[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Debian popcon as a vulnerability?



On 2014-09-14 01:17, Griffin Boyce wrote:
> Hello all!
> 
>   I am wondering whether to force-uninstall Debian's popularity-contest
> package as part of Stormy's installation process. It would be good to
> have an idea how popular Stormy is, but on the other hand, I'm not sure
> how anonymous the reporting is on Debian's end.

If you report through Tor then it is okay-ish as then nobody knows the IP.

They could though make a fingerprint of the set of packages+versions
installed and thus know that at least you are a Tor user through that.

Thus for them who have access to that DB, there is some power.

Personally, I don't see the point of popcon though, it is not that the
owner of the package will fix things quicker when the package is more
popular, they are mostly doing it in their free time anyway.

Greets,
 Jeroen

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev