Can you elaborate on what an adversary might do with this connection? The name itself will be leaked via DNS requests regardless of TLS use. The name itself may be leaked via SNI headers in a hypothetical HTTPS connection.
I'm not yet familiar with the data actually transferred once connected, but my wildest speculation suggests that it's going to consist of e.g. a User-agent header from the client and the server's best guess of geographical area for the connecting IP address. It's hard to see what an adversary of even immense power could do with any information from this service. It's also hard to see what an adversary would do if modifying the data in-flight -- force an inconvenient time display in the menu bar perhaps? Thanks -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to ubuntu-geoip in Ubuntu. https://bugs.launchpad.net/bugs/1617535 Title: geoip.ubuntu.com does not utilize HTTPS Status in ubuntu-geoip package in Ubuntu: Incomplete Bug description: geoip.ubuntu.com does not utilize HTTPS and leaks unencrypted over HTTP. This can potentially be utilized by nation state adversaries to compromise user privacy. This service is called multiple times per day by the OS in order to track users. $ nc -zv geoip.ubuntu.com 80 Connection to geoip.ubuntu.com 80 port [tcp/http] succeeded! $ nc -zv -w 3 geoip.ubuntu.com 443 nc: connect to geoip.ubuntu.com port 443 (tcp) timed out To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-geoip/+bug/1617535/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
