You can fuzz most of this kind of information with privoxy or other proxying services. You can also temporarily disable javascript if you don’t want to be tracked, although this is increasingly infeasible, since it will make many websites practically unusable.
I actually use dnsmasq on my home router to do exactly that. It's not as flexible as ABP (or a proper HTTP proxy, like privoxy) because it can only match domains and hostnames, but it's good enough for me. It tells computers that, say, *.doubleclick.net is at 192.168.1.1, which is the router itself. It's running a webserver that then gives an empty page. The router has its admin page running on a non-standard port.
There are other solutions, like privoxy, that are more flexible, but I prefer technical simplicity.
If Mozilla created an API that allowed extension devs to hook into name resolution, it would be possible to filter by hostname or domain in a much more efficient manner. However, that API could also be abused by unscrupulous devs.
You can install local proxy (privoxy) and it will filter out most of the ads from all of your installed browsers. It will also filter out ads from some apps etc.
Most people were using Privoxy as alternative when Adblock wasn't available for Chrome Browsers.
There's a reason I run http://www.privoxy.org on all my machines and keep the config file for it synced via Dropbox.
Open source, and one common setting for every browser on all my machines. And far fewer risk of shenanigans caused by capitalism and greed (edit: in the ad blocker itself.)
Sure, configuring it requires a little bit of elbow grease but it will also clean out most of the other hostile shit and not just ads. For example, I made it reset all cookies except on specific sites to session cookies, as well as setting a timeout on them to 30 minutes so if the browser fails to honor the session cookie thing, it still suspends the cookie after half an hour... paranoia level high, sure, but I like it.
You used to install Tor and set up privoxy to connect to Tor as an upstream socks proxy, then point your browser at privoxy. You could connect the browser directly to Tor, but I found privoxy helped a lot - Tor was much slower in the '00s.
You can still do it that way, but Tor browser is hardened against various attacks which might de-anonymise you, though that's less of a concern if you don't enable Javascript. Tor browser is a monoculture, so you may avoid any exploit for it by using something else (not recommending it, but it's not as terrible an idea as it first appears).
It's still useful for connecting your own web scripts and things through Tor.
But privoxy can do that, too: http://www.privoxy.org/user-manual/filter-file.html
I admit it might not be as straight forward, especially for people with no regex knowledge, but that stuff could be crowdsourced just like ABP filter lists(which I use in privoxy with a little converter script).
You're not going to get the same level of protection that you can with Firefox. Chrome doesn't stop the ads from loading, it just hides them. However, with http://www.privoxy.org/ (and perhaps one of the plugins listed below) you'll be set.
An added benefit of using Privoxy is that it works with other programs besides Chrome.
Yes! via Proxy
Assuming the computer is running Windows and your PS4 is on the same local area network as the computer:
I never use any darknet stuff on my phone, so I may not know what I'm talking about, but doesn't Privoxy have to be chained to Tor?
http://www.privoxy.org/faq/misc.html (See Section 4.10)
The picture looks like it's interpreting ".onion" as a file extension, instead of a Tor site. Is Tor/Orbot on the phone to begin with?
You can get an ad blocker through privoxy and luakit comes with a noscript plugin. For the latter, uncomment the line "--require noscript" in rc.lua and then you can use the key sequence ,ts to enable/disable noscript on a per domain basis. Follow the comments in rc.lua, they explain it well enough. I don't know how much control you need about cookies, but you can at least whitelist/blacklist cookies easily
Yeah, but it's not even a Steam problem. Steam has always worked fine with my proxy setting, it's DX itself that crashes to desktop every time I play through the proxy. I use Privoxy, which is a program that runs on your machine. You then set Windows to use localhost as a proxy and you're done. Only this game shits the bed when it tries to do that. It works fine when the proxy is off, but then nothing has internet access until I either change the settings or turn Privoxy back on. It's really just awful programming on Eidos' part.
