Using ActivityWatch in an Enterprise-Environment?


#1

Hi,

I’ve installed yesterday on one of the workstations I’m using at home - including the Chrome extension. At work I’ve the problem that our active directory policy prevents executing unapproved executables (related data privacy it doesn’t make sense to use save data there of course).

As with RescueTime it would make sense to just use the Chrome extension @ work. So my question is, how to configure/setup the ActivityWatch Chrome extension to use it together with my setup at home? Is this possible at all, are there instructions for this?

In theory I think it should be possible to configure the server URL by a “dyndns-like” domain, open the port on the firewall and configure NAT correctly to let it point to the workstation where the server is running.

Next to this (and a little bit offtopic): Are there instructions availabe how to let it the server application run on a Synology NAS, which also uses Linux? It would be perfect for a central server, when multiple workstations (by the same user) are in use.

Best and thanks for your work/support in advance!


#2

It is possible yes, but currently we do not support authentication on the server-side so all that traffic would be unencrypted so that use-case is very insecure.

Also, the point of those active directory policies is to get people to avoid using third-party applications, I’m pretty certain that your IT department would not be very happy if there was an application which was able to send all your browser activity to a remote server.


#3

Why is this unsecure? If you do everything over a HTTPS connection including certificate validation, it should be as secure as it’s possible with HTTPS. The only thing I really don’t like is if I have to open ports on my firewall @ home.

Of course you’re right, but I’m already using RescueTime, so ActivityWatch would be an improvement :wink: Next to this it would be also beneficial for my employer if I can improve my productivity.


#4

That’s the point, aw-server currently does not have support for HTTPS or any authentication solution. As aw-server is a user-hosted solution means that every user would also need to create their own certificate for their domain.

If they would value productivity they would not limit people to use their computer as they wished, or at least be able to give you an exception for your use-case if you ask for it. I used to work at such a workplace and at least it was possible to ask them to whitelist some applications but it was still very annoying.


#5

Got it. What could work (I do this for my NAS) is using a “dyndns-domain” together with Let’s Encrypt. That’s free and secure enough.

You’re of course right - I’m currently head of e-commerce/online-marketing but worked 15 years in the IT, so I totally understand what you mean. The company I’m workinig for is using Zscaler (a cloud proxy which does basically a man in the middle and decrypts SSL traffic) for the most sites. As I need to use for work also some private accounts, I’ve got exceptions in this direction. But what I really can forget is beeing able to use executables.


#6

The thing is, even if we got this working things would still not work because aw-watcher-web depends on aw-watcher-window and aw-watcher-afk to know if the user is afk or focusing a non-browser window. The webextension API in chrome/firefox only show what tab is currently focused and information about tab, we then after that merge that data with data from the aw-watcher-window and aw-watcher-afk buckets to actually calculate the time spent on each website.

We will add HTTPS support in the future anyway though since we want to be able to sync data between devices.


#7

In undertand. But to be sure: In my LAN @ home, is it currently possible to use mutliple instances of ActivityWatch and collecting information just at one central server?

Nice :slight_smile:


#8

It is possible, but not recommended due to inefficiency and the lack of security. You can point your watchers to report to another ip/port in their config files.

We are going to push sync between devices instead, it is important so users doesn’t have to set up a dedicated server or rely on a third-party cloud but still be able to have everything on all of their devices.


#9

That sounds like a reasonable plan :slight_smile: I’m already happy about the results on one workstation and thankful for the efforts you put into it. So I’m really looking forward for how it develops.

Thanks for the detailed and understandable feedback :+1:


#10

We 2 maintainers don’t really do full time so the progress isn’t impressive, but it’s slow and steady at least!

No problem!


#11

Consistency is the key in my opinion. I really feel with you guys, I’ve also my own project I keep pushing forward since a long time (which I will turn in a later stage to a multi-channel chatbot). As I know how much time/energy it costs, I’m really thankful for what you guys are providing us. Your very modular, open (also for user feedback) approach while ensuring data-privacy is convincing.