Of course I can use Tor. But why you can't make my life easier by just always using the certificate for cdimage.debian.org that you ALREADY have?
03.07.2016, 16:41, "Emmanuel Kasper" <[email protected]>: > Le 03/07/2016 à 14:51, [email protected] a écrit : >> When I visit cdimage.debian.org I see that connection IS encrypted. But if >> I, for example, try to download a torrent file and go to >> to cdimage.debian.org/debian-cd/8.5.0/i386/bt-cd/, then out of blue >> connection becomes unprotected. I know that there are GPG signatures, but >> I think that it's a bit reckless anyway, what if potential attacker will >> notice what particular file I downloaded? For example, he saw that it was >> >> cdimage.debian.org/debian-cd/8.5.0/amd64/bt-cd/debian-8.5.0-amd64-kde-CD-1.iso.torrent, >> so he will know that my computer is a 64-bit PC and >> it uses KDE + the latest 64-bit Debian Stable. > > Hi > If you're concerned about being tracked by your internet traffic when > downloading the debian cds, then use tor to do the download. > After that you can setup apt-tor to avoid the same kind of tracking when > doing apt updates ( see > https://packages.debian.org/jessie/apt-transport-tor ) > Emmanuel
