Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
apt-get update over Tor
apt-get update over Tor
As I am getting into a more privacy-minded distro I loved the idea of Tor and availability of updating packages over tor. However after following the manuals, some repos are checked twice though the only thing I did for non-official repos was to change http: with tor+http. I googled and got the idea that "ign" seems to be fine and does not mention an error, yet I wonder why the very same repo is checked twice in after sudo apt-get update:
Ign:1 tor+http://download.opensuse.org/repositori ... Debian_9.0 InRelease
Ign:2 tor+http://download.opensuse.org/repositori ... Debian_9.0 InRelease
Hit:3 tor+http://download.opensuse.org/repositori ... Debian_9.0 Release
Hit:5 tor+http://download.opensuse.org/repositori ... Debian_9.0 Release
Ign:7 tor+http://vwakviie2ienjx6t.onion/debian stretch InRelease
Hit:8 tor+http://vwakviie2ienjx6t.onion/debian stretch-updates InRelease
Hit:9 tor+http://vwakviie2ienjx6t.onion/debian stretch-backports InRelease
Hit:10 tor+http://vwakviie2ienjx6t.onion/debian stretch Release
Hit:11 tor+http://sgvtcaew4bxjd7ln.onion stretch/updates InRelease
Hit:13 tor+http://ppa.launchpad.net/dlech/keepass2-plugins/ubuntu artful InRelease
Hit:14 tor+http://ppa.launchpad.net/micahflee/ppa/ubuntu artful InRelease
Ign:1 tor+http://download.opensuse.org/repositori ... Debian_9.0 InRelease
Ign:2 tor+http://download.opensuse.org/repositori ... Debian_9.0 InRelease
Hit:3 tor+http://download.opensuse.org/repositori ... Debian_9.0 Release
Hit:5 tor+http://download.opensuse.org/repositori ... Debian_9.0 Release
Ign:7 tor+http://vwakviie2ienjx6t.onion/debian stretch InRelease
Hit:8 tor+http://vwakviie2ienjx6t.onion/debian stretch-updates InRelease
Hit:9 tor+http://vwakviie2ienjx6t.onion/debian stretch-backports InRelease
Hit:10 tor+http://vwakviie2ienjx6t.onion/debian stretch Release
Hit:11 tor+http://sgvtcaew4bxjd7ln.onion stretch/updates InRelease
Hit:13 tor+http://ppa.launchpad.net/dlech/keepass2-plugins/ubuntu artful InRelease
Hit:14 tor+http://ppa.launchpad.net/micahflee/ppa/ubuntu artful InRelease
-
- df -h | grep > 20TiB
- Posts: 1418
- Joined: 2012-10-06 05:31
- Location: /dev/chair
- Has thanked: 79 times
- Been thanked: 191 times
Re: apt-get update over Tor
Um, why?zodac11 wrote:I loved the idea of Tor and availability of updating packages over tor.
Unless running Debian is illegal where you live, pulling package updates over TOR just wastes node bandwidth. Updates are slower for you, and TOR is slower for everyone else.
TOR obfuscates who is communicating with who (note: but not the packet contents) - since all you're doing is pulling uninteresting software packages from a public server, what's the point of doing it over TOR?
Is some agency actually trying to find out what software you use (anyone who cares already knows), or is this pure "using TOR because it's there"?
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
Re: apt-get update over Tor
I have dual citizenship and moving regularly between both of these countries. Regretfully, both of them are quite notorious in sense of internet monitoring/surveillance and in one of them using Tor and VPN are even forbidden. Without Tor, it is not possible to open dozens of websites.steve_v wrote:Unless running Debian is illegal where you live,zodac11 wrote:I loved the idea of Tor and availability of updating packages over tor.
Is some agency actually trying to find out what software you use (anyone who cares already knows)
Re: apt-get update over Tor
The only way to truly ensure your privacy is to self-monitor what you do on the internet. What are these sites and why is it so important you visit them [this can be taken as a rhetorical question if you like]? Be mindful of inadvertantly encouraging the Streisand Effect.
-
- df -h | grep > 20TiB
- Posts: 1418
- Joined: 2012-10-06 05:31
- Location: /dev/chair
- Has thanked: 79 times
- Been thanked: 191 times
Re: apt-get update over Tor
Presumably that doesn't include all the debian mirrors though?zodac11 wrote:Without Tor, it is not possible to open dozens of websites.
I use TOR from time to time, and I run a node all the time. But I still don't see the point of system updates over TOR...
