Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
One user's experience with the Internet Junkbuster

By PresJPolk in Culture
Thu Jun 08, 2000 at 12:52:18 AM EST
Tags: Software (all tags)
Software

Since KDE version 2 is now in testing to succeed KDE 1.1.2 as a leading Unix desktop, and Kuro5hin.org is planning to show ads, I thought I'd share my experience using the Internet Junkbuster HTTP proxy with a dial-up internet connection, and KDE 2's KPPP dialer.

Note that many of these apply to everyone, whether using KPPP or not. Your author therefore hopes that this can be useful to more than just KDE 2 beta testers.


Step 1 -- Go download the Internet Junkbuster in source form. Some binary packages do exist, but the Internet Junkbuster is not a large package, nor is it difficult to compile.

Step 2 -- Unpack the source archive, check that the Makefile is appropriately configured, and run "make" to compile the source. Read gpl.html in the source archive, and feel happy knowing the Internet Junkbuster is licensed with the GNU General Public License.

While waiting for the compile to finish, go for an interesting read about the Junkbusters Corporation itself. They are a corporation committed to helping people protect their privacy, and helping businesses respect consumers' privacy. Junkbusters targets all kinds of intrusive marketing, instead of just internet marketing. As an example, their Anti-telephone marketing script is full of information about already existing laws, passed to protect consumers from aggressive telephone marketing.

Note that your author has no connection with the Junkbusters Corporation, other than being a user of their software.

Step 3 -- Now that the compile is done, install the file "junkbuster" somewhere in the PATH, like "/usr/sbin".

Step 4 -- Write a set of configuration files for junkbuster. Your author keeps all of his junkbuster settings in "/home/neil/.junkbuster". Here are the files, to use as an example.

junkbuster.ini -- this controls general settings for the operation of the Internet Junkbuster

blockfile /home/neil/.junkbuster/block.ini
aclfile /home/neil/.junkbuster/access.ini
cookiefile /home/neil/.junkbuster/cookie.ini

listen-address localhost:6789

wafer WARNING=I hate cookies

user-agent junkbuster
referer @
from president@whitehouse.gov

access.ini -- this controls what IP addresses are allowed to use the proxy, and what IP addresses they are allowed to access through the proxy.

deny 0.0.0.0/0
permit localhost 0.0.0.0/0

cookie.ini -- this sets trusted hosts, to pass cookies to the browser. > before the hostname means that cookies are only passed to the server, not from the server.

slashdot.org
slashcode.com
www.fcmail.com
sourceforge.net
kuro5hin.org
>yahoo.com

block.ini -- This is the meat of the Internet Junkbuster: these hosts and paths are blocked. This is cut down from the whole blockfile for brevity; examples of Junkbuster blockfiles abound on the Internet.

www.ctc.123hostme.com
ads.1for1.com
www.adbucks.com
www.adclub.net
ads.admonitor.net
a8.g.akamaitech.net
ads.web.aol.com
view.avenuea.com
ads.belo.com
*.bfast.com
ad.blm.net
*.bottlerocket.com
adfu.blockstackers.com
www*.burstnet.com
as0.cybereps.com
*.doubleclick.net
www.eads.com
*.earthweb.com
*.flycast.com

*.*/adclick.html
*.*/adclick
*.*/ads
*.*/Ads
*.*/*/banners
*.*/BannerAds
*.*/banner1.gif
*.*/groupbanners.phtml
*.*/img/ads

# slashdot.org
209.207.224.220
*.*/cgi-bin/adlog.pl

Step 5 -- Now KPPP needs to be configured to run the proxy, when connected to the internet. When editing an account in KPPP, one of the configuration tabs is called "Execute." KPPP will run the programs you list there, at the times specified.

Where it says Upon Connect, write /usr/sbin/junkbuster /home/neil/.junkbuster/junkbuster.ini, making sure to use the paths to your copy of junkbuster, and your configuration files.

Where it says Before Disconnect, write killall junkbuster. Note that your author runs Slackware Linux 7, and killall on Linux kills processes by name. killall on other Unix systems kills all processes. Be careful, and substitute killall with a script where appropriate.

Step 6 -- All that is left, is to configure web browsers to use this new proxy. Netscape Navigator hides the proxy setup under the Advanced settings. Konqueror keeps the proxy configuration in the menu: Settings - Configure - Proxies.

That's all! Once the block file is mature, it suddenly becomes safe to press "Load all images" once in a while, because all the advertisements are blocked. Enjoy!

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Yahoo
o Slashdot
o Kuro5hin
o KDE
o Internet Junkbuster HTTP proxy
o Internet Junkbuster
o GNU
o General Public License
o Junkbuster s Corporation
o Anti-telep hone marketing script
o examples of Junkbuster blockfiles
o Also by PresJPolk


Display: Sort:
One user's experience with the Internet Junkbuster | 51 comments (51 topical, editorial, 0 hidden)
Nifty, but kppp is for wusses, ppp-... (2.00 / 1) (#11)
by feline on Wed Jun 07, 2000 at 05:42:34 PM EST

feline voted 1 on this story.

Nifty, but kppp is for wusses, ppp-go forever!
------------------------------------------

'Hello sir, you don't look like someone who satisfies his wife.'

cool.... (1.00 / 1) (#9)
by ishbak on Wed Jun 07, 2000 at 05:52:18 PM EST

ishbak voted 1 on this story.

cool.

Excellent. I can't believe how fast... (3.00 / 1) (#1)
by rusty on Wed Jun 07, 2000 at 05:53:39 PM EST

rusty voted 1 on this story.

Excellent. I can't believe how fast my request for a tutorial was fulfilled. Now, if anyone would like to make me a nice steak and cheese sandwich, I'd appreciate that, too. ;-)

____
Not the real rusty

Any K5er can read the FAQ and the j... (2.00 / 1) (#12)
by maynard on Wed Jun 07, 2000 at 06:00:26 PM EST

maynard voted -1 on this story.

Any K5er can read the FAQ and the junkbuster site and learn this for themselves.

Read The Proxies, a short crime thriller.

This isn't an experience. It's an N... (4.50 / 2) (#5)
by Velian on Wed Jun 07, 2000 at 06:12:43 PM EST

Velian voted 0 on this story.

This isn't an experience. It's an NHF. That is, a newbieized help file. Go submit this to linuxnewbie.org, where it belongs. :P

yes, we know most applications requ... (2.00 / 1) (#16)
by pilot on Wed Jun 07, 2000 at 06:13:37 PM EST

pilot voted -1 on this story.

yes, we know most applications require ./configure ; make ; make install to work.

Especially since K5 goes dot com :-... (1.00 / 1) (#18)
by new500 on Wed Jun 07, 2000 at 06:32:46 PM EST

new500 voted 1 on this story.

Especially since K5 goes dot com :-)
== Idle Random Thoughts. Usual disclaimers apply. ==

Seems relevant with the K5 ads comi... (2.00 / 1) (#19)
by Denor on Wed Jun 07, 2000 at 06:59:02 PM EST

Denor voted 1 on this story.

Seems relevant with the K5 ads coming up and all. Plus, I think the article mentioning K5, inc. specifically requested a Junkbuster HOWTO :)

-Denor


Internet Junkbuster is a good tool,... (2.50 / 2) (#20)
by Snomed on Wed Jun 07, 2000 at 07:44:06 PM EST

Snomed voted 1 on this story.

Internet Junkbuster is a good tool, but you have to keep feeding it URLs as you surf to new web sites. I used it for a while, then stopped because I kept having to feed it. I bit the bullet and started using IE. IE lets you turn off animations, so now I see banner ads but they don't flash annoyingly. I don't mind seeing the ads, but I can't stand seeing all the stupid little animated gifs. I also filled out the online forms Junkbuster provides to stop postal junk mail. Supposedly it takes about 6 - 9 months for the flood of junk mail to slow to a trickle. I'm still waiting, but they say it does work.
------------------

no feeding, just good regular expressions (5.00 / 1) (#43)
by Anonymous Hero on Sat Jun 10, 2000 at 10:18:53 AM EST

I managed to merge several blocklists and to get it working faster put regular expresssions on top. The only maintainance required is sometimes remove wrongly blocked url's. Almost no feeding of speciifc sites.

