Playing devil's advocate, it's probably more about blocking bots from creating accounts than it is about blocking privacy minded users. You just end up being collateral damage.
Obviously that still sucks, I'm just saying it's not that simple
this post was submitted on 28 Feb 2026
289 points (95.6% liked)
Privacy
46698 readers
1183 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 6 years ago
MODERATORS
I downvoted for the image. If you're going to make a text post, make a text post.
Fuck computers they're war machines.
"How about a nice game of chess?"
No thanks, I stopped enjoying chess a loooooong time ago and I always hated humoring people and playing it, Chris Hedges had a great show about the psychology of chess players. I'm responding more for the sake of having some kind of interaction, I got the joke.
My college has a Microsoft email account they just gave me but It says I need to download an unrelated app to log in. I don’t really want to do that
a coworker invited me to his company GitHub team or something recently, and I tried to join several times. each time, I got stuck with a 10 question test to "verify I was human". it was not quick. eventually, I had time to actually complete it without timing out.
after completing it correctly twice without success, I gave up
If you want a cloud alternative to GitHub run by a non-profit and hosted outside of the U.S.
If you want to get your data out of the cloud entirely, or at least under a VPS you control, self host your own git repo (Using the same software as Codeberg)
Done, thanks for the links. 👍
/
I’m curious when this happened. I literally created a new account for GitHub this week, only using an email address, and on Firefox. No wonky tests or anything needed.
It's probably being A/B tested and you're not in the test group yet.
Or, alternatively, OP is from an area that's been designated as having an increased risk of fake accounts and these extra measures are being deployed selectively.
I can't figure out if Free software projects don't know or don't care that GitHub is run by Microslop.
Codeberg for the win.
What about GitLab? When Microsoft bought GitHub, people got angry, and migrated their code to GitLab. When that happened, GitLab was all over the headlines for a while, but I haven't read much about it ever since.
Git is a DECENTRALIZED version control system. It doesn't even need a server. So for someone so privacy focused to be using VPN software etc this is kind of a weird rant to go on.
You can literally store or self host a git repo anywhere in any form.
Can you email a patch to a project hosted on the Github?
So what's stopping you?
How would they post an issue as described in the post?
Git is a version control system, not an issue tracker.
If you want issue tracking then you can use a system like forgejo or if you don't want to self-host and are okay with risking creating a new centralized service which will eventually betray everything they stood for, you can use Codeberg.org (which is just a forgejo instance).
Bro literallly posted a photo of a pile of shit, lmaoo
I like GitHub, it's a nice place for me, I don't encounter any issues, except for some strange things in their UI.
Tell me how you really feel 😅
They also own Visual Studio Code, control VSCode, and effectively control the VSCodium soft fork.
Did something happen with Codium or do you just mean in general due to controlling extension marketplace, access to their closed source ones etc.
Edit: missed your other comment, never mind
This is why you use Emacs, Kate, Neovim and so on. Never understood how anyone could use a software as confusing as VSCode.
It feels like people are just punching themselves in the face.
Yes, Microsoft has taken over a lot of projects which made coding easy. So either you submit to Microsoft's control or you spend the time to learn to use the alternatives.
Emacs is basically older than computers, stable and has a huge amount of support and plug-ins. Nvim is newer, but vi/vim have existed since before electrons learned to jump bandgaps and has a similarly deep level of community expertise/support.
If you're just starting off, your school is likely deep in Micrsoft's sphere of influence so you probably learned VS Code/Visual Studio. Moving to Emacs or Nvim is much harder than it would be if you had learned them in the first place, but believe me (a random stranger on the Internet wouldn't lie to you!) it is worth the time to learn.
This is why I use Zed as an alternative with the added upside that Zed runs about 500x better than VSCode
I keep Zed and, ideally Lapce, on my system and use them where possible. VsCode is my backup.
They decided they wanted to own software development and here we are ;/
Fuck ms
What do you mean about VSCodium? Obviously it's just a differently compiled version of Microsoft's text editor, but what does Microsoft have to do with it, otherwise?
it's effectively the same as chrome vs chromium. google/microsoft invests the resources to develop it, and someone simply comes and forks it without the closed source parts or telemetry.
which is fine, but means they still get to dictate how the software works. the best real world example i have is chrome and adblockers, or google-made web "standards".
