How anonymous is GitHub… really?

GitHub feels public. But not that public. You push a commit, open a PR, maybe use a username that isn’t your real name… and it feels “safe enough”. But here’s the real question: How anonymous are you actually? Let’s break it down. What a normal commit really exposes Every Git commit contains more than just code. A typical commit includes: Author name Author email Commit timestamp Commit message Diff (your actual changes) Even if you’re using a pseudonym, your email is often the real identifier. And yes — it’s public. Email leakage is more common than you think Unless you’ve explicitly configured GitHub’s email privacy settings, your commits may expose your real email. Even worse: Old commits may still contain it Forks and mirrors preserve that data Anyone can scrape it at scale This has led to: Spam campaigns Targeted phishing Identity correlation across platforms Once your email is in the Git history… it’s effectively permanent. Metadata goes deeper than identity Even if you hide your