Very clever use case!

Not really as those are public things.

Would you mind citing an example of exactly what you are referring to? I feel like I’m presuming a lot of things in your statements here.

Dhcp is more of a issue.

I don’t know if it’s “more”, or “less” of an issue, but all these things are worthy of concern.

That would certainly also be worthy of concern.

have the machine pretend you’re in UTC.

That is a possible solution, though not exactly the most convenient, imo. That is, if I understand you correctly that you are talking about setting the OS timezone to be UTC.

could be defeated by doing an analysis of when the commits were made on average vs other folks from random repositories to find the average time of day and then reversing that information into a time zone

This is the first thing I thought of upon reading the title

It’s also in the post body.

Any given time zone there are going to be millions if not billions of people.

One more bit of identifying information is still one more bit of identifying information.

Git also “leaks” your system username and hostname IIRC by default which might be your real name.

This is only part of a fallback if a username and email is not provided [1].

A fake name and email would pretty much be sufficient to make any “leaked” time zone information irrelevant.

Perhaps only within the context where one is fine with being completely unidentifiable. But this doesn’t consider the circumstance where a user does want their username to be known, but simply don’t want it to be personally identifiable.

UTC seems like it’s just “HEY LOOK AT ME! I’M TRYING TO HIDE SOMETHING!”

This is a fair argument. Ideally, imo, recording dates for commits would be an optional QoL setting rather than a mandatory one. Better yet, if Git simply recorded UTC by default, this would be much less of an issue overall.

if you sleep like most people, could be defeated by doing an analysis of when the commits were made on average vs other folks from random repositories to find the average time of day and then reversing that information into a time zone.

I mentioned this in my post.

It’s better to be “Jimmy Robinson in Houston Texas” than “John Smith in UTC-0”

That decision is contextually dependent.

How do you mean?

Fair point. I think “leak” is likely the wrong term to use here. “Exposes” is probably a better one. I’ll update the post promptly.

Ah, right. I forgot that they’re based in Sweden. That’s understandable if it’s simply a lack of familiarity with the language, but, still, I would expect a company like Mullvad to at least have one native-equivalent English speaker to look over their public facing English stuff. None of this is the end of the world, ofc — I’m just mildly surprised.

There are a surprising number of grammatical errors in that blog post. Did anyone proof read it, I wonder?

Nearly 90% of their servers are blocked to do common internet tasks .

Perhaps your browsing habits are severely impacted by Mullvad being blocked, but that doesn’t seem to be the universal case. I’ve had the occasional hiccup with a few sites that block VPNs (Mullvad’s IPs), but “90%” is quite an exaggeration when compared to my personal experience.

For annotating PDFs:

• Xournal++
• Rnote

For arranging PDFs:

• PDF Arranger

That’s a rather self-centered statement, imo. Just because you may not be bothered by the idea, does not mean that it does not have merit for others. That line of thinking is in a similar vein to saying “We don’t need freedom of speech because I have nothing to say.”.

It’s all about reducing the surface area for an attack — if you do become compromised, it’s one less thing to have to worry aobut. It would be preferable to not have to worry about your data and someone bribing you with some video footage.