Bug#749611: apt-transport-tor: Leaks locale information
Hi, this is kind of a question in how to configure apt – and there are various options – but perhaps eventually someone can figure out how to compose a way of automating this more to make "everyone" happy by default. If someone has a plan/idea I am happy to help :) On Wed, May 28, 2014 at 12:06:08PM -0400, Micah Anderson wrote: > The only problem is that when you do an apt-get update, you are leaking some > important identifying bits, namely your locale preferences through the > requested > Translations-* files. This is pretty interesting, and revealing information! > For > example, if someone is requesting the Translation-zh files, you can pretty Note that apt (>= 1.1) isn't going to request files if it can predict that the file hasn't changed and it can do that e.g. for Translation-* files which change rather infrequently so there is a good chance that you aren't requesting all Translation files you are using. Also, the remark that apt is doing the download in a specific order was fixed in the 1.3 series, which uses a random order now. > reasonably guess that they are Chinese speaking. Fortunately, the specific > locality is not leaked (eg. en_US). It would be, if the repository provides such a file, but the Release file says it doesn't, so apt doesn't try to download it. Some languages have these specifics like pt and pt_BR or zh_CN and zh_TW btw. > Because people do want their localized languages available to them, but > requesting them over tor betrays information, I think that the only way to get > around this problem is to request all the locales. Its somewhat annoying > because That is of course an option, but it is hardly your only option, the simplest two might be: 1. Use a mirror via an onion service, see onion.debian.org (It is there the README file is pointing to as well) 2. Get the Translation files from another mirror ¹ Just as an example & for testing I am using both: deb [lang=none] tor+http://httpredir.debian.org/debian/ sid main deb [target=Translations] tor+http://vwakviie2ienjx6t.onion/debian sid main Explanation: That tells apt to not get any files based on languages from the first source (which are in effect only Translation files, but just to be sure) and the second line tells apt to get only the Translation files from here (+ a Release file, so the two mirrors can be out-of-sync). ¹ Note that in the default config of apt-transport-tor >= 0.3 each mirror is contacted potentiallly via its own circuit so there might be different exit-nodes involved. See sources.list(5) manpage for a description of these options (again, that requires apt >= 1.1). This example and reading the manpage will also help you configure apt to download additional translation files it isn't going to use later on if you really want to pursue this venue instead/too. Best regards David Kalnischkies signature.asc Description: PGP signature
Bug#749611: apt-transport-tor: Leaks locale information
[Micah Anderson] I'm guessing a better fix would be that this transport fetches all possible languages in a random order, dumps them all to /dev/null except your locale Instead of fetching all possible locales, what about fetching the wanted ones as well as some random ones (for example as many random picks as the wanted ones). Would it not make it impossible to know which was wanted and which was picked randomly, without having to download a lot of unwanted locales? -- Happy hacking Petter Reinholdtsen
Bug#749611: apt-transport-tor: Leaks locale information
Petter Reinholdtsen p...@hungry.com writes: [Micah Anderson] I'm guessing a better fix would be that this transport fetches all possible languages in a random order, dumps them all to /dev/null except your locale I setup my system to fetch all the possible languages, but this was too annoying/slow over tor because there are too many, so I stopped doing it. Because I am only interested in english, it felt to me like it was a large enough pool of people using that locale that it wasn't uniquely identifying me. Instead of fetching all possible locales, what about fetching the wanted ones as well as some random ones (for example as many random picks as the wanted ones). Would it not make it impossible to know which was wanted and which was picked randomly, without having to download a lot of unwanted locales? If you did this, then you would always be fetching the wanted locales which would eventually stand out, wouldn't it? Perhaps not, if its done over tor.
Bug#749611: apt-transport-tor: Leaks locale information
Micah Anderson mi...@debian.org writes: The way to do this is to have the package install a /etc/apt/apt.conf.d/90languages with the following: Acquire::Languages { ca; cs; da; de; el; en; eo; es; eu; fi; fr; hr; hu; id; it; ja; km; ko; ml; nb; nl; pl; pt; ro; ru; sk; sr; sv; tr; uk; vi; zh; }; Actually, if you do this then what happens is: 1. you request all these languages in this order 2. depending on what translations are available, apt is going to show you these languages in this preference order. For example, in apt-cache search, or apt-cache show... so if some package has been danish localized, and you speak english, you will get the danish ones first. You can of course set your preferred language to be first in this list, but then you will be requesting that first, which still betrays your language preference. I'm guessing a better fix would be that this transport fetches all possible languages in a random order, dumps them all to /dev/null except your locale -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749611: apt-transport-tor: Leaks locale information
Package: apt-transport-tor Version: 0.1.1-1 Severity: important Hello, Thanks for making apt-transport-tor, I was doing this via torsocks, but it was sub-optimal. This is much better! The only problem is that when you do an apt-get update, you are leaking some important identifying bits, namely your locale preferences through the requested Translations-* files. This is pretty interesting, and revealing information! For example, if someone is requesting the Translation-zh files, you can pretty reasonably guess that they are Chinese speaking. Fortunately, the specific locality is not leaked (eg. en_US). Because people do want their localized languages available to them, but requesting them over tor betrays information, I think that the only way to get around this problem is to request all the locales. Its somewhat annoying because it slows down the apt-get update process a little bit, and you download more data than you need, but then you do have your proper language locale, without leaking which one you are using. The way to do this is to have the package install a /etc/apt/apt.conf.d/90languages with the following: Acquire::Languages { ca; cs; da; de; el; en; eo; es; eu; fi; fr; hr; hu; id; it; ja; km; ko; ml; nb; nl; pl; pt; ro; ru; sk; sr; sv; tr; uk; vi; zh; }; Micah -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt-transport-tor depends on: ii libapt-pkg4.12 1.0.3 ii libc62.18-7 ii libcurl3-gnutls 7.37.0-1 ii libgcc1 1:4.9.0-4 ii libstdc++6 4.9.0-4 ii tor 0.2.4.22-1 apt-transport-tor recommends no packages. apt-transport-tor suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org