HASEL-UZH · SRichner · Oct 28, 2024 · Oct 21, 2024 · Oct 21, 2024 · Oct 21, 2024
diff --git a/documentation/PRIVACY.md b/documentation/PRIVACY.md
@@ -15,7 +15,7 @@ As mentioned above, all data is stored locally only on participant's machines. U
 Should a user want to modify and/or delete their data, they can do so directly in the sqlite-file. No other copies of the data exists, unless the user made them. 
 
 ## Sharing Collected Data
-In case users are running PersonalAnalytics during a scientific study, the researchers might ask the users (or in this context, participants) to share their data with the reseachers. To that purpose, we recommend using the built-in data obfuscation and export feature, which allows users to understand what the data will be used for as part of the research project, review the collected data and decide which data they want to share and/or obfuscate. Afterwards, an encrypted and password-protected export-file is created which can be shared with the researchers per their instructions. The data export tool can be accessed by clicking "Export Data" in the taskbar icon (on Windows) or menubar (on macOS).
+In case users are running PersonalAnalytics during a scientific study, the researchers might ask the users (or in this context, participants) to share their data with the reseachers. To that purpose, we recommend using the built-in data obfuscation and export feature, which allows users to understand what the data will be used for as part of the research project, review the collected data and decide which data they want to share and/or obfuscate. Afterwards, an encrypted and password-protected (if enabled in config) file is created which can be shared with the researchers per their instructions. The data export tool can be accessed by clicking "Export Data" in the taskbar icon (on Windows) or menubar (on macOS).
 
 ## Note on Using PersonalAnalytics
 Note that the creators of PersonalAnalytics can in no way be held liable against use, misuse or problems that arise from using the app. The app was developed as a public, open-source application that can be freely used and extended (with [correct attribution](https://github.com/HASEL-UZH/PersonalAnalytics/blob/main/documentation/RESEARCH.md). The researchers are responsible for informing users (or participants) of the usage of PersonalAnalytics, collected data and usage of any data that is shared with researchers, as well as data privacy and data security. 

diff --git a/src/electron/electron/ipc/IpcHandler.ts b/src/electron/electron/ipc/IpcHandler.ts
@@ -152,12 +152,14 @@ export class IpcHandler {
   private async startDataExport(
     windowActivityExportType: DataExportType,
     userInputExportType: DataExportType,
-    obfuscationTerms: string[]
+    obfuscationTerms: string[],
+    encryptData: boolean
   ): Promise<string> {
     return this.dataExportService.startDataExport(
       windowActivityExportType,
       userInputExportType,
-      obfuscationTerms
+      obfuscationTerms,
+      encryptData
     );
   }
 

diff --git a/src/electron/electron/main/services/DataExportService.ts b/src/electron/electron/main/services/DataExportService.ts
@@ -19,7 +19,8 @@ export class DataExportService {
   public async startDataExport(
     windowActivityExportType: DataExportType,
     userInputExportType: DataExportType,
-    obfuscationTerms: string[]
+    obfuscationTerms: string[],
+    encryptData: boolean
   ): Promise<string> {
     LOG.info('startDataExport called');
     await UsageDataService.createNewUsageDataEvent(
@@ -59,11 +60,13 @@ export class DataExportService {
       // see https://github.com/WiseLibs/better-sqlite3/blob/master/docs/performance.md
       db.pragma('journal_mode = WAL');
 
-      // see https://github.com/m4heshd/better-sqlite3-multiple-ciphers/issues/5#issuecomment-1008330548
-      db.pragma(`cipher='sqlcipher'`);
-      db.pragma(`legacy=4`);
+      if (encryptData) {
+        // see https://github.com/m4heshd/better-sqlite3-multiple-ciphers/issues/5#issuecomment-1008330548
+        db.pragma(`cipher='sqlcipher'`);
+        db.pragma(`legacy=4`);
 
-      db.pragma(`rekey='PersonalAnalytics_${settings.subjectId}'`);
+        db.pragma(`rekey='PersonalAnalytics_${settings.subjectId}'`);
+      }
 
       if (
         windowActivityExportType === DataExportType.Obfuscate ||

diff --git a/src/electron/shared/StudyConfiguration.ts b/src/electron/shared/StudyConfiguration.ts
@@ -40,5 +40,6 @@ export interface StudyConfiguration {
   contactEmail: string;
   subjectIdLength: number;
   dataExportEnabled: boolean;
+  dataExportEncrypted: boolean;
   trackers: TrackerConfiguration;
 }
diff --git a/src/electron/shared/study.config.ts b/src/electron/shared/study.config.ts
@@ -12,6 +12,7 @@ const studyConfig: StudyConfiguration = {
   contactEmail: '[email protected]',
   subjectIdLength: 6,
   dataExportEnabled: true,
+  dataExportEncrypted: false,
   trackers: {
     windowActivityTracker: {
       enabled: true,

diff --git a/src/electron/src/utils/Commands.ts b/src/electron/src/utils/Commands.ts
@@ -24,7 +24,8 @@ type Commands = {
   startDataExport: (
     windowActivityExportType: DataExportType,
     userInputExportType: DataExportType,
-    obfuscationTerms: string[]
+    obfuscationTerms: string[],
+    encryptData: boolean
   ) => Promise<string>;
   revealItemInFolder: (path: string) => Promise<void>;
   startAllTrackers: () => void;

diff --git a/src/electron/src/views/DataExportView.vue b/src/electron/src/views/DataExportView.vue
@@ -164,7 +164,8 @@ async function handleNextStep() {
         'startDataExport',
         exportWindowActivitySelectedOption.value,
         exportUserInputSelectedOption.value,
-        obfuscationTerms
+        obfuscationTerms,
+        studyConfig.dataExportEncrypted
       );
       hasExportError.value = false;
       const now = new Date();
@@ -218,9 +219,11 @@ function revealItemInFolder(event: Event) {
               </p>
               <p>
                 Please click "Next" once you are ready to
-                <b class="dark:text-white">first review, and later share your data</b>. The export
-                that will be created with your permission in the next step will be encrypted and
-                password-protected.
+                <b class="dark:text-white">first review, and later share your data</b>.
+                <span v-if="studyConfig.dataExportEncrypted">
+                  The export that will be created with your permission in the next step will be
+                  encrypted and password-protected </span
+                >.
               </p>
               <p>
                 Below, you find additional information on the study and how the researchers ensure
@@ -273,10 +276,12 @@ function revealItemInFolder(event: Event) {
                 {{ studyConfig.name }}-study.
               </p>
               <p>
-                A single password-protected and encrypted
-                <b class="dark:text-white">file was created</b> based on your preferences on the
-                previous page. To share this file with the researchers, please take the following
-                steps:
+                Your data was exported and we created a
+                <span v-if="studyConfig.dataExportEncrypted"
+                  >password-protected and encrypted
+                </span>
+                file based on your preferences on the previous page. To share this file with the
+                researchers, please take the following steps:
               </p>
               <ol>
                 <li>