As a means to give our work direction and a clearer purpose, KDE is currently in the process of soul-searching. Here’s my proposal of what we should concentrate and focus on in the coming years. I’d welcome any feedback from the community to make this proposal better, and rally up more support from the community, and others interested.

So here’s the Big, hairy, audacious goal that — in my opinion — KDE should focus on, and should adapt its strategy for:

“In 5 years, KDE software enables and promotes privacy”

Privacy is the new challenge for Free Software. KDE is in a unique position to offer users a complete software environment that helps them to protect their privacy. KDE, being community-driven and user-focused, has the opportunity to put privacy on top of the agenda, arguably, being in this position, KDE has the obligation to do this, in the interest of the users.

The effect is expected to be two-fold:

Offer users the tools to protect privacy and to lead a private and safe digital life without compromising their identity, exposing their habits and communications

Setting a high standard and example for others to follow, define the state of the art of privacy protection in the age of big data and force others to follow suit, thereby increasing pressure on the whole industry and eco-system to protect users’ privacy better

Leaking user data, allowing users to be tracked, collecting their most private information in databases across the world means that users lose control of their identity and what parts they want others to know, and what they want to keep for themselves. Worse, collecting data in so many places, often commercially, but also by governments means that the user has little way of knowing what is known about him or her, let alone being able to determine who should be able to control what. Data being persistently collected means that not only today's security measures and policies are relevant, but also the future's. This poses multiple great risks.

KDE adds a 5th Freedom to the 5 principal software Freedoms:

“The freedom to decide which data is sent to which service”.

Personal Risks for Users

Risks that individual users run are, among others:

The more data that is collected, the bigger the risk of Identity Theft becomes

More collected data means that decisions will be made for the user based on skewed or incomplete information (imagine insurance policies)

Collected data may end up in the hands of oppressive regimes, posing risks to the user when travelling, or even at home

Blackmail

User's most private secrets may end up in the wrong hands

Socio-economic Effects

Socio-economic effects that effect how society, national and international communities work, are:

Free speech is compromised

Journalists need tools to communicate secretly, lacking that, freedom and independence of press cannot be guaranteed

Trade-secrets cannot be kept, free markets cannot function without tools protecting privacy

Sovereignty of nations cannot be guaranteed

Cyber-attacks may lead to shift in power

What it will take?

TL;DR:

Security

Privacy-respecting defaults

Offering the right tools in the first place

Security

We can only guarantee privacy if we also value security.

Possible approaches:

Functioning code-review

Quick turn-around times for software updates, especially security fixes

Prefer to use encrypted communication where possible, prefer HTTPS over HTTP where possible, avoid unencrypted connections

Storing sensitive information only in an encrypted way

Moving away from inherently insecure technologies, i.e. default to Wayland instead of X11

Avoiding single points of failure and centralized control

Privacy-Respecting Defaults

KDE software supporting this goal should:

Only collect and send data when necessary and clear and sensible from within the context. No hidden telemetry sending user stats, not HTTP connections downloading content, no search queries to online services without the users explicit consent (or where it's entirely clear from the context, e.g. web browsers, software updater, etc.).

Use anonymity where it is possible, for example by using Tor connections for things like weather updates that don't require user identification

No collection of privacy-relevant data without clear purpose.

Conservative defaults: a user should not have to make changes to the software configuration to avoid leaking data. Secure and private by default. (Software may be configured to be more leaky if that benefits the user, but the risk to that should be clear, either from context or explicitely stated.)

Use clear and consistent UI and design language around network-related options

Offering the Right Tools

KDE needs to make an effort to provide a comprehensive set of tools for most users' needs, for example:

An email client allowing encrypted communication

Chat and instant messenging with state-of-the art protocol security

A webbrowser (self-provided) that has private default settings

File storage and groupware solutions

Other tools that allow offline operation and independence from popular cloud services

Support for online services that can be operated as private instance, not depending on a 3rd party provider

State-of-the-art support and integration for services like Tor, Matrix, Zeronet, etc.

Others

KDE e.V. allows anonymous donations via bitcoin (or other crypto currencies)

Adaption of blockchain where useful

How we know we succeeded

Static and runtime analysis tools:

KDE software can be audited for compliance with common, security related standards, such as:

NIST Cybersecurity Framework (NIST CSF)

ISO 15408

RFC2196

Cyber Essentials (UK Government Standard)

… etc.

"Soft" criteria include:

Press and 3rd party refer to KDE as carrying the gold-standard for such software

Journalists prefer KDE software for their work

The NSA hates KDE

The CCC loves KDE ♥

The full proposal has a little more details and pointers (and may still be updated, it’s not final yet), but I’d like to keep it at this for my weblog, and also add a note here: Coincidentally, shortly after starting the work on this proposal, KDE’s Plasma team was contacted by Purism who are building a privacy-focused phone. I was immediately excited since I think privacy is more or less an extension of the core values of Free software and the librem5 could provide a really valuable target for KDE’s privacy efforts, I see a fantastic degree of synergy there.