From fk at fabiankeil.de  Thu May  1 11:54:32 2025
From: fk at fabiankeil.de (Fabian Keil)
Date: Thu, 1 May 2025 11:54:32 +0200
Subject: [Privoxy-users] Installation on Windows 11
In-Reply-To: <CAD8GWsvaBKcSAxib=T0iKgHOSnPV_deEhVPmmt10X8Xa5RJh_w@mail.gmail.com>
References: <1753d106-9cec-43f6-a21d-b6bf401faa67@parisse.eu>
 <20250425114010.45f1e943.fk@fabiankeil.de>
 <CAD8GWsvaBKcSAxib=T0iKgHOSnPV_deEhVPmmt10X8Xa5RJh_w@mail.gmail.com>
Message-ID: <20250501115432.6a3d846b.fk@fabiankeil.de>

Lee <ler762 at gmail.com> wrote on 2025-04-25 at 10:11:27:

> On Fri, Apr 25, 2025 at 5:41?AM Fabian Keil wrote:
> >
> > PARISSE Michel via Privoxy-users <privoxy-users at lists.privoxy.org> wrote on 2025-04-23 at 12:26:32:
 
> > > I suspect that running the installation of privoxy has to be run in
> > > administrator mode. If that is the case, could this be explicitly
> > > documented in the section on windows installation?
> 
> Do you have a Privoxy icon on the taskbar?  that right clicking gets
> you a menu showing
>   Exit Privoxy
>   Edit
>   Enable
>   Show Privoxy Window
> 
> I have a vague memory of installing privoxy as a service and that
> disabling or removing the privoxy taskbar icon.
> 
> Was this the bit you followed?
> 
>   After invoking Privoxy with --install
> 
> if so, don't do that.  You can end up with something that works, but
> that's about all I can say for it.
> 
> If you just double click on the installer it should ask where to install it
>   the default being  c:\program files (x86)\privoxy
> and it will create a shortcut for you in
>   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
> that will automatically start privoxy when you log in.

Does this then run Privoxy as the same user as the one that's logged in?

If I remember correctly the advantage of using the "--install" option
is that Privoxy can be executed by a dedicated user (with the downside
of not having the taskbar icon like you mentioned).

> > Lee, do you know what the oldest supported Windows version is?
> 
> Windows 10 support ends Oct 2025, so I suppose Windows 10 is the
> oldest supported version of Windows for another 6 months.
> 
> > I'm wondering if we still support versions that have no administrator
> > mode. The documentation (doc/source/supported.sgml) claims we do but
> > I suspect that it may be out of date.
> 
> The only windows machine I have is running windows 10.
> 
> https://cygwin.com/ has this bit:
>   The Cygwin DLL currently works with all recent, commercially
> released x86_64 versions of Windows, starting with Windows 8.1.
> 
> note the "released x86_64" .. 32 bit CPUs are not supported any more.
> And a bit further down
>   Cygwin 3.4.10 was the last Cygwin version supporting Windows 7,
> Windows 8, Windows Server 2008 R2 and Windows Server 2012.
> 
> So you can't use the currently supported cygwin to build privoxy for
> Windows 7, etc.  Which means using old software with known vulns :(

I wonder if there are still users building Privoxy on earlier
Windows releases.

In doc/source/supported.sgml, we don't explicitly list the supported
versions of other operating systems except for Mac OS X so maybe
we shouldn't do it for Windows either.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.privoxy.org/pipermail/privoxy-users/attachments/20250501/505d347a/attachment.bin>

From iansilvester at fastmail.fm  Thu May  1 14:39:16 2025
From: iansilvester at fastmail.fm (Ian Silvester)
Date: Thu, 01 May 2025 08:39:16 -0400
Subject: [Privoxy-users] Installation on Windows 11
In-Reply-To: <20250501115432.6a3d846b.fk@fabiankeil.de>
References: <1753d106-9cec-43f6-a21d-b6bf401faa67@parisse.eu>
 <20250425114010.45f1e943.fk@fabiankeil.de>
 <CAD8GWsvaBKcSAxib=T0iKgHOSnPV_deEhVPmmt10X8Xa5RJh_w@mail.gmail.com>
 <20250501115432.6a3d846b.fk@fabiankeil.de>
Message-ID: <65836154-962f-457c-8d70-61b4bf905a7c@app.fastmail.com>

My experience FWIW is that if I install as my daily driver account, even if that account has admin, upon reboot Privoxy throws an error that it cannot write to ./privoxy.log and dies. I find I have to use -install to avoid this issue. Same behaviour on Win 10 and 11.

