Privaxy

Next generation tracker and advertisement blocker

Installation

Disclaimer

This is an early release without authentication on the management API. You should proceed with caution and not expose the service on the internet. To prevent accidental exposure of the service, it's only yet possible to bind on 127.0.0.1.

Using a pre-built binary

Pre-built binaries for Macos and Linux (x86_64) are provided on github releases.

Using the rust toolchain

1. Begin by installing rust.
2. Install rust's wasm target: rustup target add wasm32-unknown-unknown
3. Install trunk.
4. Install nodejs as well as npm (at least v14).
5. Clone this repository.
6. Build the web gui by running cd web_frontend && npm i && trunk build --release && cd ..
7. Build the server by running cd privaxy && cargo build --release.
8. Run privaxy using cargo run --release --bin privaxy.

Local system configuration

1. Navigate to the web gui at http://127.0.0.1:8000, click on "Download CA certificate".
2. Install the downloaded certificate locally.
   • Macos: https://support.apple.com/guide/keychain-access/add-certificates-to-a-keychain-kyca2431/mac
   • Linux: cp privaxy_ca_certificate.pem /usr/local/share/ca-certificates/
3. Configure your local system to pass http traffic through privaxy.
   • Macos: https://support.apple.com/guide/mac-help/change-proxy-settings-network-preferences-mac-mchlp2591/mac
   • Ubuntu (gnome): https://phoenixnap.com/kb/ubuntu-proxy-settings

About

Privaxy is a MITM HTTP(s) proxy that sits in between HTTP(s) talking applications, such as a web browser and HTTP servers, such as those serving websites.

By establishing a two-way tunnel between both ends, Privaxy is able to block network requests based on URL patterns and to inject scripts as well as styles into HTML documents.

Operating at a lower level, Privaxy is both more efficient as well as more streamlined than browser add-on-based blockers. A single instance of Privaxy on a small virtual machine, server or even, on the same computer as the traffic is originating from, can filter thousands of requests per second while requiring a very small amount of memory.

Privaxy is not limited by the browser’s APIs and can operate with any HTTP traffic, not only the traffic flowing from web browsers.

Privaxy is also way more capable than DNS-based blockers as it is able to operate directly on URLs and to inject resources into web pages.

Features

• Suppport for Adblock Plus filters, such as easylist.
• Web graphical user interface with a statistics display as well as a live request explorer.
• Support for uBlock origin's js syntax.
• Support for uBlock origin's redirect syntax.
• Support for uBlock origin's scriptlets.
• Browser and HTTP client agnostic.
• Support for custom filters.
• Support for excluding hosts from the MITM pipeline.
• Support for protocol upgrades, such as with websockets.
• Automatic filter lists updates.
• Very low resource usage.
  • Around 50MB of memory with approximately 320 000 filters enabled.
  • Able to filter thousands of requests per second on a small machine.