I have discovered (yesterday) GNOME-ACTIVITY-JOURNAL

It is a Tracking SW that stores everything you do (even text
snippets one cuts/pastes from/to clipboard), opened files,
visited web, emails.

I am still far from exploiting its power (and dunno whether
or not it is possibile to filter off some useless things
stored, to reduce the amount of data to revise later), but
one thing is really "WORRYING" ... I installed it TODAY, and
it has made available activity traces dating back to more
than a month ago.

It seems that is able to tap to informations that the system
just stores by itself (where ? logs ? whose logs ?) or by
some of its services (SystemD logs ?). And I find it
somewhat worrying both the number of detailed traces of
usage stored and the fact that GNOME-ACTIVITY-JOURNAL does
not even ask for password to retrieve such info.

Apart from this, it seems a really powerful program and able
to improve "productivity" and daily schedule, recovering
suspended task, and finding past activities. So my
evaluation stays very positive on this program.

Now the problem I will inquiry over is : why and how much
usage traces I leave behind like a slime :D

--
1) Resistere, resistere, resistere.
2) Se tutti pagano le tasse, le tasse le pagano tutti
MarioCPPP

On 15/04/23 20:26, David W. Hodgins wrote:
> On Sat, 15 Apr 2023 12:20:07 -0400, MarioCPPP
> <NoliMihiFrangereMentulam@libero.it> wrote:
>
>>
>> I have discovered (yesterday) GNOME-ACTIVITY-JOURNAL
>>
>> It is a Tracking SW that stores everything you do (even text
>> snippets one cuts/pastes from/to clipboard), opened files,
>> visited web, emails.
>>
>> I am still far from exploiting its power (and dunno whether
>> or not it is possibile to filter off some useless things
>> stored, to reduce the amount of data to revise later), but
>> one thing is really "WORRYING" ... I installed it TODAY, and
>> it has made available activity traces dating back to more
>> than a month ago.
>>
>> It seems that is able to tap to informations that the system
>> just stores by itself (where ? logs ? whose logs ?) or by
>> some of its services (SystemD logs ?). And I find it
>> somewhat worrying both the number of detailed traces of
>> usage stored and the fact that GNOME-ACTIVITY-JOURNAL does
>> not even ask for password to retrieve such info.
>>
>> Apart from this, it seems a really powerful program and able
>> to improve "productivity" and daily schedule, recovering
>> suspended task, and finding past activities. So my
>> evaluation stays very positive on this program.
>>
>> Now the problem I will inquiry over is : why and how much
>> usage traces I leave behind like a slime :D
>
> According to
> https://en.wikipedia.org/wiki/GNOME_Activity_Journal it uses
> https://wiki.archlinux.org/title/Zeitgeist which is what
> records the activity.

Maybe my English is poor enough not to be clear.
My perplexity arose not from the fact it relied on
Zeitgeist, but that it was able to exploit data well in
advance of its own install. Where such data came from ? Why
were they just in place to be fetched ? I dunno. But I am
completely ignorant which activities are normally LOGGED and
where and by who (I had suspected SystemD not because of
particular reasons, but since I knew it had its own journal,
not restricted to file system operations).

Have I been more clear ? The recordings turned up "from a
former past", as if sth was just recording before installing
Zeitgeist / gnome activity journal (zeitgeist was installed
contextually, as a dependency)

tnx for reply

>
> Regards, Dave Hodgins

--
1) Resistere, resistere, resistere.
2) Se tutti pagano le tasse, le tasse le pagano tutti
MarioCPPP

On 2023-04-15 18:20, MarioCPPP wrote:
>
> I have discovered (yesterday) GNOME-ACTIVITY-JOURNAL
>
> It is a Tracking SW that stores everything you do (even text snippets
> one cuts/pastes from/to clipboard), opened files, visited web, emails.
>
> I am still far from exploiting its power (and dunno whether or not it is
> possibile to filter off some useless things stored, to reduce the amount
> of data to revise later), but one thing is really "WORRYING" ... I
> installed it TODAY, and it has made available activity traces dating
> back to more than a month ago.
>
> It seems that is able to tap to informations that the system just stores
> by itself (where ? logs ? whose logs ?) or by some of its services
> (SystemD logs ?). And I find it somewhat worrying both the number of
> detailed traces of usage stored and the fact that GNOME-ACTIVITY-JOURNAL
> does not even ask for password to retrieve such info.

Why should it? You already logged in, and it is your own data.

>
> Apart from this, it seems a really powerful program and able to improve
> "productivity" and daily schedule, recovering suspended task, and
> finding past activities. So my evaluation stays very positive on this
> program.
>
> Now the problem I will inquiry over is : why and how much usage traces I
> leave behind like a slime :D
>
>
>

--
Cheers, Carlos.

On Sat, 15 Apr 2023 12:20:07 -0400, MarioCPPP <NoliMihiFrangereMentulam@libero.it> wrote:

>
> I have discovered (yesterday) GNOME-ACTIVITY-JOURNAL
>
> It is a Tracking SW that stores everything you do (even text
> snippets one cuts/pastes from/to clipboard), opened files,
> visited web, emails.
>
> I am still far from exploiting its power (and dunno whether
> or not it is possibile to filter off some useless things
> stored, to reduce the amount of data to revise later), but
> one thing is really "WORRYING" ... I installed it TODAY, and
> it has made available activity traces dating back to more
> than a month ago.
>
> It seems that is able to tap to informations that the system
> just stores by itself (where ? logs ? whose logs ?) or by
> some of its services (SystemD logs ?). And I find it
> somewhat worrying both the number of detailed traces of
> usage stored and the fact that GNOME-ACTIVITY-JOURNAL does
> not even ask for password to retrieve such info.
>
> Apart from this, it seems a really powerful program and able
> to improve "productivity" and daily schedule, recovering
> suspended task, and finding past activities. So my
> evaluation stays very positive on this program.
>
> Now the problem I will inquiry over is : why and how much
> usage traces I leave behind like a slime :D

According to https://en.wikipedia.org/wiki/GNOME_Activity_Journal it uses
https://wiki.archlinux.org/title/Zeitgeist which is what records the activity.

Regards, Dave Hodgins

On Sat, 15 Apr 2023 19:32:23 -0400, MarioCPPP <NoliMihiFrangereMentulam@libero.it> wrote:
> Maybe my English is poor enough not to be clear.
> My perplexity arose not from the fact it relied on
> Zeitgeist, but that it was able to exploit data well in
> advance of its own install. Where such data came from ? Why
> were they just in place to be fetched ? I dunno. But I am
> completely ignorant which activities are normally LOGGED and
> where and by who (I had suspected SystemD not because of
> particular reasons, but since I knew it had its own journal,
> not restricted to file system operations).
>
> Have I been more clear ? The recordings turned up "from a
> former past", as if sth was just recording before installing
> Zeitgeist / gnome activity journal (zeitgeist was installed
> contextually, as a dependency)

If it's from prior to zeitgeist being installed, then it's getting most of
the history from the browser history and cache files.

Install the tree package if you haven't already, then open a terminal and
run "ls -l ./.mozilla/firefox/*.default/storage/default/|less" and the other
files "tree -ifa |grep firefox|less" shows.

Other browsers are similar. If you don't clear the cache and history or use
safe mode, everything is recorded. There is some in the journal, but not much
more than what rsyslog records.

Regards, Dave Hodgins

On 16/04/23 06:35, David W. Hodgins wrote:
> On Sat, 15 Apr 2023 19:32:23 -0400, MarioCPPP
> <NoliMihiFrangereMentulam@libero.it> wrote:
>> Maybe my English is poor enough not to be clear.
>> My perplexity arose not from the fact it relied on
>> Zeitgeist, but that it was able to exploit data well in
>> advance of its own install. Where such data came from ? Why
>> were they just in place to be fetched ? I dunno. But I am
>> completely ignorant which activities are normally LOGGED and
>> where and by who (I had suspected SystemD not because of
>> particular reasons, but since I knew it had its own journal,
>> not restricted to file system operations).
>>
>> Have I been more clear ? The recordings turned up "from a
>> former past", as if sth was just recording before installing
>> Zeitgeist / gnome activity journal (zeitgeist was installed
>> contextually, as a dependency)
>
> If it's from prior to zeitgeist being installed, then it's
> getting most of
> the history from the browser history and cache files.
>
> Install the tree package if you haven't already, then open a
> terminal and
> run "ls -l
> ./.mozilla/firefox/*.default/storage/default/|less" and the
> other
> files "tree -ifa |grep firefox|less" shows.

tnx for competent advice.
I have sort of 7-8 browsers installed and sure, I save
everything.

But not only web-browsing data were found. Every cut/pasted
piece of text (from kate, LibreOffice, leafpad and other),
every folder opened, every video played with VLC or
SMPlayer, audio listened with clementine. Everything
conceivable seems to have left traces.
So I was wondering where from ... The browsers, yes, I knew
they cached a lot, because now I make manual backups with
FIND (including hidden dot files) and revise manually the
outcome in kate and refine the dirt with RegEx, and
regularly find a huge load of cached stuff under brower
abscribable paths.
But I did not expect that program was so smart in retrieving
everything ! It seems to be able to decode every particular
"format" used by all program installed, not just the place
the info are stored.
Seems more a FORENSIC TOOL than just a journaling utility !

