Bug 217889

Summary: Konversation spamming personal information by default without user consent
Product: [Applications] konversation Reporter: Pascal Bakhuis <pBakhuis>
Component: generalAssignee: Konversation Developers <konversation-devel>
Status: REPORTED ---    
Severity: wishlist CC: hein
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Pascal Bakhuis 2009-12-08 17:54:21 UTC
Version:            (using KDE 4.3.4)
OS:                Linux
Installed from:    openSUSE RPMs

Konversation by default is so 'polite' to to read out the system information
for your username. But it does not inform you of this I for one greatly value my online privacy and can't say I'm very pleased with the way this works.

ALWAYS when accessing a users data and doing anything with it over a network the user should be informed of this and be able to prevent this.

There should either be a dialog when it's started for the first time informing you of exactly your default 'identity' settings are and that his info is dumped into channel when you leave it... or should it fill in some random bogus information.

Also, it would be nice to have identities available under config as that's where I looked for such information before connecting to any server, luckily I was informed by another person in the channel that I was spamming my name around so it happened only in a single channel.
Comment 1 Eike Hein 2009-12-08 18:29:23 UTC
The real name as retrieved from the user's system account settings is not "dumped into channels when you leave it" -- if that's what happened, then you probably set that up yourself somehow (if it's a bug, it's not a known one, and something like that would quickly become apparent in KDE's IRC channels).

That said, the real name is retrieved and written to the Default Identity on first startup, and when an IRC connection using that identity is attempted, the name is submitted to the IRC server and can subsequently be read by others using the "whois" command.

There is a set of assumptions and motivations behind that behavior:
1) System accounts have a Full Name data field precisely to avoid the user having to re-enter that information redundantly in applications.
2) Being truthful about one's real name is part of established IRC etiquette (similar to, say, Usenet) -- some networks even have a "network operators may kill clients using obvious real name forgeries at will" policy.

I think an argument can be made here that if you don't want applications to make use of real name information you provided the system with, you shouldn't have entered it.

That said, here's an idea: As submitting a real name to the IRC server is required by the protocol, we already show error dialogs when attempting to create a connection with an incomplete identity (e.g. because the system account had no Full Name set we could retrieve on first startup) or when trying to save an incomplete identity in the Identity Settings dialog. These dialogs could try to offer filling in the missing field from the system account. Then we could leave the real name field empty by default, and give the user this easy way to opt into retrieving the name from the system account and avoiding the typing. The Identity Settings dialog itself could also have a button next to the field for the same purpose.

Complications:
- Getting error dialogs early on certainly makes the first-run experience a lot less friendly.
- It makes the "incomplete identity" error dialog system a lot more complex. An identity may be missing multiple required fields, and currently this is handled with a single dialog showing a list of the fields that need to be edited. That's at odds with the dialog having a button to automatically fill in the real name - it doesn't solve the whole problem, so it'd need to loop back to another dialog with one less complaint in the list. A solution with multiple dialogs is equally ugly. Not to mention it should check first whether the system account has a Full Name set to begin with. The alternative is just going with a button next to the field in the Identity Settings dialog, shown depending on whether the system account has a Full Name set or not. But that might be too hard to discover (assuming it's an icon button with a tooltip for space reasons).
Comment 2 Pascal Bakhuis 2009-12-08 23:30:16 UTC
Thank you for the elaborate response,

I was informed the full text (slightly garbled)
~Pascal@xxxxx-52D8054D.provider.com * Pascal Bakhuis was available to the person who pointed this out to me, so looking back it's not the quit message but non the less the information was available to them.
(was far passed midnight when I created the ticket - so it's a miracle the rest made sense)

"I think an argument can be made here that if you don't want applications to
make use of real name information you provided the system with, you shouldn't
have entered it." 
I don't mind my office suite knowing my name so that Insert field > Author works. 
I do mind when I join some random chat room filled with people I know nothing about suddenly having access to my name. It's behavior I haven't seen in any other Internet related program do without displaying some form of dialog first.
This really should be on a per application base rather than assuming that if the information is provided in one place it can be used in another without consent. 

"2) Being truthful about one's real name is part of established IRC etiquette
(similar to, say, Usenet) -- some networks even have a "network operators may
kill clients using obvious real name forgeries at will" policy." 
As a webdeveloper myself I can also inform you that it's considered proper etiquette for websites to handle userdata with great care and to avoid making this available to the public, and if it is make that very clear. (Well that's 50% etiquette and 50% avoid getting sued)

"- Getting error dialogs early on certainly makes the first-run experience a lot
less friendly."
I wasn't asking for an error dialog but an information dialog or some form that at least informs you the system information has been used. - Popping up the default "identities" window with the fields already filled in allowing customization is reasonable?
It's a one time - one click, doesn't seem too much of an inconvenience considering the privacy benefit.
Comment 3 Eike Hein 2009-12-08 23:52:53 UTC
Ok, here's how this works: When you leave an IRC channel (by closing the channel tab, or the connection, or quit the program - which closes the connection), the IRC *server* will send a message to other clients attending that channel, informing them that you have left. The raw format of this message, as sent by the server to the other's clients under the hood, contains the hostmask of the client that left:

http://en.wikipedia.org/wiki/Hostmask

... and many clients will include this hostmask in the formatted version of the message they show to the user.

As you can read on the page linked above, part of an IRC hostmask is the "ident":

http://en.wikipedia.org/wiki/Ident

Specifically, about IRC:

http://en.wikipedia.org/wiki/Ident#Uses

As explained there, unless you have an actual ident daemon running, the IRC server will fall back to a value provided by the IRC client.

This corresponds to the "Ident" field on the "Advanced" tab of Konversation's Identity settings dialog. Konversation - and by far the majority of IRC clients I'm aware of, i.e. it's the established convention - fills in this field with your system user name by default, which I take to be "Pascal".

So in fact, the particular "dumping of information as I leave channels" you're concerned about actually has nothing to do with the system account Full Name field.

That said, the "Real name" field in the Identity settings is automatically filled in with the contents of the system account Full Name field, which is available to other IRC users via the "whois" command.
Comment 4 Pascal Bakhuis 2009-12-09 00:12:46 UTC
"and by far the majority of IRC clients
I'm aware of, i.e. it's the established convention - fills in this field with
your system user name by default, which I take to be "Pascal"."
By default yes - without having pointed out this to me beforehand, no.
I consider this to be a rather important difference.
Konversation is the first application that displayed such behavior that I have used so far, now I can't say I've vast experience with irc clients as Konversation is most likely only my fourth - but personally I find this unacceptable for any aplication. 
(I wouldn't want my mail client automatically creating a signature based on my system information without informing me of it either) 

Due to the time and wanting to turn in for the night I didn't double check the information and somehow come to the invalid conclusion that it was displayed when leaving the channel. So that bit can be ignored.
All I'm asking for is to display the identity window upon running Konversation for the first time.