Ian

On Thu, 1 May 2025, at 05:54, Fabian Keil via Privoxy-users wrote:
> Lee <ler762 at gmail.com> wrote on 2025-04-25 at 10:11:27:
>
>> On Fri, Apr 25, 2025 at 5:41?AM Fabian Keil wrote:
>> >
>> > PARISSE Michel via Privoxy-users <privoxy-users at lists.privoxy.org> wrote on 2025-04-23 at 12:26:32:
> 
>> > > I suspect that running the installation of privoxy has to be run in
>> > > administrator mode. If that is the case, could this be explicitly
>> > > documented in the section on windows installation?
>> 
>> Do you have a Privoxy icon on the taskbar?  that right clicking gets
>> you a menu showing
>>   Exit Privoxy
>>   Edit
>>   Enable
>>   Show Privoxy Window
>> 
>> I have a vague memory of installing privoxy as a service and that
>> disabling or removing the privoxy taskbar icon.
>> 
>> Was this the bit you followed?
>> 
>>   After invoking Privoxy with --install
>> 
>> if so, don't do that.  You can end up with something that works, but
>> that's about all I can say for it.
>> 
>> If you just double click on the installer it should ask where to install it
>>   the default being  c:\program files (x86)\privoxy
>> and it will create a shortcut for you in
>>   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
>> that will automatically start privoxy when you log in.
>
> Does this then run Privoxy as the same user as the one that's logged in?
>
> If I remember correctly the advantage of using the "--install" option
> is that Privoxy can be executed by a dedicated user (with the downside
> of not having the taskbar icon like you mentioned).
>
>> > Lee, do you know what the oldest supported Windows version is?
>> 
>> Windows 10 support ends Oct 2025, so I suppose Windows 10 is the
>> oldest supported version of Windows for another 6 months.
>> 
>> > I'm wondering if we still support versions that have no administrator
>> > mode. The documentation (doc/source/supported.sgml) claims we do but
>> > I suspect that it may be out of date.
>> 
>> The only windows machine I have is running windows 10.
>> 
>> https://cygwin.com/ has this bit:
>>   The Cygwin DLL currently works with all recent, commercially
>> released x86_64 versions of Windows, starting with Windows 8.1.
>> 
>> note the "released x86_64" .. 32 bit CPUs are not supported any more.
>> And a bit further down
>>   Cygwin 3.4.10 was the last Cygwin version supporting Windows 7,
>> Windows 8, Windows Server 2008 R2 and Windows Server 2012.
>> 
>> So you can't use the currently supported cygwin to build privoxy for
>> Windows 7, etc.  Which means using old software with known vulns :(
>
> I wonder if there are still users building Privoxy on earlier
> Windows releases.
>
> In doc/source/supported.sgml, we don't explicitly list the supported
> versions of other operating systems except for Mac OS X so maybe
> we shouldn't do it for Windows either.
>
> Fabian
>
> _______________________________________________
> Privoxy-users mailing list
> Privoxy-users at lists.privoxy.org
> https://lists.privoxy.org/mailman/listinfo/privoxy-users

From ler762 at gmail.com  Thu May  1 14:49:48 2025
From: ler762 at gmail.com (Lee)
Date: Thu, 1 May 2025 08:49:48 -0400
Subject: [Privoxy-users] Installation on Windows 11
In-Reply-To: <20250501115432.6a3d846b.fk@fabiankeil.de>
References: <1753d106-9cec-43f6-a21d-b6bf401faa67@parisse.eu>
 <20250425114010.45f1e943.fk@fabiankeil.de>
 <CAD8GWsvaBKcSAxib=T0iKgHOSnPV_deEhVPmmt10X8Xa5RJh_w@mail.gmail.com>
 <20250501115432.6a3d846b.fk@fabiankeil.de>
Message-ID: <CAD8GWssG3hLA7CEbnQEgquwm3QPhtmObr=PqPsSJ1qyek8gFFA@mail.gmail.com>

On Thu, May 1, 2025 at 5:55?AM Fabian Keil wrote:
>
> Lee wrote on 2025-04-25 at 10:11:27:
>
> > On Fri, Apr 25, 2025 at 5:41?AM Fabian Keil wrote:
> > >
> > > PARISSE Michel via Privoxy-users <privoxy-users at lists.privoxy.org> wrote on 2025-04-23 at 12:26:32:
>
> > > > I suspect that running the installation of privoxy has to be run in
> > > > administrator mode. If that is the case, could this be explicitly
> > > > documented in the section on windows installation?
> >
> > Do you have a Privoxy icon on the taskbar?  that right clicking gets
> > you a menu showing
> >   Exit Privoxy
> >   Edit
> >   Enable
> >   Show Privoxy Window
> >
> > I have a vague memory of installing privoxy as a service and that
> > disabling or removing the privoxy taskbar icon.
> >
> > Was this the bit you followed?
> >
> >   After invoking Privoxy with --install
> >
> > if so, don't do that.  You can end up with something that works, but
> > that's about all I can say for it.
> >
> > If you just double click on the installer it should ask where to install it
> >   the default being  c:\program files (x86)\privoxy
> > and it will create a shortcut for you in
> >   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
> > that will automatically start privoxy when you log in.
>
> Does this then run Privoxy as the same user as the one that's logged in?

Yes.
The advantage to running Privoxy under the same user being that it can
have the taskbar icon - so it's easier to stop or look at the log.
The disadvantages are mainly that you have to remember to tell privoxy
to quit before logging out and someone else logging in; if you forget
the new user gets an error popup about not being able to bind to
127.0.0.1:8118.  The other disadvantage being that there's no
priviledge separation .. privoxy is allowed to do whatever the logged
in user is allowed to do.

> If I remember correctly the advantage of using the "--install" option
> is that Privoxy can be executed by a dedicated user (with the downside
> of not having the taskbar icon like you mentioned).

Yes, that and not having the log browser window.  One could always
install perl but I don't know of a dos equivalent to 'tail -f'
I've had some version of cygwin installed since .. windows 95 maybe
even earlier, so perl, tail, etc. are all available if you've got
cygwin installed.  But that's a bit overkill if all one wants is to
look at the privoxy log.

> > > Lee, do you know what the oldest supported Windows version is?
> >
> > Windows 10 support ends Oct 2025, so I suppose Windows 10 is the
> > oldest supported version of Windows for another 6 months.
> >
> > > I'm wondering if we still support versions that have no administrator
> > > mode. The documentation (doc/source/supported.sgml) claims we do but
> > > I suspect that it may be out of date.
> >
> > The only windows machine I have is running windows 10.
> >
> > https://cygwin.com/ has this bit:
> >   The Cygwin DLL currently works with all recent, commercially
> > released x86_64 versions of Windows, starting with Windows 8.1.
> >
> > note the "released x86_64" .. 32 bit CPUs are not supported any more.
> > And a bit further down
> >   Cygwin 3.4.10 was the last Cygwin version supporting Windows 7,
> > Windows 8, Windows Server 2008 R2 and Windows Server 2012.
> >
> > So you can't use the currently supported cygwin to build privoxy for
> > Windows 7, etc.  Which means using old software with known vulns :(
>
> I wonder if there are still users building Privoxy on earlier
> Windows releases.

I kind of hope no, since everything earlier that windows 10 is
unsupported?  I'm not clear on what "pay for windows patches" gets you
these days.  My understanding was that companies could buy support for
windows 7 after the official end of support date.  But I don't know
how long that lasted.

> In doc/source/supported.sgml, we don't explicitly list the supported
> versions of other operating systems except for Mac OS X so maybe
> we shouldn't do it for Windows either.

I'm OK with it either way.

Lee

From ler762 at gmail.com  Thu May  1 15:05:48 2025
From: ler762 at gmail.com (Lee)
Date: Thu, 1 May 2025 09:05:48 -0400
Subject: [Privoxy-users] Installation on Windows 11
In-Reply-To: <65836154-962f-457c-8d70-61b4bf905a7c@app.fastmail.com>
References: <1753d106-9cec-43f6-a21d-b6bf401faa67@parisse.eu>
 <20250425114010.45f1e943.fk@fabiankeil.de>
 <CAD8GWsvaBKcSAxib=T0iKgHOSnPV_deEhVPmmt10X8Xa5RJh_w@mail.gmail.com>
 <20250501115432.6a3d846b.fk@fabiankeil.de>
 <65836154-962f-457c-8d70-61b4bf905a7c@app.fastmail.com>
Message-ID: <CAD8GWsucGExERv-NYzrb5ny+J+w_zQU2Y6q48zSwtKKdP4CYig@mail.gmail.com>

On Thu, May 1, 2025 at 8:39?AM Ian Silvester wrote:
>
> My experience FWIW is that if I install as my daily driver account, even if that account has admin, upon reboot Privoxy throws an error that it cannot write to ./privoxy.log and dies. I find I have to use -install to avoid this issue. Same behaviour on Win 10 and 11.

