The statistics collection feature of KActivities is slowly becoming a core part of Plasma.

This raises some privacy concerns as can be seen in the bug filed against the KRecentDocument framework. While KRecentDocument has nothing to do with KActivities, the issues mentioned in this report have been on my mind since I started working on the usage tracking mechanism of KActivities (long before said report).

Inspector Clouseau

Disabling tracking

For some time now, the configuration dialogue for Activities had the option to turn off the usage tracking completely or just for specific applications. It also allowed the user to forget the recent history - a feature commonly found in web browsers.

Privacy settings

Forgetting

Now that we got this feature exposed in the UI, we also got more fine-grained options of what part of statistics to forget. You can forget the statistics on per-activity, per application and per document basis.

Forgetting

Private mode

While this provides a nice way to ask the system to forget something, it is not enough.

The latest feature (and the reason for writing this post) is that starting from today, the activity manager supports setting the ‘private mode’ (internally called ‘off the record’ mode) for activities. When you put an activity in this mode, no usage stats will be collected for that activity.

Currently, this feature is not exposed in the UI, but it will be as soon as we decide where is the best place to put it.

Private temporary activity

Another thing that I worked on is to allow the user to create a temporary activity which will never collect any data, and which will auto-destruct when the user exits it.

Unfortunately, I don’t see this feature merged.

While this would be a really nice way to deal with private things (similar to a web browser which opens a new private window), it opens a can of worms similar to the one we had while implementing encrypted activities for Plasma Active (one of many cans of worms encrypted activities had :) ).

The main culprit which would make this feature unsafe is the session handling mechanism. While I could easily delete the temporary activity as soon as the user switches to another one, I would not be able to guarantee that all applications opened in that activity are really killed.

They might get automatically moved to another activity, one that is not set as ‘private’.