content cookies"</SPAN
846 > (those that are embedded in the actual HTML or
847 JS page content, see <TT
850 HREF="../user-manual/actions-file.html#FILTER-CONTENT-COOKIES"
852 >filter{content-cookies}</A
855 in an SSL transaction will be impossible to block under these conditions.
856 Fortunately, this does not seem to be a very common scenario since most
857 cookies come by traditional means.</P
866 >4.15. Privoxy runs as a <SPAN
870 secure is it? Do I need to take any special precautions?</H3
872 > There are no known exploits that might affect
876 >. On Unix-like systems,
880 > can run as a non-privileged
881 user, which is how we recommend it be run. Also, by default
885 > only listens to requests
889 > only. The server aspect of
893 > is not itself directly exposed to the
894 Internet in this configuration. If you want to have
898 > serve as a LAN proxy, this will have to
899 be opened up to allow for LAN requests. In this case, we'd recommend
900 you specify only the LAN gateway address, e.g. 192.168.1.1, in the main
904 > configuration file and check all <A
905 HREF="../user-manual/config.html#ACCESS-CONTROL"
907 >access control and security
909 >. All LAN hosts can then use this as their proxy address
910 in the browser proxy configuration, but <SPAN
914 will not listen on any external interfaces. ACLs can be defined in addition,
915 and using a firewall is always good too. Better safe than sorry.</P
924 >4.16. How can I temporarily disable Privoxy?</H3
926 > The easiest way is to access <SPAN
930 browser by using the remote toggle URL: <A
931 HREF="http://config.privoxy.org/toggle"
933 >http://config.privoxy.org/toggle</A
936 HREF="../user-manual/appendix.html#BOOKMARKLETS"
938 >Bookmarklets section</A
943 > for an easy way to access this
957 out of the picture?</H3
959 > No, this just means all filtering and actions are disabled.
963 > is still acting as a proxy, but just not
964 doing any of the things that <SPAN
968 normally be expected to do. It is still a <SPAN
972 the interaction between your browser and web sites.</P
981 >4.18. My logs show Privoxy <SPAN
985 ads, but also its own internal CGI pages. What is a <SPAN
1003 >, nothing more. Often this is indeed ads or
1007 > uses the same mechanism for
1008 trapping requests for its own internal pages. For instance, a request for
1012 > configuration page at: <A
1013 HREF="http://config.privoxy.org"
1015 >http://config.privoxy.org</A
1017 intercepted (i.e. it does not go out to the 'net), and the familiar CGI
1018 configuration is returned to the browser, and the log consequently will show
1031 >4.19. Can Privoxy effect files that I download
1032 from a webserver? FTP server?</H3
1034 > From the webserver's perspective, there is no difference between
1035 viewing a document (i.e. a page), and downloading a file. The same is true of
1039 >. If there is a match for a <TT
1042 HREF="../user-manual/actions-file.html#BLOCK"
1047 it will still be blocked, and of course this is obvious.
1050 > Filtering is potentially more of a concern since the results are not always
1051 so obvious, and the effects of filtering are there whether the file is simply
1052 viewed, or downloaded. And potentially whether the content is some obnoxious
1053 advertisement, or Mr. Jimmy's latest/greatest source code jewel. Of course,
1054 one of these presumably is <SPAN
1057 > content that we don't want, and
1061 > content that we do want.
