Built-in spyware in systemd


Every systemd installation comes with software that will periodically connect to a remote server, making it possible to track, and gather information about your machine. Check if this is enabled:

timedatectl status

Pay attention to this line: Network time on: yes.

It is pre-configured to report to ntp.org server. Make sure that you really trust it. My computer built-in clock is running pretty well, so I prefer to disable this feature altogether:

sudo timedatectl set-ntp true

Log journal

systemd is pre-configured to store enormous amount of information about you. Default log file size is set to 10% of your disk space, max 4 GiB! This can potentially store years worth of activity logs (keep in mind that logs are stored in compressed format).

You can check how long you've been spyed on with this command:

journalctl --list-boots

I'd recommend you to either:

  1. reduce maximum log size to something sensible, by editing this file: /etc/systemd/journald.conf (add this line: SystemMaxUse=10M);

  2. Or clean logs at every startup/shutdown. Add this command to your scripts: sudo journalctl --vacuum-time=2days.