Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Remove extraordinary-seeming claims of security
See original GitHub issueWe currently advertise ActivityWatch as secure. This makes me a bit uneasy since we rely on the host machine being compromised haven’t actually done anything except forbid connections from anyone else than localhost by binding to 127.0.0.1.
Things that could go wrong:
- If an attacker hacks the host computer, all historical data is leaked unencrypted.
- Could be solved by encrypted backups/sync.
- More?
We don’t have much security in place right now (and we don’t use any crypto anywhere). That’s not a problem right now since there is little need: we don’t interact with anything outside the host system.
Anyway, removing claims of security and instead focusing on advertising privacy would feel a lot more honest.
Places where we might make claims about security:
- README
- Docs
- Website
It’s my ambition that we one day will be able to once again claim some above non-standard level of security. But it might be a while.
Edit: I just had a crazy déjà vu. Feels like I’ve written about something similar before.
<bountysource-plugin>Want to back this issue? Post a bounty on it! We accept bounties via Bountysource. </bountysource-plugin>
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:10 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@Otto-AA I agree that would be great, but that plan is currently on hold. However, encryption of data will become a lot easier with the import/export system being put in place (almost done, I just need to add an import-button in the web UI). With this, a quick solution would be to: export bucket, encrypt the export, delete bucket in the server, then decrypt + import the export to restore/visualize.
This could be built as a ActivityWatch client, and anyone who’d be willing to build an MVP would greatly speed up the process.
Are there any future plans on this?
I personally feel a bit uncomfortable knowing, that anyone who gets access to my computer at one time (either virtual or physical) can download my whole interaction with it. If this was limited to 7/30 days, and all events past this would be encrypted and/or summarized (#189 ) I would feel much more secure. Encrypting would be good against unintended physical access of the computer and (judging from my narrow knowledge about this topic) make it harder to automatize the attack. Summarizing would only give vague use statistics instead of an extremely detailed one.
That’s why I would love an option to encrypt/summarize old events. But I understand if you have other priorities, just want to know the status of this 😃