[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Dealing with File System Timestamps

Development
#1

This thread is for researching ways/tools to workaround the creation filestamp problem which can leak a lot of info about a files origin and whistelblowing timeline:

Jeremy Rand:

In some cases, opening and resaving a file can help, but that will only set the “modified” time field. A lot of filesystems also store a “created” time field, which will not be affected by opening/saving. Also, some file formats will actually leak additional info about what software opened them if you open/resave them. So I wouldn’t really recommend that approach. I think there exist tools that will wipe filesystem timestamp metadata; if such tools exist (I haven’t looked very carefully) then they’re probably preferable.

Patrick:
There’s a mount option noatime. Probably also one to not record creation time. Would be good if we enabled that in Whonix.

…without writing to /etc/fstab directly.

Related


Not easy to implement on Linux distribution level.


1 Like
(re-)mount home [and other?] with noexec (and nosuid [among other useful mount options]) for better security?
Whonix 15.0.1.5.4 - for VirtualBox - Point Release!
#2

The touch command fits the bill. To be tested and documented:

https://www.thegeekstuff.com/2012/11/linux-touch-command/



#3

The stat command shows a Birth field which is exclusively used and populated by Windows to snitch on when a file was created. This isn’t supported/viewable on Linux easily, let alone modifiable. Touch can easily take care of access/modification info with Linux originating files, but stuff from Windows will always be a privacy risk.

https://moiseevigor.github.io/software/2015/01/30/get-file-creation-time-on-linux-with-ext4/

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]