> Also without any network application started I don't
> see any packets in tcpdump. So it doesn't look like
> KDE itself is breaking into user privacy.
If I were to write a spyware, I would be very careful not to push the user
hard towards this or that direction. I would lay my web in the features and
hope that most users will use them. IOW, I wouldn't chase after the users,
but just collect the ones who stick to my web of "features".
Therefore, it is clever of a spyware author not to try to connect remote
sites when there's no obvious reason/excuse for it. So, KDE's not sending TCP
packets when all the net apps are down, doesn't impress me. I'm not implying
that KDE contains spyware - I'm just saying that it's not a decisive
parameter for me.
OTOH,
1) KDE was (still is?) being financed by EC.
2) Akonadi + nepomuk couple, depending on how you use it, lays a perfect
foundation (technically) to build sophisticated spyware on. See the main
article in my link (they are explaining it in terms of "power feature", but
please also evaluate it in terms of "spying power"). Again, I'm not drawing
any conclusions, but simply pointing out a powerful feature that can be quite
misused in wrong hands.
2) Akonadi attempts (at least did in the past) to connect remote sites at
shutdown.
These were enough for me to migrate from KDE to LXQt.
