Re: Apt sources.list

To: debian-user@lists.debian.org
Subject: Re: Apt sources.list
From: Tim Woodall <debianuser@woodall.me.uk>
Date: Sun, 16 Apr 2023 20:05:45 +0100 (BST)
Message-id: <[🔎] alpine.DEB.2.21.2304162000030.2806@einstein.home.woodall.me.uk>
In-reply-to: <[🔎] ZDsvBre6FCnnTyfU@wooledge.org>
References: <[🔎] 20230415081117.13655c70@yosemite.mars.lan> <[🔎] 15042023132141.bd720baf79f7@desktop.copernicus.org.uk> <[🔎] ZDqd9oXDlldenbOa@wooledge.org> <[🔎] 20230415130127.GC2480@phcomp.co.uk> <[🔎] 20230415110052.13e41140@yosemite.mars.lan> <[🔎] 20230415161857.tsuodcy3nzdqnjnq@randomstring.org> <[🔎] ZDri2FEbSo1KNAhw@tuxteam.de> <[🔎] alpine.DEB.2.21.2304152053090.2425@azone.org> <[🔎] ZDsvBre6FCnnTyfU@wooledge.org>

On Sat, 15 Apr 2023, Greg Wooledge wrote:


Now, personally I don't feel this is a threat model that I need to
worry about.  I just use plain old http sources at home, and if "They"
learn that I've downloaded rxvt-unicode and mutt, well, good for Them.


The thread model I'm most concerned about is local stuff *exporting*
data elsewhere.

I do understand that there are people in some parts of the world that
want to do things that they ought to be allowed to do but their
repressive governments are preventing. HTTPS is a useful tool to make
that repression harder - but doesn't actually make people safe - if
doing something is illegal then it's still illegal even if it's harder
for the authorities to detect it.

But it's pretty much impossible nowadays to have a "safe" environment at
home. Phones, TVs, almost everything, now tries to establish outgoing
connections.

ESNI, and DNSoHTTPS are on the way to making it almost impossible to
keep tabs on this and restrict what is allowed to egress.

The only redeeming point is that corporates *need* to do egress
filtering - so at the moment the browsers cannot totally block it - and
if they did try, there would be the financing to provide a browser that
corporates could use that, at least, allowed SNI sniffing and regular
DNS.

Reply to:

Follow-Ups:
- Re: Apt sources.list
  - From: Jeffrey Walton <noloader@gmail.com>

References:
- Apt sources.list
  - From: <paulf@quillandmouse.com>
- Re: Apt sources.list
  - From: Brian <ad44@cityscape.co.uk>
- Re: Apt sources.list
  - From: Greg Wooledge <greg@wooledge.org>
- Re: Apt sources.list
  - From: Alain D D Williams <addw@phcomp.co.uk>
- Re: Apt sources.list
  - From: <paulf@quillandmouse.com>
- Re: Apt sources.list
  - From: Dan Ritter <dsr@randomstring.org>
- Re: Apt sources.list
  - From: <tomas@tuxteam.de>
- Re: Apt sources.list
  - From: davidson <davidson@freevolt.org>
- Re: Apt sources.list
  - From: Greg Wooledge <greg@wooledge.org>

Prev by Date: Re: Am I infected with a rootkit?
Next by Date: Re: Am I infected with a rootkit?
Previous by thread: Re: Apt sources.list
Next by thread: Re: Apt sources.list
Index(es):
- Date
- Thread