>
> Other browsers are similar. If you don't clear the cache and
> history or use
> safe mode, everything is recorded. There is some in the
> journal, but not much
> more than what rsyslog records.
>
> Regards, Dave Hodgins

--
1) Resistere, resistere, resistere.
2) Se tutti pagano le tasse, le tasse le pagano tutti
MarioCPPP

On Sun, 23 Apr 2023 17:41:48 -0400, MarioCPPP <NoliMihiFrangereMentulam@libero.it> wrote:
> tnx for competent advice.
> I have sort of 7-8 browsers installed and sure, I save
> everything.
>
> But not only web-browsing data were found. Every cut/pasted
> piece of text (from kate, LibreOffice, leafpad and other),
> every folder opened, every video played with VLC or
> SMPlayer, audio listened with clementine. Everything
> conceivable seems to have left traces.
> So I was wondering where from ... The browsers, yes, I knew
> they cached a lot, because now I make manual backups with
> FIND (including hidden dot files) and revise manually the
> outcome in kate and refine the dirt with RegEx, and
> regularly find a huge load of cached stuff under brower
> abscribable paths.
> But I did not expect that program was so smart in retrieving
> everything ! It seems to be able to decode every particular
> "format" used by all program installed, not just the place
> the info are stored.
> Seems more a FORENSIC TOOL than just a journaling utility !

Many programs store a list of recently opened files. Things from copy/paste
are not normally saved, but may be depending on the programs used and their
settings. Clipboard managers are an obvious case where the data is stored.
It depends on which desktop environment and clipboard program is being used
as to whether it's stored or not.

User data is stored in /home and /var with temporary things in /tmp and /run.

Programs can be designed to be easy to use, with lots of features or they can
be designed to be very secure. It's rare that user level programs are both easy
to use and highly secure.

Systems level programs tend to be designed to be secure, but are made as easy
as then can be while still secure. User level programs are generally designed
for ease of use with only as much security as can be gotten away with.

High security systems have as few programs installed as they can, and take extra
steps to minimize what's stored by them. Part of hardening a system is making
sure the number of programs installed (attack surface) is made as small as
possible.

Regards, Dave Hodgins

On 4/23/23 23:41, MarioCPPP wrote:

>>> where and by who (I had suspected SystemD not because of

what's this SystemD? something new?

> But not only web-browsing data were found. Every cut/pasted piece of
> text (from kate, LibreOffice, leafpad and other)

This depends on your clipboard settings and some applications may even
have their own clipboard history. For gnome I would recommend you
install Clipboard indicator/GPaste or similar so that you can edit your
history and in that regard getting a better control of your clipboard.

> every video played with VLC or SMPlayer, audio listened with clementine.

Those are from the individual applications logs. Take a look in the
applications configuration directory.

> But I did not expect that program was so smart in retrieving everything
> ! It seems to be able to decode every particular "format" used by all
> program installed, not just the place the info are stored.

Most applications do log in plain text, so not that difficult to get
information, people tend to think of similar log files, so it's just
matching a handful regex and you have covered like 95% of all log files.

--
//Aho

On 2023-04-24 00:44, David W. Hodgins wrote:
> On Sun, 23 Apr 2023 17:41:48 -0400, MarioCPPP
> <NoliMihiFrangereMentulam@libero.it> wrote:
>> tnx for competent advice.
>> I have sort of 7-8 browsers installed and sure, I save
>> everything.
>>
>> But not only web-browsing data were found. Every cut/pasted
>> piece of text (from kate, LibreOffice, leafpad and other),
>> every folder opened, every video played with VLC or
>> SMPlayer, audio listened with clementine. Everything
>> conceivable seems to have left traces.
>> So I was wondering where from ... The browsers, yes, I knew
>> they cached a lot, because now I make manual backups with
>> FIND (including hidden dot files) and revise manually the
>> outcome in kate and refine the dirt with RegEx, and
>> regularly find a huge load of cached stuff under brower
>> abscribable paths.
>> But I did not expect that program was so smart in retrieving
>> everything ! It seems to be able to decode every particular
>> "format" used by all program installed, not just the place
>> the info are stored.
>> Seems more a FORENSIC TOOL than just a journaling utility !
>
> Many programs store a list of recently opened files. Things from copy/paste
> are not normally saved, but may be depending on the programs used and their
> settings. Clipboard managers are an obvious case where the data is stored.
> It depends on which desktop environment and clipboard program is being used
> as to whether it's stored or not.
>
> User data is stored in /home and /var with temporary things in /tmp and
> /run.
>
> Programs can be designed to be easy to use, with lots of features or
> they can be designed to be very secure. It's rare that user level
> programs are both easy to use and highly secure.
>
> Systems level programs tend to be designed to be secure, but are made
> as easy as then can be while still secure. User level programs are
> generally designed for ease of use with only as much security as can
> be gotten away with.
>
> High security systems have as few programs installed as they can,
> and take extra steps to minimize what's stored by them. Part of
> hardening a system is making sure the number of programs installed
> (attack surface) is made as small as possible.

