Not what they were looking for

New GitHub search faces technical difficulties following privacy outcry

Elliot Bentley
github-search-whoops1

A high-profile new search feature on GitHub has been plagued by technical and security problems.

An
ambitious new search
feature
on code hosting site GitHub has been plagued by
technical and security problems after a high-profile launch earlier
this week.

Initial reaction to the new search infrastructure, which
live-indexes every line of code hosted on the site, was
positive.

However, many were soon
pointing out
that private passwords and security keys
accidentally uploaded to GitHub were now easy to find.

At the time of writing, GitHub’s search function has been
experiencing technical difficulties for over 17 hours, preventing
searching of code (but not repositories or users). It is unknown if
this downtime is related to the controversy surrounding exposed
private details, or simply teething troubles.
(Update: Zach Holman of GitHub told JAXenter
via
Twitter
that “they have nothing to do with each other”.)

Also unknown is whether GitHub can find a method to prevent this
information from showing up in search results. In the meantime,
those wishing to remove sensitive information from their existing
repositories should check out this handy guide.

It’s the first blot on GitHub’s otherwise stainless record (besides
frequent outages), which include successful launches of its Gist
snippet-hosting system, ‘command box’ functions and pretty
graphs
. Last year it received a whopping
$100m investment
from Andreessen Horowitz, and more recently
passed
the three million user mark
.

This event serves as another example of just how dangerous powerful
search tools can be in the wrong hands. Last week, Facebook’s
search tool was similarly
criticised
for making it easy to find potentially incriminating
personal information that was already publicly available.

Author
Comments
comments powered by Disqus