Disable Power State tracking due to privacy constraints

[Henrik-Henkel]

Due to privacy constraints i would need to disable power state tracking (7 day power state) in MeshCentral in order to use it for our company. So far i've tried to simply get rid of the code in "default.handlebars" and "default-min.handlebars" but that result in an empty webpage displayed... Would it be possible to disable this feature completely? Its the only problem we have with this software...

Im running MeshCentral in a docker btw

[si458]

I will check when I'm stationary, but any reason why you need to hide it? All it does it show when the device is on (if amt) or the device is connected to meshcentral, so don't see how it's a privacy issue?

[Henrik-Henkel]

Thank you for the quick response. Well... Let me introduce you to german data protection laws... According to my supervisor it would count as "employee surveillance" if the software would record such data. If it were only for one day that would be fine. Im not sure how the device power state would count as surveillance, but better to be safe than sorry. Our company could be fined upwards of 100k € which I, of course, would like to prevent.

[si458]

sadly i dont believe you can STOP recording the power state (as this is just when the websocket connects and disconnects) BUT i think i could add an option to HIDE the powerstate in the UI if thats of any use?

[Henrik-Henkel]

That should be fine. If you cant see it, it doesnt exist, right? ;)

[si458]

That should be fine. If you cant see it, it doesnt exist, right? ;)

would you want this option SERVER WIDE or PER DOMAIN? if u have an instance with multiple domains (multi-tenant) if you enabled it server wide then all domains would not see the power state but if its per domain, then one domain can see it but another cant

[Henrik-Henkel]

Whatever works best for you. We'll be only using a single domain anyways

[silversword411]

Per domain. More flexible

[NiceGuyIT]

As a workaround, you can always delete the data from the database. Setup a CRON job or similar to delete historical data with a retention period of X.

[si458]

@NiceGuyIT nice suggestion but also very scary! i have it working where it returns false on the timeline data, but the grid bit is still shown, just looking at hiding the graph as well

[si458]

5196

[si458]

done 👍 ill get @Ylianst to verify this is OK before i merge!

[Henrik-Henkel]

Looks promising! Thanks.

[si458]

use hidePowerTimeline under domains for each domain! changed PR slightly

[Henrik-Henkel]

Hi. Sorry for reopening this issue... Wasn't sure whether to create a new one. It seems like this option no longer works in the latest version of MeshCentral. We just updated this week and noticed that the graphs reappeared...

[si458]

thats ok, can u just confirm what version you are running now? and also share your config.json now too?

[Henrik-Henkel]

Sure. We are running version 1.1.27

Here is the config.json with sensitive information removed:

{
  "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
  "settings": {
    "cert": "mc.company.com",
    "WANonly": true,
    "_LANonly": true,
    "sessionKey": "XXXXXXXXXXXXXXXXXXXXXXXXX",
    "port": 80,
    "aliasPort": 443,
    "redirPort": 81,
    "_redirAliasPort": 8080,
    "AgentPong": 300,
    "TLSOffload": "192.xxx.xx.1",
    "trustedproxy": "192.xxx.xx.1",
    "userAllowedIP": "192.xxx.xx.0/24,10.xx.xx.0/24",
    "SelfUpdate": false,
    "AllowFraming": "false",
    "WebRTC": "false",
    "AutoBackup": {
      "backupPath": "/opt/meshcentral/meshcentral-backups",
      "backupInvervalHours": "24",
      "keepLastDaysBackup": "10",
      "zippassword": "xxxxxxxx"
    }
  },
  "domains": {
    "": {
        "title": "COMPANY MeshCentral",
        "_title2": "MeshCentral",
        "minify": false,
        "NewAccounts": "false",
        "_userNameIsEmail": true,
        "hidePowerTimeline": true,
        "certUrl": "mc.company.com",
        "allowedOrigin": [ "mcintern.company.com", "mc.company.com" ]
    }
  },
  "_letsencrypt": {
    "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>",
    "_email": "myemail@mydomain.com",
    "_names": "myserver.mydomain.com",
    "production": false
  }
}

[si458]

works fine here? just tested it! have you tried CTRL+F5 OR clearing browser cache/history OR private browsing? can you share a screenshot of what you are seeing?

[Henrik-Henkel]

I've tried clearing browser cache, different browser and private browsing...

It just reappeared after the update as if the config option was not there.

Excuse the german interface...

[si458]

what about if you add &lang=en to the url? i think its a translation bug again... what language are you using?

[si458]

oh hang on you have missing icons down the side so you are a user and not an admin account! can you just share what permissions the user account has?

[Henrik-Henkel]

Its the same on the admin account. Changing language also does not seem to affect it...

[si458]

can u open up the developer tools on the page and check the value hidePowerTimeline ?

it should return true

[Henrik-Henkel]

It returns "false"...

[Henrik-Henkel]

Ugh... I just rebooted the whole VM running MeshCentral and now it works as expected. Maybe it just didn't restart correctly after the update

Sorry for the inconvenience...

[si458]

Ugh... I just rebooted the whole VM running MeshCentral and now it works as expected. Maybe it just didn't restart correctly after the update

Sorry for the inconvenience...

one of those days dont worry! 👍 was confusing the hell out of me 😆