DEV Community: Livrädo Sandoval

Your GitHub history is being used against you

Livrädo Sandoval — Tue, 31 Mar 2026 13:50:02 +0000

For years we were told that building publicly was the best way to grow as a developer. “Share your code”, “document your process”, “make constant commits”. And yes… all of that works. Until he stops doing it.

Hoy, tu historial en GitHub no solo muestra lo que sabes hacer. It also shows who you were, what you thought and what you believed in… and that can work against you.

Web: https://gitgost.leapcell.app
Repo: https://github.com/livrasand/gitGost

The uncomfortable side of commits

Every commit you make tells a story. Not only technical, but personal.

Recruiters and companies no longer limit themselves to seeing your CV. They review:

What projects have you touched
How you write your commit messages
What technical decisions did you make
How you interact in issues and pull requests

This may seem fair… until it isn't.

Because that context is almost never complete. A commit does not explain:

*if you were learning
*if it was an experiment
*if it was a temporary bad decision
*or if you simply changed your mind later

However, it remains there. Permanent.

Your opinions are also recorded

GitHub is not just code. It's discussion.

Every comment on an issue, every technical debate, every position on architecture... everything is associated with your identity.

And here the problem begins.

Technical opinions evolve. What you defended 2 years ago may seem like a mistake to you today. But on GitHub there is no “emotional context” or “personal evolution.” There are only records.

Even worse:

You may be perceived as conflictive due to a specific debate
As inexperienced by old decisions
Or as rigid for defending something you no longer think about

Your history does not distinguish between growth and contradiction. It only shows traces.

Contribute to the “wrong”

Open source has an idealistic narrative… but the reality is more complex.

What happens if you contribute to:

a project with a controversial philosophy?
a tool that later becomes controversial?
a repository associated with questionable decisions?

Even if your contribution has been technical, neutral or even minimal... your name remains there.

And someone, at some point, can interpret that without context.

It doesn't matter if it was years ago. It doesn't matter if you no longer agree.

It's in your history.

The permanent digital identity

This is where everything converges.

Your GitHub profile becomes a kind of “permanent digital identity”:

*Does not expire

Does not restart *Does not forget

Unlike real life, where you can change, learn and redefine yourself... on the internet everything is indexed, accessible and evaluable.

And that creates a real tension:

*Build in public or protect your privacy?

Be transparent or be cautious?
Experiment freely or take care of your reputation?

So... do we stop contributing?

Not necessarily.

But it is worth questioning the idea that everything must be done publicly and permanently.

There is space for:

experiment without pressure *contribute without full exposure
explore ideas without them defining your long-term identity

In this context, different approaches are beginning to emerge. Tools that allow the contribution to be separated from the personal trace, or at least give the developer more control over what is associated with their identity.

It's not about hiding bad intentions.
It is about recovering something basic: the right to evolve without your technical past haunting you forever.

An uncomfortable reflection

Quizá la pregunta no es si debes construir en público.

Otherwise:
how much of yourself are you willing to leave permanently recorded?

Because in the end, not everything you create today represents who you will be tomorrow.

How to protect your submissions on gitGost using Tor for complete anonymity

Livrädo Sandoval — Sun, 29 Mar 2026 14:51:15 +0000

Hello again!

Thank you again for taking the time to read this. When contributing to open source projects, maintaining your privacy can be essential, especially if your contributions cover sensitive topics or you prefer not to expose your identity or location. gitGost already removes your name, email and metadata in your commits, but there is still one important piece of information: your IP address. How to prevent this last clue from giving you away? The answer is simple and effective: use Tor.

Why use Tor together with gitGost?

gitGost hides who you are at the Git level, but it can't hide where you are on the network. When you connect over the Tor network, your traffic is routed through multiple nodes before reaching the server, which prevents even the gitGost server from identifying your real IP.

This means that your anonymity is reinforced with a double layer: gitGost protects your identity in the repository; Tor protects your footprint on the Internet.

gitGost hides who you are in Git, Tor hides where you are on the network.

Importance of hiding your IP

Even if a system keeps no logs or little data, your IP address is exposed momentarily at the network layer when sending the request. This information may be enough to link you to a contribution, especially if it is a sensitive action.

With Tor, your connection is camouflaged behind a globally distributed chain of nodes, making tracing the true origin virtually impossible.

How to configure Tor to send anonymous commits

On Linux and macOS

Install the Tor package and torsocks to redirect git traffic over the Tor network:

# Install tor + torsocks
$ sudo apt install tor torsocks # Debian/Ubuntu
$ sudo pacman -S tor torsocks # Arch
$ brew install tor torsocks # macOS

Start the Tor daemon:

$ sudo systemctl start tor # Linux
$ brew services start tor # macOS

Verify that your IP is correctly masked:

$torsocks curl https://check.torproject.org/api/ip
→ {"IsTor": true, "IP": "185.220.101.x"}

Finally, push your changes through Tor using git with gitGost:

$torsocks git\
    -c http.extraHeader="X-Gost-Authorship-Confirmed: 1" \
    push gost my-branch:main
→ PR opened as @gitgost-anonymous — server sees Tor exit node, not you

