Exactly the same as what the public SSH shows you: ie nothing of any direct risk but an identifiable piece of meta data to someone determined enough assuming the person creating that profile didn’t bother to enter anonymised information for GitHub.
So your argument against SSH keys are just as valid for all the other items of meta data you’re dismissing as not a privacy problem.
And that’s the point I’m making. If you care enough about privacy that your public SSH key is an issue, then creating a GitHub account is not the brightest idea regardless of their policy on public SSH keys.
I don’t disagree that GitHub could do a better job documenting this risk nor that an ideal scenario would be giving users the option. But they’re all just side stepping the real issue that this is not a privacy because of the fact that public SSH keys are not more of a risk than any of the other data you’re already volunteering to be published by virtue of signing up to a social platform.
If you want privacy then host your own git server (it’s really easy!) because GitHub is designed around sharing, not privacy.
It’s weird the number of people here who don’t realise that convenience and privacy are often opposing forces and I bet the majority complaining don’t even pay for their GitHub account. Yet they are still complaining about specific aspects of privacy while willingly handing over a crap load more identifiable information for free. The whole debate here screams of security theatre: privacy for show rather than actual safeguarding of personally identifiable data.
I'm not trying to say anything about public keys, you're the one who claimed:
> If you need privacy then you shouldn’t be uploading to GitHub in the first place. The moment you do that you’re publishing email addresses, other projects that you contribute too and potentially leaking your timezone by virtue of commit times.
You are wrong. GitHub doesn't have to leak anything, apart from your public SSH key.
