Gh Account Permabanned – Help?
I'm reaching out to the HN community because I've just lost something that can't be recreated: my entire GitHub history since I was 14 years old.
What happened?
My account was permanently banned without warning. After fighting through support tickets, the suspected culprit is a chargeback related to GitHub Copilot that occurred during a fraud dispute on my credit card.
When fraudulent charges were reversed, GitHub Copilot charges apparently went with them – and GitHub's automated system interpreted this as intentional fraud.
I started in infosec at 14 – hacking, building tools, contributing to open source on GitHub. As a teenager, I contributed work that was featured at DEFCON. I'm still early in my career, and I've been banking on something crucial: that real, tangible contributions to open-source projects would speak louder than any resume ever could. Those contributions were my resume. They were proof of work – thousands of commits, security tools, pull requests, issues, and collaborations that showed what I could actually build and how I work with others. All of that is now gone (unless you count the BigQuery archives...) Not suspended. Just... inaccessible.
The broader issue: For young developers and security researchers like me, GitHub contributions are our professional credibility. We don't have decades of corporate experience or impressive job titles. We have public code, meaningful contributions, security research, and a history of shipping. When that disappears overnight due to a banking mishap during a fraud dispute, it's devestating.
A fraudulent charge triggered a card cancellation In the dispute process, legitimate charges (including GitHub Copilot) were reversed GitHub's system flagged this as abuse and permanently banned the account No warning. No appeal process. No way to distinguish fraud victims from bad actors.
If anyone has connections at GitHub who can review this with human judgment, please reach out. I am desperate for a 2nd chance. If you've successfully navigated a similar situation, let me know.
I understand platforms need to combat fraud, but there has to be room for nuance. A mistaken reversal during a legitimate fraud dispute shouldn't permanently erase years of work. I'm ready to immediately settle any disputed charges and provide whatever documentation is needed – but I can't even get to a human who can evaluate the situation.
How You Can Help
If anyone has connections at GitHub who can review this with human judgment, please reach out. I am desperate for a 2nd chance. If you've successfully navigated a similar situation, let me know.
I understand platforms need to combat fraud, but there has to be room for nuance. A mistaken reversal during a legitimate fraud dispute shouldn't permanently erase years of work. I'm ready to immediately settle any disputed charges and provide whatever documentation is needed – but I can't even get to a human who can evaluate the situation.
---
Contact Info
Email: nico@omg.lol
GitHub (banned acct): nicoandmee
StackOverflow: https://stackoverflow.com/users/6934588/nico-mee
Keybase: https://keybase.io/nicomee
Personal Website: https://nicomee.com/ Doubt it's a single chargeback that did that, though it's probably what got there attention to your account. Probably something else (A bad infosec tool copy/modification to search for something like SS# patterns). Even from a security point of view I would see your email and add points for suspected fraud. What do you think and employer would think to if they saw an email like that (Minor drug reference @ omg.lol)? There is a lot of tools in infosec if they see it they would be against term of services (Some that you would not think of either)... Then further I would look for social media history too following, an incident on appeal (That's not just a recursive rejection) and see responses from you getting defensive as seen in the beginning of this thread. It's not professional behavior simply put. GitHub isn’t his employer, what are you talking about? Missing from this heartfelt plea is any indication of what code you were working on before the ban, or why you are so certain it was a result of credit card activities. We only get your side of the story - what does Github support actually tell you? Regardless, hopefully a valuable lesson in mirroring public contributions to other source control systems (Gitlab, Codeberg, etc.) is learned. As far as code goes, I never contributed to anything even remotely malicious. I worked primarily on obscure scraping problems related to Puppeteer and Playwright. I built some libraries for that I published on NPM, but at no point did I ever contribute or use GitHub in any capacity for anything malicious. I am a hundred percent certain of this, and this is why I am inclined to the other explanation which seems to make more sense.
I would love to get their side of the story. The problem is the rules prohibit creating a new account to discuss the old account being banned without warning. So this sort of kneecaps any potential conversation. Nonetheless, I have broken the rules, I guess, and created a new account and tried to establish some contact, but my ticket doesn't get any responses and based on my research it doesn't seem like it will. Point taken about mirroring to Codeberg (or sr.ht), and this is something I was already planning on doing in terms of migration. At the same time, if there was any way to restore my GitHub, that would certainly simplify all of my next steps. More than my own repos, I'm mainly concerned about my contributions to others. I've gotten hired twice just by someone contacting me from an issue that I had fixed on a GitHub discussion and that's no longer there. My ideal resolution would be just to get an idea of what happened, what caused the ban, so I can avoid that in the future, and me taking my time to go through GitHub's terms of service so that I do understand what I'm agreeing to. I'll own it- when I was 14 I did not carefully read the terms of service agreement, which was updated who knows how many times since then. This was a long time ago. I would even be willing to freeze my GitHub in its current state, restoring it but not allowing any further activity on it. I just want the record of to be able to say, "Hey, I fixed this issue in node-tar" or "I fixed this issue in Puppeteer Extra".
Note: Edited OP to include my SO. This reads like victim-blaming. I had that initial reaction too, but he's right. I mean, I fucked up. I didn't read the Terms of Service evidently, and I'm suffering for that. What I do know for sure though is that I never, under any circumstances, contributed to anything malicous. That is: malware, cryptominers, and their ilk. As a developer who's still early in their career, my hope is that someone will see this, understand the existential weight of having all that work disappear, and be sympathetic to a request for a second chance. If I’ve understood your comments, I get the impression your business practices entail scraping. Often but not always, scraping for money happens in an adversarial context. If that’s the case, your adversaries are incentivized to employ counter-measures and/or simply make your life difficult in general. It could be as straight-forward as a letter to the platform from in-house legal with reference to DCMA or similar. Or to put it another way, if you are scraping sites people will pay you to scrape, even if you aren’t on questionable legal ground there’s a non-trivial chance the scraping is making the targets unhappy. It is important to establish facts and a narrative before asserting who the victim actually is. Hah I get it. A lot of times there turns out to be something big left out, but this passes the smell check for me.