"Activities" tab and the logging for it is bad for the privacy - should be optional

[l-jonas]

• Gitea version (or commit ref): unknown (codeberg.org)
• Git version: not relevant
• Operating system: not relevant
• Database (use [x]): not relevant
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (https://try.gitea.io/xandertest?tab=activity)
  • No
  • Not relevant

Description

Git logs the commit timestamps (which a developer can spoof for better privacy), however gitea logs the push timestamps and some other events. Is it possible to add the option to hide/ disable it per user/ project/ organization?

Note: In the linked example, there is the text "3 weeks ago". When moving the mouse over it, then there is the exact timestamp visible.

Screenshots

[guillep2k]

Not entirely effective. The push date is written by git, no matter what the pusher sends. Anyone can check the log and see the actual dates if it comes to that.

[l-jonas]

@guillep2k From the page you linked:

Note, if you fetched from origin/master, it will print the date you fetched it; NOT the date someone else pushed the commit.

So it would be still saved at the git server, but not everyone from the internet would be able to see it

[guillep2k]

@l-jonas You are right! One can learn something new every day.

[lafriks]

I don't see how that could be implemented

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

[l-jonas]

There was no activity but the issue does still exist

[lunny]

I can't catch what's the problem. If you have read permission of git repository, you will get all the informations on Activities. The privacy is not from gitea, may you mean git. So I think maybe you could find other VCS tool could resolve that.

[l-jonas]

@lunny Did you read the whole thread? The "Activities" contain more data than git itself provides. Git itself only provides logs of the commit timestamps but Gitea additionally logs other events (like push timestamps) for the "Activities" and sends it to anyone who requests it.

[guillep2k]

I don't see why hiding the push date is important, unless you want to make your boss believe you've worked at a different time than you did. 🤣

[l-jonas]

@guillep2k It's not only a date, it's a timestamp. And it's not for the boss, because it's publicly visible for anyone and for a long time.

[zeripath]

Ah I think I understand. You would like to say change the displayed timeformat to only say display the day something was done or possibly even the month - not withstanding that if you can access git you can get the full timestamps in any case.

I would say that you could simply set within the app.ini:

...
[time]
format=2006-01-02
...

However, the issue is that:

gitea/modules/setting/setting.go

Lines 827 to 830 in 491887d

	TestTimeFormat, _ := time.Parse(TimeFormat, TimeFormat)
	if TestTimeFormat.Format(time.RFC3339) != "2006-01-02T15:04:05Z" {
	log.Fatal("Can't create time properly, please check your time format has 2006, 01, 02, 15, 04 and 05")
	}

Enforces that this format has to be fully specified.

Now, looking at the use of TimeFormat I don't think there is a good reason to enforce that we are so strict with this.

A simple fix would be to change that log.Fatal to simple log.Warn.

[l-jonas]

@zeripath

not withstanding that if you can access git you can get the full timestamps in any case

That's wrong. One can chose anything as commit timestamp and the push timestamps are in the reflog, but are never shared by the git server.

Reducing the accuracy in the Activities tab would be a good default. However, I wrote at the start of this issue what I want

Is it possible to add the option to hide/ disable it [logging for activity tab + showing activity tab] per user/ project/ organization?

[guillep2k]

@zeripath

not withstanding that if you can access git you can get the full timestamps in any case

That's wrong. One can chose anything as commit timestamp and the push timestamps are in the reflog, but are never shared by the git server.

Reducing the accuracy in the Activities tab would be a good default. However, I wrote at the start of this issue what I want

Is it possible to add the option to hide/ disable it [logging for activity tab + showing activity tab] per user/ project/ organization?

Could you please change the title of the issue, then? So, if contributors know what this is about they might decide to take it. 😄

[l-jonas]

GitHub has similar features which some users don't like:

• Removing the childish contribution history graphics isaacs/github#1234
• Contribution graph can be harmful to contributors isaacs/github#627
• option to disable or hide contribution activity on the profile page isaacs/github#142

(someone posted this links at Codeberg)

It would be good if gitea would be different from GitHub.

[Perflyst]

Does this here also count in? The "public activity" displays not only git pushes but also what exactly I do. For example if an admin transfer repositories between different users then this should not be visible to everyone. Especially as admin I want to hide the activity of the admin user.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.

[l-jonas]

issue is still valid

[stale]

This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.

[Perflyst]

still valid

[l-jonas]

What looks relevant to me for a hiding feature:

• https://github.com/go-gitea/gitea/blob/master/models/action.go#L298 (would check if the RequestedUser disabled showing and the return a empty list)
• https://github.com/go-gitea/gitea/blob/master/models/user.go#L97 (needs a new field and somewhere and there is most likely a db migration required for adding it)

What would be missing:

• database migration for the new field
• UI to set the value of the field
• skipping to save the feed data if it is hidden? only for commits or for everything?
• handling at the UI level if the user has disabled the activity (e.g. a message "this user disabled the visibility of the activities")

[l-jonas]

Updating a flag would need handling at https://github.com/go-gitea/gitea/blob/master/routers/user/setting/profile.go#L98 and a form element at https://github.com/go-gitea/gitea/blob/master/templates/user/settings/profile.tmpl#L46

Example for a migration which adds a new field: https://github.com/go-gitea/gitea/blob/master/models/migrations/v138.go

It seems like Actions are logged at https://github.com/go-gitea/gitea/blob/master/models/repo_watch.go#L196