Use Proxy Filters to Give Clients Online Privacy

In this recipe, I'll show you how to make your clients' Linux-based PC systems (whitebox or otherwise) virtually invisible to snooping Web sites by using proxy filters. Why is being invisible on the Web a good idea? Because any information a user leaves anywhere on the Net increases that user's risks, no matter how benign the user thinks a Web site or its owner may be.

Wherever a user goes on the Web, they leave tracks in the form of an IP address and information about their system. This is necessary. If a Web page is requested with accompanying files from a Web site, then the site must have an IP address to send those files to. But the issue is how much information is collected. For example, here is what a browser typically leaves behind when a user goes to a Web site (taken from an actual site log entry):

194.109.160.xxx - - [03/Dec/2001:11:13:51 -0500] "GET / HTTP/1.1" 200 1696 "http://www.musicfrom.nl/nieuws/?id=2995" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"

This shows the (munged) IP address, date, time, and timezone of user, plus the method of http access, referrer page (the page whose link was followed to get to this site), browser type, compatibility settings, OS version, and browser plug-ins. For a complete list of what your browser can be telling the Net about you, see this 404 Research Lab list.

Most of what you will see is information a Web server must know to communicate with the browser. But as exploits improve, more and more information from a browser will be usable for exploits. Security is always a tradeoff. Some of the information a browser sends and receives can be altered via Privoxy.

Other visible risks of unproxied Web surfing include:

• Being targeted for malware attacks targeted specifically at a user's IP address, OS, and browser type from server log entries like the above at a site the user didn't know was being operated by black hats, perhaps without the knowledge of the organization maintaining the server. This is probably the most important hazard for most people.

• Being targeted for browser attacks using malware written into a Web site's code. Privoxy and other proxy programs filter against some of these attacks.

• Being targeted for spam. While this is unlikely for a modern browser, privoxy filters outgoing e-mail addresses when a browser sends them, too.

• Problems with browsers crashing due to really bad Javascript, which privoxy will try to filter.

• Being targeted for the political content of visited Web sites. For example, see this article on the seizure of the EU Indymedia server.

• Accidents happen. Users don't have control over where a Web page redirect takes them. They may not realize where a Web search hit is taking them. When "good" sites go out of business, their domain names are purchased by pornographers and other kinds of bad guys every day. Or a user might find themselves inadvertantly redirected to a terrorist Web site.The less information a user leaves behind on these kinds of sites, the better.

Any system builder who's fixed an unparanoid broadband user's box will understand what I mean. Often, these systems crash because the hard drive is loaded with viruses, trojans, spambots, and other malware. While today this is a much smaller problem for Linux desktops than it is for Windows systems, as Linux becomes more popular, the "bad guys" are going to try harder to attack Linux boxes.

Besides, Web sites only need to know a user's identity when the user is buying something. After all, the site's owners need need to know where to ship a physical product. But for everyone else, when using the Net, a certain amount of paranoia is indicated. The proper question about user privacy isn't, "What have you got to hide?" Rather, it's "What business is it of yours?"

Introducing Proxies

Proxy programs add a processing layer between a Net application and the network. Many kinds of incoming/outgoing application data can be modified, added, or suppressed via a proxy. The usual individual proxy use is privacy protection, implemented via code-filtering and by allowing a Web browser to use anonymous proxy sites. For this Recipe, the proxy I used is Privoxy.

Anonymous proxy sites make a user invisible to a Web site by allowing Web pages to be forwarded to a browser with the Web site knowing only the anonymous proxy site address. The proxy site that knows the user's IP address doesn't relay it. If a "bad guy" get the logs for the server your customer is surfing, they don't get your customer.

However, the bad guys' network or ISP can still find out where they're surfing to from the logs. This, in turn, can be bypassed via encrypted (by default) SSL connection to an anonymous web-proxying Web site like Megaproxy by moving the "who do you trust?" question to the service provider. (Another anonymous site, www.anonymizer.com, requires WinXP for SSL.)

The user is visible to an anonymity service provider by definition, if no other way, because they bill to the user's credit card. So what happens if the user is paying a "bad guy" to "protect" their privacy? All a user can do is to research the provider's reputation online and hope for the best.

You can use the Fedora Core yum automated installation tool to install Privoxy (or any other program that can be installed with yum). New users of other distributions should profit from the explanation, as the other command-line Linux installation tools work in a very similar way.

Automated Installers

A command-line installer is accessed via the root account. To log in as root:

Open terminal:

su - root 

pw:

Automated installers like yum / urpmi / apt-get solve the dependency problem. This happens when you attempt to install a binary application package (for example, filename-0.4.1.1.i386.rpm), and it responds with a list of missing software modules the program depends on to make its operation possible. You get to find and install these modules. I try to find ways to use automated installation tools before installing directly from rpm whenever possible.

There are two primary forms of binary application installer packages in use today in Linux. One is the .rpm installer file format ("rpm" stands for Redhat Package Management); the other is .deb format for Debian and Debian-derived distributions.

Installing from rpm or .deb works best with the kind of relatively simple utility that, when implemented in Windows, doesn't require Registry changes. Dependency problems occasionally happen in Windows, and when they do, the next step isn't obvious.

Automated installers compare the rpm (or deb) internal listing of required components against the installed component list. What's missing is then compared with the list of program components on each repository site listed in the configuration file. They then download and install available repository files needed for program installation. This method for dealing with dependencies is superior to Windows ignoring the problem.

The best way for the average user to use a tool of this sort is via a GUI. Unfortunately, the yumi installer GUI for Fedora Core is still experimental and has problems. While synaptic for apt-get is very good, it has fewer available programs. But the yum command-line is easy enough.

Privoxy installation with yum

If you've used automatic installation and simply want to use Privoxy to protect your clients' Web-surfing privacy, skip down to the section labeled "After Installations."

Otherwise, go online, and log in as root: yum install privoxy, and type y at the prompt.

Repositories

If the yum installer can't find privoxy, then you need to add repository sites. Yum repositories contain yum-installable rpms, plus the information required to install them successfully. There are a number of repositories which might contain the program you want.

The yum-accessible repository list is found in /etc/yum.conf. To find out if a program is available for automated installation for your distribution after your initial yum install programname fails, for Fedora Core 2, Google on: "yum repository" "programname" FC2. Look around listed sites for site entries for yum.conf repository entries.

Since the repository listing that comes by default with yum isn't too extensive, here's a more complete yum.conf file you can use in its place with a collection of yum repository sites. The more repositories you have listed in the yum.conf file, the better your chances are of finding that the program you want to install can be installed via yum.

To install this collection of yum repositories, log in as root, open /etc/yum.conf in a text editor, and replace the contents with the following. If there isn't a yum.conf file, save file as: /etc/yum.conf.

---

[main]

cachedir=/var/cache/yum

debuglevel=2

logfile=/var/log/yum.log

pkgpolicy=newest

distroverpkg=redhat-release

tolerant=1

exactarch=1

retries=20

[base]

name=Fedora Core $releasever - $basearch - Base

baseurl=http://download.atrpms.net/mirrors/fedoracore/$releasever/$basearch/os/

http://ayo.freshrpms.net/fedora/linux/$releasever/$basearch/os/

http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/$basearch/os/

[updates-released]

name=Fedora Core $releasever - $basearch - Released Updates

baseurl=http://download.atrpms.net/mirrors/fedoracore/updates/$releasever/$basearch/

http://ayo.freshrpms.net/fedora/linux/$releasever/$basearch/updates/

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/$releasever/$basearch/

#[updates-testing]

#name=Fedora Core $releasever - $basearch - Unreleased Updates

#baseurl=http://download.atrpms.net/mirrors/fedoracore/updates/testing/$releasever/$basearch/

#http://ayo.freshrpms.net/fedora/linux/updates/testing/$releasever/$basearch/

#http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/$releasever/$basearch/

# alternatives to stable: testing and bleeding

[at-stable]

name=Fedora Core $releasever - $basearch - ATrpms stable

baseurl=http://apt.atrpms.net/fedora/$releasever/en/$basearch/at-stable

[xcyb-stable]

name=Fedora Core 2 ( xcyborg / stable )

baseurl=http://rpms.xcyb.org/fedora/2/stable/

[xcyb-bleeding]

name=Fedora Core 2 ( xcyborg / bleeding )

baseurl=http://rpms.xcyb.org/fedora/2/bleeding/

[freshrpms]

name=FreshRPMs

baseurl=http://ayo.freshrpms.net/fedora/linux/$releasever/$basearch/freshrpms/

http://ftp.us2.freshrpms.net/linux/freshrpms/ayo/fedora/linux/$releasever/$base$

#gpgcheck=1

### Dag RPM Repository for Fedora Core 2

rpm http://apt.sw.be fedora/2/en/i386 dag

#[dries]

#name=Dries APT/YUM Repository

#baseurl=http://dries.studentenweb.org/yum/fedora/linux/$releasever/$basearch/dr$

#gpgcheck=1

[fedora-stable-pending]

name=Pending Fedora Linux (stable) for Fedora Core $releasever

baseurl=http://download.fedora.us/pending/fedora/$releasever/$basearch/RPMS.stable/

gpgcheck=1

#[fedora-testing-pending]

