Re: concrete steps for improving apt downloading security and privacy
On Wed, Jul 9, 2014 at 11:23 PM, Michael Stone <email@example.com> wrote:
> I frankly find it hard to believe that someone who is unwilling to click
> past the first link when researching actually cares much about any kind of
> writeup of threat models. I'll make it simple: if you're completely
> unsophisticated and worried about a government hijacking your linux
> distribution to spy on you, there's nothing debian can do to help you. If
> you're low profile and uninteresting, the government doesn't care about you.
> If you're actually being targeted by well funded and sophisticated
> adversaries, they're going to get you unless you put a heck of a lot more
> effort in than clicking on the first link.
Someone who is unwilling to click past the first link /now/ may become
very willing to continue clicking once they read it.
"Debian will not protect you against nation-state adversaries" is a
very useful bit of information for many non-technical activists, which
often leads to the questions:
* "Why?" (what powers can they use to subvert existing protections?)
* "What /does/ protect you?" (what new protections need I put in
place such that those powers cannot subvert them?)
It would be lovely to have the answers nearby.