Filters are not taken effect about adblock2privoxy HOT 4 CLOSED

TLS interception raises numerous security and privacy considerations, as well as the additional complexity of another layer of PKI to manage.

I do not think that using it on a home LAN causes any problem. For 5 years of use (even with the help of ProxHTTPSProxyMII) I have not noticed any problems with confidentiality, on the contrary, it can be increased by using all the Privoxy functionality.

from adblock2privoxy.

I am new to this as well, so I don't have answers. However, I am seeing the same thing and have done some investigation. The first thing I found is privoxy by default does not filter HTTPS traffic, which these days is 99%+ of all web sites.

To work around this, the latest privoxy supports an experimental feature called "https inspection", which allows filtering HTTPS traffic. See https://www.privoxy.org/user-manual/actions-file.html#HTTPS-INSPECTION and related sections for details. I had to build my own privoxy, but it was very straightforward, the main thing to note is to include --with-openssl or --with-mbedtls when running configure to enable https-inspection.

After you get all the cert stuff setup, make sure to enable the feature in e.g. user.action:

# Following section enables TLS/SSL filtering for all sites requested by HTTPS.
{+https-inspection}
/

Once I configured that and got everything set up I can see the filter rules adding CSS statements in the "view source" page for a given https webpage. However, I still am not seeing element hiding.

The other problem is turning on https inspection has really slowed down my privoxy server (Raspberry Pi 4, which does not have hardware crypto) to the point where it is not usable, so it's not really an experiment I can continue with my current setup.

Posting this here in case it helps others... In the meantime I get good results with my pihole...

from adblock2privoxy.

https://www.privoxy.org/user-manual/actions-file.html#HTTPS-INSPECTION

TLS interception raises numerous security and privacy considerations, as well as the additional complexity of another layer of PKI to manage. Yes, both squid and privoxy can be configured for TLS interception. The tradeoffs involved in doing this may or may not outweigh the benefits of adblocking.

I find that using a PAC within the browser is highly effective without the necessity of TLS interception. See https://github.com/essandess/easylist-pac-privoxy.

This works for Safari—on both desktop and mobile devices—and Firefox; I believe that Chrome now limits the use of a PAC in this way.

If PAC adblocking is ever limited by major browsers, TLS interception is always available as an ultimate solution.

from adblock2privoxy.

TLS interception raises numerous security and privacy considerations, as well as the additional complexity of another layer of PKI to manage.

I do not think that using it on a home LAN causes any problem. For 5 years of use (even with the help of ProxHTTPSProxyMII) I have not noticed any problems with confidentiality, on the contrary, it can be increased by using all the Privoxy functionality.

@vladns I’ve migrated completely over to the TLS interception side now that iOS Safari has stopped working with proxy.pac HTTPS black holes (see essandess/easylist-pac-privoxy#21), and Chrome has disabled the policy PacHttpsUrlStrippingEnabled.

I concur that on a LAN this causes no issues, and indeed performs better than a more complicated PAC file → squid → privoxy proxy chain.

Please see: https://github.com/macports/macports-ports/blob/master/www/privoxy/Portfile

from adblock2privoxy.