You probably took the default and installed Privoxy in "\Program files\Privoxy"
"c:\Program files" does not normally allow regular users to write to
anything there, so you can either
 a) do what I do and create a "c:\temp" that anyone can write to and
have privoxy logging set to "c:\temp\privoxy.log"
or
 b) modify file permissions on "c:\Program files\Privoxy" or
"c:\Program files\Privoxy\privoxy.log" to allow anyone to write there.
There's a FAQ for
  What to do if editing the config file of privoxy is access denied?
that's also applicable to the privoxy log file.

Lee

From iansilvester at fastmail.fm  Thu May  1 19:26:58 2025
From: iansilvester at fastmail.fm (Ian Silvester)
Date: Thu, 01 May 2025 13:26:58 -0400
Subject: [Privoxy-users] Installation on Windows 11
In-Reply-To: <CAD8GWsucGExERv-NYzrb5ny+J+w_zQU2Y6q48zSwtKKdP4CYig@mail.gmail.com>
References: <1753d106-9cec-43f6-a21d-b6bf401faa67@parisse.eu>
 <20250425114010.45f1e943.fk@fabiankeil.de>
 <CAD8GWsvaBKcSAxib=T0iKgHOSnPV_deEhVPmmt10X8Xa5RJh_w@mail.gmail.com>
 <20250501115432.6a3d846b.fk@fabiankeil.de>
 <65836154-962f-457c-8d70-61b4bf905a7c@app.fastmail.com>
 <CAD8GWsucGExERv-NYzrb5ny+J+w_zQU2Y6q48zSwtKKdP4CYig@mail.gmail.com>
Message-ID: <8eaf07f6-27cb-47fe-ae7f-5f834698f938@app.fastmail.com>



On Thu, 1 May 2025, at 09:05, Lee via Privoxy-users wrote:
> On Thu, May 1, 2025 at 8:39?AM Ian Silvester wrote:
>>
>> My experience FWIW is that if I install as my daily driver account, even if that account has admin, upon reboot Privoxy throws an error that it cannot write to ./privoxy.log and dies. I find I have to use -install to avoid this issue. Same behaviour on Win 10 and 11.
>
> You probably took the default and installed Privoxy in "\Program files\Privoxy"
> "c:\Program files" does not normally allow regular users to write to
> anything there, so you can either
>  a) do what I do and create a "c:\temp" that anyone can write to and
> have privoxy logging set to "c:\temp\privoxy.log"
> or
>  b) modify file permissions on "c:\Program files\Privoxy" or
> "c:\Program files\Privoxy\privoxy.log" to allow anyone to write there.
> There's a FAQ for
>   What to do if editing the config file of privoxy is access denied?
> that's also applicable to the privoxy log file.
>
> Lee
>

Yes quite. Couldn't you alter the installer to offer a default location to which the user does have write access? Or, if Windows doesn't allow that, include an explanation screen during install? I feel like the 'out of the box' experience should work without the user having to know this. 

Ian
_______________________________________________
> Privoxy-users mailing list
> Privoxy-users at lists.privoxy.org
> https://lists.privoxy.org/mailman/listinfo/privoxy-users

From ler762 at gmail.com  Fri May  2 12:52:11 2025
From: ler762 at gmail.com (Lee)
Date: Fri, 2 May 2025 06:52:11 -0400
Subject: [Privoxy-users] Installation on Windows 11
In-Reply-To: <8eaf07f6-27cb-47fe-ae7f-5f834698f938@app.fastmail.com>
References: <1753d106-9cec-43f6-a21d-b6bf401faa67@parisse.eu>
 <20250425114010.45f1e943.fk@fabiankeil.de>
 <CAD8GWsvaBKcSAxib=T0iKgHOSnPV_deEhVPmmt10X8Xa5RJh_w@mail.gmail.com>
 <20250501115432.6a3d846b.fk@fabiankeil.de>
 <65836154-962f-457c-8d70-61b4bf905a7c@app.fastmail.com>
 <CAD8GWsucGExERv-NYzrb5ny+J+w_zQU2Y6q48zSwtKKdP4CYig@mail.gmail.com>
 <8eaf07f6-27cb-47fe-ae7f-5f834698f938@app.fastmail.com>
Message-ID: <CAD8GWsvg6wZf0szTtD05t-DCMMFz5zpkRSnn14B_E_oJH29rTw@mail.gmail.com>

On Thu, May 1, 2025 at 1:27?PM Ian Silvester  wrote:
>
> On Thu, 1 May 2025, at 09:05, Lee via Privoxy-users wrote:
> > On Thu, May 1, 2025 at 8:39?AM Ian Silvester wrote:
> >>
> >> My experience FWIW is that if I install as my daily driver account, even if that account has admin,
> >> upon reboot Privoxy throws an error that it cannot write to ./privoxy.log and dies. I find I have to
> >> use -install to avoid this issue. Same behaviour on Win 10 and 11.
> >
> > You probably took the default and installed Privoxy in "\Program files\Privoxy"
> > "c:\Program files" does not normally allow regular users to write to
> > anything there, so you can either
> >  a) do what I do and create a "c:\temp" that anyone can write to and
> > have privoxy logging set to "c:\temp\privoxy.log"
> > or
> >  b) modify file permissions on "c:\Program files\Privoxy" or
> > "c:\Program files\Privoxy\privoxy.log" to allow anyone to write there.
> > There's a FAQ for
> >   What to do if editing the config file of privoxy is access denied?
> > that's also applicable to the privoxy log file.
> >
> > Lee
> >
>
> Yes quite. Couldn't you alter the installer to offer a default location to which the user
> does have write access?

I don't know if windows has a place for installing software that
anyone can write to.
I'm guessing it doesn't because ransomware or anything else could take
advantage and replace programs in the "anyone can write here"
directory.

There are per-user directories that could be used - but they are one
per user so if you had say 3 users you'd have to have 3 installs of
privoxy.  And 3 separate config, action, filter files, etc.
On the other hand, per-user directories would be great for the privoxy
log file.  Having a single log file that everyone can read is a
security issue .. which is why logging was defaulted to off ages ago??
The problem is how to tell privoxy where the per-user file is :(  I
suppose the easiest way would be to add a '--logdir' command line
option to specify the logdir - eg

C:\cygwin\home\Lee\t>args_mingw.exe a b --logdir %LOCALAPPDATA%\privoxy
argv[0]: args_mingw.exe
argv[1]: a
argv[2]: b
argv[3]: --logdir
argv[4]: C:\Users\Lee\AppData\Local\privoxy

I just tried changing the privoxy startup shortcut to have
   %APPDATA%\privoxy\config.txt
as the config file parameter.  And it works :)
... at least on my windows 10 machine

So there is an easy way to have a per-user config file.  The downside
being an "include <this> file in the config" directive was never
implemented, so we're back to maintaining a config file per user.

On the other hand, it's highly probably a '--logdir whatever' command
line parameter could be added and that would get
1) a per-user log file
2) that doesn't have the "anyone can look at it" security problem so
we could enable logging again
3) and that most users will forget about, fill up their hard drive if
logging is enabled and cause who-knows-what problems.
which takes care of .. 80% of the problem?

> Or, if Windows doesn't allow that, include an explanation
> screen during install?

Are you offering to write this?

You'll notice that I didn't actually explain anything in FAQ for how
to fix windows file permissions - just showed an example of how to
"use the windows equivalent of sudo" and an example of using icacls to
fix individual file permissions problems.  Cargo cult documentation at
it's finest :)

> I feel like the 'out of the box' experience should work without
> the user having to know this.

Are you offering?

I can take a look at adding a --logdir command line param - that seems
like something I can do.
Adding an include directive to the config file processing seems a bit
much for me :(
as does interpreting %evar% directives in the config file

and as we've already seen, I think explaining windows file permissions
to users is beyond me.

Regards,
Lee

From iansilvester at fastmail.fm  Sat May  3 04:14:24 2025
From: iansilvester at fastmail.fm (Ian Silvester)
Date: Fri, 02 May 2025 22:14:24 -0400
Subject: [Privoxy-users] Installation on Windows 11
In-Reply-To: <CAD8GWsvg6wZf0szTtD05t-DCMMFz5zpkRSnn14B_E_oJH29rTw@mail.gmail.com>
References: <1753d106-9cec-43f6-a21d-b6bf401faa67@parisse.eu>
 <20250425114010.45f1e943.fk@fabiankeil.de>
 <CAD8GWsvaBKcSAxib=T0iKgHOSnPV_deEhVPmmt10X8Xa5RJh_w@mail.gmail.com>
 <20250501115432.6a3d846b.fk@fabiankeil.de>
 <65836154-962f-457c-8d70-61b4bf905a7c@app.fastmail.com>
 <CAD8GWsucGExERv-NYzrb5ny+J+w_zQU2Y6q48zSwtKKdP4CYig@mail.gmail.com>
 <8eaf07f6-27cb-47fe-ae7f-5f834698f938@app.fastmail.com>
 <CAD8GWsvg6wZf0szTtD05t-DCMMFz5zpkRSnn14B_E_oJH29rTw@mail.gmail.com>
Message-ID: <96f304eb-6097-4274-984a-330820c4246d@app.fastmail.com>

Sure, I'm happy to come up with instructions, but I don't yet fully understand the problem. There are obviously many apps out there that run as admin (or at least not as the logged-in user) that display a tray icon. Is it a side-effect of Cygwin that the process has to run as the current user in order to display a tray icon?

