Comments (4)
TLS interception raises numerous security and privacy considerations, as well as the additional complexity of another layer of PKI to manage.
I do not think that using it on a home LAN causes any problem. For 5 years of use (even with the help of ProxHTTPSProxyMII) I have not noticed any problems with confidentiality, on the contrary, it can be increased by using all the Privoxy functionality.
from adblock2privoxy.
I am new to this as well, so I don't have answers. However, I am seeing the same thing and have done some investigation. The first thing I found is privoxy by default does not filter HTTPS traffic, which these days is 99%+ of all web sites.
To work around this, the latest privoxy supports an experimental feature called "https inspection", which allows filtering HTTPS traffic. See https://www.privoxy.org/user-manual/actions-file.html#HTTPS-INSPECTION and related sections for details. I had to build my own privoxy, but it was very straightforward, the main thing to note is to include --with-openssl
or --with-mbedtls
when running configure to enable https-inspection.
After you get all the cert stuff setup, make sure to enable the feature in e.g. user.action
:
# Following section enables TLS/SSL filtering for all sites requested by HTTPS.
{+https-inspection}
/
Once I configured that and got everything set up I can see the filter rules adding CSS statements in the "view source" page for a given https webpage. However, I still am not seeing element hiding.
The other problem is turning on https inspection has really slowed down my privoxy server (Raspberry Pi 4, which does not have hardware crypto) to the point where it is not usable, so it's not really an experiment I can continue with my current setup.
Posting this here in case it helps others... In the meantime I get good results with my pihole...
from adblock2privoxy.
https://www.privoxy.org/user-manual/actions-file.html#HTTPS-INSPECTION
TLS interception raises numerous security and privacy considerations, as well as the additional complexity of another layer of PKI to manage. Yes, both squid and privoxy can be configured for TLS interception. The tradeoffs involved in doing this may or may not outweigh the benefits of adblocking.
I find that using a PAC within the browser is highly effective without the necessity of TLS interception. See https://github.com/essandess/easylist-pac-privoxy.
This works for Safari—on both desktop and mobile devices—and Firefox; I believe that Chrome now limits the use of a PAC in this way.
If PAC adblocking is ever limited by major browsers, TLS interception is always available as an ultimate solution.
from adblock2privoxy.
TLS interception raises numerous security and privacy considerations, as well as the additional complexity of another layer of PKI to manage.
I do not think that using it on a home LAN causes any problem. For 5 years of use (even with the help of ProxHTTPSProxyMII) I have not noticed any problems with confidentiality, on the contrary, it can be increased by using all the Privoxy functionality.
@vladns I’ve migrated completely over to the TLS interception side now that iOS Safari has stopped working with proxy.pac HTTPS black holes (see essandess/easylist-pac-privoxy#21), and Chrome has disabled the policy PacHttpsUrlStrippingEnabled
.
I concur that on a LAN this causes no issues, and indeed performs better than a more complicated PAC file → squid
→ privoxy
proxy chain.
Please see: https://github.com/macports/macports-ports/blob/master/www/privoxy/Portfile
from adblock2privoxy.
Related Issues (20)
- ab2p.common.css causes breakage on some sites HOT 1
- adblock2privoxy segmentation fault HOT 2
- easylist go.*. rule breaks many sites HOT 5
- element hidding whitelists undesired behaviour HOT 1
- empty rules HOT 2
- disregarding information following $ HOT 2
- translated records get dot in front which has adverse effects HOT 3
- TODO: remove matched element conversion HOT 1
- adblock2privoxy compilation fail with GHC 8.4.3 HOT 12
- META: work plan for cureent issues HOT 1
- New feature: duplicate detection HOT 1
- unintended escape characters for [ and ] HOT 3
- update filterlist HOT 4
- Dead Download links. HOT 2
- Ad2p run breaks with "Illegal instruction" HOT 3
- The site https://projects.zubr.me/wiki/adblock2privoxyDownloads does not open HOT 1
- rsync: link_stat "/root/adblock2privoxy*" failed: No such file or directory (2) HOT 5
- Missing client-header tagger 'ab2p-elemhide-check-debug' HOT 2
- Installation: stack command fails with "specified targets matched no packages"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adblock2privoxy.