Install Privoxy on Raspberry PI for Kid Safe Browsing

Posted on 20th September 202016th September 2022 by peppe8o

With smart devices becoming familiar also to very young people, kids are going to be more and more exposed to web content. Unfortunately, the web also become populated by people with rather questionable purposes.

This means that controlling home devices and defending them from accessing dangerous sites is a must for parents all over the world.

An additional desirable service is also protecting kids from unwanted advertisements which can include paid services.

With this in mind, Raspberry PI offers a fantastic opportunity because it can provide powerful proxying services with filtering capabilities.

In this tutorial, I’m going to show you how to setup Privoxy in a very cheap Raspberry PI Zero W board. This guide will work also with newer Raspberry PI boards with the same steps.

Follow peppe8o posts on -> Twitter

What is Privoxy

Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Can be used both for single device protection (by installing it on the device you want to protect) and network protection (by configuring network devices to use the Privoxy server as proxy).

Privoxy is Free Software and licensed under the GNU GPLv2.

According to Privoxy introduction page, in addition to the core features (ad blocking and cookie management), it provides many advanced features:

Supports “Connection: keep-alive”. Outgoing connections can be kept alive independently from the client.
Supports IPv6, provided the operating system does so too, and the configure script detects it.
Supports tagging which allows changing the behaviour based on client and server headers.
Can be run as an “intercepting” proxy, which obviates the need to configure browsers individually.
Sophisticated actions and filters for manipulating both server and client headers.
Can be chained with other proxies.
Integrated browser-based configuration and control utility at http://config.privoxy.org/ (shortcut: http://p.p/). Browser-based tracing of rule and filter effects. Remote toggling.
Web page filtering (text replacements, removing banners based on size, invisible “web-bugs” and HTML annoyances, etc.)
Modularized configuration that allows for standard settings and user settings to reside in separate files, so that installing updated actions files won’t overwrite individual user settings.
Support for Perl Compatible Regular Expressions in the configuration files, and more sophisticated and flexible configuration syntax.
GIF de-animation.
Bypass many click-tracking scripts (avoids script redirection).
User-customizable HTML templates for most proxy-generated pages (e.g. “blocked” page).
Auto-detection and re-reading of config file changes.
Most features are controllable on a per-site or per-location basis.
Many smaller new features added, limitations and bugs removed.

What We Need

As usual, I suggest adding from now to your favourite e-commerce shopping cart all needed hardware, so that at the end you will be able to evaluate overall costs and decide if continue with the project or remove them from the shopping cart. So, hardware will be only:

Raspberry PI Zero W (including proper power supply or using a smartphone micro USB charger with at least 3A) or newer Raspberry PI Board
high speed micro SD card (at least 16 GB, at least class 10)

Check hardware prices with the following links:

Step-by-Step Procedure

Prepare Operating System

Start preparing your environment by installing Raspberry PI OS Lite. This procedure will, however, work also with Raspberry PI OS Desktop, but provides fewer performances (because of the resources load required to run the desktop environment).

Make your OS up to date. From Raspberry PI terminal:

sudo apt update
sudo apt upgrade

Install Privoxy

Raspberry PI OS has Debian under its hood. The aptitude package manager strongly simplifies Privoxy installation. From terminal:

sudo apt install privoxy

Privoxy installation will include also a settings folder available in /etc/privoxy/.

To use very basic protection, edit Privoxy configuration to set which PI port will be used for client incoming connections:

sudo nano /etc/privoxy/config

Identify “listen-address 127.0.0.1:8118” row and change it with your Raspberry PI IP address, followed by “:8118”. In my case, my RPI IS is 192.168.1.78, so my configuration will be

listen-address 192.168.1.78:8118

Close and save the file. Restart privoxy service:

sudo systemctl restart privoxy.service

Configure Browser Proxy Settings

This section varies depending on the used browser. So, you may be required to check your browser docs if you don’t know how to set up proxy configs.

With Mozilla Firefox, for example, go to Settings -> General Tab -> Network Settings section -> (use button “Settings”). In the next screen, configure the following parameters:

1. Set “Manual proxy configuration” option
2. use your Raspberry PI IP address for “HTTP Proxy” parameter
3. use “8118” in port parameter
4. Set “Also use this proxy for FTP and HTTP” to extend Privoxy usage also with different internet protocols

You can also apply proxy system-wide (for all browsers). Also, this depends on your device. For windows computers, go to Internet Options -> Connections tab -> (use button LAN Settings).

Mark “Use a proxy server for your LAN (…)” option and use the Raspberry PI IP address for “Address” field and “8118” for the port field. Then click “Ok” button.

From here, you can start navigating safely with default Privoxy shields.

Additional Useful Configurations

Config File

As said, the main configuration file is “/etc/privoxy/config”.

In this file, configuration lines consist of an initial keyword followed by its value(s), all separated by whitespace. For example:

confdir /etc/privoxy

Sets “confdir” parameter to “/etc/privoxy” value.

Excluding confdir and logdir, all other parameters are optional (with the meaning that they use their default if not explicitly set). The main config file controls Privoxy’s service operations that are not location-dependent (no matter where you may be surfing).

Action FIle

The actions files are used to define Privoxy tasks executed against URLs, Some examples can be images and http content handling both in general dropped URLs and specifically explicit URLs.

Combining actions will result in complex and advanced effects against a given URL set.

Filter File

Privoxy filters give options to manipulate page parts before entering under Action rules. Common tasks for content filters are eliminating common annoyances in HTML and JavaScript (like pop-up windows, exit consoles and crippled windows without navigation tools).

Multiple filter files can be defined through the filterfile config directive. The filters as supplied by the developers are located in default.filter. It is recommended that any locally defined or modified filters go in a separately defined file such as user.filter.

Substitutions are made at the source level, so if you want to “roll your own” filters, you should first be familiar with HTML syntax, and, of course, regular expressions.

Filter definitions start with a header line that contains the filter type, the filter name and the filter description. A content filter header line for a filter called “foo” could look like this:

FILTER: foo Replace all "foo" with "bar"

Below that line, and up to the next header line, come the jobs that define what text replacements the filter executes. They are specified in a syntax that imitates Perl’s s/// operator. If you are familiar with Perl, you will find this to be quite intuitive and may want to look at the PCRS documentation for the differences in Perl behaviour.

Working With Other Proxies (parent proxy)

This can be done and is often useful to combine the benefits of Privoxy with those of another proxy. To do this, you need to understand your proxy chain and setup parts accordingly.

An example can be using Squid (which listens, by default, on 3128 port). In this case, the proxy chain will be the following:

In this example, Privoxy needs to be configured to forward its http requests to Squid host proxy on port 3128. Supposing squid running on the same device, Privoxy will forward to port 3128 on the same host (127.0.0.1) and its config file will be set with the following parameter:

forward / 127.0.0.1:3128

If you want to use Privoxy with TOR (The Onion Routers) to improve anonymity, you need to consider that TOR implements a socks5 proxy and uses 9050 port by default. In this scenario, the proxy chain will be:

This time, Privoxy needs to know that its follower in the chain is a socks5 proxy which listens on 9050 port. Again, supposing that TOR is running on the same host, the Privoxy config file will be configured including the following line (including last dot):

forward-socks5t / 127.0.0.1:9050 .

Enjoy!