Big Hairy Audacious Goal: Privacy Software

Volker Krause vkrause at kde.org
Sun Aug 20 20:12:21 BST 2017 

On Saturday, 19 August 2017 13:37:54 CEST Volker Krause wrote:
> On Friday, 18 August 2017 18:14:22 CEST Sebastian Kügler wrote:
> > So, I could use some help with this, in the form of how this can be
> > structured, in what form it will be useful, more ambitious, and very
> > importantly measurable: I want us to be able to sit down in two years
> > and check: Are we on track? Do we need to change our approach? Do we
> > need to work harder? And of course: Did we achieve our goal?
> > 
> > Your thoughts and input?
> 
> Obviously an idea I can support :)
> 
> I have been looking a bit into how to verify the leak and transport
> encryption aspects. Using something like
> https://github.com/iovisor/bcc/blob/master/tools/tcpconnect.py as a
> low-impact long-term recording and adding a decent filter/aggregation tool
> for the result should allow us to also find rare short-lived TCP
> connections and pin them on the responsible application.
> 
> Port numbers provided by this give a first hint on transport encryption, but
> I'm still hoping for something better to verify this automatically and with
> a lower impact than a long running Wireshark session.

Despite the still very primitive tools and just a few hours worth of data, 
there is actually a surprising amount of findings...

Lacking transport security:
- https://phabricator.kde.org/D7408
- https://phabricator.kde.org/D7414
- https://phabricator.kde.org/D7428
- a number of feeds on planet.kde.org

Unnecessary network operations:
- https://phabricator.kde.org/D7410
- https://phabricator.kde.org/D7438

Dubious SSL code:
- https://phabricator.kde.org/D7439

Anyway, I think this proves the approach is viable :)

> Another aspect to check might be if we are still storing sensitive
> information like passwords outside of KWallet.

Clear and consistent UI language around network-related options is probably 
also worth looking into. It's pretty clear that e.g. adding a mail account 
will involve network operations, but it's far less clear if that is properly 
configured regarding transport security. And for options like "Enable Gravatar 
support" many people might not realize that this involves sending data to a 
web service.

Reviewing SSL error handling code could also be interesting, considering 
D7439.

Regards,
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-community/attachments/20170820/a513f2ae/attachment.sig>

More information about the kde-community mailing list