Use Onion Services for APT
Currently, /etc/apt/sources.list makes use of apt-transport-tor
(tor+http://) to fetch the repo lists from the normal Debian mirrors
via the Tor Exit node.
This could, however, be done through Tor entirely since there exist official mirrors that are Tor Onion Services, such as vwakviie2ienjx6t.onion.
- Traffic stays within Tor, avoidance of metadata
- End-to-End encryption to the Onion Service
- (debatable) Fingerprinting of Tails users (what diffs were missing? when was the last package list update?) at the Tor Exit might become more difficult
- Adds load to the Onion mirror
- Packages signed with GnuPG anyways
- Might be slower than non-Onion Service access
Feature Branch: feature/11556-apt-with-onions