This thread is for researching ways/tools to workaround the creation filestamp problem which can leak a lot of info about a files origin and whistelblowing timeline:
Jeremy Rand:
In some cases, opening and resaving a file can help, but that will only set the “modified” time field. A lot of filesystems also store a “created” time field, which will not be affected by opening/saving. Also, some file formats will actually leak additional info about what software opened them if you open/resave them. So I wouldn’t really recommend that approach. I think there exist tools that will wipe filesystem timestamp metadata; if such tools exist (I haven’t looked very carefully) then they’re probably preferable.
Patrick:
There’s a mount option noatime. Probably also one to not record creation time. Would be good if we enabled that in Whonix.
…without writing to /etc/fstab directly.
Related
Not easy to implement on Linux distribution level.