How to configure Debian to update over Tor

Debian has had the option to use Tor to update for quite some time, but most users don’t even know that it’s an option or how to set it up, and it turns out it is quite simple!


Firstly, you will need to install Tor.

Once that is complete you need to make sure you have apt-transport-tor installed:

sudo apt install apt-transport-tor

now all you need to do is edit your /etc/apt/sources.list file, replacing all the normal Debian mirrors with the .onions. You can find a list of up to date mirrors at the bottom of this page. Here are the current ones:

deb tor+http://vwakviie2ienjx6t.onion/debian stable main
deb tor+http://vwakviie2ienjx6t.onion/debian stable-updates main
deb tor+http://sgvtcaew4bxjd7ln.onion/debian-security stable/updates main

#deb tor+http://vwakviie2ienjx6t.onion/debian stable-backports main

Note: I changed the repo from jessie to stable in anticipation of Debian 9 being released.

Last thing to do is run apt update and you will be running all of your update traffic through an onion service, so you can be sure the packages are not compromised during transfer!

CopperheadOS – A beginning to securing Android?

After using CopperheadOS for 3 months, I have a new outlook on Android. CopperheadOS is a hardened version of AOSP. It uses various techniques to keep your phone secure that aren’t present in stock Android.


CopperheadOS is meant to replace stock Android for businesses who require extra security for whatever reason. This is abundantly clear when looking at the few phones they support

  • Nexus 9
  • Nexus 5x
  • Nexus 6P

and if you are willing to buy either a support contract, or a phone directly from their site,

  • Pixel (XL)


For me, the switch to Copperhead seemed like a clear choice to switch to from stock. Frequent updates and a more secure phone were two very welcome things to me, someone who likes to keep everything secure and data private. CopperheadOS even requires you to lock the bootloader to do OTA updates. This adds an extra layer of security, so you will know if you ever start you phone and you see a different boot fingerprint.


All in all, if you can survive without Google apps and have a supported phone, I would recommend you switch to CopperheadOS. So far Copperhead has even helped patch quite a few vulnerabilities in stock Android.




You have probably heard of Pi-Hole, a great way to block ads at a DNS level for your whole system, instead of just in your browser, but there is a better alternative that works with pretty much any Linux distro that the pihole works on.

NoTrack and Pi-Hole allow you to route all of your DNS requests through your own server, filtering out anything you don’t want getting through like¬†Google Analytics before routeing your request to a DNS server of your choosing. They offer a variety of DNS servers to choose from and you can even add custom servers, but I prefer using OpenDNS so I can have 100% uptime.

NoTrack and Pi-Hole make DNS requests a lot faster by caching them locally after you request a domain so you won’t need to wait for network latency querying the DNS server more than once.

The difference between Pi-Hole and NoTrack isn’t that big. Notrack offers quite a few more host files that would normally need to be manually converted for Pi-Hole to read them. Though if you don’t care too much about that, I would recommend Pi-Hole.

You also save lots of bandwidth by not getting any of the resources from the blocked services, potentially saving enough to keep you from going over your total limit for the month if you have one.

The installation of NoTrack is very simple and can be done with very little command line experience in Linux. Here’s a short guide from the creator, QuidsUp: