Privacy Protection Measures

Automatic Filtering

The tool systematically excludes virtual filesystems such as /proc, /sys, /dev, and tmpfs, which contain system-generated information rather than user data. To prevent recursive loops and maintain system performance, the tracer implements self-tracing prevention by automatically excluding its own input/output operations from the collected data. Additionally, the system filters out special files including pipes, sockets, and device files.

Data Minimization Techniques

The tool features configurable cache event sampling, allowing researchers to capture representative data patterns by recording only a specified ratio of events, such as one in every ten operations. To prevent excessive storage consumption, the tool implements time-based log rotation with a default 24-hour cycle, automatically archiving older data while maintaining recent activity logs. Process-specific filtering capabilities enable users to focus data collection on particular applications or exclude unnecessary system processes from monitoring. Finally, the tool incorporates automatic compression and cleanup routines that optimize storage space and remove outdated data.

Excluded Information

• File contents or user data
• Network packet payloads
• User credentials or passwords
• Environment variables
• Command-line arguments beyond process names