From Newsgroup: alt.comp.os.windows-10

1. User-Agent Switcher and Manager : version 0_6_4
2. uBlock Origin : version 1_65_0
3. NoScript : version 13_0_8
4. Cookie AutoDelete : version 3_8_2
5. Font Fingerprint Defender : version 0_1_6
6. WebRTC Control : version 0_3_3
7. Location Guard (V3) : version 3_0_0
8. Referer Control : version 1_35
9. Skip Redirect : version 2_3_6
10. StayInTab : version 1_0
11. ClearURLs : version 1_26_0
12. Decentraleyes : version 3_0_0
13. LocalCDN : version 2_6_79
14. Trace - Online Tracking Protection : version 3_0_6
15. Canvas Blocker - Fingerprint Protect : version 0_2_2
16. Browsec VPN - Free VPN for Chrome : version 3_92_2
17. Privacy Badger : version 2025_5_30
18. CthulhuJs (Anti-Fingerprint) : version 8_0_6

UPDATE.

It's ironic that I needed to add an "extension manager" to this list, as I
test each and every extension above in detail against privacy test sites.

I tested a few free, ad free, no-registration privacy-aware extension
managers, and the one I like most so far is this on Mozilla & Chromium.

Extension Manager by HongYuanCao for Mozilla-based browsers:
<https://addons.mozilla.org/en-US/firefox/addon/extensions-manager/>
Extension Manager by HongYuanCao for Chromium-based browsers:
<https://chromewebstore.google.com/detail/extension-manager/gjldcdngmdknpinoemndlidpcabkggco>

a. It's available on both Chrome & Firefox, which is rare for EMs.
b. It's ad-free, registration-free, and privacy-respecting.
c. It has batch actions, grouping, and a clean UI.
d. The developer appears to be transparent and responsive.

Meanwhile, I've been testing the VPN extensions which passed the initial
tests, where my fungible test-rating system puts them in this order:
1_browsec
2_1clickvpn
3_1vpn
4_vpnly
5_xvpn
6_securefreeedgevpn
7_setupvpn

Bearing in mind these all failed the most basic initial VPN tests.
hotspotshieldvpn
itopvpn
protonvpn
urbanvpn
hidemevpn
hiddenbatvpn
tunnelbearvpn
windscribevpn

In summary, we're pretty close to making a DIY browser, in both
Mozilla-land and Chromium land, that is distinct from the mothership
browser in terms of inherent privacy as tested against privacy test sites.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-10

On Tue, 12 Aug 2025 20:13:42 -0000 (UTC), Marion wrote :

Meanwhile, I've been testing the VPN extensions which passed the initial tests, where my fungible test-rating system puts them in this order:
browsec
1clickvpn
1vpn
vpnly
xvpn
securefreeedgevpn
setupvpn

Bearing in mind these all failed the most basic initial VPN tests.
hotspotshieldvpn
itopvpn
protonvpn
urbanvpn
hidemevpn
hiddenbatvpn
tunnelbearvpn
windscribevpn

UPDATE:

I ditched the VPN extensions in order to test a SOCKS5 proxy tunnel.
browsec ==> the best, but it slows down drastically in a week
1clickvpn ==> seems to slow down drastically in just days
1vpn ==> seems to slow down drastically in just days
vpnly ==> seems to slow down drastically in just days
xvpn ==> seems to slow down drastically in just days
securefreeedgevpn ==> seems to slow down drastically in just days
setupvpn ==> seems to slow down drastically in just days
hoxx ==> seems to slow down drastically in just days

hotspotshieldvpn ==> fails the initial VPN extension test conditions
itopvpn ==> fails the initial VPN extension test conditions
protonvpn ==> fails the initial VPN extension test conditions
urbanvpn ==> fails the initial VPN extension test conditions
hidemevpn ==> fails the initial VPN extension test conditions
hiddenbatvpn ==> fails the initial VPN extension test conditions
tunnelbearvpn ==> fails the initial VPN extension test conditions
windscribevpnv ==> fails the initial VPN extension test conditions

Bad news. Very bad news. All the VPN extensions slow down tremendously, it seems, within a few days of using them. So I tried something else that is
free, login free and hopefully, much faster than VPN extensions are.
a. Psiphon (Socks5 proxy)
b. Freecap (Socks5 redirector)
c. Brave browser (with a score of privacy extensions)

A. Psiphon is not a traditional VPN but rather a circumvention tool that
uses a mix of VPN, SSH, and HTTP proxy technologies to bypass censorship.

B. Freecap (or Proxifier) is used to route app traffic (such as that of a browser) through a SOCKS5 proxy to achieve selective traffic tunneling.

C. Brave + Privacy Extensions for fingerprinting and tracking protection.

I also uninstalled NoScript as it was a royal pita to manage.
I also removed the non-privacy extension disablehtml5autoplay.

