Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

You said it. Most users aren't going to go to the trouble. KDE4 is a nightmare from a privacy perspective. It tracks every click in some file. Between that and the growing use of hackable software (Adobe Flash, etc) that opens up your system to exploits and arbitrary code execution, it's a surveillance OS. What really got me was the kdeglobals file (edit: and plasma-desktop-appletsrc). It was tracking every file opened, deleted, or otherwise accessed, for months! You know that little pop-up in the system tray in KDE4 that shows file copy progress and other system notifications? Well, they aren't just displayed, they're logged to kdeglobals. So if you deleted a file named "xyz.abc" 6 months ago, it may be listed in there. (They may have cleaned up some of that behavior with recent updates, I'm not sure - haven't kept up with it.)

That's what these lines in kscrubber clean up:
To me, this is misuse of config files, which should only change when the user changes the settings in either the GUI or by editing the config file. Using config files to maintain histories (so you can't simply delete them a la BleachBit) is plain evil. As is logging all files a user has deleted - what possible service does that provide to the user? And that seems to be the new KDE design philosophy. Almost every KDE program does it, and they seem to be using some API that makes those "Recent Files[$e]=" entries.

I've never had a problem removing those lines. Usually what I do (and what kscrubber does automatically), is I leave the line intact but delete everything after the equal sign. Just close Konqueror before you make the edit - otherwise it may recreate the config files as it closes, overwriting your changes. And of course, make a backup of any config files before editing them.

Here are the sed commands to clean Konqueror for you. I'm going to add these to kscrubber as well - I don't use Konqueror as my file manager anymore so I didn't know the correct lines - now I do.

I know sed can look cryptic but it's not that hard, and it's a powerful automatic line editor. basically the command takes the form:
That means it searches filetoedit for lines containing "xxx". It will change "xxx" on those lines to "yyy". Output is sent to stdout unless you include the -i switch, which means edit the file in place. The \1 you see in my sed replacements above means copy the first part (#1) in parenthesis. Since "Recent Files[$e]=" is in parenthesis, it copies that to the replacement line, but not what follows it. Thus it effectively deletes everything after the equal sign. And sed uses regular expressions, and you need to escape some characters (a left parenthesis "(" as "\(" for example).

So this:
is equivalent to this:
IOW change "Recent Files[$e]=blahblahblah" to "Recent Files[$e]=". And the caret ("^") just means that Recent Files must occur at the very beginning of the line - just narrows the search.

kscrubber has a lot of sed lines to see if you want to work by example. Feel free to ask me what they do if you don't see it.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

And lest anyone be misled, it should be noted that KDE3 apps also track recent files and other histories in config files. KDE4 just does it more extensively, and things like the system notifications manager does it on a system-wide basis. (You can run kscrubber with KDE3. It shouldn't break anything and should clean some stuff, but may miss things that differ from KDE4.)

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

Wow, I-G, many thanks for the detailed tips and instructions, way above the call of duty! Your time isn't wasted, I'm using everything in this thread in some way.

"And lest anyone be misled, it should be noted that KDE3 apps also track recent files and other histories in config files. KDE4 just does it more extensively,..."

Yes, exactly what I meant in one of my posts above. KDE3 seems almost innocent by comparison, though it was anything but. I didn't compare KDE3 to Windows this way. I DO compare KDE4 to Windows wrt the privacy/security issues we are discussing here.

I feel the same way about KDE4 as you do, and I hesitate to say anything here for fear of being tagged a ranter about it, esp as so many folks are sooooo in love with KDE4. When I use KDE4 it feels like driving an overloaded, sluggish, sometimes inconvenient, large luxury car instead of driving a nice, smart, tight, responsive, snappy (and relatively transparent) Honda Civic! Which happens to be what I bought recently, a new 2009, as basic as they had on the lot (power windows, radio, AT, and A/C). When the salesman asked me what I was looking for, I pointed at my little white 1991 Toyota Corolla, 5-sp, and said, "I want THAT new, and I'd pay you $13,000 cash for it on the spot." ... This is NOT OT, btw

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

Are they? Well, to each his own. I'm sure the KDE4 devs are responding to what a majority of people like. That excludes me! And as far as discussing its pros and cons, and I don't think they'll tag you a ranter unless they're fanboys.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

@I-G thanks for the script i like to keep a clean system , and this will certianly beat cleaning it all by hand


@ QQmike funny you should mention that civic, i have owned a few in fact i just got a used 97 accord. this week, but it's just not quite the same as my old 91 civic .

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

(I moved this post to Social )

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

This thread is already far too long and veering erratically off-topic BUT:

The difference between KDE3 and KDE4 is a classic example of the "second system problem" which was identified by Fred Brooks, the fellow in charge of developing OS/360 for IBM, in a book called "The Mythical Man-Month", (There is a picture of a bunch of animals being caught in the La Brea Tar Pit on the cover). His purpose was to explain why OS/360 was so much larger and slower than IBSYS (and took so much longer to develop)* It was the first serious study of software engineering, but it applies equally well to almost any large scale technological development project, e.g. Boston's "Big Dig".

Essentially, when a team of developers is tasked with generating a new version of a complex system that they have previously developed, they regard it as an opportunity to include all of the "great ideas" that were left out of the original system because of limitations on development time, system size, and speed. THIS TIME, they have the chance to DO IT RIGHT!

* For the youth: OS/360 was the operating system for a series (s360) of IBM mainframes that were developed in the 1960s. The 360 series replaced the 7000 series that used the IBSYS operating system.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

Well, that is part of it, no doubt - kind of like pork-barrel politics. But I think that is being generous. A larger facet IMO is the tendency of committees to create monstrosities, and ugly ones at that. Linux was started by Linus, not a committee. Apple was started by a couple of guys in their garage. Once things reach the proportion where they are designed from the bottom by a larger group, you lose that creative simplicity at the heart of great designs.

Then there is the sequel idea in there too. Everybody knows when it comes to movies that sequels usually suck. I think it applies to software too, especially when they try a 'great new sequel' of something popular, instead of just a great new something on its own rights. We all want to see the sequel because we love the original, but rarely is the sequel much more than a shadow of the original.

Then there is big money and evil corporate interests. They ignore smaller startups. But when it comes to recreating something popular and having a chance to get their sweaty hands on it, they all start drooling. I see a lot of bad decisions coming down from high, and many of them are probably not innocent, but dirty back-room politics. Humpty didn't fall, he was pushed.

I think the 80s were the hey day of the personal computer. I was weird for having my own computer at home - it was one of those weird hobbyist things back then, like collecting stamps or doing Civil War reenactments. Either you got it or you didn't. There wasn't any spam on the BBSes. Who wants to pay long distance charges to leave spam, and what is spam anyway?? There was no erectile dysfunction back then, or at least no one was sending me email about it. There wasn't any email per se either, just messages from friends.

Then the AOLers came onto the beach with their inflatable swim toys and that was the beginning of the end. I think the best we can do now is keep a little of that 80s spirit alive in things like non-mainstream linux, writing our own code, and having fun with it. The new hardware is the bees knees if you open it up and let it actually RUN, instead of keeping it weighted down with heavy junk. Sure beats my VIC-20 with 3.5K of RAM. (I still write tight code.) It's the modern software philosophy that's mostly evil, so choose carefully. I find watching 80s movies once in awhile helps... "ah the good ol' days". Now I know what Grandpa meant.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

@ I-G, from Reply #32
Quote:
7. I didn't see any sign that BleachBit cleaned /var/log or /tmp, both of which can contain private user info.


Hmmm, I'm getting quite a bit of stuff on the BleachBit Preview for /var/log and /tmp.

Btw, it appears that it may be safe to delete ALL of /var/log including the folders, is that what you've experienced?

On a fairly new 9.10 installation, I got this from BleachBit:

for /var/log:
Disk space to be recovered: 2.5MB
Files to be deleted: 59

for /tmp, just a few:
Delete 4KB /tmp/ksocket-mike/KSMserver__0
Delete 0 /tmp/kde-mike/closeditems/_1.58
Delete 4KB /tmp/kde-mike/plasma-desktopPM1549.tmp
Delete 4KB /tmp/kde-mike/plasma-desktopkt1549.tmp
Delete 4KB /tmp/svbo.tmp/svp6.tmp
Delete 0 /tmp/svbo.tmp/svpi.tmp
Delete 12KB /tmp/svbo.tmp/svpa.tmp
Delete 12KB /tmp/svbo.tmp/svp8.tmp
Delete 44KB /tmp/svbo.tmp/svpc.tmp
Delete 4KB /tmp/svbo.tmp/svpe.tmp

for /var/tmp:
Disk space to be recovered: 5.5MB
Files to be deleted: 151

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

Some daemons will lock up, refuse to start, or have other problems if their /var/log subfolder is deleted, so it's generally more stable to just delete files. You can delete all the files in /var/log and subfolders with
Or substitute "rm" above with the shred tool of your choice.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash



I got curious and looked at what was in kdeglobals and plasma-desktop-appletsrc on my 64bit Kubuntu 9.10 fully udpated system.

Nothing but configuration statements. No tracking data was present. No keyboard loggings. Nothing but config statements.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

In kdeglobals I found these entries:
And plasma-desktop-appletsrc was the one where the system notifications would be recorded long-term - for example for large files copied and other actions which generate a notification in the system tray...

As for why you don't see those in yours, maybe it has something to do with what applets or KDE software is installed, or how it is configured. It's also possible that they've removed that behavior. Given the amount of entries it was producing it seemed like troublesome behavior, so that's possible. But when cleaning a system I recommend checking those files.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

re: kdeglobals and plasma-desktop-appletsrc

And sometimes you gotta work it awhile for private-info entries to appear.

This does make you wonder, though, what folders in KDE4 might contain private info. I suppose you have to search them all. I saw at BleackBit a dev rig up some commands to look (a strace call and a tail); and I-G posted a similar method. (None of which I understand, all of which are on a TO DO. With your tips I-G, I did get the sed-ing statement down pretty well (as applied to what we are doing here).) You have to ask, What did I NOT catch? and how critical is that, would it make any "privacy" difference?

There are different opinions re /tmp and /var/tmp. However, I-G, if you run those in RAM disk, that seems to be proof that you can delete them, say before logging in or when not in KDE.

A bit disconcerting that private info has been embedded in config files on the right side of equal ("=") signs! Thus, the sed-ing. But that seems a bit slippery to me from a programming standpoint, no?

Thanks for your reply above.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

Oh, I see what you are finding. I didn't consider those entries as "tracking" me. The first is merely is short history of past directory browsings, which I find very useful IF I want to visit a directory I've recently used in the past, which is a frequent occurance. The second is also a history list of local and network URLs that I've used, and for the same reasons as the Directory browsing history. One also must assume there are "hidden executables" (IN FOSS software like KDE4?) which could regularly connect with some Internet server and upload my browsing history.
I doubt that such applications and mechanisms exist except for the "Help us debug" request, but when those are sent up you are in total control.

Sorry, I-G, I looked at every line in my plasma-desktop-appletsrc file and didn't see anything that could be used to track activities with sources, destinations or other personal info. The only URLs I see are configuration links to *.desktop files.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

Use grep (to look inside files) and find (to look in file and folder names). kscrubber has a --check function as well (that uses grep and find on your behalf). For example, create a text file named abcxyz.txt (or any fairly unique name), open and edit it with various apps, Dolphin, etc., then search your system for "abcxyz". With kscrubber you can do this with:
(you might also check /tmp and /var)

Then try cleaning and do the check again.

In my experience, /var/tmp/ can be completely cleared as long as KDE is not yet running without creating instability. (Delete it while a KDE user is logged in and you may need a reboot). Deleting everything in /tmp can cause severe if temporary system breakage, again requiring a reboot, sometimes two reboots.

If you mount /var/log with tmpfs, you may need to create some folders in /var/log before daemons start, perhaps using /etc/rc.local. For example...