There's a history of tools which were designed to mediate Web experience. One of the oldest of these is Privoxy, itself based on an earlier, now-defunct project, the Junkbuster Proxy.
Typically, these sit on a local system (desktop, server, your router) and receive (or occasionally: intercept) requests from local systems, and modify them. Privoxy itself can redirect requests from one site to another from one page to another, or change the content of pages themselves, according to defined rules, on the fly.
Problem is that the page-specific and in-page modifications only work if Privoxy itself can see the requests, which with HTTPS traffic, it cannot.
The general alternative is to use what's called SSL/TLS termination or interception. This is ... complicated, and for some exceedingly good reasons, modern browsers complain loudly when they determine that this is happening. The same interception that's useful for sanitising your own browsing experience can be used by black hats to intercept, surveil, block, or modify content from outside your network.
(This is the reason there's been a strong push toward HTTPS everywhere, which I generally applaud.)
But it means that in order to accomplish my goal of directing requests for specific hosts to various scrubbing tools, I have to either 1) do some godawfully complicated, brittle, and ugly interception hacks or 2) use per-browser extensions.
And not all my browsers support extension frameworks. There's also the problem of other HTTP / HTTPS transport-based tools (most mobile apps, numerous utilities) which I might wish to include (or exclude) from such filtering.
Complexity is complicated.
Privoxy peut-être, c'est le meilleur proxy filtrant à ma connaissance et effectivement, il charge toute la page avant de l'afficher. Mais il ne faut pas avoir peur de mettre les mains dans le moteur.
It seems to be a bug in Safari. See this thread.
I used a workaround from the thread to set up a Privoxy filter rule for imgur gifv links, which basically adds "initial-scale=1.0001 ..." to the content attribute of the viewport meta tag.
/usr/local/etc/privoxy/custom.filter:
FILTER: imgur Imgur gifv workaround s/name="viewport" content="(.*)"/name="viewport" content="$1, initial-scale=1.0001, minimum-scale=1.0001, maximum-scale=1.0001"/U
/usr/local/etc/privoxy/custom.action:
{ +filter{imgur} } i.imgur.com/.*.gifv
>Gegenüber heise online bestätigte eine Sprecherin des Spiegel-Verlags, dass das Medienhaus Anti-Adblocker-Techniken einsetze.
Sollen sie, mehr als weniger und frustrierte Leser wird dabei nicht herauskommen.
Technisch Möglichkeiten bleiben genug, von User-eigenem Javascript und Stylesheets über DNS-Blacklists und Filtering Proxies wie Privoxy.
Privoxy can do this:
>> Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk.
You could install something like Privoxy locally set it up to only accept connection from localhost and block domains that way. It will also do ad blocking and script blocking if you want to configure it that way.
These are closed systems and go to my point about controlling the client. You can avoid ads on the iPhone if you want by installing one of the other available browsers and you can avoid ads on the xbox by using an ad filtering proxy on your network. If people want to avoid ads they still have the ability to do so. I run privoxy on my network so I don't have to worry about a lot of the garbage that would otherwise get to the closed clients on my home network. There are only a few times a year I have to modify a rule to let something through.
You have to setup Firefox to work with Privoxy. As far as my understanding goes Privoxy acts like a proxy that is on your computer rather than on a server. I've used the hosts file changes to block ads before but I find that too restrictive and too hard to change when I don't want something blocked. Privoxy has given me basically the same thing but with the control I want, no memory leaks, and will work with any browser.
I'm encountering something of a similar situation. She insists on IE, and until a few months ago was still on IE 6, claiming none of her work-from-home programs would work without it. Firefox with AdBlock is installed, but she won't use it. Hell, she ignored the XP Service Pack 3 update for so long, new updates weren't valid for her and the notifications stopped coming.
First of all, I may know the scareware you got. Update Java, since that's how it seems to get in through the door, so to speak. Remove older JREs as well.
