Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > alt.comp.software.firefox > #14299 > unrolled thread

Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)?

Back to article view | Back to alt.comp.software.firefox

Contents

  Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-07-26 05:52 +0000
    Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Xavier M <xmendizabal@euskaltel.com> - 2025-07-26 08:29 +0200
      Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-07-26 20:47 +0000
    Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Computer Nerd Kev <not@telling.you.invalid> - 2025-07-26 17:56 +1000
      Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-07-26 17:27 +0000
        Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-07-27 07:05 +0000
          Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-07-27 11:02 +0000
    Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Kyonshi <gmkeros@gmail.com> - 2025-07-26 15:49 +0200
      Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? "s|b" <me@privacy.invalid> - 2025-07-26 16:20 +0200
        Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Kyonshi <gmkeros@gmail.com> - 2025-07-26 17:07 +0200
          Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Randy Jones <randolphJones@randyjones.com> - 2025-07-26 19:06 +0200
            Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-07-28 19:39 +0000
              Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-07-29 22:41 +0000
                Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Nobody <jock@soccer.com> - 2025-07-29 18:41 -0700
                  Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-07-30 01:58 +0000
                    Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Frank Miller <miller@posteo.ee> - 2025-07-30 04:03 +0200
                      Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-07-30 07:03 +0000
                        Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-02 17:58 +0000
                        Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Mike Easter <MikeE@ster.invalid> - 2025-08-07 11:12 -0700
                          Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Mike Easter <MikeE@ster.invalid> - 2025-08-07 11:34 -0700
                            Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-07 20:46 +0000
                          Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Mike Easter <MikeE@ster.invalid> - 2025-08-07 13:09 -0700
                            Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-07 21:09 +0000
                          Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-07 20:21 +0000
                            Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Mike Easter <MikeE@ster.invalid> - 2025-08-07 15:08 -0700
                              Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-09 21:37 +0000
                        Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? "s|b" <me@privacy.invalid> - 2025-08-08 15:56 +0200
                          Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-09 02:54 +0000
                    Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Nobody <jock@soccer.com> - 2025-07-29 19:13 -0700
                      Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-07-30 06:59 +0000
                        Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-02 17:58 +0000
                          Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-07 03:50 +0000
                            Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? "s|b" <me@privacy.invalid> - 2025-08-08 15:50 +0200
                              Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-08 14:11 +0000
                                Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? "s|b" <me@privacy.invalid> - 2025-08-08 16:56 +0200
                                  Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-09 01:45 +0000
                                    Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? "s|b" <me@privacy.invalid> - 2025-08-09 12:28 +0200
                                      Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Andy Burns <usenet@andyburns.uk> - 2025-08-09 11:49 +0100
                                        Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-09 19:28 +0000
                                          Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-12 20:14 +0000
                                            Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? "s|b" <me@privacy.invalid> - 2025-08-13 20:40 +0200
                                              Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-14 17:39 +0000
                                                Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-18 00:22 +0000
                                                  Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Andy Burns <usenet@andyburns.uk> - 2025-08-18 07:04 +0100
                                                    Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-18 17:01 +0000
                                                      Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Andy Burns <usenet@andyburns.uk> - 2025-08-18 18:13 +0100
                                                        Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-18 18:23 +0000
                                                          Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-19 10:41 +0000
                                                  Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-18 16:43 +0000
                                                    Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-19 15:18 +0000
                                                      Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-20 19:14 +0000
                                                        Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-21 04:14 +0000
                                                          Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-22 09:46 +0000
                                                            Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-08-23 17:14 +0000
                                                        Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Mike Easter <MikeE@ster.invalid> - 2025-08-29 16:46 -0700
                                                          Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Mike Easter <MikeE@ster.invalid> - 2025-08-29 16:58 -0700
                                                          Re: Is there a de-mozzilla'd FIrefox (similar to degoogled chromium)? Marion <marion@facts.com> - 2025-09-02 04:02 +0000

Page 3 of 3 — ← Prev page 1 2 [3]

#14483

On Tue, 12 Aug 2025 20:14:06 -0000 (UTC), Marion wrote:

> In summary, we're pretty close to making a DIY browser, in both 
> Mozilla-land and Chromium land, that is distinct from the mothership 
> browser in terms of inherent privacy as tested against privacy test sites.

FYI <https://amiunique.org/> is up again.

-- 
s|b

[toc] | [prev] | [next] | [standalone]

#14495

On Wed, 13 Aug 2025 20:40:05 +0200, s|b wrote :


>> In summary, we're pretty close to making a DIY browser, in both 
>> Mozilla-land and Chromium land, that is distinct from the mothership 
>> browser in terms of inherent privacy as tested against privacy test sites.
> 
> FYI <https://amiunique.org/> is up again.

Thanks you for your persistence as that's the only way to make progress!

I've been testing the DIY privacy browser for, oh, maybe a couple weeks
now, where what I do is turn off all the extensions save for one, and then
I run it through a whole suite of privacy checks with & without extensions.

It takes a lot of time & effort so I needed a way to make it quicker, 
where one way to remove & add extensions is to use the unpacked folders.

Since I'm constantly turning extensions on and off repeatedly, I needed an
extension manager, of which there are many, but we want consistency with
the Chromium-based & Mozilla-based privacy browsers, so I opted for 
Extension Manager by HongYuanCao for Mozilla-based browsers:
 <https://addons.mozilla.org/en-US/firefox/addon/extensions-manager/>
Extension Manager by HongYuanCao for Chromium-based browsers:
 <https://chromewebstore.google.com/detail/extension-manager/gjldcdngmdknpinoemndlidpcabkggco>

Other extension managers are more powerful, but being both simple and
consistent between browsers is a huge value in and of itself for EMs.

Back to your point about all these privacy extensions potentially making us
unique, it's OK to be unique - as long as EVERY visit is unique in itself.

Hence, we need to make multiple runs at the https://amiunique.org/ site.
Also, it appears that we may need to wipe out cookies, but luckily the
browser extensions I've added do wipe out the cookies between tabs.

This is needed because the https://amiunique.org/ site says this
just below the purple-hued "See my fingerprint" button.
   "we will collect your browser fingerprint 
    and we will put a cookie on your browser 
    for a period of 4 months."

When I first pressed the "See my fingerprint" button, I was unique at
"All Time"  
"Are you unique ?"  
"Yes!"  
"You are unique among the 4208682 fingerprints in our entire dataset."

Wiping out cookies and switching the VPN IP, doing it again, it says  
"All Time"  
"Are you unique ?" 
"Yes!" 
"You are unique among the 4208709 fingerprints in our entire dataset."

Trying it again an hour later with a different VPN, I'm again unique.  
"All Time"  
"Are you unique ?"  
"Yes!"
"You are unique among the 4208916 fingerprints in our entire dataset."

Hmmm... Andy said he's always unique & he's not running a privacy browser.
What do you think these results are actually telling us about the browser?

Could it be it's unique more than once without changing anything but IP?
Is there a way to get a single number for entropy so I can compare them?

I think I remember https://coveryourtracks.eff.org/ used to give entropy,
(e.g., at 0 bits everyone looks the same, but 20 bits is 1 in a million).

