[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: (Newbie:) Why use privoxy?

On Fri, May 12, 2006 at 08:50:49PM -0400, Roger Dingledine wrote:
> Also, Privoxy provides some other nice privacy-related features, such
> as ad blocking, dealing with cookies, and so on. It's not perfect,
> but it is much better than nothing. So if you take Privoxy out of the
> loop, you should replace all its features with various Firefox plugins
> (noscript, something for cookies, adblock and friends, etc).
> It is an open question whether there exists a set of compatible Firefox
> plugins that can entirely replace Privoxy's functionality. Somebody
> should sit down and work out all the details.

HTTP is pretty darn tricky. Tor does IPs, but the application layer of
HTTP throws in a lot of other variables. Here's some things to keep in
* IP address: Tor handles this
* Cookies: Before I maintained a whitelist of sites that could set
cookies, but that's somewhat of a hassle because some sites refuse to
work without them. Now, I let any site set cookies, but I set Firefox to
only keep them for the current browsing session.
* Java+Javascript: You could disable it completely within Firefox, but I
use the NoScript extension so I can quickly enable it.
* Web bugs/beacons: 1x1 pixel transparent gifs. I don't think Firefox
can block these on its own. There's a Privoxy option to disable them,
* "Referer" strings: I used to use the RefControl extension to spoof the
Referer. Now I use Privoxy to do the same thing.
* User-Agent strings: often, Linux distributions will modify the default
user agent string of the browser (like tag on "Ubuntu package" to the
end). This could be used for matching communications. I used to use the
User-agent spoofer. Now I use Privoxy to do so. I spoof the string so I
appear to be using IE 6 on Windows XP, however, based on the assumption
that this is the most popular user agent.
* Other identifying headers: Accept-Language, Accept-Encoding,
Accept-Charset, and even If-Modified-Since headers could be used to
identify a web browser, but I'm not sure how unique those are.

If you're on Linux, you can see some of what your browser is saying
about you by running the following:
$ nc -l -p 8088
Then going to "localhost:8088" in Firefox.

I'm sure I've forgot some things, but I think I covered most of them.
Between Tor, Firefox's built-in options, and Privoxy, I feel relatively


 .''`.  Debian GNU/Linux  |     This Sig Kills Fascists
: :' :       free!        |         PGP public key:
`. `'  http://debian.org  |  http://deadbox.ath.cx/pgp.pub

Attachment: signature.asc
Description: Digital signature