Unsubscribing the Ubuntu Sponsors Team for now, due to Sebastien's
comment that more work needs to be done.
Please resubscribe the Sponsors Team once adequate tests have been
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
geoip.ubuntu.com does not utilize HTTPS
Status in ubuntu-geoip package in Ubuntu:
Status in ubuntu-geoip source package in Trusty:
Status in ubuntu-geoip source package in Xenial:
Status in ubuntu-geoip source package in Artful:
It's better to use https where we can. There were concerns about location
leakage for users using a proxy (such as Tor).
As long as Canonical maintains https://geoip.ubuntu.com, things should be
fine here. Minimal fix.
Original Bug Report
geoip.ubuntu.com does not utilize HTTPS and leaks unencrypted over HTTP. This
can potentially be utilized by nation state adversaries to compromise user
privacy. This service is called multiple times per day by the OS in order to
$ nc -zv geoip.ubuntu.com 80
Connection to geoip.ubuntu.com 80 port [tcp/http] succeeded!
$ nc -zv -w 3 geoip.ubuntu.com 443
nc: connect to geoip.ubuntu.com port 443 (tcp) timed out
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~desktop-packages
Post to : email@example.com
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp