All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

YC Companies Scrape GitHub Activity Data and Send Spam Emails to Users

By

miki123211

3mo ago· 14 min readenNews
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

The bagel they save for the regulars. Don't skim, savour.

Score100TypenewsSentimentnegative

Summary

The article discusses how Y Combinator companies are scraping GitHub activity data and using it to send spam emails to users. It explains the technical challenge of removing or changing email addresses from Git commits due to the cryptographic hash-based nature of Git version control. Changing any part of a commit (including email addresses) alters its hash, which cascades through all subsequent commits, making repositories incompatible with the original versions. The article highlights privacy concerns about companies mining public GitHub data for marketing purposes.

Key quotes

· 4 pulled
Git commits are identified by a hash of their entire contents
If the email address in even one commit is changed or removed, that changes its hash, which in turn requires you to update its children, changing their hashes etc.
By default, git will refuse to pull from such an updated repository, as commits are considered immutable once pushed.
YC companies scrape GitHub activity, send spam emails to users
Snippet from the RSS feed
Git commits are identified by a hash of their entire contents[1]. The way hashes work, if you change even one bit, the hash becomes completely different. Every commit contains the email address of the committer and the hash of the parent commit. If the em

You might also wanna read

Auto-Identity-Remove: An open-source tool to automate data broker opt-outs across 500+ sites

This article presents an open-source GitHub tool called "auto-identity-remove" that automates the process of opting out of data broker and p

github.com·13d ago

Why I banned all query strings from my website

Chris Morgan expresses frustration with third parties adding tracking query strings (like UTM parameters and referral tags) to URLs that poi

chrismorgan.info·22d ago

Understanding Beaver Triples: A Primer on Secure Multiparty Computation

The article introduces the concept of Beaver Triples in the context of secure multiparty computation (MPC). It uses an analogy about a frien

stoffelmpc.com·22d ago

DO_NOT_TRACK: A Proposed Standard Environment Variable for CLI Telemetry Opt-Out

This article proposes a standardized environment variable called DO_NOT_TRACK for opting out of telemetry, analytics, and tracking in CLI an

donottrack.sh·29d ago

Keel: A local-first, open-source desktop app that saves AI conversations as markdown files on your device

Keel is a local-first, open-source desktop app (macOS/Windows) that captures AI conversation data into plain markdown files stored on the us

Product Hunt·1mo ago

Investigation Reveals Vercel Plugin in Claude Code Collects User Prompts Without Proper Consent

The article investigates concerning privacy practices of the Vercel plugin in Claude Code, revealing that it requests access to read all use

akshaychugh.xyz·1mo ago