Not what they were looking for

New GitHub search faces technical difficulties following privacy outcry

Elliot Bentley

A high-profile new search feature on GitHub has been plagued by technical and security problems.

An ambitious new search feature on code hosting site GitHub has been plagued by technical and security problems after a high-profile launch earlier this week.

Initial reaction to the new search infrastructure, which live-indexes every line of code hosted on the site, was positive.

However, many were soon pointing out that private passwords and security keys accidentally uploaded to GitHub were now easy to find.

At the time of writing, GitHub’s search function has been experiencing technical difficulties for over 17 hours, preventing searching of code (but not repositories or users). It is unknown if this downtime is related to the controversy surrounding exposed private details, or simply teething troubles. (Update: Zach Holman of GitHub told JAXenter via Twitter that “they have nothing to do with each other”.)

Also unknown is whether GitHub can find a method to prevent this information from showing up in search results. In the meantime, those wishing to remove sensitive information from their existing repositories should check out this handy guide.

It’s the first blot on GitHub’s otherwise stainless record (besides frequent outages), which include successful launches of its Gist snippet-hosting system, ‘command box’ functions and pretty graphs. Last year it received a whopping $100m investment from Andreessen Horowitz, and more recently passed the three million user mark.

This event serves as another example of just how dangerous powerful search tools can be in the wrong hands. Last week, Facebook’s search tool was similarly criticised for making it easy to find potentially incriminating personal information that was already publicly available.

Inline Feedbacks
View all comments