add paragraph about leaking locale via Translation files

References: https://bugs.debian.org/749611

1 files changed, 15 insertions, 0 deletions

diff --git a/README.md b/README.md
index ed3ff6b..a7f4408 100644
--- a/README.md
+++ b/README.md
@@ -57,6 +57,21 @@ available as an onion service.
 
 ## Configuration
 
+### Preventing user identification by languages
+
+APT sents no directly user identifying data to a server, but the server (and
+any observer between you and the server) can guess based on the languages apt
+downloads data for which languages the user might speak and from that infere
+culture and/or origin country of the user. With a particular uncommon set it
+might even be possible to identify a user.
+
+The most obvious solution might be to configure apt to not download data for
+any language (or only for english) via the Acquire::Languages option, but this
+is unacceptable if e.g. some or all users do not understand english. The option
+can also be used to add or remove certain languages to the list. The download
+of Translation files (which include the long descriptions for packages) can also
+be configured for individual sources via sources.list options.
+
 ### Using a different Tor instance
 
 By default, apt-transport-tor uses the following SOCKS proxy setting, which