[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why there is no encryption if I download files from cdimage.debian.org ?

Of course I can use Tor. But why you can't make my life easier by just always using the certificate for cdimage.debian.org that you ALREADY have?

03.07.2016, 16:41, "Emmanuel Kasper" <emmanuel@libera.cc>:
> Le 03/07/2016 à 14:51, german398@ya.ru a écrit :
>>  When I visit cdimage.debian.org I see that connection IS encrypted. But if I, for example, try to download a torrent file and go to
>>  to cdimage.debian.org/debian-cd/8.5.0/i386/bt-cd/, then out of blue connection becomes unprotected. I know that there are GPG signatures, but
>>  I think that it's a bit reckless anyway, what if potential attacker will notice what particular file I downloaded? For example, he saw that it was
>>   cdimage.debian.org/debian-cd/8.5.0/amd64/bt-cd/debian-8.5.0-amd64-kde-CD-1.iso.torrent, so he will know that my computer is a 64-bit PC and
>>  it uses KDE + the latest 64-bit Debian Stable.
>
> Hi
> If you're concerned about being tracked by your internet traffic when
> downloading the debian cds, then use tor to do the download.
> After that you can setup apt-tor to avoid the same kind of tracking when
> doing apt updates ( see
> https://packages.debian.org/jessie/apt-transport-tor )
> Emmanuel
Reply to: