Just did some research, and you're right! TLS obscures the URL by default. I didn't know that.

Only nuance being that an attacker can draw conclusions about the length of the URL- which won't be very helpful on Github.

TLS alone is not sufficient. Fortunately, Github is also on the HSTS preload list.

> length of the URL

Also the length of the response, which is significantly more 'helpful', although probably not enough for a working attack unless you're willing to harrass a significant fraction of your intellectual workforce over false positives.

Yeah they need to hack or infiltrate Github, or get a warrant for your data.

Good thing Microsoft isn’t voluntarily in the PRISM progra-

Taking bets on "Microsoft was nudged into buying GitHub by one of the three letter clubs" being revealed one day