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
Re: apt-get update over Tor
Imagine a country where wikipedia is banned and google, yahoo, imgur (is still banned I think) and many important pillars of internet are censored.Lysander wrote:The only way to truly ensure your privacy is to self-monitor what you do on the internet. What are these sites and why is it so important you visit them [this can be taken as a rhetorical question if you like]? Be mindful of inadvertantly encouraging the Streisand Effect.
Re: apt-get update over Tor
In one country that I have citizenship using Debian or other open source OS is enough proof to put yourself on the list of "potential criminal". Yes, weird, but true.steve_v wrote:Presumably that doesn't include all the debian mirrors though?zodac11 wrote:Without Tor, it is not possible to open dozens of websites.
I use TOR from time to time, and I run a node all the time. But I still don't see the point of system updates over TOR...
In the other country that I have citizenship wikipedia, imgur and many other sites are down due to censore and twitter, yahoo, google gets banned from time to time. It is hard to check the unbanned sites everyday so I simply use tor.
Re: apt-get update over Tor
I can imagine it very easily - my wife's home country [where I visit often] is one such place where Wikipedia, Youtube, Twitter and Facebook have all been banned at one time or another. Circumventing the rules would definitely raise the chances of putting the Streisand Effect into place. I am all for free speech and transparency, but I would also not put myself at risk. It's a terrible situation indeed.zodac11 wrote:Imagine a country where wikipedia is banned and google, yahoo, imgur (is still banned I think) and many important pillars of internet are censored.Lysander wrote:The only way to truly ensure your privacy is to self-monitor what you do on the internet. What are these sites and why is it so important you visit them [this can be taken as a rhetorical question if you like]? Be mindful of inadvertantly encouraging the Streisand Effect.
Re: apt-get update over Tor
zodac11, in your situation, I would have a USB thumb drive loaded with Tails. When you do a shutdown with Tails it even wipes the memory. After shutdown you can hide the thumb drive and no one is the wiser. The computer can actually be loaded with Windows and only be used for safe stuff.zodac11 wrote:Imagine a country where wikipedia is banned and google, yahoo, imgur (is still banned I think) and many important pillars of internet are censored.
Another option is Liberté Linux. It's getting a bit old but it is designed "with the primary purpose of enabling anyone to communicate safely and covertly in hostile environments."
Keep safe.
Re: apt-get update over Tor
Again I would argue - and I'm very open to refutes - that just by using Tails one is opening channels of suspicion and that nothing is a replacement for self-monitoring and taking responsibility for sites visited and content posted. As much as we would like to think that the internet is the liberal free-speech realm that it was in the early 2000s, alas, it is no longer.
I recall something that someone said to me many years ago on the internet and which is of particular import here - "always assume that everything you say and do is being recorded somewhere and can be used against you to your detriment". By all means take risks if you choose to, but take risks knowingly.
I recall something that someone said to me many years ago on the internet and which is of particular import here - "always assume that everything you say and do is being recorded somewhere and can be used against you to your detriment". By all means take risks if you choose to, but take risks knowingly.
Re: apt-get update over Tor
Exactly! +100steve_v wrote:Pulling package updates over TOR just wastes node bandwidth. Updates are slower for you, and TOR is slower for everyone else.zodac11 wrote:I loved the idea of Tor and availability of updating packages over tor.
@OP -> Regardless of how much you "love the idea," this is a pure waste of time and resources, both yours and everyone else's. It's totally pointless, utterly futile, and frankly, it's stupid.
Re: apt-get update over Tor
I certainly have no argument there. Adding to that I would warn against any phone or handheld device that has a locator or tracks the user in any way. There is no point in worrying about computer security while carrying an iphone.Lysander wrote:Again I would argue - and I'm very open to refutes - that just by using Tails one is opening channels of suspicion and that nothing is a replacement for self-monitoring and taking responsibility for sites visited and content posted. As much as we would like to think that the internet is the liberal free-speech realm that it was in the early 2000s, alas, it is no longer.
I recall something that someone said to me many years ago on the internet and which is of particular import here - "always assume that everything you say and do is being recorded somewhere and can be used against you to your detriment". By all means take risks if you choose to, but take risks knowingly.
Re: apt-get update over Tor
Allright, but why has the Debian project published this page : onion.debian.org including the ONION sources.list? There’s no warning at all on that page.dasein wrote:Exactly! +100steve_v wrote:Pulling package updates over TOR just wastes node bandwidth. Updates are slower for you, and TOR is slower for everyone else.zodac11 wrote:I loved the idea of Tor and availability of updating packages over tor.
@OP -> Regardless of how much you "love the idea," this is a pure waste of time and resources, both yours and everyone else's. It's totally pointless, utterly futile, and frankly, it's stupid.