After that story (yesterday?) about someone being locked out of GitHub when using “sign in with Github” I was curious about this on. If you select “private” it requests permissions to change your profile and add / remove followers.
Not sure how I feel about the branding on this. It's not an official GitHub project, but sort of looks like one. I'm sure it's completely innocent, but I don't want to login to it.
What with the story yesterday of a GitHub user logging it a service, then having their account suspended, I'm a little nervous of this.
The "public access" login looks ok, but the "privet access" login is asking for almost full control of your GitHub account...
I suspect GitHub will ask them to change the name of this, at a minimum.
(If I wanted to phish a bunch of GitHub accounts, I think this looks like a good way to do it)
I’d prefer a model where I can export info from my profile and this tool creates a nice embeddable widget. That way I know exactly what I’m handing over.
14 comments
[ 0.29 ms ] story [ 45.4 ms ] threadEDIT oh! The data streams in. Had to wait a bit more and refresh to not get a partial result.
No thanks!
What with the story yesterday of a GitHub user logging it a service, then having their account suspended, I'm a little nervous of this.
The "public access" login looks ok, but the "privet access" login is asking for almost full control of your GitHub account...
I suspect GitHub will ask them to change the name of this, at a minimum.
(If I wanted to phish a bunch of GitHub accounts, I think this looks like a good way to do it)
WARNING: "GitHub Private Access" button allows the site owner write anything in your private repositories.
https://play.clickhouse.com/play?user=play#U0VMRUNUCiByZXBvX...
No need for a tool with a sign-in requirement.
For a guide to using see https://ghe.clickhouse.tech/ by Alexey Milovidov. It's both informative and funny.
Disclaimer: I work for Altinity.