{"id":46195617,"url":"https://github.com/livrasand/gitgost","last_synced_at":"2026-06-04T00:00:42.775Z","repository":{"id":327108101,"uuid":"1106745732","full_name":"livrasand/gitGost","owner":"livrasand","description":"Anonymous git contributions, zero accounts, zero metadata. Just add remote, push, and disappear. Hosted-in Switzerland. Be a gost!","archived":false,"fork":false,"pushed_at":"2026-05-14T23:50:26.000Z","size":7915,"stargazers_count":41,"open_issues_count":8,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-15T01:32:30.964Z","etag":null,"topics":["anonymous","anonymous-contributions","anonymous-git","devops","git","git-anonymous","gitgost","github","go","golang","no-account-github","privacy","privacy-protection","privacy-tools"],"latest_commit_sha":null,"homepage":"https://gitgost.leapcell.app","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/livrasand.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":"THREAT_MODEL.md","audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"livrasand","issuehunt":"livrasand"}},"created_at":"2025-11-29T21:22:00.000Z","updated_at":"2026-05-14T23:48:58.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/livrasand/gitGost","commit_stats":null,"previous_names":["livrasand/gitgost"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/livrasand/gitGost","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/livrasand%2FgitGost","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/livrasand%2FgitGost/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/livrasand%2FgitGost/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/livrasand%2FgitGost/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/livrasand","download_url":"https://codeload.github.com/livrasand/gitGost/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/livrasand%2FgitGost/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33884734,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-03T02:00:06.370Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anonymous","anonymous-contributions","anonymous-git","devops","git","git-anonymous","gitgost","github","go","golang","no-account-github","privacy","privacy-protection","privacy-tools"],"created_at":"2026-03-03T02:56:21.236Z","updated_at":"2026-06-04T00:00:42.766Z","avatar_url":"https://github.com/livrasand.png","language":"Go","funding_links":["https://github.com/sponsors/livrasand","https://issuehunt.io/r/livrasand"],"categories":[],"sub_categories":[],"readme":"![gitGost Logo Light](web/assets/logos/light-logo.png#gh-light-mode-only)\n![gitGost Logo Dark](web/assets/logos/dark-logo.png#gh-dark-mode-only)\n\n\n**Contribute to any GitHub repo without leaving a trace.**\n\nZero accounts • Zero tokens • Zero metadata • Designed for strong anonymity\n\n## One-liner demo\n\n```bash\n# Add as remote → fix → push → done. Designed to minimize identifiable traces.\ngit remote add gost https://gitgost.fly.dev/v1/gh/torvalds/linux\ngit checkout -b fix-typo\ngit commit -am \"fix: obvious typo in README\"\ngit push gost fix-typo:main\n# → PR opened as @gitgost-anonymous with no direct trace to you; note that gitGost provides strong anonymity features, but not perfect anonymity — see the Threat Model\n```\n\nThat’s it. No login, token, name, or email required — gitGost provides strong anonymity features, but not perfect anonymity — see the [Threat Model](#threat-model).\n\n[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/livrasand/gitGost)\n[![Desplegado](https://gitgost.fly.dev/badges/deployed.svg)](https://gitgost.fly.dev/health)\n[![Say Thanks!](https://img.shields.io/badge/Say%20Thanks-!