Xfce Forum

Sub domains

You are not logged in.

#1 2024-03-06 21:20:44

Registered: 2023-11-20
Posts: 35

[WARNING] xdg-desktop-portal-kde installs spyware

For some time now, I tried to use xdg-desktop-portal-kde for alternative File Chooser (though it was not really much more convenient than GTK File Chooser).

During the update today (Arch Linux) I found that a lot of stuff was installed as its dependencies, including "plasma-workspace" ("KDE Plasma Workspace").

Which in turn installed "kuserfeedback", a well known spyware that was reported to collect user activity data, even when it's supposedly disabled, and send it to some servers whenever it got the chance (e.g. accidentally enabled for a moment, or due to update re-configuration, whatever).

I didn't investigate the topic myself, but developers of  "kuserfeedback" were reported as being insincere with users, trying to misguide them and to intentionally block attempts to uninstall kuserfeedback once it was installed.

That's sufficient for me to decide to not use KDE, and now I'm gonna remove xdg-desktop-portal-kde too.

I know for some people I might sound like a tinfoil cap psycho*, as "Honest people have nothing to fear". Well, it's up to you to decide what to do with this information.

I know enough, but don't feel like to explain, how gathering information about people helps to manipulate them (into buying unnecessary stuff, for example) or to discriminate them in certain ways. If you are interested, then it might be worth to investigate by yourself.

* PS. I don't think there's anything wrong with tinfoil caps. Microwaves are harmful. But that beside the point.

Last edited by chang-zhao (2024-03-06 22:09:04)


#2 2024-03-20 03:34:43

Registered: 2023-01-18
Posts: 30

Re: [WARNING] xdg-desktop-portal-kde installs spyware

I have this similar issue with Mozilla Firefox. Turning off telemetry completely requires a bunch of fiddling around with archaic and unguessable settings in about:config. And I'm never confident I got all the settings. They could introduce a new one in an update.

By comparison, KDE stuff has always seems straight forward. There is one simple "slider" type config. Once you turn it off, it stays off. I've never found it mysteriously turned on afterwards. It even seems that either it is opt-in or setting this in one applications sets the default in all others. (I'm not sure; it could even be some distro default that's variable.) And of course the passive information that FF can collect is way more than what any KDE application could dream of. Assuming Kate isn't harvesting my ssh keys or something.

Do you have information, like from a firewall or something, that the KDE portal or one of the deps, is sharing information in the way suggested?


#3 2024-03-25 08:38:13

Registered: 2024-03-15
Posts: 5

Re: [WARNING] xdg-desktop-portal-kde installs spyware

Measure the traffic (with Wireshark for example) and prove everyone right.
Then, the tinfoil will become your crown...

Would be sad to see other FOSS projects go down the drain like Firefox. What a disgrace to privacy!


Board footer

Powered by FluxBB