I couldn't get a single entropy number. Just an entropy for each category.
But it does say, near the top for "Protecting you from fingerprinting?"
 "Your browser has a randomized fingerprint"

[toc] | [prev] | [next] | [standalone]

#14535

On Tue, 12 Aug 2025 20:13:42 -0000 (UTC), Marion wrote :


> Meanwhile, I've been testing the VPN extensions which passed the initial
> tests, where my fungible test-rating system puts them in this order:
>  browsec
>  1clickvpn
>  1vpn
>  vpnly
>  xvpn
>  securefreeedgevpn
>  setupvpn
> 
> Bearing in mind these all failed the most basic initial VPN tests.
>  hotspotshieldvpn
>  itopvpn
>  protonvpn
>  urbanvpn
>  hidemevpn
>  hiddenbatvpn
>  tunnelbearvpn
>  windscribevpn

UPDATE:

I ditched the VPN extensions in order to test a SOCKS5 proxy tunnel.
  browsec  ==> the best, but it slows down drastically in a week
  1clickvpn ==> seems to slow down drastically in just days
  1vpn ==> seems to slow down drastically in just days
  vpnly ==> seems to slow down drastically in just days
  xvpn ==> seems to slow down drastically in just days
  securefreeedgevpn ==> seems to slow down drastically in just days
  setupvpn ==> seems to slow down drastically in just days
  hoxx ==> seems to slow down drastically in just days

  hotspotshieldvpn ==> fails the initial VPN extension test conditions
  itopvpn ==> fails the initial VPN extension test conditions
  protonvpn ==> fails the initial VPN extension test conditions
  urbanvpn ==> fails the initial VPN extension test conditions
  hidemevpn ==> fails the initial VPN extension test conditions
  hiddenbatvpn ==> fails the initial VPN extension test conditions
  tunnelbearvpn ==> fails the initial VPN extension test conditions
  windscribevpnv ==> fails the initial VPN extension test conditions

Bad news. Very bad news. All the VPN extensions slow down tremendously, it
seems, within a few days of using them. So I tried something else that is
free, login free and hopefully, much faster than VPN extensions are.
  a. Psiphon (Socks5 proxy)
  b. Freecap (Socks5 redirector)
  c. Any browser (with a score of privacy extensions)

A. Psiphon is not a traditional VPN but rather a circumvention tool that
uses a mix of VPN, SSH, and HTTP proxy technologies to bypass censorship. 

B. Freecap (or Proxifier) is used to route app traffic (such as that of a
browser) through a SOCKS5 proxy to achieve selective traffic tunneling.

C. Any Browser + Privacy Extensions for fingerprinting and tracking
protection.

I also uninstalled NoScript as it was a royal pita to manage.
I also removed the non-privacy extension disablehtml5autoplay.

Here's what I'm currently testing (where IP obfuscation & speed are key).
 Psiphon + Freecap + Any privacy browser + privacy extensions

https://psiphon.ca/
 Name: psiphon3.exe
 Size: 10402576 bytes (10158 KiB)
 SHA256: DB1BAF76F0333F4743919A86F35037559F9E7DA7DF14982DFC16FB8DC0BE6BE2

https://freecap.apponic.com/download/
 Name: freecap_setup_eng.exe
 Size: 1644848 bytes (1606 KiB)
 SHA256: C3D4929AB5A5867A6BE9914FF94DEFEFED6762748EDB1E351C86EBC5A02D46EC

Here are the current set of privacy extensions (many for fingerprinting):
  bhchdcejhohfmigjafbampogmaanbfkg : User-Agent Switcher and Manager
  cjpalhdlnbpafiamejdnhcphjbkeiagm : uBlock Origin 
  fhcgjolkccmbidfldomjliifgaodjagh : Cookie AutoDelete 
  fhkphphbadjkepgfljndicmgdlndmoke : Font Fingerprint Defender 
  fjkmabmdepjfammlpliljpnbhleegehm : WebRTC Control 
  gjldcdngmdknpinoemndlidpcabkggco : Extension Manager 
  hhnhplojcganfmfimkeboiipphklcbih : Location Guard (V3)
  hnkcfpcejkafcihlgbojoidoihckciin : Referer Control
  jaoafjdoijdconemdmodhbfpianehlon : Skip Redirect
  jjbikklopibeimjelkohlldbjcdnofei : StayInTab
  lckanjgmijmafbedllaakclkaicjfmnk : ClearURLs 
  ldpochfccmkkmhdbclfhpagapcfdljkj : Decentraleyes 
  njdfdhgcmkocbgbhcioffdbicglldapd : LocalCDN 
  njkmjblmcfiobddjgebnoeldkjcplfjb : Trace - Online Tracking Protection 
  nomnklagbgmgghhjidfhnoelnjfndfpd : Canvas Blocker - Fingerprint Protect
  pkehgijcmpdhfbdbbnkijodmdjhbjlgp : Privacy Badger 
  pmcpffnpjncfplinfnjebjoonbncnjfl : CthulhuJs (Anti-Fingerprint)

And this is what I'm currently testing in the DIY browser where SPEED
(and IP obfuscation) turn out to be the hardest things to get this way.

How to add Socks5 to your Windows 10 browser sessions:
1. Start Psiphon & make a note of the SocksV5 port in the log output
2. Start Freecap & add the Socks5 port for your browser into the settings
3. Add your web browser into the Freecap settings
4. In Freecap, add desired command-line performance flags for the
application:
    --disable-background-timer-throttling
    --disable-backgrounding-occluded-windows
    --disable-renderer-backgrounding

Voila!

This setup routes only selected web browser traffic via FreeCap through
Psiphon, offering selective IP obfuscation & hopefully maintaining speed.

If this works, we can ditch the problematic VPN extensions, all of which
seem to either fail the initial tests or severely slow down in just days.

I just started testing it, but I post this so that others who actually 
know what they're doing can add value to how they do Socks5 tunneling!

[toc] | [prev] | [next] | [standalone]

#14537

Marion wrote:

> I ditched the VPN extensions in order to test a SOCKS5 proxy tunnel.

If all the proxies slow down after a few days, are they trying to be 
caching proxies?  Can they just operate as "direct" proxies without caching?

[toc] | [prev] | [next] | [standalone]

#14555

On Mon, 18 Aug 2025 07:04:02 +0100, Andy Burns wrote :


>> I ditched the VPN extensions in order to test a SOCKS5 proxy tunnel.
> 
> If all the proxies slow down after a few days, are they trying to be 
> caching proxies?  Can they just operate as "direct" proxies without caching?

I'm not afraid to say that I have no idea. 

I note you said "if all the proxies slow down", where I think you had meant
"if all the VPN extensions slow down", so I will assume you're asking...
 Q: Are the VPN extensions acting like caching proxies? 
 A: ? 

 Q: Could the VPN extensions work as direct proxies instead?
 A: ?

While a caching proxy stores copies of frequently accessed web content
(like images, scripts, or pages) to serve them faster next time, they're
typically HTTP proxies and not VPN/SOCKS5 proxies (as far as I'm aware).

Given these are the free VPN extensions which haven't outright failed:
 Browsec, 1ClickVPN, 1VPN, VPNly, XVPN, SetupVPN, Hoxx, securefreeedgevpn
I need to test them on a clean install with speedtest.net over time.

I haven't done that (mainly 'cuz I didn't expect slowdowns to occur).
I've never used VPN extensions until early July when Epic went bust.

So maybe others who have more experience with VPN extensions can help.
I'm assuming that the VPN extension slowdowns are part of their plan.
 a. They give you faster VPN tunneling at first
 b. And then, when you're hooked, they slow you down
 c. Unless you buy their premium tier (which they all will offer you)

But I don't really know anything about these VPN extensions.
Like how do they know I'm a repeat customer?

I guess they can key off my IP address (which is static).
Or maybe they key off a browser fingerprint perhaps?
Or maybe each VPN extension can have a unique installation ID?

Dunno.
Maybe the VPN extensions are just overloaded. 

I do not know the answer as I've only used them for a few weeks.
Do others have experience with VPN extensions who can advise us?

[toc] | [prev] | [next] | [standalone]

#14556

Marion wrote:

> I note you said "if all the proxies slow down", where I think you had meant
> "if all the VPN extensions slow down",

Well, you said you were ditching the VPN extensions, and had switched to 
SOCKS5, and then gave a long list of "X slows down", "Y slows down" ...

[toc] | [prev] | [next] | [standalone]

#14557

On Mon, 18 Aug 2025 18:13:06 +0100, Andy Burns wrote :


>> I note you said "if all the proxies slow down", where I think you had meant
>> "if all the VPN extensions slow down",
> 
> Well, you said you were ditching the VPN extensions, and had switched to 
> SOCKS5, and then gave a long list of "X slows down", "Y slows down" ...

Ah. Sorry. That's my fault. My bad. I'm confused. There's a lot of detail
when you are building your own DIY privacy browser from existing browsers.

I just ran a few more experiments with speedtest sites where I get my
Internet from miles away over the air (as you know), so I don't have the
fastest of speeds (they don't bring cable or fiber to this part of town).
 <https://www.speedtest.net/>
 <https://speed.cloudflare.com/>
 <https://testmy.net/>
 <https://www.fast.com/>
 <https://www.bandwidthplace.com/>
 <https://www.speedcheck.org/>
 <https://www.nperf.com/en/>
 <https://speedsmart.net/>
 <https://www.dslreports.com/speedtest>
 <https://librespeed.org/>
 <https://www.measurementlab.net/tests/ndt/>
 <https://www.ispeedtest.io/>
 etc.

After running s'more speed tests today, I think some my speed slowdowns are
perhaps likely more due to one or more of my privacy extensions
irrespective of the VPN itself; but I'm not really sure why the slowdowns.
 C:\> dir /b .\vpn_extension\working\.
       browsec
       1clickvpn
       setupvpn
       securefreeedgevpn
       xvpn
       vpnly
       1vpn
       hoxx


It's perhaps due to one or more of these privacy-based extensions perhaps:
 C:\> dir /b .\privacy_extensions\.
       fontfingerprintdefender
       localcdn
       privacybadger
       referercontrol
       skipredirect
       trace
       ublockorigin
       useragentswitcher
       webrtccontrol
       canvasblocker
       clearurls
       cookieautodelete
       decentraleyes
       privacypossum
       locationguard
       stayintab
       cthulhujs
       allfingerprintdefender

It will be a while before I identify conclusively which, if any, of these
privacy extensions are slowing the VPN extensions down, but they don't seem
to be slowing down the SOCKS5 tunnel via the open source Psiphon 3 tool.

But I'm still running experiments, so consider this a running log report.

At the moment, we have 3 options for a privacy browser with IP obfuscation.
 1. System-wide VPN + the 18 browser-privacy extensions listed above
 2. Browser VPN extensions (any of the 8 above that passed initial tests)
 3. Local open-source SOCKS5 Proxy Tunnel (Psiphon + FreeCap)

All three methods worked for me, so far, for my privacy purposes.
All I need out of them is faster speed.
Don't we all. :)

Note: Part of the problem is I've never used VPN extensions in a browser
until now & I've never used SOCKS5 tunnels until now, so I'm still a noob.

But I'm always trying to be helpful and to add value, so that's why I'm
reporting in reproducible detail what is working so far and what isn't.

[toc] | [prev] | [next] | [standalone]

#14562

On Mon, 18 Aug 2025 18:23:56 -0000 (UTC), Marion wrote :


> At the moment, we have 3 options for a privacy browser with IP obfuscation.
>  1. System-wide VPN + the 18 browser-privacy extensions listed above
>  2. Browser VPN extensions (any of the 8 above that passed initial tests)
>  3. Local open-source SOCKS5 Proxy Tunnel (Psiphon + FreeCap)
> 
> All three methods worked for me, so far, for my privacy purposes.

UPDATE

Doubling up the protection (like adding layers to an onion)!

I was checking tracert test outputs when something strange revealed itself.
I had forgotten to turn off the randomized system-wide VPN connections.

It only then occurred to me that I could layer a system-wide VPN over the
SOCKS5 proxy for apps (for an added layer of obfuscating protection).

Here's the fundamental process:
A. Start any free no-registration system-wide VPN.
B. Start the FOSS Psiphon tools to connect to a SOCKS5 proxifier port.
C. Set up Firefox for that port (or use FreeCap to proxify Firefox).

Now, when you run Mozilla-based web browsers... 
1. Your ISP sees only your activity on the system-wide VPN IP address
2. Your VPN server only sees your real IP address & the Psiphon IP address
3. Psiphon only sees your VPN IP address & the ultimate web site IP address
4. The ultimate website server only sees the Psiphon IP address 
5. Your web fingerprint is protected by your privacy protecting extensions

All this is done using a score of registration-free ad-free privacy tools.

[toc] | [prev] | [next] | [standalone]

#14553

On Mon, 18 Aug 2025 00:20:15 -0000 (UTC), Marion wrote :

> How to add Socks5 to your Windows 10 browser sessions:
> 1. Start Psiphon & make a note of the SocksV5 port in the log output
> 2. Start Freecap & add the Socks5 port for Brave into the settings
> 3. Add Brave (or any browser) into the Freecap settings
> 4. In Freecap, add any command-line performance flags for the application

OMG. Everything I touch in Windows has needlessly unnecessary complexity.

I should note that you'd think we could just set the proxy inside the
browser, and, well, um, er, we can, in some browsers. Like in Firefox.

However, Brave doesn't have native proxy settings inside of it.
Neither does Ungoogled Chromium. Bummer.

For the three browsers, things have to be done different ways: 
 a. Firefox has its own manual proxy settings native to the browser
 b. Ungoogled Chromium can use Windows command-line proxy settings
 c. But Brave has to use Windows proxy settings (or FreeCap to proxify it)

Psiphon dynamically assigns proxy ports for each session, for example... 
 SOCKS5: 127.0.0.1:1080 (the port changes each instance)
 HTTP/HTTPS: 127.0.0.1:8080 (the port changes each instance)

Once you have those ports, here's the manual Firefox setup:
 Firefox:Settings > General > Network Settings > [Settings]
 Configure Proxy Access to the Internet > Manual proxy configuration
 SOCKS Host = 127.0.0.1
 Port = 1080
 (o) SOCKS v5
 [x] Proxy DNS when using SOCKS v5
 Note: Firefox can also make use of the FoxyProxy Extension.
 Firefox handles DNS via SOCKS5 if the box is checked, 
 but other apps may leak DNS unless proxified.

Ungoogled Chromium can be launched directly using those proxy flags.
 C:\> ungoogled-chromium --proxy-server="socks5://127.0.0.1:1080"
 C:\> ungoogled-chromium --proxy-server="http=127.0.0.1:8080"


Brave is easiest to set up with a proxifier such as FreeCap.
 Freecap3.18:File > Settings > Default proxy > Proxy settings 
 Default proxy > Server = 127.0.0.1  Port: = 1080
 Protocol (o) Socks v5
 This sets Psiphon'[s SOCKS5 proxy for apps launched through FreeCap.

Or we can set up Windows globally to use Psiphon's SOCKS5 proxy.
But Windows 10 does not natively support SOCKS5 in its GUI proxy settings.
Windows 10 only supports HTTP/HTTPS proxies directly. Aurgh.

Here's one way to set up SOCKS5 proxy globally in Windows 10.
 Win+R > control 
 Internet Options 
 Click the "Connections" tab on that "Internet Properties" dialog
 Click the "LAN Settings" button near the bottom of that display
 This brings up the "Local Area Network (LAN) Settings" form
 [x] Use a proxy server for your LAN
 Click the [Advanced] button in that LAN Settings form
 Uncheck [_]Use the same proxy for all protocols
 Socks = 127.0.0.1 Port = 1080
 [OK][OK][OK]

In summary, once you have the SOCKS5 proxy ports defined, you can set up
your web browser to use it, but each browser does it differently.

Sigh.

And if you think that's confusing, guess what else is confusing?

The Windows 10 LAN Settings method let you enter SOCKS5, but Windows
doesn't actually honor SOCKS5 in that dialog. 

Windows 10 only applies HTTP/HTTPS proxies.

So while you can enter the SOCKS5 values into that Windows 10 dialog,
Windows 10 won't use the values for most apps unless those apps explicitly
support SOCKS5 via system proxy (which is rare - but which is what Brave
does).

Oh, and if you think Windows 11 is "better", guess again!
You cannot select SOCKS5 in the Windows 11 built-in proxy GUI.

Even if you enter a SOCKS5 address in the Windows 11 Manual proxy setup,
Windows 11 will treat it as an HTTP proxy and fail to route traffic
properly. OMG.

Did I mention everything I touch in Windows is unnecessarily complex?

Here's the summary (and yes, I'm still confused, but I think it's right).
 Windows 10 GUI limitations:
  You can enter SOCKS5, but Windows doesn't honor it
  Only HTTP/HTTPS proxies are applied system-wide
 Windows 11: 
  No SOCKS5 support
  SOCKS5 entries are treated as HTTP proxies and fail

That's why you essentially need a proxifier, such as FreeCap is.
(Or Proxifier, WideCap, SocksEscort, ProxyCap, etc.)

So now we're back to Brave, which natively supports a system proxy, but
Windows doesn't support SOCKS5 system-wide, so Brave actually can't use
SOCKS5 unless proxified (which is where FreeCap came into play).

Sigh. Why is privacy so hard to achieve. :)

I'm just beginning to learn this stuff, so if anyone out there is familiar
with using SOCKS5 for IP-address obfuscation, please add your value.

[toc] | [prev] | [next] | [standalone]

#14567

On Mon, 18 Aug 2025 16:43:04 -0000 (UTC), Marion wrote :


> OMG. Everything I touch in Windows has needlessly unnecessary complexity.

If it takes two button clicks, that's one too many, and if a click exposes 
your privacy, then we have to think about how to protect our privacy.

To both those ends, I improved the process this morning of running a 
free no-registration system-wide random VPN first, and then running 
Psiphon with a static SOCKS5 port of 1080 so that when I run the 
privacy web browser from FreeCap, I now don't need to set the SOCKS5 
port each time. 

One "privacy" problem, albeit minor, with Psiphon, is that it brings 
up an advertisement on your default web browser during startup. 

Drat. That sucks. It's not harmful, but it exposes your privacy.
Needlessly.

So let's fix that pronto using basic Windows tricks of setting 
the default web browser to a batch file that does whatever I want.

Besides, even with a random system-wide no-registration free VPN running, 
it's still bad form for Psiphon to be bringing up a default browser to
an advertisement which can, for all we know, rot privacy in some way.

That browser session unilaterally launched by Psiphon isn't yet proxified.
As I said many times, privacy is like hygiene. It's a billion things.

Removing that initial privacy flaw at Psiphon startup needed to be done.

Unfortunately, the free Psiphon doesn't have switches to turn that off.
 C:\> psiphon3.exe -mode=socks  <== this doesn't exist... bummer

We might like to set up the Tor browser as the default because it can 
open up unconnected, but it's problematic to set a Tor browser as 
the default (since Tor doesn't register itself as a Windows browser).

So let's just create a dummy web browser for Psiphon to invoke. 
 @echo off
 REM C:\path\to\dummybrowser.bat 20250819 revision 1.0
 set LOGFILE=C:\path\to\dummybrowser.log
 echo [%date% %time%] Attempted launch: %* >> %LOGFILE%
 start "" "C:\path\to\gvim.exe" "%LOGFILE%"
 exit

Since Windows won't set the default web browser to a batch
file, let's convert that dummybrowser.bat to dummybrowser.exe
using any of a number of batch-to-executable converters.

 <https://github.com/l-urk/Bat-To-Exe-Converter-64-Bit/releases>
 <https://github.com/l-urk/Bat-To-Exe-Converter-64-Bit/releases/download/3.2/Bat_To_Exe_Converter_x64.exe>
 1. Open that "Bat To Exe Converter v3.2" executable.
 2. Select your .bat file using the folder icon.
 3. At the right, in Options, there is "Exe-Format" with these choices
    32-bit | Console (Visible)
    32-bit | Windows (Invisible)
    64-bit | Console (Visible)
    64-bit | Windows (Invisible) <== Use this to compile a batch file
    as a 64-bit GUI-style exe that runs silently with no console window.
 4. Click the "Convert" button to convert batch to exe.
 5. Choose your output path in the "Save as" field.
    (Optional) Add an icon or version info.

But you still can't select the dummy browser yet as it's not registered.
 Win+I > Apps > Default apps > Web browser > 
                Choose default apps by file type
                Choose default apps by protocol
                Set defaults by app
                Recommended browser settings

You first need to register your exe as a web browser in the registry:
 HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet

To do that, right-click "merge" this registry file:
 C:\> gvim C:\path\to\register_dummy_browser.reg

 Windows Registry Editor Version 5.00

 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser]
 @="Dummy Browser"

 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser\Capabilities]
 "ApplicationName"="Dummy Browser"
 "ApplicationDescription"="A privacy-preserving dummy browser"

 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser\Capabilities\FileAssociations]
 ".htm"="DummyBrowserHTML"
 ".html"="DummyBrowserHTML"

 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser\Capabilities\URLAssociations]
 "http"="DummyBrowserHTML"
 "https"="DummyBrowserHTML"

 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DummyBrowserHTML\shell\open\command]
 @="\"C:\\path\\to\\dummybrowser.exe\" \"%1\""

 [HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
 "Dummy Browser"="Software\\Clients\\StartMenuInternet\\DummyBrowser\\Capabilities"

Now you can select the dummy browser as your default web browser.
 Win+I > Apps > Default apps > Web browser > dummybrowser.exe

Voila!

Now, when you start Psiphon, it tries to launch the advertisement
using the default browser, which happens to simply log the attempt.

As always, privacy, like hygiene, is a billion things done every day.

If you have improvements to share, please let the team know so 
we all benefit from every effort at improving privacy on Windows.

In summary, two improvements were made in today's progress:

 1. Psiphon & FreeCap were set to a static SOCKS5 port of 1080
 2. Psiphon's advertisement web browser session was annulled 

Please improve if you also need privacy in web browser sessions.
 

[toc] | [prev] | [next] | [standalone]

#14605

UPDATE:

Since we're layering free no-registration VPNs onto open source proxies 
onto free no-registration proxifiers onto free no-registration privacy 
extensions, it behooves us to be able to check proxy settings dynamically.

I never messed with proxies before, but darn'it, Windows splatters proxy 
settings all over the place, such that I needed a quick testing script.

Below is a script which simplifies visibility and control over what turns 
out to be a devilishly fragmented system of how Windows defines proxies.
 a. WinINET: Used by Internet Explorer, Chrome, and many apps;
 b. WinHTTP: Used by system services and background tasks;
 c. PAC/AutoDetect: Dynamic proxy configuration via commands.

Unfortunately, I've run into this proxy setup complexity due to using
 A. VPN, which encrypts traffic and changes routing;
 B. Psiphon, which tunnels & encrypts SOCKS5 & HTTPS traffic;
 C. FreeCap, which redirects app traffic through SOCKS proxies.

The proxy.bat script included below checks all three methods at once
which gives us a clear snapshot of what the Windows proxy setup is.

To that end, we add a new command to run in your Win+R taskbar Runbox:
  Win+R/Runbox > proxy
Which executes this added registry "App Paths" key:
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
Which runs this proxy checking tool (see the tool below in its entirety):
  C:\sys\bat\proxy.bat

 ===< cut here for proxy.bat >===
 @echo off
 REM proxy.bat 20250820 v1.0 — Unified Windows check-proxy diagnostic tool
 REM Reports: WinINET manual proxy, WinHTTP proxy, PAC/AutoDetect
 REM 20250820 rev 1.0
 REM HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
 REM Default=C:\sys\bat\proxy.bat ==> creates "Win+R > proxy" command
 setlocal
 
 set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
 
 echo ==============================================
 echo   WINDOWS PROXY CONFIGURATION CHECK
 echo ==============================================
 
 REM --- WinINET (manual proxy) ---
 echo.
 echo [1] WinINET / Internet Settings
 for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul') do set ProxyEnable=%%B
 for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul') do set ProxyServer=%%B
 if "%ProxyEnable%"=="0x1" (
     echo Proxy is ENABLED
     echo Proxy server: %ProxyServer%
 ) else (
     echo Proxy is DISABLED
 )
 
 REM --- WinHTTP proxy ---
 echo.
 echo [2] WinHTTP proxy (system/background services)
 netsh winhttp show proxy
 
 REM --- PAC (Proxy Auto-Config) & AutoDetect ---
 echo.
 echo [3] PAC / AutoDetect
 for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL 2^>nul') do set PACurl=%%B
 for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul') do set AutoDetect=%%B
 
 if defined PACurl (
     echo PAC script set: %PACurl%
 ) else (
     echo No PAC script URL found.
 )
 
 if "%AutoDetect%"=="0x1" (
     echo Auto-detect is ENABLED
 ) else (
     echo Auto-detect is DISABLED
 )
 
 echo.
 echo ==============================================
 echo Check complete.
 echo ==============================================
 
 endlocal
 pause
 ===< cut here for proxy.bat >===

As always, this is posted to help others copy & paste
(where wasbit's kind and helpful advice is appreciated)
this script as part of their addition of privacy to Windows.

[toc] | [prev] | [next] | [standalone]

#14611

On Wed, 20 Aug 2025 19:14:50 -0000 (UTC), Marion wrote :

> I never messed with proxies before, but darn'it, Windows splatters proxy 
> settings all over the place, such that I needed a quick testing script.

UPDATE 

Turns out I didn't need to use FreeCap to proxify web browsers.

Mozilla-based browsers (Firefox, Thunderbird, etc.) have their own internal
proxy settings and, by default, ignore the Windows proxy unless you
explicitly tell them to use it.

Unlike Mozilla-based browsers which have those proxy GUIs, Chromium-based
browsers do not have built-in proxy configuration GUIs.

So I thought I needed to proxify Chromium-based web browsers with FreeCap.
But I was wrong.

Chromium-based browsers apparently directly inherit proxy settings from the
operating system, including:
 a. From WinINET (used by most desktop apps)
 b. Or from PAC scripts and AutoDetect
 c. Or from manual proxy entries like that which Psiphon3 sets.
    Win+I > Settings > Network & Internet > Proxy > Manual proxy settings
    [http=127.0.0.1:30884;https=127.0.0.1:30884;socks=127.0.0.1:1080]

Also Chromium-based browsers can also be proxified at the command line:
 C:\> brave.exe --proxy-server="http=127.0.0.1:30884;https=127.0.0.1:30884;socks=127.0.0.1:1080"

So I don't think we need FreeCap to proxify our DIY Chromium-based privacy
browsers but we can still use FreeCap to proxify the Mozilla browsers.

However, we could also configure Firefox's own proxy settings (Preferences
> Network Settings) to point directly to Psiphon's SOCKS5 port, skipping
FreeCap entirely. 

If we want this to persist across profiles or installs, LibreWolf even lets
us set it in a librewolf.overrides.cfg file.

The steps are identical for Psiphon's proxy ports as for Mullvad's own
proxy, so the proxy settings are built into Mullvad as much as in Firefox.

So we no longer need FreeCap for proxifying either web browser platform.

FreeCap is still useful for apps that don't have built-in proxy support,
but apparently all web browsers have it - they just do it differently.

  Chromium ==> respects Windows proxy settings (which Psiphon sets for you)
  Mozilla ==> ignores Windows proxy settings (but has their own settings)

Who knew? Not me. The more I try to build a DIY privacy browser, the more I
learn how different the two main web browser platforms are from each other.

[toc] | [prev] | [next] | [standalone]

#14637

On Thu, 21 Aug 2025 04:11:10 -0000 (UTC), Marion wrote :


>   Chromium ==> respects Windows proxy settings (which Psiphon sets for you)
>   Mozilla ==> ignores Windows proxy settings (but has their own settings)

UPDATE: 

Aurgh. There are layers to this Windows socks5 stuff such that some apps
use one layer while other apps use a different layer. Who knew? Not me!

Everything in Windows having to do with privacy seems to have more layers.

I started checking whether non-browser apps used Windows proxy settings,
where it turns out pgms like Telegram & CoPilot are different than
browsers are (which themselves are different in how each handle proxy).

Running the previously posted "proxy.bat" showed that Psiphon modified the 
WinINET (user apps, browsers) proxy (127.0.0.1:17561 / socks at 
127.0.0.1:1080) but not the WinHTTP (system/background services) proxy.

Sigh. Half a solution is not a full solution.
In fact, even with Psiphon, WinHTTP was was set to direct access (no
proxy).

The fix is to always copy the WinINET proxy config into WinHTTP.
 Win+R > cmd {ctrl+shift+enter}
 C:\> netsh winhttp import proxy source=ie
      Now system services (which often ignore WinINET) will use 
      Psiphon's proxy as well. It also set a bypass list so that
      local/private subnets avoid the proxy. 

This is needed so that any Windows component that uses WinHTTP (like parts 
of Copilot, Windows Update, some Microsoft Store traffic) will respect the 
Psiphon proxy, matching the existing Psiphon browser/app proxy settings.

To test:
a. Temporarily clear WinHTTP proxy:
   C:\> netsh winhttp reset proxy

b. Run Win+R > proxy
   The proxy.bat script should detect 'No WinHTTP proxy set'
   and it should then import settings from WinINET automatically.
c. Set a custom WinHTTP proxy:
   C:\> netsh winhttp set proxy proxy-server="http=1.2.3.4:8080"

d. Run Win+R > proxy
   The proxy.bat script should detect an existing WinHTTP proxy 
   and therefore it should NOT overwrite it.

Below is the improved proxy.bat script to accomplish the sync above.

 ===< cut here for improved proxy.bat which handles more programs >===
 @echo off
 REM proxy.bat 20250820 v1.2
 REM Use model: "Win+R > proxy" (diagnostic + proxy import if WinHTTP is
unset)
 REM Unified Windows proxy diagnostic tool with WinHTTP sync safeguard
 REM "Win+R > proxy /sync imports WinINET proxy directly into WinHTTP
 REM Reports: WinINET manual proxy, WinHTTP proxy, PAC/AutoDetect
 REM HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
 REM Default=C:\sys\batch\proxy.bat 
 REM That App Paths key creates the convenient "Win+R > proxy" command
 REM 
 setlocal
 
 :: --- Quick /sync mode ---
 if /i "%~1"=="/sync" (
     echo Syncing WinINET proxy into WinHTTP...
     netsh winhttp import proxy source=ie
     echo Done.
     pause
     exit /b
 )
 
 set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
 
 echo ==============================================
 echo   WINDOWS PROXY CONFIGURATION SET/CHECK/FIX
 echo ==============================================
 
 REM --- WinINET (manual proxy) ---
 echo.
 echo [1] WinINET / Internet Settings
 for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable
2^>nul') do set ProxyEnable=%%B
 for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer
2^>nul') do set ProxyServer=%%B
 if "%ProxyEnable%"=="0x1" (
     echo Proxy is ENABLED
     echo Proxy server: %ProxyServer%
 ) else (
     echo Proxy is DISABLED
 )
 
 REM --- WinHTTP proxy ---
 echo.
 echo [2] WinHTTP proxy (system/background services)
 
 REM Get current WinHTTP proxy setting
 for /f "tokens=1,* delims=:" %%A in ('netsh winhttp show proxy ^| findstr
/R /C:"Proxy Server(s)"') do set curWinHTTP=%%B
 
 REM Trim leading/trailing spaces
 set curWinHTTP=%curWinHTTP:~1%
 
 if "%curWinHTTP%"=="" (
     echo No WinHTTP proxy set - importing from WinINET...
     netsh winhttp import proxy source=ie >nul 2>&1
 ) else (
     echo WinHTTP proxy already set - leaving as is.
 )
 
 REM Show current WinHTTP proxy after check/import
 netsh winhttp show proxy
 
 REM --- PAC (Proxy Auto-Config) & AutoDetect ---
 echo.
 echo [3] PAC / AutoDetect
 for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL
2^>nul') do set PACurl=%%B
 for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul')
do set AutoDetect=%%B
 
 if defined PACurl (
     echo PAC script set: %PACurl%
 ) else (
     echo No PAC script URL found.
 )
 
 if "%AutoDetect%"=="0x1" (
     echo Auto-detect is ENABLED
 ) else (
     echo Auto-detect is DISABLED
 )
 
 echo.
 echo ==============================================
 echo Windows proxy set/check/fix complete.
 echo ==============================================
 
 endlocal
 pause
 
 ===< cut here for improved proxy.bat which handles more programs >===

[toc] | [prev] | [next] | [standalone]

#14660

On Thu, 21 Aug 2025 04:11:10 -0000 (UTC), Marion wrote :


> Turns out I didn't need to use FreeCap to proxify Chromium web browsers.

UPDATE ON FREE REGISTRATION-FREE AD-FREE PROXIFIERS:

Some programs need proxifiers (like FreeCap, which I used for a week).
 a. Mozilla browsers have their own proxy controls
 b. Chromium browsers use the Windows proxy defaults
 c. But many programs use neither

For those programs which need proxifiers, I found a better proxifier.
 A. FreeeCap
 B. SocksCap64

FreeCap is lightweight and still works for basic SOCKS4/5 or HTTP proxying,
but it's frozen in time while SocksCap64 has been updated more recently.
 <https://sourceforge.net/projects/sockscap64/>
 Actively maintained (though updates are infrequent)
 SOCKS4, SOCKS5, HTTP, and Shadowsocks; supports both TCP & UDP
 "SocksCap64 is an easy and a beautiful way to let the programs
  you want to work through a specific SOCKS proxy server,
  even if your applications don't have such an option."

SocksCap64 is the more modern, feature-rich choice, with broader protocol
support, UDP handling, and better compatibility with current Windows.
 <https://netactuate.dl.sourceforge.net/project/sockscap64/SocksCap64-setup-3.6.exe>
 Name: SocksCap64-setup-3.6.exe
 Size: 6193115 bytes (6047 KiB)
 SHA256: B2DA49EC9A2702CFD7625D3F152AF98A4C8E3E155DAB78686962BB3DF1F76825

Having only used proxies for a short time, my current advice is:
 1. For Chromium browsers, use the script I wrote to sync to Windows
 2. For Mozilla browsers, use their own GUIs (or FoxyProxy's GUI)
 3. For most other apps, use a proxifier such as SocksCap64/FreeCap are

[toc] | [prev] | [next] | [standalone]

#14751

Marion wrote:
> Unfortunately, I've run into this proxy setup complexity due to using
>   A. VPN, which encrypts traffic and changes routing;
>   B. Psiphon, which tunnels & encrypts SOCKS5 & HTTPS traffic;
>   C. FreeCap, which redirects app traffic through SOCKS proxie

I don't have the same focus or interest as you, but I try to learn from 
exploring some of the aspects of 'where you are going'.

The subject of socks5 vs VPN is interesting. Surprisingly a service that 
sells socks5 service has a pretty good discussion and seems 'balanced' 
rather than biased for socks5.

Then, one can turn to various other sources to try to learn about free 
socks5 vs paid socks5. Those sources seem to say that 'generally' there 
is a great deal of diff.

You tend to prioritize the 'free' aspect of things, and I can 
'sympathize' w/ that because I'm of a very frugal nature myself, and 
even MORE importantly, the complexity of being able to pay for some 
anonymous persona w/ anonymous connectivity is another level of privacy 
than just seeking out those avenues which do not require any 
'registration' type identity which comes along w/ non-free.

In any case, while you have your 'free' characteristic turned on high, I 
believe you have to balance that w/ a significant degree of skepticism. 
Some people are excessively skeptical of anything free; but I don't 
think excess is a good thing.

https://www.proxyrack.com/blog/socks5-vs-vpn/
> Socks5 Vs. VPN - What’s the Difference?

You have to go elsewhere to find out 'what's wrong w/ free socks5'.

-- 
Mike Easter

[toc] | [prev] | [next] | [standalone]

#14752

Mike Easter wrote:
> You tend to prioritize the 'free' aspect of things

However, you do NOT get your connectivity free; so you are having to 
trust your identity w/ your connectivity provider. Fine. You /can/ 
conceal your internet content from your connectivity provider.

If you are going to trust your connectivity provider w/ your identity, 
why not find a privacy service that you are willing to trust?  It seems 
like the same thing.

Then, you are paying for your connectivity and you are paying for your 
privacy and that's about all you have to pay for; and the privacy is 
MUCH cheaper than your connectivity.

-- 
Mike Easter

[toc] | [prev] | [next] | [standalone]

#14758

On Fri, 29 Aug 2025 16:46:46 -0700, Mike Easter wrote :


> I don't have the same focus or interest as you, but I try to learn from 
> exploring some of the aspects of 'where you are going'.
> 
> The subject of socks5 vs VPN is interesting. Surprisingly a service that 
> sells socks5 service has a pretty good discussion and seems 'balanced' 
> rather than biased for socks5.
> 
> Then, one can turn to various other sources to try to learn about free 
> socks5 vs paid socks5. Those sources seem to say that 'generally' there 
> is a great deal of diff.
> 
> You tend to prioritize the 'free' aspect of things, and I can 
> 'sympathize' w/ that because I'm of a very frugal nature myself, and 
> even MORE importantly, the complexity of being able to pay for some 
> anonymous persona w/ anonymous connectivity is another level of privacy 
> than just seeking out those avenues which do not require any 
> 'registration' type identity which comes along w/ non-free.
> 
> In any case, while you have your 'free' characteristic turned on high, I 
> believe you have to balance that w/ a significant degree of skepticism. 
> Some people are excessively skeptical of anything free; but I don't 
> think excess is a good thing.
> 
> https://www.proxyrack.com/blog/socks5-vs-vpn/
>> Socks5 Vs. VPN - What’s the Difference?
> 
> You have to go elsewhere to find out 'what's wrong w/ free socks5'.

This is all good information, where I spent all day today on this topic.

To be clear, I never touched this stuff until Epic Privacy Browser died on me in early July so all this is completely new to me for building a socks5 proxy that is FAST and FREE and requires no registration (for privacy).

The beauty of socks5 is it's fast. 
The beauty of VPN is it's complete.

There's no reason you can'd to both.
1. First run socks5 and then VPN, or, 
2. FIrst run VPN and then socks5.

Ask me how I know that it works. :)
Anyway, I spent all day cleaning up the flow, so I decided to post my 
latest update (as of today - which is how I spent my vacation) below.

I hope this helps others, although it's complicated stuff.

If only Windows didn't suck so bad with proxies.
And if only Mozilla & Chromium didn't suck so bad with proxies.

Sigh. All this work because Mozilla & Chromium & Windows sucks for proxies.

 <https://psiphon.ca/>
 <https://psiphon.ca/en/download-store.html?psiphonca>
 Name: psiphon3.exe
 Size: 10402576 bytes (10158 KiB)
 SHA256: DB1BAF76F0333F4743919A86F35037559F9E7DA7DF14982DFC16FB8DC0BE6BE2 

Install location C:\apps\network\proxy\{psiphon,sockscap,freecap}\
Software archives C:\software\network\proxy\{psiphon,sockscap,freecap}\
Pullout menu C:\menus\network\proxy\{psiphon,sockscap,freecap}\

Once you run psiphon3 free socks proxy, you start thinking of all the ways
Windows sucks at proxies, and then you try to fix each of those ways.

Sigh. 

Below is what took me all day today to build a modular proxy control system
that handles all three Windows proxy layers: WinINET, WinHTTP, and
PAC/AutoDetect. It launches Psiphon, waits for proxy ports to initialize,
and then runs pac.cmd to sync everything. 

Because they hate encryption, the PAC file bypasses Gmail, Amazon, &
Copilot domains, while routing all other traffic through Psiphon's SOCKS
proxy.

These scripts support diagnostic modes, silent execution, & full reset
functionality. Since I love the Windows "App Paths" registry key, I've also
optionally integrated App Paths for seamless Win+R launching, and included
clear usage instructions, versioning, and logging. 

It might not be perfect, but I designed it to be portable, maintainable, &
extensible. I'm sure there is more to do, but I'm done for today.
================================================================
Step 1: Launch Psiphon
Step 2: Wait for proxy ports to initialize
Step 3: It will then run pac.cmd to sync WinHTTP & apply PAC
Optionally run proxy.cmd for diagnostics & configuration
================================================================
To run "proxy.cmd" using the Windows taskbar-pinned "Win+R" RunBox:
 Runbox > pac
 Which calls the named App Paths key
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pac.exe 
 Default=C:\data\sys\apppath\link\pac.lnk

 Rightclick C:\data\sys\apppath\link\pac.lnk > Properties
 TARGET=C:\Windows\System32\cmd.exe /c "C:\data\sys\batch\pac.cmd"
================================================================
To run "pac.cmd" using the Windows taskbar-pinned "Win+R" RunBox:
 Runbox > pac
 Which calls the named App Paths key
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pac.exe 
 Default=C:\data\sys\apppath\link\pac.lnk

 Rightclick C:\data\sys\apppath\link\pac.lnk > Properties
 TARGET=C:\Windows\System32\cmd.exe /c "C:\data\sys\batch\pac.cmd"
================================================================
psiphon3.lnk 
TARGET=C:\data\sys\batch\psiphon-launch.cmd

Win+R > gvim C:\data\sys\batch\psiphon-launch.cmd

@echo off
REM psiphon-launch.cmd v1.1 ¡X 20250901
REM Launch psiphon3.exe freeware & apply 3-way proxy sync/PAC
REM C:\data\sys\batch\psiphon-launch.cmd
REM Step 1: Launch Psiphon (which only syncs 1 of 3 Windows proxy types)
REM Step 2: Wait for proxy ports to initialize
REM Step 3: Run PAC setup (sync + PAC logic)
REM Note there are 3 different Windows proxy types. Sigh.
REM Type 1: WinINET ¡X used by IE, Edge (legacy), MS Office & most apps
REM Type 2: WinHTTP ¡X used by system services like Windows Update
REM Type 3: PAC/AutoDetect ¡X used by browsers like Chrome, Edge, & Firefox
REM (but Mozilla browsers have to be set first to respect system proxies).

if not exist "C:\app\network\psiphon\psiphon3.exe" (
    echo ERROR: Psiphon executable not found.
    exit /b
)

start "" "C:\app\network\psiphon\psiphon3.exe"

REM Wait a few seconds for Psiphon to initialize
timeout /t 5 /nobreak >nul

if not exist "C:\data\sys\batch\pac.cmd" (
    echo ERROR: pac.cmd not found.
    exit /b
)

REM Run PAC setup silently
start "" "C:\data\sys\batch\pac.cmd" /silent

================================================================
Win+R > gvim C:\data\sys\batch\proxy.pac

/* proxy.pac v1.0 ¡X 20250901
   Bypasses proxy for:
   - *.google.com, *.gmail.com, *.amazon.com
   - *.copilot.microsoft.com
   All other traffic routed through SOCKS proxy at 127.0.0.1:1080
*/

function FindProxyForURL(url, host) {
  // Bypass Gmail and Google services
  if (shExpMatch(host, "*.google.com") ||
      shExpMatch(host, "*.gmail.com") ||
      shExpMatch(host, "mail.google.com")) {
    return "DIRECT";
  }

  // Bypass Amazon
  if (shExpMatch(host, "*.amazon.com") ||
      shExpMatch(host, "amazon.com")) {
    return "DIRECT";
  }

  // Bypass Microsoft Copilot-related domains
  if (shExpMatch(host, "*.copilot.microsoft.com") ||
      shExpMatch(host, "*.bing.com") ||
      shExpMatch(host, "*.microsoft.com")) {
    return "DIRECT";
  }

  // Everything else goes through Psiphon SOCKS proxy
  return "SOCKS 127.0.0.1:1080";
}

================================================================
Win+R > gvim C:\data\sys\batch\pac.cmd

@echo off
REM pac.cmd v1.5 ¡X 20250901
REM Sync WinHTTP proxy & apply PAC logic for selective domain bypass
REM Used after Psiphon starts to align all three Windows proxy layers
REM ---------------------------------------------------------------
REM Step 1: Sync WinINET proxy into WinHTTP (used by system services)
REM Step 2: Apply PAC script & enable Auto-Detect (used by browsers)
REM ---------------------------------------------------------------
REM Usage:
REM  pac                   Sync WinHTTP & apply PAC
REM  pac /silent           Suppress final pause
REM  pac /status           Show current proxy settings
REM  pac /test             Run diagnostics only
REM  pac /nopac            Disable PAC & Auto-Detect
REM  pac /help             Show usage instructions
REM ---------------------------------------------------------------

REM --- /help flag: show usage instructions ---
if /i "%~1"=="/help" (
    echo Usage:
    echo   pac                   Sync WinHTTP & apply PAC
    echo   pac /silent           Suppress final pause
    echo   pac /status           Show current proxy settings
    echo   pac /test             Run diagnostics only
    echo   pac /nopac            Disable PAC & Auto-Detect
    echo   pac /help             Show usage instructions
    exit /b
)

REM --- Log start ---
echo [%DATE% %TIME%] Running pac.cmd >> C:\data\sys\logs\proxy.log

REM --- Check for proxy.cmd ---
if not exist "C:\data\sys\batch\proxy.cmd" (
    echo ERROR: proxy.cmd not found.
    exit /b
)

