Github managed to provided search to free anonymous users since its inception in 2007, to mid-2023 when they introduced this new code search.
I would submit that this change is entirely business-related: it's a power-play to make people create accounts and stay logged in so they can track you better. It is not that they cannot afford it, it is that they are enshittifying the service to further their interests.
If they were really worried about money, they could lock it down completely so only paying customers could use the service at all... and then they'd lose a huge chunk of customers and lose all the prestige they build in convincing a huge pile of the world's free/open source software to use them as their hosting. So they don't do that - they keep all the prestige and the network effects by seeming _quite_ open, but they'll lock down _parts_ of the experience to try and force specific behaviour.
> you should probably at least accept that service providers can and do change things like this.
Indeed, you should. It should serve as a wake-up call that other people's services/platforms aren't under your control, and you can't rely on them to meet your needs.
As a fairly recently departed GitHub employee, I know with certainty that this change is primarily related to abuse. The search infrastructure (both old and new) is complicated and expensive to run, and anonymous search was abused at a remarkably large scale. DDoS against the anonymous search service was a big problem, but another was the presence of many very large search botnets that constantly scraped the site for secrets and other confidential data inadvertently made public. Long time users might remember that anonymous search was aggressively rate-limited on a per-IP basis, but the size of the search botnets grew to a scale that made this ineffective.
My personal opinion is that most enshittifying changes on GitHub are due to the proliferation of middle managers who are evaluated almost exclusively on speed-shipping net-new features at the expense of maintenance and incremental improvement of existing features.
They claimed the new search requires logins due to performance reasons... they have no reason, other than they want to use both the carrot and the stick in driving signups and logins, to take away their existing search, the one they didn't have a problem offering for 16 years, completely.
I didn't say they were lying. It can be true that their new search is better but costlier to run. They can focus on that in their PR, along with how shiny and new the shiny new search is, to distract you that they are removing anonymous search and making the site worse.
Nobody made them turn off the old search, they chose that, and they bundled the two together in one PR push.
Fancy new search = carrot. Remove anonymous search = stick. Carrot and stick work together to drive more signups, more logins, more data tracked, more data sales, more money.
I completely understand where they're coming from.
Maintaining two separate search stacks for different user groups sounds like a nightmare. Multiply that by every feature that increases in complexity enough to bubble up on the cost-center metrics, and it for sure makes sense to prune complexity at the cost of secondary-feature functionality for anonymous requests.
Besides all of that - Github has zero obligation to provide Free services to users, let alone non-users.
The person you are responding to doesn't even want to make a free account yet expects to be able to use all of Github's services for free. That's some wild entitlement.
> The person you are responding to doesn't even want to make a free account yet expects to be able to use all of Github's services for free.
To be fair, definition of free depends. OPs argument was that they pay with data. That is not free if you think that you lose something. It is different question do we value it similarly.
Sure, and if they don't want to pay with data, then they don't get to use the free search. While I don't love it, it's well within GitHub's rights to set those terms. They pay the bills, they get to decide who uses it, and how.
The real problem is that a company like GitHub (now owned by Microsoft, of all companies, sheesh) has a strongly market-leading position in the idea of "publicly-hosted git repositories". Even if they were giving away everything fro free, and not tracking users, that would still be concerning.
That's not accurate. GitHub is still getting lots of data from people without accounts, and providing open access helps them get more users in general.
If we have to do a restaurant analogy, it's like going to a restaurant (buffet?), opting out of premium, and still wanting access to a particular food item. It's not automatically ridiculous.
The OP is literally standing outside the restaurant looking through the window and complaining about not being allowed to eat for free.
> GitHub is still getting lots of data from people without accounts
This doesn't matter. If you want code search, you must log into a free account. Why is this controversial? Github isn't a charity - they don't exist to benefit freeloaders that won't even create a free account. Life doesn't need to be this hard folks...
you two both have missed the obvious that recently it was deemed legal to scrape public sights, and GH has all the code, and other code based AI tools need training.
The parent complaining about creating a free account can just keep complaining, or create one, I don’t care. But this nonsense about cost for search is not the issue.
