I recently noticed that an YC company (Run ANywhere, W26) sent me the following email:
From: Aditya <[email protected]>
Subject: Mikołaj, think you'd like this
[snip]
Hi Mikołaj,
I found your GitHub and thought you might like what we're building.
[snip]
I have also received a deluge of similar emails from another AI company, Voice.AI (doesn't seem to be YC affiliated). These emails indicate that those companies scrape people's Github activity, and if they notice users contributing to repos in their field of business, send marketing emails to those users without receiving their consent. My guess is that they use commit metadata for this purpose. This includes recipients under the GDPR (AKA me).
I've sent complaints to both organizations, no response so far.
I have just contacted both Github and YC Ethics on this issue, I'll update here if I get a response.
The fundamental nature of Git makes this pretty easy for folks to scrape data from open source repositories. It's against our terms of service and those folks might want to talk with some lawyers about doing it - but as every Git commit contains your name and email address in the commit data it's not technically difficult even if it is unethical.
From the early days we've added features to help users anonymise their email addresses for commits posted to GitHub. Basically, you configure your local Git client to use your 'no-reply' email address in commits and that still links back to your GitHub account when you push: https://docs.github.com/en/account-and-profile/reference/ema...
I think that's still probably the best route. We want to keep open source data as open as possible, so I don't think locking down API's etc is the right route. We do throttle API requests and scraping traffic, but then again there have been plenty of posts here over the years from people annoyed at hitting those limits so it's definitely a balancing act. Love to know what folks here think though.
https://news.ycombinator.com/item?id=45357205
Hope they didn’t get too many folks.
https://news.ycombinator.com/item?id=9332418 (11 years ago)
https://news.ycombinator.com/item?id=20660624 (7 years ago)
https://news.ycombinator.com/item?id=27855152 (5 years ago)
https://news.ycombinator.com/item?id=30900237 (4 years ago)
Seems it’s a reoccurring issue
You mention GDPR, which also "applies" to me, though I wonder if what they're doing is actually illegal. I mean, after all, I'm putting my email on GitHub precisely to give people a way to contact me.
Of course, I do that naïvely, assuming good faith, not expecting _companies_ to use it to spam me. So definitely what they're doing is, at the very least, in poor taste.
A lawyer
Every day, I get deluged with hundreds of spam and scam emails, often because some knucklehead entered my email in a form (either accidentally, or as a throwaway red herring).
> Some examples of ethical behavior we expect from founders are:
> - Not spamming members of the community
> To maintain our community, if we determine (in our sole discretion) that a founder has behaved unethically during or after YC, we will revoke their YC founder status. This includes access to all Y Combinator spaces, software, lists and events. All founders in a company may be held responsible for the unethical actions of a single co-founder or a company employee, depending on the circumstances.
Ah... but there's the rub.
Define "the community."
Does it count if you are selecting random GH accounts count as being members of "the YC community"?
Sorry, but unsolicited contact, much as I hates, HATESSSS it, is a classic component of any business, and has been, for many decades. I don't think it would be appropriate for a business organization to prohibit its members from engaging in "cold calling," of which, UCE is really an example.
Using the YC branding/name, however, is a different matter.
> I came across your GitHub profile and thought you might be interested in what my team and I are building. We're developing an open source SDK that runs LLMs directly on-device.
What's even more interesting is that both buildrunanywhere.org and runanywheresdk.com show a stock hostinger parking page when accessed in a browser. Something tells me they're intentionally registering these "alternate" domains specifically for spam, to avoid tanking the email reputation of their main runanywhere.ai domain.
I guess I shouldn't be surprised given YC is going all in on AI and most AI companies are no better than the crypto scammers of yesteryear, but still.
These providers are the only ones that care about their reputation and thus may take some action. Investors? Nope.
There are likely marketing email datasets floating around the internet that contain email addresses scraped from commit metadata.
I use a catchall with a specific Git client (not GitHub) email address, and found spam and phishing emails being sent there quite a few times.
Hey, I found your GitHub profile and thought you might find this useful.
I've been building Omniget, a desktop downloader that works with YouTube, Udemy, Hotmart and 1000+ other sites. It's open source and built with Rust and Tauri.
The part I'm most proud of: you don't even need to open the app. Just press a hotkey and it grabs whatever video you're watching.
I've been working on this for a while now, even got an artist to design a mascot. I'm shaping the app based on feedback from people who actually use it, so if you have any thoughts I'd love to hear them.
Here's the repo: https://github.com/tonhowtf/omniget
Thanks for your time!
Tonho