Blocking Ads on the XO’s Browse Activity

January 6, 2009 at 16:28 | Posted in OLPC, Privacy/Security, XO | 1 Comment
Tags: , , , , , , ,

I have been noticing several post by people wondering how to block ads on their XO’s. Being familiar with Privoxy and it’s ability to block ads I decided to go ahead and try setting it up. It was fairly easy so here is a Quick Howto.

On your XO make sure you are connected to the net and then…

Open a terminal activity

Click the “become root” button (or enter the command: su – )

Enter the command:

yum install privoxy

Once it is done installing you will need to make one quick change to the config file. So type

nano /etc/privoxy/config

Scroll down till you see the line:

logdir /var/log/privoxy

change it to:

logdir /tmp

I had to do this because the /var/log/privoxy directory doesn’t survive the machine restarting.

Press CTRL+X to save and exit

You’ll now be back at the Terminal Activity prompt.

We need to tell Privoxy to start-up at boot time so type:

chkconfig privoxy on

We should also start privoxy now so type:

service privoxy start

Alright, now it is time to set up the Browse Activity. Exit the Terminal Activity. Start the Browse Activity and in the address bar type:


A rather daunting page will come up tht looks like this:

config settngs page

The about:config settngs page

In the filter line type: proxy

The Screen will chance to look like this:

config Proxy settings

about:config Proxy settings

Now we need to change a couple of the settings.

double click on network.proxy.http

a dialogue will pop up letting you enter the new setting.

Enter localhost and click ok.

Now using the same technique change

network.proxy.http_port to    8118

network.proxy.ssl to   localhost

netwok.proxy.ssl_port to   8118

network.proxy.type to  1

After doing so your screen should look like the image above (may not be exactly the same but the 5 settings I mentioned should now all be bold, have a status of “user set”, and the appropriate values).

Now we can test the settings.. in the address bar type p.p and you should get a screen that looks like this:

Privoxy Sucessfully set up

Privoxy Sucessfully set up

If instead you get a screen that looks like this:

Failed To Connect to Privoxy

Failed To Connect to Privoxy

Then either privoxy is not running or you entered one of the proxy settings incorrectly. Double check the setting in about:config. If they are fine go back to the Terminal Activity, become root, and type:

service privoxy restart

and watch the output carefully for errors.

Once you have it up and running I suggest giving it a couple of days on the default settings as privoxy is configured by befault to block may ads. If you find there are some annoying ads still getting through you can  add extra rules to privoxy. Please read the documentation on the privoxy website before you embark on making changes. The built-in interface at http://p.p lets you add/modify rules if you change the approrpiate line in the config file (see the docs on the Privoxy website).


My next blog entry will be on using about:config to make browsing on the XO more private/secure.


All About WebBugs

October 14, 2008 at 12:03 | Posted in Privacy/Security | 1 Comment
Tags: , , , , , , , , , ,

What is a WebBug anyway?

A webbug or web beacon, pixel tags, tracking bugs, etc are tiny 1×1 pixel images (gif, jpg, png, tif, etc) (and increasingly Flash objects) that companies put into websites or e-mails to track where, when, and by whom they are viewed. On most modern computer screens a single pixel is very hard to see. Even if that weren’t the case 99% of the time these images are transparent so even if you have fantastic eyes you wont see them.

Isn’t this just done by evil hackers/Spammers?

There is a growing trend for large online companies to use these bug/tags to track people. This is partly due to the fact that browsers have gotten better at letting people block older ways of tracking you (cookies, ad banners, etc). So it is the next step in an ongoing techie arms race. Good techies trying to protect your privacy/anonymity. Corporate techies trying to track you so people can make money off of you, or off of people that will pay to know what you are interested in.

A prime example of this is Yahoo’s decision to start using webbugs.

Should I be scared?

Web tracking is nothing new, this is just the next step in the dance. So, being scared is probably over reacting a wee bit. You are perfectly justified in feeling concerned, annoyed, pissed off, righteously indignant, or just plain peeved. Privacy is a right and these folks are dancing around that as best they can.

What can I do?

Unfortunately there isn’t one simple, install this program and it will all go away, type thing you can do. However, this does not mean that there isn’t anything you can do. There are some definite steps you can take to protect your privacy and I’ll cover them briefly here.


I’ll start with e-mail as it is probably one of the easier things to protect from webbuggery. First set your e-mail client to never touch remote/online images. This alone will stop many webbugs in their tracks. If there is such an option consider setting your mail client not to render HTML at all. (this might be a bit drastic for most people). Definitely disable Java, JavaScript, VBScript, etc in e-mails. In this day and age having a scripting language active in your e-mail client is tantamount to leaving your keys in your car with the doors open.

Other things you might want to consider:

Digitally signing all e-mails you send (makes them tamper proof).

Sending mail in text only format (yeah, I know, no smilies.. but safer).

