1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
8 CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
10 TITLE="Privoxy Frequently Asked Questions"
11 HREF="index.html"><LINK
14 HREF="configuration.html"><LINK
16 TITLE="Troubleshooting"
17 HREF="trouble.html"><LINK
20 HREF="../p_doc.css"></HEAD
31 SUMMARY="Header navigation table"
40 >Privoxy Frequently Asked Questions</TH
48 HREF="configuration.html"
85 >4.1. How much does Privoxy slow my browsing down? This
86 has to add extra time to browsing.</A
89 > How much of an impact depends on many things, including the CPU of the host
90 system, how aggressive the configuration is, which specific actions are being triggered,
91 the size of the page, the bandwidth of the connection, etc.</P
93 > Overall, it should not slow you down any in real terms, and may actually help
94 speed things up since ads, banners and other junk are not typically being
95 retrieved and displayed. The actual processing time required by
99 > itself for each page, is relatively small
100 in the overall scheme of things, and happens very quickly. This is typically
101 more than offset by time saved not downloading and rendering ad images and
102 other junk content (if ad blocking is being used).</P
107 > content via the <TT
110 HREF="../user-manual/actions-file.html#FILTER"
118 HREF="../user-manual/actions-file.html#DEANIMATE-GIFS"
123 actions may cause a perceived slowdown, since the entire document
124 needs to be buffered before displaying. And on very large documents, filtering may have
125 some measurable impact. How much depends on the page size, the actual
126 definition of the filter(s), etc. See below. Most other actions have little
127 to no impact on speed.</P
129 > Also, when filtering is enabled but zlib support isn't available, compression
130 is often disabled (see <A
131 HREF="../user-manual/actions-file.html#PREVENT-COMPRESSION"
133 >prevent-compression</A
135 This can have an impact on speed as well. Again, the page size, etc. will
136 determine how much of an impact.</P
144 >4.2. I notice considerable
145 delays in page requests. What's wrong?</A
151 HREF="../user-manual/actions-file.html#FILTER"
156 such as filtering banners by size, web-bugs etc, or the <TT
159 HREF="../user-manual/actions-file.html#DEANIMATE-GIFS"
164 action, the entire document must be loaded into memory in order for the filtering
165 mechanism to work, and nothing is sent to the browser during this time.</P
167 > The loading time typically does not really change much in real numbers, but
168 the feeling is different, because most browsers are able to start rendering
169 incomplete content, giving the user a feeling of "it works". This effect is
170 more noticeable on slower dialup connections. Extremely large documents
171 may have some impact on the time to load the page where there is filtering
172 being done. But overall, the difference should be very minimal. If there is a
173 big impact, then probably some other situation is contributing (like
174 anti-virus software).
177 > Filtering is automatically disabled for inappropriate MIME types. But note
178 that if the web server mis-reports the MIME type, then content that should
179 not be filtered, could be. <SPAN
183 to differentiate filterable content because of the MIME type as reported by
184 the server, or because of some configuration setting that enables/disables
193 >4.3. What are "http://config.privoxy.org/" and
198 HREF="http://config.privoxy.org/"
200 >http://config.privoxy.org/</A
205 >'s built-in user interface, and
210 > is a shortcut for it.</P
215 > sits between your web browser and the Internet,
216 it can simply intercept requests for these addresses and answer them with its built-in
222 > This also makes for a good test for your browser configuration: If entering the
224 HREF="http://config.privoxy.org/"
226 >http://config.privoxy.org/</A
228 takes you to a page saying <SPAN
230 >"This is Privoxy ..."</SPAN
232 If you get a page saying <SPAN
234 >"Privoxy is not working"</SPAN
236 your browser didn't use <SPAN
240 hence it could not be intercepted, and you have accessed the <SPAN
247 web site at config.privoxy.org.</P
255 >4.4. How can I submit new ads, or report
263 various ways to interact with the developers.</P
271 >4.5. If I do submit missed ads, will
272 they be included in future updates?</A
275 > Whether such submissions are eventually included in the
279 > configuration file depends on how
280 significant the issue is. We of course want to address any potential
281 problem with major, high-profile sites such as <I
288 >, etc. Any site with global or regional reach,
289 has a good chance of being a candidate. But at the other end of the spectrum
290 are any number of smaller, low-profile sites such as for local clubs or
291 schools. Since their reach and impact are much less, they are best handled by
292 inclusion in the user's <TT
296 unlikely to be included. </P
304 >4.6. Why doesn't anyone answer my support
308 >Rest assured that it has been read and considered. Why it is not answered,
309 could be for various reasons, including no one has a good answer for it, no
310 one has had time to yet investigate it thoroughly, it has been reported
311 numerous times already, or because not enough information was provided to help
312 us help you. Your efforts are not wasted, and we do appreciate them.</P
320 >4.7. How can I hide my IP address?</A
323 > If you run both the browser and <SPAN
326 > locally, you cannot hide your IP
330 > or ultimately any other
331 software alone. The server needs to know your IP address so that it knows
332 where to send the responses back. </P
334 > There are many publicly usable "anonymous" proxies out there, which
335 provide a further level of indirection between you and the web server.</P
337 > However, these proxies are called "anonymous" because you don't need
338 to authenticate, not because they would offer any real anonymity.
339 Most of them will log your IP address and make it available to the
340 authorities in case you violate the law of the country they run in. In fact
341 you can't even rule out that some of them only exist to *collect* information
342 on (those suspicious) people with a more than average preference for privacy.</P
344 > Your best bet is to chain <SPAN
349 HREF="http://tor.eff.org/"
354 HREF="http://www.eff.org/"
357 > supported onion routing system.
358 The configuration details can be found in
379 >4.8. Can Privoxy guarantee I am anonymous?</A
382 > No. Your chances of remaining anonymous are greatly improved, but unless you
394 or a similar system and know what you're doing when it comes to configuring
395 the rest of your system, it would be safest to assume that everything you do
396 on the Web can be traced back to you.</P
401 > can remove various information about you,
408 > more freedom to decide which sites
409 you can trust, and what details you want to reveal. But it neither
410 hides your IP address, nor can it guarantee that the rest of the system
411 behaves correctly. There are several possibilities how a web sites can find
412 out who you are, even if you are using a strict <SPAN
416 configuration and chained it with <SPAN
424 > privacy-enhancing features can be easily subverted
425 by an insecure browser configuration, therefore you should use a browser that can
426 be configured to only execute code from trusted sites, and be careful which sites you trust.
427 For example there is no point in having <SPAN
431 modify the User-Agent header, if websites can get all the information they want
432 through JavaScript, ActiveX, Flash, Java etc.</P
434 > A few browsers disclose the user's email address in certain situations, such
435 as when transferring a file by FTP. <SPAN
439 does not filter FTP. If you need this feature, or are concerned about the
440 mail handler of your browser disclosing your email address, you might
441 consider products such as <SPAN
446 > Browsers available only as binaries could use non-standard headers to give
447 out any information they can have access to: see the manufacturer's license
448 agreement. It's impossible to anticipate and prevent every breach of privacy
449 that might occur. The professionally paranoid prefer browsers available as
450 source code, because anticipating their behavior is easier. Trust the source,
459 >4.9. A test site says I am not using a Proxy.</A
462 > Good! Actually, they are probably testing for some other kinds of proxies.
463 Hiding yourself completely would require additional steps.</P
471 >4.10. How do I use Privoxy
472 together with Tor?</A
475 > Before you configure <SPAN
480 HREF="https://www.torproject.org/"
489 HREF="../user-manual/installation.html"
494 HREF="../user-manual/startup.html"
501 > itself is setup correctly.</P
504 If it is, refer to <A
505 HREF="https://www.torproject.org/documentation.html"
508 extensive documentation</A
509 > to learn how to install <SPAN
516 >'s logfile says that
519 >"Tor has successfully opened a circuit"</SPAN
523 >"looks like client functionality is working"</SPAN
533 isn't working, their combination most likely will neither. Testing them on their
534 own will also help you to direct problem reports to the right audience.
538 > isn't working, don't bother the
542 > developers. If <SPAN
546 isn't working, don't send bug reports to the <SPAN
551 > If you verified that <SPAN
558 are working, it is time to connect them. As far as <SPAN
565 > is just another proxy that can be reached
566 by socks4 or socks4a. Most likely you are interested in <SPAN
570 to increase your anonymity level, therefore you should use socks4a, to make sure DNS requests are
574 > and thus invisible to your local network.</P
581 HREF="../user-manual/config.html"
583 >main configuration file</A
585 is already prepared for <SPAN
588 >, if you are using a
592 > configuration and run it on the same
596 >, you just have to edit the
598 HREF="../user-manual/config.html#FORWARDING"
600 >forwarding section</A
602 and uncomment the line:</P
612 ># forward-socks4a / 127.0.0.1:9050 .
619 > This is enough to reach the Internet, but additionally you might want to
620 uncomment the following forward rules, to make sure your local network is still
621 reachable through Privoxy:</P
631 ># forward 192.168.*.*/ .
632 # forward 10.*.*.*/ .
633 # forward 127.*.*.*/ .
640 > Unencrypted connections to systems in these address ranges will
641 be as (un)secure as the local network is, but the alternative is
642 that your browser can't reach the network at all. Then again,
643 that may actually be desired and if you don't know for sure
644 that your browser has to be able to reach the local network,
645 there's no reason to allow it.</P
647 > If you want your browser to be able to reach servers in your local
648 network by using their names, you will need additional exceptions
649 that look like this:</P
659 ># forward localhost/ .
666 > Save the modified configuration file and open
668 HREF="http://config.privoxy.org/show-status"
670 >http://config.privoxy.org/show-status/</A
672 in your browser, confirm that <SPAN
675 > has reloaded its configuration
676 and that there are no other forward lines, unless you know that you need them. If everything looks good,
679 HREF="https://wiki.torproject.org/wiki/TheOnionRouter/TorFAQ#head-0e1cc2ac330ede8c6ad1ac0d0db0ac163b0e6143"
683 > to learn how to verify that you are really using <SPAN
688 > Afterward, please take the time to at least skim through the rest
692 > documentation. Make sure you understand
696 > does, why it is no replacement for
697 application level security, and why you shouldn't use it for unencrypted logins.</P
705 >4.11. Might some things break because header information or
706 content is being altered?</A
709 > Definitely. It is common for sites to use browser type, browser version,
710 HTTP header content, and various other techniques in order to dynamically
711 decide what to display and how to display it. What you see, and what I see,
712 might be very different. There are many, many ways that this can be handled,
713 so having hard and fast rules, is tricky.</P
718 > is sometimes used in this way to identify
719 the browser, and adjust content accordingly.</P
721 > Also, different browsers use different encodings of Russian and Czech
722 characters, certain web servers convert pages on-the-fly according to the
723 User Agent header. Giving a <SPAN
727 operating system or browser manufacturer causes some sites in these languages
728 to be garbled; Surfers to Eastern European sites should change it to
729 something closer. And then some page access counters work by looking at the
733 > header; they may fail or break if unavailable. The
734 weather maps of Intellicast have been blocked by their server when no
738 > or cookie is provided, is another example. (But you
739 can forge both headers without giving information away). There are
740 many other ways things that can go wrong when trying to fool a web server. The
741 results of which could inadvertently cause pages to load incorrectly,
742 partially, or even not at all. And there may be no obvious clues as to just
743 what went wrong, or why. Nowhere will there be a message that says
759 > Similar thoughts apply to modifying JavaScript, and, to a lesser degree,
762 > If you have problems with a site, you will have to adjust your configuration
763 accordingly. Cookies are probably the most likely adjustment that may
764 be required, but by no means the only one.</P
772 >4.12. Can Privoxy act as a <SPAN
776 speed up web browsing?</A
779 > No, it does not have this ability at all. You want something like
781 HREF="http://www.squid-cache.org/"
786 HREF="http://www.pps.jussieu.fr/~jch/software/polipo/"
790 And, yes, before you ask, <SPAN
794 with other kinds of proxies like <SPAN
799 HREF="../user-manual/config.html#FORWARDING"
804 HREF="../user-manual/index.html"
816 >4.13. What about as a firewall? Can Privoxy protect me?</A
819 > Not in the way you mean, or in the way some firewall vendors claim they can.
