Last activity accuracy and privacy

Current Problem

The "Last Activity" field across GitLab displays misleading information that creates both accuracy and privacy concerns:

  1. Inaccurate activity tracking - The "Last activity" column shows a user's last activity anywhere on GitLab, not their actual activity within the specific project/group (see #384941)

  2. Privacy exposure - Public groups inadvertently expose when members last logged into GitLab (see #393224)

Impact

  • Project managers cannot accurately identify inactive project members or dormant projects
  • Users see irrelevant projects in their "Your projects" and "Contributed projects" lists because activity timestamps are wrong
  • Privacy - Public exposure of login times allows tracking of individual work patterns

Proposed Solution

Context-Specific Activity Tracking

Implement different activity scopes based on context:

Context What "Last Activity" Should Show
Project Members Page User's last activity within that project (issues, MRs, commits, comments)
Group Members Page User's last activity within that group or its projects
User Profile User's last public activity across GitLab
Your work List User's last activity in each specific project

Privacy-Aware Display Rules

def display_last_activity(viewer, member, context)
  case context.visibility_level
  when PUBLIC
    if viewer == member || viewer.member_of?(context)
      # Members see full activity within context
      member.last_activity_in(context)
    else
      # Non-members only see public events
      member.last_public_activity_in(context)
    end
  when PRIVATE
    if viewer.member_of?(context)
      member.last_activity_in(context)
    else
      # Non-members see nothing
      nil
    end
  end
end

Exclude Non-Contextual Events

Never include these in project/group last activity:

  • Sign-in events
  • Profile updates
  • Personal settings changes
  • Activity in unrelated projects/groups
  • Dashboard views

Implementation Approach

Phase 1: Fix data source

  • Create new database indexes for efficient context-specific queries
  • Track last activity per project/group separately
  • Stop using users.last_activity_on for project/group contexts

Phase 2: Update UI components

  • Project members page: Query project_events table
  • Group members page: Query group_events and descendant project events
  • Add tooltip explaining what "Last activity" represents in each context

Success Criteria

  • Last activity accurately reflects context-specific actions
  • "Your projects" list only shows projects with actual recent contributions
  • Reduced confusion in user feedback about activity tracking

Benefits

  • Accurate project insights - Know who's actually active in each project
  • Privacy protection - No inadvertent exposure of work patterns
  • Better project discovery - Users find their actively-used projects easily
  • Compliance ready - Clear audit trail of actual project participation
Edited by Christina Lohr