# Git-Privacy ## ❌ Default Git Privacy ❌ With only 3 commands *anyone* can find out the dates and exact times, down to the second, that a developer makes commits. ```sh git clone cd git log --format=fuller ``` Over a long enough timespan, exact commit times can be used to deduce private information about a developers life. For instance, their likely timezone and sleep patterns. ## 📅 Git Timestamps 📅 [Git commit objects](https://mirrors.edge.kernel.org/pub/software/scm/git/docs/user-manual.html#commit-object) have 2 or 3 timestamps to worry about. The two main ones are: * `GIT_AUTHOR_DATE` represents the time and date the *changes* were made, not the *commit*. * `GIT_COMMITTER_DATE` represents the time and date the changes were *committed*. ### Removing Timestamps For Commits Git doesn't have a way to *remove* timestamps altogether, but both the `GIT_AUTHOR_DATE` and `GIT_COMMITTER_DATE` can be set to any arbitrary date. For maximum privacy, set the `GIT_AUTHOR_DATE` and `GIT_COMMITTER_DATE` to any constant date in your shell's environment variables. ```sh export GIT_COMMITTER_DATE="2000-01-01 00:00:00+0000" export GIT_AUTHOR_DATE="2000-01-01 00:00:00+0000" ``` If it's desirable to retain only the day on which a commit was made, set both the `GIT_AUTHOR_DATE` and `GIT_COMMITTER_DATE` like so: ```sh export GIT_COMMITTER_DATE="$(date +%Y-%m-%d) 00:00:00+0000" export GIT_AUTHOR_DATE="$(date +%Y-%m-%d) 00:00:00+0000" ``` Environment variables don't change after being set. So the dates update when a new shell is opened, not at midnight. ### 🔑 Removing Timestamps for Digital Signatures 🔑 It's important to digitally sign Git commits and especially releases to prevent man-in-the-middle attacks. GPG signatures contain their own timestamps which can be just as bad for privacy as Git timestamps. Luckily, GPG signature timestamps can also be forged with the option: `--faked-system-time `. For this to be persistent, Git needs to run a version of GPG that *always* forges the system time. Also, the script should exclude GPG version information since that could also leak time information: ```sh #!/bin/sh gpg2 --faked-system-time ! --no-emit-version --no-comments $@ ``` `` can be any time *after* the GPG signing key was generated. An example `iso` value is `20201130T000000` for 30 November 2020 at midnight. Make Git use the new script instead of regular GPG by adding the following lines to your Git config: ```plaintext [gpg] program = gpg2-git ``` Git will now use a fake system time for every GPG signed commit. [Git preserves almost no metadata](https://git.wiki.kernel.org/index.php/ContentLimitations) by design, so privacy is looking pretty good. ## 📝 Additional Notes 📝 Github is known to record [when commits are pushed](https://api.github.com/repos/cirosantilli/china-dictatorship/events). See the ticket about [Github contribution activity](https://github.com/isaacs/github/issues/142). To obfuscate push times, one could push code with cron at regular time intervals. It's possible to use Git hooks to accomplish timestamp obfuscation, but it's still necessary to manually override the date for some Git commands, making it very inconvenient. The developers of Git should make timestamp obfuscation a feature in order to make doing all this unnecessary. ## License This README file is licensed under [CC-BY-SA 4.0](LICENSE).