It's like going to a museum that houses all the world's great treasures because it's funded by billionaires and they outbid all the smaller, shabbier publically-owned museums that _could_ be housing them in their own countries.
The treasures belong to humanity, not the museum, but they get the honour of hosting them, and that glory reflects on their reputation (which they use to sell commercial artifact-hosting services).
Entry is completely free, and for 16 years they gave you a map as you entered. But now some marketing genius has decided you don't get a map unless you give them your name and address and join their "friends of the museum" marketing programme.
These are not good signs for someone who wants to be custodian of the world's great treasures. I would argue it would be better for the world if the treasures were housed in local museums instead.
> Github has zero obligation to provide Free services to users
If they didn't, most (all?) of the major OSS projects that use them would have to find an alternative.
Those major OSS projects are why Github is the "central" OSS hosting place.
If they move on, then it's unclear if GitHub would remain all that central after a few years. "Probably not" is my thought, though I could be wrong. :)
I have an account but github with forced 2fa is annoying to login with when I'm logged out. When your in the middle of something and suddenly have to go through a login flow, password manager, 2fa, just to look something up, maybe small, but I find it annoying
One day I’m going to share stories here of how the "Columbia House Record Club" worked to watch people assume the foetal position and rock themselves to horrified sleep.
I don’t begrudge them requesting an authorized user account for some cases. YMMV. They balance this against allowing more open access to other projects, features and functions. Their balanced approach seems reasonable.
> it's a power-play to make people create accounts and stay logged in so they can track you better
Github doesn't even serve ads. What exactly are you worried about? Your throwaway email being primary key #78,000,000 and having your visited repositories stored in another table?
It's a change in direction, one by one these things change, one day, there are Ads, or your github repo search journey is being used to train the AI programmer to replace you in those very libraries and repos you develop expertise in.
There's no good to come of requiring people to log in for the consumer. Online Tracking is never good for the consumer.
Yes. Microsoft is already siphoning data everywhere they can, why should I give them more?
Most people have their real name and e-mail there because they use it to sign code in trusted repositories, so it's easy to combine these data with other sources.
Microsoft serves ads though. I haven't looked through the terms and conditions, but I'd be amazed if it wasn't permitted for GitHub to give whatever they can glean from your data to their corporate overlord.
> Affiliates: Personal Data may be shared with GitHub affiliates, including Microsoft, to facilitate customer service, marketing and advertising, order fulfillment, billing, technical support, and legal and compliance obligations. Our affiliates may only use the Personal Data in a manner consistent with this Privacy Statement.
I've never had any success creating a GitHub account with a throwaway email address.
The last time I tried, I'm pretty sure the email address was rejected right away, and the account couldn't be created.
Not being able to reasonably create an account there is certainly annoying when it comes to performing simple searches.
It has also prevented me from submitting new bug reports and adding information to existing bug reports for a number of open source projects over the years.
I'm always disappointed when I see an open source project using GitHub, because it makes contributing to that project more or less impossible.
I deleted my account and moved my stuff when Microsoft took it over, and never looked back. A project on Github is a project i will not interact with. People have very short memories.
Personally, I don't think this is a valid case of enshittifying. Products that you pay for that loses features or break or become more painful to use are enshittifying.
A free feature that stays free but requires you to make a free account (no credit card needed), I can see at least one very valid reason: if the feature heavier than a simple page (which is the case here), then it's an open door for DDOS attacks. Being able to track and ban/block the users that appear to participate in such an attack is totally valid.
The alternative is having to do captchas and the like to use those features anonymously, which is a pain both for user and for the devs/UI, and does feel more like the overall enshittification you are mentionning (even if it's a valid reason)
> The alternative is having to do captchas and the like to use those features anonymously
This is not the case. You may have noticed that Google Search, Bing, etc. don't require login or captcha to do a search. Billions of people use this search daily. And yet, they will throw a captcha at you, or even just say "you're a bot, stop bothering us" whether you're logged in or not, if their signals have detected what they consider abuse.
Clearly, their signals are not as naive as "anonymous user, require captcha / logged-in user, no checks required". Preventing DDOS != requiring login.
