With the advent of the new illegal monitoring going on in the USA, and ISPs being actively forced to log and snoop on their own customer’s behaviors, I’ve been advocating the use of Privoxy + Tor to help anonymize some of your browsing behavior and characteristics.
Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, modifying web page data, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk.
Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol.
To configure them to work in concert, just install privoxy and tor using your standard package management tools. Open up Privoxy’s configuration file (normally /etc/privoxy/config) and add the following line:
forward-socks4a / localhost:9050 .
The ending dot is significant, don’t forget to include it. You can put this anywhere in the file you want, but the most-likely place is around line 1064 or so in the standard configuration. Restart privoxy using whatever scripts or service management tools your host operating system provides.
Now there’s an additional tweak you can do to use Squid to pool and cache the sites you visit locally. To do that, you’ll need to change a few things in Squid’s configuration (normally /etc/squid/squid.conf):
http_port 8888 cache_peer localhost parent 8118 7 no-query default # Some basic ACLs to allow local traffic, forbid outside traffic http_access allow purge localhost http_access allow localhost http_access deny all # Make sure we're ALWAYS using Privoxy and Tor, and not bypassing the cache never_direct allow all # And let's remove some headers which can be used to divulge some of our personal info header_access From deny all header_access Server deny all header_access User-Agent deny all header_access WWW-Authenticate deny all header_access Link deny all
Restart Squid and you should be all set. In your application (for example, Firefox), you can set up your proxy server to be:
Browsing will be slightly slower, but very clean and anonymized. If you want, you can also run pre-fetch pages with Squid to speed up access to lateral pages and links on sites you visit.
Using Firefox, I have an extension called SwitchProxy installed which lets me change my proxy configuration with a simple click, from “None” to “Squid (localhost)” to “Squid + Privoxy + Tor”, and so on. I highly recommend it.
In my personal configuration, I have a router which is configured to send every outbound request on port 80, and every incoming reply, to a Squid server running on FreeBSD. No client configuration is necessary at all.
With Squid on the BSD machine, I can set up Privoxy and Tor there, and transparently cache, secure, and anonymize that traffic without burdening the clients at all, no matter how many there are, or what OS they happen to run.
My router’s iptables configuration for that looks like this:
iptables -t nat -A PREROUTING -i br0 -s ! 10.0.1.3 -p tcp --dport 80 -j DNAT --to 10.0.1.3:8888 iptables -t nat -A POSTROUTING -o br0 -s 10.0.1.0/24 -d 10.0.1.3 -j SNAT --to 10.0.1.1 iptables -A FORWARD -s 10.0.1.0/24 -d 10.0.1.3 -i br0 -o br0 -p tcp --dport 8888 -j ACCEPT
10.0.1.1 is my router, and 10.0.1.3 happens to be the FreeBSD machine running a very large Squid cache.
It works great, and clients behind my LAN never know the difference.
CustomizeGoogle lets you anonymize your Google UserID, filter out spammy websites, block Google Analytics cookies, and much more.