Here's what I'm currently testing (where IP obfuscation & speed are key).
Psiphon + Freecap + Brave privacy browser + privacy extensions

https://psiphon.ca/
Name: psiphon3.exe
Size: 10402576 bytes (10158 KiB)
SHA256: DB1BAF76F0333F4743919A86F35037559F9E7DA7DF14982DFC16FB8DC0BE6BE2

https://freecap.apponic.com/download/
Name: freecap_setup_eng.exe
Size: 1644848 bytes (1606 KiB)
SHA256: C3D4929AB5A5867A6BE9914FF94DEFEFED6762748EDB1E351C86EBC5A02D46EC

Here are the current set of privacy extensions (many for fingerprinting):
brave://system/ > extensions > Expand
bhchdcejhohfmigjafbampogmaanbfkg : User-Agent Switcher and Manager
cjpalhdlnbpafiamejdnhcphjbkeiagm : uBlock Origin
fhcgjolkccmbidfldomjliifgaodjagh : Cookie AutoDelete
fhkphphbadjkepgfljndicmgdlndmoke : Font Fingerprint Defender
fjkmabmdepjfammlpliljpnbhleegehm : WebRTC Control
gjldcdngmdknpinoemndlidpcabkggco : Extension Manager
hhnhplojcganfmfimkeboiipphklcbih : Location Guard (V3)
hnkcfpcejkafcihlgbojoidoihckciin : Referer Control
jaoafjdoijdconemdmodhbfpianehlon : Skip Redirect
jjbikklopibeimjelkohlldbjcdnofei : StayInTab
lckanjgmijmafbedllaakclkaicjfmnk : ClearURLs
ldpochfccmkkmhdbclfhpagapcfdljkj : Decentraleyes
njdfdhgcmkocbgbhcioffdbicglldapd : LocalCDN
njkmjblmcfiobddjgebnoeldkjcplfjb : Trace - Online Tracking Protection
nomnklagbgmgghhjidfhnoelnjfndfpd : Canvas Blocker - Fingerprint Protect
pkehgijcmpdhfbdbbnkijodmdjhbjlgp : Privacy Badger
pmcpffnpjncfplinfnjebjoonbncnjfl : CthulhuJs (Anti-Fingerprint)

And this is what I'm currently testing in the DIY browser where SPEED
(and IP obfuscation) turn out to be the hardest things to get this way.

How to add Socks5 to your Windows 10 browser sessions:
1. Start Psiphon & make a note of the SocksV5 port in the log output
2. Start Freecap & add the Socks5 port for Brave into the settings
3. Add Brave (or any browser) into the Freecap settings
4. In Freecap, add any command-line performance flags for the application:
--disable-background-timer-throttling
--disable-backgrounding-occluded-windows
--disable-renderer-backgrounding

Voila!

This setup routes only selected web browser traffic via FreeCap through Psiphon, offering selective IP obfuscation & hopefully maintaining speed.

If this works, we can ditch the problematic VPN extensions, all of which
seem to either fail the initial tests or severely slow down in just days.

I just started testing it, but I post this so that others who actually
know what they're doing can add value to how they do Socks5 tunneling!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-10

On Mon, 18 Aug 2025 00:20:15 -0000 (UTC), Marion wrote :

How to add Socks5 to your Windows 10 browser sessions:
1. Start Psiphon & make a note of the SocksV5 port in the log output
2. Start Freecap & add the Socks5 port for Brave into the settings
3. Add Brave (or any browser) into the Freecap settings
4. In Freecap, add any command-line performance flags for the application

OMG. Everything I touch in Windows has needlessly unnecessary complexity.

I should note that you'd think we could just set the proxy inside the
browser, and, well, um, er, we can, in some browsers. Like in Firefox.

However, Brave doesn't have native proxy settings inside of it.
Neither does Ungoogled Chromium. Bummer.

For the three browsers, things have to be done different ways:
a. Firefox has its own manual proxy settings native to the browser
b. Ungoogled Chromium can use Windows command-line proxy settings
c. But Brave has to use Windows proxy settings (or FreeCap to proxify it)

Psiphon dynamically assigns proxy ports for each session, for example...
SOCKS5: 127.0.0.1:1080 (the port changes each instance)
HTTP/HTTPS: 127.0.0.1:8080 (the port changes each instance)

Once you have those ports, here's the manual Firefox setup:
Firefox:Settings > General > Network Settings > [Settings]
Configure Proxy Access to the Internet > Manual proxy configuration
SOCKS Host = 127.0.0.1
Port = 1080
(o) SOCKS v5
[x] Proxy DNS when using SOCKS v5
Note: Firefox can also make use of the FoxyProxy Extension.
Firefox handles DNS via SOCKS5 if the box is checked,
but other apps may leak DNS unless proxified.

Ungoogled Chromium can be launched directly using those proxy flags.

ungoogled-chromium --proxy-server="socks5://127.0.0.1:1080" ungoogled-chromium --proxy-server="http=127.0.0.1:8080"

Brave is easiest to set up with a proxifier such as FreeCap.
Freecap3.18:File > Settings > Default proxy > Proxy settings
Default proxy > Server = 127.0.0.1 Port: = 1080
Protocol (o) Socks v5
This sets Psiphon'[s SOCKS5 proxy for apps launched through FreeCap.

Or we can set up Windows globally to use Psiphon's SOCKS5 proxy.
But Windows 10 does not natively support SOCKS5 in its GUI proxy settings. Windows 10 only supports HTTP/HTTPS proxies directly. Aurgh.

Here's one way to set up SOCKS5 proxy globally in Windows 10.
Win+R > control
Internet Options
Click the "Connections" tab on that "Internet Properties" dialog
Click the "LAN Settings" button near the bottom of that display
This brings up the "Local Area Network (LAN) Settings" form
[x] Use a proxy server for your LAN
Click the [Advanced] button in that LAN Settings form
Uncheck [_]Use the same proxy for all protocols
Socks = 127.0.0.1 Port = 1080
[OK][OK][OK]

In summary, once you have the SOCKS5 proxy ports defined, you can set up
your web browser to use it, but each browser does it differently.

Sigh.

And if you think that's confusing, guess what else is confusing?

The Windows 10 LAN Settings method let you enter SOCKS5, but Windows
doesn't actually honor SOCKS5 in that dialog.

Windows 10 only applies HTTP/HTTPS proxies.

So while you can enter the SOCKS5 values into that Windows 10 dialog,
Windows 10 won't use the values for most apps unless those apps explicitly support SOCKS5 via system proxy (which is rare - but which is what Brave
does).

Oh, and if you think Windows 11 is "better", guess again!
You cannot select SOCKS5 in the Windows 11 built-in proxy GUI.

Even if you enter a SOCKS5 address in the Windows 11 Manual proxy setup, Windows 11 will treat it as an HTTP proxy and fail to route traffic
properly. OMG.

Did I mention everything I touch in Windows is unnecessarily complex?

Here's the summary (and yes, I'm still confused, but I think it's right).
Windows 10 GUI limitations:
You can enter SOCKS5, but Windows doesn't honor it
Only HTTP/HTTPS proxies are applied system-wide
Windows 11:
No SOCKS5 support
SOCKS5 entries are treated as HTTP proxies and fail

That's why you essentially need a proxifier, such as FreeCap is.
(Or Proxifier, WideCap, SocksEscort, ProxyCap, etc.)

So now we're back to Brave, which natively supports a system proxy, but
Windows doesn't support SOCKS5 system-wide, so Brave actually can't use
SOCKS5 unless proxified (which is where FreeCap came into play).

Sigh. Why is privacy so hard to achieve. :)

I'm just beginning to learn this stuff, so if anyone out there is familiar
with using SOCKS5 for IP-address obfuscation, please add your value.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-10

On Mon, 18 Aug 2025 16:42:08 -0000 (UTC), Marion wrote :

However, Brave doesn't have native proxy settings inside of it.

I decided to test the latest Brave version which turned out not to be as
easily figured out how to get the offline installer as you'd think.

A. If you go to the Brave download page, all you get is a web stub.
<https://brave.com/>
<https://brave.com/download/>
But then that's useless for your software archives.
Especially if you're uninstalling & installing repeatedly as I am.

B. You can get the latest stable release from "someone's" archives, e.g.,
<https://techviral.net/download-brave-browser/>
But then you are trusting that they're reputable.
They probably are - and you can check hashes - but there's a better way.

C. You would think you could get the latest release from GitHub, right?
<https://github.com/brave/brave-browser/releases>
a. Find the latest stable version
b. Expand the Assets section
c. Download BraveBrowserStandaloneSetup.exe for Windows
But there are a billion releases there, which are confusing to navigate.

D. A "trick" is to go to this GitHub repo Brave Release Tracker site:
<https://github.com/release-monitoring-project/brave-release-tracker>
This project automatically monitors Brave's official releases
and posts only the latest stable builds for Windows, macOS & Linux.

It updates hourly and includes direct download links to the
offline installers, but even then, you have to know how to find it.
a. Go to the Releases section of that tracker repo
b. Click the latest release (e.g., v1.81.135)
<https://github.com/release-monitoring-project/brave-release-tracker/releases>
c. That takes you to a page with a text json file
<https://github.com/release-monitoring-project/brave-release-tracker/releases/download/v1.81.135/brave_download_links.json>
Open that json file in a text editor & it tells you where the zip is.

