site-policy
site-policy copied to clipboard
github
Privacy Statement Updates September 2022
GitHub is introducing non-essential cookies on web pages that market our products to businesses. These cookies will provide analytics to improve the site experience and personalize content and ads for enterprise users. This change is only on subdomains, like resources.github.com, where GitHub markets products and services to enterprise customers. Github.com will continue to operate as-is.
This change updates the Privacy Statement based on this new activity.
These updates will go into effect after the 30-day notice and comment period, on September 1, 2022.
so what github alternative is everyone using these days? asking for a friend.
"We are also committing that going forward, we will only use cookies that are required for us to serve GitHub.com."
Apparently in corporate terms, a "commitment" is now less than two calendar years of obligation. Good to know. Though, I guess I don't visit the marketing pages and hence, don't really care that much? Corporations being untrustworthy isn't new territory.
Literally just "business advice": Your marketing teams should be weighing the value of the data here against the cost of "yet another breach of user trust and commitment", user trust, of course, being something extremely hard to earn back.
Marketing people don't care about user trust or commitments. They'll just burn things to the ground and move on to the next corp job, each time making the world a slightly worse place.
This clearly shows that GitHub cares more about revenue than the user base behind it.
Microsoft fucking sucks, GitHub wasn't evil until Microsoft really started to abuse GitHub.
so what github alternative is everyone using these days? asking for a friend.
@TheMaverickProgrammer GitLab probbably.
I understand that cookies are helpful for analytics and gathering sales funnel data. It's always sad when companies don't keep prior promises, though 😟
If you must break the promise, here's my suggestion, for what it's worth: move enterprise marketing pages (maybe even all marketing pages besides the front page?) off of github.com onto a separate domain. Maybe github.info?
Then point marketing links from the front page to that domain.
This will allow folks to deal with that domain separately from github.com.
As a happy GitHub user I just hope all this recreational outrage doesn't result in GitHub allocating more time or resources than would otherwise be required to complete this change. Full speed ahead!
As a happy GitHub user I just hope all this recreational outrage doesn't result in GitHub allocating more time or resources than would otherwise be required to complete this change. Full speed ahead!
I'd want GitHub to remove Microsoft, then continue full speed ahead
This change is only on subdomains where GitHub markets products and services to enterprise customers, and all other GitHub subdomains will continue to operate as-is.
Why are people getting so riled up when this change only impacts the Enterprise marketing subdomains? Makes no sense to me how this of all things is getting negative attention. Majority of people don't use GitHub Enterprise, as its only for businesses, And they're just cookies. Use uBlock Origin as it says if you really can't stand a few cookies on subdomains you'll probably never end up going to.
Also, people love pointing the finger at Microsoft, as if this change was demanded by them. It more than likely wasn't. There are always going to be changes that people don't like, but not all changes are influenced by the parent company. If Microsoft was puttng their hands all over GitHub, they probably would've moved GitHub to the Microsoft Policy Statement a long time ago.
"We are also committing that going forward, we will only use cookies that are required for us to serve GitHub.com."
Apparently in corporate terms, a "commitment" is now less than two calendar years of obligation. Good to know. Though, I guess I don't visit the marketing pages and hence, don't really care that much? Corporations being untrustworthy isn't new territory.
Literally just "business advice": Your marketing teams should be weighing the value of the data here against the cost of "yet another breach of user trust and commitment", user trust, of course, being something extremely hard to earn back.
How exactly does this in any way impact user trust? It doesn't impact the main site, like the dashboard, the landing page, or any other part of GitHub like profiles, repositories, or organizations. It literally only impacts the enterprise marketing pages, and its for sales data tracking & analytics. GitHub Enterprise is a very business-oriented product, so the only visitors to those pages will be by business leaders potentially interested in GitHub Enterprise, or users who land on that page by mistake.
And I believe that is what GitHub meant when they said "to serve GitHub.com" - the main site (dashboard, repos, profiles, etc), not including stuff related to their Enterprise product, so I genuinely don't believe they broke their commitment. People are overreacting, as usual, to insignificant changes that don't really impact them.
@afkvido: Also, they have, take a look at this PR.
This was more than likely not Microsoft's doing. Not everything a subsidiary of Microsoft does is because of Microsoft itself. You have the vast majority of comments on this PR (at 8 comments), and your opinion isn't be all end all. Most of the negative reactions are additionally probably from people who don't understand the scope of what GitHub said back when they committed to not use cookies not necessary to serve GitHub itself - they probably didn't extend it to the Enterprise marketing pages to begin with and always meant the main site that serves repositories and profiles and such.
There are things worse than cookies by the way, like actual trackers embedded in web pages. Cookies are relatively harmless if used sparingly and for very specific purposes like tracking sales analytics or for keeping a user logged into their web browsers, or in a specific GitHub use case, tracking the current site theme. There is nothing wrong with stuff like this.
You seem awfully mad at Microsoft for some reason, as if they stole your pet dog or something. This isn't 2000s & early 2010s-era Microsoft, Microsoft is nowhere near as bad as they were when Steve Ballmer was the CEO of Microsoft. Ever since Satya became CEO, I have noticed a significant improvement in Microsoft's business culture and strategy. MS was way, way, way worse back when Ballmer was CEO.
(also, slight question, why upvote your own comments?)
This was more than likely not Microsoft's doing. Not everything a subsidiary of Microsoft does is because of Microsoft itself.
I don't know why anyone at GitHub would do this change, and Microsoft is the only other entity with the authority to make such a change.
You have the vast majority of comments on this PR (at 8 comments), and your opinion isn't be all end all.
I just poke in whenever this comes up on my GitHub notifications.
Most of the negative reactions are additionally probably from people who don't understand the scope of what GitHub said back when they committed to not use cookies not necessary to serve GitHub itself - they probably didn't extend it to the Enterprise marketing pages to begin with and always meant the main site that serves repositories and profiles and such.
That is a good point, however, that doesn't change the fact that GitHub is no longer the white and fluffy angel that it was.
There are things worse than cookies by the way, like actual trackers embedded in web pages. Cookies are relatively harmless if used sparingly and for very specific purposes like tracking sales analytics or for keeping a user logged into their web browsers, or in a specific GitHub use case, tracking the current site theme. There is nothing wrong with stuff like this.
While you seem quite intelligent, I don't think that you understand that cookies could actually be used as slight trackers, and if used to their fullest potential, complete on-site tracking for AI/ML based targeted recommendations for profit.
You seem awfully mad at Microsoft for some reason, as if they stole your pet dog or something. This isn't 2000s & early 2010s-era Microsoft, Microsoft is nowhere near as bad as they were when Steve Ballmer was the CEO of Microsoft. Ever since Satya became CEO, I have noticed a significant improvement in Microsoft's business culture and strategy. MS was way, way, way worse back when Ballmer was CEO.
Microsoft is still a mega-corp. They're still 'evil', just like Google or Apple. I also don't see much of a difference with the two CEOs. One was making more money, one was discussing ethics more often, but in the end, Microsoft is still somewhat invasive. To add on, Microsoft decided to absolutely RUIN Minecraft, a game that I don't really play these days, but my friends play a lot.
(also, slight question, why upvote your own comments?)
(also, slight question, why downvote my comments?)
I think that the cookies ought to be documented, so that you know which cookie means what.
I also think that they should avoid using confusing privacy policies; the mention of DNT should either be kept as is if GitHub uses the DNT header to reduce tracking, or deleted entirely if GitHub does not use the DNT header. If it does so only in some cases, it should mention what cases these are. The privacy policy made sense before the change in the section about DNT, although the change mentioned above makes it confusing (as other comments already mention).
Mentioning other programs such as Privacy Badger and uBlock Origin are OK, although it might be worth to add a disclaimer if GitHub is not affiliated with such programs, even if they are hosted on GitHub. (Since GitHub is used for many FOSS projects, it is likely that some of them will be.)
