Tell HN: GitHub banned me permanently
A few months ago, I’ve made some controversial comments on an open source project discussion that I regret.
Because of these comments, GitHub decided to permanently ban me from the platform.
I can no longer have any account on GitHub, new accounts that I create are hunted and suspended.
I tried appealing the ban, and months have passed with no response from support.
This means that GitHub has effectively suspended my ability to participate in the development community, and also I cannot work as well, because my company uses GitHub, and as soon as GitHub finds out that a account is used by me, the account is immediately banned under the justification that it is being used to sidestep a decision.
I don’t know what to do anymore, I’m afraid, I’m going to be fired if I can’t work, what I’m going to do?
Edit: this thread is flagged, did I do anything wrong? Should I change something, or delete it?
141 comments
[ 0.25 ms ] story [ 194 ms ] threadInversely, it would be interesting to see what the result is if the ban was not following the contract and terms of use but just the choice of an individual moderator. I don't know how much wiggle room they have to make such choices.
I'm not even remotely close to a lawyer, so I may be completely off.
I’m thinking of suing a distributor or the local Microsoft subsidiary.
The identity working with the code doesn't have to match the code.
Are you saying they will ban some "foo" account if it pushes code into a repo where some of the commits are authored by some user "Non Grata <bar@whatever.com>"?
Or how does it work?
(That was 12 years ago I haven't checked if https/oauth made things better)
If you are using a service for work, you should not be expected to maintain a direct relationship with them. It's on your employer to negotiate account creation, terms of use, payment, banning or whatever else. This is exactly how something like, say, Slack works.
you can also use GHE with unmanaged accounts that are still connected via SSO for approving access.
using enterprise managed accounts and unmanaged accounts on the same system can be quite annoying because you'll need to use different browser contexts (container tabs, separate browsers, etc.) and also different hostnames for ssh cloning to use different ssh keys.
https://docs.github.com/en/enterprise-cloud@latest/admin/ide...
https://docs.github.com/en/enterprise-cloud@latest/admin/ide...
Make a new account from a fresh email and you are probably good to go.
How would they know it is you? If you use your work email, yeah, you have to ask your employer to give you another one. But is that so hard?
If the permaban is appropriate is a different discussion. Without seeing that comment that go you banned, it's impossible to say.
Whether or not the comment warrants a permaban or not, I’d gladly delete it, avoid the behavior in the future, and also clearly regret it!
IP? Unlikely. You probably do not use a static IP that only you use, right?
Your ssh keys? Delete them.
Cookies? Delete them.
Fingerprint? Use a different browser to find out.
Etc etc.
If you are not too technically versed, maybe start from a fresh computer.
Work domain.
Work projects.
Browser fingerprinting.
Vscode telemetry data.
Windows telemetry data.
There are lots of ways to track it, and probably there’s a machine learning algorithm that helps it, because every time I find a loophole, when I’m suspended again the loophole stops working.
When you need github access to have so many jobs, it starts to reach the point where basically no comment should result in a permanent ban.
"They are a private company and can ban whoever they want"...
OK, and suddenly you find yourself banned for expressing an opinion which totally fits with your own ideology and which you thought was the epitome of virtue. You just forgot the company got bought and the new management follows a different ideology. Is the company still right in their decision to ban you? If not, why not?
Imagine, if you will - a financial analyst getting banned from Bloomberg Terminal due to some issues in Bloomberg.com.
Isn't that silly?
- Mitt Romney
Systems in use at several Big Tech companies can cross check any number of (meta) data attached to the account, resulting in flagged accounts and possibly even automated bans.
This is the reason that at least some permanently banned people on Twitter need to use VPN, a new name/bio and a burner phone to create and maintain a new account. Using a IP address used to access the old one and/or the same phone number and/or the same or a very similar name/bio (probably using a Levenshtein like algo to check similarity) automatically flags the new account.
Perhaps we should simply not be building organisational dependencies on this product.
But the ban is forever, there is zero transparency, and no appeal.
If you do the Internet equivalent of walking into GitHub without pants and they kick you off, and you gave them money, we can have a conversation about whether they should give you your money back (I guess I probably would). But other than that, what's there to talk about?
Make a new account that isn't traceable to the reputation you lit on fire, or go to any of the other perfectly viable Git hosting sites. You can even run your own.
I get not wanting to tell your boss why your old GitHub account doesn't work anymore, but: you're going to have to have that conversation, probably.
They tried...
And doing that leaves a blade dangling above your head even if your behavior is perfect on the new account.
Why can't there be anything you can do to wipe the slate mostly clean? Maybe even donating $100 to charity and giving github a few dollars for wasting their time.
GitHub is not going to develop a charity-linked rehabilitation program for people who shit on their carpet. They're just going to ban you. They're a business, not a public utility.
There's some unpleasant subtext to being blocked from GitHub that has nothing to do with someone's ability to write code: it's that your employer is certainly going to ask "uh, why are you not able to make a GitHub account?", and when you tell them "because I shat on GitHub's carpet", they may very well fire you. But that's on you, not GitHub.
That's the standard line. And it has problems when applied to companies with tens of millions of users.
Is it also "deeply unserious" when I say it's bad that shopping malls are privately owned areas masquerading as public spaces, which lets them ban people in ways that actual public spaces can't? Because there's a lot of literature on that topic, and I see it as pretty similar.
I'm talking about what should be, what is good for society. Not how the legal system currently works. Talking about that is not "deeply unserious".
And nothing about the collapse of malls changes that either.
Malls lasted a long time. But why is that a stupid decision? Let's not even say "decision" though, let's just say every mall offered to rent the hallways out to the local government at a nominal fee, nothing else changed, no lock in. Wouldn't that be a significant improvement?
And when I said earlier, tens of millions of users, if github wants to be small again then it will go back to the bottom of the sliding scale.
(I'm probably being hyperbolic, but I'm sorely tempted to test the hypothesis with the search bar below.)
Related: https://99percentinvisible.org/episode/beneath-the-skyway/
Regardless of that, my entire org relies on github globally. If we could not onboard or retain someone due to this I would raise this with our risk and compliance board and the product would be written off from the accepted vendors list almost immediately and cause a fuck load of evaluation and migration work and a $100k/year enterprise customer to disappear for them. That's how bad this is.
We already did this to two other vendors and we don't get a choice. It's a business risk.
I see complaints with zero solutions for a private company.
But in other countries, is more complicated than that.
In Brazil, those kinds of bans behaviors are not ok under consumer protection laws, and also their TOS where they don’t guarantee anything even for paid accounts is definitely not ok and suable for damages if something happens.
Did the first line about regretting the comments not indicate that pretty clearly?
I really don't want to accuse you of being deceptive for rhetorical effect, but are you actually "beginning" to think this? Am I completely misreading your comments?
Edit: This comment was a waste of space and I didn't express myself well but I was half a minute too slow on the delete button.
```
Your accounts were disabled following reports that its content or activity may have been in violation of the following prohibition found in our Acceptable Use Policies:
"We do not allow content or activity on GitHub that:
is off-topic, or interacts with platform features in a way that significantly or repeatedly disrupts the experience of other users"
Specifically, the activity that was reported included posting repetitive and disruptive comments in Visual Studio repositories, which we found to be in violation of our Acceptable Use Policies.
```
I’m not going to paraphrase because the threads were erased. I don’t have most of the comments actually.
Mail me at my username at duck.com and I’ll send you the handles of the account, you can search GitHub yourself.
Offices (and SaaS products) are dangling on a thin thread. It doesn't take a lot to lose customers. Lots of them. Especially when working from home (hosted gitlab) is a reasonable option. Most offices near me are converted to housing. You can't convert github to housing so it has even less tangible value if it pisses users off which starts a chain reaction of risk.
It's also bloody unreliable and in the forefront of people's attention for risk already.
Let us know how that goes for you.
Get a new email address.
Use a clean/new browser profile.
Create a new github account.
If that doesn't work, I'm curious to know how Github connects the accounts to the same person.
Use a VPN and perhaps get a different computer or use a different browser in case they've fingerprinted it. That seems like a lot of effort for GitHub to go to but I guess it's not impossible.
I'm not exactly sure how it works. But Reddit has banned my accounts whenever I make a new one and i've deleted all of my Reddit cookies, they somehow find me.
They also exfiltrate this data back in ways to prevent blocking, by completely randomizing the API endpoint used to submit it and also not use a dedicated endpoint. For example on each pageload it might send to /submit, or /register, or /friend, it'll just pick a random valid endpoint and "front" that
They also continue to do this while you are logged out to tie your IP to the fingerprint.
^F "Arial"Commonly spoofed fingerprints will result in a permanent ban automatically.
Or find an employer that does not require github which is like 99% of employers.
Apparently your username is a Portuguese psychological term that means self-reflection, that is cool. But maybe expand outside that.
For example Google.
I have the same issue with Reddit. I can create an account on a different email and use it fine for a few days and then boom. But I stopped using it on anything I am logged into my Google account with and it's been fine for months.
What do you access Github on? I would create a separate user profile for work. Do not log into any services such as Google on it that Github have linked to you and you should be fine.
I have a different account that I use on a work computer, I ended up posting in that same subreddit without realising my original account was banned (hadn't logged into it and noticed that was the case)
Reddit Perm banned both accounts for ban evasion and for awhile any other account I made, even though i did nothing wrong or didn't post on that subreddit again, until I made sure to use completely clean profiles whenever I want to use reddit.
