:: [DNG] KUserFeedback
Top Page
Delete this message
Reply to this message
Author: tito
Date:  
To: dng
Subject: [DNG] KUserFeedback
Hi,
while reading the latest edition of the PCLinuxOS Magazine,
I've found this interesting article about KUserFeedback
at https://pclosmag.com/html/Issues/202109/page09.html
which relevant parts I copy here for ease of discussion:

" Recently, there was a debate on the PCLinuxOS forum about KDE Plasma's implementation
of telemetry through KUserFeedback. While in PCLinuxOS, we can remove it without any
collateral effects to the system, while other users reported that doing the same in other
distros (like Debian 11) results in the complete removal of KDE Plasma! Why force such
an implementation, if, as KDE's developers say, it is just an innocuous, privacy-respecting
measure?

Coincidence or not, in the past years many popular Linux distributions started rolling out
optional telemetry. Then it was the time of computer programs: news broke out in May
regarding Audacity, a popular audio editing app, which announced it was starting the
use of telemetry. The move was finally pushed back after users revolted against it.

But in Plasma's case, it is not just an app or a single distro, but an entire desktop
environment, employed in several Linux distributions, that is being shipped with
telemetry. While many point out that the data collection is by opt-in and entirely
anonymous, others have found that, even if you don't activate telemetry, data is
still collected, using computer resources, registering "apps and boot, number of
times used and duration in /home/user/telemetry folder." As such, they argue that,
because of the way Linux permissions work, other programs could have access
to these log files. KUserFeedback's FAQs page confirms this:

'KUserFeedback is designed to be compliant with KDE Telemetry Policy, which forbids
the usage of unique identification. If you are using KUserFeedback outside of the
scope of that policy, it's of course possible to add a custom data source generating
and transmitting a unique id.'

Not being an expert on such matters, it is anyway a little strange the step taken by
KDE and the way it is being implemented by most mainstream distros, as if there
was a certain consternation about it. To better understand the picture, let us give
a look at the organization that maintains the Plasma desktop."

What possible solutions are there to avoid this user data hoarding and their
abuse?

Simple workarounds that I can think off:

1) allow removal of  KUserFeedback by modifying deb deps (rather ineffective
     as most user will not care to do so)


1a) allow removal of  KUserFeedback by modifying deb deps and don't install
      by default unless the way data is collected is changed so that data
        are collected only if opted in


2) if the user opted out make /home/user/telemetry a tmpfs so that data stored
     are forgotten at reboot (easy but not very effective as data could still be
       abused in the meanwhile)


3) if the user opted out create some kind of /dev/null folder (I suspect that such
    thing doesn't exist yet) to delete the data in realtime


4) if the user opted out run cron jobs or other autostart scripts to periodically
    (boot, login, logout, hourly etc) delete this data


Comments and better ideas are welcome.

Ciao,
Tito