The Privoxy thread

Hi all!

Not sure a lot of people are aware of Privoxy for Sailfish OS, except a strange warning about it in every instance of the release notes.
Well, almost co-inciding with the release of Sailfish OS 4.5EA comes a new release of Privoxy 3.0.34, so I thought why not take the opportunity to make the community more aware of it.

What’s a Privoxy?

It’s a proxy. A filtering proxy.

Which means it lives between your browser and the Big Scary Internet, and it can filter things you don’t want the internet to know about you (privacy), or filter stuff the internet knows about you but you don’t want to see (i.e. ads).

So, like Defender?

No. Defender works with host lists on the DNS level. Privoxy works on http(s) web pages and their content.

Privoxy can do something similar to Defender (i.e. block access to certain hosts), but it

a) isn’t as low-level as Defender / the hosts approach
b) apps need to opt-in to use privoxy as a proxy for it to do anything.

So, like uBlock/AdBlock/…?

Kinda.
While we lack browser extension support on the Sailfish Browser, it can be the next best thing.

In fact, you can emulate things like AdBlock through Privoxy by using the Ab2P setup.

So you can use it in addition to and parallel to Defender.

OK, so I just click install and have privacy and am blocking ads?

No.

Well, after installing it will run, but it won’t do anything for you.
You need to follow the README in order to make use of it.

And even after you have done that, you will very likely have to do extensive tweaking to make it work for you.

So it’s basically a lot of work for little gain?

Yes.

But you have a choice of

• no protection from anything at all (default setup)
• Defender hosts blocking (which is fine but not perfect)
• Adding Privoxy to the chain, or using it standalone.

That doesn’t sound very appealing.

True.

A wise man once said something like:

Still, some people enjoy a game of Golf.

Privoxy, in practice is very much that.

So why this post?

Because I think the software still does have it merits - but we need the community to cook up some privoxy rules to make it work better.

So please, if you enjoy tinkering, give it a try, and if you come up with some rules or configurations which work well for SFOS, share them here, or even better, submit them to be included in the packaging.

Links:

Home page: https://www.privoxy.org/
Guide: Privoxy 4.1.0 User Manual
Packaging Repo: Peter G. / harbour-privoxy · GitLab
OpenRepos (unsupported): Privoxy - now in Chum | OpenRepos.net — Community Repository System
Chum: Show sailfishos:chum / harbour-privoxy - SailfishOS Open Build Service

Hej, I had missed that one. I do believe I shall go play a round of bit golf! Thank you for the excellent documentation: docs/Userguide.md · master · Peter G. / harbour-privoxy · GitLab

Well, good luck and hope you find it useful.

In the spirit of sharing some small snippts, here’s one that helps reading Qt docs on the device:

In the alias section:

qt-doc-redirect = \
+redirect{s@/qt-6/@/archives/qt-5.6/@}

And the rule proper:

{qt-doc-redirect}
doc.qt.io/qt-6/*

No biggie, but it shows what you might use it for apart from blocking stuff.

In a similar way you can redirect reddit to teddit, youtube to invidious and so on.

This, indeed, is one of the main reasons I want to run it locally. Irritating links.

reddit-redirect = \
+redirect{s@^(http|https)://[^/]*/(.*)@$1://teddit.namazso.eu/$2\&theme=auto@}

no-reddit-redirect = \
-redirect{s@^(http|https)://i.reddit.com/(.*)@$1://teddit.namazso.eu/$2@}

{reddit-redirect}
.reddit.com
reddit.com

{no-reddit-redirect}
reddit.com/(api|gallery|poll|rpan|settings|topics)
*.reddit.com/(api|gallery|poll|rpan|settings|topics)

{ old-reddit-redirect }
reddit.com
(www|np|new|amp).reddit.com

I’ll try once more:

Is anyone actually using this?

If you do, prepare for some exciting improvements coming with Privoxy 4.0.0.

Also, prepare yourself to prepare yourself for some small updating/migration tasks:

I tried privoxy and was quite happy with the results in native Browser but then noticed, that all android apps lost internet connection. I have followed users manual and set up a global proxy, does this cause android support to loose connection?
BTW what steps should i follow to uninstall privoxy again, is it save to just delete the app?

I have never noticed any problems with Android App support, AFAIK it can’t even be made to use the proxy.
Are you sure it’s related, i.e. does it start working again if you toggle off Global Proxy?

Uninstall and clean up depends a bit on what you installed and configured.

To just get rid of it, it should be enough to pkcon unistall harbour-privoxy. Followed by pkcon search --filter installed privoxy to see if any subpackages remain.

After uninstall you might want to clean up edited config files in /usr/share/harbour-privoxy, and maybe remove the CA certificate from the TLS and Mozilla stores if you added them.

Thanks for your instant reaction! The Problem with AppSupport occured right after setting up privoxy and disappeared right after i unticked the global proxy option for WLAN/Mobile Data… I will give it another try before uninstalling.

If there is indeed a problem I need to look into that and hopefully fix it.

Note that you can continue using privoxy, not setting it up as Global Proxy but just configure it for the stock browser (in about:config).

It’s how I use it mainly.

I tested a bit with proxy toggled on and off and have a mixed result (xperia 10iii):

• Problem with AppSupport loosing WLAN also occured once without using the Proxy and seems (also) to be a problem apart from Privoxy (with a couple of threads in this forum).
• With various reboots and various settings changed in appsupport, i could NEVER get internet to work in appsupport when having the proxy toggled on

Now i’m thinking about using privoxy with settings changes in the about:config file of the browser, but read in the forum, that changes in these settings are not permanent… Can i change settings permanently and how?

cd ~/.local/share/org.sailfishos/browser/.mozilla
touch user.js
$EDITOR user.js

Using an editor, add this to the user.js file:

// Mozilla User Preferences
user_pref("network.proxy.http", "127.0.0.1");
user_pref("network.proxy.http_port", 8118);
user_pref("network.proxy.ssl", "127.0.0.1");
user_pref("network.proxy.ssl_port", 8118);
user_pref("network.proxy.type", 1);

Restart the browser.

NOTE: to remove the settings again, you must remove them from both user.js and prefs.js and do it while the Browser is not running.

And another (few) year(s) later at least one

‘Great work’

and

Thank you very much

from my side.

Installed (easy) and configured (quite hard) and it’s working like charm. Both for native browser as well as for dark side Chrome etc al. I set global proxy in settings

And used a simple sed for switching on/off connection with Tor, changing the forward-socks5t option in config-sailfish.

High praise, thank you!

I’m working on an update to Privoxy 4.1, which will probably bring WolfSSL support - which should improve performance.

I have also toyed with ECC instead of RSA certificates for TLS but that currently makes plenty of sites not work. Not sure why.

That’s a good idea. Maybe a “Privoxy Manager” GUI could be written to do that and similar things!

To anyone who actually runs Privoxy:

Call for Testers

There’s a new version out for testing at Chum-Testing:

• Update to Privoxy 4.1.0 (ChangeLog)
• Switch from mbedTLS to WolfSSL as TLS library
• Add support for zstd compression (SFOS 4.4+)

Also, the brotli compression library has been bumped.

Chum Testing Privoxy
Chum Testing WolfSSL

With WolfSSL, performance of HTTPS inspection should be (much?) faster now.

Please test this new a version and report any problems.
(But please back up your privoxy 3.0 config!)
Especially report if you are getting SSL connection errors to sites, and which sites these are.

It would also be nice if you replied to this post if you tested and found no severe problems, so I know that at least somebody apart from me has tested.

Post-update notes:

For good measure:

devel-su systemctl daemon-reload ; devel-su systemctl restart privoxy

As we no longer depend on mbedTLS, after upgrading you can do (optional but recommended):

devel-su pkcon remove mbedtls-libs

Also, in case you have configured the cipher-list option in the Privoxy config file, you probably need to adjust it (or better revert to default).

Reverting to stable

While the new version has not been pushed to chum, you should be able to revert to stable with

devel-su pkcon install --allow-downgrade harbour-privoxy

Sorry, but not yet experienced with Chum.

Do I need to change some settings in GUI or download / install packages manually for testing? (There are so many and some with +WolfTLS…)

Since it is testing repo I decided to download and install manually instead of adding a repo.
You can find packages in aarch64 and noarch directories of:

and there was necessary to uninstall old packages via CHUM (http → ab2p → main) first.

Yes, OBS can be a bit annoying this way.

Two options:

1. In chum GUI, activate the testing repo
2. Go to terminal
3. devel-su pkcon refresh OR zypper ref -r sailfishos:chum:testing
4. devel-su pkcon update harbour-privoxy OR zypper up harbour-privoxy
5. Back to chum GUI, deactivate the testing repo again

be sure to take that last step before installing anything else, you don’t want to accidentially pull other packages from testing.
Do NOT update anything from Chum GUI while in testing mode.

If you have zypper installed, use that, it’s a bit more convenient/informative on what needs to happen.

Alternative, but I think you need an OBS account for that:

devel-su pkcon install osc
mkdir ~/testing
cd ~/testing
osc co sailfishos:chum:testing harbour-privoxy
osc co sailfishos:chum:testing wolfssl
osc co sailfishos:chum:testing brotli
cd "sailfishos:chum:testing"
osc getbinaries  <<the repo for your version, e.g. 5.0_aarch64>>
cd binaries
devel-su pkcon install-local <<list of rpm files>>