https://bugs.kde.org/show_bug.cgi?id=516591
Bug ID: 516591
Summary: Disabling modules in KDE Connect (privacy and
security)
Classification: Applications
Product: kdeconnect
Version First 25.04.2
Reported In:
Platform: Debian stable
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: desktop-application
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
SUMMARY
In the desktop application and the Android app of KDE Connect please allow the
user to save the selected modules so that one can disable all but the one(s)
needed.
This is to reduce attack surface, improve security, and protect privacy. It's
very important and I always have to first go to modules and disable each of
them one by one.
It would be additionally be optimal to not select so many modules by default -
maybe only the file sharing one since that is the most commonly used module.
STEPS TO REPRODUCE
1. Start Android app
2. Start app on desktop on Debian
3. Connect them in the most secure way with minimal potential vulnerabilities
where eg bugs or malicious code could make the clipboard on desktop readable
and things like that
OBSERVED RESULT
One has to unselect all the modules manually every time and not forget it and
take the time for it.
EXPECTED RESULT
One should only unselect them once. Also the default should probably not be
nearly all/all modules being enabled.
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Debian 13
KDE Plasma Version: 6.3.6
KDE Frameworks Version: 6.13.0
Qt Version: 6.8.2
ADDITIONAL INFORMATION
Also consider that one may want to use this sometimes to share files with
devices one doesn't trust perfectly such as computers of friends where it's
possible they have some malware. It's always best to keep attack surface
minimal even when it's your own computer and chances of some vulnerability
thought to be rather low.
--
You are receiving this mail because:
You are watching all bug changes.
