I did not know this. I’ve know for a while that Github was a huge information gathering organization. I was once doing a search, and clicked on a github link, at the top of the page, in big bold numbers, was my ip address, followed by every website I had been to for the last three months, and how many times I had been there. Public facing server. That was either through Firefox, or Ublock Origin, or Safescript. Or perhaps all three. In any case, github has 57 Million repositories, including 28 million public repositories. Now Microsoft owns it all. Github has the persona of being friendly and helpful to the little guy. But spend a little time and do a little research. Start with wikipedia
Interesting - I did not know this either.
Microsoft or Google or Facebook buying anything always has a sinister ring to it but on the face of it this seems to be motivated by business/financial reasons. I can’t imagine that the deal means anything much more than MIcrosoft acquiring the servers and collecting up the fees for private repos. Open source is open source. Not like Microsoft can rewrite the open source licence
Github is a community first and foremost and you can’t buy a community - and the moment they start interfering or controlling source code, developers and users alike will vote with their feet and walk and Microsoft say bye bye to their profits.
As far as information gathering - no doubt they collect up as much info as any other website, the amount of traffic I suppose may give them an edge but I can’t imagine what sensitive information people are plugging into Github - for me it is nothing more than a repository to access the tools I want to try out as a security hobbyist.
And yet I am sure it’s no coincidence that any OSINT tool worth its salt has a Github module… would love to hear if anyone in the security community has some insight as to what is of any real value there? I always just imagine it’s there so security developers can pwn that annoying guy they met at that conference last year who over time has become a nemesis of source LOL
See what I did there?