from Kalcifer@sh.itjust.works to privacy@lemmy.ml on 31 Aug 10:37
https://sh.itjust.works/post/24495692
Git records the local timezone when a commit is made [1]. Knowledge of the timezone in which a commit was made could be used as a bit of identifying information to de-anonymize the committer.
Setting one’s timezone to UTC can help mitigate this issue [2][3] (though, ofc, one must still be wary of time-of-day commit patterns being used to deduce a timezone).
References
1. Git documentation. git-commit. “Date Formats: Git internal format”. Accessed: 2024-08-31T07:52Z. git-scm.com/docs/git-commit#Documentation/git-com….
> It is <unix-timestamp> <time-zone-offset>, where <unix-timestamp> is the number of seconds since the UNIX epoch. <time-zone-offset> is a positive or negative offset from UTC. For example CET (which is 1 hour ahead of UTC) is +0100.
2. jthill. “How can I ignore committing timezone information in my commit?”. Stack Overflow. Published: 2014-05-26T16:57:37Z. (Accessed: 2024-08-31T08:27Z). stackoverflow.com/…/how-can-i-ignore-committing-t….
> to set the timezone for a specific command, say e.g. TZ=UTC git commit
3. Oliver. “How can I ignore committing timezone information in my commit?”. Stack Overflow. Published: 2022-05-22T08:56:38Z (Accessed: 2024-08-31T08:30Z). stackoverflow.com/a/72336094/7934600
> each commit Git stores a author date and a commit date. So you have to omit the timezone for both dates.
>
> I solved this for my self with the help of the following Git alias:
>
> ```
> [alias]
> co = “!f() {
> export GIT_AUTHOR_DATE="$(date -u +%Y-%m-%dT%H:%M:%S%z)";
> export GIT_COMMITTER_DATE="$(date -u +%Y-%m-%dT%H:%M:%S%z)";
> git commit $@;
> git log -n 1 --pretty="Autor: %an <%ae> (%ai)";
> git log -n 1 --pretty="Committer: %cn <%ce> (%ci)";
> }; f”
Cross-posts:
#privacy
threaded - newest
It’s not the only thing that leaks timezone data, and the fix is identical: have the machine pretend you’re in UTC.
For example: if you enable Resist Fingerprinting (RFP) in Librewolf, it will lie to websites and pretend your timezone is UTC - because of course timezone is one of the factors used to fingerprint you - and all the sites you visit that show you your local time, or depend on your local time for something or other, will show you the wrong time. And that’s how you know it works 🙂
And that’s the reason why I don’t use it, I need specific websites that access my local time, and apparently whitelisting is not a thing.
Sure it is. There’s a button labeled “Manage exceptions” that does exactly that.
That is a possible solution, though not exactly the most convenient, imo. That is, if I understand you correctly that you are talking about setting the OS timezone to be UTC.
This seems like a weird thing to be concerned about. Any given time zone there are going to be millions if not billions of people.
Git also “leaks” your system username and hostname IIRC by default which might be your real name. A fake name and email would pretty much be sufficient to make any “leaked” time zone information irrelevant.
Granted… I wonder if stuff like this is how they caught those North Korean “employees.”
arstechnica.com/?p=2042326
FWIW, I’d also suggest just picking the wrong time zone (but a close one) over UTC or something like that. UTC seems like it’s just “HEY LOOK AT ME! I’M TRYING TO HIDE SOMETHING!” One on the other side of the world, if you sleep like most people, could be defeated by doing an analysis of when the commits were made on average vs other folks from random repositories to find the average time of day and then reversing that information into a time zone.
It’s better to be “Jimmy Robinson in Houston Texas” than “John Smith in UTC-0”
This is the first thing I thought of upon reading the title, and I swear I’ve read a writeup of something that included this as a lead that led to identifying an individual (i.e. commit timestamps)
It’s also in the post body.
One more bit of identifying information is still one more bit of identifying information.
This is only part of a fallback if a username and email is not provided [1].
References
1. Git. Reference Manual. git-commit. “COMMIT INFORMATION”. Accessed: 2024-08-31T23:30Z. git-scm.com/docs/git-commit#_commit_information. > In case (some of) these environment variables are not set, the information is taken from the configuration items
user.nameanduser.email, or, if not present, the environment variable EMAIL, or, if that is not set, system user name and the hostname used for outgoing mail (taken from/etc/mailnameand falling back to the fully qualified hostname when that file does not exist).Perhaps only within the context where one is fine with being completely unidentifiable. But this doesn’t consider the circumstance where a user does want their username to be known, but simply don’t want it to be personally identifiable.
This is a fair argument. Ideally, imo, recording dates for commits would be an optional QoL setting rather than a mandatory one. Better yet, if Git simply recorded UTC by default, this would be much less of an issue overall.
I mentioned this in my post.
That decision is contextually dependent.
Wait until you find out about build systems
How do you mean?
Often times the final build will have the information from the system including the hostname and username
That would certainly also be worthy of concern.
Not really as those are public things. Dhcp is more of a issue.
Would you mind citing an example of exactly what you are referring to? I feel like I’m presuming a lot of things in your statements here.
I don’t know if it’s “more”, or “less” of an issue, but all these things are worthy of concern.
It’s not leak when it’s an intended and documented feature…
Fair point. I think “leak” is likely the wrong term to use here. “Exposes” is probably a better one. I’ll update the post promptly.