Default "privacy" settings don't respect privacy

Bug #50387 reported by Lorenzo J. Lucchini
4
Affects Status Importance Assigned to Milestone
kdenetwork (Ubuntu)
Won't Fix
Medium
Unassigned

Bug Description

Binary package hint: kopete

To reproduce on a default Kubuntu Dapper installation:

1) Start Kopete
2) Right click on the tray icon, select "Configure..."

*Problem A*

3) Select "Behaviour", and go into the "Away settings" tab
You will see that "Become available when detecting activity again" is activated.

*Problem B*

3) Select "Accounts", select any Jabber account (or create one), then select "Modify..."
You will see that "Always send notifications" is enabled, and all three possible notifications are enabled.
If my understanding is correct, those options (specifically the second and third ones) send third parties information about keyboard and mouse events happening on the user's desktop, as well as information about window focus.

*Problem C*

Proceed as in problem B.
You will see that "Hide system and client info" is disabled. While this is probably harmless in most cases, I do not see a compelling reason for OS information to be sent by default by an instant messanger client.

I do not know if these or similar problems happen with account types other than Jabber.

Revision history for this message
Frode M. Døving (frode) wrote :

I agree with all problems and can confirm the behavior.
This is also true for the MSN protocol.

Problem B is especially a bad default in my opinion.

Is this something we can set in kubuntu-default-settings? Or does the fact that this is per-account settings make problems?

Revision history for this message
Frode M. Døving (frode) wrote :

assigning and confirming.

Changed in kdenetwork:
assignee: nobody → kubuntu-team
status: Unconfirmed → Confirmed
Revision history for this message
Kenny Duffus (kduffus) wrote :

Personally I'd have thought A and B were the normal settings and see no problem with them, as it is me the user that adds contacts for communicating with, so sharing info with people that you have chosen to communicate with doesn't sound bad

Revision history for this message
Lorenzo J. Lucchini (ljl) wrote :

*Communicate*. The natural assumption (at least *my* natural assumption) is that by adding an user, the information I will share with them will be the *messages I send to them*.

I will also share my online status ("offline", "online", "available", etc.), but I can choose that status from a very clearly visible chooser in the main Kopete window.

Any other information buried into nested configuration dialogs is *not*, in my opinion, a kind of information-sharing that is "natural" of an instant messenger.

Let's make a comparison: when I choose to register online a product that I have downloaded or bought, I am certainly *not* expecting it to send information listing, say, all the programs that I have on my machine or the contents or the contents of my filesystem --- even though I am voluntarly enaging in information sharing with the software product's maker.

Revision history for this message
Kenny Duffus (kduffus) wrote :

I haven't seen any evidence from your bug report that kopete is sending information listing all the programs that you have on your machine or the contents of your filesystem, if that is the case then please update the bug description.

Revision history for this message
Lorenzo J. Lucchini (ljl) wrote :

I'm sorry, English is not my native language. I must not have made it clear enough that I was making a parallel, a comparison. I was.

Revision history for this message
railk (freerailk) wrote :

A seems normal enough to me, as it's meant so friends can see whether I'm available to answer they're instant message.
B... I like the bit where chat partners can see whether i'm typing anything, I do find that generally useful. Delivered notifications is also fine I guess, since my partner might be interested whether I'm getting his messages or not. The other option, the displayed notification, seems rather excessive...
C, I also fail to see the rationale behind this feature of the jabber protocol. The point of the protocol is that it is universally the same, what difference does it make which client or OS I'm using?
However I accept that all 5 options here are invasion of privacy, however minor, so if a high level of privacy is a target of the defaults, then all 5 options should be disabled. If, on the other hand, a target is similarity to other clients of the protocols, I guess they should be left enabled.

For the record, MSN accounts in Kopete also have such "privacy" options.
"Send client information" is ticked by default, and the "What's this?" entry recommends that it is left ticked (no reason given).
"Send typing notifications" is also ticked by default
and "Expose my Jabber account to other users", also ticked by default if you have a jabber account with your account's ID entered in the associated box.

Revision history for this message
Jonathan Riddell (jr) wrote :

General consensus at kubuntu meeting was to agree with A and B but C is no worse than web browser ident. Subscribing tonio, our kubuntu-default-settings hero.

Kenny Duffus (kduffus)
Changed in kdenetwork:
importance: Untriaged → Medium
Revision history for this message
Anthony Mercatante (tonio) wrote :

I must say I totally disagree that kubuntu meeting decision.
To me there is no point calling this "privacy respect".

This is probably more "paranoia" and honnestly, goes against simplicity and usability.
Would you like everyone, including noobs and non-geek users to manually set their status everytime they come in front off the computer ? First, they won't, but they'll probably think kopete simply sucks because it doesn't support something that is a common setting in all IM arround the world.

If providing the status is a privacy violation, it is probably better to unplug any network cable, since even an IP address gives more informations than this with ICMP...

Concerning problems A or B, MSN, ICQ, YIM or AIM are already supporting this kind of functionnalities and that globally feets with the needs of the masse.
Why are they so successfull while Google Talk isn't ? Because of those functionnalities.

The purpose of an instant messenger is to be simple, almost automatic, and give informations "instantly".

Beeing informed that the remove guy is typing something (problem B) is very usefull cause it makes the discussion more interactive. I will wait in that case to post again since my next message could depend what the guy is saying.

Those functions can be deactivated for the *rare* personns who appreciate to control everything on their machine and that are concerned by any kind of informations their software can provide.

But reguarding making that a default setting is a simplicity regression and functionnalities regression.

I would really appreciate this to be re-discussed during the next meeting, since I really think changing those settings would be a very critisized decission when edgy is out.

Revision history for this message
Harald Sitter (apachelogger) wrote :

I am so closing this report right now :P

In > 2 years no one seemed affected enough to do anything about this complaint, so I guess it is really just paranoia, like Tonio said.

Changed in kdenetwork:
status: Confirmed → Won't Fix
assignee: kubuntu-team → nobody
Revision history for this message
Lorenzo J. Lucchini (ljl) wrote :

Err, "do anything"? I reported the bug - I was under the impression that, the issue being merely a matter of default settings, there wasn't a need to actually submit a patch.

I'm still quite concerned about my system sending information to others without my explicit consent or knowledge, I really do hope this doesn't apply to other components of my Kubuntu installation, and I find it a bit weird that something is labelled as "paranoia" merely because nobody "did anything" about it (when "doing anything" is merely a matter of changing defaults), while it appears to me, from the above comments, that there was discussion internally to the development team and, at a stage, agreement with my concerns.

I also urge people, when closing bug reports, to avoid demeaning the bug reporter as part of the reason for closing.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.