Privoxy is a web proxy with advanced filtering capabilities for protecting privacy.

Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, modifying web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk.

Privoxy has a very flexible configuration and can be customized to suit individual needs and tastes. Privoxy has application for both stand-alone systems and multi-user networks.

Privoxy is based on Internet Junkbuster.

Here are some key features of "Privoxy":

· Integrated browser based configuration and control utility at http://config.privoxy.org/ (shortcut: http://p.p/). Browser-based tracing of rule and filter effects. Remote toggling.
· Web page content filtering (removes banners based on size, invisible "web-bugs", JavaScript and HTML annoyances, pop-up windows, etc.)
· Modularized configuration that allows for standard settings and user settings to reside in separate files, so that installing updated actions files won't overwrite individual user settings.
· HTTP/1.1 compliant (but not all optional 1.1 features are supported).
· Support for Perl Compatible Regular Expressions in the configuration files, and generally a more sophisticated and flexible configuration syntax over previous versions.
· Improved cookie management features (e.g. session based cookies).
· GIF de-animation.
· Bypass many click-tracking scripts (avoids script redirection).
· Multi-threaded (POSIX and native threads).
· User-customizable HTML templates for all proxy-generated pages (e.g. "blocked" page).
· Auto-detection and re-reading of config file changes.
· Improved signal handling, and a true daemon mode (Unix).
· Every feature now controllable on a per-site or per-location basis, configuration more powerful and versatile over-all.
· Many smaller new features added, limitations and bugs removed, and security holes fixed.

What's New in 3.0.8 Stable Release:

- Fixed a small memory leak when listen-address only specifies the port.
- The source tar balls now include Privoxy-Regression-Test which
(upon other things) can be used to automatically detect some
packaging problems. Packagers are welcome to give it a try.
- Reverted a change in 3.0.7 that caused path patterns to be checked
even if the host pattern match already failed. While this doesn't
noticeable affect the performance, it makes it less likely to run
out of stack space with overly-complex path patterns the user might
have added.
- Updated the msn, yahoo and google filters to work as advertised again.
- The warning message shown by the show-status CGI page is easier to
understand. Previously it wasn't clear that the error message
is shown below the invalid directive. (Reported by Lee)
- When regenerating Content-Disposition headers the more common
spelling is used for the name. Previously it was written without caps.
- Less confusing log message if the content type isn't overwritten
because force-text-type wasn't used but the old type doesn't look
like content that would be filtered normally.
- Better log messages if the user tries to execute filters that
don't exist.
- Treat the non-standard Request-Range headers like standard range
headers and suppress them if content filtering is enabled.
- Fix build on OS/2 and other platforms that are neither
Windows nor Unix based.
- Prevent the log messages for CONNECT requests to unacceptable
ports from printing the limit-connect argument as [null] if
limit-connect hasn't been explicitly enabled.
- Don't disable the mingw32 log window if the logfile directive
isn't used. While it was an intentional change in 3.0.7 at least
one user perceived it as a regression and the same effect can
be achieved by disabling all debug directives.
- Fixed two minor problems related to the win32 build process: a css
file was not being in the installer and the trustfile comment in the
config.txt referenced a nonexisting file
- Minor documentation fixes.

What's New in 3.0.9 Beta Development Release:

- Added SOCKS5 support (with address resolution done by
the SOCKS5 server). Patch provided by Eric M. Hopper.
- The "blocked" CGI pages include a block reason that was
provided as argument to the last-applying block action.
- If enable-edit-actions is disabled (the default since 3.0.7 beta)
the show-status page hides the edit buttons and explains why.
Previously the user would get the "this feature has been disabled"
message after using the edit button.
- Forbidden CONNECT requests are treated like blocks by default.
The now-pointless treat-forbidden-connects-like-blocks action
has been removed.
- Not enabling limit-connect now allows CONNECT requests to all ports.
In previous versions it would only allow CONNECT requests to port 443.
Use limit-connect{443} if you think you need the old default behaviour.
- The CGI editor gets turned off after three edit requests with invalid
file modification timestamps. This makes life harder for attackers
who can leverage browser bugs to send fake Referers and intend to
brute-force edit URLs.
- Action settings for multiple patterns in the same section are
shared in memory. As a result these sections take up less space
(and are loaded slightly faster). Problem reported by Franz Schwartau.
- Linear white space in HTTP headers will be normalized to single
spaces before parsing the header's content, headers split across
multiple lines get merged first. This should prevent problems like:
* letting the session-cookies-only action slip
some Cookies through unmodified,
* only suppressing the first line of a header,
thus creating an invalid one, and
* to incorrectly block headers with valid timestamps
that weren't properly recognized.
Headers that could trigger these problems are unlikely to appear
in "normal" web traffic, but could be intentionally generated to
fool some of Privoxy's header parsers.
- Host information is gathered outside the main thread so it's less
likely to delay other incoming connections if the host is misconfigured.
- New config option "hostname" to use a hostname other than
the one returned by the operating system. Useful to speed-up responses
for CGI requests on misconfigured systems. Requested by Max Khon.
- The CGI editor supports the "disable all filters of this type"
directives "-client-header-filter", "-server-header-filter",
"-client-header-tagger" and "-server-header-tagger".
- Fixed false-positives with the link-by-url filter and URLs that
contain the pattern "/jump/".
- The less-download-windows filter no longer messes
"Content-Type: application/x-shockwave-flash" headers up.
- In the show-url-info page's "Final results" section active and
inactive actions are listed separately. Patch provided by Lee.
- The GNUmakefile supports the DESTDIR variable. Patch for
the install target submitted by Radoslaw Zielinski.
- Embedding the content of configuration files in the show-status
page is significantly faster now. For a largish action file (1 MB)
a speedup of about 2450 times has been measured. This is mostly
interesting if you are using large action files or regularly use
Privoxy-Regression-Test while running Privoxy through Valgrind,
for stock configuration files it doesn't really matter.
- If zlib support is unavailable and there are content
filters active but the prevent-compression action is disabled,
the show-url-info page includes a warning that compression
might prevent filtering.
- The show-url-info page provides an OpenSearch Description that
allows to access the page through browser search plugins.
- Custom client-header filters that rewrite the request line
incorrectly no longer cause Privoxy to crash. Reported by din_a4.
- The obsolete kill-popups action has been removed as the
PCRS-based popup filters can do the same and are slightly
less unreliable.
- The inspect-jpegs action has been removed.
- The send-wafer and send-vanilla-wafer actions have been removed.
They weren't particular useful and their behaviour could be emulated
with add-header anyway.
- Privoxy-Regression-Test has been significantly improved.
- Most sections in the default.action file contain tests for
Privoxy-Regression-Test to verify that they are working as intended.
- Parts of Privoxy have been refactored to increase maintainability.
- Building with zlib (if available) is done by default.