I have installed OpenSuse 11.2 with KDE desktop. For testing I created an email-Account in KMail on an email address I would like to keep absolutely “secret”.
Yesterday however I opened K3b for reading out a CD and got the idea to check the K3b settings. I was quite astonished finding one tab in the options dialog with a text field which showed me just the e-mail-address I previously entered in KMail.
So I wonder how and on what purpose K3b starts collecting email-addresses without informing me. Should I take in account that k3b sends this address for user identification to the info-servers on the WEB in order to retrieve “album information” on my personal compact disks? So my next question would be how long it will take to burn this email-address I use for confidential issues.
One more amazing thing concerns Amarok asking me during startup for the master password of my KWallet (if I am not wrong) without telling me what for? Being paranoid I might consider that Amarok also grabs my email-Account-data and uses the password in KWallet to make some nuisance or nonsense at my costs.
Summary: These recent effects arround confidential personal belongings encouraged me yesterday evening to uninstall OpenSuse 11.2. The community should continue this way and Linux will become more untrustworthy than Windows, above all if people don’t use malware and virus scanners because Linux is sooooo safe and certain.
(No I am prepared for comments like: Don’t use KDE, use Gnome! Or: If you use KMail, it’s your fault, use Thunderbird. Or: There is a technical reason for this all, so be quiet!)
With M$ you actually allow them to access your harddrive. Thats in the license agreement. Why K3b starts picking e-mail addy’s I have NO clue !! But I think Amarok was working under the assumption that you might have a last.fm web-radio account, and was looking for log in info in the kwallet. I dunno. Pretty weak, but thats all I could think of.
It’s sufficent to me that they grab or request confidential information without telling me why. For the rest your guess is as good as mine. I wouldn’t trust Linux any more. That’s the sorry point.
It’s no big deal telling me Windows is also a “sh**-hole”. The point is that I wouldn’t be careless under windows because I just don’t expect anything good and have - at the same time - an army of good security tools running to help me against the worst…
-=welcome=- to the forum first time poster HahlenG (an ID never ever
before seen by Google, anywhere on the planet)
i can’t imagine why either Amarok or K3b would have, or need, access
to any of your email addresses in KMail or passwords in Kwallet…
i’ve reviewed your posting history here and see that you have not once
asked to learn why you saw what you claim to have seen, maybe…
nor have you asked how to fix what may have occurred…
*
so, i must conclude you just needed a good screaming and kicking rant
before you slam the door (that is “uninstall”) on this terribly
insecure system and go back to whatever you came from…
sure sounds like a good dose of FUD <http://tinyurl.com/2478pa> to
me…tell me, honestly now, which highly secure operating system are
you posting from today? i ask because i’m always on the lookout for
any system which more secure than the one i’m on!!
When I checked my own k3b settings, found a place for an email address under the Submit tab within the CDDB Settings. (Mine was not fillled in, however).
Is this what you found? I assume (but don’t know for certain) that it is required for the purpose of submitting cddb data, perhaps based on CD’s you are ripping?
Still, the source code is yours for the reading. This is why it’s called Open Source;) No secrets.
Any KDE-application by default will use the email-adress as set in KMail (or the personal configuration in KDEs systemsettings), mostly for bug-reports - this is the only reason I can think of, and it’s pretty logical that it will fetch an addy if available. This, however, does not mean that this adress will be spread without the user knowing it, neither for copyright reasons nor getting CDDB-data (think about it - in what way would that address help anyone to track someone illegally sharing files?).
Amarok never asked me for a password, so I also assume that you have set up something like a last.fm-account.
Remember that KDE and its application are open source and therefore tested and checked by thousands of users, many of them actually being able to look into the code for such spy-attempts. None of what you assume has ever been reported.
It’s good to be sceptic, but being paranoid for the sake of paranoia security-wise is just as bad as not caring at all.
Oh, your logic sounds like this: Be happy, not only k3b sucks your email address from kmail but litteraly every running program. Now just tell me, that all of them are properly tested by the community! Or is it again my fault if I install the wrong ones.
Note: An email program is no chat room!
And: If you go to a shop and someone tells you: Here, sign this sheet of paper. Would you do it without knowing for what? It is the same if Amarok asks me for my KWallet Master password without indicating the purpose.
Finally: The latest law cases in the USA convicting young mothers to tremendous fees because the kid downloaded a single “song” show me, that the content industry is after everyone owning a computer, an MPEG-player etc and that they are willing to do what they want. Of course k3b could be a central point under linux kde.
Means, if k3b should create databases using my email-address, you can’t just be paranoid enough! The problem is usually not the truth but the misinterpretation of data by people only having one intention: YOUR MONEY. Some of them earn more money by suing innocent people than by their own hand’s work.
The OP is complaining about KDE (which imho is better being done in the KDE Forums/Bugzilla). Nevertheless, as long as everybody taking part in this conversation behaves like civilised people, this dicussion has a place in Soapbox.
This is done for convenience - no matter from which application you will send an email, your adress is already given (and this is pretty much the behaviour most users would expect, I think). This can be switched off in KDEs personal settings.
Take a look in the various bugzillas, you will see that there actually are lots of people bughunting and watching the code. K3B has been voted the most popular Linux-application for many times, you can bet it is controlled by many users. And if you won’t trust them as well, take a look in the sourcecode yourself. It’s all there. There’s no need for fantasizing about possible conspiracies.
No. You can always check Amaroks settings for what you might have set up. KWallet will also show you which passwords it has stored when being asked. What you describe is not the default behaviour.
What databases?
The (positive or negative) misinterpretation of applications behaviours by the user will add quite a big deal to that problem.
Seriously, the first time Amarok asks you for a password it SPECIFICALLY states it’s for your last.fm password. So there’s why Amarok is asking you for a password. Easy enough if you read what you’re setting passwords for, before setting passwords.
As for K3b, your email address is used for when you submit a CDDB Audio CD Entry that isn’t currently in the database. Hence it being under the “Submit” tab and not the “Lookup” tab. As others have stated you can erase your email address or the server location if you’re really that paranoid.
One piece of advice: Don’t ever use something until you’re 100% sure what it does.
I see you’ve questioned these on the forum, which would actually be more appropriate on the KDE forums since it’s a KDE application and not an openSUSE specific application, but at least a step to learning about it.
But really, if you actually were concerned about what these programs did, a little common sense goes a long way. Use the internet to find out and until you find out, don’t use them. Once you figure out when you want then use them again, use them. There are plenty of alternatives to each of these as well, although I’d say uninstalling a whole OS just because of those two little things is a little overboard. Just my two cents.
KDE tries to deliver an highly integrated Environment for the user. One of it’s features to do this is Akonadi, which is reponsible for your email adress being available in other KDE applications. But what’s the problem? If somebody gets access to your user-account it’s completely meaningless if they get your address from KMail or from Akonadi. It’s just a different service to store your data. Thunderbird has it’s own.
I don’t know if Akonadi supports (or will support) encryption and/or access-control. That would be cool, of course.
Just the fact that even with antivirus/spybot/malware programs, you can still get infected, would make me think that Windows wouldn’t be an option anymore if he/she’s that paranoid over having your email used to submit CDDB CD Entries and having a password to protect your last.fm account. So much that they uninstalled openSUSE altogether. I mean if it’s not for you, it’s not for you. But going from that degree of paranoia I can’t think of anything other than never directly connecting the computer to the internet.
To the OP: it’s no use getting incensed before you understand what is happening. If you do you’ll only make decisions you may have cause to regret later.
Considering the security angle only, even if k3b and kmail did what you perceived them as doing, it would still be a whole order of magnitude safer than running a ms windows desktop, supposing this is the so-called more-secure system that was referred to. Just disable whatever you don’t like, rightly or wrongly, in KDE (like kwallet).
my 2cw: Coming from a security based / paranoid environment, I can see and “on the surface” relate to his concerns. In the security sensitive industries Windows has long been touted as too insecure to be reasonably used without being governed by a secure server typically Linux. Smaller operations quite often lack the IT depts with the where with all to sheild the user systems. Seeing what you thought as publishing email addresses and showing the world master passwords is just as unnerving in Linux as when you are dealing with M$ ****.
I see this OP as being so unnerved by the misconception possibly due to past experience of a M$ environment to be taking drastic action. It is GOOD that he posted this concern here where the knowledgeable can weigh in to dissolve or defuse the concerns for both this OP and others who might have similar concerns. Being concerned about safety is more important as time prevails.
Using Kwallet IMHO is a very bad idea when you aren’t strong on security understanding! Mail clients by nature are designed to make it easier for users to access email not only through the client but also to provide this ease of access to any user app that may need to send or receive email. If you don’t want your email address shared with your other apps … don’t tell this info to the mail-client.
Be warned that Konversation actually reads out the system settings to find your name and sets this in the ‘identies’. So when you join a chatroom full of strangers they know your name… not something I can appriciate.
I think the OP has somewhat of a point, everything application that gets personal data from places where you never intended it for it to look should at the very least ask for your permission. Reading out system info is all fine and dandy, but it should be accomponied by a dialog window indicating it is doing so.