johnyju...@sigaint.org:
> While updates are signed, so even if they come over the wire in cleartext,
> the fact that they often are sent in the clear (even from debian.net)
> allows a snooper to know what packages your scanning for metadata or
> installing.  It reveals a lot about the state of your system.
> 
> Updating over Tor or a VPN helps a bit.  Updating to debian's hidden
> service is even more ideal, no https in between with
> state-actor/CA-forgeable certificates possible, etc..
> 
> However, Qubes updates aren't available via Tor.
> 

WIP: https://forums.whonix.org/t/onionizing-qubes-whonix-repositories/3265

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cfa5428c-74d2-9933-ad7c-ef62ce4f5bc1%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to