The only thing the average web user would take away from such a popup is that github.com is annoying or spying on them, and then proceed to bombard github with messages to knock it off (reminds me of when a blog temporarily became the #1 search term for "facebook login", oh the hate that blog received for "breaking my Facebooks")

The average web user has no idea GitHub is behind the popup. You need to be a web expert and look at the Network tab to know this.

OP suggested adding "github.com" to the popup's message. That would be a Bad Idea.

Oh, right, silly me for not reading the context.

What about

alert("The site you are visiting contains malicious JavaScript. It uses your machine as part of a cyber attack. You must immediately alert owners of this website to remove Baidu analytics which distributes the malware.")

Or perhaps use it to advertise a Baidu competitor.

Okay, I'm guessing this isn't on Baidu so much as the Chinese governments, but incentivizing Chinese corporations to object to government attacks isn't a terrible idea.

And let's add some taunt in it:

"[...] Github.com, and more specifically the tools allowing to easily bypass the chinese government censorship."

I wonder what would happen with such a message.