REM --- /status: show proxy diagnostics only ---
if /i "%~1"=="/status" (
    start "" "C:\data\sys\batch\proxy.cmd" /silent /status
    exit
)

REM --- /test: alias for /status ---
if /i "%~1"=="/test" (
    echo Running proxy diagnostics only...
    start "" "C:\data\sys\batch\proxy.cmd" /silent /status
    exit
)

REM --- /nopac: disable PAC & Auto-Detect ---
if /i "%~1"=="/nopac" (
    echo Disabling PAC & Auto-Detect...
    start "" "C:\data\sys\batch\proxy.cmd" /silent /nopac
    exit
)

REM --- Step 1: Sync WinINET into WinHTTP ---
echo Running proxy sync...
powershell -Command "Start-Process -FilePath 'cmd.exe' -ArgumentList '/c
\"C:\data\sys\batch\proxy.cmd\" /sync' -NoNewWindow -Wait"

REM --- Step 2: Apply PAC logic ---
echo Applying PAC logic...
powershell -Command "Start-Process -FilePath 'cmd.exe' -ArgumentList '/c
\"C:\data\sys\batch\proxy.cmd\" http://127.0.0.1/proxy.pac' -NoNewWindow
-Wait"

REM --- PAC summary for user ---
echo PAC logic: Bypassing proxy for Gmail, Amazon, & Copilot domains.
echo All other traffic routed through SOCKS proxy at 127.0.0.1:1080

REM --- Final pause unless /silent ---
if /i "%~1"=="/silent" (
    exit
)

echo.
echo Press Enter to close...
pause >nul
exit


================================================================
Win+R > gvim C:\data\sys\batch\proxy.cmd

@echo off
REM proxy.cmd v1.8 ¡X 20250901
REM Unified Windows proxy diagnostic + configuration tool
REM Supports: WinINET proxy, WinHTTP proxy, PAC/AutoDetect
REM ---------------------------------------------------------------
REM Usage:
REM  Win+R > proxy                  Run normally
REM  Win+R > proxy /help            Show usage instructions
REM  Win+R > proxy /sync            Sync WinINET proxy into WinHTTP
REM  Win+R > proxy http://url.pac   Set PAC URL
REM  Win+R > proxy /nopac           Disable PAC & Auto-Detect
REM  Win+R > proxy /status          Check status only
REM  Win+R > proxy /reset           Clear all proxy settings
REM  Win+R > proxy /silent          Suppress final pause
REM  Win+R > proxy /silent /sync    Combine flags
REM ---------------------------------------------------------------
REM Proxy Types:
REM  Type 1: WinINET ¡X used by IE, Edge (legacy), MS Office & most apps
REM  Type 2: WinHTTP ¡X used by system services like Windows Update
REM  Type 3: PAC/AutoDetect ¡X used by Chrome, Edge, & optionally Firefox
REM Firefox must be set to "Use system proxy settings" to honor PAC
REM ---------------------------------------------------------------

REM --- /help flag: show usage instructions ---
if /i "%~1"=="/help" (
    echo Usage:
    echo   proxy                  Run normally
    echo   proxy /sync            Sync WinINET proxy into WinHTTP
    echo   proxy http://...       Set PAC URL
    echo   proxy /nopac           Disable PAC & Auto-Detect
    echo   proxy /status          Show current proxy settings
    echo   proxy /reset           Clear all proxy settings
    echo   proxy /silent ...      Suppress final pause
    exit /b
)

REM --- Log command to proxy.log ---
set LOG=C:\data\sys\logs\proxy.log
echo [%DATE% %TIME%] %cmdcmdline% >> %LOG%

REM --- Begin scoped environment ---
setlocal

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

REM --- Detect /silent flag & shift argument list ---
if /i "%~1"=="/silent" (
    set SILENT=1
    shift
)

REM --- /reset: clear all proxy settings ---
if /i "%~1"=="/reset" (
    echo Resetting all proxy settings...
    reg delete %KEY% /v ProxyEnable /f >nul 2>&1
    reg delete %KEY% /v ProxyServer /f >nul 2>&1
    reg delete %KEY% /v AutoConfigURL /f >nul 2>&1
    reg add %KEY% /v AutoDetect /t REG_DWORD /d 0 /f >nul
    netsh winhttp reset proxy >nul 2>&1
    echo All proxy settings cleared.
    goto SHOWCONFIG
)

REM --- /status: show current proxy configuration ---
if /i "%~1"=="/status" (
    echo Displaying current proxy configuration...
    goto SHOWCONFIG
)

REM --- /sync: copy WinINET proxy into WinHTTP ---
if /i "%~1"=="/sync" (
    echo Syncing WinINET proxy into WinHTTP...
    netsh winhttp import proxy source=ie
    echo Done.
    goto SHOWCONFIG
)

REM --- /nopac: disable PAC & Auto-Detect ---
if /i "%~1"=="/nopac" (
    echo Disabling PAC & Auto-Detect...
    reg delete %KEY% /v AutoConfigURL /f >nul 2>&1
    reg add %KEY% /v AutoDetect /t REG_DWORD /d 0 /f >nul
    echo PAC & Auto-Detect disabled.
    goto SHOWCONFIG
)

REM --- Set PAC URL if provided ---
if not "%~1"=="" (
    echo Setting PAC script URL: %~1
    reg add %KEY% /v AutoConfigURL /t REG_SZ /d %~1 /f >nul
    reg add %KEY% /v AutoDetect /t REG_DWORD /d 1 /f >nul
)

REM --- Diagnostic output block ---
:SHOWCONFIG
echo ==============================================
echo   WINDOWS PROXY CONFIGURATION SET/CHECK/FIX
echo ==============================================

REM --- WinINET proxy status ---
echo.
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul')
do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul')
do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
    echo Proxy is ENABLED
    echo Proxy server: %ProxyServer%
) else (
    echo Proxy is DISABLED
)

REM --- WinHTTP proxy status ---
echo.
echo [2] WinHTTP proxy (system/background services)
for /f "tokens=1,* delims=:" %%A in ('netsh winhttp show proxy ^| findstr
/R /C:"Proxy Server(s)"') do set curWinHTTP=%%B
set curWinHTTP=%curWinHTTP:~1%
if "%curWinHTTP%"=="" (
    echo No WinHTTP proxy set ¡X importing from WinINET...
    netsh winhttp import proxy source=ie >nul 2>&1
) else (
    echo WinHTTP proxy already set ¡X leaving as is.
)
netsh winhttp show proxy

REM --- PAC / AutoDetect status ---
echo.
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL
2^>nul') do set PACurl=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul')
do set AutoDetect=%%B
if defined PACurl (
    echo PAC script set: %PACurl%
) else (
    echo No PAC script URL found.
)

REM --- PAC logic summary if using proxy.pac ---
if /i "%PACurl%"=="http://127.0.0.1/proxy.pac" (
    echo PAC logic: Bypassing proxy for Gmail, Amazon, & Copilot domains.
    echo All other traffic routed through SOCKS proxy at 127.0.0.1:1080
)

if "%AutoDetect%"=="0x1" (
    echo Auto-detect is ENABLED
) else (
    echo Auto-detect is DISABLED
)

echo.
echo ==============================================
echo Windows proxy set/check/fix complete.
echo ==============================================

endlocal

REM --- Final pause unless /silent ---
if not defined SILENT (
    echo.
    echo Press Enter to close...
    pause >nul
)
exit

================================================================

[toc] | [prev] | [standalone]

Page 3 of 3 — ← Prev page 1 2 [3]

Back to top | Article view | alt.comp.software.firefox

csiph-web