With that in mind, here's how to get the latest stable Brave zip archive.
1. Go to the Brave Release Tracker:
<https://github.com/release-monitoring-project/brave-release-tracker/releases>
2. Click the latest stable release (e.g., v1.81.135)
3. Save and then open the text file in any text editor.
brave_download_links.json
4. Find the Windows 64-bit offline installer link listed in that file:
<https://github.com/brave/brave-browser/releases/download/v1.81.135/brave-v1.81.135-win32-x64.zip>
5. Download the specified ZIP file.
6. Extract the contents (e.g., C:\Software\Chrome-Based\Brave\.)
7. Run the executable or installer executable inside that zip file.
8. (Optional) Verify the file integrity using the SHA-256 checksum:
<https://github.com/brave/brave-browser/releases/download/v1.81.135/brave-v1.81.135-win32-x64.zip.sha256>

Note that this is useful when you're constantly testing software.
Especially when you need to start fresh with the latest release.
And yet you want to be able to archive the release you tested.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-10

ANOTHER USEFUL UPDATE

Doubling up the protection (like adding layers to an onion)!

I was checking tracert test outputs when something strange revealed itself.
I had forgotten to turn off the randomized system-wide VPN connections.

It only then occurred to me that I could layer a system-wide VPN over the SOCKS5 proxy for apps (for an added layer of obfuscating protection).

Here's the fundamental process:
A. Start any free no-registration system-wide VPN.
B. Start the FOSS Psiphon tools to connect to a SOCKS5 proxifier port.
C. Set up apps to use that port using FreeCap settings set to that port.

Now, when you run apps in Windows such as torrents or web browsers...
1. Your ISP sees only your activity on the system-wide VPN IP address
2. Your VPN server only sees your real IP address & the Psiphon IP address
3. Psiphon only sees your VPN IP address & the ultimate server IP address
4. The ultimate server only sees the Psiphon IP address
5. Your web fingerprint is protected by your privacy protecting extensions

All this is done using a score of registration-free ad-free privacy tools.
a. Free no-registration public VPN servers
b. Free no-registration Psiphon SOCKS5 servers
c. Free no-registration FreeCap app proxifier
d. Free no-registration browser privacy extensions
1. allfingerprintdefender
2. canvasblocker
3. clearurls
4. cookieautodelete
5. cthulhujs
6. decentraleyes
7. fontfingerprintdefender
8. localcdn
9. locationguard
10. privacybadger
11. privacypossum
12. referercontrol
13. skipredirect
14. stayintab
15. trace
16. ublockorigin
17. useragentswitcher
18. webrtccontrol

Remember the golden privacy rule is never register for anything on the net.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-10

On Tue, 19 Aug 2025 11:00:40 -0000 (UTC), Marion wrote :

Here's the fundamental process:
A. Start any free no-registration system-wide VPN.
B. Start the FOSS Psiphon tools to connect to a SOCKS5 proxifier port.
C. Set up apps to use that port using FreeCap settings set to that port.

If it takes two button clicks, that's one too many, and if a click exposes your privacy, then we have to think about how to protect our privacy.

To both those ends, I improved the process this morning of running a
free no-registration system-wide random VPN first, and then running
Psiphon with a static SOCKS5 port of 1080 so that when I run the
privacy web browser from FreeCap, I now don't need to set the SOCKS5
port each time.

One "privacy" problem, albeit minor, with Psiphon, is that it brings
up an advertisement on your default web browser during startup.

Drat. That sucks. It's not harmful, but it exposes your privacy.
Needlessly.

So let's fix that pronto using basic Windows tricks of setting
the default web browser to a batch file that does whatever I want.

Besides, even with a random system-wide no-registration free VPN running,
it's still bad form for Psiphon to be bringing up a default browser to
an advertisement which can, for all we know, rot privacy in some way.

That browser session unilaterally launched by Psiphon isn't yet proxified.
As I said many times, privacy is like hygiene. It's a billion things.

Removing that initial privacy flaw at Psiphon startup needed to be done.

Unfortunately, the free Psiphon doesn't have switches to turn that off.

psiphon3.exe -mode=socks <== this doesn't exist... bummer

We might like to set up the Tor browser as the default because it can
open up unconnected, but it's problematic to set a Tor browser as
the default (since Tor doesn't register itself as a Windows browser).

So let's just create a dummy web browser for Psiphon to invoke.
@echo off
REM C:\path\to\dummybrowser.bat 20250819 revision 1.0
set LOGFILE=C:\path\to\dummybrowser.log
echo [%date% %time%] Attempted launch: %* >> %LOGFILE%
start "" "C:\path\to\gvim.exe" "%LOGFILE%"
exit

Since Windows won't set the default web browser to a batch
file, let's convert that dummybrowser.bat to dummybrowser.exe
using any of a number of batch-to-executable converters.