#name=Pending Fedora Linux (testing) for Fedora Core $releasever

#baseurl=http://download.fedora.us/pending/fedora/$releasever/$basearch/RPMS.testing/

#gpgcheck=1

#[fedora-unstable-pending]

#name=Pending Fedora Linux (unstable) for Fedora Core $releasever

#baseurl=http://download.fedora.us/pending/fedora/$releasever/$basearch/RPMS.unstable/

gpgcheck=1

[fedora-us-2]

name=Fedora Core 2 -- Fedora US mirror

baseurl=http://mirrors.kernel.org/fedora.us/fedora/fedora/2/i386/RPMS.os

[fedora-us-2-updates]

name=Fedora Core 2 updates -- Fedora US mirror

baseurl=http://mirrors.kernel.org/fedora.us/fedora/fedora/2/i386/RPMS.updates

[fedora-us-2-stable]

name=Fedora Linux (stable) for Fedora Core 2 -- Fedora US mirror

baseurl=http://mirrors.kernel.org/fedora.us/fedora/fedora/2/i386/RPMS.stable

[MG]

name=Marcin Garski's RPM repository for Fedora Core

baseurl=http://www.lunixsys.com/%7Emgarski/fedora/$releasever/

[dag]

name=Dag RPM Repository for Fedora Core

baseurl=http://apt.sw.be/fedora/$releasever/en/$basearch/dag


[freshrpms]

name=Fedora Linux $releasever - $basearch - freshrpms

baseurl=http://ayo.freshrpms.net/fedora/linux/$releasever/$basearch/freshrpms


# Configuration for Fedora Core 1 or 2

[BGW]

name=BraveGNUWorld RPMs

baseurl=http://yum.bravegnuworld.com/yum/fc/$releasever/i386/

---

Once you have installed the above yum.conf file, try again to install Privoxy or any other program you have tried and failed to install with yum. To add an individual yum repository to yum.conf , log in as root and open /etc/yum.conf as above, copy and paste the repository entry from the new yum repository site you want to add into your yum.conf file after the last entry in the yum.conf file, and save.

After installing privoxy

If Privoxy doesn't automatically start at startup, start it via distribution-specific startup procedure. You'll find this procedure in the Privoxy manual. Here's the browser setup:

Mozilla: Edit > Preferences > Advanced > Proxies

Set Manual Configuration 

HTTP Proxy : localhost Port:8118 

SSL Proxy: localhost Port:443

Privoxy configuration via browser

Go to http://config.privoxy.org. If the Privoxy program is not working or the browser is not using it for Net access, then the prioxy.org server will be accessed instead of the internal configuration Web page. If so, your user will see a page saying that "Privoxy is not being used," as shown below.

Next, your user needs an easy way to turn proxy access on and off. Why? Because some sites:

• Disallow the use of anonymous proxies.

• Cannot be accessed from the specific proxy site you are using. For example, a specific IP or IP range is blocked at the server.

• Require features that Privoxy is configured to block .by default in order to protect user privacy.

To offer this toggle feature in Opera, go to the top of the browser's toolbar. See the unchecked "Enable Proxy Servers" checkbox. This is from the Opera Tools / Quick Preferences menu. I used custom configuration to put it on a toolbar to let me know if the browser should be running through privoxy and allow toggling. Do this on your browser, if possible.

In Mozilla, set up an alternate user profile in Mozilla. Mine is called "no proxy." Direct connection (no proxy) is set by default, so all I have to do is Tools > Switch Profile > click "no proxy" to turn proxy off -- and the reverse to turn it back on. You still have to copy bookmarks, etc., but you shouldn't be running proxy-off that often. Perhaps the bookmarks one wants in this profile are the financial and few other sites that make bypassing one's proxy necessary.

The above methods bypass privoxy completely, leaving your browser completely open to Web sites. (For some sites, "completely open" is the only way to access them.) Bookmark the privoxy toggle on your browser Personal Toolbar. Go to the page's "Click here" link to toggle it.

Technically, toggling Privoxy on and off this way does not turn Privoxy on and off. Instead, it toggles the privacy-enhancing functionality on and off. Privoxy continues to work as a transparent proxy that simply passes through Web-page requests and the files the Web server sends back as responses unaltered.

To change most Privoxy functions, change the configuration at the "View & change the current configuration" link. Changeable functions include popup blocking and spam URL blocking. Privoxy has many configuration options. Go to the online manual / man file for further information.

What you see below is the main Privoxy configuration Web page. You can view or edit any of the files where there are View or Edit button. The Edit button is missing from standard.action because it contains the standard action configuration built into the browser; alter that (with a text editor) and it might stop working. The filter page contains the standard Web-filter settings controlled by the actions files discussed below.

