
GitHub's 2014 Transparency Report - picks_at_nits
https://github.com/blog/1987-github-s-2014-transparency-report
======
MCRed
These "secret orders" are an abuse of power, and we already have many
indications that they are being abused (eg: more used for going after drug
dealers than terrorists, which was the "justification" for them originally.)

That we admit this, that our government is acting in a criminal fashion, in
conflict with the constitution, and we have accepted it as "normal" is just
proof that we are frogs who think the water is just fine.

We should be outraged and demanding prosecutions and investigations. But of
course, who owns the prosecutors and the investigators? The government.

And we've been taught by government schools to be "good germans" (Eg: to give
the benefit of the doubt and wide latitude to government.)

~~~
rjbwork
It would be nice if all the takedowns were from the government. They've not
mentioned the non-legal-system-influenced takedowns of
[https://github.com/GamerGate/GamerGateOP](https://github.com/GamerGate/GamerGateOP)
and [https://github.com/FeministSoftwareFoundation/C-plus-
Equalit...](https://github.com/FeministSoftwareFoundation/C-plus-Equality)

Who cares if they're transparent in government takedowns if they're going to
actively censor their own users?

~~~
parennoob
From what I can see, it looks like GitHub employee @jakeboxer explicitly took
the GamerGate one down to satisfy a feminist called @nexxylove because she
claimed it contained "stalking and harassment" documents.
[http://imgur.com/AgSwrE2](http://imgur.com/AgSwrE2). This is the same
individual claiming to be "astounded and really fucking angry" at the
Intel/Gamasutra fiasco part of Gamergate
([http://i.imgur.com/l1Uwkvd.png](http://i.imgur.com/l1Uwkvd.png))

Yep, not evident from the transparency report that repos get taken down so
casually, with other users protesting. [I'm guessing it probably _didn 't_
contain those sort of instructions, and they can't claim so in the
transparency report, because that would be libelous.]

~~~
rjbwork
Wow. I didn't know the gamergate thing went down like that. Apparently your
repos on github can just be deleted at the whims of the employees...

Overall github is great but they definitely have some Growing up to do as an
organization.

------
bitdestroyer
> 0-249 National Security Orders Received

> 0-249 Affected Accounts

So, I would assume it's fairly safe to say they got 249 NSLs or am I missing
something about how people are using ranges to go about skirting this
ridiculous law? Obviously it could be within that range, but that's an oddly
specific number.

~~~
vladharbuz
Read the linked PDF
([http://www.justice.gov/iso/opa/resources/4222014127160422403...](http://www.justice.gov/iso/opa/resources/422201412716042240387.pdf)).
They are only allowed to report the number in bands of 250.

~~~
lojack
Is this something added specifically to prevent warrant canaries?

~~~
iLoch
You wanna be the guy that gets to try that out in court? If it even goes to
court?

------
fastball

      Until such time, we are not even allowed to
      say if we've received zero of these reports
    

What could possibly be the reasoning behind this?

~~~
mcintyre1994
My guess is that it's to hide how widespread the program is. If loads of
companies were saying 1-249 instead of 0-249 we'd be able to see how many
companies they're hitting. As it is we can't see that and presumably that lack
of accountability makes abusing processes simpler for them.

~~~
yeukhon
I am not following, but why would they chose 249?

~~~
Estragon
I think a judge chose it for them in a lawsuit brought by twitter, but I could
be wrong because I wasn't following the news closely at the time. Their
preferred value was infinity.

------
dogma1138
The most interesting take down seemed to be the one from the "The Federal
Service for Supervision of Communications, Information Technology, and Mass
Media of the Russian Federation".

Now you first thing it would be some anonymity tool or something like that,
nope it's an empty repo with a 32 ways of how to commit suicide in the repo
notes including what you need and how long it will take you to die.

Not sure why GitHub only blocked access to that content from Russian IP
addresses rather than removing the repo completely like they did with cases in
which the repo was actually used for legitimate purposes...

------
baldfat
> Total Request from Subpoenas, Court Orders, and Search Warrants = 10 >
> Percentage where information was disclosed 70% > Percentage where users were
> informed of the request 43%

EDIT: I am not smart. I didn't think of that percentage that received
information on the disclosure of information and was thinking in terms of
total subpoenas.

How is it not 40% or 4 users and we get 43%? One person only got 1/3 of the
information?