<https://github.com/l-urk/Bat-To-Exe-Converter-64-Bit/releases>
<https://github.com/l-urk/Bat-To-Exe-Converter-64-Bit/releases/download/3.2/Bat_To_Exe_Converter_x64.exe>
1. Open that "Bat To Exe Converter v3.2" executable.
2. Select your .bat file using the folder icon.
3. At the right, in Options, there is "Exe-Format" with these choices
32-bit | Console (Visible)
32-bit | Windows (Invisible)
64-bit | Console (Visible)
64-bit | Windows (Invisible) <== Use this to compile a batch file
as a 64-bit GUI-style exe that runs silently with no console window.
4. Click the "Convert" button to convert batch to exe.
5. Choose your output path in the "Save as" field.
(Optional) Add an icon or version info.

But you still can't select the dummy browser yet as it's not registered.
Win+I > Apps > Default apps > Web browser >
Choose default apps by file type
Choose default apps by protocol
Set defaults by app
Recommended browser settings

You first need to register your exe as a web browser in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet

To do that, right-click "merge" this registry file:

gvim C:\path\to\register_dummy_browser.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser]
@="Dummy Browser"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser\Capabilities]
"ApplicationName"="Dummy Browser"
"ApplicationDescription"="A privacy-preserving dummy browser"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser\Capabilities\FileAssociations]
".htm"="DummyBrowserHTML"
".html"="DummyBrowserHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser\Capabilities\URLAssociations]
"http"="DummyBrowserHTML"
"https"="DummyBrowserHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DummyBrowserHTML\shell\open\command]
@="\"C:\\path\\to\\dummybrowser.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"Dummy Browser"="Software\\Clients\\StartMenuInternet\\DummyBrowser\\Capabilities"

Now you can select the dummy browser as your default web browser.
Win+I > Apps > Default apps > Web browser > dummybrowser.exe

Voila!

Now, when you start Psiphon, it tries to launch the advertisement
using the default browser, which happens to simply log the attempt.

As always, privacy, like hygiene, is a billion things done every day.

If you have improvements to share, please let the team know so
we all benefit from every effort at improving privacy on Windows.

In summary, two improvements were made in today's progress:

1. Psiphon & FreeCap were set to a static SOCKS5 port of 1080
2. Psiphon's advertisement web browser session was annulled

Please improve if you also need privacy in web browser sessions.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-10

On Tue, 19 Aug 2025 15:17:17 -0000 (UTC), Marion wrote :

To both those ends, I improved the process this morning of running a
free no-registration system-wide random VPN first, and then running
Psiphon with a static SOCKS5 port of 1080 so that when I run the
privacy web browser from FreeCap, I now don't need to set the SOCKS5
port each time.

UPDATE:

Since we're layering free no-registration VPNs onto open source proxies
onto free no-registration proxifiers onto free no-registration privacy extensions, it behooves us to be able to check proxy settings dynamically.

I never messed with proxies before, but darn'it, Windows splatters proxy settings all over the place, such that I needed a quick testing script.

Below is a script which simplifies visibility and control over what turns
out to be a devilishly fragmented system of how Windows defines proxies.
a. WinINET: Used by Internet Explorer, Chrome, and many apps;
b. WinHTTP: Used by system services and background tasks;
c. PAC/AutoDetect: Dynamic proxy configuration via commands.

Unfortunately, I've run into this proxy setup complexity due to using
A. VPN, which encrypts traffic and changes routing;
B. Psiphon, which tunnels & encrypts SOCKS5 & HTTPS traffic;
C. FreeCap, which redirects app traffic through SOCKS proxies.

The proxy.bat script included below checks all three methods at once
which gives us a clear snapshot of what the Windows proxy setup is.

To that end, we add a new command to run in your Win+R taskbar Runbox:
Win+R/Runbox > proxy
Which executes this added registry "App Paths" key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
Which runs this proxy checking tool (see the tool below in its entirety):
C:\sys\bat\proxy.bat

===< cut here for proxy.bat >===
@echo off
REM proxy.bat 20250820 v1.0 iX Unified Windows check-proxy diagnostic tool
REM Reports: WinINET manual proxy, WinHTTP proxy, PAC/AutoDetect
REM 20250820 rev 1.0
REM HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
REM Default=C:\sys\bat\proxy.bat ==> creates "Win+R > proxy" command
setlocal

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

echo ==============================================
echo WINDOWS PROXY CONFIGURATION CHECK
echo ==============================================

REM --- WinINET (manual proxy) ---
echo.
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul') do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul') do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
echo Proxy is ENABLED
echo Proxy server: %ProxyServer%
) else (
echo Proxy is DISABLED
)

REM --- WinHTTP proxy ---
echo.
echo [2] WinHTTP proxy (system/background services)
netsh winhttp show proxy

REM --- PAC (Proxy Auto-Config) & AutoDetect ---
echo.
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL 2^>nul') do set PACurl=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul') do set AutoDetect=%%B

if defined PACurl (
echo PAC script set: %PACurl%
) else (
echo No PAC script URL found.
)

if "%AutoDetect%"=="0x1" (
echo Auto-detect is ENABLED
) else (
echo Auto-detect is DISABLED
)

echo.
echo ==============================================
echo Check complete.
echo ==============================================

endlocal
pause
===< cut here for proxy.bat >===

As always, this is posted to help others copy & paste
(where wasbit's kind and helpful advice is appreciated)
this script as part of their addition of privacy to Windows.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-10

On Wed, 20 Aug 2025 18:27:08 -0000 (UTC), Marion wrote :

I never messed with proxies before, but darn'it, Windows splatters proxy settings all over the place, such that I needed a quick testing script.

UPDATE

Turns out I didn't need to use FreeCap to proxify Chromium web browsers.

Mozilla'based browsers (Firefox, Thunderbird, etc.) have their own internal proxy settings and, by default, ignore the Windows proxy unless you
explicitly tell them to use it.

Unlike Mozilla-based browsers which have those proxy GUIs, Chromium-based browsers do not have built-in proxy configuration GUIs.

So I thought I needed to proxify Chromium-based web browsers with FreeCap.
But I was wrong.

Turns out it's the other way around.

Chromium-based browsers apparently directly inherit proxy settings from the operating system, including:
a. From WinINET (used by most desktop apps)
b. Or from PAC scripts and AutoDetect
c. Or from manual proxy entries like that which Psiphon3 sets.
Win+I > Settings > Network & Internet > Proxy > Manual proxy settings
[http=127.0.0.1:30884;https=127.0.0.1:30884;socks=127.0.0.1:1080]

Also Chromium-based browsers can also be proxified at the command line:

brave.exe --proxy-server="http=127.0.0.1:30884;https=127.0.0.1:30884;socks=127.0.0.1:1080"

So I don't think we need FreeCap to proxify our DIY Chromium-based privacy browsers but we can still use FreeCap to proxify the Mozilla browsers.

However, we could also configure Firefox's own proxy settings (Preferences

Network Settings) to point directly to Psiphon's SOCKS5 port, skipping

FreeCap entirely. If we want this to persist across profiles or installs, LibreWolf even lets us set it in a librewolf.overrides.cfg file.

Mullvad's own help docs describe doing this for their own SOCKS5 proxy, but
the steps are identical for Psiphon's proxy ports.

FreeCap is still useful for apps that don't have built-in proxy support,
but apparently all web browsers have it - they just do it differently.

Chromium ==> respects Windows proxy settings (which Psiphon sets for you)
Mozilla ==> ignores Windows proxy settings (but has their own settings)

Who knew? Not me. The more I try to build a DIY privacy browser, the more I learn how different the two main web browser platforms are from each other.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-10

On Thu, 21 Aug 2025 04:11:10 -0000 (UTC), Marion wrote :

Chromium ==> respects Windows proxy settings (which Psiphon sets for you)
Mozilla ==> ignores Windows proxy settings (but has their own settings)

UPDATE:

Aurgh. There are layers to this Windows socks5 stuff such that some apps
use one layer while other apps use a different layer. Who knew? Not me!

Everything in Windows having to do with privacy seems to have more layers.

I started checking whether non-browser apps used Windows proxy settings,
where it turns out pgms like Telegram & CoPilot are different than
browsers are (which themselves are different in how each handle proxy).

Running the previously posted "proxy.bat" showed that Psiphon modified the WinINET (user apps, browsers) proxy (127.0.0.1:17561 / socks at 127.0.0.1:1080) but not the WinHTTP (system/background services) proxy.

Sigh. Half a solution is not a full solution.
In fact, even with Psiphon, WinHTTP was was set to direct access (no proxy).

The fix is to always copy the WinINET proxy config into WinHTTP.
Win+R > cmd {ctrl+shift+enter}

netsh winhttp import proxy source=ie

Now system services (which often ignore WinINET) will use
Psiphon's proxy as well. It also set a bypass list so that
local/private subnets avoid the proxy.

This is needed so that any Windows component that uses WinHTTP (like parts
of Copilot, Windows Update, some Microsoft Store traffic) will respect the Psiphon proxy, matching the existing Psiphon browser/app proxy settings.

To test:
a. Temporarily clear WinHTTP proxy:
C:\> netsh winhttp reset proxy

b. Run Win+R > proxy
The proxy.bat script should detect 'No WinHTTP proxy set'
and it should then import settings from WinINET automatically.
c. Set a custom WinHTTP proxy:
C:\> netsh winhttp set proxy proxy-server="http=1.2.3.4:8080"

d. Run Win+R > proxy
The proxy.bat script should detect an existing WinHTTP proxy
and therefore it should NOT overwrite it.

Below is the improved proxy.bat script to accomplish the sync above.

===< cut here for improved proxy.bat which handles more programs >===
@echo off
REM proxy.bat 20250820 v1.2
REM Use model: "Win+R > proxy" (diagnostic + proxy import if WinHTTP is unset)
REM Unified Windows proxy diagnostic tool with WinHTTP sync safeguard
REM "Win+R > proxy /sync imports WinINET proxy directly into WinHTTP
REM Reports: WinINET manual proxy, WinHTTP proxy, PAC/AutoDetect
REM HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
REM Default=C:\sys\batch\proxy.bat
REM That App Paths key creates the convenient "Win+R > proxy" command
REM
setlocal

:: --- Quick /sync mode ---
if /i "%~1"=="/sync" (
echo Syncing WinINET proxy into WinHTTP...
netsh winhttp import proxy source=ie
echo Done.
pause
exit /b
)

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

echo ==============================================
echo WINDOWS PROXY CONFIGURATION SET/CHECK/FIX
echo ==============================================

REM --- WinINET (manual proxy) ---
echo.
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul') do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul') do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
echo Proxy is ENABLED
echo Proxy server: %ProxyServer%
) else (
echo Proxy is DISABLED
)

REM --- WinHTTP proxy ---
echo.
echo [2] WinHTTP proxy (system/background services)

REM Get current WinHTTP proxy setting
for /f "tokens=1,* delims=:" %%A in ('netsh winhttp show proxy ^| findstr /R /C:"Proxy Server(s)"') do set curWinHTTP=%%B

REM Trim leading/trailing spaces
set curWinHTTP=%curWinHTTP:~1%

if "%curWinHTTP%"=="" (
echo No WinHTTP proxy set - importing from WinINET...
netsh winhttp import proxy source=ie >nul 2>&1
) else (
echo WinHTTP proxy already set - leaving as is.
)

REM Show current WinHTTP proxy after check/import
netsh winhttp show proxy

REM --- PAC (Proxy Auto-Config) & AutoDetect ---
echo.
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL 2^>nul') do set PACurl=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul') do set AutoDetect=%%B

if defined PACurl (
echo PAC script set: %PACurl%
) else (
echo No PAC script URL found.
)

if "%AutoDetect%"=="0x1" (
echo Auto-detect is ENABLED
) else (
echo Auto-detect is DISABLED
)

echo.
echo ==============================================
echo Windows proxy set/check/fix complete.
echo ==============================================

endlocal
pause

===< cut here for improved proxy.bat which handles more programs >===
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-10

On Sun, 24 Aug 2025 09:48:33 +0100, Jim the Geordie wrote :

On 24/8/2025 2:28 am, D wrote:

best browser extension ever invented by man . . .

Firefox 142.0
Tools > Extensions and Themes [Ctrl+Shift+A]

Switched to it from Adblock for many years... couldn't quite remember
why. Something to do with Firefox changing its add-on mechanism.

Adblock started allowing certain ads through:

"Starting with version 2.0, Adblock Plus started allowing "acceptable
ads" by default,[72] with acceptable ad standards being set by The
Acceptable Ads Committee.[73] They charge large institutions fees to
become whitelisted and marked as "acceptable", stating "[Adblock Plus]
only charge large entities a license fee so that we can offer the same
whitelisting services to everyone and maintain our resources to develop
the best software for our users." on their about page.[74]"

From https://en.wikipedia.org/wiki/Adblock_Plus

uBlock Origin doesn't play that game.

If you use Brave Browser, no adblocking add-on is needed.

My two cents... bearing in mind I never used extensions until early July
when Epic Privacy Browser went bust... I'm building two sets of DIY privacy browsers where I've settled (currently) on almost a score of extensions
(not counting VPN extensions) which are the following currently for the Chromium side of the family (given it was easier than the Mozilla side).

Browser: Brave and/or Ungoogled Chromium (LibreFox and/or MullVad)
1. Canvas Blocker - Fingerprint Protect : version 0_2_2
2. ClearURLs : version 1_26_0
3. Cookie AutoDelete : version 3_8_2
4. CthulhuJs (Anti-Fingerprint) : version 8_0_6
5. Decentraleyes : version 3_0_0
6. Extension Manager : version 9_5_2
7. Font Fingerprint Defender : version 0_1_6
8. LocalCDN : version 2_6_79
9. Location Guard (V3) : version 3_0_0
10. Privacy Badger : version 2025_5_30
11. Referer Control : version 1_35
12. Skip Redirect : version 2_3_6
13. StayInTab : version 1_0
14. Trace - Online Tracking Protection : version 3_0_6
15. uBlock Origin : version 1_65_0
16. User-Agent Switcher and Manager : version 0_6_4
17. WebRTC Control : version 0_3_3
18. NoScript is useful, but I find it a PITA so it's disabled for now.

The question came up from Mr. Man-wai Chang about Adblock Plus.

While there will always be overlap when you have a score of extensions,
a. uBlock Origin is more efficient (apparently)
b. It's said to be more powerful in supporting advanced rule creation
c. It's said to support dynamic & cosmetic filtering
c. Critically, it doesn't have an "acceptable ads" program
d. And it's often considered more actively maintained

Since there is a large amount of overlap, I left AdBlock Plus out of the
mix of privacy extensions that I'm testing for the DIY privacy browser(s).

But I could be wrong as I must state openly I never touched extensions
until being forced to give up on my daily driver privacy browser in July.

Side Note: The VPN extension test covering a score of supposedly free, ad
free, registration free VPN extensions is still a work in progress
covering, so far, the following successful & failed VPN extensions:

These passed initial testing criteria (free, account free, ad free):
1. browsec
2. hoxx
3. securefreeedgevpn
4. setupvpn
5. vpnly
6. xvpn
7. 1clickvpn
8. 1vpn

These failed initial testing criteria (free, account free, ad free):
a. hiddenbatvpn
b. hidemevpn
c. hotspotshieldvpn
d. itopvpn
e. protonvpn
f. tunnelbearvpn
g. urbanvpn
h. windscribevpn

Correction: I correct an earlier assessment that all the VPN extensions
"slow down" drastically within days; I think some of that is due to the plethora of privacy-baswed extensions - so I switched the testing over to testing instead the free,adfree,registrationfree system-wide VPNs with a free-adfree-regfree socks5 proxy (Psiphon) and, for non-browser
applications, a free-adfree-regfree proxifier such as ProxyCAp64/FreeCap.

Note I found out the hard way that Mozilla browsers handle proxies very differently than do Chromium browsers, which themselves handle proxies differently than most programs do where Windows has three layers of proxies that I had to write scripts (e.g., proxy.bat which morphed yesterday to proxy.cmd due to Windows quirks) to synchronize manually the three proxy mechanisms what Windows should have synchronized automatically. Sigh.

Note also that there are too many free/regfree/adfree system-wide
openvpn.exe free public VPN servers out there to list (many thousands!) so
it will take a while before I test them all sufficiently to declare which
free system-wide VPN server set is the easiest & fastest as all require additional software (e.g., softether or openvpn.exe) and scripts (due to changing passwords mostly).

Lastly, I wasted days testing proxy servers, of which there are so many thousands out there that you'd go nuts trying them all, but they're all apparently abysmal in terms of reliability compared to the acceptable reliability of the free public no-registration openVPN services that I'm currently testing. After days of a miserable existence testing them,
writing script after script after script to deal with their ephemeral
nature, I gave up concluding that you'd have to have TLA-like resources to
keep up with the few proxy services which stay alive long enough to be
useful.

Apologies for the long-winded response but that's the status of my testing
in a nutshell, in the fewest words that still convey accurate assessment.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-10

UPDATE ON PRIVACY POSSUM:


On Tue, 26 Aug 2025 12:23:58 -0700, NFN Smith wrote :

I notice that PrivacyPossum isn't included here, but I don't think
that's an issue. I looked at that briefly recently, and while the anti-fingerprinting aspect is attractive, I didn't see that it did
anything useful for me.

Thanks for your excellent updates, where I'll need to respond to each of
the important ones alone and individually as each is a separate topic.

As can be seen in the DIY privacy browser thread, Privacy Possum was "attempted" but we had problems with VPN extensions on DIY privacy-based Mozilla browsers (i.e., librefox & mullvad) so we tested the extensions on Chromium first, where wasn't found so I gave up too early on it early on.

PrivacyPossum
https://github.com/cowlicks/privacypossum
No packages published https://chrome.google.com/webstore/detail/privacy-possum/ommfjecdpepadiafbnidoiggfpbnkfbj
This item is not available

However, Privacy Possum is apparently alive & well for Mozilla browsers.
<https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/>
Blocks third-party cookies
Strips referer headers
Spoofs browser fingerprinting attempts
Detects and blocks ETag tracking
Prioritizes making tracking inefficient rather than impossible

As you already astutely noted, there's overlap galore, such as
a. Trace covers fingerprinting & ETag blocking
b. Privacy Badger learns and blocks trackers dynamically
c. uBlock Origin blocks tracking methods with filter lists
d. Canvas Blocker, CthulhuJs, Font Fingerprint Defender all put together,
they cover fingerprinting well

While those are direct analogs of what Privacy Possum does,
A. ClearURLs removes tracking parameters from URLs,
which complements Privacy Possum's goal but isn't a direct match.
B. Decentraleyes / LocalCDN prevents CDN-based tracking by serving
local resources which is not part of Privacy Possum's core.
C. Location Guard obfuscates geolocation data, which is adjacent
to fingerprinting but it's not a Privacy Possum direct match.
D. WebRTC Control prevents IP leaks via WebRTC, which is important
for privacy but also it's not part of Privacy Possum's toolkit.

Given that, I appreciate that you brought up Privacy Possum as I was not
aware (yet) that it was available for Mozilla browsers so it's a win:win.

Much appreciated your valuable input.
I'll take the other concepts one by one when I look up the details.
--- Synchronet 3.21a-Linux NewsLink 1.2