[ Parent ]
But how do you set it up to start f... (2.00 / 1) (#14)
by TheDude on Wed Jun 07, 2000 at 07:48:34 PM EST

TheDude voted 1 on this story.

But how do you set it up to start for DSL (constantly connected) users? Put it in the mozilla/netscape script?

--
TheDude of Smokedot
Drug Info, Rights, Laws, and Discussion
Visit #smokedot on irc.smokedot.org

Re: But how do you set it up to start f... (4.00 / 1) (#34)
by Imperator on Thu Jun 08, 2000 at 01:18:48 PM EST

/etc/rc.d/rc.local
or
/etc/init.d/rc.local
or
in an actual SysV initscript
or
the mozilla/netscape script
or
the initscript for networking
or
use a binary package (e.g. waldherr.org's one)

I think I'll write a real Junkbuster-HOWTO.

[ Parent ]

I'd normally vote no to a software ... (2.00 / 1) (#3)
by Nyarlathotep on Wed Jun 07, 2000 at 08:29:27 PM EST

Nyarlathotep voted 1 on this story.

I'd normally vote no to a software HOWTO, but HOWTO's for crypto/privacy things like PGP are importent so I vote yes to PGP and company. Junkbuster is not as importent as PGP, but I suppose Junkbuster is politically importent enough that I should vote for it too.
Campus Crusade for Cthulhu -- it found me!

To detailed. Needs to be in a How-T... (2.00 / 1) (#21)
by w1ldb1ll on Wed Jun 07, 2000 at 08:44:26 PM EST

w1ldb1ll voted -1 on this story.

To detailed. Needs to be in a How-To. Just the basic info would've been alright.

Re: To detailed. Needs to be in a How-T... (4.00 / 1) (#28)
by PresJPolk on Thu Jun 08, 2000 at 01:36:21 AM EST

Funny.. some people say I said too much, while others say I didn't include enough.

You can't please everybody... :-)

[ Parent ]
I suppose many people would say thi... (3.00 / 1) (#8)
by Netsnipe on Wed Jun 07, 2000 at 09:22:49 PM EST

Netsnipe voted 1 on this story.

I suppose many people would say this belongs on a self-help manual page and not on Kuro5hin, but to the uninitiated, this introduction is perfect for introducing newbies to Junkbuster and how it's used. I've never really bothered to look into the program itself, but this guide is certainly a good incentive. If only only it was more distro-neutral...

--
Andrew 'Netsnipe' Lau
Debian GNU/Linux Maintainer & Computer Science, UNSW

Re: I suppose many people would say thi... (none / 0) (#24)
by Pseudonymous Coward on Thu Jun 08, 2000 at 01:11:06 AM EST

If only only it was more distro-neutral...

Yes, that would be nice, but then it would read a little like the Junkbuster README, wouldn't it?

I do agree that "how to set up Junkbuster on my box using my favorite environment" (people use GUI PPP dialers? I guess if you don't want to leave the connection nailed up or if your gateway system is a your primary console?) is probably somewhat less helpful than more generic instructions, but for a reader starting with no information this is better than nothing at all.

[ Parent ]

Most of us can read the installatio... (2.00 / 1) (#15)
by Logan on Wed Jun 07, 2000 at 10:11:18 PM EST

Logan voted -1 on this story.

Most of us can read the installation instructions that come with the packages themselves. logan

You know I feel kinda guilty about ... (2.00 / 1) (#4)
by kraant on Wed Jun 07, 2000 at 10:12:42 PM EST

kraant voted 1 on this story.

You know I feel kinda guilty about voting this up since rusty pro'ly needs the capital from the ads but... :P
--
"kraant, open source guru" -- tumeric
Never In Our Names...

This is a very detailed write up, b... (2.00 / 1) (#13)
by Potsy on Wed Jun 07, 2000 at 10:12:52 PM EST

Potsy voted 0 on this story.

