I have GitHub Copilot Pro. I don't believe I signed up for it. I neither use it nor want it.
1. A lot of settings are 'Enabled' with no option to opt out. What can I do?
2. How do I opt out of data collection? I see the message informing me to opt out, but 'Allow GitHub to use my data for AI model training' is already disabled for my account.
Hey David - if you want to send me (martinwoodward at github.com) details of your GitHub account I can take a look. At a guess I suspect you are one of the many folks who qualified for GitHub Copilot Pro for free as a maintainer of a popular open source project.
Sounds like you are already opted out because you'd previously opted out of the setting allowing GitHub to collect this data for product improvements. But I can check that.
Note, it's only _usage_ data when using Copilot that is being trained on. Therefore if you are not using Copilot there is no usage data. We do not train on private data at rest in your repos etc.
> Nothing (reasonable) can protect against direct lightning strikes
Belkin make a number of surge protectors which offer a connected equipment warranty in the UK. Admittedly: financial protection, not data protection, but I felt it was worthwhile for the peace of mind.
Have they ever paid out on one of those, or is it like CAs who offer liability protection for their certificates carefully set up in such a way that they never have to pay out.
In the past week (besides the constant slop), there are models which have misattributed the copyright of new files to me, and stripped my copyright from existing files. It's sapping up time, energy and motivation.
> when we catch the accounts doing this we can (and do) take action against those accounts including banning the accounts.
This isn't my experience. I requested that you looked into a spammer in July 2025, you ignored my reply and the account is still active.
----
Thank you so much for the report. We're sorry to hear you're receiving unwanted emails, but it's always a possibility when your public contact information is listed on the web. You can keep your email address private if you wish by following the steps here:
Setting your commit email address
We do expect our users to comply with our Terms of Service, which prohibits transmitting using information from the GitHub (whether scraped, collected through our API, or obtained otherwise) for spamming purposes. I'm happy to look into it further to see if we can contact the reported user and let them know that this type of activity is not allowed.
Please let us know if you have any other questions or concerns.
----
My reply which was ignored:
----
I understand it will happen from time to time. I'd rather be contactable (I've received legitimate emails today because my email is on my profile).
Please take further action. My email is public with the expectation that the ToS will be enforced. If GitHub isn't discouraging spammers then it makes it much harder to justify being contactable.
I reported spammers ~5 times to GH, and every time the account went down in a couple of hours. Obviously mileage may vary, but I don't want the whole HN to think this process is completely broken.
I did report email spam to GH, and both got reply for them and seen their page go 404.
It was years ago though. Since I've enabled "hide my email" setting, and set that GH-generated email to my git config, "try my project" spam ceased to be an issue.
It's impossible for them to stop if you list your email on there. They could make it harder of course. But if you put your email out there for a human to find, then a script or bot or also find it.
And yes of course they can also stop a specific spammer. But that spammer may pick up another account and email.
The grandparent post wasn't asking for them to do the impossible and stop all spamming, only to take action against the particular user that spammed them.
>> it's always a possibility when your public contact information is listed on the web
Sounds correct to me
> Please take further action. My email is public with the expectation that the ToS will be enforced.
What magic wand are you expecting they wave that distinguishes people who need your email address for legitimate from those who need it for illicit purposes? Why wouldn't we apply the same to the entire population and lock up criminals before they've committed crimes?
What you're asking is entirely impossible short of mandatory mind reading
I provided a spam email chain from a user with a linked GitHub profile, stating that they obtained my email from my GitHub profile.
GP [martinwoodward] states:
> This type of behaviour is explicitly against the GitHub terms of service, when we catch the accounts doing this we can (and do) take action against those accounts including banning the accounts.
But action was not taken, there was no reply to my email to GitHub support.
Yeah they likely rarely if ever "look into" it and certainly nobody has ever needed a lawyer over this.
As recently as a year or so ago, at least, you could list repo stargazers through their graphQL API and get a TON of email off that depending on the user settings.
1. A lot of settings are 'Enabled' with no option to opt out. What can I do?
2. How do I opt out of data collection? I see the message informing me to opt out, but 'Allow GitHub to use my data for AI model training' is already disabled for my account.
reply