[Freedombox-discuss] Privoxy via Tor, and APT via Privoxy?

Tim Retout diocles at debian.org
Thu Apr 17 14:02:50 UTC 2014

On Wed, 2014-04-16 at 18:37 +0200, Petter Reinholdtsen wrote:
> > I'm surprised that apt doesn't support SOCKS proxies directly -
> > random people on the internet seem to think that it does, but
> > there's no mention in apt's source code.
> Yeah.  I asked for SOCKS support today in
> <URL: http://bugs.debian.org/744934 >.  If someone got time to provide
> the C++ patch needed, I am sure it would be well received.

It looks complicated. :)  The HTTP, FTP and HTTPS transports are
implemented almost completely separately - I'm just looking at whether
it can be patched into the bit that makes the connection.  It's
important to get the DNS requests to also go over the SOCKS proxy, to
prevent DNS leaks (and make cdn.debian.net work properly).  And also,
apt doesn't depend on any high-level networking library at the moment.

> An alternative which Nick mentioned on IRC today, is
> <URL: https://code.google.com/p/badvpn/wiki/tun2socks >.  The idea is
> to not confiture apt and privoxy, but instead change the IP setup on
> the machine to send everything via tor.  Perhaps a better option?  But
> that package is not in Debian, as far as I know.

Personally I am not quite convinced that all traffic should go over Tor.
Apart from anything else, there will be no UDP support, so it would be
more difficult to get e.g. VoIP working, I think.

A third idea: if we could guarantee that apt was always called via
plinth, then we could always call it via torify or something. Ugly. :)

Tim Retout <diocles at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20140417/0538763d/attachment.sig>

More information about the Freedombox-discuss mailing list