This is a very detailed write up, but unfortunately it only covers the installation procedure. I would much rather have a "one user's experience" story that covered the actual use of the Junkbuster proxy. How well does it work? What do web pages look like when it is turned on? Were there any long-term compatibility problems with KDE? (and so on...)

Still, it's an interesting story, but not particularly useful. I'd rather have a full review that covers everything from start to finish in a high-level fashion. This reads more like a "HOWTO" document.

Re: This is a very detailed write up, b... (5.00 / 1) (#35)
by JML on Thu Jun 08, 2000 at 03:10:38 PM EST

I have been using Junkbuster for several years now, and I often forget that there are ads on the web. Using it on a daily basis is easy, just point your browsers http: proxy setting at the machine and port running Junkbuster.

As I have been using it for so long I use my own blocklist and cookielist. Upon seeing an ad (this is for Netscape): Right click on the ad to find out the image name; then select View->Page Info; find the name of the image and add the machine name and path (or an appropriate regex) to the Junkbuster blockfile.

This might seem a bit involved, but on a dialup connection it can actually be faster than the amount of time it takes to download an animated gif.

Cookies are much more of a pain. The cookiefile works the opposite of the blockfile (which says block these sites). The cookiefile tells Junkbuster to let these sights set cookies. As well as for tracking users and what not, cookies have a variety of reasonable uses, so I am often willing to accept them in exchange for what the web site lets me do, such as customize the layout, add items to my shopping cart, buy stocks, etc.

When entering a page that might require cookies but the site is not yet in the cookiefile (again with Netscape): Go to Netscape Preferences and Advanced and select "Warn before accepting all cookies"; then set Netscape to not use the junkbuster proxy; then browse the site and as requests pop up to accept a cookie from www.foobar.com add that site to your cookiefile; turn off cookie warnings and renable Junkbuster.

The cookie stuff in Junkbuster is annoying to setup, which is why I can't wait for Mozilla to release as I really like the new cookie management in Mozilla. Upon a site first presenting a cookie it asks if you would like to accept cookies from that site now and in the future, so you can deny doubleclick, linkexchange, etc., but allow your online bank, Kuro5hin, etc. with a single click.

[ Parent ]
Why Mozilla's cookie management means the end of t (3.00 / 1) (#36)
by SgtPepper on Thu Jun 08, 2000 at 03:32:01 PM EST

but allow your online bank, Kuro5hin, etc. with a single click.
This, my friends, is the end of Mozilla!
one-click! cookie management will surely raise the ire of Amazon.com
They will sue Mozilla and force them to go work at Amazon making the Amazonian Browser.
( gotta love the themes for that one though! imagine Xena as your default startpage!)
Just watch yourselves
The above was a joke, if you don't get it, i'm not at fault

[ Parent ]
Useful stuff. But is it all in the... (2.00 / 1) (#2)
by hattig on Wed Jun 07, 2000 at 10:27:11 PM EST

hattig voted 1 on this story.

Useful stuff. But is it all in the manual?

Filtering proxies are nice to have.... (4.00 / 1) (#10)
by Fyndalf on Wed Jun 07, 2000 at 11:02:22 PM EST

Fyndalf voted 1 on this story.

Filtering proxies are nice to have. I especially like the Perl script I found for Squid that allows one to do similar things to Junkbuster but with the added benefit of the Squid caching proxy. Another nice thing about the Perl script is that you can replace the ads with whichever image you want, such as a 1x1 transparent GIF. You can find it here: http://www.taz.net.au/block/index.html Heh, I wonder if Rusty's potential advertisers will appreciate this being posted to the main page? Will it perhaps be removed? Will it ever get there? Hmm ...

http://www.waldherr.org/junkbuster/... (4.70 / 3) (#7)
by aiko on Wed Jun 07, 2000 at 11:16:45 PM EST

aiko voted 1 on this story.

http://www.waldherr.org/junkbuster/ houses a version which replaces images with a transparent gif (last time I checked, this wasn't available in the version at junkbusters.com). Very useful piece of software :)

Re: http://www.waldherr.org/junkbuster/... (none / 0) (#38)
by Anonymous Hero on Thu Jun 08, 2000 at 04:55:21 PM EST

...a version which replaces images with a transparent gif (last time I checked, this wasn't available in the version at junkbusters.com).

