Use Onion Services for APT
Currently, /etc/apt/sources.list makes use of apt-transport-tor
(tor+http://) to fetch the repo lists from the normal Debian mirrors via
the Tor Exit node.
This could, however, be done through Tor entirely since there exist
official mirrors that are Tor Onion Services, such as
vwakviie2ienjx6t.onion.
https://wiki.debian.org/TorifyDebianServices
Pros:
- Traffic stays within Tor, avoidance of metadata
- End-to-End encryption to the Onion Service
- (debatable) Fingerprinting of Tails users (what diffs were missing? when was the last package list update?) at the Tor Exit might become more difficult
Cons:
- Adds load to the Onion mirror
- Packages signed with GnuPG anyways
- Might be slower than non-Onion Service access
Feature Branch: feature/11556-apt-with-onions
Related issues
- Related to #8143 (closed)
Original created by @flapflap on 11556 (Redmine)