You must log in or register to comment.

Mango wrote

I use Tor APT transport instead of HTTPS, but I do have the latter installed in case some 3rd party repository support it.


edmund_the_destroyer wrote

Why? Is there a reason to hide the use of Linux or the packages you're installing?


Mango wrote

APT uses localization to get update from nearest servers. I sometime do illegal shit from my computer cuz I was too lazy to fire up the VPS or VM, so Torify everything is a precaution, in case some connection leaked,


jadedctrl wrote (edited )

I mean, server-side, it should be no problem to offer both http and https, unless you're using some over-complicated infrastructure. then again, apt itself is over-complicated, jajaja.

anyway, https should be the default, period. even in cases where snooping is still perfectly simple (file-size, etc.), it gives even a modicum more of privacy, and at least makes the snoop's life slightly more annoying.

you know how using unencrypted ssh is practically rocket surgery when you run up-to-date software, like it never existed in the first place? that's where we should be with http.