More and more linux-filesystems not only support known access and modify-timestamps, but also birth-timestamps. Examples are ext4 and newer xfs-versions.
These birth-timestamps describe when a file was originally created and can usually not be changed by the user, which is fine for the usual usecase of this timestamp.
We however run a system storing sensitive information, where (exact) creation timestamps could be used to deduct part of the content. For that reason, we modify access and modify-timestamps using touch stripping too accurate parts of these timestamps, essentially running modulo 6h on them.
However, running stat on these files the new birth-timestamps can be seen with quite exact timestamps. I did some research for ext4 and xfs if it would be possible to ignore birth-timestamps and write 0 for all of them, but sadly I could not find such mount-option.
Using disk-encryption is not an option for us, as the encryption key must be recalculated for each file and encryption must happen inside of our application. So currently aes256-encrypted zip-files serve the purpouse quite well, except for the birth-timestamps.
sleep $(( RANDOM % 21600 )); mv file oldfile; cp oldfile file; rm -f oldfile?