summaryrefslogtreecommitdiff
path: root/content/entry/git-privacy.md
diff options
context:
space:
mode:
Diffstat (limited to 'content/entry/git-privacy.md')
-rw-r--r--content/entry/git-privacy.md17
1 files changed, 4 insertions, 13 deletions
diff --git a/content/entry/git-privacy.md b/content/entry/git-privacy.md
index 8f80646..f2a1ec0 100644
--- a/content/entry/git-privacy.md
+++ b/content/entry/git-privacy.md
@@ -2,11 +2,10 @@
title: "Git Privacy"
date: 2021-03-19T00:00:00
draft: false
-makerefs: false
---
The text below is comes straight from my Git repository (with slight modifications). Find it at the link below:
-[Git Repository][1]
+[Git Repository](https://git.nicholasjohnson.ch/git-privacy/tree/README.md)
# Git-Privacy
## Because Git's defaults are bad for your privacy
@@ -26,7 +25,7 @@ git log --format=fuller
An unmodified Git repo reveals too much about a developer's life. It reveals what dates and times they made commits and when those commits were modified. Based on that, with some inference techniques, others can deduce when the developer sleeps, their range of likely timezones and roughly how efficient they are as a developer. Combined with other data sets, Git poses a serious privacy issue.
# 📅 Git Timestamps 📅
-Git commit objects[2] have exactly 2 (sometimes 3) timestamps to worry about. I'll get to the 3rd later. Here are the 2 main ones:
+[Git commit objects](https://mirrors.edge.kernel.org/pub/software/scm/git/docs/user-manual.html#commit-object) have exactly 2 (sometimes 3) timestamps to worry about. I'll get to the 3rd later. Here are the 2 main ones:
* GIT_AUTHOR_DATE represents the time and date the changes were made, not the commit.
* GIT_COMMITTER_DATE represents the time and date the changes were committed.
@@ -94,10 +93,10 @@ Finally, to make Git use the new gpg2-git program, add the following lines to ~/
program = gpg2-git
```
-Done. Git will now use a fake system time for every signed commit. Git preserves almost no metadata[3] by design, so privacy is looking pretty good.
+Done. Git will now use a fake system time for every signed commit. [Git preserves almost no metadata](https://git.wiki.kernel.org/index.php/ContentLimitations) by design, so privacy is looking pretty good.
# 📝 Additional Notes 📝
-The most popular code hosting platform Github is known to record when commits are pushed[4]. See the ticket about Github contribution activity[5].
+The most popular code hosting platform [Github is known to record when commits are pushed](https://api.github.com/repos/cirosantilli/china-dictatorship/events). See the ticket about [Github contribution activity](https://github.com/isaacs/github/issues/142).
Push times aren't really exclusive to Github. It's possible that other code hosting platforms track them outside of the public API. It's easy enough for anyone to crawl a public repo and track push times anyway. Unless the developer controls the code hosting platform then they can't know for certain whether push times are being tracked.
@@ -107,11 +106,3 @@ Environment variables may seem a very crude way to obfuscate Git timestamps. It'
# License
This text is licensed under CC-BY-SA 4.0.
-
-
-Link(s):
-[1: Git Privacy](https://git.nicholasjohnson.ch/git-privacy/tree/README.md)
-[2: https://mirrors.edge.kernel.org/pub/software/scm/git/docs/user-manual.html#commit-object](https://mirrors.edge.kernel.org/pub/software/scm/git/docs/user-manual.html#commit-object)
-[3: https://git.wiki.kernel.org/index.php/ContentLimitations](https://git.wiki.kernel.org/index.php/ContentLimitations)
-[4: https://api.github.com/repos/cirosantilli/china-dictatorship/events](https://api.github.com/repos/cirosantilli/china-dictatorship/events)
-[5: https://github.com/isaacs/github/issues/142](https://github.com/isaacs/github/issues/142)