Changes between Version 9 and Version 10 of doc/TorifyHOWTO/apt


Ignore:
Timestamp:
May 23, 2018, 4:39:03 AM (15 months ago)
Author:
Jaruga
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/TorifyHOWTO/apt

    v9 v10  
    33APT (Advanced Package Tool) is a free software user interface that works with core libraries to handle the installation and removal of software on Linux/UNIX distributions. It already includes mechanisms for guaranteeing the authenticity of the packages you download. However, an adversary sniffing your network traffic can still see what software you are installing. This is where Tor comes in.
    44
    5 For security reasons, APT blocks clearnet connections to .onion domains by default. This is because APT developers want to protect users from accidentally trying to use {{{.onion}}} repositories without using Tor. Otherwise, a rogue / malicious DNS server could redirect users to a false domain and trick them into thinking they are using Tor when they are really not.
     5For security reasons, APT blocks clearnet connections to {{{.onion}}} domains by default. This is because APT developers want to protect users from accidentally trying to use {{{.onion}}} repositories without using Tor. Otherwise, a rogue / malicious DNS server could redirect users to a false domain and trick them into thinking they are using Tor when they are really not.
    66
    77== Package: apt-transport-tor ==
     
    1414
    1515=== Warnings ===
    16 ''' Please note that this approach is only as secure as Tor itself ''' - this software cannot protect you from an attacker who has access to your local machine. While it does prevent an attacker who is sniffing your network connection from being able to tell that you are fetching packages, to begin with, it does not necessarily defend you from:
     16''' Please note that this approach is only as secure as Tor itself ''' - this software cannot protect you from an attacker who has access to your local machine. While it does prevent an attacker who is sniffing your network connection from being able to tell that you are fetching packages to begin with, it does not necessarily defend you from:
    1717
    1818   * a global passive adversary (who could potentially correlate the exit node's traffic with your local Tor traffic)