823 > can help protect your privacy, but can't
824 protect your system from intrusion attempts. It is, of course, perfectly possible
839 >4.14. I have large empty spaces / a checkerboard pattern now where
840 ads used to be. Why?</A
843 > It is technically possible to eliminate banners and ads in a way that frees
844 their allocated page space. This could easily be done by blocking with
849 and eliminating the <SPAN
855 > image references from the
856 HTML page source. </P
858 > But, this would consume considerably more CPU resources (IOW, slow things
859 down), would likely destroy the layout of some web pages which rely on the
860 banners utilizing a certain amount of page space, and might fail in other
861 cases, where the screen space is reserved (e.g. by HTML tables for instance).
862 Also, making ads and banners disappear without any trace complicates
863 troubleshooting, and would sooner or later be problematic.</P
865 > The better alternative is to instead let them stay, and block the resulting
866 requests for the banners themselves as is now the case. This leaves either
867 empty space, or the familiar checkerboard pattern.</P
869 > So the developers won't support this in the default configuration, but you
870 can of course define appropriate filters yourself to achieve this.</P
878 >4.15. How can Privoxy filter Secure (HTTPS) URLs?</A
881 > Since secure HTTP connections are encrypted SSL sessions between your browser
882 and the secure site, and are meant to be reliably <SPAN
889 there is little that <SPAN
892 > can do but hand the raw
893 gibberish data though from one end to the other unprocessed.</P
895 > The only exception to this is blocking by host patterns, as the client needs
899 > the name of the remote server,
903 > can establish the connection.
904 If that name matches a host-only pattern, the connection will be blocked.</P
906 > As far as ad blocking is concerned, this is less of a restriction than it may
907 seem, since ad sources are often identifiable by the host name, and often
908 the banners to be placed in an encrypted page come unencrypted nonetheless
909 for efficiency reasons, which exposes them to the full power of
917 >"Content cookies"</SPAN
918 > (those that are embedded in the actual HTML or
919 JS page content, see <TT
922 HREF="../user-manual/actions-file.html#FILTER-CONTENT-COOKIES"
924 >filter{content-cookies}</A
927 in an SSL transaction will be impossible to block under these conditions.
928 Fortunately, this does not seem to be a very common scenario since most
929 cookies come by traditional means.</P
937 >4.16. Privoxy runs as a <SPAN
941 secure is it? Do I need to take any special precautions?</A
944 > On Unix-like systems, <SPAN
947 > can run as a non-privileged
948 user, which is how we recommend it be run. Also, by default
952 > listens to requests from <SPAN
958 > The server aspect of <SPAN
961 > is not itself directly
962 exposed to the Internet in this configuration. If you want to have
966 > serve as a LAN proxy, this will have to
967 be opened up to allow for LAN requests. In this case, we'd recommend
968 you specify only the LAN gateway address, e.g. 192.168.1.1, in the main
972 > configuration file and check all <A
973 HREF="../user-manual/config.html#ACCESS-CONTROL"
975 >access control and security
977 >. All LAN hosts can then use this as their proxy address
978 in the browser proxy configuration, but <SPAN
982 will not listen on any external interfaces. ACLs can be defined in addition,
983 and using a firewall is always good too. Better safe than sorry.</P
991 >4.17. How can I temporarily disable Privoxy?</A
994 > The easiest way is to access <SPAN
998 browser by using the remote toggle URL: <A
999 HREF="http://config.privoxy.org/toggle"
1001 >http://config.privoxy.org/toggle</A
1004 HREF="../user-manual/appendix.html#BOOKMARKLETS"
1006 >Bookmarklets section</A
1011 > for an easy way to access this
1012 feature. Note that this is a feature that may need to be enabled in the main
1027 > is Privoxy totally
1028 out of the picture?</A
1031 > No, this just means all optional filtering and actions are disabled.