If so, my opinion is as follows:

We offer two installation paths. For those who wish to run multiple users on the same machine and/or want a fire-and forget setup, we install with --install and don't worry about the lack of icon (I'd suggest such users won't miss it). For those who want the tray icon we offer instructions for granting the logged-in user read/write access to the install location. 

Thoughts? 


On Fri, 2 May 2025, at 06:52, Lee wrote:
> On Thu, May 1, 2025 at 1:27?PM Ian Silvester  wrote:
>>
>> On Thu, 1 May 2025, at 09:05, Lee via Privoxy-users wrote:
>> > On Thu, May 1, 2025 at 8:39?AM Ian Silvester wrote:
>> >>
>> >> My experience FWIW is that if I install as my daily driver account, even if that account has admin,
>> >> upon reboot Privoxy throws an error that it cannot write to ./privoxy.log and dies. I find I have to
>> >> use -install to avoid this issue. Same behaviour on Win 10 and 11.
>> >
>> > You probably took the default and installed Privoxy in "\Program files\Privoxy"
>> > "c:\Program files" does not normally allow regular users to write to
>> > anything there, so you can either
>> >  a) do what I do and create a "c:\temp" that anyone can write to and
>> > have privoxy logging set to "c:\temp\privoxy.log"
>> > or
>> >  b) modify file permissions on "c:\Program files\Privoxy" or
>> > "c:\Program files\Privoxy\privoxy.log" to allow anyone to write there.
>> > There's a FAQ for
>> >   What to do if editing the config file of privoxy is access denied?
>> > that's also applicable to the privoxy log file.
>> >
>> > Lee
>> >
>>
>> Yes quite. Couldn't you alter the installer to offer a default location to which the user
>> does have write access?
>
> I don't know if windows has a place for installing software that
> anyone can write to.
> I'm guessing it doesn't because ransomware or anything else could take
> advantage and replace programs in the "anyone can write here"
> directory.
>
> There are per-user directories that could be used - but they are one
> per user so if you had say 3 users you'd have to have 3 installs of
> privoxy.  And 3 separate config, action, filter files, etc.
> On the other hand, per-user directories would be great for the privoxy
> log file.  Having a single log file that everyone can read is a
> security issue .. which is why logging was defaulted to off ages ago??
> The problem is how to tell privoxy where the per-user file is :(  I
> suppose the easiest way would be to add a '--logdir' command line
> option to specify the logdir - eg
>
> C:\cygwin\home\Lee\t>args_mingw.exe a b --logdir %LOCALAPPDATA%\privoxy
> argv[0]: args_mingw.exe
> argv[1]: a
> argv[2]: b
> argv[3]: --logdir
> argv[4]: C:\Users\Lee\AppData\Local\privoxy
>
> I just tried changing the privoxy startup shortcut to have
>    %APPDATA%\privoxy\config.txt
> as the config file parameter.  And it works :)
> ... at least on my windows 10 machine
>
> So there is an easy way to have a per-user config file.  The downside
> being an "include <this> file in the config" directive was never
> implemented, so we're back to maintaining a config file per user.
>
> On the other hand, it's highly probably a '--logdir whatever' command
> line parameter could be added and that would get
> 1) a per-user log file
> 2) that doesn't have the "anyone can look at it" security problem so
> we could enable logging again
> 3) and that most users will forget about, fill up their hard drive if
> logging is enabled and cause who-knows-what problems.
> which takes care of .. 80% of the problem?
>
>> Or, if Windows doesn't allow that, include an explanation
>> screen during install?
>
> Are you offering to write this?
>
> You'll notice that I didn't actually explain anything in FAQ for how
> to fix windows file permissions - just showed an example of how to
> "use the windows equivalent of sudo" and an example of using icacls to
> fix individual file permissions problems.  Cargo cult documentation at
> it's finest :)
>
>> I feel like the 'out of the box' experience should work without
>> the user having to know this.
>
> Are you offering?
>
> I can take a look at adding a --logdir command line param - that seems
> like something I can do.
> Adding an include directive to the config file processing seems a bit
> much for me :(
> as does interpreting %evar% directives in the config file
>
> and as we've already seen, I think explaining windows file permissions
> to users is beyond me.
>
> Regards,
> Lee