On Windows without WSL

It uses the Tor browser, which runs a local SOCKS5 proxy at 127.0.0.1:9150. Then configure Git to use that proxy:

$git config http.proxy socks5h://127.0.0.1:9150
$git config http.extraHeader "X-Gost-Authorship-Confirmed: 1"

Do the push normally:

$ git push gost my-branch:main
→ PR opened as @gitgost-anonymous — server sees Tor exit node, not you

On Windows with WSL2

Here you can follow the same steps as in Linux:

$ sudo apt install tor torsocks
$ sudo service tor start

$torsocks git\
    -c http.extraHeader="X-Gost-Authorship-Confirmed: 1" \
    push gost my-branch:main
→ PR opened as @gitgost-anonymous

Considerations and limitations

While Tor extends your anonymity, it also comes with some compromises you should keep in mind:

Slower connection: Routing through multiple nodes introduces latency.
Trust in exit nodes: although the content travels encrypted (HTTPS) to the server, the node where your traffic leaves is public.
Operational consistency: Privacy depends on using these tools in a disciplined way, without mixing identities or direct connections.

gitGost does not replace Tor, but complements it perfectly: one protects your identity within the code, the other protects your footprint on the network.

Final reflection on privacy in open source

True privacy is built by adding layers and measurements. Only gitGost reduces personal traces in your commits, but combining it with Tor takes that protection to the next level, hiding both visible identity and location.

For some this level of anonymity may be unnecessary, but for others it means the difference between not participating and being able to do so safely and freely.

In essence, it is about making the world of open source truly accessible to those who prefer to contribute without leaving traces that expose them. Because open source is also for those who choose to remain invisible.

Contribute to open source projects without leaving a trace: a new way to collaborate on GitHub

Livrädo Sandoval — Fri, 27 Mar 2026 17:30:53 +0000

Hello everyone!

Due to conflicts of interest, I had to delete the previous posts, but these days, I will start publishing again some posts related to privacy and security, and how some of my tools can help in that aspect. Also, I would love to receive feedback from you on this software you made, and areas for improvement.

Also, I want to say that for the translation of my posts I use ChatGPT, I do not use it to create my posts, but to translate, the posts are written entirely by me.

Thank you very much in advance for taking the time to visit this post, if you want to see the gitGost website visit this link: https://gitgost.leapcell.app
If you want to see the code, visit this link: https://github.com/livrasand/gitGost

In the world of development, collaboration is key. But what happens when contributing to a project means revealing our identity, exposing us to immutable public history or possible privacy risks? This is where gitGost comes in, a tool that rethinks how we interact with repositories on GitHub, offering a layer of anonymity and privacy that we haven't seen before.

What is gitGost?

gitGost allows any developer to contribute to GitHub repositories without leaving personal footprints. With a privacy-first approach, it requires no accounts or tokens – just a simple command is enough to connect your local repository to gitGost and start pushing your changes. Behind the simplicity, there is a robust system built in Go, which guarantees security, anonymity and ease of use.

Privacy in the foreground

Contributions made through gitGost remove all personal metadata — names, emails, dates, and even IPs if combined with Tor. Pull Requests are automatically created from a generic anonymous identity (@gitgost-anonymous), and all communications are stored minimally, with no personal data, just a counter, the repository name and the URL of the PR.

In addition, gitGost offers the possibility of receiving anonymous notifications about the status of your PRs through the ntfy.sh service, without needing to register or provide an email. This way, you can stay up to date with comments, reviews, and merges without exposing your identity or compromising your privacy.

Simple and flexible collaboration

The workflow boils down to three clear steps: add gitGost as a remote, commit your changes, and push to the remote anonymously. For those who receive feedback, they can update the same anonymous PR using a unique hash provided by gitGost, without storing data or requiring accounts. This makes the contribution as seamless and practical as in the traditional flow, but without the cost of exposition.

Security and transparency

gitGost is built on secure, auditable practices, with built-in validations, contribution size limits, and no unnecessary dependencies. It is licensed under AGPL-3.0 and its code is available for anyone who wants to review it, promoting trust and transparency around how it handles information.

Who is gitGost for?

Developers who value their privacy: Those who prefer not to leave a permanent public history tied to their name.
Collaborators in sensitive contexts: People who need to contribute to possibly controversial or restricted projects without exposing themselves.
Those who want to avoid spam or doxxing: gitGost removes common traces that bots use to collect data.
Those who make minor or quick changes: Sometimes a small correction shouldn't be etched with your identity forever.

Live the gitGost experience

From a simple text correction in a README to opening an anonymous discussion in an issue, gitGost opens a new chapter in open source collaboration: one where your security and anonymity come first, without giving up the convenience and effectiveness of git.

If there is one thing that characterizes the open source community, it is the diversity of voices working together. gitGost expands that diversity by allowing more people to participate, even if they prefer to be just a whisper in the conversation.

Exploring this tool is as easy as adding a remote and pushing. In a world where we increasingly look with concern at how to protect our digital privacy, gitGost represents a ray of hope to contribute freely, without chains.

I will try to publish a post every day to present gitGost, EthicalMetrics, Hushlink, CodeTrackr, pipq and PythonICO, again, your feedback will help me a lot