Just remember than in Linux the login password only protects while the
system is running. If you have the hard disk in your hand, you can
access any file on it, no limits. Information is not encrypted or
otherwise protected. You can read mail from any user, all office files,
all logs.

If the system is running, then yes, the permission system will limit
what each user can do or read. But a program doesn't need your password
to collect your information.

--
Cheers, Carlos.

On Mon, 24 Apr 2023 05:30:18 -0400, Carlos E.R. <robin_listas@es.invalid> wrote:
> On 2023-04-24 00:44, David W. Hodgins wrote:
>> High security systems have as few programs installed as they can,
>> and take extra steps to minimize what's stored by them. Part of
>> hardening a system is making sure the number of programs installed
>> (attack surface) is made as small as possible.
>
> Just remember than in Linux the login password only protects while the
> system is running. If you have the hard disk in your hand, you can
> access any file on it, no limits. Information is not encrypted or
> otherwise protected. You can read mail from any user, all office files,
> all logs.
>
> If the system is running, then yes, the permission system will limit
> what each user can do or read. But a program doesn't need your password
> to collect your information.

I only described part of the hardening process. Using encrypted file systems
is another part.

Regards, Dave Hodgins

On 4/24/23 11:30, Carlos E.R. wrote:
> On 2023-04-24 00:44, David W. Hodgins wrote:

>> High security systems have as few programs installed as they can,
>> and take extra steps to minimize what's stored by them. Part of
>> hardening a system is making sure the number of programs installed
>> (attack surface) is made as small as possible.
>
> Just remember than in Linux the login password only protects while the
> system is running. If you have the hard disk in your hand, you can
> access any file on it, no limits. Information is not encrypted or
> otherwise protected. You can read mail from any user, all office files,
> all logs.

Not necessarily, fscrypt allows you to have encrypted home directories,
the data is encrypted as long as the user hasn't yet logged in. This has
also been done with luksfs a long time before fscrypt and the setup
works in a similar way.

--
//Aho

On 2023-04-25 08:00, J.O. Aho wrote:
> On 4/24/23 11:30, Carlos E.R. wrote:
>> On 2023-04-24 00:44, David W. Hodgins wrote:
>
>>> High security systems have as few programs installed as they can,
>>> and take extra steps to minimize what's stored by them. Part of
>>> hardening a system is making sure the number of programs installed
>>> (attack surface) is made as small as possible.
>>
>> Just remember than in Linux the login password only protects while the
>> system is running. If you have the hard disk in your hand, you can
>> access any file on it, no limits. Information is not encrypted or
>> otherwise protected. You can read mail from any user, all office
>> files, all logs.
>
> Not necessarily, fscrypt allows you to have encrypted home directories,
> the data is encrypted as long as the user hasn't yet logged in. This has
> also been done with luksfs a long time before fscrypt and the setup
> works in a similar way.

Of course you *can* encrypt home or partitions, but that is not the
default. When I say that "information is not encrypted" I mean that
applications do not use encryption to protect their data, config, log
files, etc. Heck, some applications do not even encrypt passwords!
(example: fetchmail, rsync).

--
Cheers, Carlos.

On 25/04/2023 08:22, Carlos E.R. wrote:
> On 2023-04-25 08:00, J.O. Aho wrote:
>> On 4/24/23 11:30, Carlos E.R. wrote:
>>> On 2023-04-24 00:44, David W. Hodgins wrote:
>>
>>>> High security systems have as few programs installed as they can,
>>>> and take extra steps to minimize what's stored by them. Part of
>>>> hardening a system is making sure the number of programs installed
>>>> (attack surface) is made as small as possible.
>>>
>>> Just remember than in Linux the login password only protects while
>>> the system is running. If you have the hard disk in your hand, you
>>> can access any file on it, no limits. Information is not encrypted or
>>> otherwise protected. You can read mail from any user, all office
>>> files, all logs.
>>
>> Not necessarily, fscrypt allows you to have encrypted home
>> directories, the data is encrypted as long as the user hasn't yet
>> logged in. This has also been done with luksfs a long time before
>> fscrypt and the setup works in a similar way.
>
> Of course you *can* encrypt home or partitions, but that is not the
> default.

Not at this moment, but the idea that RedHat with systemd is to make it
home directories to be able to both be transportable and encryptable.

> When I say that "information is not encrypted" I mean that
> applications do not use encryption to protect their data, config, log
> files, etc. Heck, some applications do not even encrypt passwords!
> (example: fetchmail, rsync).

Not everything is worth encrypt, but sure passwords should be but
fetchmail has a long history before encryption in transit was even
thought to be important, sadly it hasn't taken a step forward. One that
has is alpine.

--
//Aho