Slashdot Mirror

You can always use privoxy.

http://www.privoxy.org/

Privoxy: works with any browser that support proxy servers. It is great if you have a server machine to install it, then you can set all your home computers to use that centralized proxy.

Someone has. Check out Privoxy.

It's also great for filtering a bunch of computers (like an entire network) at once without needing to update rules on each of them.

(And it would be a good idea, actually - having a decent web browser that blocks all the ads that Chrome won't.)

Privoxy - It's better than Ad Block Plus - it blocks ad streams to flash sandboxes (hulu) as well as text ads (adsense). And bonus points: it works on all browsers that allow connection through a proxy... which includes chrome.

I prefer Privoxy. There are versions for Linux of various flavors, Windows and OS X and it works with every Web browser that supports proxies.

While I can't speak for OS X, it's action files are plain text under Windows and Linux, and so copying modifications from the user action file on one OS to the other is trivial.

For me, it's more flexible than a hosts file-based approach, since the hosts file is global. Under Windows on my work laptop, I have to use IE to enter my service time, and so I leave its proxying disabled (it's the only thing that I use IE for on my work computer except for some SSL VPNs to which I have to connect from time to time), while enabling it under Firefox and Opera. If I run into a problem with a site with either of those, the first troubleshooting step I take is to disable the proxying - if that works, then I can create custom actions for that site as needed, and once working know that they will work everywhere.

At home all I have to do is copy the user action file to the directory on my NAS where I save shared configuration files, and then replicate it to the other computers (I keep meaning to automate all of this sometime...).

Neat, clean, flexible and easy to maintain - what's not to like? :)

Regards,

dj

Even AdBlock and NoScript may not be enough. I've read about a recent trend where adverts are hosted directly on the content server. So if your website "requires" JavaScript and/or people have whitelisted it, ads will get through because the scripts and images are hosted directly on your website. Bastards.

In case you are willing to do something about it:

• Greasemonkey (FF|IE)
• Platypus
• Shiftspace
• JetPack
• Chickenfoot
• Privoxy
• Proximodo

the last of which is hosted by... SourceForge.

just get privoxy. works with anything! http://www.privoxy.org/ .

Oops.. I meant Privoxy. Junkbuster was ancient history. Damn you caffeine for not kicking in fast enough!

You should both consider using Privoxy. It's web filter proxy that can be as agressive/forgiving as you like.

I got rid of AdBlock a few months ago, I find Privoxy to be a lot more configurable, and since it's a proxy, it works with all my browsers. It might not be for everyone, but I find it very convenient, and firefox loads pages noticably faster now too.

For linux users, there's a quick guide on the Arch Forums on how to set it up for Midori (and actually any browser). It's a little Arch-centric, since Arch uses the BSD init system, and config file arrangement, but it's pretty straight forward, and there are plenty of guides on the official privoxy site too.

You should both consider using Privoxy. It's web filter proxy that can be as agressive/forgiving as you like.

I got rid of AdBlock a few months ago, I find Privoxy to be a lot more configurable, and since it's a proxy, it works with all my browsers. It might not be for everyone, but I find it very convenient, and firefox loads pages noticably faster now too.

For linux users, there's a quick guide on the Arch Forums on how to set it up for Midori (and actually any browser). It's a little Arch-centric, since Arch uses the BSD init system, and config file arrangement, but it's pretty straight forward, and there are plenty of guides on the official privoxy site too.

Privoxy works just fine for me. I rather prefer having a browser-independent ad blocking solution. It's one less feature to worry about when 'shopping' around for browsers and as someone who uses more than one browser it means only having to manage one filter list, not two or four or whatever.

I love the interface! What I don't love, however, are the millions of ads that I forgot existed. I'll move to Chrome the minute it supports plugins and AdBlocker is ported to it. Chrome's plugin API will be finished later this year.

Just use privoxy http://www.privoxy.org/ Works great and you can configure it quite easily to block just what you want blocked. It will do the same for IE if for some strange reason you want to use that POS.

If you use Privoxy, the majority of those ads will go away, and you can do custom filtering for fun and profit easily.

but I feel pretty confident Microsoft Internet Explorer's is worse. I recall reading the EULAs of Windows Media Player 10 and 11 were particularly harrowing experiences.

In any case, if you are concerned about your privacy or don't like advertisements, install privoxy.

Otherwise, enjoy your Chrome experience! It is significantly and quantifiably better than the competition.

IMHO, you're much better off with an ad-removing proxy like Privoxy if you really want to live without a built-in solution like AdBlock. It gives you much finer control over what is and isn't blocked.

