Did you know that anyone can commit as you on GitHub? If you don't believe me, just browse through this repository's forged commits or use our tool to forge a commit for yourself.

Try it for yourself: spoof.krypt.co

How does it work?

Open your ~/.gitconfig

[user]
    name  = Ben Bitdiddle
    email = bbitdiddle@mit.edu

Change name and email to any value you want.

If email matches the email of another GitHub user, that user's picture will show up next to the commit, and
when you click on it will take you to their real GitHub profile.

Next time you see a commit on GitHub from Ben -- don't trust that Ben actually authored it.

How can do prove that my commits are really mine?

Anyone can set the “author” of a Git commit to any value.
To prove that you authored a commit you must attach a digital signature to it.
The only way someone knows it was really your commit is to verify the commit's signature.

GitHub supports verifying & signing Git commits

Check out this signed commit: kryptco/kr@0cca333.

If a commit doesn’t have a green “Verified” badge, then it could have been authored by anyone!

GitHub verifies signed commits, and Krypton makes signing commits easy.
Get your green verified badge, https://krypt.co.

Let's see some well known forgeries...

"I love windows and subversion!" -- @torvalds on #1eb0d8

"You should really use gitlab.com, it's way better." -- @schacon on #730c7e

Anonymously Forged Commits

Browse all of the forged commits from the community here! https://github.com/git-forge/fraudulent/commits/master