📸🔒GitHub: protect your email from spammers with this GitHub privacy setting

Christophe Colombier - Apr 28 - - Dev Community

First thing to understand, git is not GitHub.

git is a tool, GitHub is somehow an hosting provider. There are many other hosting providers: GitLab, BitBuckets…

A part of git commit is your email.

side note about the email identifier (click to unfold)
You can learn more about it in my previous article ccoveille

Why you should sign your commits, and not only how.

Christophe Colombier ・ Apr 26

#github #git #security #privacy

Many git tutorials start by the basics:

git config --global user.email you@domain.com
Enter fullscreen mode Exit fullscreen mode

For example this article made by @federicotrotta (hi Frederico 👋)

It's OK, but here comes GitHub then.

Because having your email configured in your local git is OK. But commits are made to be pushed.

Here I will only talk about GitHub because it's somehow the reference.

GitHub is public, and it's great, but your email will be publicly available on every of your commit you push on GitHub. ⚠️⚠️

You know what? Evil spammers hidden in the darkness are looking for emails in commits.

monty python spam

Here is how setting everything clean to avoid issues.

Please note, it would only work for new commits, commits you pushed with your real email are already there.

To set up and keep your email private on GitHub, follow these steps:

  • Open your GitHub profile settings by clicking your profile photo in the upper-right corner of any page, then click "Settings", then "Emails" section.

  • Set Your Primary Email Address (normally you had set up this when you created your GitHub account):
    In the "Primary email address" dropdown menu, select the email address you'd like to associate with your web-based Git operations.

  • select "Keep my email addresses private". This will provide a no-reply email address (e.g., username@users.noreply.github.com) for your commits.
    copy paste it as we will need it in a few steps

  • Block Command Line Pushes That Expose Your Email (Optional):
    If you want to prevent command line pushes that might expose your personal email address, select "Block command line pushes that expose my email". This setting checks the most recent commit's author email and blocks the push if it matches a private email on your GitHub account.

  • Configure your git settings:
    You can do this by running:

    git config --global user.email "whatever@users.noreply.github.com"
    

    Replace "whatever@users.noreply.github.com" with your actual no-reply email address provided by GitHub.

By following these steps, you can ensure that your email address remains private for both web-based and command line Git operations on GitHub

GitHub official documentation about it (click to unfold)

https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address#setting-your-commit-email-address-on-github

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .