February 26, 2026

GitSpam hits your commits

Article URL →HN comments →

Tell HN: YC companies scrape GitHub activity, send spam emails to users

YC startups mined GitHub for emails — users cry foul, others shrug

TLDR: A developer says YC-backed Run Anywhere and Voice.AI mined GitHub activity to send cold emails and has notified GitHub and YC ethics. Comments split between “meh, just spam” and privacy/legal outrage under Europe’s GDPR, with veterans calling it old news and others warning AI will turbocharge inbox creep.

Hacker News lit up after a dev claimed YC-backed Run Anywhere and Voice.AI are scraping GitHub activity to blast cold emails. The pitch? “Saw your commits, you’ll love our product.” The mood? Split. One camp calls it creepy and possibly illegal under GDPR (Europe’s privacy law) because nobody consented. Another camp shrugs: it’s spam, not a scam — annoying, yes, but hardly new. As neya quipped, they’ve seen worse.

pscanf captured the dilemma: your email sits on GitHub for teammates, not sales bots — but is it actually illegal? ValentineC poured cold water on the “commit scraping” drama, guessing these companies are just using existing marketing lists, not fancy code sleuthing. armchairhacker dropped receipts that this beef is ancient history with threads from 2015 and 2019, basically: GitHub has long been a marketing buffet. Meanwhile, ChrisMarshallNY waved the “meh” flag — they get hundreds of junk emails daily and think this is targeted spam, but warned AI could crank the volume to 11. The memes? “GitSpam,” “git push unsubscribe,” and “GitHub is LinkedIn’s messy cousin.” The OP says they’ve contacted GitHub and YC Ethics; everyone’s now popcorn-ready for a response.

Key Points

  • The author received an unsolicited marketing email from Run Anywhere, a YC W26 company, referencing their GitHub profile.
  • They also received multiple similar emails from Voice.AI, an AI company not affiliated with YC.
  • The author believes these companies scrape GitHub activity and use commit metadata to find email addresses and target contributors in relevant domains.
  • The author notes that recipients include individuals covered by GDPR and that the emails were sent without prior consent.
  • Complaints were submitted to both companies, and the author contacted GitHub and YC Ethics; no responses had been received at the time of writing.

Hottest takes

“This is atleast fine as it’s just spam” — neya
“I wonder if what they’re doing is actually illegal” — pscanf
“There are likely marketing email datasets floating around the internet” — ValentineC

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.