# Git Privacy Follow the instructions in this document to obfuscate Git timestamps. ## View Commit Timestamps To view commit timestamps, run: ```sh git log --format=fuller ``` ## Obfuscate Timestamps for Commits and Annotated Tags For maximum privacy, set the author and committer dates to a clearly forged fixed date in UTC inside the interactive shell configuration: ```sh export GIT_AUTHOR_DATE="2000/01/01T00:00:00+0000" export GIT_COMMITTER_DATE="$GIT_AUTHOR_DATE" ``` To balance privacy and timestamp accuracy, set the author and committer dates to a course-grained date in UTC inside the interactive shell configuration: ```sh export GIT_AUTHOR_DATE="$(date -u +%DT00:00:00%z)" export GIT_COMMITTER_DATE="$GIT_AUTHOR_DATE" ``` Remember that shell environment variables do not change after being set, so dates update only after a new interactive shell is opened. ## Obfuscate Timestamps for Digital Signatures For maximum privacy, create a custom version of GnuPG with a fixed timestamp set **between when the signing key was generated and the current date**: ```sh #!/bin/sh gpg --faked-system-time ! $@ ``` See gpg(1) for valid `` formats. To balance privacy and timestamp accuracy, create a custom version of GnuPG with a course-grained timestamp in UTC set **after the signing key was generated**: ```sh #!/bin/sh gpg --faked-system-time "$(date -u +%Y%m%dT000000)!" $@ ``` Set the script as executable: ```sh chmod +x /path/to/custom-gpg.sh ``` Tell Git to use the new script: ```sh git config --global gpg.program /path/to/custom-gpg.sh ``` ## Forges To prevent forges from tracking Git push times, create a Cron job which pushes the repository at fixed intervals: ```cron 0 6 * * * git -C /path/to/repo/ push origin master ``` ## License This file is licensed under [CC-BY-SA 4.0](LICENSE).