Report security, privacy, and software freedom issues via KDE software
Open, Needs TriagePublic

Description

I hope I found the right place to throw out grand ideas such as this one.

Why?

The "How Much Surveillance Can Democracy Withstand" article explains it far more eloquently than I ever will.

Unfortunately, many people are not aware of privacy-friendly alternatives to popular software and services, and even privacy-minded people often don't fully understand how deeply in trouble we really are, especially when it comes to deeper and scarier issues such as backdoors in binary packages, the Intel Management Engine, or how VPNs aren't as useful as they claim to be. News and scandals come and go, but nothing ever changes...

So, uhm, I think it's time to take awareness spreading a step further, especially now that there seems to be quite an influx of Windows refugees...

What?

Here are just some of the issues that could be reported by KDE software such as Discover, KInfoCenter, and Plasma Browser Integration.

Software Anti-Features

Hardware Anti-Features

  • Proprietary Drivers and/or Firmware may contain backdoors and most often runs at the highest level of privilege.
  • Intel Management Engine is essentially a hidden, proprietary OS (with potenial backdoors of course) which runs its own CPU (located on the motherboard), even when the computer is turned off (as long as the motherboard is receiving power), with full access to the RAM and the network. More at Wikipedia..
  • AMD Platform Security Processor - similar to the Intel Management Engine. More at Wikipedia..

General Security

  • No Sandboxing - sandboxing can mitigate security vulnerabilities, restrict proprietary software in what it can access, and prevent it from gaining a permanent foothold in the system. Remember, running unsandboxed and untrusted code on a modern computer even once can forever render it unsafe for committing thoughtcrime, even after wiping it clean and reinstalling the OS. There are just too many dark corners in modern hardware for backdoors to hide themselves in. Firmware rookits are real.

Package Security

  • No/Partial Transport Encryption - transport encryption which can mitigate critical package manager vulnerabilities such as CVE-2019-3462 (unless the mirror is also compromised). In most Linux distributions packages are either downloaded over plain HTTP, and/or the mirrors sync over plain rsync. Solus is a notable exception.
  • No Package Signing - package signing prevents compromised mirrors from serving malicious packages. Guilty: Solus, KaOS.
  • No Repository Signing - repository signing prevents compromised mirrors from withholding security updates. Guilty: Arch Linux, Manjaro.
  • No Security Notifications - even with signed packages and repositories, a compromised mirror can still delay security fixes until the user notices the lack of updates, or the package index expires. This can be prevented by fetching security notifications from the distribution's official servers. As far as I know, only Fedora implements this.
  • No/Partial Reproducible Builds - reproducible builds allow anyone to check if a binary package corresponds to its source code by building the source code themselves and comparing the output with the original binary package. This makes it very easy to detect backdoors introduced during the compilation process.

    "[...] most software is distributed pre-compiled with no method to confirm whether they correspond. [...] This incentivises attacks on developers who release software, not only via traditional exploitation, but also in the forms of political influence, blackmail or even threats of violence. [...] This ability to notice if a developer has been compromised then deters such threats or attacks occurring in the first place as any compromise would be quickly detected. This offers comfort to front-liners that they not only can [not] be threatened, but they would not be coerced into exploiting or exposing their colleagues or end-users."

    More information at https://reproducible-builds.org.
  • No Cross-Checking - cross-checking packages against multiple independent mirrors would prevent an attacker who has compromised the developer and one of the mirrors from serving a backdoored package to one specific user who's using the said compromised mirror. I'm not aware of any package manager that implements this. In fact, I got this idea from some obscure article that I can't even find anymore...

Alternative Recommendations

Discover and Plasma Browser Integration could suggest privacy-friendly and preferably free software alternatives to installed software and visited websites, for example:

  • Tor instead of VPNs.

How?

Well, this is the difficult part, and unfortunately I can't help... Nate Graham also told me that many of my proposed projects cannot be hosted by KDE due to conflicts of interest... Maybe someone can figure something out...

thechosennone added a comment.EditedOct 3 2020, 6:30 PM

How?

Well following the words of Nate.. (x)

whilst doing so with no other intention than to do his words justice. His position certainly does have merit and is one position among all those in the diverse field of positions one may find themselves arguing for.
I personally, find myself fully in line with the spirit of what I reckon it is that lead you to reaching out to Nate, as well as ex post wanting to again shed some public light on the key issues at stake following your well attentive assesment according to the best of your abilities.
Whilst only time will tell, I have a feeling Nate will in the short to medium term future find himself in the rear view mirror of a significant share of individuals, the betterment of whose Nate says he works to achieve through providing them with a better experience, were they to decide become Users of that created in the spere of his influence and this is a goal, I assume we all share - especially in the light of the corporate tankers being totally in love with subscribers these days.

Thereby imho and obviously not literally, but by the factual nature of the transaction economics at hand, taking us back to the days of regional monarchs who owned land in medieval Europe.
Therefore, the peasnts found themselves in the exciting position of having the great priviledge to work on the monarchs land, whilst understandably so, having to accept this blessing to come at the cost of something. I mean, he provided them with the land - by all means, what can you peasant/ developer do without the great app store, well starve in misery *what else?* - there exists no alternate outcome, that was clearly stated in faithful sincerity over and over again and the smart peast aware of this unalienable truth would faithfully pay his weekly due, but not to forget - also do the same as percentage of every fruit of his his labor, because it was the mere grace of the monarch and yes some help of his labor and the sun, hence how could it be his to keep, it's the monarch *who must not be questioned btw* srsly *mad-monarch=more-misery* k. It was he who enabled all your harvest to ever happen, and by godn here we are not even discussing the security aspect of it. Such a clear cut case. Undoubtably..

In the end those individuals either won't or will come in greater numbers than before, on the belief ofthe latter happening, three of us are united in perfect agreement; likely that is intensfied by us having a similar assesment of the potentially dreadful effects of people leaving big corporations & taking their principle driven demands on work and moreover what it is they create.
Where the greatest disagreement comes to play is, from my conviction that there are two key drivers and one is currently neglected at large imho. People do want to engage with and surround themselves with stuff that they find to be aligned with their values and the world is better for it since that development took place.
However, we enter the arena of lived reality for any ordinary peson, to be far more affected by certain things that unlike Nate, the two of us see as clear matters of principle, hence evoking a sense of urgency and more importantly, a sense of duty in service of everyone (far from the former use of the word 'duty', but maybe I'll hereby start what people will then some day understand to then be the meaning of the word).
There is a need for expanding on the good preliminary work you did when composing the post and bringing forward your argument, I did the same only taking an alternate approach w.r.t. outreach, yet that sould serve as good basis for jointly picking it up from there onwards!

(x) .. "The project itself seems ethical, for sure, it's just not ethical for us to do it because of the conflict of interest I mentioned. That would undermine people's trust in the project and ultimately doom it."
Now

To that I must share my conviction of a. ethics b. cooking c. opensource projectwork and iot craftsmenship d. physics - Must soon have all been an inegral part of any child leaving school, because I do not see an alternate course of action leading to a future that is worthwile.

And at last Then

I must say that the argument made here will in the best case scenario, still be looked at as a similar principle error of highes order, just like changing your mission statement/ CoC preamble from 'Don't be Evil.' - at the point when thinking of how to best argue for that, is the point where the game is lost by catch-22.

My attention is now owed to the sealed Nexus 5X that I fortunately got my hands on, in order to now broaden my practical experience with KDE Plasma Mobile. I can't wait to finally catch up on that!