An "action" is a process privoxy performs on a piece of information entering or leaving your browser. This makes it possible for privoxy to filter pop-ups, and block ads and cookies, if desired.

The default.action button provides powerful options to generally describe how big the changes the proxy will make to the information incoming and being transmitted by your browser. It mainly provides presets for a group of configuration changes. The user should avoid it until after they have read and understood the manual. While Privoxy will keep working regardless of setting, the user might be unable to either access the pages they need via the browser or provide information Privoxy was expected to block.

The user.actions file provides specific options like "filter html-annoyances-Get rid of particularly annoying HTML abuse." This can be turned on or off via radio buttons as shown below. This is the page most likely to contain settings a user might actually want to access.

Setting up anonymous proxies via Privoxy

First, find anonymous proxy listings (including SSL) at Atom Intersoft (read notes at bottom of page); Public Proxy Servers; or Proxy Elite. Whatever proxy listing sites you use, make sure they:

• Show transparent / anonymous / "high anonymity" or "elite" (synonymous) in descriptions

• Are accessible with your anonymous proxy

• Show country of origin

Use "high anonymity" / "elite" ONLY, and change the anonymous proxy site(s) in your /etc/privoxy/config forward entry frequently. If you think your users should worry about problems based on surfing to sites containing controversial political content, the best anonymous proxy sites are those that are least likely to cooperate with the local government.

Choosing the wrong anonymous proxy site might put you behind private or government censorware applied at a network firewall between your anonymous proxy and the site you want to connect to. The wrong proxy might simply make the site you want to see inaccessible by simply blocking an IP and returning no result to a browser URL request instead of redirecting the user to a "blocked" page.

The Great Firewall of China is an example of that kind of blocking. I tested this by deliberately select a .cn anonymous proxy and accessing a site that I could reasonably expect to be blocked by the Chinese government. Below is an example of the wrong choice of proxy landing me behind a firewall that refers "bad site requests" to a blocking page.

Either way, the user fix is the same: simply find another anonymous proxy site and keep on surfing. Manually editing the /etc/privoxy/config file below is required, because the file where the forward entry is located is not browser-configurable:

Enable anonymous proxy:

log in as root:

 nano /etc/privoxy/config 

Use the search (control-W) function to find :443 .

Examples:


Everything goes to an example anonymizing proxy, 

except SSL on port 443 (which it doesn't handle): forward / 193.194.79.xxx:8080 

forward :443++. 

Set Up Or Change An Anonymous Proxy

Uncomment the forward line(s) you use by removing # . Substitute a proxy IP for 193.194.79.xxx:8080. Substitute a ssl-capable proxy IP for: forward :443++. if you like. The dot after :443 means forward nowhere. You replace the dot with an IP address for a proxy capable of accessing SSL via port 443 if you use a SSL proxy. (SSL proxies are much rarer than regular Web proxies.)

Keep a few extra proxy IP addresses in the file for convenience. Put them in lines under the forward lines, and comment them with # as above. Toggle privoxy OFF(see above), then back ON. Your browser should route to/from the new forwarding address. If not, stop or restart it.

Chain anonymous proxies

This means run two or more proxies in series. Of one anonymous proxy isn't anonymous, its site logs will be useless for tracking because they will be pointing to the other proxy. Problems include additive lag time; also, both proxy sites must work. Because the documentation is inadequate for this, I have requested how-to information.

To stop privoxy:

log in as root

ps A

find the numeric process ID of privoxy

kill -9

[numeric process ID]

See the paragraph above that follows After Installing privoxy for restart instructions. I have requested forwarding be made Web-configurable. You can track this feature request at https://sourceforge.net/tracker/index.php?func=detail&aid=1089626&group_id=11118&atid=211118

Testing

Do not rely on untested anonymous proxies. Use an ENV_Checker to examine the browser headers. Look for your own IP address. If you find it, (start with HTTP_X_FORWARDED_FOR), you're not anonymous. Find another proxy site. The sites below perform the ENV_Checker functions mentioned above. Use these to test your browser:

• http://env.kaz.nu/checker.shtml

• http://www.cybersyndrome.net/evc.html

This next screen shot shows that both Privoxy and the high-anonymity proxy are working, as my real IP address is absent. The proxy IP is edited to protect its bandwidth:

Finally, this is the whois listing for the IP I am apparently websurfing from:

For more information:

• Security and Encryption FAQ: WebServerTalk

• Keeping Fedora up to date with Yum: Linux Gazette

---

A. LIZARD is an Internet consultant in the San Francisco Bay Area. He has been writing for technology magazines and Web sites since 1987.