Will Microsoft be able to steal from private Github repositories?

By: (plus.google.com) +David Herron; Date: June 11, 2018

Tags: Microsoft » Github » Open Source

The biggest concern with Microsoft's Github acquisition is whether Microsoft will do something evil with the private repositories stored on Github. Some of Microsoft's competitors use Github, and they should be concerned. Any company has to be worried about leakage of intellectual property -- with Microsoft ownership, does that risk increase?

Let's first answer one question -- Is it technically possible for a Github employee today, or a future Microsoft employee, to access private Github repositories?

Before we get into "Can they" let's spend a moment pondering "Why would they"

If Microsoft were to do something evil with Github

  • How many class action lawsuits?
  • How much reputation damage?
  • How many pissed off developers would be shunning Microsoft?
  • Why would it be worthwhile? (Microsoft has a reputation of not even reusing internal code across projects)

The backlash would be so enormous as to make it so expensive for Microsoft to do such a thing that logic dictates treating Github with the utmost integrity. Consider that Microsoft's developer tools and services for developers (Azure, etc) are already in wide use, and that Microsoft already understands the value in winning and keeping developers trust.

But also notice that there is a presumption that Microsoft is likely to do something evil with Github, because of the assumption that Microsoft is evil. That perception is rooted in the reality of what Microsoft did to the computing industry in the 1980's and 1990's. Microsoft really did have to pay out $billions in damages in at least two major lawsuits over their predatory practices. Microsoft really did violate the Java license resulting in paying $2 billion in damages to Sun Microsystems. Microsoft really did predatorily prevent PC vendors from selling computers bundled with Linux rather than Windows. etc etc etc.

The last few years Microsoft seems to have changed their tune. I am finding myself in the strange position of being a happy user of Microsoft software after years of eschewing anything from Microsoft to avoid Feeding the Beast. Namely, I’m using Visual Studio Code, I am using Node.js for as much as I can (Microsoft makes lots of contributions), and I am pleasantly surprised at how the Windows Subsystem for Linux can make Windows bearable to use.

Er... let's get back to the question

Will Microsoft be able to steal from private Github repositories?

Some services are constructed such that the data is kept encrypted using a password controlled by the owner of that data. The only entity that can unlock that data is the owner of the data, at their request. The owner of the website cannot unlock the data, only the owner of the data. The webservice is merely storing that encrypted data as a convenience.

Github is not constructed that way.

We have the word of a Github employee, Zach Holman, in a Quora answer: (www.quora.com) Can GitHub employees view the contents of private repositories? He says "Yes, but not without your consent." Github employees have a legitimate reason to do so while troubleshooting problems where you've asked for support. However, Holman says the process that's involved ("we have a concept of "unlocking" a repository for ten minutes so we can try to reproduce a problem, but every unlock is timestamped with who performed that action and why they performed that action") is onerous that Github employees prefer to not do so. Instead, they prefer to start with a clean Github repository to try and reproduce the problem.

Holman points to this article: (help.github.com) https://help.github.com/articles/github-security

It's clear that Microsoft understands that IF they perpetrate evil through owning Github, that a whole generation of developers will come away betrayed. That's according to the incoming CEO of Github, who himself is an open source luminary. (medium.com) Microsoft could lose big if it screws up Github acquisition

Microsoft clearly knows that the last few years they’ve been carefully rehabilitating the corporate image. We who remember the 1980’s and 1990’s are slowly warming up to Microsoft.

Microsoft knows it has to treat Github with the utmost respectability and integrity.

Microsoft knows that if this acquisition is screwed up, they’ll lose a whole generation of developers who will feel betrayed similar to the betrayal felt by those of us who started in the 1980’s to 1990’s.

That knowledge may be enough to keep Microsoft from doing anything evil with Github. That remains to be seen, however.

In another Quora answer thread ( (www.quora.com) Can Microsoft steal source code from private GitHub repositories?) In that thread, several Microsoft employees are saying that Microsoft is a reputable company and they wouldn't do such a thing. It's difficult to fully trust those comments, since the writers are surely biased.

