Giter Site home page Giter Site logo

opticon's Introduction

Opticon

Opticon is an OSX accessory application that records user input and system event data (similar to a keylogger). I wrote it for personal analytics, but I hope that people will find other (benevolent) uses for it. Unlike malicious keyloggers, Opticon takes some steps to avoid collecting passwords, in the hopes that the resulting data will be easier to share (see below). Nevertheless, Opticon collects key, mouse, and application data while it is enabled, so it is up to the user to protect the resulting database with the appropriate precautions. OSX full disk encryption is highly recommended.

Opticon also comes with a utility called opticon-askpass to prevent your system password from being recorded when using sudo. See The Usage section below.

###License

Opticon is licensed under the ISC License, a permissive, short license similar to Two-clause BSD. See license-opticon.txt for more notes. If you use this software, please send feedback! If you modify or distribute this software, please cite github.com/gwk/opticon, as well as any intermediate upstream forks. If you discover somebody using this software for malicious purposes, please notify me immediately.

###Requirements

Opticon is developed on and for OSX 10.9.

###Building Opticon

Currently opticon must be built from source. Opticon depends on the libqk library, which is included as a git submodule. Run update-submodules.sh to clone the necessary files. Note that I currently use github to host the latest built version only of the third party libs, which means that when the libs change, dependent projects such as this can no longer simply checkout and build because the refs to the libs will be broken.

###Usage

Simply launch Opticon.app, and it will begin writing event data to ~/Documents/opticon.sqlite. Use opticon-dump.py (requires Python 3.4) to generate a complete textual dump of the database. More interesting analytics scripts need to be written; patches are welcome.

If you are a terminal user, you should use opticon-askpass to prevent your system password from being recorded at sudo prompts. To install it, place the opticon-askpass binary somewhere stable, e.g. /usr/local/bin, then add the following to your .bashrc / .bash_profile:

export SUDO_ASKPASS=/usr/local/bin/opticon-askpass # or whatever install path you choose.
alias sudo='sudo -A' # make sudo use SUDO_ASKPASS.

Now, when you invoke sudo, instead of the normal prompt, you should see the unicode glyph representing the opticon disabled state (โŽ‰). For more information on SUDO_ASKPASS, read the sudo manpage.

###Details

Opticon uses the CGEventTap API, which requires user authorization, and does not emit events for Cocoa password fields, or any other user interfaces that make correct use of the EnableSecureEventInput API. This API is documented in HIToolbox/CarbonEventsCore.h. There is no guarantee that an application uses EnableSecureEventInput correctly, but it is possible to tell by choosing "Show Keyboard Viewer" from the input sources status item menu (enabled from System Preferences -> Keyboard -> Input Sources). If keys highlight when the keyboard viewer is up, then event taps are receiving those key strokes.

###TODO

There are lots of things I would like to add, starting with:

  • Fix opticon-askpass final newline omission (try sudo echo hi).
  • Log enable and disable events? What are the privacy implications of this?
  • A website from which to download builds. Use github releases?
  • Scripts to simplify the aggregate key, mouse, and scroll events into statistically useful events to reduce privacy risk and facilitate data sharing.
  • Scripts to analyze periodic usage, e.g. hours of day and days of week.
  • Scripts to analyze usage of key commands by application. Let's inject some numbers into those editor flame wars :)
  • Scripts that cross-reference Opticon events with Chrome browsing history and git logs.
  • Application blacklist for apps that should not be recorded, e.g. 1Password, TrueCrypt.
  • Use kAXMainWindowAttribute and CGWindowRef APIs (or something) to track frontmost window.
  • Use image icons for the status item; rendering unicode glyphs results in unpredictable layout.
  • Fix tooltips, which seem to only display when running from Xcode.

Pull requests are welcome!

opticon's People

Contributors

gwk avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.