Privoxy has me really Confused

Discussion in 'privacy technology' started by Dazed_and_Confused, Feb 4, 2007.

Thread Status:
Not open for further replies.
  1. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Hello everyone! I have been trying out Privoxy and Tor.

    I have noticed these apps are NOT as user friendly as Proxomitron and JAP by a long shot. One feature of Proximitron I liked was it's ability to turn a proxy on and off. I have failed to figure out even after reading through the Privoxy documentation is how to configure Privoxy to work WITHOUT Tor.

    OK, let me backup for a minute just to make sure I understand how all of this is supposed to work (that may be part of the problem). o_O I am using the SWITCHPROXY Firefox extension to manage my proxies. I have created a proxy called TOR. Here is a pic of that setup.

    [​IMG]

    Now, the way I understand all of this works is that by using port 8118 all traffic is directed to the Privoxy application prior to making a connection to an internet site. Right? o_O And I can surf the net just fine (although VERY SLOWLY) using Tor - my setup works. And I understand Privoxy is used to filter out unwanted things like cookies, ads, etc.

    Now what if I wanted to use Privoxy WITHOUT Tor, and get a faster (yet non-anonymous connection), but without the ads, cookies, etc?. If I undestand the documentation correctly, Privoxy is routing all connections to Tor by placing 9050 as the port for SOCKS traffic. So outbound traffic goes first to Privoxy (port 8118 ), and then through Tor (port 9050). So if I create a proxy that does NOT have 9050 for SOCKS traffic (leaving that blank or using 8118 ), won't that bypass the Tor application?

    Can someone explaing this in layman's terms?


    By the way, the main configuration file has the following reference to port 9050 in that file. Commenting (#) out this line made no difference.

    [​IMG]

    Any help would be appreciated. ;)
     

    Attached Files:

    • TOR2.gif
      TOR2.gif
      File size:
      18.1 KB
      Views:
      723
    • TOR.gif
      TOR.gif
      File size:
      11.8 KB
      Views:
      636
  2. Jokimoto

    Jokimoto Registered Member

    Joined:
    Jan 28, 2007
    Posts:
    20
    I'm not sure I get it. If you're not using Privoxy to direct your traffic toward the Tor network, where are you directing it? W/out setting a destination (in the default case 9050 Tor) your traffic has nowhere to go after port 8118. If I understand it right, Privoxy is just the mechanism, the rail-switching station to use a train analogy. W/out directing your traffic to a specific rail you don't accomplish anything.
    Like you pointed out, w/out Tor you get a faster connection. But you won't retain the ability to "confuse" cookies, adware etc. FF has good extensions that accomplish that anyway: NoScript is excellent, AdBlock, etc. I use the TorButton extension. Run Privoxy, w/Vidalia and Tor, and just click the little onion button to jump in and out of the Tor network.

    Hope that helped.
     
  3. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks, Jokimoto. :)

    I thought that Privoxy worked like Proxomitron, which filtered web content.

    Without using Privoxy or Proxomitron, the web browser has a direct connection to the destination web site.

    When running Proxomitron, you can configure your browser to filter all traffic through the app and have it act as a web filter by specifying a port (XXXX) through which you have configured Proxo to work (localhost:XXXX). From there, Proxo makes a direct connection to the destination web site.

    With Proxomitron, you have the ability to use another remote proxy, such as JAP. Doing so now sends traffic through both Proxo and then through JAP.


    So I was assuming I could send and filter web traffic through Privoxy without using Tor.
     
  4. deadmanschest

    deadmanschest Registered Member

    Joined:
    May 6, 2002
    Posts:
    105
    Hi D&C - you might want to look at this link on KyeU's site;

    http://kyeu.info/proxo/forums/showthread.php?tid=577

    I was able to use the config file available for download to set up Privoxy so that without changing any of the existing 'proxy' settings in my browsers that point to Proxomitron one can run Browser> http and https> Proxo > Privoxy> Tor > internet servers. You just click Proxo 'use remote proxy' on and off.

    No need to reconfig anything at all. As far as I can tell the default config that KyeU provides runs Privoxy with an absoute minimum of filters, it is just a conduit to get to Tor.

    I played around with Privoxy a bit and could not make head or tails of it, so fell back to just usings KyeU's config.

    Good luck

    dmc

    PS - as posts cross - I have my Proxo set up with two remote proxies - one runs JAP thru 4001 and the other Privoxy and Tor thru 8118 - so its all one click for all....

    Cheers

    dmc
     
  5. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    That's interesting, deadmanschest. :D I'm not sure I see the advantage to running PROXO>PRIVOXY>TOR>WEB. It might just be easier to use SWITCHPROXY, and select by pushbutton either PROXO>WEB or PRIVOXY>TOR>WEB. What do you think? :)
     
  6. deadmanschest

    deadmanschest Registered Member

    Joined:
    May 6, 2002
    Posts:
    105
    Hi Daisey - I'm not familiar with SwitchProxy in FF, but I can tell you why I liked the KyeU setup.

    I have Proxo set up as localhost proxy in FF, Opera and K-Meleon, each of which I use as I feel the urge.....hehe..I run Proxo at start-up and whatever browser I use it runs seamlessly. By using Proxo at the beginning of the chain I can choose;

    Browser (any)>Proxo>internet;

    Browser (any) > Proxo > JAP by clicking JAP remote proxy in Proxo and starting JAP;

    Browser (any) >Proxo > Privoxy > Tor by clicking Tor remote proxy in Proxo and starting Tor, Privoxy up;

    Browser (any) > Proxo > any other proxy remote hardware server that I have stored in Proxo by clicking 'xxx remote proxy' in Proxo;

    Browser (any) >direct by Bypass in Proxo >internet.


    So the only real reason I think is that I do not have to open any browser options or config to set any manual proxy set-up (which I assume SwitchProxy does in FF) as I only need use Proxo to make any and all changes in the routing of the http and https.

    Thats the other factor though - Proxo only does http and https, so for ftp et al you would need to 'sockisfy' and route thru Tor.

    I just wanted a browser setup for all that would only need Proxo clicking to swap between....hehe..

    (I did one other thing for Privoxy and Tor - I made up a little batch file that has a shortcut to Privoxy exe and Tor exe, and when I want to run them (as they are always together in my setup) I just start the batch file.)

    The only other thing I can think of is that I didn't want to learn anything about Privoxy as I want Proxo to do all filtering and such, and by using Proxo at the head of the chain Privoxy is just a route to Tor and as such needed no thought at all....hehe...

    Cheers

    dmc
     
  7. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    That's quite a setup. I can do almost the same using Switchproxy...

    Firefox > Internet (toolbar select)
    FIrefox > Proxo > Internet (toolbar select)
    Firefox > Proxo > JAP (by checking Proxy box) > Internet (toolbar select)
    Firefox > Privoxy > Tor > Internet (toolbar select)
    .....
    Firefox > Privoxy > Internet (I don't think this is possible??)

    Do you mean clicking Privoxy remote proxy in Proxo?
     
  8. deadmanschest

    deadmanschest Registered Member

    Joined:
    May 6, 2002
    Posts:
    105
    Sorry - yes, I meant Privoxy thru 8118, I just think of them together as 'Tor'...

    I think that you must be able to go FF>Privoxy> internet. Have you tried going thru the web-based config files - run FF>Privoxy>Tor as you are set up and go to ;

    http://config.privoxy.org/

    Of course, if you just set FF Tools > Options etc to manual proxy at localhost: 8118 and allow Privoxy internet access thru your firewall, then all you would need do (I figure) is to change the Privoxy config that points to Tor at 9050?

    I might mention that I have Kerio set to only allow Privoxy TCP access
    from any local port to 127.0.0.1:9050 and then allow Tor access for UDP and TCP from any port to any address ports 80, 443 etc etc, as I only use it for http and https. If I wanted to socksify other apps for FTP or POP etc then I'd need add in ports 21, 22 and 110 and such.

    I always find I just forget one switch, or one 'save' of a config change, and then I get all screwed up since I think IT HAS TO work.....hehe...

    Good luck with it....off to see the SuperBore......

    Cheers

    dmc
     
  9. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    That's also interesting. Can you tell me why that's more secure than allowing both Firefox and Privoxy internet access?

    P.S. I'm watching the SuperB also - just checking posts during commercials.. :D
     
  10. deadmanschest

    deadmanschest Registered Member

    Joined:
    May 6, 2002
    Posts:
    105
    :D We're in Canada, so we don't get the great new SB commercials...otherwise I would watch the commercials, altho this game has a little bit of everything so far, and ya gotta love Prince....

    Quick note on the first point - from the very beginning I have always only allowed apps the minimum access to both local and remote ports that they need to function. So for FF, since all TCP and UDP can go thru Proxo, I do not let FF use either protocol (except a localhost loopback at startup). And I disallow any other apps from using Proxo via localhost:8080 except as allowed, so FF and Opera are specificaly allowed to connect to Proxo, but not allowed http or https on their own.

    I give FF and Opera etc access to FTP on ports 21, 22 , and I don't make a global block on those in case it asks for another port, which I can then allow, but for example with Email apps, I only allow them out to 110 and 25 (pop and smtp) and 443 or 993 or whatever (for Imap and maybe 19 for news). Thus is there is a connection http link or connection in an email , then it has to go thru the browser and Proxo where I figure there are many more protections in place then any old email app.

    I have always done that with firewall outbound access and so its just 2nd nature. I let an app run a bit to see what it wants/needs and then I tighten it down. For example almost every MS app tries to phone home and I make global block rules that shut them down completely and disallow any access to Proxo or any other like Privoxy that has unfettered access to ports and addresses, and then I figure they can't sneak out except to a specific IP and only one port or whatever...

    Just a quirk, but it helped me learn a lot about ports and protocols, and now I do it automatically....sort of...sometimes I get screwed up with the more esoteric ports, but then I just go to grc.com and read up again....hehehe..

    Back to the third quarter.......

    :cool:

    dmc
     
  11. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Privoxy is not really a good choice for proxy switching, Proxomitron or a Firefox extension are better choices - it makes more sense to keep Privoxy for handling the Socks side of things plus simple URL filtering (which Kye-U's Privoxy configuration handles).

    Proxomitron offers better filters (plus the ability to write your own!), more configurability and single-button control to enable/disable proxy access (which would be to Privoxy in this case).

    Restricting browser access with firewall rules (i.e. stopping it from network access except via a proxy) is a useful security measure in case a webpage manages to sneak past any content that triggers the browser into trying a direct connection (e.g. via a Java applet).
     
  12. deadmanschest

    deadmanschest Registered Member

    Joined:
    May 6, 2002
    Posts:
    105
    Good morning Paranoid2000;

    Thanks for the concise summary. I always enjoy yours posts for their clarity and a sense of measured evaluation and experience.

    By the by, you might have been keeping an eye on 'real' football...hehe

    dmc
     
  13. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Shouldn't that be "sarr-ker"? :D
     
  14. deadmanschest

    deadmanschest Registered Member

    Joined:
    May 6, 2002
    Posts:
    105
    :D - just might become so if the disturbing trend of American NFL gazillionaire owners buying up Premiership and Champions League squads continues......


    cheers

    dmc
     
  15. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks P2K and deadmanschest.

    I think I understand now. I guess I failed to see how giving http/https access to Privoxy (or Proxo) was better than giving the same access to Firefox. But it sounds like Javascript can force your browser to create a direct connection that is not possible if using a content filter.:eek:

    I will change my firewall configuration now! ;)
     
Loading...
Thread Status:
Not open for further replies.