:: Re: [DNG] KUserFeedback
Top Page
This message is part of the following thread:
M+++\the complete thread tree sorted by date
MMMMMtito at <-
.MM.Mg4sra at ->
Delete this message
Reply to this message
Author: tito
Date:  
To: dng
Subject: Re: [DNG] KUserFeedback
On Sun, 5 Sep 2021 09:59:09 +0200
"Dr. Nikolaus Klepp via Dng" <dng@???> wrote:

> Hi!
>
> Anno domini 2021 Sun, 5 Sep 09:52:11 +0200
> tito via Dng scripsit:
> > Hi,
> > while reading the latest edition of the PCLinuxOS Magazine,
> > I've found this interesting article about KUserFeedback
> > at https://pclosmag.com/html/Issues/202109/page09.html
> > which relevant parts I copy here for ease of discussion:
> >
> > " Recently, there was a debate on the PCLinuxOS forum about KDE Plasma's implementation
> > of telemetry through KUserFeedback. While in PCLinuxOS, we can remove it without any
> > collateral effects to the system, while other users reported that doing the same in other
> > distros (like Debian 11) results in the complete removal of KDE Plasma! Why force such
> > an implementation, if, as KDE's developers say, it is just an innocuous, privacy-respecting
> > measure?
> >
> > Coincidence or not, in the past years many popular Linux distributions started rolling out
> > optional telemetry. Then it was the time of computer programs: news broke out in May
> > regarding Audacity, a popular audio editing app, which announced it was starting the
> > use of telemetry. The move was finally pushed back after users revolted against it.
> >
> > But in Plasma's case, it is not just an app or a single distro, but an entire desktop
> > environment, employed in several Linux distributions, that is being shipped with
> > telemetry. While many point out that the data collection is by opt-in and entirely
> > anonymous, others have found that, even if you don't activate telemetry, data is
> > still collected, using computer resources, registering "apps and boot, number of
> > times used and duration in /home/user/telemetry folder." As such, they argue that,
> > because of the way Linux permissions work, other programs could have access
> > to these log files. KUserFeedback's FAQs page confirms this:
> >
> > 'KUserFeedback is designed to be compliant with KDE Telemetry Policy, which forbids
> > the usage of unique identification. If you are using KUserFeedback outside of the
> > scope of that policy, it's of course possible to add a custom data source generating
> > and transmitting a unique id.'
> >
> > Not being an expert on such matters, it is anyway a little strange the step taken by
> > KDE and the way it is being implemented by most mainstream distros, as if there
> > was a certain consternation about it. To better understand the picture, let us give
> > a look at the organization that maintains the Plasma desktop."
> >
> > What possible solutions are there to avoid this user data hoarding and their
> > abuse?
> >
> > Simple workarounds that I can think off:
> > 
> > 1) allow removal of  KUserFeedback by modifying deb deps (rather ineffective
> >      as most user will not care to do so)

> > 
> > 1a) allow removal of  KUserFeedback by modifying deb deps and don't install
> >       by default unless the way data is collected is changed so that data
> >         are collected only if opted in

> > 
> > 2) if the user opted out make /home/user/telemetry a tmpfs so that data stored
> >      are forgotten at reboot (easy but not very effective as data could still be
> >        abused in the meanwhile)

> > 
> > 3) if the user opted out create some kind of /dev/null folder (I suspect that such
> >     thing doesn't exist yet) to delete the data in realtime

> > 
> > 4) if the user opted out run cron jobs or other autostart scripts to periodically
> >     (boot, login, logout, hourly etc) delete this data

> >
> > Comments and better ideas are welcome.
>
> Don't think a lot of people here use KDE4 :)

Hi,
I do, that's a lot to me!
.....and we ship it in the repos that is a enough
of a reason to care about it.

cura ut valeas

> Anyway, e.g. "audacity" has added "telemetry" and "lawful inspection" a while ago and was promptly forked https://www.theregister.com/2021/07/06/audacity_fork/ . Unpleasently there is still audacity in the devuan/debian repository, so keep an eye open on the new spyware.
>
> nik
>
> >
> > Ciao,
> > Tito
> >
> >
> > _______________________________________________
> > Dng mailing list
> > Dng@???
> > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> >
>
>
>

This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] KUserFeedbackRe: [DNG] KUserFeedback->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)