Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I’ve been running into this too and it’s very annoying. Although I don’t think it’s particularly new either.

Just feels like an unnecessary step. Sure I have an account and can log in, but why? I just want to know which file has X function, so i can read the implementation. I don’t want to have to download the repo or sign in.




Most likely anti-scraping measure. So they can detect and shut down bots or really anyone they feel like if activity looks nonstandard. Not suggesting it’s good, but it’s consistent with the in vogue trend to lock down recipient public APIs nowadays.


As an illustration, near the end of last year, bots from a renowned Email API provider spotted in less than 1 hour the leak of a public key from my public GitHub code repo. My account got suspended on their platform. It was stunning to see the speed at which they acted and automated the process to "lose" and "recover" reputation.


That's an official "feature": https://docs.github.com/en/code-security/secret-scanning/abo...


thank you for the enlightment. now it all makes sense in my mind.


Wouldn't a scraper just grab whole repos?

If necessary, let's focus on the use case of searching a single repo.


if you log in, you've lost.

they have to serve the source without being logged in, otherwise gpl projects would just move (and we know gpl projects are the opensource trend setters).

so they will always allow you yo download the source. and thats what i do all the time. git clone, grep, rm.

or if you are logged, do it anyway checking code out with ssh which is more expensive for them.

remember kids, after Microsoft bought it, a github account is a social network account.


I think this will be the new normal.

There are a lot more AI projects hungry for data to train their models on. This puts content companies in an uncomfortable situation: trademark infringement claims, loss of intellectual property, and more.


But Github is not a content company and they don’t really own copyright to almost anything hosted there.


That's true, but there's an interesting parallel with GitHub's corporate parent, Microsoft, and Microsoft's other platform company LinkedIn[1]. LinkedIn sued scrapers for retrieving data from the site.

LinkedIn isn't a content company either, nor do they really own any content posted there (they don't right?), but a large part of their business moat comes from the network of people posting content there. Scrapers and bots undermine this, something the AI boom facilitates.

1: https://en.wikipedia.org/wiki/HiQ_Labs_v._LinkedIn


There is a cost to serving up all that content, and if hundreds of AI start ups are all trying to pull in data, that can add up fast. It’s not typical user behavior.


If it’s just static content it wouldn’t really be that expensive. In reality egress traffic is extremely cheap compared to what Azure/AWS etc. are charging.


How often are you not signed in to GitHub? You’re presenting this as a practical pain, but I can’t remember the last time I wasn’t signed in to GitHub.


I don't have a work GitHub account and I keep personal stuff out of my work computer. The number of times I've wanted to search an open source codebase without cloning it yet is significantly nonzero.

I've also wanted to do code search on my phone, where I have no need to be logged in so I'm not.


So register a throwaway for work and your phone. Seems easily solvable in a few seconds!


Seems like a good time to mention that (despite anecdotal lack of enforcement) GitHub's terms of service continue to officially forbid having more than one free account for manual use. https://docs.github.com/en/site-policy/github-terms/github-t...


Can they let their business customers know that? Companies making their employees create new accounts for their org is not uncommon. I’m not talking about Enterprise instances.


My account through work uses SSO. I didn’t make my account, it authenticates through AD. If I leave the company, I lose access to the account.

Telling employees to make their own personal account to do company work seems like a bad idea.


That rule sucks. I want to keep work and personal separated.


Work account should be pro and paid by the company then.


If I'm considering reporting a bug I came across in a free-software project while at work, that's already something I probably couldn't justify with a strict cost-benefit calculation for my employer.

In practice my employer would be happy for me to spend my time doing it anyway, because it's the right thing to do. But asking them to pay Github for the privilege is pushing it.


I don't want to login to github.com when I'm on my work computer. That's going to take me one step closer to uploading company internal stuff by accident.


It's especially bad because I don't really remember my passwords, so I always have to reset password when logging in again, and that refreshes the dev keys so my terminal git push also stops works - a complete PITA.


This is nuts, dude! Get a password manager or something.


Which could happen to every other website has nothing to do with GitHub.


I have my cookies autodeleted on a regular basis because I prefer my browsing sessions and activity to not be linked for surveillance purposes.

The use of a password manager makes re-logging-in effortless.


I have a specific firefox container group for github and a few other applications so that it's not leaking cookies. No need to relogin.


GitHub still knows all of your individual visits to GitHub, and which repos you viewed. Most of the time I don’t want to be browsing GitHub itself whilst logged in. I don’t like or trust Microsoft with my location or waking hours or browsing history.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: