IdeaWell

Project ideas from Hacker News discussions.

If you don't opt out by Apr 24 GitHub will train on your private repos

Hacker News Discussion

📝 Discussion Summary (Click to expand)

1. Backlash overCopilot’s opt‑out for private repos

“If they were being honest they would ask explicitly for permission instead of advertising opt‑out. Now you might ask: who will explicitly give Microsoft permission to train on their private works? No one will — and that's the point: this is a form of theft.” – SirensOfTitan

2. Need for explicit consent / GDPR concerns > “Under GDPR, opt‑out is not considered informed consent, and repositories can contain personally identifiable information, which fall under GDPR. Do you think differently, or do you think ignoring the law will be worth it?” – johndough

3. Alternatives & self‑hosting

“I've recently started hosting my own Forgejo instance. It works so well! Free Tailscale for connectivity. I expose mine over Fly.io proxy, also free, but not to be done without caution.” – eblume 4. Confusion & visibility of the opt‑out setting
“The setting isn’t even visible to everyone. If you're currently in an org that manages Copilot business, it’s gone. I imagine it instantly opts you back in when you leave an org.” – ClikeX

5. Moral condemnation & class‑action anticipation > “This is theft. Should be illegal! It's like if I own a vault storage business and I am keeping other people's gold in my vaults and then I just take all the gold for myself and claim that the customers should have opted out of me stealing their gold but they missed the deadline…” – zelphirkalt

🚀 Project Ideas

[OptiCopilot]

Summary

  • A browser extension + desktop app that instantly toggles the “Allow GitHub to use my data for AI model training” setting across all personal and organization accounts with a single click.
  • Eliminates the manual hunt through Settings pages and works even when the organization‑level UI hides the option.

Details| Key | Value |

|-----|-------| | Target Audience | Developers who use GitHub Copilot (free, Pro, or Business) and want to ensure their private repo interactions are never used for training without explicit consent. | | Core Feature | One‑click opt‑out toggle that propagates to all linked accounts; real‑time status dashboard showing which repos/services are still exposing data. | | Tech Stack | Browser extension (Manifest V3) in TypeScript; backend Node.js API for OAuth token management; Electron wrapper for desktop; integrates with GitHub GraphQL API. | | Difficulty | Medium | | Monetization | Revenue-ready: Subscription $4 /month per user, with a free tier limited to one account. |

Notes

  • HN users repeatedly mentioned “I never saw the banner” and “I have to manually dig through Settings”; this solves that pain point directly.
  • Could be promoted on HN with a demo GIF showing the toggle disappearing from the UI after one click, sparking discussion about privacy vs. convenience.

[PrivyHost]

Summary

  • A fully decentralized code‑hosting service where every repository is stored on encrypted IPFS shards and accessed via a lightweight web UI; each repo includes a built‑in “Training‑Data Opt‑Out” flag that automatically encrypts all input/output before any model could ingest it.
  • Guarantees that no raw code ever leaves the encrypted layer, addressing fears of hidden training on private repos.

Details

Key Value
Target Audience Open‑source maintainers, small teams, and privacy‑conscious developers who want to host code without any corporate data‑harvesting risk.
Core Feature Automatic client‑side encryption of commits, branches, and issue comments; UI toggle that enforces end‑to‑end encryption and disables any telemetry; public API for conventional git workflows.
Tech Stack Frontend: React + WebAssembly (libsodium); Backend: Go microservice with IPFS daemon; Database: None (pure IPFS); Authentication: Magic‑link via Email; Deploy: Docker compose on cheap VPS.
Difficulty High
Monetization Hobby (free, community‑driven) – optional paid “Premium Nodes” for faster load times at $2 /month.

Notes- HN discussions about “self‑hosting Forgejo” and “encrypt everything” align perfectly; this product makes encryption the default, not an add‑on.

  • Could generate buzz by publishing a transparent “Zero‑Training‑Data” pledge and offering a free tier for early adopters.

