A lot of software uses systemd-journald to log errors,
The bash shell saves everything you type into the terminal,
wtmp, btmp, utmp all track exactly who is logged in and when,
The package manager logs all software you install and keeps the logs after uninstallation,
And the kernel writes part of the RAM which may contain sensitive information to the disk when your PC crashes.

While the OS isn't sending these logs to Microsoft or Google, anyone who gets into your PC while you are logged in and your data is unencrypted can see much of what you have been doing.

If you want to be private, you must disable them.

top 50 comments

sorted by: hot top controversial new old

[–] CrypticCoffee@lemmy.ml 38 points 5 days ago* (last edited 5 days ago) (1 children)

I got reports on this. I'm personally not of a mind to remove it, but it does feel irrelevant to open source. It's more a Linux sysadmin type thing.

I will say, cut down the spam. Any repeated similar musings within a week would be low value and I'd probably remove.

I personally don't agree with your points and this wouldn't be relevant to most peoples risk profile.

Worth reflecting on what others have said here. I think you're worrying too much about something that will never be expolitable in standard usage and this is from someone who worries a lot about privacy.

Maybe if this is really important to you check out Tails OS which as far as I'm aware focusses on running in RAM and leaving minimal persistent state.

[–] scrubbles@poptalk.scrubbles.tech 9 points 5 days ago (2 children)

They've been spamming this a few times now, fully respect your decision, but I know I commented on this exact post about 2 weeks ago the same as everyone else here, just FYI if you didn't know they've been repeating it. (Maybe it was an alt acct, not sure, but I know I said the same thing before)

[–] CrypticCoffee@lemmy.ml 6 points 5 days ago

Appreciate the feedback.

I've seen it one other time. If you see it again, feel free to report it. It definitely helps get visibility of it.

[–] cmnybo@discuss.tchncs.de 89 points 6 days ago (1 children)

If someone gets into your PC, you have much bigger problems than them reading the system logs.

[–] thingsiplay@lemmy.ml 5 points 5 days ago

Yes, the browser history.

[–] patruelis@lemmy.world 6 points 4 days ago (1 children)

I don't think you know what private is.

Let me put it this way, maybe you'll get it: being naked in your home with the blinds down and no one else knowing about it, is privacy. Even is everyone else doing it. Being in your home fully dressed with blinds down and no one else knowing about it is still privacy but you can't claim you have more privacy than the rest because you have clothes on.

[–] FG_3479@lemmy.world 1 points 1 day ago

I understand that, but if a hacker gets into your PC or someone takes it from you while it is logged in then that is like someone walking into your house and seeing you naked because the door has to be unlocked to get in the house.

Drive encryption is only one step towards a peivate and secure system. You can choose a middle ground such as limiting logs to 3 days if you prefer.

[–] kadu@scribe.disroot.org 58 points 6 days ago (1 children)

REALITY IS NOT PRIVATE OUT OF THE BOX.

EVERY PHYSICAL INTERACTION IS BASED ON CAUSE AND CONSEQUENCE.

IF A DEMON COULD KNOW THE MOMENTUM AND POSITION OF EVERY PARTICLE, THEY COULD LOG EVERY ACTION AND THOUGHT YOU'VE EVER HAD.

WHILE NATURE ISN'T SENDING THESE LOGS TO A DIVINE CREATOR, ANY INTELLECT VAST ENOUGH TO SUBMIT THESE DATA TO ANALYSIS WOULD SEE THE FUTURE, AS THE PAST, PRESENT TO ITS EYES.

IF YOU WANT TO BE PRIVATE, YOU MUST CEASE TO EXIST

[–] TheFogan@programming.dev 48 points 6 days ago (1 children)

You posted this same silly thing about 3 days ago.

anyway why isn't the advice "encrypt your drives" instead of "disable all logging".

I mean your own examples are like the least serious problem.

Who is logged in and when? So we're talking a multi user system that's clearly hosting a lot... that's kind of important for an administrator to be able to track who is logging in when, to know if something goes wrong.

Package manager logs what's installed. well duh, what's the scenerio that this is even a factor? I don't want big government to know I had, qbittorrent or whatever? There's no program that's likely installed via apt that's illegal to have.

So yeah in short, stuff that's vital if you ever need to troubleshoot, useful in general, almost unthinkable to imagine situations where this is a problem (at least in situations in which someone has your user account, or root access to your system for these to be the high priority.

On the whole the idea there is like.

"If someone steals your car... they could also steal the car users manual".

[+] FG_3479@lemmy.world -6 points 5 days ago (2 children)

Drive encryption is useless if your laptop is taken while unlocked. Learn from Ross Ulbricht.

[–] TheFogan@programming.dev 6 points 5 days ago

and security on pages is useless if you are logged in.

We're already talking the least of security problems (IE the device being physically confiscated).

In ross's case which hurt him more do you think, the fact that his system probably had logs of what he installed... or the fact that it was taken while he was logged in as administrator to the silk road? and it supposedly contained a journal... not system logs, but activities that he specifically wrote out detailing his daily activities.

The point again is someone gaining physical access to the computer itself, while you are literally in the process of doing things that you don't want known about, what you are currently working on is 100x more valuable to the thief, feds or whatever, than any of the low level stuff that the logs are likely to be recording.

[–] artyom@piefed.social 4 points 5 days ago

Ross was foolish to be running the largest black market in the world from a public library. They make magnetic kill switches for that sort of thing. No amount of security is impervious to bad decisions.

[–] exu@feditown.com 45 points 6 days ago (1 children)

Yes, you already posted that 3 days ago

[–] ToTheGraveMyLove@sh.itjust.works 9 points 5 days ago

Lmao, I thought this was the same post somehow getting back up to the top of my feed. 😂

[–] als@lemmy.blahaj.zone 34 points 6 days ago* (last edited 6 days ago)

"If someone gains access to your computer, they could view the log files on it"

My dude, they could view everything on it? The answer is full disk encryption, not turning off log files.

[–] PiraHxCx@lemmy.dbzer0.com 24 points 6 days ago* (last edited 6 days ago) (3 children)

The other day I was writing in my notebook and then I opened it later to check, and everything that I wrote was there! If someone could get their hands on my notebook, they could read all my notes!

[–] Shimitar@downonthestreet.eu 7 points 5 days ago* (last edited 5 days ago)

Love this!

Next time, write with Inkless pen, that would be safer!

But what if somebody reads your mind? Walk around with tinfoil hat!

(Lol)

[–] HubertManne@piefed.social 6 points 5 days ago

yeah "vulnerabilities" that require physical access to the machine while its logged in don't exactly worry me.

[–] thingsiplay@lemmy.ml 2 points 5 days ago

You could invent a new language that only you understand. Just an idea.

[–] Alvaro@lemmy.blahaj.zone 2 points 3 days ago

Terrible advice. Don't disable those.

If physical security is a worry, enable full disk encryption and have a good password.

[–] commander@lemmy.world 21 points 6 days ago (1 children)

There are levels of paranoia that gets to the point of excessive time spent managing your footprint that could be better used elsewhere as I would imagine especially if you're not a high value target. I am not a high value target

[–] sidebro@lemmy.zip 6 points 6 days ago

I, for one, consider myself a shitty target

[–] thingsiplay@lemmy.ml 11 points 5 days ago (1 children)

The data is not sent to any service (at least not without asking you). It is your private data on your private computer. Collecting information and configuration on your PC does not make it less private. A different user on the system can't access your private data. Private means, that all your private data is not accessible by others (unless you allow to). So yes, most Linux distributions are in fact private out of the box.

[+] FG_3479@lemmy.world -6 points 5 days ago (3 children)

If someone takes your laptop while it is unlocked rhey can see the logs. It is dangerous to keep them on if you are somewhere like China and use your laptop in a public space.

[–] thingsiplay@lemmy.ml 7 points 5 days ago (1 children)

But that is a specifically crafted scenario and has nothing to do if the system is private or not. I mean at home you have privacy. Just because someone could break into it does not mean its never private. The Linux PC is private out of the box and by default, because no one else has access to it. You just created a scenario that is not out of the box, but compromised or stolen.

I understand the issue you bring up here, but the chosen language you use is wrong in my opinion. That is why the misunderstandings and why people don't agree with your statements. I think you are thinking in terms of "Private mode in a browser".

[–] FG_3479@lemmy.world -2 points 5 days ago (1 children)

I think you are right. My post is simply a PSA to let people know that clicking forget on a Wi-Fi network or uninstalling a Flatpak does not remove all traces.

My scenario is also not specifically crafted; it is what happened to Ross Ulbricht.

[–] thingsiplay@lemmy.ml 4 points 5 days ago

BTW one can encrypt the hard drive and data on a laptop with a password. Then even if the person changes the drive to read it on a different computer, it wouldn't have access if its encrypted. So if you are really concerned about this issue, then encrypting would be a way to fight against this potential problem.

As for the "crafted scenario"... maybe I should work on my wording too. Lets' leave it there. I actually agree with your core message, its' just not worded in a way that people understood. Or the headline alone turned people off. Also you apparently did the same post before? That also might turn people off. Not a good practice.