Secondly, consider a method of blocking ad servers, since some are less careful about what sort of ads they allow. One approach would be a custom HOSTS file. If you're unfamiliar with the HOSTS file, it's a plaintext document in %windir%/system32/drivers/etc. Whenever a network address is requested, HOSTS willl be checked first, before DNS servers are even consulted. The custom hosts files simply redirect ad servers to 127.0.0.1, where they're rejected and no advertisement is loaded. But it blocks at the OS level, so there's no way to easily circumvent it at the user level.
Another possible method would be to install something similar to Privoxy. It's far from perfect though, since it likes to block things with "ads" or "banner" in the URL, which includes website banners. I also have yet to find a way to hide the taskbar icon, regardless of my attempts to do so in the config. And if they ever discover they can right-click on that "P" and uncheck "Enable," then it's useless. However, if you stick it into IE's connection setup, it will automatically be imported by Firefox, Opera, and Chrome.
And finally, ~~prof~~ user education. Can't give you advice there. Good luck on that one :)
I guess it is time to start using a system level adblocker such as privoxy. It can be used on a PC, but is probably best on a router.
I do not want to give up Vivaldi, and Firefox's bookmark handling is in the stone age comparatively.
Yeah, really. It's just the wrong tool for the job.
As I've said, this is something I've desperately wanted for Pi-hole for at least an entire year now, having come from Privoxy which has this very feature. The difference with that is that it's a full-fledged proxy that routes all your data through it, and it's also a giant performance hog on ARM based hardware like the Raspberry Pi.
I have a VPN which I have SSH access to, so I resolve this issue by:
autossh
on my router (autossh -f -gND 8080
), which keeps a SOCKS connection active on my LAN10.0.0.1:8080
)For my mobile devices, I just fall back to 4G data.
If by filtering, you mean actively changing the contents of a webpage, then no. You may want to consider something like Privoxy, which can alter HTTP page contents on-the-fly.
Since you're looking at OpenDNS/Norton DNS, you may just wanting to deny access to specific websites entirely. In that case, Pi-hole is definitely a good solution to consider!
I was experimenting with this a while back, the closest I got was replacing ads using an (only one) image using a local privoxy server.
Also looked into Adblock's Catblock (now discontinued), but didn't have the coding chops to merge it into an open source adblocker like uBlock.
Hope this helps your project.
> I have since moved to ublock
I was unaware of that one, looks great, thanks!
For a similar effect regardless of browser (igb affected, as long as your ie proxy settings are correct) privoxy may interest you.
Tor exit nodes nominally can't determine the origin of traffic via the Tor protocol, but an exit node can see an unencrypted stream of data from a client, especially HTTP data, there's plenty of information (e.g. form data) they could use to de-anonymise at least that stream. Alternatively, an exit node could inject Javascript into a HTTP response which will cause the client's browser to report the IP address and other environment variables of a browser to a tracking bug somewhere else, allowing you to match up the data stream with the true address.
Then, since there's a much higher than expected chance that your browser's remotely detectable settings are globally unique (test with Panopticlick), you can potentially use this to group HTTP data streams from that same client too. You could use something like Privoxy to somewhat mitigate against this.
Ninja edit: A more annoying problem to me is the fact that Mozilla doesn't delete expired cookies. They just sit there in the database, there's no cleanup. There are even multiple bug reports about that going back years and nobody has done a thing.
Chrome cookies vanish on the second that they expire, meanwhile.
I used this tool many years ago.
http://www.privoxy.org/user-manual/actions-file.html
I guess this is a bit technical, but basicly using an http proxy localy where you place filters or rewriters to strip unwanted headers or content both directions.
Privoxy is another solution. It will block URLs matching pre-defined advertising syntax in the headers. You set it up as a Windows proxy server, so that all traffic goes through it, making it work with all browsers, windows apps, even games (that use HTTP).
{ -filter +block{screw these sites} -handle-as-image +handle-as-empty-document }
.doubleclick.
