https://bugs.kde.org/show_bug.cgi?id=466888
Bug ID: 466888
Summary: Violation of KDE Software Privacy Policy
Classification: Frameworks and Libraries
Product: frameworks-kuserfeedback
Version: unspecified
Platform: Other
OS: Other
Status: REPORTED
Severity: normal
Priority: NOR
Component: Telemetry Provider
Assignee: vkra...@kde.org
Reporter: gv...@protonmail.com
Target Milestone: ---
New bug report because the previous one was locked. And did not address data
that are send to server, which are part of the problem.
https://bugs.kde.org/show_bug.cgi?id=418981
Issue:
When telemetry switches on, sends data that were collected while telemetry was
off.
Example:
After 3 years system has saved locally, that okular has been opened 1095 times.
Enabling telemetry now, for the first upload will report all the 1095 starts,
which were collected prior user action.
More details:
When enabled, Kuserfeedback uses previously locally saved data, collected in a
period which telemetry was disabled, to assemble the telemetry data. This can
happen each time a user enables telemetry, for most users the first time. The
problem is not about the local data.
Currently the code does not differentiates the local function, and instead uses
the same status collection mechanism (used for telemetry), to count for the
encouragement message too. To do that it collects all the stats (even with
telemetry set disabled) without ever stopping and uses the start count to time
the encouragement. Up to this point data may be considered local, as have not
been send anywhere and serve the encouragement mechanism. The issue arises the
moment telemetry gets enabled and uses these already saved data to create and
send the first report.
Privacy Policy statement:
"As a general rule, software produced by the KDE Community does not collect,
transmit or otherwise transfer information from end-users devices except as a
result of an explicit user action."
As it is according to this statement, the software should not collect telemetry
data before a user action. Despite that, the data collected, while some of them
serving a local function too, they clearly become telemetry data when the user
enables telemetry; but were collected before the explicit user's action.
Some mentioned solutions:
1. Split telemetry and locally used data, only store locally used data when
off.
2. Only show encouragement message the first time.
3. Change privacy policy. Eg. Removal of world "collect" will aline with the
current behavior "As a general rule, software produced by the KDE Community
does not transmit or otherwise transfer information from end-users devices
except as a result of an explicit user action."
--
You are receiving this mail because:
You are watching all bug changes.
