
Show HN: Gitnonymous – Contribute anonymously to Git repositories over Tor - chr15m
https://github.com/chr15m/gitnonymous
======
ryan-c
A few things:

This seems to really be a pseudonym management tool, which is useful, but
technically not anonymous.

A few information leaks still present:

* Timezone (narrows down location)

* Commit times (narrows down sleeping/working hours)

* SSH client version (shows Linux distro version and patch level)

~~~
detaro
Time data could/should be randomized (can still be ordered, but distribute
regularly over the day). Couple this with pushing commits at random times in a
defined timezone and you probably can get rid of most time leaks?

~~~
ryan-c
You want to make at least a 24 hour window of plausible commit time, which is
constrained by the previous pull time (assuming it is from someone else and
not obfuscated), and the push time.

I would push at midnight UTC that is at least 24 hours after the most recent
pull and set commit time = push time.