.scorecardresearch.
.dmtracker.
.googleadservices.
.googlesyndication.
.tynt.
.fmpub.
.apture.
.ypmate.
.real.
.tmz.
.realmedia.
.tribalfusion.
.bizrate.
.intellitxt.
.webtrendslive.
.zaxoe.
.mobilephonesgalore.
.addthis.
.outbrain.
.digg.
.buzzfeed.
.contentabc.
.traffichaus.
.kissmetrics.
My newest addition!
Privoxy is a good personal proxy to use for privacy, protection from tracking cookies, and cleaning up ad spam. However it will not hide your IP, since you run it on your own machine (or your own server, either way).
To hide your IP you effectively have to be using someone else's internet connection (twice, once for them to download the page for you from the server, and again to then ship it out to you), and thus inflicting a potentially ruinous cost on their bandwidth. That's why it's hard to find a quality proxy for free.
Good luck, but I don't know of any.
Everyone is so diligently working today and of course the IT crowd rarely has time to browse recreationally so we have imagined some of the question you would be asking if you had the time.
Q: Why did you create Security and Privacy Plus?
A: We created Security and Privacy Plus to provide an enterprise solution for MSPs and for individual business to protect their networks against malvertising and everything that comes along with it- including malware, ransomware, data loss, data theft, and reduced privacy.
Q: Why not just use browser-based ad blockers such as Ublock Origin.
A: For a long time we did count on Ublock Origin for our clients and it worked well when we could use it. We needed a solution that worked across all browsers not just one or two. We also had a problem protecting BYOD and those devices bringing malware onto our networks. When ransomware ramped up we had to start taking more aggressive steps to protect our clients networks.
Additionally, Google Chrome has about 80% of the browser market share. Google has announced via Google Chrome Manifest V3, the features which allow Ublock Origin to work so effectively will be deprecated in early 2020. In the long run, trusting our browser security to the largest ad company in the world (Google) probably doesn’t make a lot of sense. We’ve seen this coming and now we have to take action.
Q: Trusted security software is open source, is Security and Privacy Plus open source?
A: Yes, it is. Security and Privacy Plus is a custom installation (not fork) of the open source Privoxy. Privoxy has been in existence in various forms for approximately 20 years. The Privoxy Project (www.privoxy.org) has an incredibly talented and dedicated team. We thank them for their support on this project.
Kind of curious what the benefit is here over using something like Privoxy or DansGuardian. These both can be configured as intercepting proxies and the adblocking functionality is mature in both of these. Personally I prefer BSD's and I run my privoxy server as a VM, it works great. Here are some privoxy guides for Ubuntu to try:
http://ubuntuforums.org/showthread.php?t=1715115
http://misctechmusings.com/ipad-ad-blocking-using-privoxy/
Neither of these are configured as intercepting proxies, to set it change the configuration based on the docs:
http://www.privoxy.org/user-manual/config.html#ACCEPT-INTERCEPTED-REQUESTS
They are pretty keen on this and (as far as I know) they generally track you with cookies of some stripe. There are more options for tagging your computer than just cookies though and you can bet that they are using them all and using each to recreate the others when you get around to clearing your cache.
Hiding your IP behind a VPN is not really going to stop websites from tracking you.
The next most capable thing I saw was privoxy which has a go at stripping the trackers out, but that's an arms race.
It's also worth mentioning that I use a VPN and advertisers seem to be aware as I've noticed a marked increase of adverts for privacy products, even on reddit.
At a home level I seriously just have some decent paid antivirus that I have scheduled to do a full scan every night while I am sleeping and I run the free version of malwarebytes every couple of days. I work in IT though and I have dealt with a ton of infected computers over the past couple of years. I watch where I go and what I click on, I also read the installation process of everything I install to see what they try to slip by.
