Try it for yourself: spoof.krypt.co
How does it work?
[user] name = Ben Bitdiddle email = firstname.lastname@example.org
when you click on it will take you to their real GitHub profile.
Next time you see a commit on GitHub from Ben -- don't trust that Ben actually authored it.
How can do prove that my commits are really mine?
Anyone can set the “author” of a Git commit to any value.
To prove that you authored a commit you must attach a digital signature to it.
The only way someone knows it was really your commit is to verify the commit's signature.
GitHub supports verifying & signing Git commits
Check out this signed commit: kryptco/kr@0cca333.
If a commit doesn’t have a green “Verified” badge, then it could have been authored by anyone!
GitHub verifies signed commits, and Krypton makes signing commits easy.
Get your green verified badge, https://krypt.co.
Let's see some well known forgeries...
Anonymously Forged Commits
Browse all of the forged commits from the community here! https://github.com/git-forge/fraudulent/commits/master