Table of Contents

Enable Intercept Proxy Requests

Add, the following to privoxy's configuration file:

accept-intercepted-requests 1

then, you can redirect traffic to privoxy using iptables:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT 8118

Speed Tweaks

privoxy cannot be tweaked too much, a good idea is to not use its filtering system and go with either polipo or (if you must) dansguardian. privoxy's filtering system, while very advanced, is also perceivably slow. Use privoxy for filtering only as a last resort - polipo performs faster when filtering a long list of domains.

Thus, disable all filters:

## Privoxy is slow, disable filters.
#actionsfile default.action   # Main actions file
#filterfile default.filter
#actionsfile user.action

Forwarding

One of the best uses for privoxy is to use it as a proxy relay, for example:

## Forward everything that does not match to polipo
## for content filtering and fast fetching of websites.
forward /       127.0.0.1:8123

## Browse the .onion network by sending any requests 
## to URLs that end in .onion to the tor proxy.
forward-socks4a .onion  127.0.0.1:9050 .

## Get around ISP censorship and redirect traffic to 
## censored websites through tor. 
forward-socks4a .thepiratebay.sx        127.0.0.1:9050 .

## Fetching local websites (from a local apache server) 
## directly, without sending the request through either
## polipo or tor - development websites should not be cached.
forward mypage.com  .

Anonymity / Censoring Headers

In the privoxy main configuration file /etc/privoxy/config, enable the match-all.action file:

actionsfile match-all.action

Open the default actions file /etc/privoxy/match-all.action and amend it with:

{ \
+change-x-forwarded-for{block} \
+hide-from-header{block} \
+hide-referrer{conditional-block} \
+hide-accept-language{en-us} \
+hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match \
+session-cookies-only \
+fast-redirects{check-decoded-url} \
+hide-user-agent{Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.2 Safari/537.36} \
}
/ # Match all URLs

For a list of user-agent strings, you can try the browsercap.org ini files for list of user agents. If you are a google.com user, it is generally a good idea to pick a Chrome user-agent string. This is because some services on the Internet adapt their websites according to the user-agent string, ie: a BSD/X11 user-agent string will make google.com look as it was 10-20 years ago, with some features disabled.

Do not pick a user-agent string of a browser that has less capabilities than the sites you browse.

Redirect Google Search to Bing Search

First enable the user-filter by editing /etc/privoxy/config:

actionsfile user.action

Then edit /etc/privoxy/user.action to add the following lines:

# Redirect Google Search to Bing Search
{+redirect{s@^http://[^/]*/.*?[&,\?]q=([^&]*).*@http://www.bing.com/search?q=$1@}}
www.google.*/search

# Redirect Google Image Search to Bing Image Search
{+redirect{s@^http://[^/]*/.*?[&,\?]q=([^&]*).*@http://www.bing.com/images/search?q=$1@}}
images.google.*/search

The regex [^/]*/.*?[&,\?]q=([^&]*).* extracts the query parameter from the google search URL, stores the group and forwards the query to bing.com.

Another option is:

# Redirect Google to Bing (URL)
{+redirect{http://www.bing.com}}                   
www.google.*

Split Configuration for Clearnet and Multiple Deep-Web Services

In order to configure privoxy to allow you to browse both clearnet and the deep web, the following configuration should do the trick:

forward-socks4a    /       torclear.int:9030    .
forward-socks4a    .onion  toronion.int:9030    .
forward-socks4a    .i2p    i2p.int:8456         .

It is also possible to change the configuration in order to use the same tor instance for both clearnet and .onion addresses such that torclear.int and toronion.int could be the same server instead of being split.

Testing

Given the configuration from the previous section; to reiterate:

forward-socks4a    /       torclear.int:9030    .
forward-socks4a    .onion  toronion.int:9030    .
forward-socks4a    .i2p    i2p.int:8456         .

the following must be verified:

With this configuration in place, no websites should be accessed directly but only via the configured upstream proxies.