1065 > is blind to the differences, and can only
1068 >"good from bad"</SPAN
1069 > by the configuration parameters
1081 > knows the differences in files according
1084 >"Document Type"</SPAN
1085 > as reported by the webserver. If this is
1086 reported accurately (e.g. <SPAN
1088 >"application/zip"</SPAN
1089 > for a zip archive),
1093 > knows to ignore these where
1097 > potentially can filter HTML
1098 as well as plain text documents, subject to configuration parameters of
1099 course. Also, documents that are of an unknown type (generally assumed to be
1103 >) can be filtered, as will those that might be
1104 incorrectly reported by the webserver. If such a file is a downloaded file
1105 that is intended to be saved to disk, then any content that might have been
1106 altered by filtering, will be saved too, for these (probably rare) cases.</P
1108 > Note that versions later than 3.0.2 do NOT filter document types reported as
1112 >. Prior to this, <SPAN
1116 did filter this document type.</P
1118 > In short, filtering is <SPAN
1121 > if a) the Document Type as reported
1122 by the webserver is appropriate <SPAN
1128 > b) the configuration
1129 allows it (or at least does not disallow it). That's it. There is no magic
1130 cookie anywhere to say this is <SPAN
1137 >. It's the configuration that let's it all happen or not.</P
1139 > If you download text files, you probably do not want these to be filtered,
1140 particularly if the content is source code, or other critical content. Source
1141 code sometimes might be mistaken for Javascript (i.e. the kind that might
1142 open a pop-up window). It is recommended to turn off filtering for download
1143 sites (particularly if the content may be plain text files and you are using
1144 version 3.0.2 or earlier) in your <TT
1148 also, for any site or page where making <SPAN
1155 all to the content is to be avoided.</P
1160 > does not do FTP at all, only HTTP
1161 and HTTPS (SSL) protocols, so please don't try.</P
1170 >4.20. I just downloaded a Perl script, and Privoxy
1171 altered it! Yikes, what is wrong!</H3
1173 > Please read above.</P
1182 >4.21. Should I continue to use a <SPAN
1185 > file for ad-blocking?</H3
1187 > One time-tested technique to defeat common ads is to trick the local DNS
1188 system by giving a phony IP address for the ad generator in the local
1192 > file, typically using <TT
1199 >. This effectively blocks the ad.</P
1201 > There is no reason to use this technique in conjunction with
1209 does essentially the same thing, much more elegantly and with much more
1210 flexibility. A large <TT
1213 > file, in fact, not only
1214 duplicates effort, but may get in the way. It is recommended to remove
1215 such entries from your <TT
1218 > file. If you think
1219 your hosts list is neglected by <SPAN
1223 configuration, consider adding your list to your <TT
1239 ads.galore.example.com
1240 etc.example.com</PRE
1253 >4.22. Where can I find more information about Privoxy
1254 and related issues?</H3
1256 > Other references and sites of interest to <SPAN
1270 HREF="http://www.privoxy.org/"
1272 >http://www.privoxy.org/</A
1293 HREF="http://www.privoxy.org/faq/"
1295 >http://www.privoxy.org/faq/</A
1316 HREF="http://sourceforge.net/projects/ijbswa/"
1318 >http://sourceforge.net/projects/ijbswa/</A
1320 the Project Page for <SPAN
1325 HREF="http://sourceforge.net"
1344 HREF="http://config.privoxy.org/"
1346 >http://config.privoxy.org/</A
1348 the web-based user interface. <SPAN
1352 running for this to work. Shortcut: <A
1372 HREF="http://sourceforge.net/tracker/?group_id=11118&atid=460288"
1374 >http://sourceforge.net/tracker/?group_id=11118&atid=460288</A
1379 configuration related suggestions to the developers.
1396 HREF="http://www.junkbusters.com/ht/en/cookies.html"
1398 >http://www.junkbusters.com/ht/en/cookies.html</A
1400 an explanation how cookies are used to track web users.
1416 HREF="http://www.junkbusters.com/ijb.html"
1418 >http://www.junkbusters.com/ijb.html</A
1420 the original Internet Junkbuster.
1437 HREF="http://privacy.net/"
1439 >http://privacy.net/</A
1441 to check what information about you is leaked while you browse the web.
1457 HREF="http://www.squid-cache.org/"
1459 >http://www.squid-cache.org/</A
1461 caching proxy, which is often used together with <SPAN
1480 HREF="http://tor.eff.org/"
1482 >http://tor.eff.org/</A
1487 > can help anonymize web browsing,
1488 web publishing, instant messaging, IRC, SSH, and other applications.
1504 HREF="http://www.privoxy.org/developer-manual/"
1506 >http://www.privoxy.org/developer-manual/</A
1527 >4.23. I've noticed that Privoxy changes <SPAN
1534 >! Why are you manipulating my browsing?</H3
1536 > We're not. The text substitutions that you are seeing are disabled
1537 in the default configuration as shipped. You have either manually
1545 is clearly labeled <SPAN
1547 >"Text replacements for subversive browsing
1549 > or you are using an older Privoxy version and have implicitly
1550 activated it by choosing the <SPAN
1552 >"Adventuresome"</SPAN
1554 web-based editor. Please upgrade!</P
1562 SUMMARY="Footer navigation table"
1573 HREF="configuration.html"
1611 >Troubleshooting</TD