Use Onion Services for APT
Originally created by @flapflap on #11556 (Redmine)
Currently, /etc/apt/sources.list makes use of apt-transport-tor
(tor+http://) to fetch the repo lists from the normal Debian mirrors
via the Tor Exit node.
This could, however, be done through Tor entirely since there exist
official mirrors that are Tor Onion Services, such as
vwakviie2ienjx6t.onion.
https://wiki.debian.org/TorifyDebianServices
Pros:
- Traffic stays within Tor, avoidance of metadata
- End-to-End encryption to the Onion Service
- (debatable) Fingerprinting of Tails users (what diffs were missing? when was the last package list update?) at the Tor Exit might become more difficult
Cons:
- Adds load to the Onion mirror
- Packages signed with GnuPG anyways
- Might be slower than non-Onion Service access
Feature Branch: feature/11556-apt-with-onions
Edited by intrigeri