If your outrage threshold is this low then you’re going to spent all your life in a state of outrage.
It’s nit even interesting let alone important.
Information in github, far from being surrounded by an invisible force field of integrity protection, is actually prime hunting territory for recruiters and any recruiter who doesn’t mine it probably needs to explain to their boss why they’re doing such a bad job.
The recruiter in question, far from being apologetic should have said “yes of course I got your email from GitHub so what?”
The guy recommends avoiding this recruiter. I recommend you use this recruiter as they clearly display basic competence at the task of recruiting.
This is a big deal because the recruiter is in clear violation of the GitHub ToS[0]. Quoting from section H: "You may not use the API to download data or Content from GitHub for spamming purposes, including for the purposes of selling GitHub users' personal information, such as to recruiters, headhunters, and job boards."
Of course recruiters are incapable of sound ethical judgement. Part of living with people who have poor ethics is enacting rules which force them to conform or be excluded.
If your ability to care about rules is this low, then you're going to spend all of your life in a state of imminent lawlessness.
Your typos are honestly more interesting than anything else; your message isn't important, just wrong and at the top of the page.
I hope that you are ready to explain CCPA to your boss. I won't accuse you of doing a bad job, though.
The recruiter in question, like all recruiters, is to be avoided when possible. Avoid rent-seeking and grifting.
It's not obvious to me why the recruiter in question is in violation of this rule. The rules bans someone from extracting information with GitHub API and selling such information to recruiters. It does not seem to ban recruiters from acquiring this information themselves.
> because B2B where there's an existing business relationship are normally excluded from spam laws.
That's not just B2B, but that's part of the definition of “unsolicited”, it doesn't make the commercial part is a red-herring, either in general or in the context of this thread, which did not involve either a pre-existing business relationship or, since you unnecessarily called it out as relevant, a B2B interaction.
> The UBE (unsolicited, bulk, email) definition is the one used by most blocklists and filters
That's because “bulk”, unlike “commercial”, is easily detectable. (And also because because bulk has the most impact, because, bulk.)
> and ISP AUPs.
Virtually all ISP AUPs include prohibition on unlawful use which includes violations of laws concerning unsolicited commercial email.
The "bulk" definition is more widespread and is the definition that's enforced more often. So, mentioning "commercial" is weird because most service providers don't care whether it's commercial or not, they care whether it's bulk or not.
You could take the API info you're looking for and then cross reference it with a simple GitHub user search, filtering for users that have "available for hire" selected in their profile.
I used this method years ago, albeit manually. I didn't have much luck though as it's akin to cold calling.
I found it much easier to pay a job and let the interested candidates come to you.
Don't know what type of email he had received. Personally I think it's pretty OK for HR to contract me, but not by sending automatic/template emails.
Notice he said "(they) used the GitHub API to pull my email address", and GitHub API can be used to massively fetch these kind of information for automatic spamming.
Imagine one day you wake up in the morning by few dozens of automatic recruit emails inviting you for a job which don't fit your profile even a bit, will you be happy? This happened to me few times and I'm not very happy about it.
I agreed GitHub shouldn't take the blame because you can hide your email in the account setting, but I don't think he shouldn't be pissed off by the company who was spamming him.
I fail to see the dramatic issue here. FWIW, I once got a very good (unsolicited) job offer after putting code on the web, more than a decade before github even existed.
Over decades, despite terms of service and laws, it looks like people have been tamed to think that if they put their email address or phone number on the web, they're asking to be spammed or called or sent communication they don't want. It shows how poor a job laws and education have done. Backlash like this article is warranted and required to change this defeatist attitude.
> it looks like people have been tamed to think that if they put their email address or phone number on the web, they're asking to be spammed or called or sent communication they don't want. It shows how poor a job laws and education have done
They're not asking to be spammed, but risking it. Laws will punish offenders, but not free you from your personal responsibility to protect what's worth something to you.
> Backlash like this article is warranted and required to change this defeatist attitude.
I'm sure it will lead to harsher punishment for spammers who exploit one's stupidly putting their personal information on the web and then complaining about bad people seeing and using it, while we're not even punishing corporations whose data leaks due to incompetence are putting even those at risk who do not exhibit such gross negligence with their personal info.
When you run 'git config --global user.email my@email.net'... where do you think that email goes if not in your git commits? Why do you say "my email is not on the web" if you upload your commits to a public web host?
Emails in git commit logs are not a secret, which I wish more people understood and acknowledged. In general I don't think that expecting your email address to be private is reasonable. If you collaborate with others online, they should be able to get in touch. Stuff like this is an unfortunate consequence, but a manageable problem imo.
Email addresses in general are not supposed to be a secret. They’re supposed to be for people to send you electronic mail. Remember when there used to be books that contained everyone’s phone number?
If you’re a high profile person or are particularly guarding of your personal communication, I think it’s your responsibility to maintain separate public and private email addresses. You should only be making commits to open source projects with an email address that you intend to be public. It’s literally there so that people can email you about the commit.
Annoying, yes. But not worthy of the front page here.
Meanwhile in West Virginia, wages are deflating, working-age unemployment is the 3rd highest in the nation and the opioid crisis rages on.
