Has anyone looked at the extent to which the apt/dpkg metadata might make a debian-based VM identifiable with repository access times?
As long as the repository is accessed over its own tor circuit it shouldn’t matter too much, I suppose. Just wondering how much work might be involved in cleaning that data.
So far, all I know is that removing /var/{log,lib,cache}/{apt,dpkg} breaks things pretty badly.