diodon logs copious sensitive information to zeitgeist and does not clear it

Asked by Sam Watkins

I had a look in my zeitgeist activity.sqlite just now, and found 526MB of "activity" stored in the clear, including a whole lot of information which I do not want to be logged: at least three of my main passwords including my main server password, URLs of porn I have downloaded, whole files and other large chunks of text I have copy-pasted, commands I've entered in bash with history turned off, etc.

Chrome and bash do not appear to be doing this. After investigating a little more, it appears that Clipit aka Diodon saves everything I copy-paste to Zeitgeist, and it is not cleared from the "text" table when I press clear in the applet. I don't know if this is intentional or a bug, but it is user-hostile, and I feel that it is a major privacy and security concern.

I used commands like the following to check what has been logged.

> cd ~/.local/share/zeitgeist
> sqlite3 activity.sqlite
> select * from text where value like '%pass%' and length(value) < 1000; -- put a bit of one of your passwords between %s in the query
> select * from text where value like '%porn%' and length(value) < 1000; -- smut
> select * from text where (value like '%mp4' or value like '%jpg' or value like '%torrent') and length(value) < 1000; -- media / smut / torrents
> select * from text where length(value) > 1000; -- large copy/paste or files

I wrote some more about this issue on AskUbuntu: https://askubuntu.com/a/1326275/81260

Question information

English Edit question
Diodon Edit question
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Oliver Sauder (sao) said :

It is intended that the clipboard history gets stored in Zeitgeist and uses the privacy feature of Zeitgeist on how to manage what gets recorded or not.

It is certainly a bug though that clipboard information is left behind in the sqlite database once `Clear` has been executed in Diodon.

As a workaround to avoid this it is actually possible to run Zeitgeist storage in memory by setting `ZEITGEIST_DATABASE_PATH` env to `:memory:`.

Use for instance following command to do this:

echo "ZEITGEIST_DATABASE_PATH=:memory:" >> ~/.pam_environment

Read more on this here https://esite.ch/2020/02/diodon-1-9-0-storing-clipboard-items-in-memory-and-more/

I look into this and track the progress in https://bugs.launchpad.net/bugs/1921507.

Can you help with this problem?

Provide an answer of your own, or ask Sam Watkins for more information if necessary.

To post a message you must log in.