I don't think this will ever be an "official" feature. They're worried about companies suing them for copyright violations, i.e. "modifying" someone else's graphics. Refusing to load the graphics shouldn't be a problem, otherwise Lynx (or NS with images disabled) would be illegal :) - I doubt the transparent gif thing would cause legal problems, but they're staying on the safe side.

[ Parent ]

Transparent gif (none / 0) (#45)
by kmself on Sat Jun 10, 2000 at 02:48:41 PM EST

In the Debianized version of Junkbuster, the transparent gif isn't a default setting, but it is selectable within the primary config file. It's the tinygif=2 option.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Somebody with a little more time ma... (3.00 / 1) (#6)
by warpeightbot on Wed Jun 07, 2000 at 11:52:48 PM EST

warpeightbot voted 1 on this story.

Somebody with a little more time may want to 'splain how to do it with a hard-wired connection, but all in all good write-up...

Re: Somebody with a little more time ma... (4.50 / 2) (#23)
by Pseudonymous Coward on Thu Jun 08, 2000 at 01:04:17 AM EST

I was lucky, I set my Junkbuster up the easy way: apt-get install junkbuster

If you're not Debian-lucky, it still shouldn't be hard to cobble together an init.d script to have the proxy come up in your favorite runlevels. Poach a sample from one of the other daemons, and symlink it from wherever your rc scripts are. I vaguely remember doing something like that when I had it running on a Red Hat box of some kind.

Basically, ignore the bit about PPP and instead bring up the daemon on boot. Everything else is just about the same. Mine's chained with the household Squid (which also comes up on boot all by itself, bless apt-get and dpkg) as I described in another comment.

[ Parent ]

Wow I'm glad I'm on a mac - iCab ha... (4.00 / 1) (#17)
by abe1x on Thu Jun 08, 2000 at 12:28:04 AM EST

abe1x voted 1 on this story.

Wow I'm glad I'm on a mac - iCab has great ad and cookie filtering and can be set up in less time then it takes to read those installation instructions. On top of that its the most stable browser out there as well. Unfortunately the code is closed, but its all written by one person, so don't give up hope for a good browser for all those other OSes.

Can't say I have much to say about it all, don't even realize I'm filtering everything out now. Basically its all positive.

What about multiple browser users (5.00 / 1) (#31)
by hoss10 on Thu Jun 08, 2000 at 07:17:33 AM EST

With junkbusters your blocking preferences can be persistent between browsers. Which means I can still use IE, netscape, lynx. Even browsers on a different box (if you set up the proxy to accept from that IP aswell)

I suggest we patch mozilla to allow the (picture and cookie) blocking to write to the users junkbuster conf files. Apparently you can right click on a pic in mozilla and get it to block it (or the full domain?)

[ Parent ]

Here's a bit more. (5.00 / 3) (#22)
by Pseudonymous Coward on Thu Jun 08, 2000 at 12:55:01 AM EST

Sigh... it went up while I was voting, but here's my comment anyways

It might also be worthwhile to point folks at Stefan Waldherr's Junkbuster pages which have lots of helpful information on getting set up, offering a very good set of blocklist/imagelist and cookiefile, and even more helpful a Junkbuster + Squid Proxy Chain HOWTO which helps performance considerably. I set up my own personal 2 gig squid cache just to hang from my Junkbuster and I'm very happy with the configuration. I also put together a tremendously cheesy script to use whenever an ad slips by:

#!/bin/sh
echo $1 >> /etc/junkbuster/blocklist
echo $1 >> /etc/junkbuster/imagefile
/etc/init.d/junkbuster restart


Re: Here's a bit more. (5.00 / 1) (#29)
by Anonymous Hero on Thu Jun 08, 2000 at 01:49:00 AM EST

No need to restart - junkbuster is aware of config file mods.

