Git records the local timezone when a commit is made [1]. Knowledge of the timezone in which a commit was made could be used as a bit of identifying information to de-anonymize the committer.
Setting one's timezone to UTC can help mitigate this issue [2][3] (though, ofc, one must still be wary of time-of-day commit patterns being used to deduce a timezone).
It is <unix-timestamp> <time-zone-offset>, where <unix-timestamp> is the number of seconds since the UNIX epoch. <time-zone-offset> is a positive or negative offset from UTC. For example CET (which is 1 hour ahead of UTC) is +0100.
to set the timezone for a specific command, say e.g. TZ=UTC git commit
Oliver. "How can I ignore committing timezone information in my commit?". Stack Overflow. Published: 2022-05-22T08:56:38Z (Accessed: 2024-08-31T08:30Z). https://stackoverflow.com/a/72336094/7934600
each commit Git stores a author date and a commit date. So you have to omit the timezone for both dates.
I solved this for my self with the help of the following Git alias:
It is slightly surprising no? I can't see any real reason for it to record this information.
That said, your rough timezone is probably going to leak just from the fact that people generally don't make commits in the middle of the night. If you want HN paranoia levels of anonymity you need to schedule your commits to be automatically pushed at exactly midnight UTC every day.
The only time I came across this subject was when there were malicious commits in a code base. When else would this matter? The commit contains your name and email address. Who cares about time zone? Just as anything in a commit, these metadata can be freely manipulated and serve purely as information for other developers. Who are you scared of seeing your time zone in a commit on a seemingly public code repository? This is such a pointless non-discovery
In case the usage of that word is core to your argument, note that I have changed it from "leaks" to "exposes".
So a documented core aspect of the tool is a leak.
A service/tool being documented doesn't necessitate that that service/tool is private. All large social media companies, which seem to universally be understood as the antithesis to privacy, have very detailed terms and conditions that outline exactly what those services do. Do you think those services should be regarded as private because what they do is documented…?
Because if we are in different zones we could both commit around 09:00 local time, so then it would seem we both committed at the same instance in time, which we didn't.
If we were both running UTC it could work, I guess; otherwise the order of commits would stop making sense.
edit: unless you meant to auto-convert the local time to a unix timestamp, that could work. I'm overthinking stuff.
I guess; otherwise the order of commits would stop making sense.
Fundamentally, Git doesn't require commits to be dated (I'm assuming some things about the protocol here — there might be something in the source code that does a check, but my point will still stand). Version control only cares about the changes from one thing to the next. The time at which the change occurred is irrelevant for this end. Things like committer names, committer emails, commit times, commit messages, etc. are QoL additions on top of what I view as the base git protocol. I'm not sure if there is an RFC which outlines Git in more detail, though. If someone is aware of such a standard, please share it.
unless you meant to auto-convert the local time to a unix timestamp, that could work. I’m overthinking stuff.
Personally, that's what I presumed they were referring to. Either that, or just storing a UTC time. Technically, I suppose storing UTC is effectively storing a timezone, but not in the sense of what this post is talking about.