Annoying.
Nowadays. The comments on Reddit are GPT3. No real users comment anymore. Next year. This will be an issue. Now, it’s just a experiment Reddit is running before IPO.
Mail me at my username at duck.com and I’ll send you the handles of the account, you can search GitHub yourself. Some threads were deleted though.
> This means that GitHub has effectively suspended my ability to participate in the development community, and also I cannot work as well, because my company uses GitHub
> I don’t know what to do anymore, I’m afraid, I’m going to be fired if I can’t work
You'll have to have a discussion with your employer/manager about why you can't use github any more.
(Partly out of sheer curiosity and partly so I can avoid this myself, as I also have a habit of making somewhat feisty comments, when I'm off my meds and in a bit of an obsessive rage about something.)
On the other hand, maybe Github has enough on its plate not to bother trying and they just blanket ban on a significant enough red flag.
Sheesh, what happened to hackers … ?
People that support non-discrimination should consider moving their repositories to smaller providers.
The only contact information I can find is this email for privacy requests, which should be good enough, they have to process legal requests they receive privacy@github.com
For Microsoft there is this Page https://www.microsoft.com/en-us/legal/policies AskCELA@microsoft.com
It's not clear from your messages whether you are a subscriber or your organization is a subscriber or both or neither. This affects how to access support and escalate and what claims you may have (your company should have a contract with access to enterprise support if they are customers).
It's not reasonable for GitHub to ban you with no justification and no recourse and make you lose your job.
Get a lawyer yourself. Or get your company to escalate through their support channel or legal.
Warning: We only have one side of the story. If you were posting abusive messages to Github in your name and/or in the company name, on company time. The company may review the messages and may find them abusive too and may fire you.
Msft said it was a GitHub decision, they can’t interfere.
EDIT: After more digging, I found the contact, the terms of services here https://docs.github.com/en/site-policy/github-terms/github-t... are linking to this legal section here https://docs.github.com/en/site-policy/other-site-policies/g... that contains address and email for legal requests. This is incorrectly put in a page "Guidelines for Legal Requests of User Data" but it's not about data request, it's for all legal requests.
I would suggest that you talk to your manager. If your company pays for GitHub, hopefully they can get in touch with support and/or a sales rep and get it sorted.
But I must respectfully note, I think if you're asking for help to circumvent a punishment by GitHub, one needs to know what the nature of the "controversy" was. There are certainly some 'controversial' viewpoints that are vile enough that I'd rather not help someone who had their views.
I respect that you're in a sticky wicket. But this seems no different from pre-Internet times when one might lose their job from insulting a close vendor or client your employer works with. Imagine you were in a bar in a one-company town talking about a sexual conquest, only to turn around and see your employer, who reveals your conquest was a 20-something child of theirs. Your choice at that point is pretty much to move.
You failed to have the self-awareness that you were in a venue that could affect your livelihood and made a mistake so significant that it can't be retracted or made up. That has happened both off the Internet and on it since time immemorial.
The question you are asking now is not how to handle the situation, but how to continue the behavior of disguising yourself to circumvent the punishment. I think that (a) is a question that shows you are not owning up to your behavior (which itself is problematic); and (b) is the wrong strategy to take in this situation, because any circumvention or working outside the GitHub system is _conceivably_ fragile and could collapse at any point, leaving you with the same problem once more.
My own suggestion - and I make this with reluctance not knowing whether the 'controversy' is something vile - would be to do two things. Both would be extremely hard.
First, I would approach your HR contact, apologize for your conduct with the most remorse you can demonstrate, and see if their person/contact (sales, support, whatever) at GitHub can help you in this situation. Assuming they want to keep you, they can even say to GitHub, "Look, we want to keep this person employed, what can you do for us? Can you provide an ability to commit code without commenting ability?" Etc.
Second, pursuing that guidance separately, I would see if anyone here, or any personal or professional contact of yours (cf. LinkedIn, etc.), has any contact at GitHub, or any friend-of-a-friend at GitHub, etc., so that you can speak with someone personally.
Certainly the repeated attempts (and deletions) at circumvention likely are not doing anything but racking up points on the 'don't let this guy back in' meter, whether that's automated or not.
Lest you think I am unsympathetic, I once made a decision that might've potentially locked me out of a great deal of future employment. I truly believe what made the difference in that situation was that I owned up to my error and looked the wronged parties in the eye and apologized directly. I explained the human factors leading me to make the wrong decision, while explicitly saying it didn't excuse the mistake. Humility is rare enough in today's world that it can oft make a difference.
I wish you luck in your resolution of this issue.
https://news.ycombinator.com/item?id=33577471
They were not offensive, they were not disrespectful, they were actually valid complaints, and I also used to participate a lot, and since people echoed the comments, they were considered ‘disruptive’.