Also, I do not understand why is it an issue just *when* to start junkbuster. Start it when you boot. I have it running in series with squid for ages.

The main issue is updating the block file - it took me some time to find good posted files, merge them and then add my stuff. Now I have an *excellent* block file. If only some web site outside of US/EU juristiction would offer to archive these, I would gladly submit mine.

[ Parent ]

Re: Here's a bit more. (3.00 / 1) (#30)
by PresJPolk on Thu Jun 08, 2000 at 03:12:02 AM EST

When I tried to start on boot, it didn't work.

I had to start it when I connected to my ISP.

Maybe I just missed something.. but KPPP makes it easy enough, that I don't have to worry about it. :-)

[ Parent ]
Re: Here's a bit more. (3.00 / 1) (#33)
by Pseudonymous Coward on Thu Jun 08, 2000 at 09:23:32 AM EST

No need to restart - junkbuster is aware of config file mods.

It checks every minute or so, but I've never been able to signal it (HUP) to reload the blocklist. And I like having the change in place immediately so that I can hit "Reload" in the browser right away and make sure my regexp was good.

You're right, though, it's not at all necessary to restart the proxy. It's just what I do.

[ Parent ]

Re-reading config files (none / 0) (#44)
by kmself on Sat Jun 10, 2000 at 02:45:59 PM EST

For blockfile and cookiefile, Junkbuster re-reads on any update. I'm not finding any time delay, IIRC it checks timestamp then re-reads the file if it's changed. This is on a Debian box with Junkbuster 2.0-7.1.

I'm also running Junkbuster at boot time on two systems, one with a static IP on a LAN, the other a dialup system.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Waldherr has his own version of the proxy too (4.00 / 1) (#32)
by Buck Satan on Thu Jun 08, 2000 at 08:15:15 AM EST

It is built on the Junkbuster code, but it will replace the stuff it removes with a 1x1 gif. He has all manner of packages for making your install go slick. I like his version better as it does not clutter up the page with broken images all over the place.

I think the best part of it is that he also has some scripts set up that you drop in cron.weekly and cron.monthly to update the blockfiles automagically. They work, and they work well. You need some other package that I can't remember off the top of my head, but just check rpmfind or the Lycos ftp search engine and you will run across it.

Also, it will work fine on a dialup account. It works great on my laptop which is changing IPs a few times a day as I transport it from place to place.



[ Parent ]
Anyone know if filtered ads count as "impress (3.00 / 1) (#25)
by abe1x on Thu Jun 08, 2000 at 01:15:40 AM EST

Always wondered if the ads that get filtered out get counted as impressions or not. Don't really know how Junkbuster, iCab, etc. work, nor do I know how the ad impressions are counted, does anyone have the answer?

Re: Anyone know if filtered ads count as "imp (3.50 / 2) (#26)
by PresJPolk on Thu Jun 08, 2000 at 01:31:11 AM EST

They can't be counted. When the proxy gets a request that's on the block list, it doesn't get the actual file requested, but instead returns its own little html, to let you know it was blocked.

[ Parent ]
I always wanted to make that change to junkbuster (4.00 / 1) (#41)
by forrest on Thu Jun 08, 2000 at 11:42:13 PM EST

I think it would be cool if, after rendering your page, junkbuster would then go back and get the ads and display them on /dev/null.

As long it remained a geeky subculture thing, and the banner ad sellers were none the wiser, it would help support the sites I frequent, without subjecting me to their ads.

Is anyone here familiar with the junkbuster source? How doable does that sound?

btw, the way I install junkbuster is

apt-get install junkbuster
... Debian sets it up as a daemon that comes up on boot, and I've never had any problems with it.

[ Parent ]
To answer the two most common questions: (3.00 / 1) (#27)
by PresJPolk on Thu Jun 08, 2000 at 01:34:56 AM EST

1) Yes, someone doing enough research and reading could find out all this stuff in the documentation, but I wrote this quick overview for convenience.

And besides, the Chairman asked for something like this, in the California Dreamin' post!

2) It's a lot easier if you have a static connection. Instead of starting junkbuster when you dial up, you get to start junkbuster in your startup scripts (probably rc.inet or runlevel 3, depending on what kind of startup system you have).

We Need a Script-Killer Proxy (4.00 / 1) (#37)
by Spiffy on Thu Jun 08, 2000 at 04:24:47 PM EST

The worst kind of ad-junk that JunkBuster can't filter is JavaScript. Ever been to a site that took over your browser and started displaying popup ads, even after you tried to leave? We need an enhancement to JunkBuster--or perhaps a whole new proxy--that will strip <script> tags from all HTML downloaded from any unauthorized site. The user would authorize a site to send scripts by adding the domain or page URL in a script.ini file. Is anyone working on this yet?

Re: We Need a Script-Killer Proxy (4.00 / 1) (#39)
by Anonymous Hero on Thu Jun 08, 2000 at 04:58:20 PM EST

Right now, the Junkbuster filters on URL only, not file content. This would be fairly hard to change (it would be a completely new feature anyway). A better solution would be to build this into browsers. A "security zones" feature like IE would work good in Mozilla. It would also be nice to have the ability to disable certain commands (i.e. "window.open"). Still, a proxy-based solution would be nice for people who don't want to switch browsers, or even for companies worried about Java(script) security.

[ Parent ]
Re: We Need a Script-Killer Proxy (5.00 / 1) (#42)
by dlc on Fri Jun 09, 2000 at 08:54:22 AM EST

    Ever been to a site that took over your browser and started displaying popup ads, even after you tried to leave?

Surf without JavaScript. After all the JavaScript-related security breaches pubilcized recently (mainly with IE and cookies, but also CERT's scripting advisories (here, here), you would think most people would have JavaScript turned off.

darren


(darren)
[ Parent ]

scripts can be nailed too (4.00 / 1) (#40)
by cs on Thu Jun 08, 2000 at 09:41:56 PM EST

Whether junkbuster does so or not, it's technically feasible. I maintain an ad buster myself:

http://www.zip.com.au/~cs/adzap/index.html

which kills popups and some other stuff.

Take note: mine just does ads and counters. Junkbuster can also kill cookies and stuff, so it's a better privacy tool in some ways. There's a comparison in the "Other Tools" section of that page.

Anyway, you nail popups by intercepting the popup's URL with a pop-down one. Etc etc.

Experience, comments, notes, alternatives (none / 0) (#46)
by kmself on Sat Jun 10, 2000 at 03:44:13 PM EST

Generally a good writeup, but more distro specific than it needs to be.

I'm running Junkbuster on two systems, both Debian. One is a dialup system, the other has a persistant LAN connection. In both cases, I run Junkbuster at boot time from an init.d script. It should not be necessary to restart Junkbuster as the network connection goes up and down -- it's merely a listening port on the one end (that your browser(s) connect to), forwarding to an outgoing network connection. The kppp configs mentioned simply puzzle me.

What the article shows but doesn't discuss is the particular strength of Junkbuster -- regular expression block patterns. I've got a file of 37 expressions which block virtually all my banner traffic (another 13 lines selectively allow banners and non :80 ports from specific sites). I'll post this elsewhere in this forum. For equivalent blocking power using specific URLs would require hundreds or thousands of lines, which gets to be difficult to maintain and track. Unintentional blocking is more likely the longer a list gets.

The other strength of Junkbuster is that it provides a single point of control which a number of clients can use. Most graphical browsers have a configuration option allowing specified use of a proxy. For text-mode browsers, the environment variable HTTP_PROXY (eg: HTTP_PROXY=http://localhost:5865/) is respected by lynx, w3m, and links. Junkbuster can also be a networked service -- remote hosts can be routed through a single host running Junkbuster. It can also be chained through squid, as I do, for improved caching performance.

