I have been auditing the privacy of the apps that I use recently. After switching to a more privacy-conscious email provider (Tutanota), I also wanted to review where I publish that email address to.
One important place to check is any Git host you use. In your Git configuration, you must provide an email to serve as an identifier for your commits.
Can you just provide a bogus email to GitHub and be done with it then?
According to GitHub, if you want to ensure that commits are attributed to you and appear in your contributions graph, then you should provide an email address associated with your GitHub account in your Git configuration. If this is not important to you, then provide whatever you want!
Let's update our configuration with an an anonymous email to get the best of both worlds.
Update GitHub settings
Go to https://github.com/settings/emails. There is an option called "Keep my email address private".
Check the box!
This will remove your public profile email. A noreply
email address is generated for you. It is 3703647+robole@users.noreply.github.com for me. Now, this noreply
email address is used when performing web-based GitHub operations (e.g. edits and merges) and when emails are sent on your behalf.
There is a second option "Block command line pushes that expose my email". If a commit contains a private email address associated with your GitHub account, the commit will be refused. It is a good idea to check this one too IMO.
That's the activities covered on GitHub.com. What about on the the command-line with Git?
Update Git config
Let use the noreply
email address in our Git configuration.
To set the email address for every repository on your computer:
- Open a Terminal.
- Set an email address in Git. I want to use my GitHub-provided
noreply
email address, but you can use any email address.
git config --global user.email "3703647+robole@users.noreply.github.com"
- Confirm that you have set the email address correctly in Git:
git config --global user.email
3703647+robole@users.noreply.github.com
If you want to check it works as expected. Push a commit to a repo on GitHub and go to that commit on the website. You can add .patch
to the URL and you will see a summary of the metadata of the commit (as below). Check the From
field.