Privoxy. http://www.privoxy.org/

Solves all the problems with accidental advertising porn.

NoScript, AdBlock Plus, and Flashblock with FireFox,
 
It's my understanding that Flashblock works only on web pages that have Javascript enabled. And Noscript has its own capability to block Flash as well as Javascript. Therefore, Flashblock adds nothing useful if you already have Noscript installed.
 
However, Noscript does work with Adblock Plus.
 
  privoxy can also provide a fairly fine-grained control of web browsing experience with any browser. I personally use and recommend Noscript and privoxy. Haven't needed Adblock Plus for my purposes (yet).

Which is why Privoxy Rocks.

Try Privoxy. A non-customised installation will kill most ads for about three minutes of work. If you then read some of the config info, creating custom filters is a cakewalk and voilà, you have an ad free Chrome.

Helped me, hope it helps you...

Anyone care to guess why Google's CHROME has no ability to use plugins/add-ons? (And, I'd actually use Chrome if I could BLOCK THE DAMN ADS!!!
 
Just install Privoxy. There are Windows and Mac versions available, as well as Linux.

Your google skills are fail.

http://www.privoxy.org/

Not only does it work with Chrome, it works with any application, including any version of Internet Explorer.

I agree. I run Privoxy on my server and route all client machines through it, except my laptop which has it's own copy. Great program. It could use a better configuration interface, but in most cases the default install is all you need anyway.

Your google skills are fail.

http://www.privoxy.org/

Not only does it work with Chrome, it works with any application, including any version of Internet Explorer.

The state mandates web filtering on all machines. However, there is some flexibility on exactly what should be filtered.

If you're required by law to filter, but the law is vague about what to filter, then do something useful: filter ads. Install privoxy and there's your web filter.

Are things like Facebook and Myspace a legitimate use of a school computer? What about games, forums, or blogs, all of which could be educational, distracting or obscene?

Probably nothing is a legitimate use of a school computer. The students shouldn't even be on the 'net except for whatever is required (e.g. do the they email their homework to the teacher?). The thing is, you also said the kids are expected to take the computers home. If they are expected to not touch it when they're at home, ok. But if it's ok to use it, then you should assume it's personal use, and therefore filter nothing unless the law specifically requires you to filter that site. For any site (e.g. MySpace) where you have to ask, the answer is that you don't have to filter it.

Here's what it's all about: the filtering laws aren't there to fulfill a useful purpose. They just exist to be obeyed. Obey them, but beyond that, you can safely assume their purpose is to serve some special interest (filter software vendors, religious fundamentalists, whatever) and you need not go to any extra trouble to aid those interests. Once you've met the legal requirements, switch gears and do useful and sensible things instead.

Here's your real problem:

The students will essentially own the computers

You say that, but if it were even remotely true, then the rest of your post would be blank. If it's the student's computer, then you don't ask "how much freedom do you give to students?" Instead, you ask, "how much freedom do we go to extra trouble to take away from the students?" If it's their computer, then from that point on, no action on your part can be described as "giving;" you can only take. Therefore you should limit your aggression to whatever is required by law.

Will a perceived lack of trust cripple the effectiveness of the program?

Maybe. Unfortunately you haven't said why the students are getting the computers. Without knowing the purpose of the program, how could anyone measure effectiveness?

Get Privoxy and don't look back.

Every time apple upgrades Safari, they disable my brilliant adblocker, Pithhelmet

Input Managers Are Evil. Try a proxy like Privoxy or GlimmerBlock instead.

Yawn... If the browser can go through a proxy server, AdBlock "ain't S**T."

You could use Privoxy or some other filtering proxy. It's a bit harder to configure, but works with any browser.

Something else to consider beyond Ad-Block and No-Script is a good local proxy.

Privoxy's default installation does a nice job of removing ads and other images, but is highly configurable (also read- IMHO not terribly easy to configure). I found that this was more useful in cutting bandwidth use at home on my 56k dial-up connection than many internet speed boosters/compression agents. JGG

I'd suggest two proxies. Squid for the caching, and Privoxy inline before it to filter out the adverts and other junk. It will make most junk laden pages better to read too.

Probably what I'd do in his situation. But if setting up Squid sounds like too much work for simple web surfing, Privoxy could be a tremendous help by itself. By default, it blocks a lot of the pop-up, drive-by advertising-related bandwidth robbers, and since the original poster already has a convenient status bar showing him who's grabbing his bandwidth and giving nothing in return, it's going to be trivial to build up a blacklist to just kill. The syntax of the configuration files may seem a little daunting at first if you're not use to something similar, but they're well-commented, and have a lot of examples. There's a straight-forward well-documented way to deanimate gifs (load only one frame, at substantial bandwidth savings), and if you delve into it, you might be able to minimize unnecessary reloads by tweaking http headers and javascript. It's cross-platform, easy to install and use if it's your only proxy (only slightly less so if you need to forward to another proxy) and it "Just Works".

