
How to track and display profile views on GitHub - rushter
https://rushter.com/blog/github-profile-markdown/
======
lalos
Friendly reminder that you can disable automatic downloading of remote images
on emails on your phone and other email clients. People use it to track if
you've read or not the email, engagement etc.

~~~
adamhearn
I find it saves tons of time and data as well. The emails are very condensed
without (remote) images.

------
oefrha
Unrelated badge ideas:

1\. Write a watcher that periodically reports whether you’re actively using a
coding-related app (Terminal, VS Code, etc.) to a server you control, and
serve a “coding”/“not coding” badge on your profile page; (could even detect
which project you’re working on, and display that;)

2\. Write an Apple Watch app that periodically reports whether you’re asleep,
and serve a “sleeping”/“awake”/“unknown” badge on your profile page.

~~~
divbyzer0
Would this Apple Watch app be able to detect increased heart rate and brisk
hand movements?

Asking for a friend.

~~~
oefrha
Not sure that sort of low level access is possible while the app is
backgrounded. However, automatic sleep trackers have been available without
official API since what, watchOS 2? So maybe.

You can also try to convince Apple to add that workout type.
[https://support.apple.com/en-us/HT207934](https://support.apple.com/en-
us/HT207934)

Look forward to WWDC 2021, introducing the favorite workout type of billions
of people.

------
tominsam
Image hit counters! Who's going to build the github developer web ring? We
need all the old things back.

~~~
JoblessWonder
[inserts gif of visitor counter spinning out of control]

[also adds in some "under construction" gifs]

I really wish I had some way to access my original AOL website. So many
memories... and web ring links...

~~~
airstrike
Could always browse [http://oocities.org](http://oocities.org) for some
similar memories!

------
pcr910303
Oops, looks like the author got too many load from the server and removed the
badge from his Readme.md?

This is the commit which removed it:
[https://github.com/rushter/rushter/commit/00d0d552e262218dae...](https://github.com/rushter/rushter/commit/00d0d552e262218dae534a699195d657cf002e1a)

I guess one shouldn't do this if your profile becomes popular enough...

~~~
rushter
I've removed it because it does not display relevant information anymore
(someone fetches ten times a second via wget).

I also don't have plans to use it in the future. I wanted to demonstrate the
concept.

------
geerlingguy
First I heard about a readme for your profile page. So the facebook-ification
of GitHub progresses?

At what point is LinkedIn going to be merged into GitHub? (Only partially /s)

~~~
jomar
It's just gone live in the last day or so. The designer talked about it here a
few weeks ago:
[https://twitter.com/pifafu/status/1265773172520914944](https://twitter.com/pifafu/status/1265773172520914944)

Personally I don't see much reason for this to be implemented via a git
repository (rather than a text field in a database, like the existing Bio
text), other than "we're GitHub, everything's a git repository, so why not".

At the moment, it's a single-file repository. Perhaps they have some ideas for
other things that could be served from there too.

Weirdly at the moment it's required to be a _public_ repository. This seems
counterproductive: if it's _my personal information blurb_ I don't much want
other people looking at its history and I certainly don't want them forking
it. (Are there any non-malicious reasons for doing that?)

~~~
chrisshroba
To be honest, I'm not too concerned. Making it a git repo makes the history
more readily available, but a bad actor could still get it from internet
archive or other archive sites. And if the concern about forking is that
someone could impersonate you, they could do so with a few extra steps by just
looking at the rendered HTML of the README. I know there's something to be
said for making malicious behavior more difficult to achieve, but in this case
the amount of extra work someone would have to do is minuscule if this weren't
implemented as public repos.

------
steventhedev
Which exact headers are being leaked by GitHub? Depending on what they leak,
this could be something only useful for counting hits (if all they leak is the
implicit time of the request), or for fully tracking users (if they leak
Etags, original IPs, etc).

It's too bad the author removed the badge from their Github profile. It would
be interesting to see the effect of this post on profile views.

~~~
zemnmez
Github proxies all image requests, like GMail as a security measure. The cache
busting technique the author refers to only ensures the security proxy doesn’t
cache the image data, which would prevent the counter going up

------
wonderlg
This isn’t meant to last. GitHub has been proxying markdown images for years
to avoid exactly this. Probably they haven’t gotten around to fixing that here
yet… but this surprises me.

~~~
paulgb
The trick here is preventing the proxy from caching the image. The request is
then still proxied but has a 1:1 correspondence to requests for the image. But
now that it's public knowledge that this works, I agree that GitHub will close
the hole.

------
justicz
Another reason proxying requests to external images is important is that some
browsers will display an HTTP Basic Auth dialog if the image request responds
with the right kind of 401. It’s confusing and sort of disconcerting to see a
basic auth dialog pop up from a random site if you’re just browsing Github.

------
ddevault
Can we please not normalize this? Vanity tracking at its worst. You don't need
to know.

~~~
andrew_
Bad practice to assume your ethos is the only one at play.

I'd hardly call taking a look at _where_ people are coming from to view your
Github profile a "vanity" thing. A view of referrers could be extremely useful
in tuning one's developer presence and visibility. That could come in handy
when job-seeking, or trying to spread the word about your services and/or
company. Both of which Github is widely used for.

~~~
memexy
Have you ever gotten a job because of your GitHub profile?

~~~
andrew_
Yes. I was sought and employed specifically because of the work visible on my
Github profile from 2017 - 2019. My body of work on Github directly
contributed to my candidacy for the job I currently hold.

~~~
memexy
So how would having view statistics helped? Would you have curated your GitHub
account differently if you knew who was visiting your profile?

~~~
andrew_
Definitely possible. Could effect repos that are pinned, content of profile
blurb on the left, etc. If I had access to where folks were coming from, I
could gauge how visible or discoverable my profile was from other sources, my
blog, etc.

------
gildas
You could also simply click on the "Insights" tab of the repository you
created to host the README.md page.

~~~
cmeacham98
From TFA:

> According to my tests, profile views do not count as repo views, and I hope,
> in the future, we will be able to see traffic stats in the repository that
> hosts the README file.

~~~
gildas
My bad, I missed that part. Hopefully Github will implement this feature.

------
monokh
> Of course, there will be some extra requests from bots, but having such
> statistics is better than nothing.

I think this is a bit understated. A simple number coming off the image
requests is going to be very unreliable. On average, you will not be able to
discern bots and real users.

A plotting of the hits over time may be more usable.

------
philshem
Interesting, when I create a repo with my profile name, it shows this text:

> You found a secret! philshem/philshem is a special repository that you can
> use to add a README.md to your GitHub profile. Make sure it’s public and
> initialize it with a README to get started.

Edit: HN stripped some emojis

------
andrew_
Everything old is new again. I used this same technique on MySpace 15 years
ago. I wonder if Github will try to filter that out the same way MySpace did
back in the day.

~~~
rushter
I did some research before writing an article. GitHub started proxying images
in 2014, and there are a lot of repositories that use this technique to keep
their stats. I think GitHub is OK with that.

~~~
jrrrr
Re: proxy security concerns:

>Unlike GitHub, most of them don't even bother proxying the image to hide IP,
referrer, and browser agent. If you want to allow external images on your
site, you must proxy them and hide everything about a person who requested it.
> A person with bad intentions can trick a victim into opening your profile
that looks completely legit and detect his IP and a browser.

Can you explain this in more detail? Given a profile host that doesn't proxy,
how does that attack work?

~~~
nso
Attack?

1\. your browser opens image from external server (in this step the server
gets your IP and potentially user agent as that's how browsers communicate
with servers)

2\. there is no step 2

~~~
cutemonster
What? My step 2: Go to ip addr and ask your favorite celebrity (whose ip you
got) for an autograph and selfie together

------
JoblessWonder
I did this for Facebook back in the day back when you used to be able to post
your own images! Back in the early, early days. I got a few blogs to write it
up because it tracked the referring URL so you could send out special links to
people and then track how often they viewed your profile.

I miss being young and having a seemingly infinite amount of time on my
hands...

------
jna_sh
This is interesting because this didn't used to be possible from a
repository's readme, I believe, because linked images would be cached and
served from GitHub's CDN. I wonder what's changed (if it indeed has)

~~~
rushter
You can check it here
[https://github.com/dwyl/hits](https://github.com/dwyl/hits)

Also
[https://twitter.com/holman/status/427937383376379904](https://twitter.com/holman/status/427937383376379904)

~~~
ianwalter
Oh wow I wish I knew this sooner. They should bring back Bitdeli.

------
the_arun
Thanks for sharing. Though it is exciting to see so many ideas here, wouldn't
it be great if GitHub solves tracking use case in the platform rather than we
all hacking different solutions?

------
xs
> The rest of the story is simple — you need to store a counter in the
> database and return an SVG image with the number of views as a response. Of
> course, there will be some extra requests from bots, but having such
> statistics is better than nothing.

"The rest of the story is simple" uh, no that's not simple at all! You want me
to register a domain, get a hosting provider, create a database, and create
logic to listen for requests with anti-bot detection? Please don't say this is
simple.

------
ebg13
> _As part of recent design changes, GitHub has introduced READMEs for
> profiles_

This is a weird new myth that might just highlight the difficulty of
discoverability. GitHub has had user profile READMEs for years. The difference
is just where the README shows and what the name of the repo is supposed to
be.

You could already create a "<username>.github.io" repo that governs what shows
up when visiting [https://<username>.github.io](https://<username>.github.io)

