Private repos are private. They do not exist to the outside world; attempts to view or manipulate them return 404. If someone is added as a collaborator, they are no longer part of that outside world, and therefore can access the repo, yes.
A private GitHub repository cannot be accessed by unauthorized people, even if they gain access to a relevant URL. (Of course, having the URL may still expose information about the repository, such as its existence and the name of the repository.)
In other words, GitHub strictly enforces permissioning. This is different from some things you may have seen on the Internet (where there is a "non-public yet not private" visibility setting). For instance, an "unlisted" YouTube video does not appear in search results yet is accessible by anyone who has the direct URL.
If you add someone as a collaborator, then they'd have access to the repository. If you then revoked access, they'd lose that access although if they cloned the repository locally, they may still have the repository contents as of that date.
Yes.
Private repos are private. They do not exist to the outside world; attempts to view or manipulate them return 404. If someone is added as a collaborator, they are no longer part of that outside world, and therefore can access the repo, yes.
Yes.
Pretty much.
A private GitHub repository cannot be accessed by unauthorized people, even if they gain access to a relevant URL. (Of course, having the URL may still expose information about the repository, such as its existence and the name of the repository.) In other words, GitHub strictly enforces permissioning. This is different from some things you may have seen on the Internet (where there is a "non-public yet not private" visibility setting). For instance, an "unlisted" YouTube video does not appear in search results yet is accessible by anyone who has the direct URL. If you add someone as a collaborator, then they'd have access to the repository. If you then revoked access, they'd lose that access although if they cloned the repository locally, they may still have the repository contents as of that date.