1035 > is still acting as a proxy, but just not
1036 doing any of the things that <SPAN
1040 normally be expected to do. It is still a <SPAN
1044 the interaction between your browser and web sites. See below to bypass
1053 >4.19. How can I tell Privoxy to totally ignore certain sites?</A
1056 > Bypassing a proxy, or proxying based on arbitrary criteria, is purely a browser
1057 configuration issue, not a <SPAN
1060 > issue. Modern browsers typically do have
1061 settings for not proxying certain sites. Check your browser's help files.</P
1069 >4.20. My logs show Privoxy <SPAN
1073 ads, but also its own internal CGI pages. What is a <SPAN
1082 > simply means <SPAN
1092 >, nothing more. Often this is indeed ads or
1096 > uses the same mechanism for
1097 trapping requests for its own internal pages. For instance, a request for
1101 > configuration page at: <A
1102 HREF="http://config.privoxy.org"
1104 >http://config.privoxy.org</A
1106 intercepted (i.e. it does not go out to the 'net), and the familiar CGI
1107 configuration is returned to the browser, and the log consequently will show
1113 > Since version 3.0.7, Privoxy will also log the crunch reason.
1114 If you are using an older version you might want to upgrade.</P
1122 >4.21. Can Privoxy effect files that I download
1123 from a webserver? FTP server?</A
1126 > From the webserver's perspective, there is no difference between
1127 viewing a document (i.e. a page), and downloading a file. The same is true of
1131 >. If there is a match for a <TT
1134 HREF="../user-manual/actions-file.html#BLOCK"
1139 it will still be blocked, and of course this is obvious.
1142 > Filtering is potentially more of a concern since the results are not always
1143 so obvious, and the effects of filtering are there whether the file is simply
1144 viewed, or downloaded. And potentially whether the content is some obnoxious
1145 advertisement, or Mr. Jimmy's latest/greatest source code jewel. Of course,
1146 one of these presumably is <SPAN
1149 > content that we don't want, and
1153 > content that we do want.
1157 > is blind to the differences, and can only
1160 >"good from bad"</SPAN
1161 > by the configuration parameters
1173 > knows the differences in files according
1176 >"Content Type"</SPAN
1177 > as reported by the webserver. If this is
1178 reported accurately (e.g. <SPAN
1180 >"application/zip"</SPAN
1181 > for a zip archive),
1185 > knows to ignore these where
1189 > potentially can filter HTML
1190 as well as plain text documents, subject to configuration parameters of
1191 course. Also, documents that are of an unknown type (generally assumed to be
1195 >) can be filtered, as will those that might be
1196 incorrectly reported by the webserver. If such a file is a downloaded file
1197 that is intended to be saved to disk, then any content that might have been
1198 altered by filtering, will be saved too, for these (probably rare) cases.</P
1200 > Note that versions later than 3.0.2 do NOT filter document types reported as
1204 >. Prior to this, <SPAN
1208 did filter this document type.</P
1210 > In short, filtering is <SPAN
1213 > if a) the content type as reported
1214 by the webserver is appropriate <SPAN
1220 > b) the configuration
1221 allows it (or at least does not disallow it). That's it. There is no magic
1222 cookie anywhere to say this is <SPAN
1229 >. It's the configuration that lets it all happen or not.</P
1231 > If you download text files, you probably do not want these to be filtered,
1232 particularly if the content is source code, or other critical content. Source
1233 code sometimes might be mistaken for Javascript (i.e. the kind that might
1234 open a pop-up window). It is recommended to turn off filtering for download
1235 sites (particularly if the content may be plain text files and you are using
1236 version 3.0.2 or earlier) in your <TT
1240 also, for any site or page where making <SPAN
1247 all to the content is to be avoided.</P
1252 > does not do FTP at all, only HTTP
1253 and HTTPS (SSL) protocols, so please don't try.</P
1261 >4.22. I just downloaded a Perl script, and Privoxy
1262 altered it! Yikes, what is wrong!</A
1265 > Please read above.</P
1273 >4.23. Should I continue to use a <SPAN
1276 > file for ad-blocking?</A
1279 > One time-tested technique to defeat common ads is to trick the local DNS
1280 system by giving a phony IP address for the ad generator in the local
1284 > file, typically using <TT
1291 >. This effectively blocks the ad.</P
1293 > There is no reason to use this technique in conjunction with
1301 does essentially the same thing, much more elegantly and with much more
1302 flexibility. A large <TT
1305 > file, in fact, not only
1306 duplicates effort, but may get in the way and seriously slow down your system.