From ler762 at gmail.com  Sat May  3 09:26:35 2025
From: ler762 at gmail.com (Lee)
Date: Sat, 3 May 2025 03:26:35 -0400
Subject: [Privoxy-users] Installation on Windows 11
In-Reply-To: <96f304eb-6097-4274-984a-330820c4246d@app.fastmail.com>
References: <1753d106-9cec-43f6-a21d-b6bf401faa67@parisse.eu>
 <20250425114010.45f1e943.fk@fabiankeil.de>
 <CAD8GWsvaBKcSAxib=T0iKgHOSnPV_deEhVPmmt10X8Xa5RJh_w@mail.gmail.com>
 <20250501115432.6a3d846b.fk@fabiankeil.de>
 <65836154-962f-457c-8d70-61b4bf905a7c@app.fastmail.com>
 <CAD8GWsucGExERv-NYzrb5ny+J+w_zQU2Y6q48zSwtKKdP4CYig@mail.gmail.com>
 <8eaf07f6-27cb-47fe-ae7f-5f834698f938@app.fastmail.com>
 <CAD8GWsvg6wZf0szTtD05t-DCMMFz5zpkRSnn14B_E_oJH29rTw@mail.gmail.com>
 <96f304eb-6097-4274-984a-330820c4246d@app.fastmail.com>
Message-ID: <CAD8GWsvxSi6kCJRz8NmCQgJojujwG0X3jscfRL-XT12JWK8sdQ@mail.gmail.com>

On Fri, May 2, 2025 at 10:14?PM Ian Silvester wrote:
>
> Sure, I'm happy to come up with instructions, but I don't yet fully understand the problem.

Take a look here:
  https://www.coretechnologies.com/blog/windows-services/interact-with-desktop/
which matches my recollection that windows xp allowed
privoxy-as-a-service to put an icon on the desktop to control privoxy
that broke in the next release - windows vista

and the more verbose but from a microsoft.com url
  https://answers.microsoft.com/en-us/windows/forum/all/allow-service-to-interact-with-desktop-greyed/4d83d7ff-6d1e-47ce-b79d-8fdb7fe04ad7
"On operating systems prior to Vista services ran in Session 0
alongside user applications and could easily interact with the
desktop, this was widely recognized as a rather serious security risk
so to mitigate this security risk Vista and later operating systems
isolate services in Session 0 and run applications in other sessions,
ergo as a rule services can no longer generally interact with the
desktop in the old fashioned manner, programmers must now use a
different method to have their services interact with users."

And a bit more searching gives
  https://learn.microsoft.com/en-us/answers/questions/27517/is-there-any-workaround-in-win10-to-allow-service
"Unfortunately, just as you found, Microsoft has fully disabled
Interactive Service Detection starting with Windows 10 Build 1803 and
Windows Server 2016 and 2019. Starting with these versions, access to
Session 0 is no longer possible.
There is no way to start the service now."

> There are obviously many apps out there that run as admin (or at least not as the logged-in user) that display a tray icon. Is it a side-effect of Cygwin that the process has to run as the current user in order to display a tray icon?

It seems to be a function of using Windows 10 Build 1803 or later.

>From a cmd.exe window (aka DOS prompt) you can run services.msc and
see all the services and their "Log on as" field.
I don't know that any of those services display a tray icon & if they
do, how they do it.

> If so, my opinion is as follows:
>
> We offer two installation paths. For those who wish to run multiple users on the same machine and/or want a fire-and forget setup, we install with --install and don't worry about the lack of icon (I'd suggest such users won't miss it).

I miss the icon to the point that I won't run privoxy as a service.  I
might very well be the only person that feels that way -- especially
considering that logging is turned off by default, but the ability to
double-click the icon to pop-up the log window is worth the hassle of
exiting privoxy before I log out / log in as a different user (ie.
switching between me as a normal user with no privs and me as The All
Powerful Administrator)

nit: how do those privoxy-as-a-service users look at the privoxy log?
I don't know of an equivalent to "tail -f" on windows

> For those who want the tray icon we offer instructions for granting the logged-in user read/write access to the install location.

Right - it probably would be nice to mention the problem + fix along
with the install doc instead of hidden in the faq.

I kind of like the idea of each user having their own private log file
that nobody else can look at (except maybe the admininstrator) but I
suspect there aren't all that many multi-user windows systems these
days.
In other words, I don't know how useful that feature would be..

