It appears as though the servers may have been updated to also serve this over https (previously, https didn't work at the Ubuntu geoip url), but the default value for desktops is to use the http value, and the defaults should be updated
Current values: $ gsettings reset com.ubuntu.geoip geoip-url $ gsettings get com.ubuntu.geoip geoip-url 'http://geoip.ubuntu.com/lookup' Should show: $ gsettings reset com.ubuntu.geoip geoip-url $ gsettings get com.ubuntu.geoip geoip-url 'https://geoip.ubuntu.com/lookup' -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to ubuntu-geoip in Ubuntu. https://bugs.launchpad.net/bugs/1617535 Title: geoip.ubuntu.com does not utilize HTTPS Status in ubuntu-geoip package in Ubuntu: Fix Committed Status in ubuntu-geoip source package in Trusty: Triaged Status in ubuntu-geoip source package in Xenial: Triaged Status in ubuntu-geoip source package in Artful: Triaged Bug description: geoip.ubuntu.com does not utilize HTTPS and leaks unencrypted over HTTP. This can potentially be utilized by nation state adversaries to compromise user privacy. This service is called multiple times per day by the OS in order to track users. $ nc -zv geoip.ubuntu.com 80 Connection to geoip.ubuntu.com 80 port [tcp/http] succeeded! $ nc -zv -w 3 geoip.ubuntu.com 443 nc: connect to geoip.ubuntu.com port 443 (tcp) timed out To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-geoip/+bug/1617535/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
