Privacy Issue #3137
Github cli is a privacy issue since it connects to github server
I'm wrong or github cli is a privacy issue? It connects to github servers and dosen't work without auth using github.
Updated by bill-auger about 1 year ago
- Priority changed from bug to discussion
connecting to a server is not a privacy concern generally - iceweasel connects to github.com also - both are clients for the same web service - the only real difference is the format(s) of the data exchange - the involved parties, the communications, and the actions are the same; and none of them happen unless the user initiates the connection (eg: starts the github CLI client, or types 'github.com' into a web browser) - IIRC the client, without credentials, can access the same information from github.com as a web browser without a login could - an API key is required only to view private data, and initiate destructive actions
every networking program connects to some other computer - the same could be applied to most communications tools, git itself, and so on - is github specifically known to be less privacy-respecting than other websites?
formally, it would be an FSDG freedom-bug, if communications are made without the user's knowledge or consent - that is probably not how this program works though - IMHO, there is no imperative privacy issue if all communications are initiated by the software user, and no mystery codes are returned from the server to be executed blindly by the client - extended privacy concerns are usually left up to the community - for example, nonprism could be made to conflict with it, if people like that idea?
AFAIK, the github CLI tool uses the github public API; so that CLI-oriented people can interact with github without a web browser, and without downloading or executing any code from the server - all code is local (eg: packaged for distros) and freely-llicensed - these CLI clients for complete APIs have the ideal properties for libre networked computing, WRT any web services IMHO (only data is ever sent over the network, and only in response to an intentional user request)