Using ActivityWatch in an Enterprise-Environment?

blankster · May 8, 2019, 9:01am

Hi,

I’ve installed yesterday on one of the workstations I’m using at home - including the Chrome extension. At work I’ve the problem that our active directory policy prevents executing unapproved executables (related data privacy it doesn’t make sense to use save data there of course).

As with RescueTime it would make sense to just use the Chrome extension @ work. So my question is, how to configure/setup the ActivityWatch Chrome extension to use it together with my setup at home? Is this possible at all, are there instructions for this?

In theory I think it should be possible to configure the server URL by a “dyndns-like” domain, open the port on the firewall and configure NAT correctly to let it point to the workstation where the server is running.

Next to this (and a little bit offtopic): Are there instructions availabe how to let it the server application run on a Synology NAS, which also uses Linux? It would be perfect for a central server, when multiple workstations (by the same user) are in use.

Best and thanks for your work/support in advance!

johan-bjareholt · May 8, 2019, 1:52pm

It is possible yes, but currently we do not support authentication on the server-side so all that traffic would be unencrypted so that use-case is very insecure.

Also, the point of those active directory policies is to get people to avoid using third-party applications, I’m pretty certain that your IT department would not be very happy if there was an application which was able to send all your browser activity to a remote server.

blankster · May 8, 2019, 3:53pm

Why is this unsecure? If you do everything over a HTTPS connection including certificate validation, it should be as secure as it’s possible with HTTPS. The only thing I really don’t like is if I have to open ports on my firewall @ home.

Of course you’re right, but I’m already using RescueTime, so ActivityWatch would be an improvement Next to this it would be also beneficial for my employer if I can improve my productivity.

johan-bjareholt · May 9, 2019, 7:12am

That’s the point, aw-server currently does not have support for HTTPS or any authentication solution. As aw-server is a user-hosted solution means that every user would also need to create their own certificate for their domain.

If they would value productivity they would not limit people to use their computer as they wished, or at least be able to give you an exception for your use-case if you ask for it. I used to work at such a workplace and at least it was possible to ask them to whitelist some applications but it was still very annoying.

blankster · May 9, 2019, 8:30am

Got it. What could work (I do this for my NAS) is using a “dyndns-domain” together with Let’s Encrypt. That’s free and secure enough.

You’re of course right - I’m currently head of e-commerce/online-marketing but worked 15 years in the IT, so I totally understand what you mean. The company I’m workinig for is using Zscaler (a cloud proxy which does basically a man in the middle and decrypts SSL traffic) for the most sites. As I need to use for work also some private accounts, I’ve got exceptions in this direction. But what I really can forget is beeing able to use executables.

johan-bjareholt · May 9, 2019, 10:33am

The thing is, even if we got this working things would still not work because aw-watcher-web depends on aw-watcher-window and aw-watcher-afk to know if the user is afk or focusing a non-browser window. The webextension API in chrome/firefox only show what tab is currently focused and information about tab, we then after that merge that data with data from the aw-watcher-window and aw-watcher-afk buckets to actually calculate the time spent on each website.

We will add HTTPS support in the future anyway though since we want to be able to sync data between devices.

blankster · May 9, 2019, 11:35am

In undertand. But to be sure: In my LAN @ home, is it currently possible to use mutliple instances of ActivityWatch and collecting information just at one central server?

Nice

johan-bjareholt · May 9, 2019, 2:35pm

It is possible, but not recommended due to inefficiency and the lack of security. You can point your watchers to report to another ip/port in their config files.

We are going to push sync between devices instead, it is important so users doesn’t have to set up a dedicated server or rely on a third-party cloud but still be able to have everything on all of their devices.

blankster · May 9, 2019, 6:53pm

That sounds like a reasonable plan I’m already happy about the results on one workstation and thankful for the efforts you put into it. So I’m really looking forward for how it develops.

Thanks for the detailed and understandable feedback

johan-bjareholt · May 9, 2019, 8:04pm

We 2 maintainers don’t really do full time so the progress isn’t impressive, but it’s slow and steady at least!

No problem!

blankster · May 10, 2019, 10:16am

Consistency is the key in my opinion. I really feel with you guys, I’ve also my own project I keep pushing forward since a long time (which I will turn in a later stage to a multi-channel chatbot). As I know how much time/energy it costs, I’m really thankful for what you guys are providing us. Your very modular, open (also for user feedback) approach while ensuring data-privacy is convincing.

fenris · July 9, 2021, 4:11pm

I know I’m necroposting, but I think it is related.
First, thank you guys for all your hardwork, I’m not kissing ass, I truly believe that people like you should be really cherish in this world, so we can build a much better one (no Kumbaya, nor hippy stuff here, just down to earth how I feel).

Next, I think it is a great idea the Sync feature, for all the individuals that want to have their Activiy data on all of their devices. But, I also think that it could be a nice idea to have a central server (maybe optional), for those times when small teams of devs want to measure their times doing certain tasks.
As an example, I want to explain my case. We are 3 devs, planning a website + an app, for an NGO-style group (is not an NGO, but it is in the non-profit spirit). We want to use the app to coordinate events with our groups (cultural and sports mainly). For that we are going have a take on each side of the project.
Three things would be great for us:
1. To know how long it takes us (individually) each task to do. So we could improve our times, and know how many hours we worked on the project. (we could do without a server)
2. To know how long it takes us as a group. Average. (so in the future we can project how long it would take us to work on something)
3. To calculate the total time each one of us took, and all together doing which part.

So Sync + the server shouldn’t be that bad of an idea.

fenris · July 9, 2021, 4:12pm

Lastly, I think, at the moment, there might be a secured way to have the server under HTTP (I don’t know if the HTTPS feature is implemented as of yet). But, I would say, if you have 2 computers to spare (maybe an old computer and a Raspberry Pi 4, or something). A dev (who might need that) could “easily” setup the server in one system, a pfSense (or opensense) router software on the other system, link both computers with a single cable on an independent network (let’s say: 192.168.115.x), and setup pfSense to route and SSL encrypt all connections. Then the pfSense system would be connected to your regular network (let’s say: 192.168.1.x). That would protect the ActivityWatch server (it might be overkill. But pfSense can, certainly be used for so many things as well! ^_^)