They like you logged in because they can add more data to their verified user identity and activity datasets and sell them for more money. They already make enough money to run the service despite all the anonymous usage, but they'd like more money, you see.
Github managed to offer anonymous search for 16 years before one day Microsoft took it away. Do you think it was due to DDOS attacks, or do you think it was a power-play to attract more sign-ups and logins?
> They already make enough money to run the service despite all the anonymous usage, but they'd like more money, you see.
How mighty of you, a freeloading user in this specific situation, to assert Github has made "enough" money and therefore should offer you services at their own expense... you know, because you want it and therefore are entitled to it.
> Github managed to offer anonymous search for 16 years before one day Microsoft took it away. Do you think it was due to DDOS attacks, or do you think it was a power-play to attract more sign-ups and logins?
So what's the issue here, really? Make a free account and move on with life. Or clone the repo and search it locally if you need to. Or decide to take some principled stance and refuse to work with projects hosted on Github. It's your choice.
It’s Microsoft, one of the most successful companies in human history. A poorly formed moralistic argument about “entitlement” is absurd. They certainly feel entitled to every aspect of my life, as do most other Fortune 500 companies, I think I can safely desire not needing to log in during a damn search.
So again, because Microsoft has more money than you do, it entitles you to their services for free?
Where else in life does this logic apply?
Perhaps you waded into a conversation without even understanding the core complaint. You can search on Github without a user account, entirely for free. However, they do not provide context-based code search to non-users, despite it still being free.
If for whatever reasons you cannot possibly be bothered to create a free user account out of some irrational fear Github will sell your codebase search history to advertisers (laugh out loud, literally), then you don't get to use that feature. Clone the repo and search it yourself, or find a different deep-pocketed service that lets you mooch everything for free.
tldr; Why are freeloaders always the loudest complainers?
> The general idea of imposing more user-friendliness on very large corporations is not a bad one.
This is not a "user-friendliness" issue by it's very definition. The OP is not even a user!
> "more money than you" is a pretty crazy strawman of the actual comparison they made.
Perhaps you didn't read the conversation. The parent literally made the argument that Microsoft (ignoring that Github is a separate company) has plenty of money and therefore should provide this service for free even to non-users.
The service is free. A user account is free. It doesn't get more simple than this.
The naivety to believe the lack of a Github account somehow safeguards your browsing data is as hilarious as it is sad. Further, believing the creation of an account and searching code repositories somehow results in more ads is beyond hilarious.
This entire thread is pure insanity. Life doesn't need to be this difficult people. Create a throwaway account if you are so worried... or find some other service. You are not owed anything by Github - yet despite that they have made it trivially easy to benefit from their services at no cost to you.
> This is not a "user-friendliness" issue by it's very definition. The OP is not even a user!
They don't need an account to be a user, as you seem to acknowledge later in your comment: "The naivety to believe the lack of a Github account somehow safeguards your browsing data"
> Perhaps you didn't read the conversation. The parent literally made the argument that Microsoft (ignoring that Github is a separate company) has plenty of money and therefore should provide this service for free even to non-users.
They said "one of the most successful companies in human history".
That has nothing to do with the parent's amount of money. It's not a human-comparable amount of money.
If the company had ten million dollars the parent wouldn't be making the same argument about size.
> This entire thread is pure insanity. Life doesn't need to be this difficult people. Create a throwaway account if you are so worried... or find some other service. You are not owed anything by Github - yet despite that they have made it trivially easy to benefit from their services at no cost to you.
I have an account. That doesn't change how companies should work. And I find no "difficulty" in having a little discussion.
> You are not owed anything
Yeah I am. They make mass market money and they use public infrastructure. If the population wants to impose rules on them, the population gets to. Like forcing them to pay taxes. That's money they owe me indirectly.
I don't get to make the decisions on my own, but I can say if I think a theoretical rule would be good.
For the last seven months, Google has pushed every non-login search from my house network through a captcha; the image captcha is typically five to infinite repetitions. Audio captcha works after a single run-through, except that it is frequently "unavailable" now.