Yeah. Your example: How many forks of Chome/Chromium have rejected Google’s Manifest v3 changes? Zero, because they’re all soft forks and don’t have the resources to hard fork.
“Otherwise” is doing Herculean lifting here when the code is nearly 100% Microsoft. The way they control it is by changing VSCode’s code, which is then dutifully incorporated into VSCodium, with the exception of telemetry code.
You dont need hardware verifications with vscode, nor an account, it works with a vpn, u can disable copilot.
Those aren’t the types of control I alluded to, as you can see upthread.
It's the same story for basically anything MS touches.
Agree completely, these shenanigans are a big reason I'm on a selfhosting rampage at the minute. Speaking of, does anyone have favourite self-hosted alternatives?
I've been enjoying using FreshRSS, RecipeSage, Kavita (ebook library/reader) and Flatnotes. My server OS is OpenMediaVault which i've been very happy with.
Seconding this. I recommend OMV if you're new or inexperienced with Linux and self hosting. I started my server when it was a gaming PC running Windows and OMV has felt like an easy transition for me.
But Docker is all but required in my opinion. I like working with Docker Compose files and I keep OMV on a separate drive in case I want to move to pure Debian or other distro.
Been that way for a long time. They rejected me years ago. Much like Google, MS is in the ad business, and they want your personal details to sell to advertisers. Letting you sign up with fake account is contrary to their interests.
It infuriates me to no end that so many FOSS devs are still using Github. No one fucking cares about privacy or sovereignty until it personally fucks them.
Tangential to the main point you're going for: when you say fingerprint or biometrics I think you're referring to passkeys.
Passkeys don't share any of your fingerprint or other biometric identifiers with anyone.
https://www.eff.org/deeplinks/2023/10/passkeys-and-privacy
One of the major design criteria of their creation was to be an increase in security without sacrificing privacy. It's made them more finicky to get working but there's a very good reason they're very popular with security professionals.
They are not referring to passkeys. They’re referring to deterministic algorithms for uniquely labeling a particular device or person, despite any privacy enhancing features that device or person employed. It can be as simple as sampling various hardware specs, hashing the result, and using that as an ID for the person. So, if you switch browsers, they know it’s still you. More complex techniques exist, obviously.
I know how device fingerprinting works, thank you though.
You don't need my fingerprint, hardware or personal, or biometric shit.
To me that sounds like hardware identifiers, but also quite specifically the things passkeys use. Hence I mentioned it as aside from their main point, which was "don't track me", because the biometrics GitHub or any website is going to ask you to use can't be used for that.
Yeah, I see what you’re saying. As far as I am aware, passkeys issue a one-time-token derived from a private key stored on the device. You can only access the private key via your devices own security (i.e., typically biometric). GitHub can only access the resulting one-time token, and it can verify that the token was derived from the private key using some cryptography. So, agreed. It’s not much different from a tracking perspective than just tracking password-based logins.
Though, I got the impression OP was talking about something else. Maybe I misunderstood them.
That's close enough for a privacy perspective. There's also limitations on domains that can request the auth, specifically ”only the one the credential is for", and there's a different key per domain and user typically.
It's also implemented in a way where if the user doesn't choose to disclose their account to the service, the service can't know.
Caring about privacy and caring about the details of a security protocol are distinct. You'd be surprised how many people who care about privacy are deeply wary of passkeys because of the biometric factor, which is unfortunate because the way it authenticates is a lot harder to track across domains by design.
I understood they had a lot of concerns, one of which was biometrics via passkeys since GitHub was a very early adopter due to the supply chain risk they pose.
Use codeberg. I stopped using github for my projects a while ago.
Btw, CanvasBlocker actually doesn't do much more than default Firefox nowadays but breaks more things.
No need for that massive pile of shit
I wonder how this potential diaspora of repos from Github may affect some package distributions that are merely pointing the application to be compiled like is the case in some AUR application. Will it generate quite a lot of overhead for AUR maintainers?