Actually remaining pseudonymous on the Internet requires more than masking an IP address behind Tor or some VPN service, as web browsers can be fingerprinted and tagged, and the users can subsequently be profiled over time. Many people actively don’t want to be profiled, which is why some privacy-invading firms (Phorm and R66T) have resorted to increasingly sly methods of doing it. Today pseudonymity demands having full control over what our browsers communicate.
This is basically what Privoxy does. To a novice I’d describe it as a kind of ‘Windows Essentials’ firewall, but one that shapes browser traffic exactly how the user demands.
There are other reasons to use Privoxy other than privacy. It could be used as an extra security measure, blocking malicious content that’s passing through port 80 that typical home router firewalls normally miss. Another reason to use it is for optimisation, with Privoxy eliminating all the crap the browser might pull from third-party ad servers.
The good news, for those who don’t care about the specifics of how it works, is Privoxy is easy to set up. But all the same, it’s useful to understand some networking theory and how it’s best deployed. Privoxy can be run in one of two contexts: on the local machine or as a gateway proxy.
Many of us commonly think of servers and proxies as standalone systems, dedicated hosts on a network. This isn’t strictly the case – a server by definition is merely a software application that listens on a fixed port, and it could be running on the local machine.
What this means is Privoxy can run as a background application, relaying traffic between the web browser and the local network interface – the browser sends a TCP/IP packet to the network interface, the packet bounces back to the Privoxy server on port 8118, Privoxy does some filtering before sending the packet back out to the Internet. The reverse happens for incoming packets. This is how most people would use it on a small home network.
Of course, Privoxy can be used on a dedicated perimeter host, relaying traffic between the network gateway and the internal computers.
A few things must be set up before Privoxy does any filtering. First the web browser must be configured to route all its traffic through the local Privoxy application, which means the browser must connect to the Internet through 127.0.0.1 on port 8118.
Any browser not pointing at 127.0.0.1:8118 will continue to work as normal without any Privoxy filtering.
To start Privoxy, enter the following in the command line (for Debian-based systems):
If Privoxy has started, pointing the browser at http://config.privoxy.org/ should result in the confirmation page indicating that Privoxy is running. From this page we can modify the configuration.
If, for some reason, you are unlucky and the web-based editor is disabled, /etc/privoxy/config must be edited manually to enable it. This must be done in a text editor as the administrator/root, and should take about two minutes.
Also check the browser settings to ensure that redirection is allowed (redirection can be configured for Privoxy at a later point). And below is how a typical ruleset appears in the web-based editor. The syntax looks a bit scary, but it’s just a matter of skimming the user manual, ticking whatever boxes, and each is briefly described:
The rules already exist in text-based configuration files along with a description of their purpose, so modifying those are a matter of choosing which rules to uncomment. Fine-tuning the system, on the other hand, could take a while.
Tor/VPN + Privoxy
Now here’s where things might get a little complicated if you want total pseudonymity, because Tor client and Privoxy are both proxy servers, and this means using a technique called ‘proxy chaining’ to use them in combination. Well, the alternative is to meticulously go through the browser settings every time we fire up Tor.
The browser in this case passes requests to the Privoxy application, and Privoxy basically must be configured to relay those requests to the Tor client. This is done by setting up forwarding in the /etc/privoxy/config file, using rules available on the Privoxy configuration page.