Digitally encrypt all e-mails so they can’t be viewed “in transit”

How to make Browsing safer:

Unfortunately since browsing means loading pictures, blocking webbugs while browsing takes a bit more work. Basically you need a system to block the undesirables. There are many options out there but all take at least some work to set up. One of the easiest is the Adblock Plus extension to the Firefox browser. It makes blocking undesirable elements in a webpage quite easy. The problem is that the webbugs are impossible to see so you have to use the “tools -> page info -> media” function of the browser to locate what elements are 1×1 pixel in size and then block them. Not all 1×1 pixel things are bugs. luckily the bugs are often easy to spot as they will come from a source outside the page you are viewing, or will have a fairly obvious hint in the URL like “adserver.”, “adscript.”, “track”, etc. Adblock Plus also offers free filter subscriptions which it will use to get block lists that have been generated specifically for it. The “ABP Tracking Filter (by rick752)” under miscellanious does a good job on blocking many of these webbugs

This is a bit of a pain in the posterior but once it is done you are pretty good to go. You will still want to check from time to time to make sure that there are not any new ones.

The same approach can be used if you have a router that supports a block list. Just keep adding the nasties to the list and soon you’ll be browsing much more safely. The one drawback to this approach is that some webpages try to use Java/Javascript to load up the ads/webbugs. Having them blocked at the router can sometimes make the page stall while Java tries to get the offending material but can’t reach it.

Other options exist such as Privoxy which is a software proxy that will clean a lot of this stuff up for you. My problem with a solution like this is that although Privoxy is very good at what it does I can’t be sure it’s catching everything I want it to.

The best approach, and the one I use, is a combination of the above. Things that don’t block well at the router I block with Adblock Plus and NoScript. I use Privoxy (and Tor) if I am going some place I am unsure about and definitely wouldn’t want tracking/spamming me.

In the end the decision of what to do about this issues is up to you. It’s your privacy, It’s your choice. Sadly many people feel their privacy isn’t worth the effort it takes to set these filters up.  The things I have talked about here is not a complete list of the options to protect ones privacy. Unfortunately going into all the options would make this document far too long and probably make it classify as a good sleep aid for most people.

Included below are some links for further reading on the subject. Enjoy.

Yahoo’s “Web Beacons”




Adblock Plus

Peer Guardian

GnuPG – e-mail signing/encrypting

WebBug Articles:

Phorm (Yuck)

April 8, 2008 at 16:13 | Posted in Blogging, Privacy/Security, Revver Stuff, Tech | 1 Comment
Tags: , , , , , ,

It seems that there is a lot of noise about Phorm in the Blogosphere and that it is just catching my attention recently. (odd really since I spend a lot of time reading on Security and Privacy matters).

There are a couple of anti-Phorm web sites most of which you can get to by starting at BadPhorm. Of particular interest is a counter measure (tho limited) available here

So far it seems to be mainly ISP’s in the UK that have gone ahead with this very bad idea. That in no sense means it is a UK only problem as I am sure that Phorm will try to sign up as many ISP’s as they can globally. I would urge anyone who is interested in preserving their privacy to write to their respective ISP and let them know you don’t want them to implement Phorm webwise technology. It would definitely be worth noting in any letter that you send the history of “Phorm” which was formerly 121media which even just minor googling of, brings up their association with spyware.

If anyone has examples of Phorm mangled cookies, (paired with their un-mangled versions) I’d appreciate getting my hand on them to see if it is possible to write a Firefox add-on or proxy software that can strip the phorm tags back off the cookies thus rendering Phorm moot.

Another idea until there is a better solution to this might be for those of us in un-affected countries to run SSL proxies like Psiphon for people in the UK to tunnel through as that would (by my current understanding) encrypt the cookies (via the ssl tunnel) and thus make them invisible to the Phorm boxen.

addemdum — it seems (from the technical writeup mentioned in the Blue light Touchpaper Blog below) that even a simple proxy would work to bypass Phorm/WebWise as long as the proxy was not on port 80. For example, an open proxy on port 12000 or 443 or anything other then 80 would totally be ignored by Phorm/WebWise. Provided, of course, that the proxy was not on an infected (errrr, pardon me affected) ISP.

Thoughts and comments appreciated

addendum.. people in th UK on effected ISP’s may wish to consider using TOR and configure it to use non-UK exit nodes. not the best option and a little technical to set up (be sure to use torbutton and Privoxy). But possibly better then being tracked every step of the way. There is also I2P (I’ll provide a link when I can be sure I’m looking at the correct site.. their old URL seems defunct) but I that to be a bit bandwidth heavy. YMMV

Addendum 2 – I just downloaded technical documentation from the Blue Light Touchpaper Blog on Phorm. I’ll give it a read over and see if there are any new insights.

Blog at
Entries and comments feeds.

%d bloggers like this: