cd ..

Krita: Digital Painting & Image Editing

# Graphics Design # Open Source # No Telemetry
DarkSword

Krita

Table of contents

Open Table of contents

Overview

Krita is a professional, Free, and Open Source (FOSS) painting application designed for concept artists, illustrators, matte and texture artists, and the VFX industry. It is built on the Qt framework and KDE Libraries, offering a comprehensive toolkit for creating digital art, comics, and animations. Unlike many proprietary competitors, Krita does not require a subscription or user account to function.

Privacy & Security Audit

This audit analyzes the application’s behavior based on the source code of KisApplication.cpp, KoQuaZipStore.cpp, and kis_exif_io.cpp.

Telemetry & Data

Analysis of KisApplication.cpp

The startup sequence in the KisApplication::start() method was examined for data collection mechanisms.

  1. Absence of Analytics: The code imports standard libraries (KConfig, QStandardPaths) but excludes third-party telemetry frameworks (e.g., KUserFeedback).
  2. Network Silence:Technical Evidence: The application does not instantiate QNetworkAccessManager or configure network endpoints during startup. Krita does not attempt to establish an internet connection on launch. The application remains network-silent until the user manually initiates a download (such as resources or updates).

Audit Result: Krita initializes with zero forced telemetry. No data is transmitted to remote servers.

Cryptography

Analysis of libs/store/KoQuaZipStore.cpp

Krita saves documents in the .kra format using the QuaZip library.

  1. File Structure: When writing data, the openWrite method is called:
bool r = dd->currentFile->open(QIODevice::WriteOnly, newInfo, 0, 0, Z_DEFLATED, dd->compressionLevel);
  1. Encryption Status (Technical Evidence): The method is called without a password parameter. The source code contains no calls to setPassword. A .kra file is a standard ZIP archive. Users can verify this by renaming the file extension to .zip and opening it with any archive manager. This confirms that layers, images, and metadata are stored in the clear.

Audit Result: Data is stored at-rest without encryption.

Metadata Handling

Analysis of libs/metadata/kis_exif_io.cpp

Krita uses the Exiv2 library to handle image metadata.

GPS Data Retention: The loadFrom method processes GPS data explicitly:

} else if (it.groupName() == "GPSInfo") {
    store->addEntry({exifSchema, it.tagName().c_str(), exivValueToKMDValue(it.getValue(), false)});
}

Technical Evidence: This code confirms that Krita preserves GPS coordinates and other metadata (Camera Model, ISO, Date/Time) when opening and saving images.

Audit Result: Krita does not automatically strip privacy-sensitive metadata.

Source Code & Auditing

License: The project is licensed under the GNU General Public License, Version 3. This ensures the software is Open Source and fully auditable.

Identity

Authentication Flow:KisApplication.cpp contains no logic for cloud authentication, login prompts, or account verification. The application relies entirely on the local operating system session. No unique user IDs or tokens are generated.

Usability

Krita offers a professional-grade interface with a steep learning curve. The absence of forced registration creates a distraction-free environment. However, the complexity of tools can be challenging for beginners.

Pros & Cons

Pros:

Cons:

Verdict

Krita is a privacy-centric tool for digital artists. The audit confirms a clean local startup process free from surveillance mechanisms.

Security Note: Krita does not encrypt artwork files. If a device is lost or compromised, .kra files are readable by anyone. For maximum security, I recommend using full-disk encryption (Windows BitLocker, macOS FileVault, or Linux LUKS), as Krita prioritizes performance and open standards over file-level cryptography.

Resources & Links

Share
Anterior
Tux Paint: Cross-Platform Drawing Tool
Siguiente
Kodi: Open Source Media Center Software