This bug was fixed in the package ubuntu-geoip -
ubuntu-geoip (1.0.2+18.04.20180223-0ubuntu1) bionic; urgency=medium
* Use https for geoip.ubuntu.com (LP: #1617535)
-- Jeremy Bicha <jbi...@ubuntu.com> Fri, 23 Feb 2018 17:23:36 +0000
** Changed in: ubuntu-geoip (Ubuntu)
Status: Fix Committed => Fix Released
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
geoip.ubuntu.com does not utilize HTTPS
Status in ubuntu-geoip package in Ubuntu:
Status in ubuntu-geoip source package in Trusty:
Status in ubuntu-geoip source package in Xenial:
Status in ubuntu-geoip source package in Artful:
It's better to use https where we can. There were concerns about location
leakage for users using a proxy (such as Tor).
As long as Canonical maintains https://geoip.ubuntu.com, things should be
fine here. Minimal fix.
Original Bug Report
geoip.ubuntu.com does not utilize HTTPS and leaks unencrypted over HTTP. This
can potentially be utilized by nation state adversaries to compromise user
privacy. This service is called multiple times per day by the OS in order to
$ nc -zv geoip.ubuntu.com 80
Connection to geoip.ubuntu.com 80 port [tcp/http] succeeded!
$ nc -zv -w 3 geoip.ubuntu.com 443
nc: connect to geoip.ubuntu.com port 443 (tcp) timed out
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~desktop-packages
Post to : firstname.lastname@example.org
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp