Hacker News new | past | comments | ask | show | jobs | submit login

from github's pov you starred the repos. You signed up for a service the stars repos. it could have been starallthereposforme.com and you signing up a granting them permission to star repos is exactly what you wanted. So girhub is correctly assuming you wanted those repos starred.

If you didn't want them starred you shouldn't have given the site permission to star




GitHub should be able to tell that this was an abusive service doing it though.

Legally they might be in the right, but punishing victims of social engineering further doesn't seem like a fair or smart business decision.


But an 'abusive service' might still involve misconduct by the user in question.

Suppose there is a service which allows you to watch free porn videos as long as you hand over permissions to star a bunch of repos using your account. Clearly, the service is abusive and should be banned. But isn't it also quite fair for Github to penalize the users? They knew they were handing over something of value when they authorized the access. Either they chose to exchange their genuine 'Github clout' for something they wanted, or their accounts are spammy in the first place (for example, if they created an account solely to access that service).


yep, it is easy for them to know if the star was the user itselft OR a third party app through the API...


What you give the site access to is something like ‘Full-repository access’, the permissions aren’t granular enough to specify starring.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: