Tollef Fog Heen <tfh...@err.no> writes: >> 1) Privacy concerns: Debian would deliver much more data to business >> companies than necessary. Keep in mind that personalized data is one >> of the most valuable things to data miners. Currently I choose one >> mirror site to pull my packages from. I can freely choose that mirror >> on basis of location, bandwidth, personal likes or, let's say, privacy >> reasons because I know that this specific mirror doesn't log my IPs. >> When using a CDN, at least in that way I understood your proposal, I'm >> not free to choose anymore. The company running that CDN will obtain >> all of data like how many machines are behind a subnet or IP, what >> kind of machines (intel, sparc, powerpc, m68k, ...) and might know if >> I forget to update a machine (security). > > This is absolutely a valid concern. I have a few mitigation strategies > and one observation: > > - You can still run your own mirror. We need that ourselves and like I > wrote in the initial email, we need to find a way that keeps rsync > working. > > - You can use an IP anonymizing service such as Tor. Are you suggesting to download debian packages over tor? Last time I used it, I got about 25 kB/s of bandwidth. But even if that has changed, I'm pretty sure the tor network isn't intended for bulk transfer of the debian archive...
Best, Nikolaus -- Encrypted emails preferred. PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C »Time flies like an arrow, fruit flies like a Banana.« -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87mwmbiqa4....@rath.org