Perché usare Gitea, l'alternativa etica a Gitlab e Github. Gitea.it è il sito italiano del repository open source gitea. Ospitato con amore nei server del collettivo devol. https://gitea.it
Go to file
Filippo DB 0af89df38d Aggiornare 'README.md' 2020-08-13 12:21:00 +02:00
README.md Aggiornare 'README.md' 2020-08-13 12:21:00 +02:00

README.md

Gitea

Perché usare Gitea, l'alternativa etica a Gitlab e Github

It's worth mentioning that Github and Gitlab both distribute the free software that implements their service. Unless I say otherwise, this post is about their service, not their software.

Perchè non usare Gitlab

“Free software” that forces execution of non-free software isnt really free.

  • There is nothing particularly wrong with the gitlab software, but that software must be hosted and configured and there are copious ethical problems with the gitlab.com service that the OP suggested:
  • Sexist treatment toward saleswomen who are told to wear dresses, heels, etc.
  • Hosted by Google.
  • Proxied through privacy abuser CloudFlare.
  • tracking
  • Hostile treatment of Tor users trying to register.
  • Hostile treatment of new users who attempt to register with a @spamgourmet.com forwarding email address to track spam and to protect their more sensitive internal email address.
  • Hostile treatment of Tor users after theyve established an account and have proven to be a non-spammer.

Regarding the last bullet, I was simply trying to edit an existing message that I already posted and was forced to solve a CAPTCHA (attached). There are several problems with this:

  • CAPTCHAs break robots and robots are not necessarily malicious. E.g. I could have had a robot correcting a widespread misspelling error in all my posts.
  • CAPTCHAs put humans to work for machines when it is machines that should work for humans.
  • CAPTCHAs are defeated. Spammers find it economical to use third-world sweat shop labor for CAPTCHAs while legitimate users have this burden of broken CAPTCHAs.
  • The reCAPTCHA puzzle requires a connection to Google
    1. Googles reCAPTCHAs compromise security as a consequence of surveillance capitalism that entails collection of IP address, browser print.
      • (speculative) could Google push malicious j/s that intercepts user registration information?
    1. Users are forced to execute non-free javascript (recaptcha/api.js).
    1. The reCAPTCHA requires a GUI, thus denying service to users of text-based clients.
    1. CAPTCHAs put humans to work for machines when it is machines who should be working for humans. PRISM corp Google Inc. benefits financially from the puzzle solving work, giving Google an opportunity to collect data, abuse it, and profit from it. E.g. Google can track which of their logged-in users are visiting the page presenting the CAPTCHA.
    1. The reCAPTCHAs are often broken. This amounts to a denial of service. gitlab_google_recaptcha
      • the CAPTCHA server itself refuses to give the puzzle saying there is too much activity.
      • E.g.2:
    1. The CAPTCHAs are often unsolvable.
      • E.g.1: the CAPTCHA puzzle is broken by ambiguity (is one pixel in a grid cell of a pole holding a street sign considered a street sign?)
      • E.g.2: the puzzle is expressed in a language the viewer doesnt understand.
      • (note: for a brief moment gitlab.com switched to hCAPTCHA by Intuition Machines, Inc. but now theyre back to Googles reCAPTCHA)
      • Network neutrality abuse: there is an access inequality whereby users logged into Google accounts are given more favorable treatment the CAPTCHA (but then they take on more privacy abuse). Tor users are given extra harsh treatment.

The reason for the reCAPTCHA stuff being hosted on Google.com is shared cookies. This allows reCAPTCHA to gain more information about what you trust Google with online…

This is why gitlab.com should be listed as a service to avoid, like MS Github.

Perchè non usare GitHub

Privacy problems with Microsoft Github service

  1. MS feeds other privacy abusers:
    1. Github uses Amazon AWS which triggers several privacy and ethical problems
    1. (2012) MS spent $35 million on Facebook advertisements, making it the third highest financial supporter of a notorious privacy abuser that year.
  1. Censorship and project interference: Github staff apparently deleted a contributor who was reporting a privacy abuses present on other projects. Hostility toward volunteer privacy advocates is in itself sufficient reason to abandon Github.
  2. Github may have a policy that entails censoring bug reports (see this post for the discussion)
  3. Github is Tor-hostile (according to Tor project, although personally I've had no issue using Tor for GH)
  4. MS is a PRISM corporation prone to mass surveillance
  5. MS lobbies for privacy-hostile policy:
    1. MS supported CISPA and CISA unwarranted information exchange bills, and CISA passed.
    1. (2018) MS paid $195k to fight privacy in CA
  1. MS supplies Bing search service which gives high rankings to privacy-abusing CloudFlare websites.
  2. MS supplies hotmail.com email service, which uses vigilante extremist org Spamhaus to force residential internet users to share all their e-mail metadata and payloads with a corporate third-party.
  3. MS drug tests its employees, thus intruding on their privacy outside the workplace.
  4. MS products (Office in particular) violate the GDPR
  5. To report an MS security bug, one must sign in and the sign-in page is broken. It's really bad for security to make defect reports difficult to submit.

Privacy-compromising consequence of using Github for a project:

  1. (conflict of interest) selects only contributors willing to make privacy compromises, and excludes those who will not use GH for privacy reasons.
  2. (conflict of interest) When contributors are evaluating whether a tool is privacy-respecting, they white list Microsoft and Amazon as a consequence of using Github, and then use that as rationale to endorse an unworthy tool.
  3. (side-effect) Privacy advocates who use GH face demoralizing criticism for what some regard as hypocrisy. PTIO contributors should not be subjected to that.

Rationale for staying with Github:

The shake-up of making a move will lose contributors.

#### Problems with Gitlab service

Many Github refugees fled to Gitlab when Microsoft acquired Github. It's a bad idea. Gitlab should be avoided.

Alternative

self-hosting Gitea (+) avoids the "shake-up" problem of shrinking the community each time the project moves (there is no risk that the privacy factors would later take a negative turn). (+) Gitea.it could host other privacy-focused projects and become part of the support structure for them. Centralizing privacy-focused projects would increase Gitea.it visibility and establish a place where developers with the same high-level goals could develop in a more united way. Poaching privacy-focused projects from GH and GL would solve the hypocrisy problem those projects are facing as well.

You give one-line on the evils and probably not enough detail to be persuasive. Theres an enumeration of issues above. Also, most of the projects you recommend have a line “source code: github”. Consider linking to the source code in a way that shames the project, otherwise your site promotes GH more than it discourages it. Not everyone will read the GH section. Perhaps express it this way “source code: github (shamefully)”. Also, prefix “Github” with “MS”. (edit) There is a Github link at the bottom of your page. You should certainly not be linking to it from your public website because it leads visitors in the wrong direction. It also hurts your perceived credibility because many readers wont follow that link; they will just think “what a hypocrit”. You should set the GH issues to external and link to the gitea.it issues. Your readme is too short. You should use that space as an opportunity to detail all the Github issues I linked you to.