1

from https://dot.kde.org/2017/11/30/kdes-goa ... and-beyond:

To make sure KDE environment and apps protect users’ privacy, Sebastian lists several measures that developers can implement. He proposes that applications not expose private data by default, asking the user for explicit consent before sending data to third parties.

This is very good, but not all KDE applications will abide by this philosophy, much less non-KDE applications. Even when applications respect privacy, this is largely a matter of trust - trust without solid foundation.

I would like users to have the power to suppress data leaks with application-level firewall functionality. Basically, I want Plasma to give the user a one-click, master OFF switch for network access for each GUI application which is off by default, so regardless of whether the application plays nice, it will not be able to send data.

Think of password managers like the popular KeePassXC. They make incredibly tempting targets for attacks. People use these programs because they are open source, and it is assumed that the community would notice malicious code; package maintainers would check every new version to make sure it doesn't contain malicious code, etc. I would feel better if my Plasma Desktop gave me an OFF switch on my KeePassXC that makes it impossible for the application to communicate with the internet. Voila - no more need for trust, and a giant increase in the security of my passwords.

I'm aware that there are already command-line solutions to do this, see https://unix.stackexchange.com/question ... -a-process .

My point here is that security has to be usable and practical for the general computing public. Command line hacks are not usable security in that sense.

Well, turning off networking for a given application doesn't mean you no longer need to trust it. It just means that you can trust that it won't leak your passwords directly over the network, but one can conceive of ways to get around it including a compromised version of the app which spawns a separate process (app) to get around the network restriction or a piece of malware which once loaded into memory on your machine is able to communicate with the (perhaps also compromised) network-less app and share the information it gathers with the malware distributors.

That said, turning off networking is yet another line of defense and certainly worth pursuing (both of those scenarios require the attacker to get compromised software onto your computer which that itself is hard enough to do).