Torify apt-get traffic
It is recommended to torrify APT's traffic on the host for several reasons:
- Each machine has its own unique package selection. This allows location tracking, because systems can be fingerprinted across physical networks as system updates are performed.
- System updates leak sensitive security information like package versions and the varying patch levels. This information aids targeted attacks.
Follow the instructions below to torify APT traffic in Debian. 
Install apt-transport-tor from the Debian repository.
sudo apt-get install apt-transport-tor
Edit the sources.list to include only tor:// URLs for every entry.
Open /etc/apt/sources.list in an editor with root rights.
Save and exit.
Other URL Configurations
Alternatively, the tor+http:// URL scheme is possible. apt-transport-tor can also be combined with apt-transport-https, leading to the tor+https:// URL scheme. 
Note that changing
http.debian.net picks a mirror near to whichever Tor exit node is being used. Throughput is surprisingly fast.  Users should also be aware that all public-facing debian.org FTP services were shut down on November 1, 2017. 
Debian URLs can also be pointed to the available onion services
http://earthqfvaeuv5bla.onion. This is the most secure option, as no package metadata ever leaves Tor.    This URL scheme also protects from system compromise in the event APT has a critical security bug.
- ftp://ftp.debian.org and ftp://security.debian.org