From: Billy C. <bil...@gm...> - 2011-01-09 22:52:15
|
On Sun, Jan 9, 2011 at 06:05, Fabian Keil <fk...@fa...> wrote: > Billy Crook <bil...@gm...> wrote: >> spoil your anonymity is https://panopticlick.eff.org. > > Note that Privoxy currently can't filter encrypted traffic. gah... I knew this. Should have thought before pasting that link. I meant it as more of an example of fingerprinting though. > Also note that the fact that you are suppressing headers that > everyone else does send, makes you more identifiable than using Aware of that as well. It wouldn't be very hard to write a script that goes and finds today's most popular headers according to alexa or something, and overwrites with those instead of completely surpressing them. I believe today however, people completely surpressing them are common enough. (over 1%) that I'm comfortably anonymous doing the same. I also like knowing that it sends a clearer message that the server is not allowed to know that information. > As you can see from the documentation, the keyword to > remove the header is "block". In case of +hide-referrer{} > it's usually a better idea to use conditional-block, though. That also works for accept-language. May we have a block keyword for accept, accept-charset, accept-encoding, and user-agent? >> I tried using client-header-filter, but it only works for one header, >> not multiple/all. > > It's supposed to work for multiple headers as well. > Can you post the configuration you used that didn't work? ahh, I see what I was doing wrong now. I was specifying the header I wanted to eliminate where i should have been specifying the name of a filter that listed the headers. +client-header-filter{accept-language} That never should have worked. I now have in user.filter, CLIENT-HEADER-FILTER: deanonymizing-headers Removes client headers which are unnecessary and compromise anonymity s@^Accept.*@@i s@^User-Agent.*@@i s@^Cache.*@@i s@^Pragma.*@@i s@^Referer.*@@i s@^X-.*@@i and in user.actions, { +client-header-filter{deanonymizing-headers} } / Works like a charm! You rock! > For example Squid and Polipo can do it, too, but last time I > checked they can't MITM SSL connections either. If you find a > proxy that can and is free software, please let us know, so we > can mention it in the documentation. I do just about all of my browsing through Privoxy, so Ideally, I'd like to generate TLS keys in each of my Privoxy instances, install their certificates as root authorities in my browsers, and have Privoxy replace the real cert with a wildcard cert Is this something a donation could help with? HTTPS filtering is needed badly in free software proxies. If I was going to take a stab at writing it, I'd add it in to Privoxy. |