One thing you can look into is a content filtering proxy that you can setup on the local machine like Privoxy and Dansguardian. It might seem a bit much for a home computer but it works proactively as in it blocks the user from even getting to sites that have bad content. Dansguardian can use lists like http://urlblacklist.com/ that keep a list of known bad sites. Together with a solid antivirus you should be in a fairly good position.
You select an HTTP Proxy, for instance Prixoxy. You install it, configure it, open the right ports on your router and run it. You might also need a dynamic dns if you don't have a fixed ip.
Also note that using privoxy for that is overkill, configuring a web server to act as a proxy is probably way easier and quicker.
As far as http proxy servers that I don't know there are Squid, Oops, and tinyproxy that seem interesting.
I recommend Privoxy. It's already loaded with some blocking patterns. You don't have to fiddle with the hosts file to change filtering options, as you can enable editing on its CGI interface. There's a handy URL logger if you want to find out what sort of stuff is being accessed.
I just use privoxy, which lets you set your browser to use it as a local proxy, and filter out the adverts before it reaches your browser.
It was what I used before the ad blocker on Chrome became very good, because before it was very bad and didn't always block everything.
I have to test this out, but the basic concept works like this:
iPhone <------------------> LAN computer <----------------> VLC Stream (http user agent:) (Rewrite the header) <------ iOS -------> <------- PS4 ---->
Your LAN computer runs Privoxy and you tell your iPhone to use the computer as a proxy server. Then when the iPhone requests the VLC stream, it goes through your computer, which rewrites the header information to match a working header like PS4.
very nice.
I didn't knew Privoxy which doesn't cache, however it seems can be used together with other proxys, such as squid, for caching.
Hrmm, privoxy didnt crunch this information at all...(Edit: i say it wrong, it didnt crunch it enough to prevent identification, and i am not even sure if that is feasible for privoxy)(it isnt listed as feature either though)
Edit: figured out how to change the user agent; <code>+hide-user-agent{...}</code> in /etc/privoxy/match-all.action
but not sure what to set it too. Currently the User Agent
1 on ~3000 and moreso Browser Plugin Details
(1 on ~12000) after that http ACCEPT Headers
, but at only 1 on ~100. However the variables arent independent; the variables being inconsistent would make me more unique too.. Also <code>+{add-header{...}}</code> i can change the header. Plugin details should give me more nonuniqueness at lower risk of being quirky.
Operator here. I am unsure if reddit will run without JavaScript, but it also really makes reddits ease of use. I will be reviewing all data in the database shortly to ensure IP addresses are wiped as often as possible (session information I will ensure resides memory only or on temp file system)
There is no guarantees even with Tor itself, always take additional precautions to be safe. The reddittor runs in the middle of a black hole, there is no outside access to or from server only tor port traffic allowed. Is it 100% safe? it will never be safe enough.
bottom line it is NOT a tool to do illegal activities, but I know for a fact it will happen, the joy of freedom paired with anonymity
also from what I understand, Privoxy can help with these issues. I am also unsure if making site https will help (have not reached yet, but imagine it will help)
I see some concern about Chrome not catching all server requests in time, and also people wanting this to work in other browsers.
As a solution to both issues, I'm certain it's possible to set up Privoxy to filter out this stuff at the earliest possible stage. Privoxy is an HTTP proxy that you can run on your own machine; it allows you to modify the content of downloaded pages as they are read, so it will work with any browser.
I have said it before, will say it again here:
Install privoxy.
Either on the local machine, but even better on the router if you can (dd-wrt/openwrt!).
Works for all OSes, for all browsers, for all devices.
Why anyone would use another solution in light of this really is beyond me.
If you use privoxy, DNS will go through TOR.
This is explained in the TOR instructions such that you aren't leaking DNS information to an interested party.
Edit Instructions from Privoxy FAQ
There are HTTP to Socks proxies available.
Privoxy comes to mind. Not only you'll be tunneling HTTP--->Socks, but it will also remove a load of private/identifying information from your packets.