Usage notes -- Junkbuster rocks! I don't see banners most places, though occasionally page layout makes clear where I'm "missing" something. Setting tinygif 2 gives you a "JunkBuster" image which will show you IJB is running. Pages load faster, life is good. Only possible downside -- MSNBC's site tends to get fscked up in a loop which generates ever-lengthening URLs. I'm not sure if this is a blockfile or a cookiefile option. I'll occasionally add a spoofed cookie for the site, and I believe this clears up the problem.

There is another alternative which you may feel is appropriate for network domains which are exceptionally eggregious in their anti-social behavior. Don Marti has posted a DNS hat trick which shields all hosts served by a given nameserver.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.

MSNBC (none / 0) (#48)
by rusty on Sat Jun 10, 2000 at 06:05:10 PM EST

It's a cookie thing. MSNBC's cookies are brutally evil. Try going there without junkbuster, and with cookie alerts turned on. If you refuse their cookies, they will just keep sending them. AFAICT, you can't get to the site without accepting cookies, or at least spoofing them. This is just stupid, and generally convinces me the MSNBC is not worth visiting.

____
Not the real rusty
[ Parent ]
Re: MSNBC (none / 0) (#49)
by kmself on Sun Jun 11, 2000 at 04:51:26 AM EST

That sort of makes sense. They send cookie, you refuse, they re-send. With Junkbuster and a cookie block, you're locked in a loop. Hmm.... Sounds like DDoS waiting to happen <g>

My solution is to bypass the proxy, allow the cookie, then edit all values (what is the fscking value for a cookie anyway) to '0', giving me a spoofed cookie. This, IIRC, seems to work, though I haven't tried going there for a while.

Cookies should die.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Re: MSNBC (none / 0) (#50)
by rusty on Sun Jun 11, 2000 at 04:12:18 PM EST

Cookies are useful. Sites that want to *require* cookies to operate at all, now those should die.

____
Not the real rusty
[ Parent ]
State data (none / 0) (#51)
by kmself on Mon Jun 12, 2000 at 08:13:13 PM EST

Let's submit that state data are useful, but that persistant state data should reside on a specific remote site; not on the user's system allowing exploitation by shared access from multiple sites.

What's required in this case is a strong, but selectable, authentication mechanism. I can authenticate myself to you, you provide my state. I choose which profile I wish to authenticate myself with (including, potentially, shared, spoofed, or randomly generated profiles), you provide the appropriate state.

I see an article in this, somehow....

$0.02, less in some markets.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Blockfile (none / 0) (#47)
by kmself on Sat Jun 10, 2000 at 03:49:18 PM EST

Below is my IJB blockfile. I'd like to suggest that others post in this thread if they wish to share patterns.

Two sites you may want to be particularly aware of: doubleclick.com and sonar.com are both part of the DoubleClick ad and user tracking empire.


# Block all ports
:
# ...except 80
~:80
~:8080
# ...and a few others
~pgp.ai.mit.edu:11371
~jse.stat.ncsu.edu:70
~charts-l.quote.com:443
~.nolo.com:8765
~.wustl.edu:8089
~.kub.nl:2080
~.kub.nl:4242

# /*.*/ad/*.*/
/*.*/adimages.go.com/
/*.*/ads.pl*.*
/*.*/ads/*.*
/ads/
/advert/
/adverts/
a32.g.a.yimg.com
ad*.flycast.com
ad.*.*
adforce.imgis.com
adremote.pathfinder.com
ads*.focalink.com
ads*.zdnet.com
ads.*.*
adserver.*.*
advertising.com
cgi.pathfinder.com/cgi-bin/time/ads
cnet.com/Ads
deja.com/gifs/promo/
doubleclick.net
gm.preferences.com
image.pathfinder.com/sponsors*/
images.inclusion.net/builder/ad.*
images.zdnet.com/adverts/
images2.nytimes.com/RealMedia/ads
linkexchange.com
netgravity3.economist.com/
sfgate.com/place-ads/
sonar.com
teknosurf*.com
view.avenuea.com/
web2.deja.com/ads/

# Allow all from...
~freshmeat.net
~linux.com
~ora.com
~slashdot.org

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.

One user's experience with the Internet Junkbuster | 51 comments (51 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!