Reply to topic

KDE is Sponsored by Microsoft (via Linux Foundataion)

philmanjaro
Registered Member
Posts
2
Karma
0
How would you feel if I went to your house and installed cameras and microphones that would constantly monitor you and record everything you do. And I wouldn't even tell you? If you found out and would you try to remove it from your house (bedroom, bathroom, shower, living room, telephone)? Guess what? I would make sure you couldn't remove it. If you would find out, I would tell you that it wasn't me- it was someone else.

-"Oh don't worry I do not spy on you"
-"But its constantly recording"
-"No it isn't- you see it has your name on it: "userhousefeedback"
-"But its recording me"
-"You can turn it off- the cameras and microphones have a shiny slider"
-"I put the slider of the microphones and cameras to the left"
-"You see, I am not spying on you"
-"Are those cameras and microphones turned off?"
-"Yes they are"
-"But my uncle, who is engineer, says they are still recording- those cameras and microphone"
-"No they don't don't, its opt-in you know"
-"Oh so its opt-in. So if its opt-in how come its still running, I didn't op-in!. When did I opt-in? I put the slider to off!?"
-"I don't see the problem"
-"But I do"
-"I don't like your tone"
-"**** off. Remove the spyware"
-"If you don't like it, nobody is forcing you to use The House"
-"But it's my house, I don't want spyware"
-"Look it doesn't send anything anywhere"
-"But they're constantly recording me"
-"You are rude. I am warning you, you are troll!"
-"Remove the spyware ASAP!"
-"If you don't like The House, then don't use the house, nobody is forcing you"
-"How do I uninstall it then?"
-"Rebuild the house, its up to you"
-"What the ****? You want me to destroy My House? For **** sake! Just remove your **** microphones and cameras!"
-"You are a troll. You're banned!"
philmanjaro
Registered Member
Posts
2
Karma
0
KDE Plasma "kuserfeedback" collecting telemetry data even when disabled

Plasma 5.18 forced upon us a new software component called "kuserfeedback". This is what KDE have chosen to call their shiny new telemetry module. There's a gold rush for data happening, and KDE apparently can't resist the temptation to get on the gravy train.

Of course it is claimed that no private information will be collected. This is hard to argue, as inevitably the data will be tied to an IP address when submitted, and this is much stronger of an identifier than many would have us believe. "we will not use anything that would be considered personal data by common sense" says the privacy policy, and yet my home IP address is static, never changes and can geolocate me within a tight radius. Common sense says it's PII, especially when combined with other data and metadata. It's impossible for end users to ensure it's not utilized.

Besides, what's considered private information is not for KDE to decide. How I use my systems is private information to me. It's not secret, but it's private. If you don't know the difference there, you have no business handling data at all.

Currently, the collected data can be seen in .config/KDE/ and .config/kde.org/ in files starting with UserFeedback. This is happening while the functionality is supposedly "disabled". I assume that means only data transmission is disabled, which I haven't been able to verify, but then again I assumed that data collection was disabled as well. Inside the files there is information like how many times a Plasma component has been started, and for how long it's been used. Seems like absolutely useless information, for now anyway. Why even bother with this? Why go through all this trouble just to collect seemingly useless information? "We do not collect data preemptively or for exploratory research" the privacy policy says. Obviously this has been violated already in the first release.

The amount of information collected is bound to grow, it always does. No one can resist once they have their fingers in the cookie jar. A list of what's currently in the works can be seen here. We'll just be the frogs being brought up to a slow boil. We know this tune, have seen this show many times before. There's always a plan. The time for naivety on this has passed, years ago.

If the information is collected no matter what you choose in the settings, all that information will just sit there. Problem is, it's just one little "oopsie" away from behind transmitted wholesale to KDE. One innocent bug that just happens to sell you out. Or a different application reading and transmitting it, along with who knows what else. User data protection on Linux blows. This information simply shouldn't exist.

To quote the KDE Telemetry privacy policy, "Privacy always trumps any need for telemetry data, no matter how legitimate." Well then, allow us to nuke this thing from orbit, because my need for privacy trumps your supposed needs. You said it yourselves.

Here are some obvious steps to take to make this better:

Make kuserfeedback an entirely optional component of Plasma. There is no excuse for not doing this, don't even try to tell us there's a good reason why Plasma can't function without this component, unless you intentionally design it that way.

Make sure NOTHING is collected when installed and disabled, not a single thing. This is very simple to ensure, if you wanted to.

Rename the module to ktelemetry. User feedback is what happens when we send you an email or write a post such as this one. Involuntary data collection is telemetry, and spying. Windows 10 has already seen to it that telemetry is synonymous with spyware. Call it what it is and spare us the orwellian language. Your privacy policy calls it telemetry, so should the interface.

So I ask: Will any of this be done?

I have tried replacing kuserfeedback with a dummy package on Arch Linux. Plasma simply freezes during startup. No data for you, no Plasma for me.

It is hard to fathom why the KDE developers would want to gamble all the good will they've accumulated over the last few years, just to see how many times I've started up Plasma. Why was this implemented this way? What's the reasoning? Why make it mandatory? Why make it collect information even when disabled?

As you can tell, I don't even mention the option of just scrapping the whole telemetry project altogether, which would be the right course for a project supporting software freedom. I'm old enough to know that when these things are brought in by the powers that be, they're here to stay. Having to manually patch and build Plasma myself will be too much for me. I'll just leave it behind, and I'm sure I won't be alone. I had a mind to donate to KDE. Now I'm just staring at that huge Google logo on the KDE homepage with a bitter taste in my mouth.

Seriously disappointing.
kde-cfeck
Registered Member
Posts
81
Karma
0
If you post this in the Development section, you are probably able to recompile Plasma (and applications using it, e.g. Kate) without the kuserfeedback dependency. That's what I did.

 
Reply to topic

Bookmarks



Who is online

Registered users: Baidu [Spider], Bing [Bot], ChameleonScales, claydoh, fozziebear, Google [Bot], idriskalp, Section_8, Sogou [Bot], spoontex, tymond, visone, Yahoo [Bot]