Package: apt-transport-tor
Version: 0.1.1-1
Severity: important
Hello,
Thanks for making apt-transport-tor, I was doing this via torsocks, but it was
sub-optimal. This is much better!
The only problem is that when you do an apt-get update, you are leaking some
important identifying bits, namely your locale preferences through the requested
Translations-* files. This is pretty interesting, and revealing information! For
example, if someone is requesting the Translation-zh files, you can pretty
reasonably guess that they are Chinese speaking. Fortunately, the specific
locality is not leaked (eg. en_US).
Because people do want their localized languages available to them, but
requesting them over tor betrays information, I think that the only way to get
around this problem is to request all the locales. Its somewhat annoying because
it slows down the apt-get update process a little bit, and you download more
data than you need, but then you do have your proper language locale, without
leaking which one you are using.
The way to do this is to have the package install a
/etc/apt/apt.conf.d/90languages with the following:
Acquire::Languages { "ca"; "cs"; "da"; "de"; "el"; "en"; "eo"; "es"; "eu";
"fi"; "fr"; "hr"; "hu"; "id"; "it"; "ja"; "km"; "ko"; "ml"; "nb"; "nl"; "pl";
"pt"; "ro"; "ru"; "sk"; "sr"; "sv"; "tr"; "uk"; "vi"; "zh"; };
Micah
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apt-transport-tor depends on:
ii libapt-pkg4.12 1.0.3
ii libc6 2.18-7
ii libcurl3-gnutls 7.37.0-1
ii libgcc1 1:4.9.0-4
ii libstdc++6 4.9.0-4
ii tor 0.2.4.22-1
apt-transport-tor recommends no packages.
apt-transport-tor suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
