…analytics and telemetry for advertising purposes. Github’s revenue model is through selling…
“We may share your information with third parties under one of the following circumstances: with your consent, with our service providers, for security purposes, to comply with our legal obligations, or when there is a change of control or sale of corporate entities or business units.”
So when don’t they share your info?
“Tracking and analytics: We use a number of third-party analytics and service providers to help us evaluate our Users’ use of GitHub, compile statistical reports on activity, and improve our content and Website performance. We only use these third-party analytics providers on certain areas of our Website, …”
I don’t work for Microsoft or Github, so I don’t know for certain, but these would be my best guesses:
So they either ask you.
People that provide service to Github (ISP, DC etc), this could possibly be DDoS protection, etc. Additionally Github logins can be used as an OAuth login, so that would be any site which you use your Github password to log into.
Server logs, abuse detection etc.
Law enforcement ie in the event someone committed something they were not supposed to, or financially related as Github does sell services (Pro/Enterprise) ie some sort of fraud, debt collection etc.
Obviously if Microsoft sold the whole of Github off to someone else, that new owner would want to pick up where they left off. The product may of course change in any number of ways.
Well I think you answered your own question there. Those Github sub processors only likely get the relevant information to provide their services anyway. Certain fairly obvious features (such as SMS obviously require the use of things like Twilio etc).
I am surprised to see Google Analytics there, as I don’t see any cross-site requests to that when using their site.
I wouldn’t say “outrage,” but strong dislike would fit. Yes, those Terms of Service are similar to others we give our privacy in surveillance capitalism. Other than difficulty/effort of moving to another service or hosting your own, I can’t understand your lack of concern, but I’ll drop it after this:
Kudos to @infosechandbook who only stayed on github for about 9 months, whatever the reasons:
Codeberg hosts the public Git repository containing our blog content (e.g., all pages, all articles) and our website mirror. One of our contributors is an active member of the Codeberg association, so the project is more transparent than other services, and we are (indirectly) paying for their hosting.
Apart from this, we still have repositories hosted by other providers. However, those Git repositories are all private.
Keep in mind that different providers come with various features. While codeberg.org (or similar services) might fit our use case of showing a full and signed changelog of our blog changes for transparency, there are other features that you don’t get due to limitations of Gitea that runs under the hood.