[–] catscape@lemmy.ml 6 points 5 days ago

somewhere like china? where theft is incredibly rare? fuck off with your chauvinist BS

[–] CrypticCoffee@lemmy.ml 5 points 4 days ago

China? Silk Road dude was distracted by 2 enforcement offices while several arrested and grabbed the laptop. If you're doing things that draw that level of resourcing, that's on you. I don't think any civilian had a 9 person heist for a laptop in China... Unless you have a reference... But I doubt it...

[–] hornedfiend@piefed.social 5 points 4 days ago

"anyone who gets into your PC while you are logged in and your data is unencrypted can see much of what you have been doing."

This just makes your entire post irrelevant, not to mention you keep reposting it.

[–] Sanctus@anarchist.nexus 12 points 6 days ago* (last edited 6 days ago)

This may be true, but if you disable a lot of the logging troubleshooting your PC will become hard or impossible and a lot of people like having a bash history. Its another convenience vs privacy compromise. So just be sure to know what you are doing as always. I doubt the average linux gamer will have to worry about this.

[–] Shimitar@downonthestreet.eu 8 points 5 days ago (1 children)

My favourite is that kernel writes in ram. Kid, do you even know how computers work at all? Where should the kernel write? On paper?

Anyway, worry about getting your pc compromised and prevent unwanted access both physical and remote, logs will help you detect unwanted access, so there is that: logs keep you safe.

Do not turn off logging. Or do turn off logging, it's your machine after all and you are free, as in Linux, to do so if you want.

But your privacy will not be any safer.

[–] Flipper@feddit.org 4 points 5 days ago (1 children)

I think the Problem is the kernel dumping RAM to disk in crash. Potentially containing secrets.

[–] Shimitar@downonthestreet.eu 1 points 5 days ago

That's optional and should not be enabled by default. If your distro does that, I would think about switching.

But when you need it, it's a feature that must be there.... Or debugging is impossible. Think of driver development for example.

But it needs to be enabled.

[–] m532@lemmy.ml 4 points 4 days ago

Why is this post so stupid?

Looks inside: "China bad"

Ah, that explains it.

[–] hoshikarakitaridia@lemmy.world 9 points 6 days ago* (last edited 6 days ago) (1 children)

This is more of a "be aware of your footprint" and less of a "security concern". This post is pressing hard on the fear of data getting stolen, however none of these things are major ways in which your data gets stolen.

It's phishing, social engineering, default configurations, weak passwords, no MFA, compromised online-services and supply-chain-attacks, and then, and only then are we even talking about actual CVEs in your local system and app environment. And usually we are talking old ones; for apps which you haven't updates in a while, as they are the most common.

What I'm saying is for your target audience, this is exactly the wrong thing to focus on. Tech savvy users might wanna look into this but they are very likely aware of all these things, and amateurs definitely should focus on basic security practices.

[–] FG_3479@lemmy.world -2 points 5 days ago (1 children)

The problem with logs is that drive encryption is uselss in a Ross Ulbricht like situation where someone takes your laptop while ut is unlocked.

[–] TheFogan@programming.dev 1 points 5 days ago (1 children)

and what isn't... pretty sure in a Ross Ulbricht situation... there was more than enough stuff he needed to remain private currently open, and in the main files. Ulbright could have been on a live CD on a computer with no physical hard drive, and it wouldn't have helped him since they nailed him after he had logged into the silk road.

[–] hoshikarakitaridia@lemmy.world 2 points 5 days ago

Yeah if you wanna go tht way you have to go etheral and memory only. That means either a VM with auto reset, or tails or something. However, this is not feasible for the average Linux user.

[–] Shimitar@downonthestreet.eu 4 points 5 days ago

Repost.

FUD or at best idiocy at work here.

Its your own machine. Like saying your car knows where you live and where you work. It does, you use it, get a grip on reality. Nobody sniffing your Linux and if somebody has your root oassword they have all your data already so point is mooth.

[–] Psyhackological@lemmy.ml 3 points 5 days ago

Right I forgot to use Tails from USB stick, silly me

[–] thomasshikari@lemmy.world 4 points 5 days ago

I hope you post about this every 3 days for the rest of your life!

[–] LambdaRX@sh.itjust.works 3 points 6 days ago

In this case, the only way to be truly private is to use distro on bootable drive with disabled persistent storage.

[–] Shimitar@downonthestreet.eu 1 points 5 days ago

I think you are just looking for fun or messing with people, what you say is indeed true, but irrelevant as privacy concern.

[–] prex@aussie.zone 1 points 5 days ago

BTW adding a space at the start of a bash command stops it from being added to history.