Hi, this is kind of a question in how to configure apt – and there are various options – but perhaps eventually someone can figure out how to compose a way of automating this more to make "everyone" happy by default. If someone has a plan/idea I am happy to help :) On Wed, May 28, 2014 at 12:06:08PM -0400, Micah Anderson wrote: > The only problem is that when you do an apt-get update, you are leaking some > important identifying bits, namely your locale preferences through the requested > Translations-* files. This is pretty interesting, and revealing information! For > example, if someone is requesting the Translation-zh files, you can pretty Note that apt (>= 1.1) isn't going to request files if it can predict that the file hasn't changed and it can do that e.g. for Translation-* files which change rather infrequently so there is a good chance that you aren't requesting all Translation files you are using. Also, the remark that apt is doing the download in a specific order was fixed in the 1.3 series, which uses a random order now. > reasonably guess that they are Chinese speaking. Fortunately, the specific > locality is not leaked (eg. en_US). It would be, if the repository provides such a file, but the Release file says it doesn't, so apt doesn't try to download it. Some languages have these specifics like pt and pt_BR or zh_CN and zh_TW btw. > Because people do want their localized languages available to them, but > requesting them over tor betrays information, I think that the only way to get > around this problem is to request all the locales. Its somewhat annoying because That is of course an option, but it is hardly your only option, the simplest two might be: 1. Use a mirror via an onion service, see onion.debian.org (It is there the README file is pointing to as well) 2. Get the Translation files from another mirror ¹ Just as an example & for testing I am using both: deb [lang=none] tor+http://httpredir.debian.org/debian/ sid main deb [target=Translations] tor+http://vwakviie2ienjx6t.onion/debian sid main Explanation: That tells apt to not get any files based on languages from the first source (which are in effect only Translation files, but just to be sure) and the second line tells apt to get only the Translation files from here (+ a Release file, so the two mirrors can be out-of-sync). ¹ Note that in the default config of apt-transport-tor >= 0.3 each mirror is contacted potentiallly via its own circuit so there might be different exit-nodes involved. See sources.list(5) manpage for a description of these options (again, that requires apt >= 1.1). This example and reading the manpage will also help you configure apt to download additional translation files it isn't going to use later on if you really want to pursue this venue instead/too. Best regards David Kalnischkies
Attachment:
signature.asc
Description: PGP signature