Linux mirrors security

any linux desktop distribution has a package manager to get package updates from local mirrors, and i’m in one of the worst countries in the world for privacy, so i almost certain that the local mirror server logs everything(eg. ip,time,traffic size), and my isp blocked any other mirror server, so i must connect to vpn all time when use linux, but the problem is that if i just install linux and then install the vpn without a network connection, the vpn lacks the dependency libraries and stops running, if i want to get the dependency libraries, i have to connect to the network and send to mirror server my local ip and whatever infor they can get

this is a chicken or egg problem, my current solution is to share the VPN to the LAN through another pc, then connect and get the dependency library and install the VPN, but this must have another computer, how do i get this with only this one device? (for fedora/pop-os)

From which country you are from.
If from china you can use deepin or openkyln
Else fedora or ubuntu is good option you may go with silver blue or any ublue distro.

what, that’s not what i’m asking, and i don’t think a linux distribution in a dictatorship is safey, i’m using fedora and pop-os, but the point is how to bypass local mirror servers

1 Like

Most distros, Fedora included, don’t even use HTTPS for mirrors, so your ISP can already observe all these anyway.

Your ISP wouldn’t benefit from purposely blocking specific mirrors.

1 Like

Watch in a dictatorship you have no choice but to expose your data to the government.
Even if you are in usa they log all your activities even if you say india which is so called bigest democracy but there is no such difference in this
In the name of national security they will track you.
Whether it is china or india.
The difference is if you are doing against anti-government or anti rulling dispensary.
You are safe or unsafe in both type of nation.
I would recommend you to just use any distro of your choice but if you want to have something

Works on fedora or ununtu or any of your distros.
If you want to stay anonymous you have options like qubes tails.

that program sounds like a bad idea.

All packages are cryptographically signed so https or ftp http does not matter if sign does not match this update won’t be installed

in this context the person is worried about their others learning what packages they use, so yes plain HTTP does matter

How does tell me
You are not proving any password or username

Did they really block all other mirrors ? In China at least they didn’t since devs need Linux.

yea, in my country, the internet is not common and blocks almost everything, its close to china and they really block all other mirrors

i’m trying a solution using mihomo/singbox executables and config files to bypass the dependencies and connect to the network after connecting to the proxy, but it’s not stable, if there are VPNs that don’t require any dependencies or other solutions, please let me know

I DMed you. (Exposing the technique publicly could lead to the gov taking takedown requests).

1 Like