The Firefox thing, do a reinstall and turn off the feedback agent, see if that helps.

http://www.privoxy.org/

There is a browser and OS agnostic ad-blocking proxy called Privoxy.

http://www.google.com/chrome

Ad blocking:

http://www.privoxy.org/

*SUPPOSEDLY* firefox memory use can be curbed by going to about:config and setting browser.cache.memory.capacity, but that doesn't seem to be respected by either firefox 2.x or 3.x, and it's excessively slow to boot.

Being as most browsers use firefox's gecko engine it's doubtful they perform much better.

IE is even *WORSE* since it doesn't really have a well defined plugin system let alone adblocking.

That being said, I don't plan to use chrome at least until it gets adblocking *AND* they package terms of service that actually make sense. I read the god-awful tos myself when chrome was released and wondered how long it'd be until I saw something about it on slashdot :)

Oh, and if you're worried about privacy, there's always Tor, Privoxy, and Freecap (or tsocks on *NIX)

I'd really like a Proxomitron [wikipedia.org] workalike, which would imply that functionality.

Privoxy should be able to do everything you need. On Debian it's just a matter of 'aptitude install privoxy' but it is available for Microsoft Windows as well with somewhat more hassle.

If you use Privoxy you can have Chrome with ad blocking as well. Works like a charm for me. Credit to this blog for pointing me in the right direction.

Denny

Privoxy is your friend. It allows you to block ads using a local proxy, so it'll work with any browser. It isn't as easy to setup as Adblock, but it still works effectively.

'Browser Privacy is different from "clear private data when Firefox closes" in that apparently it protects you WHILE you are browsing'

Appariently the protection consists of a white/black of selected sites that the browser deems unsafe. Do these subscription feeds require a fee.

"Depending on your web browsing activity and sites visited, the amount of time it can take before such content is automatically blocked can vary widely. However, at any time, you can customize which third-party content is blocked or allowed though subscribing to InPrivate allow and block feeds"

privoxy noscript FoxTor ..

"I'm curious as to if that level of "private browsing" will make it into a full FF release as I believe Firefox's largest supporter (Google) wouldn't want it in. Can they use that leverage to stop it? and will they?"

I wonder will "private browsing" work with Hotmail, or will their be exceptions burried within the app. Besides, it's irrelevent as I have full control over my computer, not Mozilla or Google .. or Microsoft :)

http://www.privoxy.org/

Access Denied

                The URL you have requested has been blocked because it contravenes the COMPANY Internet guidelines

http://www.privoxy.org/

https is an end to end method; when you insert a proxy you end up following RFC 2817 s5.2 succ.

It is only "not difficult" to write an https client if you leverage pre existing software such as openssl. It is very easy to write a broken TLS implementation.

The TLS tunnel built end to end, with possible CONNECT-accepting proxies in the middle, is the transport layer for the HTTP byte stream. Many HTTP-talking clients can change their User Agent field on their own and this affects https URIs constructed by the client (and showing the relevant padlock/colour change). A third party proxy can only manipulate the contents of an HTTP-over-TLS connection if it terminates the TLS tunnel, which it can only do if the initiating client accepts the proxy's certificate as the end point. This suggests either no certificate-to-FQDN matching at all, or a trusted wildcard certificate on the proxy. The downside in both cases is that client loses all information about the proxy's counterparty, even if the proxy is fully trusted:

browser--->TLS-terminating-proxy--->website

The browser only sees the certificate and encryption offers made by the TLS-terminating-proxy. This is deliberate and very very hard to work around, because the TLS-terminating-proxy is an MITM reading and mutating end to end traffic.

browser--->CONNECT-tunneling-proxy--->website

The only thing the proxy in this model sees is the CONNECT request and the cryptotext exchanged between the browser
and the website. It is (probably) computationally infeasible for the proxy to read or alter the plaintext.

The important thing here is that the browser knows that it is talking to the website because of PKI in the form of the X.509 certificate which has a CN (or equivalent) with the website's FQDN in it, which in turn is signed by a chain back to the private key of a CA whose public key is already known to the browser.

Spoofing that chain is computationally infeasible, although server configuration errors involving long cert chains are so distressingly common that e.g. Verisign's relatively short lived Class 3 intermediate keys are shipped with many browsers, and are a possible vulnerability if you want to explore your option of a TLS-terminating proxy that does not set off your browser's alarm bells.

FYI, you might want to read http://www.privoxy.org/faq/misc.html#AEN899 which deals with this issue from the perspective of an aggressive (and extremely useful! i love it!) proxy that among other things obsecures User-Agent information. http://www.privoxy.org/user-manual/actions-file.html#LIMIT-CONNECT also goes into this in some detail.

If you want you can repeat a simple experiment and try to log in to paypal without using an https URI, either by using an https->http URL rewriting shim or by simply blocking outbound connections to port 443. Paypal to its credit makes these approaches fail.

https is an end to end method; when you insert a proxy you end up following RFC 2817 s5.2 succ.

It is only "not difficult" to write an https client if you leverage pre existing software such as openssl. It is very easy to write a broken TLS implementation.

The TLS tunnel built end to end, with possible CONNECT-accepting proxies in the middle, is the transport layer for the HTTP byte stream. Many HTTP-talking clients can change their User Agent field on their own and this affects https URIs constructed by the client (and showing the relevant padlock/colour change). A third party proxy can only manipulate the contents of an HTTP-over-TLS connection if it terminates the TLS tunnel, which it can only do if the initiating client accepts the proxy's certificate as the end point. This suggests either no certificate-to-FQDN matching at all, or a trusted wildcard certificate on the proxy. The downside in both cases is that client loses all information about the proxy's counterparty, even if the proxy is fully trusted:

browser--->TLS-terminating-proxy--->website

The browser only sees the certificate and encryption offers made by the TLS-terminating-proxy. This is deliberate and very very hard to work around, because the TLS-terminating-proxy is an MITM reading and mutating end to end traffic.

browser--->CONNECT-tunneling-proxy--->website

The only thing the proxy in this model sees is the CONNECT request and the cryptotext exchanged between the browser
and the website. It is (probably) computationally infeasible for the proxy to read or alter the plaintext.

The important thing here is that the browser knows that it is talking to the website because of PKI in the form of the X.509 certificate which has a CN (or equivalent) with the website's FQDN in it, which in turn is signed by a chain back to the private key of a CA whose public key is already known to the browser.

Spoofing that chain is computationally infeasible, although server configuration errors involving long cert chains are so distressingly common that e.g. Verisign's relatively short lived Class 3 intermediate keys are shipped with many browsers, and are a possible vulnerability if you want to explore your option of a TLS-terminating proxy that does not set off your browser's alarm bells.

FYI, you might want to read http://www.privoxy.org/faq/misc.html#AEN899 which deals with this issue from the perspective of an aggressive (and extremely useful! i love it!) proxy that among other things obsecures User-Agent information. http://www.privoxy.org/user-manual/actions-file.html#LIMIT-CONNECT also goes into this in some detail.

If you want you can repeat a simple experiment and try to log in to paypal without using an https URI, either by using an https->http URL rewriting shim or by simply blocking outbound connections to port 443. Paypal to its credit makes these approaches fail.

If you set up a VPN you can browse via Privoxy (removes ads) and Ziproxy (compresses the rest).

... to run (and use) Privoxy. Blocks ads, cookies, and noxious sites. Try it on steaks, cleans nylons, small craft warnings.

And don't surf without it.

Privoxy is a good replacement of AdBlock on Mac OS X (and other platforms if you want). By default it filters a lot of ads and pop-ups and you can add your own rules as regular expressions or as domain names (.google-analytics.com for example). It also has a simple web interface accessible throught the url http://p.p/ for your everyday needs.

"Another approach is to just block it in your HOSTS file:

Privoxy is a much for efficient solution .. blocks adverts too ...

was Re:Protect yourself with HOSTS

That would be one way, but that places the burden on the wrong entity.

To be fair, all these URL shortening sites need to implement a feature like TinyURL's preview feature, since they are the enabler of these acts of spamming. Until they do, I am blocking all these URL shortening services (which is a snap with Privoxy).

I just have fohooCOWtville.myminicity.com (remove herbivore) blocked in my Privoxy setup. It certainly reduces fear of these nasty links.

And, oh yes, if there's a fund setup to catch and kill these bastards, I fully support it.

Or just DDOS ripway.com (or is it h1.ripway.com), I guess.

Gosh. Why doesn't MyMiniCity.com have some sort of abuse report feature? I would be rounding up and reporting these guys so quickly if they did!

I, for one, am blocking xrl.us and ripway.com in my Privoxy setting so I don't accidentally help these spammers any more (at least not through these services).