[Privoxy-users] Privoxy MacPorts Port with HTTPS Inspection

Thu Nov 11 09:43:00 UTC 2021

Steven Smith <steve.t.smith at gmail.com> wrote on 2021-10-14:

> I have a PR that builds and configures privoxy’s HTTPS
> inspection. Comments and feedback welcome:
> 
> https://github.com/macports/macports-ports/pull/12506

That's great.

Please excuse the delayed response.

A few comments below after briefly looking at:
https://github.com/macports/macports-ports/pull/12506/commits/9730efc6f43ab6248de1ffacb3fc3499ed173663

| homepage            http://www.privoxy.org/
| -master_sites        sourceforge:project/ijbswa/Sources/${version}%20%28stable%29
| +master_sites        ${homepage}/sf-download-mirror/Sources/${version}%20%28stable%29

Could homepage be changed to https or would this cause
problems when fetching the sources?

| -#connection-sharing 1
| +connection-sharing 1

Quoting the documentation:
| This option should only be used by experienced users who
| understand the risks and can weight them against the benefits.

I would not recommend enabling it by default.

| -#enable-compression 1
| +enable-compression 1

Quoting the documentation:

| Compressing buffered content is mainly useful if Privoxy and
| the client are running on different systems. If they are running
| on the same system, enabling compression is likely to slow things down.
| If you didn't measure otherwise, you should assume that it does and
| keep this option disabled.

I suspect that most MacPorts users are running Privoxy
on the same system as the browser so I would not recommend
enabling it by default either.

| +# User-Agent
| +# See http://www.christianschenk.org/blog/enhancing-your-privacy-using-squid-and-privoxy/
| +{ \
| ++hide-referrer{conditional-forge} \
| ++hide-user-agent{Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1 Safari/605.1.15} \
| +}
| +/ # Match all URLs

Is that a User-Agent actually commonly used?

| +# No HTTPS Inspection on these websites
| +{-https-inspection}
| [...]

A comment justifying these exceptions might be useful.

Also you may want to add regression tests so you and
users of the port can use Privoxy-Regression-Test to
automatically check if they are applied as intended
and don't conflict with other changes.

I'm not familiar with adblock2privoxy so I don't know
whether or not using it is a good idea.

I did not look at the certificate generation at all
due to lack of time.

My impression is that the Privoxy tools are not installed.
Is that because they add dependencies?

I'm obviously somewhat biased but I consider them useful
and the FreeBSD port (which I maintain) installs them by
default but has an option for users who don't want them.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.privoxy.org/pipermail/privoxy-users/attachments/20211111/f6fce5d5/attachment.bin>