-1EAEDB.svg)](https://saythanks.io/to/livrasand)\n[![License: AGPL-3.0](https://img.shields.io/badge/License-AGPL--3.0-blue.svg)](https://www.gnu.org/licenses/agpl-3.0)\n[![Security Responsible Disclosure](https://img.shields.io/badge/Security-Responsible%20Disclosure-yellow)](SECURITY.md)\n[![Legal Notice](https://img.shields.io/badge/Legal-Notice%20%26%20CLA-red)](LEGAL.md)\n[![Powered by Go](https://img.shields.io/badge/Powered%20by-Go-00ADD8.svg?logo=go)](https://go.dev)\n[![Privacy First](https://img.shields.io/badge/Privacy-First-59316b)](https://github.com/livrasand/gitGost)\n[![GitHub repo size](https://img.shields.io/github/repo-size/livrasand/gitGost)](https://github.com/EduardaSRBastos/my-essential-toolbox)\n  \u003cimg\n  src=\"https://img.shields.io/badge/GitHub-Available-brightgreen?logo=github\"\n  alt=\"GitHub – Coming Soon\"/\u003e\n\u003cimg\n  src=\"https://img.shields.io/badge/GitLab-Coming%20Soon-lightgrey?logo=gitlab\u0026logoColor=white\"\n  alt=\"GitLab – Coming Soon\"/\u003e\n\u003cimg\n  src=\"https://img.shields.io/badge/Bitbucket-Coming%20Soon-lightgrey?logo=bitbucket\"\n  alt=\"Bitbucket – Coming Soon\"/\u003e\n\u003cimg\n  src=\"https://img.shields.io/badge/Codeberg-Coming%20Soon-lightgrey?logo=codeberg\u0026logoColor=white\"\n  alt=\"Codeberg – Coming Soon\"/\u003e\n\n\u003cbr /\u003e\n\n\u003e \"Fixed GPIO mapping bug in 10s without doxxing risk – @gitgost-anonymous\"  \n\u003e [View PR ↗](https://github.com/mehdi7129/inky-photo-frame/pull/3) *(Example from mehdi7129/inky-photo-frame)*\n\n## Features\n\n| Feature                     | Description                                                                 |\n|-----------------------------|-----------------------------------------------------------------------------|\n| **Total Anonymity**         | Strips author name, email, timestamps, and all identifying metadata. PRs created by neutral `@gitgost-anonymous` bot. |\n| **One-Command Setup**       | Just `git remote add gost \u003curl\u003e` – no accounts, tokens, or browser extensions. |\n| **Battle-tested Security**  | Rate limiting, repository size caps, commit validation. Written in pure Go with minimal dependencies – fully auditable. |\n| **Works Everywhere**        | Terminal, CI/CD, Docker, scripts – any public GitHub repo, anywhere Git runs. |\n| **Open Source \u0026 AGPL**      | 100% transparent. Fork it, audit it, host it yourself.                     |\n\n## Anonymous Contributor Friendly Badge\n\nTo signal that your repository welcomes anonymous contributions via gitGost, add this badge to your README:\n\n![Anonymous Contributor Friendly](https://gitgost.fly.dev/badges/anonymous-friendly.svg)\n\n\nFor verified repositories, add a `.gitgost.yml` file to your repository root and use the dynamic version:\n\n![Anonymous Contributor Friendly](https://gitgost.fly.dev/badges/anonymous-friendly.svg?repo=livrasand%2FgitGost)\n\nThis badge helps contributors know that anonymous contributions are accepted and encouraged.\n\n## Repository Opt-Out\n\nMaintainers can block anonymous contributions via gitGost by adding `DENY_ALL: true` to the `.gitgost.yml` file in their repository root:\n\n```yaml\n# .gitgost.yml\nDENY_ALL: true\n```\n\nWhen this is set, gitGost will reject any push attempt before creating a fork or PR. Contributors will see:\n\n```text\nremote: CONTRIBUTION BLOCKED\nremote:\nremote: This repository does not accept anonymous contributions\nremote: via gitGost. Please contact the maintainer directly.\nerror: push rejected: repository has opted out of gitGost\n```\n\nIf the file does not exist or `DENY_ALL` is not set, contributions are allowed by default.\n\n## Why developers love gitGost\n\n\u003e “Your commit history shouldn’t be an HR liability forever.”\n\n- No permanent public record of your activity  \n- Safely contribute to controversial projects (employer or country doesn’t like it? no problem)  \n- Stop email harvesting \u0026 doxxing from public commits  \n- Fix that one annoying typo without attaching your name for eternity  \n- Be a ghost when you want to be\n\nBuilt for developers who actually care about privacy.\n\n## Legitimate Use Cases\n\ngitGost is intended for responsible, good-faith contributions where identity exposure is unnecessary or undesirable.