Tell HN: GitHub forcing 2FA on users has no basis in their ToS
Recently I received an email from GitHub telling me i need to enable 2FA because i'm a somewhat active (hobbyist!) developer...
But the ToS very clearly states:
"You are responsible for keeping your Account secure while you use our Service. We offer tools such as two-factor authentication to help you maintain your Account's security, but the content of your Account and its security are up to you."
I think it is cute when corporations don't even bother to conform to their ToS themselves. This one is even almost readable.
Anyway, i just thought you'd like to know. Have a nice day!
14 comments
[ 4.0 ms ] story [ 46.9 ms ] threadIt's not a law.
See also: "I am not a supplier" https://news.ycombinator.com/item?id=34201368
If your account is unimportant to you github shouldn't force you to add layers of security when they literally throw you under the bus in the TOS telling you it is your responsibility.. good let me decide my level of risk.
If you do not have the good sense to lock up such a weapon, then please delete your account.
To my (well-founded) knowledge nobody distributes my code; and if they did they'd have full responsibility. That's what "THE SOFTWARE IS PROVIDED 'AS IS'" means. You don't have to like it and you don't have to use it.
There really is no middle ground unless you develop a relation. Who says i can be trusted? Not me!
L4 says ”GitHub has the right to suspend […] your access […] at any time […]. GitHub reserves the right to refuse service to anyone for any reason at any time.”
It doesn't matter if they updated them in time for someone actually reading a tos.
the main reason they want your phone number is to tie you to a more expensive profile for ad impressions.