alt Hacker NewsTell HN: YC companies scrape GitHub activity, send spam emails to users
Hi HN,
I recently noticed that an YC company (Run ANywhere, W26) sent me the following email:
From: Aditya <[email protected]>
Subject: Mikołaj, think you'd like this
[snip]
Hi Mikołaj,
I found your GitHub and thought you might like what we're building.
[snip]
I have also received a deluge of similar emails from another AI company, Voice.AI (doesn't seem to be YC affiliated). These emails indicate that those companies scrape people's Github activity, and if they notice users contributing to repos in their field of business, send marketing emails to those users without receiving their consent. My guess is that they use commit metadata for this purpose. This includes recipients under the GDPR (AKA me).
I've sent complaints to both organizations, no response so far.
I have just contacted both Github and YC Ethics on this issue, I'll update here if I get a response.
Comments
I get these types of emails daily -- never bothered to check whether they are YC or not as I don't read them; I can tell from the first sentence that it's not a company I know and am doing biz with and it goes directly into z-file. Most seem to have gotten my email address from LinkedIn, others from GH.
Side note but the trick I learned, at least with gMail is not to delete the email (which doesn't prevent you from getting new ones), or even reporting as spam (which may or may not work), but instead dragging it into the Promotions tab, into which all future emails from that email address will automatically go. Promotions tab then acts as your Trash.
The quickest way to get me to never do business with you is to send me spam.
I did receive these kinds of emails as well.
And I use a different email fromy priority email for GitHub commits since 4 years ago.
So just stop with marketing slop please.
Yes, I work with AI, and I'm becoming pretty good at it.
But this doesn't mean I'm comfortable pushing AI slop into potential users and customers.
I (and they) want to use AI to facilitate their processes, not to ingest slop content.
HN and YC walk a thin line between hacker culture and venture capitalist culture. I know it’s easy to think that because HN comes from YC them too are aligned with hacker culture, but no. YC is all cutthroat business.
I also received this shitty email 3 days ago
There's no reason to put your real email in git config unless you're signing, in which case repos should be private. I would have thought that was obvious.
I have been having the same experience. If you starred a GitHub repo, and they think that their product is similar, they will send you their spam. I condemn this! They should be ashamed!
> These emails indicate that those companies scrape people's Github activity, and if they notice users contributing to repos in their field of business, send marketing emails to those users without receiving their consent. My guess is that they use commit metadata for this purpose.
There are likely marketing email datasets floating around the internet that contain email addresses scraped from commit metadata.
I use a catchall with a specific Git client (not GitHub) email address, and found spam and phishing emails being sent there quite a few times.
I've received several similar ones over the years. At this point, if I get an email from someone I don't know and it contains a link, chances are it's spam. I genuinely doubt github(or any other company for that matter) would do something about it. While I fully support GDPR, the truth is, few people are willing to take action knowing how much bureaucracy would be involved...