In all honesty -- and I say this as someone who tends to advocate GitLab over GitHub -- I think they did everything right here.

They implemented spam detection in a way that minimizes the potential impact, prominently notified the affected user, provided a mechanism for solving the problem and did so quickly.

I understand the author's frustration and sympathize, but I'm not sure how much better GitHub could have done here.

Spam detection is far from perfect. The "error" message seemed incredibly friendly (it made me smile), the support guy was nice and as helpful as he could be, and they fixed it right away. Something triggered their alerts, and they temporarily locked down your account. The alternative is thousands of spam bots running amok.

It's not ideal, and maybe a warning would have been nice... however, I feel like GitHub handled it way better than most other sites would. If this happened to me, I would have had no complaints.

I'm always surprised when other people are surprised that these centrally controlled third parties have the ability to control access to data that you give them.

Why is it so surprising and upsetting that something like this occurred? I've always taken the approach that data shared to these types of services are, fundamentally, out of my ultimate control - is this not a common viewpoint?

By using GitHub, or any other service for that matter, you're literally giving someone else your data to manage and are at their mercy. Yes, you'd hope that that service would continue to operate and provide value to you but you do have to take steps to make sure that you have alternatives in place should the worst happen.

The real core of it is what is it that make events like these so intensely surprising and personal to those who experience it?

Finally, I'd have to say that GitHub did everything correctly here, they responded quickly, rectified the fault and gave a reasonable answer.

Ouch. Yeah, it's not good when suddenly everything is disappeared from public view.

So, two comments.

First, GitHub, if you believe an account is not associated with a human, put a banner up on all of their pages, one that _everyone_ can see. For the banner visible to everyone, say something like "We [GitHub] think this account's owner is not human. Please have the account owner log in ASAP, or this page will disappear soon!"

Next, don't forget this this is Git. If you don't have 100% trust in GitHub, then just mirror your repo somewhere else. Spend the 20$ a month to get an account at a web host that supports cron jobs, and run a mirror script every five minutes.

I once triggered this by pasting a very, very long URL into a gist. It's unsettling realizing that your entire identity can be turned off at the flick of a switch.

It's hard to think of a better way to handle this. Github's current behavior is to remove your account from public view until it can be determined your account wasn't compromised. During this time, you can still push to your repos and do any other write operation. Another way to handle this would be to make your account read-only without hiding anything. The latter is objectively worse: imagine suddenly not being able to do anything.

Gitlab is quite pleasant nowadays, so that's an option.

This worries me a bit: I have another github account that is definitely a robot: it publishes documentation on github pages automatically on successful travis build.

There are robots everywhere: for example, the Rust's github repos won't work the same without bors or highfive.

If I remember correctly, the github itself definitely used to allow robots for such use cases.

>Sorry, but we have to keep our spam-detecting tactics hush-hush. If I were to share that information and word got out, it would be like releasing access to some of our security protocols into the big, wide world. I hope you understand.

I don't know much about spam-fighting, so I don't know to what extent this "obscurity" strategy is viable there, but this is at best a bad analogy since the consensus seems to be that security protocols that you have to hide are not good security protocols.

The sudden disappearance is not only annoying to the victim. The last time I saw an account disappear in front of me, I thought that person might be a joker.