Hi,
while reading the latest edition of the PCLinuxOS Magazine,
I've found this interesting article about KUserFeedback
at https://pclosmag.com/html/Issues/202109/page09.html
which relevant parts I copy here for ease of discussion:
" Recently, there was a debate on the PCLinuxOS forum about KDE Plasma's
implementation
of telemetry through KUserFeedback. While in PCLinuxOS, we can remove it
without any
collateral effects to the system, while other users reported that doing the
same in other
distros (like Debian 11) results in the complete removal of KDE Plasma! Why
force such
an implementation, if, as KDE's developers say, it is just an innocuous,
privacy-respecting
measure?
Coincidence or not, in the past years many popular Linux distributions started
rolling out
optional telemetry. Then it was the time of computer programs: news broke out
in May
regarding Audacity, a popular audio editing app, which announced it was
starting the
use of telemetry. The move was finally pushed back after users revolted against
it.
But in Plasma's case, it is not just an app or a single distro, but an entire
desktop
environment, employed in several Linux distributions, that is being shipped with
telemetry. While many point out that the data collection is by opt-in and
entirely
anonymous, others have found that, even if you don't activate telemetry, data is
still collected, using computer resources, registering "apps and boot, number of
times used and duration in /home/user/telemetry folder." As such, they argue
that,
because of the way Linux permissions work, other programs could have access
to these log files. KUserFeedback's FAQs page confirms this:
'KUserFeedback is designed to be compliant with KDE Telemetry Policy, which
forbids
the usage of unique identification. If you are using KUserFeedback outside of
the
scope of that policy, it's of course possible to add a custom data source
generating
and transmitting a unique id.'
Not being an expert on such matters, it is anyway a little strange the step
taken by
KDE and the way it is being implemented by most mainstream distros, as if there
was a certain consternation about it. To better understand the picture, let us
give
a look at the organization that maintains the Plasma desktop."
What possible solutions are there to avoid this user data hoarding and their
abuse?
Simple workarounds that I can think off:
1) allow removal of KUserFeedback by modifying deb deps (rather ineffective
as most user will not care to do so)
1a) allow removal of KUserFeedback by modifying deb deps and don't install
by default unless the way data is collected is changed so that data
are collected only if opted in
2) if the user opted out make /home/user/telemetry a tmpfs so that data stored
are forgotten at reboot (easy but not very effective as data could still be
abused in the meanwhile)
3) if the user opted out create some kind of /dev/null folder (I suspect that
such
thing doesn't exist yet) to delete the data in realtime
4) if the user opted out run cron jobs or other autostart scripts to
periodically
(boot, login, logout, hourly etc) delete this data
Comments and better ideas are welcome.
Ciao,
Tito
_______________________________________________
Dng mailing list
[email protected]
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
