| Maybe this is off-topic but I'm wondering what people think about tech recruiting websites that scrape profiles on sites like Github to sell you to other recruiters (or for other purposes, like GitPay). With badly coded websites like GeekedIn the attack vector is all of their data being public like so: https://www.troyhunt.com/8-million-github-profiles-were-leak... But with the websites that aren't as badly coded, the annoyance is recruiters messaging you on your Github account pitching you random jobs. Do you get those? This is something we deal with at Stack Overflow (where I work) a lot. People love trying to scrape our content and creating Chrome plug-ins that when someone loads up a Github or SO profile shows all the random bits of info they've been able to scrape about that person. It leads into a lot of issues for us e.g.: Recruiter claims to have gotten my email address from Stack Overflow
http://meta.stackoverflow.com/q/318621/472021 to the point where we've (semi) recently changed our ToS to directly be able to fight cases like this: A Terms of Service update restricting companies that scrape your profile information without your permission
http://meta.stackexchange.com/questions/277369/a-terms-of-se... Do you think Github should try to do something similar? I just want to have a place to put my code and be able to easily talk to others working on code, not something that results in recruiters messaging me and random websites taking my data hostage. Edit: In case you want to see what the "attack vector" looks like, find any of your recent Github commits, e.g. for me: https://github.com/jc4p/quick-hue-toggle/commit/28f4cf724968... and add a `.patch` at the end to get the patch file: https://github.com/jc4p/quick-hue-toggle/commit/28f4cf724968... and bam, my e-mail (per my git user config) is right there. Should we all be using fake e-mails when we commit to git? |
This is sometimes annoying, in the case of recruiters. However sometimes it can be useful if the product has potential.
Gitpay possibly originated from a good idea.
Regardless however, they should launched with an opt-out feature. Many such website that scrape content and create accounts _for_ people have an automatic opt-out feature.
You do open a really good question though if this should be allowed in the first place.
Say if I deleted my github account.. by deleting my account, it doesn't get deleted off of this website.