Is this going to be abused?

[searls]

As it is, GitHub's user data is such a juicy target for—among other people—recruiters, that it's forced GitHub to be pretty protective of e-mail addresses (default to hiding them in the profile, no longer providing them when granting basic OAuth permission, etc.)

The one thing that's harder (impossible?) to change is the e-mail encoded in the actual commits on folk's repos. I don't know what GItHub can or would do to counteract any abuse from automated tools that could be used to mass-scrape people's e-mails, but I worry the net harm/annoyance of this tool in careless hands is enough to outweigh its potential benefits.

What do you think?

[garybernhardt]

I think this kind of abuse is almost guaranteed. I've already had recruiters scrape my email out of commits manually (and admit to it). But that's very rare today. Making commit email scraping seem "normal" will probably make this kind of spam become common.

[tenderlove]

I suggest using the private emails feature on GitHub. Though if you've been contributing for more than a few years the ship has probably already sailed. 😞

[s0md3v]

Yes, it is going to be abused for sure. Well, OSINT guys have been using this trick for a while but this tool made it very easy. You can simply dump email addresses of employees of an organization while enjoying your coffee. I tweeted to @github about it, let's see how it goes.