~~~
jamesfe
7/10 in which info was disclosed of which:

4/7 users were not informed = 57%

3/7 users were informed = 43%

But left over: 3/10 in which info was not disclosed

I agree, the infographic was not 100% clear (no pun intended)

------
lifeisstillgood
The first set of numbers confuses me

10 requests for information, 7 responded to, and then 43% of those seven
requests has the user informed. How do we get 43% of seven?

Edit - ok next paragraph tells me 10 requests for 40 accounts.

To me this seems pretty low - given that GitHub has millions of accounts, that
only 40 got suspected of being involved in crimes seems amazingly low. Or that
not even criminals store their secret bank robbery plans in free online
hosting services :-)

~~~
dboyd
3/7 == 0.42857

~~~
lifeisstillgood
That's embarrassing - I was still mentally usin ten as the denominator.

Back to school

------
Ezhik
The Roskomnadzor requests, though. So ridiculous. It's not even code they
wanted removed, but instances of a non-serious copypasta.

------
phy6
In the spirit of getting a more exact estimate, would it be possible to hire a
registered-agent type service (a commercial 3rd party) that posts the image of
every manila envelope it forwards on to the company HQ?

------
Grue3
So basically the only government they bent over backwards for was the Russian
government. Wish they actually showed some spine like they did with China.

------
balls2you
National Security letters for open source code ?

Or is it for just the private repositories ?

Or is it to be able to "subtly add code" to existing repositories without
being seen ?

What would it be for ? I am stumped.

~~~
diminoten
> Or is it for just the private repositories ?

That. Relax.

> Or is it to be able to "subtly add code" to existing repositories without
> being seen ?

Come on now, this is not productive to speculate on. This is "the CIA is
controlling the population by putting chemicals in your water supply!" level
stuff.

~~~
celsoazevedo
Some people said the same about NSA, but now we know that they do "hard to
believe" stuff.

~~~
diminoten
That's some specious logic, at best.

~~~
celsoazevedo
So, according to you, they (agencies from US, China, Russia, etc) never cross
lines that you and me would never cross? They never tried to broke security,
sabotage, ..., or hack someone?

I'm not talking about moon or UFO's conspiracies. I'm talking about things
that, according to leaks and official documents, they already did in the past
and keep doing today.

~~~
Karunamon
And we have evidence of those things.

This is something else. Basic rationality demands that we not treat something
as truth until we have evidence of it.

The existence of bad actors does _not_ mean an abandonment of critical
thinking! Critical thinking in this case tells us that compromising a git repo
is a _horrible_ idea, mostly because even if you broke SHA and even if you
managed to slip the code in undetected, the jig is up the moment somebody
makes a conflicting change in that file, wonders what's going on, and then
discovers that the server copy does not jibe with the local copy.

~~~
celsoazevedo
And I agree with you.

But we can't blindly defend governments, agencies or countries and attack
someone just because their opinion or ideia doesn't fit on the "official
version".

There is also a big deference between what I did (considering the ability to
do something) and accuse them of doing something. You don't need evidence to
think if they can or not do it.

------
steamy
FISC takes no prisoners!

These Stasi guys don't take anything that may jeopardize the reign of their
paymasters lightly

~~~
chx
When people compare to the Stasi... do you even know what you are talking
about? Yes surveillance is bad but encouraging people to tattle on each other
is worse and encouraging children to report on their parents is horrific. Read
[http://competentcommunicator.blogspot.ca/2010/10/sentence-
ab...](http://competentcommunicator.blogspot.ca/2010/10/sentence-about-
tyranny-illes-gyula.html) much is lost in translation but perhaps some comes
across.

------
infinity0
The warrant canary is probably the existence of the sentence "Until such time,
we are not even allowed to say if we've received zero of these reports". Watch
that space.

~~~
jrochkind1
No. The "time" it's "until" is after "The courts are currently reviewing the
constitutionality of these prior restraints on free speech, and GitHub
supports the efforts to increase transparency in this area.".

Until the courts change the law and say they can say if they've received zero
of these reports or not, they are not allowed to. There is no 'warrant
canary'. It would be illegal, and Github is not telling you they are going to
break the law, they are telling you they are supporting efforts to change the
law, but until such time, they will have to comply, and they can't tell you if
they received any.

Until they receive 250, and then they can say they received somewhere in the
range of 250-499.

