[Freedombox-discuss] Privoxy via Tor, and APT via Privoxy?

Petter Reinholdtsen pere at hungry.com
Wed Apr 16 16:37:13 UTC 2014

[Tim Retout]
> I think this idea is worth trying - even if secure apt prevents
> someone putting fake packages onto your machine, this will stop
> people seeing which software they need to find zero-day
> vulnerabilities in. :)

Yeah. :)

> What's the best apt mirror to use with tor?  Maybe http.debian.net?
> It's probably important to preserve anonymity that everyone uses the
> same mirror.

Either cdn.debian.net or http.debian.net I believe.  I've had some
problems using both from time to time, but I do not believe we have
any better option.

> I'm surprised that apt doesn't support SOCKS proxies directly -
> random people on the internet seem to think that it does, but
> there's no mention in apt's source code.

Yeah.  I asked for SOCKS support today in
<URL: http://bugs.debian.org/744934 >.  If someone got time to provide
the C++ patch needed, I am sure it would be well received.

> s/provixy/privoxy/


> Privoxy cannot proxy ftp traffic, according to its FAQ.  You might
> want to add https, but I don't think anyone uses that?


On second thought, I believe it is better to put this functionallity
in plinth, behind an option, instead of in freedombox-setup.  The
option should probably be enabled by default.

The options for apt can be to use privoxy, and for privoxy to use tor.
I would prefer to have one option for apt to use tor, but without
SOCKS support, that is not trivial.

An alternative which Nick mentioned on IRC today, is
<URL: https://code.google.com/p/badvpn/wiki/tun2socks >.  The idea is
to not confiture apt and privoxy, but instead change the IP setup on
the machine to send everything via tor.  Perhaps a better option?  But
that package is not in Debian, as far as I know.

Happy hacking
Petter Reinholdtsen

More information about the Freedombox-discuss mailing list