If you are registered on GitHub, or are thinking of doing so, consider the following:

Several years ago I registered on GitHub and, as I religiously do when registering on any site, I check their Privacy Policy and, if it is satisfactory and I choose to register, I use a unique e-mail address with that site's name as the user name. I also am very careful to make sure I choose any privacy settings to prevent getting spammed by them or any of their "partners".

Their Privacy Policy is explicit: "We do not share, sell, rent, or trade User Personal Information with third parties for their commercial purposes."

Yet starting this past week I am getting spammed by several job-marketing sites multiple times daily and all are being sent to the unique address that I provided GitHub when I registered (and have never used for any other purpose).

I have sent them a very pointed message telling them that I expect them to get my e-mail address removed from the lists of all third parties they have provided it to and that, if they don't, I will seek legal redress. I also pointed out that I'm sure I'm not the only person whose privacy they have blatantly violated in this way and that before they choose to disregard my request they might consider the implications of the phrase "class action".

 

You have to be careful of github commit logs. An email address can be easily extracted from the commit log of a public repository.

 

"We do not share, sell, rent, or trade User Personal Information with third parties for their commercial purposes."

That doesn't sound iron-clad to me in any way. It doesn't prevent them from...
- giving all emails away ("sharing" implies splitting)
- sending marketing emails on behalf of another entity (the other entity may never have your email Eventhough their email is listed as the sender
- Gethub could give or sell it to a non-profit if there is an agreement the emails are used for non-commercial purposes. It is not the fault of Github if the non-profit uses them incorrectly. GitHub is not obligated to sue the non-profit for breach of contract if the names were supposed to be used for non-profit only.
I can think of a half-dozen other scenarios. The key to contracts is logical phrases - look how many other ways one can transfer knowledge that is not through share, sell, rent, trade.

Finally, you are free to sue anyone. Winning can be possible but you'll likely have to pay the lawyer up front. Collecting cash will be a problem, you'll have to show damage. How painful was it for you to have to see emails from random companies on an email account you only used register for github? The most you can hope for is a judge telling github, "hey, stop doing that".

 

First, that is not the extent of their Privacy Policy, it is but one sentence in it. Here's another one from it: "We will use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay." Note that the bold font is from their policy, I did not add it for emphasis.

Second, law firms that accept cases that have the potential for class-action status almost always do so on a contingency basis because they are cash cows that are usually settled out of court.

Third, just look at the hundreds of class action suits in which the plaintiffs, individually, lost little to nothing of monetary value. Have you never received notice of class action settlements to which you are a party unless you explicitly decline by a certain deadline and, if you don't, you will automatically be a member of the class and forfeit your right to sue separately? If so, have you ever read the details of the settlement? It is not uncommon for the settlement to everyone except the lead plaintiffs to receive such paltry amounts it is totally worthless to bother one way or the other -- settlement amounts of less than $5 are not at all uncommon. Why? Because the damages on an individual basis are seldom amount to much. But now consider the cost to the company when, even at $5 a pop, you have a class that has a few million members.

I remember receiving one from the Classmates.com settlement (well, one of them, since they got sued and lost more than once) and the settlement merely gave class members a coupon for $2 off a Gold level membership -- which struck me as hilarious. Here you have a company that violated its customers privacy and tricked millions into joining by telling them that someone from high school was trying to get in touch with them when nothing of the sort was true, but the only way you are compensated requires you to do business with that same company? That settlement was rejected, but the new improved one gave class members less than $4. Even so, it cost Classmates.com around $10 million (including their own legal fees). The class lawyers got nearly a million dollars. The lead plaintiffs in class action suits usually receive a few thousand to a few tens of thousands of dollars (I think it was about $20k in the Classmates.com case). The lawyers almost always receive compensation well over half a million dollars to several million dollars.

Finally, the main point of the post was to warn people that GitHub is blatantly abusing their customers' private information in violation of what they boldly claim. If people still want to provide that information to them, then at least they are doing so having been warned.

 

So, the Junk e-mail address I gave them, they can share sell or whatever. I never give out an e-mail address I use for personal communications with family and friends.

Absolutely will not give my work to even family or friends.

kv

 

First, that is not the extent of their Privacy Policy, it is but one sentence in it. Here's another one from it: "We will use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay." Note that the bold font is from their policy, I did not add it for emphasis.

Second, law firms that accept cases that have the potential for class-action status almost always do so on a contingency basis because they are cash cows that are usually settled out of court.

Third, just look at the hundreds of class action suits in which the plaintiffs, individually, lost little to nothing of monetary value. Have you never received notice of class action settlements to which you are a party unless you explicitly decline by a certain deadline and, if you don't, you will automatically be a member of the class and forfeit your right to sue separately? If so, have you ever read the details of the settlement? It is not uncommon for the settlement to everyone except the lead plaintiffs to receive such paltry amounts it is totally worthless to bother one way or the other -- settlement amounts of less than $5 are not at all uncommon. Why? Because the damages on an individual basis are seldom amount to much. But now consider the cost to the company when, even at $5 a pop, you have a class that has a few million members.

I remember receiving one from the Classmates.com settlement (well, one of them, since they got sued and lost more than once) and the settlement merely gave class members a coupon for $2 off a Gold level membership -- which struck me as hilarious. Here you have a company that violated its customers privacy and tricked millions into joining by telling them that someone from high school was trying to get in touch with them when nothing of the sort was true, but the only way you are compensated requires you to do business with that same company? That settlement was rejected, but the new improved one gave class members less than $4. Even so, it cost Classmates.com around $10 million (including their own legal fees). The class lawyers got nearly a million dollars. The lead plaintiffs in class action suits usually receive a few thousand to a few tens of thousands of dollars (I think it was about $20k in the Classmates.com case). The lawyers almost always receive compensation well over half a million dollars to several million dollars.

Finally, the main point of the post was to warn people that GitHub is blatantly abusing their customers' private information in violation of what they boldly claim. If people still want to provide that information to them, then at least they are doing so having been warned.

Im sorry your parents either taught you to be such a weak, feeble personality, or, for your pathological need for fairness/correctness. Good luck.

 

what I am getting from this is that I should have been a lawyer

 

what I am getting from this is that I should have been a lawyer

Getting an engineering education does not make you an engineer - it only teaches you what engineers do - you'll still be who you are and you'll gravitate to what you like to do (if given an option).

Likewise, educating yourself in law does not make you a scum-sucking bottom feeder.

 

Im sorry your parents either taught you to be such a weak, feeble personality, or, for your pathological need for fairness/correctness. Good luck.

And I'm sorry that you feel it is such a horrible thing to make people aware of the deceitful business practices of companies that they are or might consider doing business with. But please keep the personal attacks to yourself. I know you seem to get your jollies following me around the forums for the sole purpose of trying to bait me into confrontations with you -- and that you have succeeded on more than one occasion -- but, really, don't you think it is about time that you choose to grow up?

 

And I'm sorry that you feel it is such a horrible thing to make people aware of the deceitful business practices of companies that they are or might consider doing business with.

If that was your main point, I have a piece of advice for you: all the "free" services on the internet have a hidden price, so, Caveat emptor.

Also, I'm sorry that I missed your main point, but, you have to admit, it was lost in some of the following...

I have sent them a very pointed message telling them that I expect them to get my e-mail address removed from the lists of all third parties they have provided it to and that, if they don't, I will seek legal redress. I also pointed out that I'm sure I'm not the only person whose privacy they have blatantly violated in this way and that before they choose to disregard my request they might consider the implications of the phrase "class action".

Third, just look at the hundreds of class action suits in which the plaintiffs, individually, lost little to nothing of monetary value. Have you never received notice of class action settlements to which you are a party unless you explicitly decline by a certain deadline and, if you don't, you will automatically be a member of the class and forfeit your right to sue separately? If so, have you ever read the details of the settlement? It is not uncommon for the settlement to everyone except the lead plaintiffs to receive such paltry amounts it is totally worthless to bother one way or the other -- settlement amounts of less than $5 are not at all uncommon. Why? Because the damages on an individual basis are seldom amount to much. But now consider the cost to the company when, even at $5 a pop, you have a class that has a few million members.

I remember receiving one from the Classmates.com settlement (well, one of them, since they got sued and lost more than once) and the settlement merely gave class members a coupon for $2 off a Gold level membership -- which struck me as hilarious. Here you have a company that violated its customers privacy and tricked millions into joining by telling them that someone from high school was trying to get in touch with them when nothing of the sort was true, but the only way you are compensated requires you to do business with that same company? That settlement was rejected, but the new improved one gave class members less than $4. Even so, it cost Classmates.com around $10 million (including their own legal fees). The class lawyers got nearly a million dollars. The lead plaintiffs in class action suits usually receive a few thousand to a few tens of thousands of dollars (I think it was about $20k in the Classmates.com case). The lawyers almost always receive compensation well over half a million dollars to several million dollars.

 

If you wanted the main point, then perhaps you might have read the title of the thread -- and you must have a time machine or a crystal ball to be able to get lost about the point of the original post due to a response made to address a faulty point you made in response to that post.

Your "advice" of caveat emptor rings pretty hollow when you piss and moan because someone is merely making consumers more aware.

 

Your "advice" of caveat emptor rings pretty hollow when you piss and moan because someone is merely making consumers more aware.

Funny use of synonyms. I like it.

 

Warning: GitHub will sell your private information if you register with them.

I dunno -- My strategy is that of absolute nondisclosure of personally identifiable (or otherwise sensitive) info anywhere request for same fails stringent 'need to know testing' -- Moreover, (where lincensure status, etc is not at issue) 'online commerce' (Spec purchases) should be done anonymously via 'throw away' debit cards only - and internet access via 'throw away' ISPs only! --- Even then, inadvertent 'Doxing' of oneself is way too easy (as I've discovered to my cost on several occasions)

Remember! You're only paranoid if you're wrong!

Sincerely
HP

 

The most you can hope for is a judge telling github, "hey, stop doing that".

--Emphasis added--


Or, indeed: 'CUT IT OUT' -- Wah!...

Sorry! - My bad

TTFN
HP

 

I think everybody here is smart enough to use disposable email addresses.
(I always have at least 3 spares.)
There are also, "block" functions and, "spam filters" to stop certain senders.
The idea that other people will not reveal your email address is simply naive.
Complaining that they did reveal your address only tells me how naive you are.

 

I think everybody here is smart enough to use disposable email addresses.
(I always have at least 3 spares.)
There are also, "block" functions and, "spam filters" to stop certain senders.
The idea that other people will not reveal your email address is simply naive.
Complaining that they did reveal your address only tells me how naive you are.

So if your neighbor did business with XYZ company who had told them that they would never do something and then proceeded to do it, and then your neighbor informed you that you might want to think twice about doing business with XYZ because they will tell you that they will never do that thing but yet will proceed to do it, would you really just tell them that they are naïve and then completely ignore that information should you subsequently decide to do business with XYZ? Or would you appreciate having been informed of that information so that, if you wanted to, you could fold it into your decision making process when deciding whether or not to do business with XYZ?

In other words, what the hell is so horrible about letting people know that GitHub blatantly violates their Privacy Policy?

And which, by the way, the vast majority of reputable online entities do NOT do. I have had these two domains for over fifteen years and intend to keep them for the rest of my life, which means I want to prevent them getting out into the wild for spammers. I have been very careful in who I give them out to (including using throwaway usernames that are caught by the catchall filter and forwarded to me). Before providing even a throwaway username to anyone I look at their Privacy Policy and I refuse to register if they do not have the proper clauses in place -- AND I don't assume that the Privacy Policy will be adhered to UNLESS I have reason to treat THAT entity as a reputable entity. The result is that, after fifteen years, I only get about two or three spam e-mails a week despite have ZERO spam filters of ANY kind -- and indications are that many of those are randomly generated blasts. In fact, this is the very first time that one of my throwaway usernames has been used improperly.

Oh, and GitHub has responded and we are in a two-way communication regarding this matter. But I'm sure that no one would be the slightest bit interested in knowing how GitHub has responded or what they are doing about it since that information apparently can't be of any value to anyone in making up their own mind on how they might choose to do business (or not) with GitHub.

 

blatantly violated

Oh, and GitHub has responded and we are in a two-way communication regarding this matter. But I'm sure that no one would be the slightest bit interested in knowing how GitHub has responded or what they are doing about it since that information apparently can't be of any value to anyone in making up their own mind on how they might choose to do business (or not) with GitHub.

I'm not. They will probably offer you 50% off a secure account for a year. Good luck.

Always use the buddy system - those guys might end up "blatantly violating" you again.

 

I'm not. They will probably offer you 50% off a secure account for a year.

And you would be wrong.

 

And you would be wrong.

What? They are only offering 3-months. Hardly worth the call.

 

What? They are only offering 3-months. Hardly worth the call.

You've said that you aren't interested. Fine. Then please stop polluting the thread with meaningless tripe.