-
A lot of software uses
systemd-journaldto log errors, -
The bash shell saves everything you type into the terminal,
-
wtmp, btmp, utmp all track exactly who is logged in and when,
-
The package manager logs all software you install and keeps the logs after uninstallation,
-
And the kernel writes part of the RAM which may contain sensitive information to the disk when your PC crashes.
While the OS isn’t sending these logs to Microsoft or Google, anyone who gets into your PC while you are logged in and your data is unencrypted can see much of what you have been doing.
If you want to be private, you must disable them.
This is more of a “be aware of your footprint” and less of a “security concern”. This post is pressing hard on the fear of data getting stolen, however none of these things are major ways in which your data gets stolen.
It’s phishing, social engineering, default configurations, weak passwords, no MFA, compromised online-services and supply-chain-attacks, and then, and only then are we even talking about actual CVEs in your local system and app environment. And usually we are talking old ones; for apps which you haven’t updates in a while, as they are the most common.
What I’m saying is for your target audience, this is exactly the wrong thing to focus on. Tech savvy users might wanna look into this but they are very likely aware of all these things, and amateurs definitely should focus on basic security practices.