\n\nExamples include:\n\nFixing typos or documentation errors without creating a permanent contribution record\nContributing to projects that may conflict with employer policies\nParticipating in politically sensitive or controversial repositories\nReducing exposure to email harvesting and scraping\nExperimenting or testing changes without attaching personal metadata\nContributing from jurisdictions where visibility may create risk\n\ngitGost is designed to enable privacy — not remove accountability from the review process.\n\nAll pull requests are public and subject to maintainer approval.\n\n## When NOT to use gitGost\n\nDo not use gitGost for:\n\nHarassment or abuse\nSpam or automated PR flooding\nEvading bans or moderation\nSubmitting malicious code\nAvoiding legal responsibility\nCircumventing repository contribution policies\n\ngitGost enforces rate limits, validation checks, and repository constraints. Abuse attempts will be mitigated.\n\nIf your goal is to harm, disrupt, or deceive — this project is not for you.\n\n## Threat Model\n\ngitGost is designed to protect against common identification threats in contributions to public repos, but does not offer perfect anonymity. Below details what it protects against, what it does not, who it protects against, and key assumptions.\n\nFor a terse, user-facing view of guarantees and data retention, see [Privacy Guarantees](Privacy%20Guarantees.md).\n\n### gitGost protects against:\n\n- Public exposure of name and email in commits\n- Direct association between personal GitHub account and PR\n- Passive metadata collection in public repos\n- Permanent history of minor contributions\n\n### gitGost does NOT protect against:\n\n- IP identification (using VPN/Tor is recommended)\n- Code style analysis (stylometry)\n- Advanced temporal correlation\n- Targeted deanonymization by adversaries with resources\n\n### Considered adversaries\n\n- Recruiters / HR\n- Hostile maintainers\n- Email scrapers\n- Governments or companies with basic monitoring\n\n### Not considered adversaries\n\n- Nation states with infrastructure access\n- Actors with active user surveillance\n- Deep forensic code style analysis\n\n### Explicit assumptions\n\ngitGost assumes the user:\n\n- Uses a trustworthy network (VPN / Tor)\n- Does not reuse unique phrases or identifiable style\n- Does not mix anonymous and personal contributions to the same repo\n- Understands that perfect anonymity does not exist\n\nFor the full model, see [THREAT_MODEL.md](THREAT_MODEL.md). For more operational details, see [SECURITY.md](SECURITY.md).\n\n## Quick Start\n\n```bash\n# 1. Add the remote (replace with any public repo)\ngit remote add gost https://gitgost.fly.dev/v1/gh/username/repo\n\n# 2. Create your branch and commit with a detailed message\ngit checkout -b my-cool-fix\ngit commit -am \"fix: typo in documentation\n\nThis commit fixes a grammatical error in the README.\nThe word 'recieve' should be 'receive'.\"\n\n# 3. Push – PR opens anonymously\ngit push gost my-cool-fix:main\n```\n\nDone. The PR appears instantly from `@gitgost-anonymous` with your commit message as the PR description.\n\n**Pro tip:** Write detailed commit messages! Your commit message becomes the PR description, allowing you to provide context while staying anonymous.\n\n## Security \u0026 Limits (we’re not reckless)\n\n- Max 5 PRs/IP/hour\n- Repository size ≤ 500 MB\n- Commit size ≤ 10 MB\n- Full validation of refs and objects\n- No persistence of your data\n\n\u003e **GitHub only:** Due to GitHub's platform limits, fork repositories created by gitGost are manually deleted to stay under the 40,000-repository cap. This is a GitHub-specific constraint and does not affect functionality.\n\nEverything is designed to prevent abuse while keeping you anonymous.\n\n## License\n\n**AGPL-3.0** – Free forever, open source, and copyleft.  \nIf you run a public instance, you must provide source code.\n\n→ [LICENSE](LICENSE)\n\n## Contributing\n\n### Contributing Anonymously\n\n```bash\ngit remote add gost https://gitgost.fly.dev/v1/gh/livrasand/gitGost\ngit push gost my-feature:main\n```\n\n(Yes, even gitGost eats its own dogfood 👻)\n\n### Going further: hide your IP with torsocks\n\ngitGost strips your name, email, and metadata — but your IP is still visible to the server. If you need a stronger anonymity guarantee, wrap your push with **torsocks**, which routes the connection through the Tor network so the server only sees a Tor exit node IP.\n\n#### Install\n\n```bash\n# Debian/Ubuntu\nsudo apt install tor torsocks\n\n# Arch\nsudo pacman -S tor torsocks\n\n# macOS\nbrew install tor torsocks\n```\n\n#### Start Tor\n\n```bash\nsudo systemctl start tor   # Linux\nbrew services start tor    # macOS\n```\n\n#### Push through Tor\n\n```bash\ntorsocks git \\\n  -c http.extraHeader=\"X-Gost-Authorship-Confirmed: 1\" \\\n  push gost my-feature:main\n```\n\n#### Optional: persistent alias so you never forget\n\n```bash\n# Inside your repo\ngit config http.extraHeader \"X-Gost-Authorship-Confirmed: 1\"\n\n# In ~/.gitconfig\n[alias]\n    ghost = \"!torsocks git\"\n```\n\nThen simply:\n\n```bash\ngit ghost push gost my-feature:main\n```\n\n#### Verify your IP is masked before pushing\n\n```bash\ntorsocks curl https://check.torproject.org/api/ip\n# → {\"IsTor\": true, \"IP\": \"185.220.101.x\"}\n```\n\n\u003e **Heads-up:** Tor is slow. A push that normally takes seconds may take a few minutes. This is expected — Tor routes traffic through three encrypted nodes worldwide. gitGost's 10 MB commit limit is partly sized with this in mind.\n\n### Strip metadata from binary files before committing\n\ngitGost anonymizes commit metadata, but **binary files (images, PDFs, Office documents) can contain embedded metadata** — EXIF data, GPS coordinates, author names, device info — that reveal your identity regardless of commit anonymization. Strip it before committing with **exiftool**.\n\n#### Install\n\n```bash\n# Debian / Ubuntu\nsudo apt install libimage-exiftool-perl\n\n# Arch\nsudo pacman -S perl-image-exiftool\n\n# macOS\nbrew install exiftool\n\n# Windows: download the executable from https://exiftool.org\n# Extract exiftool(-k).exe, rename to exiftool.exe, place in PATH\n```\n\n#### Verify and strip\n\n```bash\n# Check what metadata a file exposes\nexiftool photo.jpg\n# → GPS Latitude  : 48.8566   ← your location\n# → Author        : John Doe  ← your name\n\n# Strip all metadata from a single file\nexiftool -all= photo.jpg\n\n# Strip recursively from a directory\nexiftool -all= -r ./assets/\n```\n\n#### Then commit and push safely\n\n```bash\ngit add assets/\ngit commit -am \"add: project screenshots\"\ngit push gost my-branch:main\n# → PR opened as @gitgost-anonymous — no metadata, no trace\n```\n\n\u003e **Note:** exiftool creates backup files (`*_original`) by default. Add `-overwrite_original` to skip them: `exiftool -all= -overwrite_original photo.jpg`.\n\n### Windows alternatives\n\n`torsocks` is not available on Windows natively. Use one of the following options instead.\n\n#### Option 1: Tor Browser + SOCKS5 proxy (easiest)\n\n```bash\n# 1. Download and install Tor Browser\n#    https://www.torproject.org/download/\n\n# 2. Open it and leave it running (exposes SOCKS5 on 127.0.0.1:9150)\n\n# 3. Configure Git to use it\ngit config --global http.proxy socks5h://127.0.0.1:9150\n\n# 4. Push normally\ngit -c http.extraHeader=\"X-Gost-Authorship-Confirmed: 1\" push gost my-branch:main\n```\n\nWhen done, remove the global proxy:\n\n```bash\ngit config --global --unset http.proxy\n```\n\nOr configure it per-repo only (recommended):\n\n```bash\n# Inside the repo, not global\ngit config http.proxy socks5h://127.0.0.1:9150\ngit config http.extraHeader \"X-Gost-Authorship-Confirmed: 1\"\n```\n\n#### Option 2: WSL2 (Windows Subsystem for Linux)\n\nIf you already have WSL2, it works exactly like Linux inside it:\n\n```bash\n# Inside WSL2 (Ubuntu/Debian)\nsudo apt install tor torsocks\nsudo service tor start\n\ntorsocks git push gost my-branch:main\n```\n\nWSL2 has its own network stack separate from Windows, so anonymity is preserved correctly.\n\n## Made with ❤️ for privacy\n\n## Service Administration\n\n### Panic button — suspend and restore the service\n\nIf abusive activity is detected (bot submissions, coordinated spam), you can suspend the service immediately. While suspended, all pushes are rejected with an explanatory message and the site shows a banner.\n\n**Suspend the service:**\n\n```bash\ncurl -X POST https://gitgost.fly.dev/admin/panic \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"password\":\"\u003cPANIC_PASSWORD\u003e\",\"active\":true}'\n```\n\n**Restore the service:**\n\n```bash\ncurl -X POST https://gitgost.fly.dev/admin/panic \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"password\":\"\u003cPANIC_PASSWORD\u003e\",\"active\":false}'\n```\n\n\u003e **Note:** If you receive a ntfy alert with action buttons (Activate Panic / Deactivate Panic), those buttons use single-use tokens valid for **10 minutes**. If the tokens expire before you tap them, use the `curl` commands above with your `PANIC_PASSWORD` — those always work.\n\n**Handy shell aliases** (add to your `~/.zshrc` or `~/.bashrc`):\n\n```bash\nexport PANIC_PASSWORD=\"your-password-here\"\n\nalias gitgost-suspend='curl -s -X POST https://gitgost.fly.dev/admin/panic \\\n  -H \"Content-Type: application/json\" \\\n  -d \"{\\\"password\\\":\\\"$PANIC_PASSWORD\\\",\\\"active\\\":true}\"'\n\nalias gitgost-restore='curl -s -X POST https://gitgost.fly.dev/admin/panic \\\n  -H \"Content-Type: application/json\" \\\n  -d \"{\\\"password\\\":\\\"$PANIC_PASSWORD\\\",\\\"active\\\":false}\"'\n```\n\nThen simply run `gitgost-restore` to bring the service back online.\n\n### Close abusive PRs (rollback burst)\n\nAfter a burst attack, close all PRs created during the attack window:\n\n```bash\ncurl -X POST https://gitgost.fly.dev/admin/rollback \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"password\":\"\u003cPANIC_PASSWORD\u003e\"}'\n# → {\"closed\": 12, \"failed\": 0, \"closed_urls\": [...]}\n```\n\nThis closes up to 2 hours of recorded PRs in parallel via the GitHub API. PRs older than 2 hours are not affected.\n\n---\n\nStar this repo if you believe developers deserve the right to contribute anonymously.\n\n[![Share](https://img.shields.io/badge/share-000000?logo=x\u0026logoColor=white)](https://x.com/intent/tweet?text=Check%20out%20this%20project%20on%20GitHub:%20https://github.com/livrasand/gitGost%20%23gitGost%20%23anonymous%20%23privacy)\n[![Share](https://img.shields.io/badge/share-1877F2?logo=facebook\u0026logoColor=white)](https://www.facebook.com/sharer/sharer.php?u=https://github.com/livrasand/gitGost)\n[![Share](https://img.shields.io/badge/share-0A66C2?logo=linkedin\u0026logoColor=white)](https://www.linkedin.com/sharing/share-offsite/?url=https://github.com/livrasand/gitGost)\n[![Share](https://img.shields.io/badge/share-FF4500?logo=reddit\u0026logoColor=white)](https://www.reddit.com/submit?title=Check%20out%20this%20project%20on%20GitHub:%20https://github.com/livrasand/gitGost)\n[![Share](https://img.shields.io/badge/share-0088CC?logo=telegram\u0026logoColor=white)](https://t.me/share/url?url=https://github.com/livrasand/gitGost\u0026text=Check%20out%20this%20project%20on%20GitHub)\n\nBe a ghost. Fix the internet.\n\n*✨ Thanks for visiting **gitGost**!*\n\n\u003cimg src=\"https://visitor-badge.laobi.icu/badge?page_id=livrasand.gitGost\u0026style=for-the-badge\u0026color=00d4ff\" alt=\"Views\"\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flivrasand%2Fgitgost","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flivrasand%2Fgitgost","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flivrasand%2Fgitgost/lists"}