1307 It is recommended to remove such entries from your <TT
1310 > file. If you think
1311 your hosts list is neglected by <SPAN
1315 configuration, consider adding your list to your <TT
1331 ads.galore.example.com
1332 etc.example.com</PRE
1344 >4.24. Where can I find more information about Privoxy
1345 and related issues?</A
1348 > Other references and sites of interest to <SPAN
1362 HREF="http://www.privoxy.org/"
1364 >http://www.privoxy.org/</A
1385 HREF="http://www.privoxy.org/faq/"
1387 >http://www.privoxy.org/faq/</A
1408 HREF="http://sourceforge.net/projects/ijbswa/"
1410 >http://sourceforge.net/projects/ijbswa/</A
1412 the Project Page for <SPAN
1417 HREF="http://sourceforge.net"
1436 HREF="http://config.privoxy.org/"
1438 >http://config.privoxy.org/</A
1440 the web-based user interface. <SPAN
1444 running for this to work. Shortcut: <A
1464 HREF="http://sourceforge.net/tracker/?group_id=11118&atid=460288"
1466 >http://sourceforge.net/tracker/?group_id=11118&atid=460288</A
1471 configuration related suggestions to the developers.
1488 HREF="http://www.junkbusters.com/ht/en/cookies.html"
1490 >http://www.junkbusters.com/ht/en/cookies.html</A
1492 an explanation how cookies are used to track web users.
1508 HREF="http://www.junkbusters.com/ijb.html"
1510 >http://www.junkbusters.com/ijb.html</A
1512 the original Internet Junkbuster.
1529 HREF="http://privacy.net/"
1531 >http://privacy.net/</A
1533 to check what information about you is leaked while you browse the web.
1549 HREF="http://www.squid-cache.org/"
1551 >http://www.squid-cache.org/</A
1553 caching proxy, which is often used together with <SPAN
1572 HREF="http://www.pps.jussieu.fr/~jch/software/polipo/"
1574 >http://www.pps.jussieu.fr/~jch/software/polipo/</A
1579 > is a caching proxy with advanced features
1580 like pipelining, multiplexing and caching of partial instances. In many setups
1581 it can be used as <SPAN
1600 HREF="http://tor.eff.org/"
1602 >http://tor.eff.org/</A
1607 > can help anonymize web browsing,
1608 web publishing, instant messaging, IRC, SSH, and other applications.
1624 HREF="http://www.privoxy.org/developer-manual/"
1626 >http://www.privoxy.org/developer-manual/</A
1646 >4.25. I've noticed that Privoxy changes <SPAN
1653 >! Why are you manipulating my browsing?</A
1656 > We're not. The text substitutions that you are seeing are disabled
1657 in the default configuration as shipped. You have either manually
1665 is clearly labeled <SPAN
1667 >"Text replacements for subversive browsing
1669 > or you are using an older Privoxy version and have implicitly
1670 activated it by choosing the <SPAN
1672 >"Adventuresome"</SPAN
1674 web-based editor. Please upgrade!</P
1682 >4.26. Does Privoxy produce <SPAN
1685 > HTML (or XHTML)?</A
1688 > Privoxy generates HTML in both its own <SPAN
1692 whenever there are text substitutions via a <SPAN
1695 > filter. While this
1696 should always conform to the HTML 4.01 specifications, it has not been
1697 validated against this or any other standard. </P
1705 SUMMARY="Footer navigation table"
1716 HREF="configuration.html"
1754 >Troubleshooting</TD