aboutsummaryrefslogtreecommitdiff
path: root/HOWTO.md
blob: 1b73e8e28d4357f660803a0fd72b0acc44b7cafc8b977e044a60ea6865a0f384 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# Git Privacy

Follow the instructions in this document to obfuscate Git timestamps.

## View Commit Timestamps

To view commit timestamps, run:

```sh
git log --format=fuller
```

## Obfuscate Timestamps for Future Commits and Annotated Tags

For maximum privacy, set the author and committer dates to a clearly forged fixed date in UTC inside the interactive shell configuration:

```sh
export GIT_AUTHOR_DATE="2000/01/01T00:00:00+0000"
export GIT_COMMITTER_DATE="$GIT_AUTHOR_DATE"
```

To balance privacy and timestamp accuracy, set the author and committer dates to a course-grained date in UTC inside the interactive shell configuration:

```sh
export GIT_AUTHOR_DATE="$(date -u +%DT00:00:00%z)"
export GIT_COMMITTER_DATE="$GIT_AUTHOR_DATE"
```

Remember that shell environment variables do not change after being set, so dates update only after a new interactive shell is opened.

## Obfuscate Timestamps for Future Digital Signatures

For maximum privacy, create a custom version of GnuPG with a fixed timestamp set **between when the signing key was generated and the current date**:

```sh
#!/bin/sh
gpg --faked-system-time <iso>! $@
```

See gpg(1) for valid `<iso>` formats.

To balance privacy and timestamp accuracy, create a custom version of GnuPG with a course-grained timestamp in UTC set **after the signing key was generated**:

```sh
#!/bin/sh
gpg --faked-system-time "$(date -u +%Y%m%dT000000)!" $@
```

Set the script as executable:

```sh
chmod +x /path/to/custom-gpg.sh
```

Tell Git to use the new script:

```sh
git config --global gpg.program /path/to/custom-gpg.sh
```

## Obfuscate Timestamps for Existing Commits and Annotated Tags

**TODO**: Demonstrate how to retroactively rewrite Git timestamps for existing commits and annotated tags.

## Obfuscate Timestamps for Existing Digital Signatures

**TODO**: Demonstrate how to retroactively rewrite GnuPG timestamps for existing signed commits and signed annotated tags.

## Forges

To prevent forges from tracking Git push times, create a Cron job which pushes the repository at fixed intervals:

```cron
0 6 * * * git -C /path/to/repo/ push origin master
```

## License

This file is licensed under [CC-BY-SA 4.0](LICENSE).