Clear does not remove copied content from Zeitgeist database
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Diodon |
Fix Released
|
Critical
|
Oliver Sauder | ||
diodon (Debian) |
Won't Fix
|
Unknown
|
Bug Description
I had a look in my zeitgeist activity.sqlite just now, and found 526MB of "activity" stored in the clear, including a whole lot of information which I do not want to be logged: at least three of my main passwords including my main server password, URLs of porn I have downloaded, whole files and other large chunks of text I have copy-pasted, commands I've entered in bash with history turned off, etc.
Chrome and bash do not appear to be doing this. After investigating a little more, it appears that Clipit aka Diodon saves everything I copy-paste to Zeitgeist, and it is not cleared from the "text" table when I press clear in the applet. I don't know if this is intentional or a bug, but it is user-hostile, and I feel that it is a major privacy and security concern.
I used commands like the following to check what has been logged.
> cd ~/.local/
> sqlite3 activity.sqlite
> select * from text where value like '%pass%' and length(value) < 1000; -- put a bit of one of your passwords between %s in the query
> select * from text where value like '%porn%' and length(value) < 1000; -- smut
> select * from text where (value like '%mp4' or value like '%jpg' or value like '%torrent') and length(value) < 1000; -- media / smut / torrents
> select * from text where length(value) > 1000; -- large copy/paste or files
I wrote some more about this issue on AskUbuntu: https:/
Changed in diodon (Debian): | |
status: | Unknown → Won't Fix |
Changed in diodon: | |
status: | Confirmed → In Progress |
Thanks for reporting. It is intended that the clipboard history gets stored in Zeitgeist and uses the privacy feature of Zeitgeist on how to manage what gets recorded or not.
It is certainly a bug though that clipboard information is left behind in the sqlite database once `Clear` has been executed in Diodon.
As a workaround to avoid this it is actually possible to run Zeitgeist storage in memory by setting `ZEITGEIST_ DATABASE_ PATH` env to `:memory:`.
Use for instance following command to do this:
echo "ZEITGEIST_ DATABASE_ PATH=:memory: " >> ~/.pam_environment
Read more on this here https:/ /esite. ch/2020/ 02/diodon- 1-9-0-storing- clipboard- items-in- memory- and-more/
I am looking into this bug as it is a delicate issue and will let you know when I have found out more.