
GitHub is forcing me to change my username, and will not tell me why - jperras
http://nerderati.com/2018/03/09/github-is-forcing-me-to-change-my-username/
======
thekaleb
The username is malware. Github does not namespace user profiles, so the link
to the account would be
[https://github.com/malware](https://github.com/malware) . There is no Github
user with the name "about". If you go to
[https://github.com/about](https://github.com/about) it is not a profile page,
but a page describing github itself. I assume that github may want to make a
page describing malware.

~~~
sschueller
Seems like a stupid move from github not to prefix usernames from the
beginning or at least start doing it later like linkedin did.

It is very possible that one day there will be another URL they need which
belongs to a large account that can not be renamed just like that.

~~~
bentruyman
Seems like a stupid move? This is a pretty common pattern and we rarely ever
hear of stories like this.

------
ronilan
Joel, I can’t speak for github, so I’ll speak for myself.

I think the account name has a potential to cause public confusion. This may
result in negative consequences to github, the github community and the public
itself.

This is immaterial to you. Let it go.

(For anyone who likes analogies, it’s like having a “dummy corpse” on the
front lawn, left over from halloween).

~~~
jperras
I can understand that.

what I can't understand is why
[https://github.com/hacker](https://github.com/hacker) is okay. Or why
[https://github.com/blackhat](https://github.com/blackhat) is also an account.
Or [https://github.com/virus](https://github.com/virus).

Unless each one of those accounts is _also_ being changed/removed, and I'm
simply the first one to point this out.

~~~
ronilan
That is an excellent question, for this case and a lot of other similar ones
(banned, removed etc.)

I’ll rephrase the question: in a set of things that _I_ consider to be similar
why is one handled differently that the others?

And the answer arises from the question: the sets are based on a different
criteria.

I don’t know what criteria github uses, but, I know that external input
usually groups sets differently.

Put simpler - maybe someone complied?

(Analogy, “dummy corpse””, skeleton” and “sheet ghost” may seem similar on
haloween night, but may get different reaction from the public)

~~~
jperras
> And the answer arises from the question: the sets are based on a different
> criteria.

Hopefully I'll soon find out what the criteria are, if this is the case!

------
techsupporter
Even before I got halfway through the article, I knew I'd see the ever-present
"due to privacy and security concerns" garbage.

If a company is contacting a customer, don't play that line. Be honest. If the
reason why you can't be honest is due to embarrassment, don't phrase it as a
request. Mealy-mouthed language about empty, unverifiable platitudes is not
only pointless, it's insulting in a technical context.

------
Techonomicon
Github is totally within their right to hold this close to their vest for
whatever reason, I don't see the big deal with it.

Where does the line get drawn the OP asks? I'm unsure, but I believe in Github
to make a smart call there. Not every situation is a slippery slope to facism
/ dictatorships, and I'm unsure why many things nowadays are described with
this sort of notion attached to them.

Definitely feel like I wasted time reading this whole thing, and now wasted
time posting, and now I'm sad.

~~~
nostalgeek
> Github is totally within their right to hold this close to their vest for
> whatever reason, I don't see the big deal with it.

True, but github could have avoided this kind of issue all together by putting
all accounts under a different namespace or domain. In fact that's what they
should do now to be "future proof". I don't understand why would any business
think that domain.com/username is the right thing to do.

~~~
Techonomicon
Yea, since you know how to make the perfect products, perhaps you should just
take githubs money.

Edit: To clarify, looking back it's simple to just make such assumptions. But
many popular sites have existed off of this model which github holds such as
facebook, twitter, myspace back in the day IIRC. I'm not saying Github made
the perfect decision at the time, but they didn't make a foolish one
necesarily given the landscape of how user based sites have existed.

~~~
nostalgeek
It's not about making a perfect product. This is basic url design.

------
iNerdier
Isn't the logical solution to this prefixing user urls with something like /u/
or /user/? Off the top of my head I can think of reddit doing this but I
suppose for github the downside of this is it would break a huge number of
existing links. One of those slightly un-winnable situations unless you think
of it from the start I suppose.

~~~
aylmao
I think unprefixed user urls was the right decision; I love GitHub URLs and
how easy to manually type they are. I can imagine user urls are typed more
often than info page urls.

Also, they could always just prefix their pages instead. (ie,
github.com/about/xxx, github.com/info/xxx).

------
jwildeboer
So they are working on an (updated?) internal blacklist of usernames IMHO.
Seems annoying but not nefarious. I would shrug, take the offer, find a new
username and move on.

------
pobo
One year free subscription is not that bad, you know~ But thanks for writing
this interesting incident.

------
lsiebert
Some other possibilities as to why off the top of my head:

Github has been served with a confidential court order, warrant etc that
requires this.

Github has a confidential contract with a large company or government entity
and they are requiring this as part of that contract.

A piece of existing malware in the wild points to this address for a possible
command and control server or verification that it's in a VM or whatever, and
they want to deal with it, like that guy that registered those nonsense urls.

~~~
jperras
All good hypotheses.

> Github has been served with a confidential court order, warrant etc that
> requires this.

I thought of this, but figured since the account was essentially bare of
public activity it was low probability.

> Github has a confidential contract with a large company or government entity
> and they are requiring this as part of that contract.

An interesting idea!

> A piece of existing malware in the wild points to this address for a
> possible command and control server or verification that it's in a VM or
> whatever, and they want to deal with it, like that guy that registered those
> nonsense urls.

Very possible, although putting 'malware' in your CnC endpoint name might not
be the brightest of ideas :)

------
andyczerwonka
I think if you use the username malware, I think you should expect this kind
of stuff. It's not atypical for a company like that to have references to
malware that might interfere with your username.

------
paxys
Why is everyone looking for reasons be outraged all the time? Github don't owe
you an explanation for asking to change your username for whatever reason
(even though it is obvious in this case) on a free service that you have been
using.

~~~
jperras
Who said I'm outraged? If you read the post I made, and the emails I sent, I
do believe I come across as measured. At most, slightly frustrated.

This doesn't outrage me in the slightest.

> Github don't owe you an explanation for asking to change your username for
> whatever reason (even though it is obvious in this case) on a free service
> that you have been using.

Of course they don't owe me an explanation. But does that stop me from trying
to figure it out with a public blog post?

And what if I had been a paying user for the `malware` account? Would that
suddenly make this forced name change not okay? I've paid Github probably
north of $1,000 over the lifetime of my personal account. Would that make a
difference?

------
arno1
Probably someone very rich wants to buy that account. Otherwise they would
have told you it is for their very nice future product.

------
duckqlz
have you thought of using "ma1ware"?

~~~
jperras
Not really. I don't particularly care about the name "malware" at all, to be
honest, so I'll probably go with something in a different direction.

------
butz
Try some from this list:
[https://www.xkcd.com/1963/](https://www.xkcd.com/1963/)

------
skynetv2
it seems like too much fuss over a small request for a product that the author
is not paying for. Github seems to have made a polite request and offering one
year free service on his professional account. is there a reason to even post
about it? moreover, the username is not just a regular username, it has
special connotations on how others perceive it.

------
urda
This reads like a "play stupid games, win stupid prizes" kind of situation.
Why would you ever want to name yourself malware, let alone to use it "with
the intent of working on some new open source stuff"? From both a professional
and personal point of view that's an asinine decision.

I'm going to have to side with GitHub on this one.

EDIT: Not really sure why downvotes (-2 at time of this edit update) are
heading my way here, mind chiming in and contributing to the conversation
then?

~~~
jperras
> Why would you ever want to name yourself malware, let alone to use it "with
> the intent of working on some new open source stuff"?

Why not? What about the (currently in use) github user names such as `hacker`
or `virus`?

The whole point of the account was to publish things that I didn't deem worthy
of my other accounts. Having a terrible name was kind of the point.

~~~
urda
> Why not? What about the (currently in use) github user names such as
> `hacker` or `virus`?

Not sure, but I wouldn't be shocked if they are at risk themselves, those
aren't exactly great either. I'm also not GitHub, nor do I care if they end up
getting in trouble for those names either.

> The whole point of the account was to publish things that I didn't deem
> worthy of my other accounts.

Then you shouldn't really be concerned what is or isn't your GitHub username
then.

> Having a terrible name was kind of the point.

And thus "play stupid games, win stupid prizes" ended up being the result.
QED.

------
barcadad
Seriously? This guy spent far too many words wasted speculating about
something that is transparently obvious.
[https://github.com/malware](https://github.com/malware) speaks for itself.
The Github rep should have said - "Dude, name yourself malware and you're
surprised stuff like this happens? Try changing your name to NULL and see how
that works out for you."

~~~
asdsa5325
[https://github.com/null](https://github.com/null) is a user.

I'm not sure I understand your comment. I could not find github's username
blacklist, so I don't think it's "transparently obvious", but if there is a
blacklist feel free to share it.

