Privacy tools for local Git metadata

[luckyabsoluter]

Hi SourceGit community,

I’m interested in working on a privacy-focused feature for SourceGit.

Git can expose more personal information than many users expect. For example, timezone, working hours, commit timing patterns, and other metadata may reveal or allow others to infer private habits or location-related information. I’d like to propose features that help users reduce this kind of exposure by giving them more control over local Git metadata.

The basic idea is to provide tools such as:

• adjusting, removing, or randomizing local commit timestamps
• helping users avoid exposing unnecessary committer metadata
• allowing users to review privacy-sensitive metadata before committing
• optionally applying privacy rules automatically when creating commits

In particular, randomizing timestamps(timezone) within a user-defined range may provide better privacy than simply replacing them with a fixed value. Even if some real working times are mixed in, a randomized overall pattern makes it harder for outsiders to identify which timestamps reflect actual working hours and which ones were adjusted.

This idea is not completely new. Similar concerns already exist in the Git ecosystem, and there are external tools such as nmeum/git-shuffle and EMPRI-DEVOPS/git-privacy that try to address this problem. However, these are separate tools. Integrating a safe, user-controlled version of this functionality into SourceGit could make it more accessible to users and allow it to benefit from community review and long-term maintenance.

This feature would not modify remotes or rewrite history without the user’s explicit action. It would only operate on local information, and only when the user chooses to use it.

There may be two kinds of functionality:

1. Manual tools, where the user directly reviews and modifies local metadata.
2. Optional automatic behavior, where selected privacy rules are applied during commit creation.

I think the safest first step would be a non-invasive, general-purpose, user-controlled set of manual tools. Automatic commit-time behavior could be considered later, only if the design is clear and acceptable to the project.

Would the SourceGit maintainers and community be interested in this direction?

[Mingun]

It seems, that git hooks may help you to change commit metadata without requiring support in various tools.

[luckyabsoluter]

The first use case is selecting only the desired commits through the GUI and adjusting them manually.

At commit time, it may not be possible to determine the appropriate adjusted timestamp. Relying on remotes does not cover the intended use cases, and manually entering commit hashes in the CLI is inconvenient.

This is similar to why people use a Git GUI instead of only using the Git CLI: the graph provides useful insight, and the workflow can be easier and faster.

[love-linger]

You can add a custom action that has the Commit scope. Then when you select a commit in HISTORY page and open the context menu of it, this custom action will appear.