[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Dealing with File System Timestamps

This thread is for researching ways/tools to workaround the creation filestamp problem which can leak a lot of info about a files origin and whistelblowing timeline:

Jeremy Rand:

In some cases, opening and resaving a file can help, but that will only set the “modified” time field. A lot of filesystems also store a “created” time field, which will not be affected by opening/saving. Also, some file formats will actually leak additional info about what software opened them if you open/resave them. So I wouldn’t really recommend that approach. I think there exist tools that will wipe filesystem timestamp metadata; if such tools exist (I haven’t looked very carefully) then they’re probably preferable.

Patrick:
There’s a mount option noatime. Probably also one to not record creation time. Would be good if we enabled that in Whonix.

…without writing to /etc/fstab directly.

Related


Not easy to implement on Linux distribution level.

https://lists.freedesktop.org/archives/systemd-devel/2019-December/043844.html
https://lists.freedesktop.org/archives/systemd-devel/2019-December/043845.html

1 Like

The touch command fits the bill. To be tested and documented:

https://www.thegeekstuff.com/2012/11/linux-touch-command/



The stat command shows a Birth field which is exclusively used and populated by Windows to snitch on when a file was created. This isn’t supported/viewable on Linux easily, let alone modifiable. Touch can easily take care of access/modification info with Linux originating files, but stuff from Windows will always be a privacy risk.

https://moiseevigor.github.io/software/2015/01/30/get-file-creation-time-on-linux-with-ext4/

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]