← Back to context

Comment by retlehs

3 days ago

By visiting the account and noticing that it still has activity long after the report.

17 comments

retlehs

Reply
eli  3 days ago

I'm confused. How do you know what account scraped your email address from github in order to send you an email?

Or do you mean going after the accounts of companies that make use of a likely scraped email address? That's not a bad idea either, but it has risks and isn't the same thing.

  • tedivm  3 days ago

    Half the time they literally say it in the email. I just looked in my spam folder and just a few hours ago got an email titled "Your profile: Github", that started with:

    > I came across your profile on GitHub. Given you're based in the US, I thought it might be relevant to reach out. > > Profile: https://github.com/tedivm

    They aren't doing anything to hide it.

    • grepfru_it  3 days ago

      But hold on.

      They could have git cloned your repo, used or otherwise analyzed your code which follows TOS then used the local git repo to pull your email address.

      How is GitHub responsible here?

      1 reply →

    • eli  2 days ago

      That identifies the company that sent the email not the github account that scraped it

hedora  3 days ago

How do you propose GH take action without risking taking down legitimate projects due to brigades of false reports?

  • adrianmsmith  3 days ago

    GH literally say in a parent comment:

    > we can (and do) take action against those accounts including banning the accounts

  • shimman  3 days ago

    That they use some of their trillion dollar marketshare to solve it, why are you acting like this is a hard problem? It's not. They're just too cheap and greedy to do anything about it.