[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: (Newbie:) Why use privoxy?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: (Newbie:) Why use privoxy?
From: John Li <jli@xxxxxxxxxxxxxx>
Date: Fri, 12 May 2006 21:30:51 -0400
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Fri, 12 May 2006 21:31:03 -0400
In-reply-to: <20060513005049.GG9491@moria.seul.org>
References: <20060512050215.GA793@tyr.martinmoeller.homeip.net> <44641B09.8030003@csh.rit.edu> <113115033.20060512005515@gmail.com> <20060513005049.GG9491@moria.seul.org>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.11+cvs20060403

On Fri, May 12, 2006 at 08:50:49PM -0400, Roger Dingledine wrote:
> 
> Also, Privoxy provides some other nice privacy-related features, such
> as ad blocking, dealing with cookies, and so on. It's not perfect,
> but it is much better than nothing. So if you take Privoxy out of the
> loop, you should replace all its features with various Firefox plugins
> (noscript, something for cookies, adblock and friends, etc).
> 
> It is an open question whether there exists a set of compatible Firefox
> plugins that can entirely replace Privoxy's functionality. Somebody
> should sit down and work out all the details.

HTTP is pretty darn tricky. Tor does IPs, but the application layer of
HTTP throws in a lot of other variables. Here's some things to keep in
mind:
* IP address: Tor handles this
* Cookies: Before I maintained a whitelist of sites that could set
cookies, but that's somewhat of a hassle because some sites refuse to
work without them. Now, I let any site set cookies, but I set Firefox to
only keep them for the current browsing session.
* Java+Javascript: You could disable it completely within Firefox, but I
use the NoScript extension so I can quickly enable it.
* Web bugs/beacons: 1x1 pixel transparent gifs. I don't think Firefox
can block these on its own. There's a Privoxy option to disable them,
however.
* "Referer" strings: I used to use the RefControl extension to spoof the
Referer. Now I use Privoxy to do the same thing.
* User-Agent strings: often, Linux distributions will modify the default
user agent string of the browser (like tag on "Ubuntu package" to the
end). This could be used for matching communications. I used to use the
User-agent spoofer. Now I use Privoxy to do so. I spoof the string so I
appear to be using IE 6 on Windows XP, however, based on the assumption
that this is the most popular user agent.
* Other identifying headers: Accept-Language, Accept-Encoding,
Accept-Charset, and even If-Modified-Since headers could be used to
identify a web browser, but I'm not sure how unique those are.

If you're on Linux, you can see some of what your browser is saying
about you by running the following:
$ nc -l -p 8088
Then going to "localhost:8088" in Firefox.

I'm sure I've forgot some things, but I think I covered most of them.
Between Tor, Firefox's built-in options, and Privoxy, I feel relatively
anonymous.

Cheers,
John
2006-05-12,21:30

-- 
 .''`.  Debian GNU/Linux  |     This Sig Kills Fascists
: :' :       free!        |         PGP public key:
`. `'  http://debian.org  |  http://deadbox.ath.cx/pgp.pub
  `-

Attachment: signature.asc
Description: Digital signature

References:
- (Newbie:) Why use privoxy?
  - From: Martin Möller
- Re: (Newbie:) Why use privoxy?
  - From: Keith Needels
- Re[2]: (Newbie:) Why use privoxy?
  - From: Arrakistor
- Re: (Newbie:) Why use privoxy?
  - From: Roger Dingledine

Prev by Author: Re: What happened after resolving of the IP has failed?
Next by Author: [off topic] Configuring an IP blind Apache server
Previous by thread: Re: (Newbie:) Why use privoxy?
Next by thread: Some legal trouble with TOR in France
Index(es):
- Author
- Thread