Problem / motivation
The core tracker module is a really useful module that enables tracking of recent content for users.
The main problem is that the most of times we want to enable and allow just admins or content editors to access this interface, but the module is currently using the default _permission: 'access content' for "/activity" url (see tracker.routing.yml). The most of times you might not want to have content types or users names disclosed to the anonymous users.
Steps to reproduce
1) Enable Activity Tracker module
2) As anonymous user, try to access http://yoursitedomain.com/activity
You might see all the information about the users activity, including "Page type", "Page Title", "Author", "Comments" and "Last Updated Date". There is no way to control who can see this information.
Proposed solution
Create a new "access users activity" permission and use it instead of the default "access content". It is possible to have better control of who should see the page by having this new permission type.