--- /usr/lib/systemd/system/privoxy.service	2016-12-16 16:03:14.000000000 +0100
+++ /usr/lib/systemd/system/privoxy.service	2016-12-16 16:00:31.287038650 +0100
@@ -7,6 +7,13 @@
 Type=simple
 ExecStart=/usr/bin/privoxy --no-daemon /etc/privoxy/config
 PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=yes
+MountFlags=slave
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+NoNewPrivileges=yes
+SystemCallArchitectures=native
 
 [Install]
 WantedBy=multi-user.target