[Popcon-developers] Drop atime and ctime for privacy reasons possible?

adrelanos adrelanos at riseup.net
Sat Oct 27 23:48:45 UTC 2012


Bill Allombert:
> On Sat, Oct 27, 2012 at 09:55:22AM +0000, adrelanos wrote:
>> Paul Wise:
>>> On Fri, Oct 26, 2012 at 6:37 PM, adrelanos wrote:
>>>
>>>> for privacy reasons.
>>>
>>> In addition, it would be great to see popcon.d.o switch to SSL to
add privacy.
>
> I would rather use gpg.

gpg is fine.

>
>> Like said in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480860 if
>> it were an opt-in, the server would hopefully not get too much load?
>
> I wonder at the ethical implication of this.
>
>>> The popcon upload script could also use tor/torify to add more
anonymity.
>>>
>>
>> A Tor hidden service would be ideal. It's easy to set up, provides
>> anonymity and end-to-end encryption.
>
> What do you need on the server side to make it work ?

Very few steps required.

- Install Tor (debian package available)
- let the server also listen on localhost:someport
- edit tor configuration file /etc/tor/torrc and add a hidden service
- backup keys in /var/lib/tor/hidden_service

More instructions for a hidden service:
(for a webserver but you can use any tcp service)
https://www.torproject.org/docs/tor-hidden-service

I am sure I or tor-talk would be of assistance if needed.

> You can alway implement your own popcon client on top of
> /usr/sbin/popularity-contest

Dropping atime / ctime for popcon - if possible - is imho a desirable
goal for all Debian users.



More information about the Popcon-developers mailing list