Privacy Software
Open, Needs TriagePublic

Description

Description

"In 5 years, KDE software enables and promotes privacy"

Privacy is the new challenge for Free Software. KDE is in a unique position to offer users a complete software environment that helps them to protect their privacy. KDE, being community-driven and user-focused, has the opportunity to put privacy on top of the agenda, arguably, being in this position, KDE has the obligation to do this, in the interest of the users.

The effect is expected to be two-fold:

  • Offer users the tools to protect privacy and to lead a private and safe digital life without compromising their identity, exposing their habits and communications
  • Setting a high standard and example for others to follow, define the state of the art of privacy protection in the age of big data and force others to follow suit, thereby increasing pressure on the whole industry and eco-system to protect users privacy better

Leaking user data, allowing users to be tracked, collecting their most private information in databases across the world means that users lose control of their identity and what parts they want others to know, and what they want to keep for themselves. Worse, collecting data in so many places, often commercially, but also by governments means that the user has little way of knowing what is known about him or her, let alone being able to determine who should be able to control what. Data being persistently collected means that not only today's security measures and policies are relevant, but also the future's. This poses a great multiple great risks.

KDE adds a 5th Freedom to the 5 principal software Freedoms:

The freedom to decide which data is sent to which service”.

Personal Risks for Users

Risks that individual users run are, among others:

  • The more data that is collected, the bigger the risk of Identity Theft becomes
  • More collected data means that decisions will be made for the user based on skewed or incomplete information (imagine insurance policies)
  • Collected data may end up in the hands of oppressive regimes, posing risks to the user when travelling, or even at home
  • Blackmail
  • User's most private secrets may end up in the wrong hands

Socio-economic Effects

Socio-economic effects that effect how society, national and international communities work, are:

  • Free speach is compromised
  • Journalists need tools to communicate secretly, lacking that, freedom and independence of press cannot be guaranteed
  • Trade-secrets cannot be kept, free markets cannot function without tools protecting privacy
  • Sovereignty of nations cannot be guaranteed
  • Cyber-attacks may lead to shift in power

What it will take?

TLDR;:

  • Security
  • Privacy-respecting defaults
  • Offering the right tools in the first place

Security

We can only guarantee privacy if we also value security.
Possible approaches:

  • Functioning code-review
  • Quick turn-around times for software updates, especially security fixes
  • Prefer to use encrypted communication where possible, prefer HTTPS over HTTP where possible, avoid unencrypted connections
  • Storing sensitive information only in an encrypted way
  • Moving away from inherently insecure technologies, i.e. default to Wayland instead of X11
  • Avoiding single points of failure and centralized control

Privacy-Respecting Defaults

KDE software supporting this goal should:

  • Only collect and send data when necessary and clear and sensible from within the context. No hidden telemetry sending user stats, not HTTP connections downloading content, no search queries to online services without the users explicit consent (or where it's entirely clear from the context, e.g. web browsers, software updater, etc.).
  • Use anonymity where it is possible, for example by using Tor connections for things like weather updates that don't require user identification
  • No collection of privacy-relevant data without clear purpose.
  • Conservative defaults: a user should not have to make changes to the software configuration to avoid leaking data. Secure and private by default. (Software may be configured to be more leaky if that benefits the user, but the risk to that should be clear, either from context or explicitely stated.)
  • Use clear and consistent UI and design language around network-related options

Offering the Right Tools

KDE needs to make an effort to provide a comprehensive set of tools for most users' needs, for example:

  • An email client allowing encrypted communication
  • Chat and instant messenging with state-of-the art protocol security
  • A webbrowser (self-provided) that has private default settings
  • File storage and groupware solutions
  • Other tools that allow offline operation and independence from popular cloud services
  • Support for online services that can be operated as private instance, not depending on a 3rd party provider
  • State-of-the-art support and integration for services like Tor, Matrix, Zeronet, etc.

Others

  • KDE e.V. allows anonymous donations via bitcoin (or other crypto currencies)
  • Adaption of blockchain where useful

How we know we succeeded

Static and runtime analysis tools:

KDE software can be audited for compliance with common, security related standards, such as:

  • NIST Cybersecurity Framework (NIST CSF)
  • ISO 15408
  • RFC2196
  • Cyber Essentials (UK Government Standard)
  • ... etc.

