Ask HN: Uptick in spam based on GitHub activity
Has anyone else seen a recent uptick in unsolicited email based on GitHub starring activity? There was a post recently here about Browserless doing this and I recently was added to some marketing list with no unsubscribe link from a local crypto startup which mentioned a repo I'd starred that wasn't even there's. Is this some new growth hacking thing people have been told to do? What can we do to prevent this?
12 comments
[ 0.24 ms ] story [ 36.5 ms ] threadWhat we collectively can do is to send an email to support@github.com every time it happens, with the repositories/email addresses involved in this, and short-term GitHub will remove them from the platform (making it less profitable for them to do so as they'll get removed) and hopefully over time GitHub will improve protecting their users privacy.
Thanks for bringing this up, if only to prompt me to double-check my own settings. :-)
Shouldn't this be off by default.
Cross check with the github user of the same commits HTML view.
GitHub has an option to create web commits with private non-routable emails and to block pushes you inadvertently attempt which include commits made with your public email that you choose to keep private.
Filtering existing emails from the API wouldn’t work since scrapers can just as easily clone the repo, which (by git’s design) cannot be altered without breaking everything.
(Disclosure: I am a GitHub employee)
Use the private email options or at least have a unique email for commits that you can easily identify that it came from someone scraping and just filter for it.
"When you push to GitHub, we’ll check the most recent commit. If the author email on that commit is a private email on your GitHub account, we will block the push and warn you about exposing your private email."
Seems to me that it’s being transitioned, LinkedIn-style, to a recruitment or marketing-centric tool.