I had a look in my zeitgeist activity.sqlite just now, and found 526MB of
"activity" stored in the clear, including a whole lot of information which I do
not want to be logged: at least three of my main passwords including my main
server password, URLs of porn I have downloaded, whole files and other large
chunks of text I have copy-pasted, commands I've entered in bash with history
turned off, etc.
Chrome and bash do not appear to be doing this. After investigating a little
more, it appears that Clipit aka Diodon saves everything I copy-paste to
Zeitgeist, and it is not cleared from the "text" table when I press clear in
the applet. I don't know if this is intentional or a bug, but it is
user-hostile, and I feel that it is a major privacy and security concern.
I used commands like the following to check what has been logged.
> cd ~/.local/share/zeitgeist
> sqlite3 activity.sqlite
> select * from text where value like '%pass%' and length(value) < 1000; -- put
> a bit of one of your passwords between %s in the query
> select * from text where value like '%porn%' and length(value) < 1000; -- smut
> select * from text where (value like '%mp4' or value like '%jpg' or value
> like '%torrent') and length(value) < 1000; -- media / smut / torrents
> select * from text where length(value) > 1000; -- large copy/paste or files
I wrote some more about this issue on AskUbuntu:
https://askubuntu.com/a/1326275/81260