[PrivacyGuard‑AI]

Summary

  • A SaaS that scans a repository’s entire history for personally identifiable information (PII) and potential training‑data leakage, then auto‑generates a compliant “AI‑Use License” that blocks the data from being ingested by any external model unless the owner explicitly opts in.
  • Provides audit logs and a compliance badge for public projects, giving contributors confidence that their code won’t be used without consent.

Details

Key Value
Target Audience Open‑source maintainers, corporate legal teams, and community project owners who must prove their code isn’t inadvertently used for AI training.
Core Feature Automated PII/code‑smell detection, generation of a JSON‑based license file that references GitHub’s opt‑out setting, and integration with CI to block merges lacking the flag.
Tech Stack Backend: Python (FastAPI) with regex & ML classifiers; Frontend: Vue.js; Integration via GitHub Actions; Storage: PostgreSQL; Hosting: Serverless on AWS Lambda.
Difficulty Medium
Monetization Revenue-ready: Tiered pricing $15 /mo for up to 10 repos, $30 /mo for unlimited, with a free “basic scan” for non‑profits.

Notes- Comments in the thread stress that “opt‑out should be explicit, not implicit”; this service makes the opt‑out explicit and enforceable.

  • Could be announced on HN with a case study showing a popular library that inadvertently trained on private data, sparking conversation about proactive protection.

[CodePoison]

Summary

  • A CLI tool that injects deliberately crafted “poisoned” snippets (e.g., bogus algorithms, intentionally inefficient functions) into private repositories on a configurable schedule, contaminating the training signal while remaining indistinguishable to casual readers.
  • Provides statistics on contamination level and a “push‑to‑opt‑out” command that syncs the poison flag with GitHub’s telemetry setting.

Details

Key Value
Target Audience Privacy‑focused developers who want to actively sabotage AI training on their code without switching platforms.
Core Feature Auto‑generation of harmless‑looking but functionally weird code blocks; configurable insertion rate; ability to target only specific file patterns; integration with GitHub Actions for continuous poisoning.
Tech Stack Rust binary; uses git2-rs for repo manipulation; config via TOML; distributed via crates.io; optional GUI wrapper in Electron.
Difficulty High
Monetization Hobby (open source); optional paid support $8 /month for enterprise‑grade poisoning pipelines.

Notes- Thread participants discussed “poisoning LLMs” as a defensive tactic; this tool turns that idea into a practical, automated workflow.

  • Potential HN buzz: “I just poisoned my 200‑repo private org in 5 minutes – here’s how”.

[ForgeMigrate]

Summary

  • A one‑click migration platform that moves all private repositories from GitHub to a self‑hosted Forgejo (or Gitea) instance, automatically validates the “Allow GitHub to use my data for AI model training” flag status on the destination and enforces a permanent “no‑training” policy.
  • Offers a verification dashboard showing which migrated repos retain the opt‑out setting and provides a simple webhook to alert if any future GitHub setting reactivates.

Details

Key Value
Target Audience Teams and individuals ready to leave GitHub due to privacy concerns but need a seamless, low‑friction transition.
Core Feature Bulk clone + push via Git‑LFS; UI to select target host (Forgejo, Gitea, or custom); post‑migration audit that checks for GitHub telemetry flags; scheduled health‑check webhook.
Tech Stack Backend: Node.js with octokit and forgejo-client; Frontend: React with Material‑UI; Migration engine built on git-cliff; Hosting: Docker on Railway or Fly.io; DB: SQLite.
Difficulty Medium
Monetization Revenue-ready: $9 /month per user, includes 5 GB storage and priority migration support.

Notes

  • Multiple HN comments asked “how can I move my private repos without losing history?” and “I wish there was a simple way to verify opt‑out after moving.”
  • Launch could be highlighted with a live migration demo and a discussion on preserving privacy across platforms.

Read Later