« The man who spies on spy satellites, watching big brother watching us Inside a huge Printed Circuit Board factory in China »
2016 Election Acer C720 Ad block AkashaCMS Amazon Amazon Kindle Amazon Web Services America Amiga and Jon Pertwee Android Anti-Fascism AntiVirus Software Apple Apple Hardware History Apple iPhone Apple iPhone Hardware April 1st Arduino ARM Compilation Artificial Intelligence Astronomy Astrophotography Asynchronous Programming Authoritarianism Automated Social Posting AWS DynamoDB AWS Lambda Ayo.JS Bells Law Big Brother Big Finish Bitcoin Mining Black Holes Blade Runner Blockchain Blogger Blogging Books Botnets Cassette Tapes Cellphones China China Manufacturing Christopher Eccleston Chrome Chrome Apps Chromebook Chromebox ChromeOS CIA CitiCards Citizen Journalism Civil Liberties Clinton Cluster Computing Command Line Tools Comment Systems Computer Accessories Computer Hardware Computer Repair Computers Cross Compilation Crouton Cryptocurrency Curiosity Rover Currencies Cyber Security Cybermen Daleks Darth Vader Data backup Data Storage Database Database Backup Databases David Tenant DDoS Botnet Detect Adblocker Developers Editors Digital Photography Diskless Booting Disqus DIY DIY Repair DNP3 Do it yourself Docker Docker MAMP Docker Swarm Doctor Who Doctor Who Paradox Doctor Who Review Drobo Drupal Drupal Themes DVD E-Books E-Readers Early Computers Election Hacks Electric Bicycles Electric Vehicles Electron Emdebian Encabulators Energy Efficiency Enterprise Node EPUB ESP8266 Ethical Curation Eurovision Event Driven Asynchronous Express Face Recognition Facebook Fake News Fedora VirtualBox File transfer without iTunes FireFly Flickr Fraud Freedom of Speech Front-end Development Gallifrey git Github GitKraken Gitlab GMAIL Google Google Chrome Google Gnome Google+ Government Spying Great Britain Heat Loss Hibernate Hoax Science Home Automation HTTP Security HTTPS Human ID I2C Protocol Image Analysis Image Conversion Image Processing ImageMagick In-memory Computing InfluxDB Infrared Thermometers Insulation Internet Internet Advertising Internet Law Internet of Things Internet Policy Internet Privacy iOS Devices iPad iPhone iPhone hacking Iron Man iTunes Java JavaScript JavaScript Injection JDBC John Simms Journalism Joyent Kaspersky Labs Kindle Kindle Marketplace Lets Encrypt LibreOffice Linux Linux Hints Linux Single Board Computers Logging Mac Mini Mac OS Mac OS X Machine Learning Machine Readable ID macOS MacOS X setup Make Money Online March For Our Lives MariaDB Mars Mass Violence Matt Lucas MEADS Anti-Missile Mercurial MERN Stack Michele Gomez Micro Apartments Microsoft Military AI Military Hardware Minification Minimized CSS Minimized HTML Minimized JavaScript Missy Mobile Applications Mobile Computers MODBUS Mondas Monetary System MongoDB Mongoose Monty Python MQTT Music Player Music Streaming MySQL NanoPi Nardole NASA Net Neutrality Network Attached Storage Node Web Development Node.js Node.js Database Node.js Testing Node.JS Web Development Node.x North Korea npm NVIDIA NY Times Online advertising Online Community Online Fraud Online Journalism Online Photography Online Video Open Media Vault Open Source Open Source Governance Open Source Licenses Open Source Software OpenAPI OpenVPN Palmtop PDA Patrick Troughton Paywalls Personal Flight Peter Capaldi Phishing Photography PHP Plex Plex Media Server Political Protest Postal Service Power Control Privacy Production use Public Violence Raspberry Pi Raspberry Pi 3 Raspberry Pi Zero ReactJS Recaptcha Recycling Refurbished Computers Remote Desktop Removable Storage Republicans Retro Computing Retro-Technology Reviews RFID Right to Repair River Song Robotics Rocket Ships RSS News Readers rsync Russia Russia Troll Factory Russian Hacking Rust SCADA Scheme Science Fiction SD Cards Search Engine Ranking Season 1 Season 10 Season 11 Security Security Cameras Server-side JavaScript Serverless Framework Servers Shell Scripts Silence Simsimi Skype SmugMug Social Media Social Media Warfare Social Network Management Social Networks Software Development Space Flight Space Ship Reuse Space Ships SpaceX Spear Phishing Spring Spring Boot Spy Satellites SQLite3 SSD Drives SSD upgrade SSH SSH Key SSL Stand For Truth Strange Parts Swagger Synchronizing Files Telescopes Terrorism The Cybermen The Daleks The Master Time-Series Database Tom Baker Torchwood Total Information Awareness Trump Trump Administration Trump Campaign Twitter Ubuntu Udemy UDOO US Department of Defense Virtual Private Networks VirtualBox VLC VNC VOIP Vue.js Web Applications Web Developer Resources Web Development Web Development Tools Web Marketing Webpack Website Advertising Weeping Angels WhatsApp William Hartnell Window Insulation Windows Windows Alternatives Wordpress World Wide Web Yahoo YouTube YouTube Monetization