For developers who truly care about anonymity, is relying on the server to strip out personal information really a good idea?<p>If I were that paranoid, I feel like I'd greatly prefer a tool that strips everything out on the client, then establishes a connection to your site via a Tor hidden service which then publishes the PR.<p>Another concern; isn't this a potential avenue for spam? How long before someone submits a bunch of spam PRs through the service and gets your Gitmask user account banned on GitHub as a result?
I can see why this is attractive in some circumstances. I don't see how this can be reconciled with copyright law. How can Anonymous Hacker show that they have auhority to transfer a clean copyright in their contribution? If you accept an anonymous patch, aren't you also accepting liability for all possible encumbrances?
Interesting project but I didn't see any information regarding data collection and retention on your site. Granted that's unlikely to come up but in theory I would imagine someone could subpoena your for information regarding who that person was that created the PR, no?<p>Also curious how this does with, say, updating a PR.
Not sure that many OSS projects are going to be interested in merging a patch where a conversation with the patch author for review/feedback can't happen
I like this, but it does make it difficult to discuss the PR. Perhaps you could issue a private key or token in response to the POST and then add comments with that key/token?
I wonder how long that will last until GitHub bans them for (presumably) massive amount of spam. The fact that it's PRs only, not just issues, makes it a bit harder, but I can't imagine it'd be that hard to abuse
I did not really understand the benefit in comparison with a sock-puppet account linked to a throw-away e-mail address. That's the universal way for any web registration form.
This is fantastic. I have been doing all my personal open-source work anonymously, and it requires a surprising amount of tooling to get it right. I will give gitmask a try.
For proper anonymization, you need to change code/naming style. Codestylommetry can easily identify most developers. Ideally, an obfuscator generates some "private key" that would guide it how exactly it should change/reverse change upon push/pull so that public repo has anonymized code whereas developer the real one. However, it won't work for multi-developer projects.
> Just because you think DICSS is amusing, doesn't mean you want your boss to know about it. How about your girlfriend?<p>It's 2018. Dick jokes and "your girlfriend" examples have no place in software engineering, not that they ever did. That holds doubly true for a project whose target audience potentially includes people who have reasons to protect their identity.<p>As potentially better examples: contributions to the bitcoin repository tend to result in spam from random people who think that the list of every contributor to bitcoin is the right list to send random cryptocurrency spam to. Or, you might want to contribute to the https-everywhere repository without revealing sensitive sites you're contributing entries for. ("Potentially sensitive" here could mean a wide variety of things, such as sites for sufferers of a particular medical condition, sites for organizations whose members regularly get targeted, etc.)
This is cool. I've been looking for an "open relay" to help with collaborating on GitHub-hosted projects that's easier than doing account resets.[1] I'll check it out later.<p>Side note: the Git project is enforcing the Git trademark now.[2] If you want to use "Git" for your branding, you'll need to get approval.<p>1. <a href="https://www.colbyrussell.com/2016/02/13/keeping-a-low-profile-on-github.html" rel="nofollow">https://www.colbyrussell.com/2016/02/13/keeping-a-low-profil...</a><p>2. <a href="https://public-inbox.org/git/20170202022655.2jwvudhvo4hmueaw@sigill.intra.peff.net/" rel="nofollow">https://public-inbox.org/git/20170202022655.2jwvudhvo4hmueaw...</a>
Throwaway account:<p>I enjoy scraping GitHub user data and have found it a great goldmine of data.<p>95% of the time I can recover an email address for a user based on their commits, even when the email is not publicly visible on GitHub.<p>Very insecure.
I don't understand it.<p>If you are a project maintainer on GitHub, how could you accept a PR from an anonymous user? Let's say you accepted it, and later some company said that the code from that PR is "stolen" from their code base, and that's true, how do you deal with that?
Interesting idea but this part made me cringe<p>"Just because you think DICSS is amusing, doesn't mean you want your boss to know about it. How about your SO?"<p>If you are writing code you need to hide from your SO you have some serious relationship problems.
This is the dumbest thing I have seen on the front page of HN in a long time.<p>If I really wanted to be anonymous on GitHub I'd create a "fake" account/would not use my name.
What's the point? Just make an anonymous GitHub account, they have no real name policy, after all.<p>Participation in discussions is a necessity for most interactions with an open source community.
This webpage just shows a loading spinner with JS disabled. And after the recent bugs I intend to keep noscript on for some time.<p>EDIT: Just saying, if you link to a main page... Make it accessible. Most serious privacy advocates probably have JS disabled by default.