:: Re: [DNG] KUserFeedback
Forside
Slet denne besked
Besvar denne besked
Skribent: Dr. Nikolaus Klepp
Dato:  
Til: dng
Emne: Re: [DNG] KUserFeedback
Hi!

Anno domini 2021 Sun, 5 Sep 09:52:11 +0200
tito via Dng scripsit:
> Hi,
> while reading the latest edition of the PCLinuxOS Magazine,
> I've found this interesting article about KUserFeedback
> at https://pclosmag.com/html/Issues/202109/page09.html
> which relevant parts I copy here for ease of discussion:
>
> " Recently, there was a debate on the PCLinuxOS forum about KDE Plasma's implementation
> of telemetry through KUserFeedback. While in PCLinuxOS, we can remove it without any
> collateral effects to the system, while other users reported that doing the same in other
> distros (like Debian 11) results in the complete removal of KDE Plasma! Why force such
> an implementation, if, as KDE's developers say, it is just an innocuous, privacy-respecting
> measure?
>
> Coincidence or not, in the past years many popular Linux distributions started rolling out
> optional telemetry. Then it was the time of computer programs: news broke out in May
> regarding Audacity, a popular audio editing app, which announced it was starting the
> use of telemetry. The move was finally pushed back after users revolted against it.
>
> But in Plasma's case, it is not just an app or a single distro, but an entire desktop
> environment, employed in several Linux distributions, that is being shipped with
> telemetry. While many point out that the data collection is by opt-in and entirely
> anonymous, others have found that, even if you don't activate telemetry, data is
> still collected, using computer resources, registering "apps and boot, number of
> times used and duration in /home/user/telemetry folder." As such, they argue that,
> because of the way Linux permissions work, other programs could have access
> to these log files. KUserFeedback's FAQs page confirms this:
>
> 'KUserFeedback is designed to be compliant with KDE Telemetry Policy, which forbids
> the usage of unique identification. If you are using KUserFeedback outside of the
> scope of that policy, it's of course possible to add a custom data source generating
> and transmitting a unique id.'
>
> Not being an expert on such matters, it is anyway a little strange the step taken by
> KDE and the way it is being implemented by most mainstream distros, as if there
> was a certain consternation about it. To better understand the picture, let us give
> a look at the organization that maintains the Plasma desktop."
>
> What possible solutions are there to avoid this user data hoarding and their
> abuse?
>
> Simple workarounds that I can think off:
>
> 1) allow removal of  KUserFeedback by modifying deb deps (rather ineffective
>      as most user will not care to do so)

>
> 1a) allow removal of  KUserFeedback by modifying deb deps and don't install
>       by default unless the way data is collected is changed so that data
>         are collected only if opted in

>
> 2) if the user opted out make /home/user/telemetry a tmpfs so that data stored
>      are forgotten at reboot (easy but not very effective as data could still be
>        abused in the meanwhile)

>
> 3) if the user opted out create some kind of /dev/null folder (I suspect that such
>     thing doesn't exist yet) to delete the data in realtime

>
> 4) if the user opted out run cron jobs or other autostart scripts to periodically
>     (boot, login, logout, hourly etc) delete this data

>
> Comments and better ideas are welcome.


Don't think a lot of people here use KDE4 :)

Anyway, e.g. "audacity" has added "telemetry" and "lawful inspection" a while ago and was promptly forked https://www.theregister.com/2021/07/06/audacity_fork/ . Unpleasently there is still audacity in the devuan/debian repository, so keep an eye open on the new spyware.

nik

>
> Ciao,
> Tito
>
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>




--
Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ...