diodon logs copious sensitive information to zeitgeist and does not clear it
I had a look in my zeitgeist activity.sqlite just now, and found 526MB of "activity" stored in the clear, including a whole lot of information which I do not want to be logged: at least three of my main passwords including my main server password, URLs of porn I have downloaded, whole files and other large chunks of text I have copy-pasted, commands I've entered in bash with history turned off, etc.
Chrome and bash do not appear to be doing this. After investigating a little more, it appears that Clipit aka Diodon saves everything I copy-paste to Zeitgeist, and it is not cleared from the "text" table when I press clear in the applet. I don't know if this is intentional or a bug, but it is user-hostile, and I feel that it is a major privacy and security concern.
I used commands like the following to check what has been logged.
> cd ~/.local/
> sqlite3 activity.sqlite
> select * from text where value like '%pass%' and length(value) < 1000; -- put a bit of one of your passwords between %s in the query
> select * from text where value like '%porn%' and length(value) < 1000; -- smut
> select * from text where (value like '%mp4' or value like '%jpg' or value like '%torrent') and length(value) < 1000; -- media / smut / torrents
> select * from text where length(value) > 1000; -- large copy/paste or files
I wrote some more about this issue on AskUbuntu: https:/
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Diodon Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
|
Revision history for this message
|
#1 |
Can you help with this problem?
Provide an answer of your own, or ask Sam Watkins for more information if necessary.
