[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possibly moving Debian services to a CDN

Tollef Fog Heen <tfheen@err.no> writes:
>> 1) Privacy concerns: Debian would deliver much more data to business
>> companies than necessary. Keep in mind that personalized data is one
>> of the most valuable things to data miners. Currently I choose one
>> mirror site to pull my packages from. I can freely choose that mirror
>> on basis of location, bandwidth, personal likes or, let's say, privacy
>> reasons because I know that this specific mirror doesn't log my IPs.
>> When using a CDN, at least in that way I understood your proposal, I'm
>> not free to choose anymore. The company running that CDN will obtain
>> all of data like how many machines are behind a subnet or IP, what
>> kind of machines (intel, sparc, powerpc, m68k, ...) and might know if
>> I forget to update a machine (security).
> This is absolutely a valid concern.  I have a few mitigation strategies
> and one observation:
> - You can still run your own mirror.  We need that ourselves and like I
> wrote in the initial email, we need to find a way that keeps rsync
> working.
> - You can use an IP anonymizing service such as Tor.
Are you suggesting to download debian packages over tor? Last time I
used it, I got about 25 kB/s of bandwidth. But even if that has changed,
I'm pretty sure the tor network isn't intended for bulk transfer of the
debian archive...


Encrypted emails preferred.
PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6  02CF A9AD B7F8 AE4E 425C

             »Time flies like an arrow, fruit flies like a Banana.«

Reply to: