- GitHub’s new privacy policy change allows the platform to place tracking cookies on some subdomains, such as resources.github.com.
- Users announced their concerns about the change and reminded the company about its privacy policy change back in 2020 that removed non-essential cookies.
- The updates announced by the GitHub team will go into effect after the 30-day notice and comment period, on September 1, 2022.
The Microsoft subsidiary, GitHub announced that the popular platform will be adding non-essential cookies on some marketing web pages in September. With the new privacy policy change, GitHub will start placing tracking cookies on some subdomains. The platform offered a thirty-day comment period about the change for the developers.
Non-essential cookies
The changes will be effective September 1, which enables the platform to place non-essential cookies on the marketing subdomains, such as resources.github.com. Users criticized the decision since these tracking cookies are shared across multiple websites. Cybersecurity experts state that these cookies can allow third parties to track users’ browsing history and behavior on multiple sites.
GitHub shared a blog post back in 2020 announcing that the platform is removing all non-essential cookies due to its commitment to respecting the privacy of developers using our product. Lucas Garron, Security Engineer of GitHub said,
« We are also committing that going forward, we will only use cookies that are required for us to serve GitHub.com. GitHub has had a long history of prioritizing developer privacy, often going above and beyond any legal requirement, including extending EU privacy protections to all users regardless of location. Developers should not have to sacrifice their privacy to collaborate on GitHub. »
GitHub users heavily criticized the decision. While some users stated that they are considering leaving GitHub, some blamed Microsoft as the company behind the decision. Some users started a change.org petition, stating that the new policy is less transparent and more unclear and confusing, and also breaks the company’s promise back in 2020. Currently, the post announcing the change has 51 likes and 1367 dislikes. The post says,
« GitHub is introducing non-essential cookies on web pages that market our products to businesses. These cookies will provide analytics to improve the site experience and personalize content and ads for enterprise users. This change is only on subdomains, like resources.github.com, where GitHub markets products and services to enterprise customers. Github.com will continue to operate as-is.
This change updates the Privacy Statement based on this new activity.
These updates will go into effect after the 30-day notice and comment period, on September 1, 2022. »