I have no problem with adding these non-essential cookies to the enterprise marketing pages, as long as the rest of GitHub can be used without it and it is documented which pages these are (and if the cookie domain is the same, also which cookies). Moving the enterprise marketing pages to a separate domain seems to me to be a good idea though, in order to be clearly distinguished (although a subdomain is probably good enough, in my opinion; as long as it is documented clearly which subdomains these are).
About alternatives to GitHub, I would not recommend GitLab because it will not display the files if JavaScripts are not enabled. However, it is acceptable to use GitLab if there are mirrors on multiple services. GitHub, Codeberg, and NotABug, and some others, also use JavaScripts, although the files can be displayed even if JavaScripts are disabled (even though there is a note that says enable JavaScripts, it is not required to simply view files), so it is acceptable. Another alternative is Sourcehut, which also doesn't need JavaScripts (and says that all features work without JavaScripts, although it still has some).
I don't mind GitLab, except that I have to pause for 15 minutes to finish laughing every time i see "Merge Requests"
What happened to this policy https://github.blog/2020-12-17-no-cookie-for-you/ ?
I guess it's a bit like Microsoft ❤️ Linux....
@afkvido:
I don't know why anyone at GitHub would do this change, and Microsoft is the only other entity with the authority to make such a change.
There are a lot of factors that go into making a decision such as this, and it was probably some higher-ups at the executive level for GitHub who decided to make the decision. Keep in mind, GitHub did just get a new CEO, @ashtom, who could have had a factor in why this change was made. GitHub is an independent subsidiary within Microsoft, so I do not believe Microsoft would force this kind of a change.
That is a good point, however, that doesn't change the fact that GitHub is no longer the white and fluffy angel that it was.
No business or company is ever a "white fluffy angel". Companies get embroiled in controversy all the time, and GitHub did as well even before Microsoft ever acquired it, a big one being back in 2014 when there were proven harassment allegations regarding the founder of GitHub regarding him and his wife where they harassed an employee, Julie, to the point of basically forcing her to resign from the company. To say the least, there are a lot of iffy things a company does, and no company has ever been perfect, not even GitHub.
While you seem quite intelligent, I don't think that you understand that cookies could actually be used as slight trackers, and if used to their fullest potential, complete on-site tracking for AI/ML based targeted recommendations for profit.
I am aware that cookies can be used for more-sophisticated tracking, however what I was saying that is that if they are used sparingly, and only for essential product functionality (like remembering your login details), they aren't all that bad. However, if they are used for the purposes that you suggested, for tracking users unnecessarily for example or for targeted recommendations, that is when the usefulness and privacy of cookies does come into question.
Microsoft is still a mega-corp. They're still 'evil', just like Google or Apple. I also don't see much of a difference with the two CEOs. One was making more money, one was discussing ethics more often, but in the end, Microsoft is still somewhat invasive. To add on, Microsoft decided to absolutely RUIN Minecraft, a game that I don't really play these days, but my friends play a lot.
I genuinely do not understand this one. I do understand that Mojang recently added a player chat reporting system to the Java Edition of the game as of version 1.19.1, however I do not find that to be a bad thing, as a report system is pretty useful to avoid malicious players from being able to harm or abuse others. I additionally do understand that the ban is on a multiplayer-wide level, where if you're banned from one server, it takes effect account-wide regarding online play for a set duration of time, or permanently, but I do not find this to be a bad thing either. If a player harasses someone on one server, what stops them from harassing more people on other servers? Aside from this system, which has been controversial and that I do genuinely believe should exist, I do not believe that Mojang or Microsoft has ruined Minecraft in any way at all.
@sammcj:
What happened to this policy https://github.blog/2020-12-17-no-cookie-for-you/ ?
I guess it's a bit like Microsoft ❤️ Linux....
It still applies to the entirety of GitHub.com, such as repositories, profiles, the dashboard, account settings, etc. It only impacts GitHub's enterprise pages, the ones that market and sell Enterprise to companies and organizations. Everything else is unaffected, so no, it is not like Microsoft :heart: Linux in any way, and that whole thing does genuinely seem genuine. Microsoft knows now that Linux is not something that should be attacked.
so what github alternative is everyone using these days? asking for a friend.
