 This is going to be a very short thing because I'd like to get the conference as a whole back on schedule Welcome to the KDE community goals talk about privacy and security by default The Sebastian who was originally going to give this talk could not attend Academy For personal reasons and so we're doing a bit of a lightning talks squash together Hey, here's a bunch of things that KDE the KDE community is working on in terms of privacy so the background to this this Community goal is that in 2017 we had the long drawn out KDE community goals process which resulted at the end of 2017 in one particular fabricator task You can look that up. It's public. It will tell you what was decided and what kind of What was decided to work on for the next three to five years? We have a long-term goal and long-term commitment to protecting privacy and maintaining user security We can boil it down one sentence KDE software labels and promote privacy, but there's also much longer description if you really want to look at it One of the important things that came out of the whole privacy discussion is that Free software can offer its users a fifth freedom The fifth freedom which is the freedom to decide where your data goes and to keep your data Your own you so choose Because a lot of proprietary software nowadays you pay for it Because it's free as a beer you pay for it with your privacy with your data by giving up something That other people apparently want to know Which has value for them So KDE software the stuff we as a community produce can be better can be unique by promoting a Better experience one that a better in the sense of By promoting an experience that preserves privacy and respects your privacy by default See we as a community we don't need to be paid By giving it by you or by our users giving up their price. So by default we don't leave Applications don't leave information either Now to do this to make the KDE software support this we have a lot of work to do Because we've got to make sure that all of our applications actually live up to this promise And so we've bundled panel here for KDE developers from all across the stack from the low down Encryption level stuff up to hey, let's make an entire phone operating system So what we're gonna do is we're gonna have a quick for presentations in a row where each of these Fine KDE developers tells you what they have been working on And Besides our application is not leaking right there is a related problem for some application There is simply no privacy aware alternative Doesn't need the data Digital assistance is one of those subjects the part I looked at is Specifically the travel related features You might know the Stuff like triplet or the features in Gmail that automatically read your email and extract all your Trip related data gives you a nice unified itinerary and all that very convenient Doesn't cost you anything without your privacy I mean it's You'll find the same problem is for example the fitness trackers and all automation Most of what you're looking at applies to that as well Why do we have a problem there? Even if you just look at travel related data, for example That has your name you address your birthday A lot of the financial details Your credit card number Movement profiles passport number, so I mean this is a sensitive as it gets Not necessarily something you want to share is Google any other services So what can we do about that? Build our own alternative, of course And that's what we have been doing in the specific area since the run the meeting last year And we actually have the first bits of this in the last two application releases This part in came out to extract this data locally on your machine without going through any kind of central server Augmenting it with liquid data data also compiled in so no network access for this Send to your phone by a TV connect Mobile application and That's my itinerary for Flying here, and I actually managed to pass through the security check is this is actually worse There's one big challenge in this and this is getting Life data for delays and so on because there's no Free source for that. We need to talk to vendor APIs But yeah, I have a full-scale talk on this tomorrow Okay headers did you did you send me anything? Okay, then we're good So actually we So I'm the heineken will talk a little bit more about encryption and Then the encryption we normally talk about is encrypting the body here So it encrypting the content is once all the problem with new PGP and SMIME But we have more data where we expose Things we want to we don't want to expose and that are all the mail headers and they're actually memory hole tries To make sure that also headers can be encrypted they actually encrypted also inside the the body so we have to extract them and But the problem is if we use camera for example then yeah, we see an encrypted block and Can't access the headers so we don't see from whom the mail is and also the subject isn't Accessible without decrypting the mail so from I'm trying to solve this problem and Decrypting the mail directly Inside K mail to extract the headers and display them so that you can use them as an unencrypted mail and do like searching because currently you can't search in encrypted emails and if you Encrypt the headers to it's even worse than you can't search from for the subject for example I Were going to have a truck and from my company into it's own game behind from all things related to new BG And mostly on the windows distribution of the new BG and kill the truck if you for win so I was asked to talk a bit about K-mail and because Probably if you read some technical news you have heard of this As this was a huge story Where the electronic frontier foundation basically said are people have to stop using email crypto and uninstall everything Which was very bad advice? Especially because K-mail Was tested for example and was shown to be nearly Uninfected and this is because K-mail uses Secure and privacy protecting defaults for example it doesn't Enable h&m and default and no external references which were used in e-fail to extract private data Another big thing was that some maid lines Actually ignored an OPGP integrity protection feature Because New BG would print first the plain text and then just morning all the message has been manipulated on transport K-mail doesn't because K-mail is basically New BG reference implementation which uses new BG as intended through libraries and There you get the proper error and everything is fine Loan policy in the last two years the libraries for new BG plus plus and Made upstream and another part of the official Distribution and they are already picked up by other software like liver office uses Jimmy plus plus which I find it cool because this was the catty buildings in the past Thank you Yeah Just The most The highest goal is basically to automate as much as possible a user shouldn't need to use the other time user shouldn't know What the certificate is what the key is to have basic protection that? He can use private email without any agencies reading them, etc for this we already automated the key discovery With the use of a web p-directory if you're interested in that just search for a p-directory And you will get more information K-mail already supports this so If you for example write an email to myself came I can automatically find the key to use for And the next big thing we want to have Automated trust so you don't have to sign other keys checking a print, etc By tracking the communication history So that was all a dive down in the stack, but now we're going to go broad here's Bushan Basically a Selfish, but still You ask some premium user that what Those companies and selling users data on third-party software. And while we, Katie, have a call of respecting the privacy of the users, Plasma Mobile is one of the projects where we are actively building a solution, which, where the motto is physically, generally, the privacy motto is, your data is safe with us and we are not selling it. But the privacy motto of Katie, in case of Plasma Mobile is, your data is safe with yourself only and we don't need your data. So with Plasma Mobile, we are currently, the Plasma Mobile is still not usable for the users, but we are actively building upon the, actively building a solution, which will not track data, which will provide you a usable product, which doesn't basically sell your data to third-party companies. And also, at the same time, we are actively trying to, actively track the people, the situation with the mobile devices, that basically, we are running an updated software, that I don't know why it works this way, which was released like three to four years ago, basically about 10 years ago, and it, it have like already too many known bugs in it. So, yeah, so this is my project and I will be talking about it after this talk in, after next talk in your detail. Yeah, that's it.