Back

This is the final straw - I'm leaving GitHub

This is the final straw - I'm leaving GitHub

2 Apr 2026, 1:29 PM

I have hosted code on GitHub for a long time now.

I guess it’s the standard. You can’t really be an open source software dev/contributor without using it.

But there are a few problems. Like GitHub itself isn’t open source, despite them apparently being pro-foss. Also there is some stuff about training AI on your code. Also… they’re owned by Microsoft and have a contract with ICE.

So… not the best platform.

Why do I use it? Well… I guess I’ve been using GitHub for years and just haven’t had the time to migrate away. Until now.

What happened

On Sunday last week, I went to look at a PR I created. I went to the repo, and half the PRs were just gone. I contacted the repo owner and they had no idea.

Screenshot of a Signal conversation. I ask the repo owner 'did you delete the PRs in [redacted]?' at 11:40 am. The repo owner replies 'wdym delete?' They then respond: 'no i only merged', 'uh no', 'i never delete prs', 'thats really weird'.

I looked into it further and it looks like you cant delete PRs without contacting support. So they probably weren’t deleted.

I decided it must be some GitHub outage or something. I mean they did have only like 90% uptime or something in the last 90 days.

Oh well I’ll just give it time.

Later that day I went to log into the malware analysis platform Triage. I clicked the log in with GitHub button, and it redirected me to the GitHub homepage with this notice

GitHub homepage with notice saying "This account is flagged, and therefore cannot authorize a third party application."

I also noticed that my homepage was looking a bit empty

GitHub homepage with pull requests and issues section empty

I did some research and it looks like my account had been flagged for spam. I don’t really think I was spamming…?

The result

So basically all my contributions, profile, and repos were hidden from public view. So if you go to my profile, it’s just a 404 page.

I also couldn’t fork repos or view my followers/following.

Wonderful… I was actively collaborating with people on projects. This makes it a bit hard to do.

OAuth

Oh yeah… and I can’t OAuth with GitHub anymore. This was my main issue with this suspension. Some tools only provide OAuth with GitHub/other providers, or I was just too lazy to use a username/password. I have 80 apps set up with GitHub OAuth. EIGHTY apps I can’t log into anymore.

Also my OAuth apps are disabled. I was trying to DEMO SOMETHING, and the log in with GitHub button just 404ed?? That was really awkward, but luckily I had another way of authenticating.

The link shortener for my website (l.ingo.au) used OAuth with GitHub. That means I can’t shorten links/edit my shortened links. And I can’t push changes to it because Vercel was revoked access to my GitHub account. I have to DIRECTLY MUTATE THE DATABASE to use my link shortener.

Also, this blog. I use Sanity CMS as my CMS for this, and log in with GitHub. I couldn’t even complain about GitHub on my blog! Shoutout to the Sanity support team for responding promptly and helping me move to email/password auth, in under 4 hours.

Oh and I had an active Tailscale subscription I was planning to cancel, and I logged into Tailscale with GitHub. I was able to contact support and get it canceled. But because of how Tailscale handles auth, my account is tied to my GitHub account and can’t be migrated away. So I guess I’m setting up all my devices again in a new org, using an OIDC provider I CONTROL.

Let me list all the things I’ve lost access to:

  • My link shortener
  • Sanity CMS
  • Convex
  • Cerebras
  • CodePen
  • CodeRabbit
  • Groq
  • HACS
  • Tailscale
  • Multiple friends’ websites/guestbooks
  • All the side projects I’ve been working on where I have only added GitHub OAuth

I now have to email all of these companies and tell them to convert my account to some other authentication method, or at least request my data.

Moving away

Well… I was going to move away at some point so might as well do it now.

I decided to move to GitLab, because I had used it at work before, and it basically matches the features that GitHub had.

I tried to migrate everything over, but I couldn’t OAuth. This means I need to:

  • Click import > Repo URL
  • Paste the URL in
  • Type my username
  • Copy my PAT from my password manager
  • Click import

For EVERY repo. All my 80 repos. At least I don’t have many more than that.

I’m already liking GitLab better. For example, the GitLab homepage is so. much. better. Compare the two:

An annotated screenshot of GitHubAn annotated screenshot of GitLab

I just find a lot of the stuff I do is a lot nicer in GitLab than GitHub.

For example, if I run gh repo create I have to go through about 10 prompts, I believe 2 of which are blocking on network requests. With GitLab, I can run glab repo create, and it just creates the repo, adds it as a remote, and pushes the changes, no questions asked. I can use arguments, which are better in most cases compared to interactive prompts.

And yes I know, gh supports arguments as well, but the fact that GitLab just does it automatically by default is just SO MUCH BETTER.

Takeaways

Remember, your online accounts can be banned at any time. It could be for literally any reason. Most terms of services include something about account termination/suspension. Have backups, things you can fall back to.

I can’t import all my repos from GitHub to GitLab easily at the moment because I can’t authorise third party apps. I have to do it manually for each repo. If I had switched to GitLab earlier, this wouldn’t be an issue.

And yes I know, GitLab could ban my account as well. That’s why I plan to keep backups. GitLab has a feature where you can mirror repos.

And don’t use OAuth if you can avoid it. Yes, even Log In With Google. Google can ban your account (content warning for link: NSFW mention), and they do not have a good track record of recovering accounts.

A lot of the pain this has caused is because I was too lazy to use my password manager.

I will be writing a blog article at some point going more in depth about OAuth.

My new GitLab profile is ingowolf.

So… yeah I would recommend moving off GitHub

- Ingo

Update (3rd April)

I believe this was because of me having an inactive alt account previously used at school, which is against the terms of service. I still think this could have been handled better.

For example, they could have flagged the inactive account, rather than the one that was actively being used to work on projects, and the one that had ID verification through the GitHub student program.

They could have also just not suspended OAuth, which would reduce the impact quite a lot.

I understand moderation on this scale is hard, but I still think the team handling this could have considered the impact of disabling OAuth.

Also from what I’ve heard, the support team is very slow (multiple months) at responding to reinstatement requests. I am not sure how many they get, and it’s likely a lot. But I think they could benefit by using AI. Just to review requests (not to actually un-flag accounts), along with flagged accounts’ content, to decide how important a support request is, or if it’s just spam.

Update (7th April)

GitHub responded sooner than I expected and un-flagged my account. That evening I went to migrate to GitLab and the account was flagged again. I responded, and today got it un-flagged again. Hopefully it stays un-flagged. I have migrated my stuff to GitLab though, just in case.

Ingo Wolf
EmailGitHubSignalContact
Pages
HomeProjectsBlogContactGuestbook
This website is open source
Webrings
PreviousultrafastparrotNext
PreviouscatppuccinNext
Previouspage ringNext
88x31 Buttons

Command Palette

Search for a command to run...