I hope I found the right place to throw out grand ideas such as this one.
Why?
The "How Much Surveillance Can Democracy Withstand" article explains it far more eloquently than I ever will.
Unfortunately, many people are not aware of privacy-friendly alternatives to popular software and services, and even privacy-minded people often don't fully understand how deeply in trouble we really are, especially when it comes to deeper and scarier issues such as backdoors in binary packages, the Intel Management Engine, or how VPNs aren't as useful as they claim to be. News and scandals come and go, but nothing ever changes...
So, uhm, I think it's time to take awareness spreading a step further, especially now that there seems to be quite an influx of Windows refugees...
What?
Here are just some of the issues that could be reported by KDE software such as Discover, KInfoCenter, and Plasma Browser Integration.
Software Anti-Features
- Proprietary Software - see here.
- Also see the F-Droid anti-feature list.
Hardware Anti-Features
- Proprietary Drivers and/or Firmware may contain backdoors and most often runs at the highest level of privilege.
- Intel Management Engine is essentially a hidden, proprietary OS (with potenial backdoors of course) which runs its own CPU (located on the motherboard), even when the computer is turned off (as long as the motherboard is receiving power), with full access to the RAM and the network. More at Wikipedia..
- AMD Platform Security Processor - similar to the Intel Management Engine. More at Wikipedia..
General Security
- No Sandboxing - sandboxing can mitigate security vulnerabilities, restrict proprietary software in what it can access, and prevent it from gaining a permanent foothold in the system. Remember, running unsandboxed and untrusted code on a modern computer even once can forever render it unsafe for committing thoughtcrime, even after wiping it clean and reinstalling the OS. There are just too many dark corners in modern hardware for backdoors to hide themselves in. Firmware rookits are real.
Package Security
- No/Partial Transport Encryption - transport encryption which can mitigate critical package manager vulnerabilities such as CVE-2019-3462 (unless the mirror is also compromised). In most Linux distributions packages are either downloaded over plain HTTP, and/or the mirrors sync over plain rsync. Solus is a notable exception.
- No Package Signing - package signing prevents compromised mirrors from serving malicious packages. Guilty: Solus, KaOS.
- No Repository Signing - repository signing prevents compromised mirrors from withholding security updates. Guilty: Arch Linux, Manjaro.
- No Security Notifications - even with signed packages and repositories, a compromised mirror can still delay security fixes until the user notices the lack of updates, or the package index expires. This can be prevented by fetching security notifications from the distribution's official servers. As far as I know, only Fedora implements this.
- No/Partial Reproducible Builds - reproducible builds allow anyone to check if a binary package corresponds to its source code by building the source code themselves and comparing the output with the original binary package. This makes it very easy to detect backdoors introduced during the compilation process.
"[...] most software is distributed pre-compiled with no method to confirm whether they correspond. [...] This incentivises attacks on developers who release software, not only via traditional exploitation, but also in the forms of political influence, blackmail or even threats of violence. [...] This ability to notice if a developer has been compromised then deters such threats or attacks occurring in the first place as any compromise would be quickly detected. This offers comfort to front-liners that they not only can [not] be threatened, but they would not be coerced into exploiting or exposing their colleagues or end-users."
More information at https://reproducible-builds.org.
- No Cross-Checking - cross-checking packages against multiple independent mirrors would prevent an attacker who has compromised the developer and one of the mirrors from serving a backdoored package to one specific user who's using the said compromised mirror. I'm not aware of any package manager that implements this. In fact, I got this idea from some obscure article that I can't even find anymore...
Alternative Recommendations
Discover and Plasma Browser Integration could suggest privacy-friendly and preferably free software alternatives to installed software and visited websites, for example:
- DuckDuckGo instead of Google.
- Mastodon instead of Twitter.
- Lutris instead of Steam.
- Tor instead of VPNs.
How?
Well, this is the difficult part, and unfortunately I can't help... Nate Graham also told me that many of my proposed projects cannot be hosted by KDE due to conflicts of interest... Maybe someone can figure something out...