I think there is a lot of FUD here. For me github only uses assets from their own domains.
the only questionable cookie is _device_id but this is useful from the security standpoint so they can track “login from a new device”. So I would even say this one is ok.
EFF privacy badger is 100% happy with the site.
ublock origin blocks 2 requests
-
https://collector.github.com/...(From the query string it looks like their own statistic tool so they dont have to rely on 3rd parties) https://api.github.com/_private/browser/stats
So I don’t know.