I don't know why. Google won't tell me. They just started doing the same for YouTube: "Please login because we have detected malicious behavior from your network".
I know I'm not DDOSing them; I can see all our network traffic. They're just encouraging me to avoid using them.
You're probably blocking ads or blocking tracking in some fashion and denying them signals their naive models use to evaluate whether you're bot-or-not. It could be somewhat intentional but I'd lean towards it being an edge case they just don't care to address.
In my case, they block me on IPv6 since I use a Hurricane Electric IPv6 tunnel. It certainly used to be the case that my IPv6 connectivity was better and more performant down the tunnel than using my ISPs native IPv6. I have no idea what the situation is today.
My solution was to use a filtering DNS that always returns no AAAA records for domains ending in google.com. This works great and essentially solves the problems. I have to do the same for various netflix domains as well.
I'm dreading having to switch over to native IPv6 -- I don't even know how many /64s will be allocated to me (and how stable they will be).
I feel this. Recently _some_ company, I have no idea which, has decided my IP is malicious and refuses to serve my requests. This has effectively banned me from a few websites, including a government service I pay taxes for.
As far as I can tell, mainline web search engines are mostly serving cached/canned responses these days. They get updated periodically but it's not the same as the late 90s or early 2000s when every search was run against large-scale content indexes. You can occasionally stack keywords or form unique enough queries that you force the engine to do real work, but getting this right seems to get harder and harder over time and their pool of content that's indexed seems to be broad but shallow now.
GitHub code search is still doing real searches and so is much more expensive to run.
> You may have noticed that Google Search, Bing, etc. don't require login or captcha to do a search.
Are you saying you want adds in GitHub search's results? Google, Bing, etc. make money showing you adds. Adding barriers of entry is much less in their interest. Their budget to optimize the search engine is likely much bigger than GitHub's one.
The entire point of Google Search is to take in everyone, serve ads, and drive people to use other Google properties. Every user that has to jump through hoops in order to access Google Search is a net loss for them.
GitHub doesn't really care all that much if random anonymous users can use their search. Anon users can view source trees, wikis, etc. and check out code, which is more than enough for most people.
> Do you think it was due to DDOS attacks, or do you think it was a power-play to attract more sign-ups and logins?
I think you and I don't know anything about what's going on there internally. I'm usually quick enough to assume the worst about actions Microsoft (of all companies!) takes, but even former GitHub employees have commented here that the new search system is much more resource-intensive than the old, and bots and scrapers were causing real problems. I choose to believe people who seem credible instead of playing the cynic and assuming everything is done with evil intentions and that everyone is lying to me.
Sure, they could build a big sophisticated system to figure out who to serve CAPTCHAs to, or who to outright ban, but why spend the time and money on that when they can just require a login, and the people they care about won't really care.
And sure, this move very well might drive some new signups. Maybe that's a net win for them. So what?
It raises the question of what will they hobble or take away next to fatten their bottom line. Will they continue to be good custodians of the real treasure, which is the projects that they host?
You may remember SourceForge was a popular hosting site. Ultimately, what caused a mass exodus was that they decided to let malware creators pay them money to wrap around the installer packages of the software they were hosting.
If you're not hosting your own project, there is always this risk. Question the motives of someone who offers to host your stuff "for free" ... and then alters the deal some point down the line.
Of course, they could have kept the old search (without advanced filters) open, but there is at least a sensible explanation why the new search requires being signed in.
I would submit that this change is entirely business-related: it's a power-play to make people create accounts and stay logged in so they can track you better. It is not that they cannot afford it, it is that they are enshittifying the service to further their interests.
If they were really worried about money, they could lock it down completely so only paying customers could use the service at all... and then they'd lose a huge chunk of customers and lose all the prestige they build in convincing a huge pile of the world's free/open source software to use them as their hosting. So they don't do that - they keep all the prestige and the network effects by seeming _quite_ open, but they'll lock down _parts_ of the experience to try and force specific behaviour.
> you should probably at least accept that service providers can and do change things like this.
Indeed, you should. It should serve as a wake-up call that other people's services/platforms aren't under your control, and you can't rely on them to meet your needs.