Hi. We would like to know if you can arrange for hosting a hidden Debian mirror for access by Tails and Whonix systems. There are a number of advantages Such as reducing metadata leakage from apt-get and protection against security issues in APT which can be exploited when its using http in the clear.
Apt-transport-https unfortunately doesn’t cut it. Plain SSL is trivial to fingerprint allowing a network observer to know what was downloaded and that the packages belong to the same system. Only very few of https mirrors have self signed certificates which we would prefer, and that option has many quirks. Apt doesn’t really work properly with https and complains randomly. Apt-cacher-ng doesn’t work with the https transport too.
Running a hidden service mirror will be a measurable security and anonymity improvement over the current status quo. Please see what can be done and let us know.
In terms of bandwidth needs, Tails has an estimated 10,000 users while Whonix has 5,000.