From d7e8ddd398594b0e01b3bcb5574224f851dcf32e Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Mon, 22 Jan 2018 14:15:57 +0100
Subject: add paragraph about leaking locale via Translation files

References: https://bugs.debian.org/749611
---
 README.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/README.md b/README.md
index ed3ff6b..a7f4408 100644
--- a/README.md
+++ b/README.md
@@ -57,6 +57,21 @@ available as an onion service.
 
 ## Configuration
 
+### Preventing user identification by languages
+
+APT sents no directly user identifying data to a server, but the server (and
+any observer between you and the server) can guess based on the languages apt
+downloads data for which languages the user might speak and from that infere
+culture and/or origin country of the user. With a particular uncommon set it
+might even be possible to identify a user.
+
+The most obvious solution might be to configure apt to not download data for
+any language (or only for english) via the Acquire::Languages option, but this
+is unacceptable if e.g. some or all users do not understand english. The option
+can also be used to add or remove certain languages to the list. The download
+of Translation files (which include the long descriptions for packages) can also
+be configured for individual sources via sources.list options.
+
 ### Using a different Tor instance
 
 By default, apt-transport-tor uses the following SOCKS proxy setting, which
-- 
cgit v1.2.3-70-g09d2