"Soft" criteria include:

  • Press and 3rd party refer to KDE as carrying the gold-standard for such software
  • Journalists prefer KDE software for their work
  • The NSA hates KDE
  • The CCC loves KDE ♥

Relevant links

I am willing to put work into this

I am interested

sebas created this task.Sep 22 2017, 10:43 AM
sebas updated the task description. (Show Details)Sep 22 2017, 10:52 AM
sebas updated the task description. (Show Details)Sep 22 2017, 11:37 AM
sebas updated the task description. (Show Details)Sep 22 2017, 11:46 AM
sebas updated the task description. (Show Details)Sep 22 2017, 11:59 AM
sebas updated the task description. (Show Details)Sep 22 2017, 12:03 PM
sebas updated the task description. (Show Details)Sep 22 2017, 12:19 PM
bshah updated the task description. (Show Details)Sep 22 2017, 12:59 PM
bshah added a subscriber: bshah.
schwarzer updated the task description. (Show Details)Sep 22 2017, 1:22 PM
ngraham updated the task description. (Show Details)Sep 22 2017, 1:58 PM
ngraham added a subscriber: ngraham.
zimmerman updated the task description. (Show Details)Sep 23 2017, 6:28 AM
graesslin updated the task description. (Show Details)Sep 23 2017, 6:42 AM
ivan updated the task description. (Show Details)Sep 23 2017, 7:50 AM
ivan added a subscriber: ivan.
ojschmidt updated the task description. (Show Details)Sep 23 2017, 12:51 PM
ojschmidt added a subscriber: ojschmidt.
graesslin updated the task description. (Show Details)Sep 24 2017, 6:10 AM
graesslin added a subscriber: graesslin.
jensreuterberg added a subscriber: jensreuterberg.

This is a goal which (hopefully) pretty much everyone in KDE can rally behind (otherwise our Vision, Mission and Strategy would not reflect the community's).

That said, I feel that this goal mixes element of an attainable mid-term goal with things which should guide our work in general, forever (or at least until technological advances might make some of them obsolete).

I see the section "Offering the right tools" as the actual goals part of this: These are very specific things where we can eventually say "Yup,
we now have this.". The "Others" section could also work as additional goals.

For the things in "Privacy-respecting defaults", I'd suggest to remove them from the goal and add those which are not in the Mission/Strategy wiki page ( https://community.kde.org/KDE/Mission ) yet (several of them already are) to that one instead. The reasoning for that is that those are things we don't just want to do in the next five years, but probably forever, since they define how we should make all our software.
Then we could reference back from this goal to the Mission, but those points would affect all other goals as well.

colomar updated the task description. (Show Details)Sep 25 2017, 7:45 AM
sebas updated the task description. (Show Details)Sep 25 2017, 1:06 PM
sebas updated the task description. (Show Details)Sep 25 2017, 1:09 PM
knauss updated the task description. (Show Details)Sep 27 2017, 11:11 AM
knauss added a subscriber: knauss.
sebas updated the task description. (Show Details)Sep 29 2017, 12:38 PM
lydia added a subscriber: lydia.Oct 2 2017, 6:18 PM

To make all goals uniform I suggest a title like "Improve and extend privacy of all KDE Software". (Yeah still a bit boring.)

lydia raised the priority of this task from Normal to Needs Triage.Oct 2 2017, 6:24 PM

I am unsetting the priority to give all goal setting tickets the same priority.

cfeck added a subscriber: cfeck.Oct 2 2017, 7:49 PM
gregormi updated the task description. (Show Details)Oct 3 2017, 8:32 AM
gregormi added a subscriber: gregormi.
neofytosk updated the task description. (Show Details)Oct 3 2017, 7:39 PM
neofytosk added a subscriber: neofytosk.
apol updated the task description. (Show Details)Oct 14 2017, 1:33 PM
laysrodrigues added a subscriber: laysrodrigues.
rishabhg updated the task description. (Show Details)Nov 6 2017, 4:17 PM
sagarhani updated the task description. (Show Details)Nov 7 2017, 7:39 AM
sagarhani added a subscriber: sagarhani.

Thanks everyone for helping draft this proposal. The voting has started. If you are an active KDE contributor and have not received an invitation to the vote please send me an email to lydia@kde.org.

mart updated the task description. (Show Details)Nov 10 2017, 10:48 AM
mart added a subscriber: mart.
lydia added a comment.Mon, Nov 27, 7:56 PM

Congratulations! This task is among the 3 selected ones to focus on for the next 3 to 4 years. It will need all hands on deck to make it reality. If you can help please add yourself to the list in the goal description.

Zren added a subscriber: Zren.Mon, Nov 27, 11:13 PM

Do we have a tag to combine all task that are connected to this? Or how we have an overview what to do?
F.ex. T7430 is one, where we need to have to look at. Because we need to think about how to implement a good proxy support for application and an override structure...

Do we have a tag to combine all task that are connected to this? Or how we have an overview what to do?
F.ex. T7430 is one […]

I don´t know whether it is the right way to go about it, but you can set T7050 as its parent task from the "Edit Related Tasks" menu at the upper right.