Your friend might be interested in hosting their code at codeberg.org. A friend of mine moved there, too.
Use uBlock Origin as it says if you really can't stand a few cookies
Do you know about Manifest version 3 ? They are going to kill Ublock Origin , how stupid you think we are ?
Why are people getting so riled up when this change only impacts the Enterprise marketing subdomains? Makes no sense to me
How much they pay you to shill for Microsoft , this is how it beings , this is how they killed Cent OS, this is how they jeopardized java, corporations are never to trust with good products.
Cent OS wasn't even a Microsoft product, it was a product owned by Red Hat, which is in turn a subsidiary of IBM. Microsoft had nothing to do with why they killed off the standard CentOS operating system. And I'm not shilling for Microsoft at all, I'm simply trying to be reasonable here. Not everything that happens is Microsoft's fault, and if you think that, then you are immediately wrong. And Microsoft never jeopardized Java - Java is Oracle, and Java is still going strong and being used in lots of software and products to this day, including Android. Microsoft has done nothing to Java, so that last point is moot, null, and void.
Do you know about Manifest version 3 ? They are going to kill Ublock Origin , how stupid you think we are ?
That is Google's problem, not Microsoft's. Again, Manifest v3 is a Google-developed feature, not something developed by Microsoft. Microsoft does use Chromium, but this is Google's fault, not Microsoft's. People love bashing Microsoft for things they never even do, as if everything wrong that ever happens in the world is Microsoft's fault, which is not the case at all.
Cent OS wasn't even a Microsoft product, it was a product owned by Red Hat, which is in turn a subsidiary of IBM. Microsoft had nothing to do with why they killed off the standard CentOS operating system. And I'm not shilling for Microsoft at all, I'm simply trying to be reasonable here. Not everything that happens is Microsoft's fault, and if you think that, then you are immediately wrong. And Microsoft never jeopardized Java - Java is Oracle, and Java is still going strong and being used in lots of software and products to this day, including Android. Microsoft has done nothing to Java, so that last point is moot, null, and void.
That is Google's problem, not Microsoft's. Again, Manifest v3 is a Google-developed feature, not something developed by Microsoft. Microsoft does use Chromium, but this is Google's fault, not Microsoft's. People love bashing Microsoft for things they never even do, as if everything wrong that ever happens in the world is Microsoft's fault, which is not the case at all.
Microsoft, Google, Aamzon, Red Hat, these are corporations, they all have same motive: Money, I was simply stating what happened to Cent OS, Java, Manifest v2 will happen to Github because Microsoft being corporation will burn github down for monetary gains.
I have deleted my comment of you accusing of payment and shilling because that was somewhat in bad taste
Cent OS wasn't even a Microsoft product, it was a product owned by Red Hat, which is in turn a subsidiary of IBM. Microsoft had nothing to do with why they killed off the standard CentOS operating system. And I'm not shilling for Microsoft at all, I'm simply trying to be reasonable here. Not everything that happens is Microsoft's fault, and if you think that, then you are immediately wrong. And Microsoft never jeopardized Java - Java is Oracle, and Java is still going strong and being used in lots of software and products to this day, including Android. Microsoft has done nothing to Java, so that last point is moot, null, and void.
That is Google's problem, not Microsoft's. Again, Manifest v3 is a Google-developed feature, not something developed by Microsoft. Microsoft does use Chromium, but this is Google's fault, not Microsoft's. People love bashing Microsoft for things they never even do, as if everything wrong that ever happens in the world is Microsoft's fault, which is not the case at all.
Microsoft, Google, Aamzon, Red Hat, these are corporations, they all have same motive: Money, I was simply stating what happened to Cent OS, Java, Manifest v2 will happen to Github because Microsoft being corporation will burn github down for monetary gains.
I have deleted my comment of you accusing of payment and shilling because that was somewhat in bad taste
Everything in this world requires money. And that's what matters. No money = No everything.
Money may not buy everything. But money can buy almost anything.
And I think you're hating their organization.
