Instead of doing my graph algorithms coursework like I'm supposed to, I ended up today trying to insert Privoxy (a privacy web content filter) into the encrypted HTTPS connections that Google and Facebook et al now enforce and you can't disable. I run Privoxy on all HTTP going in and out of the house as a matter of course to eliminate a lot of the shite which gets sent to you as part of trying to browse the modern web, but it can only do unencrypted HTTP, and Google and Facebook install a big chunk of tracking stuff into your browser every time you visit (never mind pushing ads and other intrusions at you). I wanted to see if I could nail the HTTPS bypass shut.
It turns out it isn't quite yet possible, but it's very nearly there. Very new versions of the Squid caching proxy can man-in-the-middle intercept and cache encrypted HTTPS connections now, but currently Privoxy can't be used as an ICAP intermediate HTTP filter (I added a feature request to Privoxy's tracker, it ought to be trivial for them to add support) so there is no way presently to stick Privoxy in between the two encrypted connections in Squid. But it sure is getting an awful lot closer, and an open source solution can now provide - for free - what off the shelf HTTPS intercept boxes costing $20k + have provided for years now. Except we can now intercept encrypted content to serve our needs rather than other people's who don't have exactly our best interests in mind :)
#privoxy #privacy #squid #proxyserver