Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

abandon Github #1673

Open
bruceleerabbit opened this issue Aug 8, 2019 · 1 comment

Comments

@bruceleerabbit
Copy link

commented Aug 8, 2019

Abandon Github

This repository is hosted by Microsoft -- a privacy abuser. To attract ethical privacy-respecting developers, please consider moving away from Github. Users who cannot or will not using Github are excluded from writing bug reports and contributing to the wiki. I've had to make wiki edits on behalf of others because of this. I'm not sure how long I'm willing to continue, as the Device Verification is a hassle.

Privacy and ethical problems with Microsoft Github

  1. MS feeds other privacy abusers:
    1. (2012) MS spent $35 million on Facebook advertisements, making it the third highest financial supporter of a notorious privacy abuser that year.
    2. Github uses Amazon AWS which triggers several privacy and ethical problems:
      1. Amazon paid $195k to fight privacy in CA.
      2. Amazon supported CISA.
      3. Amazon is making an astronomical investment in facial recognition.
      4. Amazon uses FedEx (an NRA-supporting ALEC member who feeds republican warchests via ALEC and NRA [republican policy is detrimental to individual privacy]).
      5. Amazon distributes NRAtv which promotes a privacy-hostile political party and the resulting policies. Also sells the Trump line of suits in their webshop.
      6. Amazon spent $30 million and ranked in the top 5 promoters of Facebook ads in 2012 (thus substantially feeding a privacy abuser).
      7. Amazon supplies AWS to Palantir, a database firm that exploits social media to facilitate ICE and CBP to enforce Trump's inhumane zero tolerance immigration policy that entails child-parent separation. Palantir was also co-founded by a notorious scumbag (Peter Thiel).
      8. Amazon supplies facial recognition to law enforcement who use it to abuse civil liberties.
      9. Amazon drug tests its employees, thus intruding on their privacy outside the workplace and also harming their healthcare.
      10. Amazon runs an extreme sweatshop that greatly diminishes quality of life. The consequential mental health crisis is evidenced by 189 calls from Amazon warehouses to 911 in five years.
  2. Github is Tor-hostile according to Tor project. GH has started forcing Tor users through an extra email verification step that effectively discourages bug reports: github-tor_hostility
  3. MS is a PRISM corporation prone to mass surveillance
  4. MS lobbies for privacy-hostile policy:
    1. MS supported CISPA and CISA unwarranted information exchange bills, and CISA passed.
    2. (2018) MS paid $195k to fight privacy in CA
  5. MS supplies Bing search service which gives high rankings to privacy-abusing CloudFlare websites.
  6. MS supplies hotmail.com email service, which uses vigilante extremist org Spamhaus to force residential internet users to share all their e-mail metadata and payloads with a corporate third-party.
  7. MS drug tests its employees, thus intruding on their privacy outside the workplace.
  8. MS products (Office in particular) violate the GDPR

Alternatives

  1. self-hosting (Gogs, Gitea, Gitlab, etc.)
    1. (+) avoids the "shake-up" problem of shrinking the community each time the project moves (there is no risk that the privacy factors would later take a negative turn).
  2. Bitbucket
    1. (-) dodgy j/s up the yin yang that clusterfucks uMatrix
    2. (-) has some relationship with Netlify, who uses AWS
    3. (-) non-free software?
  3. Launchpad
  4. Gitlab (would be a poor choice)
    1. (-) Hostile treatment of Tor users trying to register.
    2. (-) Hostile treatment of new users who attempt to register with a @spamgourmet.com forwarding email address to track spam and to protect their more sensitive internal email address.
    3. (-) CAPTCHAs Tor users even after they've established an account and have proven to be a non-spammer.
      1. (-) CAPTCHAs break robots and robots are not necessarily malicious. E.g. I could have had a robot correcting a widespread misspelling error in all my posts.
      2. (-) CAPTCHAs put humans to work for machines when it is machines that should work for humans.
      3. (-) CAPTCHAs are defeated. Spammers find it economical to use third-world sweat shop labor for CAPTCHAs while legitimate users have this burden of broken CAPTCHAs.
      4. (-) The CAPTCHA puzzle is sourced from Google. So Google is likely getting compensated in some way and Google is likely also recording IP address, browser print, and the page the CAPTCHA is served to in order to add to someones tracking info.
      5. (-) Google's CAPTCHA often forces users to run non-free Javascript.
      6. (-) The puzzle is often broken. This amounts to a denial of service:
        gitlab_google_recaptcha
  5. notabug.org ("NAB") (privacy policy). Based on a liberated fork of gogs.
    1. (+) supports Tor (although the onion web UI is currently disabled in response to attack, so the onion site only accepts git connections)
    2. (+) supports SSH keys and SSH over Tor
    3. (+) no CAPTCHAs
    4. (+) registration very non-intrusive, and not controlling about where you get your email
    5. (-) noteworthy drawback unrelated to privacy: e-voting non-existent.
    6. (-) noteworthy drawback unrelated to privacy: NAB doesn't associate PGP keys to users, so PGP signed commits may be unavailable or more manual work needed.
    7. (-) IRC support channel is dead.
  6. Codeberg. Runs on Gitea, which is a Gogs fork.
    1. (+) web UI works on Tor (probably SSH as well)
    2. (+) supports SSH and GPG keys
    3. (+) no CAPTCHAs
    4. (+) registration very non-intrusive, and not controlling about where you get your email
    5. (+) functions without any j/s, and the javascript that exists is all 1st-party
    6. (+) supports e-voting
    7. (+) hosts Jeff Cliff's CF-Tor project which is one of the most credible and competently staffed privacy projects.
    8. (-) logins don't work from all Ungoogled Chromium installations
    9. (-) no onion address

Going forward

I suggest moving to Codeberg.org or Notabug.org.

@Pofilo Pofilo added the meta label Aug 8, 2019

@annacrombie

This comment has been minimized.

Copy link

commented Aug 22, 2019

Also check out sourcehut. It can be self-hosted but there is a free beta instance at sr.ht. The developer is a privacy advocate, and the whole site works without javascript.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.