After creating a temporary GitHub account in my post about GitHub Pages Hijacking, my account was suspended, leaving me in a restricted state, unable to even delete the account.
During the verification process, my new test account got flagged and couldn’t add the custom domain. I had to switch to an established GitHub account that appeared more trustworthy…GitHub probably didn’t appreciate the email alias, hopping off and on VPN, and trying to overtake a custom domain on a newly created account…
Still, out of curiosity I decided to take the opportunity to learn more about GitHub’s abuse detection and common privacy resources…
Visiting the profile from a private window showed a 404:
Definitely flagged. Wanting to close the account properly, I tried to delete it:
Even with TOTP configured, GitHub insisted on verifying a phone number:
I decided to double down and turned to textverified.com to pass the SMS check with a temporary number:
Finally, I created a ticket and waited eagerly for a response.
This was the response I received:
Hi there,
Thank you for contacting GitHub Support.
Our abuse detecting systems flagged your account because of the email address you used to register the account. Before we can remove the flag we need you to add and verify a personal, non-disposable, non-aliased email address.
You can add an email address by following the steps here:
https://docs.github.com/github/setting-up-and-managing-your-github-user-account/adding-an-email-address-to-your-github-account
…and you can follow these steps to verify it:
https://docs.github.com/github/getting-started-with-github/verifying-your-email-address#verifying-your-email-address
Once more, we’ll need you to remove the current email address from your account.
To clarify, we don’t need anything ‘traceable’ to you, feel free to use protonmail or tutanota etc. (just examples, we don’t have any particular recommendation here) it just can’t be a “throwaway” or temporary domain for security and deliverability reasons. You are also welcome to connect to GitHub using a VPN or TOR node if and as you wish.
Let us know when you’ve completed these steps and we’ll be happy to review your account again.
Github support,
I thought it was really interesting that they cite the email alias as the main reason for suspension, and don’t seem to care about the other factors. This is in stark contrast to Instagram, which in my experience, will suspend an account instantly for registering over VPN, but are totally fine with email aliases. Not only this, but Instagram requires much more intrusive means to recover a suspended account, like facial scans and ID verification. This was the first time I’ve had disruptions arise because of using an aliased address.
Due to the nature of these two platforms, the vast majority of GitHub users are tech savvy, while Instagram aims to attract as many people as possible across all sectors and lifestyles. Therefore I would imagine that if someone is using a VPN exclusively to access GitHub, they’re more likely to have legitimate privacy reasons; the average Instagram user is far less likely to consider registering a new account over VPN, so such traffic is more likely to be related to abuse from Instagram’s perspective. Instagram profits more greatly from user data though advertising and by optimizing the user experience (minimizing unauthorized bots and abuse).
These considerations do make me curious to learn more about Apple’s privacy features like iCloud Private Relay and Hide My Email, as these are making digital privacy much more common among the average user. I assume platforms have been forced to create exceptions to allow Apple’s services as they’ve become more popular, or risk losing users.