1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
# Git-Privacy
## ❌ Default Git Privacy ❌
With only 3 commands, *anyone* can find out the dates, time zones, and exact clock times a developer makes commits.
```sh
git clone <target-repo>
cd <target-repo>
git log --format=fuller
```
This can leak personal information about a developer's life. The time zones reveal the developer's approximate location in the world at that time and exact commit times recorded over a sufficient timespan may be used to deduce a developer's sleep patterns for example.
## 📅 Git Timestamps 📅
[Git commit objects](https://mirrors.edge.kernel.org/pub/software/scm/git/docs/user-manual.html#commit-object) have 2 or 3 timestamps to worry about. The two main ones are:
* `GIT_AUTHOR_DATE` represents the time and date the *changes* were made, not the *commit*.
* `GIT_COMMITTER_DATE` represents the time and date the changes were *committed*.
### Removing Timestamps For Commits
Git doesn't have a way to *remove* timestamps altogether, but both the `GIT_AUTHOR_DATE` and `GIT_COMMITTER_DATE` can be set to any arbitrary date. For maximum privacy, set the `GIT_AUTHOR_DATE` and `GIT_COMMITTER_DATE` to any constant date in your shell's environment variables.
```sh
export GIT_COMMITTER_DATE="2000-01-01 00:00:00+0000"
export GIT_AUTHOR_DATE="2000-01-01 00:00:00+0000"
```
To retain only the day on which a commit was made, set both the `GIT_AUTHOR_DATE` and `GIT_COMMITTER_DATE` like so:
```sh
export GIT_COMMITTER_DATE="$(date +%Y-%m-%d) 00:00:00+0000"
export GIT_AUTHOR_DATE="$(date +%Y-%m-%d) 00:00:00+0000"
```
Environment variables don't change after being set. So the dates update when a new shell is opened, not at midnight.
### 🔑 Removing Timestamps for Digital Signatures 🔑
GPG signatures contain their own timestamps which can be just as revealing as Git timestamps. Luckily, GPG signature timestamps can also be forged with the option: `--faked-system-time <iso>`. For this to be persistent, Git needs to run a version of GPG that *always* forges the system time. Also, the script should exclude GPG version information since that could also leak time information:
```sh
#!/bin/sh
# file: /usr/bin/gpg2-git
gpg2 --faked-system-time <iso>! --no-emit-version --no-comments $@
```
`<iso>` can be any time *after* the GPG signing key was generated. An example `iso` value is `20201130T000000` for 30 November 2020 at midnight.
Make Git use the new script instead of regular GPG by adding the following lines to your Git config:
```plaintext
[gpg]
program = gpg2-git
```
Git will now use a fake system time for every GPG signed commit. [Git preserves almost no metadata](https://git.wiki.kernel.org/index.php/ContentLimitations) by design, so privacy is looking pretty good.
## 📝 Additional Notes 📝
Github is known to record [when commits are pushed](https://api.github.com/repos/cirosantilli/china-dictatorship/events). See the ticket about [Github contribution activity](https://github.com/isaacs/github/issues/142). To obfuscate push times, one could push code with cron at regular time intervals.
It's possible to use Git hooks to accomplish timestamp obfuscation, but it's still necessary to manually override the date for some Git commands, making it very inconvenient. The developers of Git should make timestamp obfuscation a feature in order to make doing all this unnecessary.
## License
This README file is licensed under [CC-BY-SA 4.0](LICENSE).
|