> Thoughts?

I see windows as a dead end.  I really didn't like what seemed to be
the MS attitude that the machine I paid for was actually _their_
machine to do with what they will.
Windows 11 seems even worse, so I'm done with windows.  Maybe I'll
have to have something with windows on it later on, but once windows
10 goes end-of-life I'm going to see how living exclusively in linux
land works out.

Lee


>
>
> On Fri, 2 May 2025, at 06:52, Lee wrote:
> > On Thu, May 1, 2025 at 1:27?PM Ian Silvester  wrote:
> >>
> >> On Thu, 1 May 2025, at 09:05, Lee via Privoxy-users wrote:
> >> > On Thu, May 1, 2025 at 8:39?AM Ian Silvester wrote:
> >> >>
> >> >> My experience FWIW is that if I install as my daily driver account, even if that account has admin,
> >> >> upon reboot Privoxy throws an error that it cannot write to ./privoxy.log and dies. I find I have to
> >> >> use -install to avoid this issue. Same behaviour on Win 10 and 11.
> >> >
> >> > You probably took the default and installed Privoxy in "\Program files\Privoxy"
> >> > "c:\Program files" does not normally allow regular users to write to
> >> > anything there, so you can either
> >> >  a) do what I do and create a "c:\temp" that anyone can write to and
> >> > have privoxy logging set to "c:\temp\privoxy.log"
> >> > or
> >> >  b) modify file permissions on "c:\Program files\Privoxy" or
> >> > "c:\Program files\Privoxy\privoxy.log" to allow anyone to write there.
> >> > There's a FAQ for
> >> >   What to do if editing the config file of privoxy is access denied?
> >> > that's also applicable to the privoxy log file.
> >> >
> >> > Lee
> >> >
> >>
> >> Yes quite. Couldn't you alter the installer to offer a default location to which the user
> >> does have write access?
> >
> > I don't know if windows has a place for installing software that
> > anyone can write to.
> > I'm guessing it doesn't because ransomware or anything else could take
> > advantage and replace programs in the "anyone can write here"
> > directory.
> >
> > There are per-user directories that could be used - but they are one
> > per user so if you had say 3 users you'd have to have 3 installs of
> > privoxy.  And 3 separate config, action, filter files, etc.
> > On the other hand, per-user directories would be great for the privoxy
> > log file.  Having a single log file that everyone can read is a
> > security issue .. which is why logging was defaulted to off ages ago??
> > The problem is how to tell privoxy where the per-user file is :(  I
> > suppose the easiest way would be to add a '--logdir' command line
> > option to specify the logdir - eg
> >
> > C:\cygwin\home\Lee\t>args_mingw.exe a b --logdir %LOCALAPPDATA%\privoxy
> > argv[0]: args_mingw.exe
> > argv[1]: a
> > argv[2]: b
> > argv[3]: --logdir
> > argv[4]: C:\Users\Lee\AppData\Local\privoxy
> >
> > I just tried changing the privoxy startup shortcut to have
> >    %APPDATA%\privoxy\config.txt
> > as the config file parameter.  And it works :)
> > ... at least on my windows 10 machine
> >
> > So there is an easy way to have a per-user config file.  The downside
> > being an "include <this> file in the config" directive was never
> > implemented, so we're back to maintaining a config file per user.
> >
> > On the other hand, it's highly probably a '--logdir whatever' command
> > line parameter could be added and that would get
> > 1) a per-user log file
> > 2) that doesn't have the "anyone can look at it" security problem so
> > we could enable logging again
> > 3) and that most users will forget about, fill up their hard drive if
> > logging is enabled and cause who-knows-what problems.
> > which takes care of .. 80% of the problem?
> >
> >> Or, if Windows doesn't allow that, include an explanation
> >> screen during install?
> >
> > Are you offering to write this?
> >
> > You'll notice that I didn't actually explain anything in FAQ for how
> > to fix windows file permissions - just showed an example of how to
> > "use the windows equivalent of sudo" and an example of using icacls to
> > fix individual file permissions problems.  Cargo cult documentation at
> > it's finest :)
> >
> >> I feel like the 'out of the box' experience should work without
> >> the user having to know this.
> >
> > Are you offering?
> >
> > I can take a look at adding a --logdir command line param - that seems
> > like something I can do.
> > Adding an include directive to the config file processing seems a bit
> > much for me :(
> > as does interpreting %evar% directives in the config file
> >
> > and as we've already seen, I think explaining windows file permissions
> > to users is beyond me.
> >
> > Regards,
> > Lee