Hello, I wanted to know if the KDE applications like : Krita, Okular, … are fine privacy-wise? I know Akregator is already mentioned for news aggregation in PrivacyGuides, and it seems from their website that their do care about privacy. However, so do Microsoft, Google, and Facebook, at least they openly say they care… I wanted to know if you would recommend using other KDE applications. Thank you.
You can read their privacy policy to find out:
KDE doesn’t enable telemetry by default in any apps and all their apps are open source, and auditable.
Users have the option to opt-in to telemetry, and the telemetry is anonymised (This is from their privacy policy) :
At no point will any data which could be used to identify the device or its user be transmitted from the system, and we will not make use of any device, installation or user specific identifiers.
The Linux community is like an easily triggerable mob. You can be sure pitch forks will be sharpened and torches will be readily oiled the moment one of the dev community member even thinks of willfully violating user privacy. The community is not that big and word spreads around relatively quickly.
At the very least, most Linux projects are not actively seeking to lessen your privacy and ruin software security in the name of profit. There will be slip ups but more along the lines of occasional incompetence rather than malice.
And unlike MS, Google, etc. KDE applications (bascially almost all classic linux FOSS programs) are offline first - no cloud, no SaaS, no subscriptions…
The general case is that KDE software is good, and that if there is security or privacy leaking, it wasn’t done as an intentional act and they would receive bug reports for it.
They’re not perfect. For example, I learned last night that there is a bug in baloo6 (the background app responsible for indexing the user’s files to make local file search work fast) that can index and expose certain data in mounted KDE Vaults (the KDE implementation of encrypted folders). This is a big problem, but it is covered on the Arch Wiki and KDE fully acknowledges it is a critical bug and are working to fix it.