[Howto] Use Privoxy to prevent online tracking and analytics

These days it's hard to find a website that isn't using a analytics and/or tracking software to profile visitors. The use of analytics, cookies, web-bugs, and even advertising banners to track users actions (often across multiple sites) is commonplace and can be used to trace a user quite effectively. However, it is quite easy to set up Privoxy to prevent analytics scripts, cookies and web-bugs from tracking you.

What is Privoxy?

Privoxy is a lightweight proxy that sits between your browser and the internet and performs two main tasks:

Privoxy can filter content received from websites. Using sets of defined rules you can choose which parts of websites are downloaded and displayed in your browser. This allows us to selectively ignore adverts, tracking scripts and other annoyances and privacy threats.
Filters can be applied both ways so we can control what data is sent to websites we visit. This further helps protect our anonymity.

This tutorial will walk through how to install and configure Privoxy to prevent most website tracking/analytics scripts from tracking your activities and the vast majority of adverts from hindering your browsing. As Privoxy is separate from your browser, you can use one installation to protect multiple browsers and even your entire network.

How to install

If you're using a Linux box, you should be able to find Privoxy in your repositories. Installation on a Debian/Ubuntu system would be through apt:

sudo apt-get install privoxy

Of course, you could decide to compile from source, in which case grab the latest tarball from Sourceforge

Windows users should also head over to the Privoxy Sourceforge page where you can download the installer.

Configuration

Privoxy uses a main configuration file along with "filter" and "action" files to determine how and what requests to filter or manipulate. The default settings are very usable, but I like to tweak them slightly to offer better privacy. Firstly we'll edit the match-all.action file:

For Linux users this is usually located at /etc/privoxy/match-all.action

sudo nano /etc/privoxy/match-all.action

Windows users will find the file in the Privoxy installation folder.

Replace the file's contents with the following:

#############################################################################
# Id: match-all.action,v
#
# This file contains the actions that are applied to all requests and
# may be overruled later on by other actions files. Less experienced
# users should only edit this file through the actions file editor.
#
#############################################################################
{ \
+change-x-forwarded-for{block} \
+filter{refresh-tags} \
+filter{img-reorder} \
+filter{banners-by-size} \
+filter{webbugs} \
+filter{jumping-windows} \
+filter{ie-exploits} \
+hide-from-header{block} \
+hide-referrer{conditional-block} \
+session-cookies-only \
+set-image-blocker{pattern} \
+change-x-forwarded-for{block} \
+hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match \
+hide-user-agent{Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.4) Gecko/20100523 Firefox/3.6.4 ( .NET CLR 3.5.30729)} \
}
/ # Match all URLs

These settings provide a decent level of privacy from some common tracking techniques, for example Privoxy will not provide a referer header when browsing between different sites, but will send the header as usual when browsing between pages on the same site. (This is preferable to blocking all referers as some sites rely on that information to function properly). These settings also allow only session cookies to be passed to and from the browser which further hinders tracking across multiple browsing sessions. We also change the user-agent to something very generic which prevents us from easily being identified in server/analytics logs*. If you want to see what each of the settings do in detail, or add your own, have a look at the actions file section of the online manual.

Ad blocking

Privoxy has some ad blocking rules built in, but these can be further enhanced by adding some rules of our own. In fact, Neil Van Dyke has already put together a small but well formed actions file that blocks a large range of ads. You can download his actions file here, which you should put into your Privoxy directory:

Linux:

cd /etc/privoxy
sudo wget http://designpeo.pl/e/sites/default/files/blog/neilvandyke.action

UPDATE:
As pointed out by an astute reader, both Neil's and my actions files were producing minor errors to show up in Privoxy's log due to a missing parameter on the block actions. The errors weren't fatal (and do not affect the effectiveness of the rules), but may cause problems in future Privoxy versions. Because of this, I've updated the actions files (and this post) to correct this. If you are using the old versions, just download the files again and overwrite the old ones.

Windows users should download the file to their Privoxy installation directory.

Tracker and Analytics blocking

Ad blocking is all well and good, but I'm a big fan of privacy so I thought it would be a nice idea to kill all those little tracking/analytics scripts that try to record and analyse every click on every site. Now I am of course aware that most of my actions are still recorded by the web server logs, but these days they are often completely overlooked by webmasters as they don't provide the level of detail (or the flashy graphs!) of modern analytics services.

I've put together an actions file that catches the majority of known web bugs and analytics/tracking scripts and nullifies them by feeding the browser a local image instead of the Javascript, or web bug from the tracking server.

You can grab the actions file here: privacy.action. Download and add to your Privoxy program directory.

Linux:

cd /etc/privoxy
sudo wget http://designpeo.pl/e/sites/default/files/blog/privacy.action

Finally

Finally, we need to tell Privoxy to use our two extra actions files. Open /etc/privoxy/config

sudo nano /etc/privoxy/config

and add the following lines at the end:

actionsfile neilvandyke.action
actionsfile privacy.action

Restart privoxy:

sudo /etc/init.d/privoxy restart

Now to pass all your browsing through Privoxy you need to set your system or browser to browse through port 8118. Firefox users can find this setting in the preferences dialogue box under:

Preferences > Advanced > Network > Settings

There you should enter "localhost" in the HTTP Proxy box, and "8118" for the Port.

Firefox proxy settings

Ubuntu users can quickly set Privoxy to be used across the whole system by adjusting the settings at:

System > Preferences > Network Proxy

Caveats

Of course, this method does not entirely protect you from being tracked online. As I mentioned earlier, you'll still show up in server logs of the sites you visit and Privoxy will not filter anything at all on an SSL connection (ie when using payment gateways) due to the nature of HTTP. However, you will not appear in the logs of any of the analytics/ad companies (unless you visit those sites directly) as your machine will never even request the analytics scripts or tracking images from them. Also, it's possible to rename the tracking scripts and/or their paths to prevent Privoxy from detecting them, but I have never seen this done in the wild.

Other tools

If you want to go even further to protect your privacy/safety online, it's well worth also checking out the following tools for Firefox:

NoScript, Ghostery, RequestPolicy, Adblock Plus, GoogleSharing and Better Privacy

*I chose to spoof Firefox rather than the more popular IE here as a lot of sites render/behave differently for IE and I didn't want my browsing experience entirely broken!

Files

privacy.action

neilvandyke.action

designpeo.pl/e