Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Find the email address of any GitHub user (github.com/hodgesmr)
64 points by _kcn8 on May 23, 2013 | hide | past | favorite | 37 comments



You can get any email for a developer from their commits in the json api...companies like Entelo & TalentBin have discovered this a long time ago and appear to be reselling them to recruiters for about $500 a month. If you have seen an uptick in recruiter spam lately, now you know why.

What is interesting is I believe its illegal (can-spam) to email someone if you harvested their email programmatically...but seems to be a clever hack around the law for a company to sell off a harvested emails to be emailed by someone else.


> I believe its illegal (can-spam) to email someone if you harvested their email programmatically

Nope. You can email pretty much anyone in America, regardless of how you acquired the address (and provided you meet various other requirements about headers and content). The biggest criticism against CAN-SPAM is that it could be viewed as a license for every business to spam the planet exactly once (after that you have to start worrying about opt-outs).

Edit: Oops, now I'm not so sure... see below.


The CAN-SPAM Act has specific prohibitions (and extra harsh sentencing guidelines) for spamming harvested (or "dictionary attack") e-mails. Even if you meet all the other requirements to legally send unsolicited commercial e-mail, harvesting the addresses makes it illegal.

https://www.projecthoneypot.org/law_of_harvesting.php

http://www.ftc.gov/os/caselist/0723041/canspam.pdf


Not CA residents (assuming you do business in CA). http://www.tomwbell.com/NetLaw/Ch04/CalSpamLaw.html


> If you have seen an uptick in recruiter spam lately, now you know why.

Thank you, I was wondering how so many managed to find my e-mail.


$500... http://hacktalent.com sells them for $9


of all spam - I like job offers (however misguided) the most.


Thanks for the useful tool! Email addresses are not secrets, and I can't count the hours I've wasted trying to email some developer who thinks that by keeping his email address off of his blog that he'll get less spam.


I'll take that over the wasted hours spent blacklisting idiots, looking up ASNs for ISPs that don't give a shit, filling in abuse forms, maintaining and testing DKIM & ADSP policies, etc. etc. If I want you to have my email address I'll give it to you.


To be fair, you will get slightly less spam


but your ratio of genuine-email-from-strangers to spam will plummet sharply.


I'm always fascinated when something like this appears on HN and it turns out to be a dozen lines of bash. I could easily imagine writing a hundred lines of a "better" language (Python, CL, Ruby...)to do the same thing. I guess it just speaks to the unreasonable effectiveness of Unix tools for certain classes of problems.


It could be better bash, e.g. using [[ instead of [. Also,

    curl -s https://api.github.com/users/$2/events/public |
    grep "\"gravatar_id\":" |
    sed -e's/[,|"]//g' |
    head -n 1 |
    awk '{print $(NF)}'
can be

    curl -sS https://api.github.com/users/$2/events/public |
    sed -n '/"gravatar_id":/!d; s/",//; s/.*"//p; q'
and so on.


Pull requests are always welcome :)


Half of the code is dealing with the command line and options. Since you're working in the command line anyway, it makes sense.

But the gist of it is dead simple.

For this author (hodgesmr) you just go to:

https://api.github.com/users/hodgesmr

... and if it's not shown there (author doesn't want to make it public?) then you look for it here:

https://api.github.com/users/hodgesmr/events/public

Aaaaand this is why I have a dozen different mail accounts.


  | I could easily imagine writing a hundred lines
  | of a "better" language
You could easily do much of the same things (probably in a similar number of lines) using system calls in other languages.


Ruby uses `` to execute installed programs, which is the best part of bash. I'd say Ruby rivals bash in this sense.


I thought this was going to be a reverse-MD5 on their gravatar url. Interesting to know this is there, too!

(As a possible improvement you could also take all possible matches and compare their MD5's to the gravatar URL.)


https://github.com/hodgesmr/FindGitHubEmail/pull/5

I'm not really that familiar with bash scripting so this might be a mess.


A small semantic question. If it is just one line of code snippet, doesn't a gist make more sense than a github project


Perhaps. This was something I threw together around midnight last night. Instinctively I made a git repo, no knowing what it would turn in to.


This feels like nothing more than linkbait with no value-add. Emails are public on Github anyways, so simply browsing to github.com/<username> will show the users registered address. I guess it's almost interesting that it can be done programmatically, but I never suspected anything less.


Not everyone includes their email in their GitHub profile. For instance, the creator of this tool’s profile at https://github.com/hodgesmr does not include his email address.

This tool does not rely on email addresses being in profiles. It can look up the email addresses used in commits in the user’s repos, and use heuristics to choose the most likely one.


Thanks for the clarification


Title should be corrected, as it doesn't get the email address of all users, only those with public activity. A team member on a private org repo I'm a part of has no public activity on Github, and no email is returned, even using -a.


Auto-delete all messages that contain the phrase "my client" and you'll eliminate 90% of spammy recruiter emails in my experience.

That's the goal, right? If the recruiter had an amazing, what you've always wanted kind of job for you, you'd probably want to hear about it. But if that were the case he'd take the time to find out what that opportunity looks like, and he'd probably just tell you the company instead of all the "my client" stuff.


Emails from lawyers also frequently contain the phrase "my client". You might not want to automatically delete those ones.


Interesting, but GitHub is the place I'm least likely to want to email someone--since GitHub's staff is actually willing to deal with things like username squatting by defunct accounts.

On the other hand, if someone could tell me how to get someone's email address from their Tumblr or Twitter, I'd be eternally grateful. Stonewalls from both on the username-squatting front.


Pretty obvious to those of us who use GitHub. Commit to a public repo under your email and people can see it? Not news.


You don't even have to commit. Simply having a github account means your email address is public; it even says this on the "Edit your profile" page.


Here goes my Version used to fetch the email addresses of your followers :)

https://github.com/rShetty/Scriptomaniac/blob/master/github....


Running it against my username, the first email address it pulls is the email of someone who contributed to one of my projects, not mine. (using -a does also include my address)


Try -g ;)


Honest question - why is this news? (And why was it also news yesterday?)


I don't think it is as much news as a hack (which is completely relevant for this forum). The reason for its attraction is because most of the demographic here utilizes github and cares about privacy.


if privacy is a concern, don't make commits to a public repository


Thats exactly why its a news. Many didn't realize that the email and other particulars would be out in the open.

Its like knowing that my details are now public because I posted on HN when I expect only my posts to be public ... (Just an example as HN doesn't require an email id)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: