On Sun, 5 Sep 2021 09:59:09 +0200 "Dr. Nikolaus Klepp via Dng" <dng@lists.dyne.org> wrote:
> Hi! > > Anno domini 2021 Sun, 5 Sep 09:52:11 +0200 > tito via Dng scripsit: > > Hi, > > while reading the latest edition of the PCLinuxOS Magazine, > > I've found this interesting article about KUserFeedback > > at https://pclosmag.com/html/Issues/202109/page09.html > > which relevant parts I copy here for ease of discussion: > > > > " Recently, there was a debate on the PCLinuxOS forum about KDE Plasma's > > implementation > > of telemetry through KUserFeedback. While in PCLinuxOS, we can remove it > > without any > > collateral effects to the system, while other users reported that doing > > the same in other > > distros (like Debian 11) results in the complete removal of KDE Plasma! > > Why force such > > an implementation, if, as KDE's developers say, it is just an innocuous, > > privacy-respecting > > measure? > > > > Coincidence or not, in the past years many popular Linux distributions > > started rolling out > > optional telemetry. Then it was the time of computer programs: news broke > > out in May > > regarding Audacity, a popular audio editing app, which announced it was > > starting the > > use of telemetry. The move was finally pushed back after users revolted > > against it. > > > > But in Plasma's case, it is not just an app or a single distro, but an > > entire desktop > > environment, employed in several Linux distributions, that is being shipped > > with > > telemetry. While many point out that the data collection is by opt-in and > > entirely > > anonymous, others have found that, even if you don't activate telemetry, > > data is > > still collected, using computer resources, registering "apps and boot, > > number of > > times used and duration in /home/user/telemetry folder." As such, they > > argue that, > > because of the way Linux permissions work, other programs could have access > > to these log files. KUserFeedback's FAQs page confirms this: > > > > 'KUserFeedback is designed to be compliant with KDE Telemetry Policy, which > > forbids > > the usage of unique identification. If you are using KUserFeedback outside > > of the > > scope of that policy, it's of course possible to add a custom data source > > generating > > and transmitting a unique id.' > > > > Not being an expert on such matters, it is anyway a little strange the step > > taken by > > KDE and the way it is being implemented by most mainstream distros, as if > > there > > was a certain consternation about it. To better understand the picture, let > > us give > > a look at the organization that maintains the Plasma desktop." > > > > What possible solutions are there to avoid this user data hoarding and > > their > > abuse? > > > > Simple workarounds that I can think off: > > > > 1) allow removal of KUserFeedback by modifying deb deps (rather ineffective > > as most user will not care to do so) > > > > 1a) allow removal of KUserFeedback by modifying deb deps and don't install > > by default unless the way data is collected is changed so that data > > are collected only if opted in > > > > 2) if the user opted out make /home/user/telemetry a tmpfs so that data > > stored > > are forgotten at reboot (easy but not very effective as data could > > still be > > abused in the meanwhile) > > > > 3) if the user opted out create some kind of /dev/null folder (I suspect > > that such > > thing doesn't exist yet) to delete the data in realtime > > > > 4) if the user opted out run cron jobs or other autostart scripts to > > periodically > > (boot, login, logout, hourly etc) delete this data > > > > Comments and better ideas are welcome. > > Don't think a lot of people here use KDE4 :) Hi, I do, that's a lot to me! .....and we ship it in the repos that is a enough of a reason to care about it. cura ut valeas > Anyway, e.g. "audacity" has added "telemetry" and "lawful inspection" a while > ago and was promptly forked > https://www.theregister.com/2021/07/06/audacity_fork/ . Unpleasently there is > still audacity in the devuan/debian repository, so keep an eye open on the > new spyware. > > nik > > > > > Ciao, > > Tito > > > > > > _______________________________________________ > > Dng mailing list > > Dng@lists.dyne.org > > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > > > > > _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