But yes, it is terrible to work in one of the fastest growing, highest paying sectors of the economy—growing so fast that recruiters will go to such extreme lengths to fight for a chance at giving you even more money.
Sometimes I think we could use a little perspective.
One of the things I hate about Git is that it requires an email address. It doesn't let you just leave a blank value, it needs something that resembles an email address.
I get that email is how the kernel-devs do it. But IMO it's inappropriate for the version-control software to link a particular communication mechanism. Sure you can use a fake email address, and many of us do. Finally github has a feature to use their own no-reply email addresses, but it's a kludge.
Thanks, I didn't know about the `invalid` non-TLD. I've been using example.com.
Still, it seems inappropriately opinionated for git to tie in and require an identifier on a specific communication mode, even if we can come up with fake emails. And I dislike the extra bits of reduced anonymity (eg "correlate pseudonyms by which fake email they all use")
If you put your email address out there, people will use it. Maybe github needs to do a better job of conveying what you’re making public when you push a commit, although as a service for programmers it may be reasonable to expect people to understand this already.
GitHub provides an option to use a special noreply address when creating your commits: https://help.github.com/en/articles/setting-your-commit-emai.... From the command line, well, I think it's not that difficult to see that your email address is going to be attached to it because it's right in the output of git log.
There are at least a couple of ways to reduce the annoyance of "people will abuse knowing your email address".
I think most of the "you didn't know email is easily readable in your commits" are responding to "try and hide your email address". This is kinda tough, since you need to know how each program you use works well enough to know what's public or not. (Or you need a way to have disposable email addresses).
I think another is "adjust expectations and response". I think if your starting assumption is that an email address is public, or that your email address will receive garbage, then it's easier to mark it as spam, complain on social media, and get over it.
I got the impression from the tweet it wasn't about github, it was about the recruiter.
The lengths the recruiter is willing to go through to get an email address doesn't start and stop with github.
I thought Mr Bernhardt was technical enough to know that pushing commits onto a public web server made those commits and their metadata public information. I get that you don't care for spam, but they used information you published.
I understand copyright - you created source code, placed it online, didn't apply an open source license to it, so those accessing it have no right to "make use" of the code.
What's the mechanism by which an email address found on a public website shouldn't be used to send email? Who decided on this social policy? I've been on the internet with email since about 1995 and this is the first time I've heard it suggested that public information shouldn't be "used" without permission. (And before you go off on a doxing tirade, let me address this: "using" someone's published physical address would be mailing them something - visiting them in person unannounced and/or republishing their address is definitely against social contract and might even be illegal.)
So what's the supposed social contract here? You found an email address but you're not allowed to email to it without permission? How do you get permission?
Bernhardt is a subject of US law. Do you have a comparable US legal citation?
Further, how would these articles of GDPR apply in this case? GitHub makes no representations about keeping your public data private. Please also suggest interpretation of specific parts of these articles that cover the recruiter collecting and making use of public information.
Eqrecruiters.com has been spamming emails I've used for git commits as well, trying to offer positions at Quizlet and Zume. I really don't appreciate that kind of spam.
Mark them as spam - at least on google it seems to learn pretty quickly and in a few days whoever is spamming is in my spam folder and then not even there (some spam seems to get blasted even from spam folder? Maybe they stop...)
This is also what I normally do. GMail is pretty good at learning how to auto-detect new sources of spam.
However, I haven't had to do this for years now though, for the absolute worst of the worst obnoxious spammers who won't take no for an answer I set a filter to auto-forward their crap to the entire company of the spammer. The spam stops immediately, every time I've done this.
Back when I first created a GitHub profile, I started getting emails to an email that I don't usually give out. This eventually led me to GitHub after some mentioned seeing my profile which led to me improving my Git knowledge and finding out how they did it.
To all people out there that say “you are making your email public by pushing it to github”, please remember that just because something is on the internet doesn’t give you absolutely any right to use it. That’s the big deal here.
Last I checked CA law (an ethics class), a computer permission setting explicitly does not grant actual permission to use a computer. Given that the TOS explicitly prohibits the use of the API for selling info to recruiters, it may be construable that this was hacking. Not sure that Microsoft, the owner of both GitHub and LinkedIn, would cooperate with a claim that a recruiter hacked their dev network.
It's the Internet... back when dialup was a thing... most users understood when you share something on the Internet... It's shared on THE INTERNET... if you don't want people knowing something about you then don't publish it on the INTERNET!!! Seems like some have forgotten this Golden Rule... #privilegeMuch #OpSecFail #thoughtprogrammersweresmart
Of course recruiters search public information.
Learn to live with it.
If your outrage threshold is this low then you’re going to spent all your life in a state of outrage.
It’s nit even interesting let alone important.
Information in github, far from being surrounded by an invisible force field of integrity protection, is actually prime hunting territory for recruiters and any recruiter who doesn’t mine it probably needs to explain to their boss why they’re doing such a bad job.
The recruiter in question, far from being apologetic should have said “yes of course I got your email from GitHub so what?”
The guy recommends avoiding this recruiter. I recommend you use this recruiter as they clearly display basic competence at the task of recruiting.