❌ Default Git Privacy ❌
With only 3 commands anyone can find out the dates and exact times, down to the second, that a developer makes commits.
git clone <target-repo> cd <target-repo> git log --format=fuller
Over a long enough timespan, exact commit times can be used to deduce private information about a developers life. For instance, their likely timezone and sleep patterns.
📅 Git Timestamps 📅
Git commit objects have 2 or 3 timestamps to worry about. The two main ones are:
GIT_AUTHOR_DATErepresents the time and date the changes were made, not the commit.
GIT_COMMITTER_DATErepresents the time and date the changes were committed.
Removing Timestamps For Commits
Git doesn’t have a way to remove timestamps altogether, but both the
GIT_COMMITTER_DATE can be set to any arbitrary date. For maximum privacy, set the
GIT_COMMITTER_DATE to any constant date in your shell’s environment variables.
export GIT_COMMITTER_DATE="2000-01-01 00:00:00+0000" export GIT_AUTHOR_DATE="2000-01-01 00:00:00+0000"
To make the changes permanent, append the commands to ~/.bashrc:
echo -e "export GIT_COMMITTER_DATE=\"2000-01-01 00:00:00+0000\"\nexport GIT_AUTHOR_DATE=\"2000-01-01 00:00:00+0000\"" >> ~/.bashrc
If it’s desirable to retain only the day on which a commit was made, set both the
GIT_COMMITTER_DATE like so:
export GIT_COMMITTER_DATE="$(date +%Y-%m-%d) 00:00:00+0000" export GIT_AUTHOR_DATE="$(date +%Y-%m-%d) 00:00:00+0000"
This provides decent privacy and still meaningful timestamps. To make the changes permanent, append the commands to ~/.bashrc:
echo -e "export GIT_COMMITTER_DATE=\"$(date +%Y-%m-%d) 00:00:00+0000\"\nexport GIT_AUTHOR_DATE=\"$(date +%Y-%m-%d) 00:00:00+0000\"" >> ~/.bashrc
Environment variables don’t change after being set. So the dates update when a new shell is opened, not at midnight.
🔑 Removing Timestamps for Digital Signatures 🔑
It’s important to digitally sign Git commits and especially releases to prevent man-in-the-middle attacks. GPG signatures contain their own timestamps which can be just as bad for privacy as Git timestamps.
Luckily, GPG signature timestamps can also be forged with the option:
--faked-system-time <iso>. For this to be persistent, Git needs to run a version of GPG that always forges the system time. Also, the script should exclude GPG version information since that could also leak time information:
#!/bin/bash gpg2 --faked-system-time <iso>! --no-emit-version --no-comments $@
<iso> can be any time after the GPG signing key was generated. An example
iso value is
20201130T000000 for 30 November 2020 at midnight.
Make Git use the new script instead of regular GPG by adding the following lines to your Git config:
[gpg] program = gpg2-git
Git will now use a fake system time for every GPG signed commit. Git preserves almost no metadata by design, so privacy is looking pretty good.
📝 Additional Notes 📝
It’s possible to use Git hooks to accomplish timestamp obfuscation, but it’s still necessary to manually override the date for some Git commands, making it very inconvenient. The developers of Git should make timestamp obfuscation a feature in order to make doing all this unnecessary.
This README file is licensed under CC-BY-SA 4.0 .