
Github restricts public Faceswap repo to logged-in users - jordwalke
https://github.com/deepfakes/faceswap
======
everdev
> Like any technology, it can be used for good or it can be abused.

Important to note that it is also possible for a technology to have more
potential for abuse than good.

Sure, you can come to a philosophical place where nothing is good or bad, or
the good is perfectly balanced by the bad, but if we're looking at increasing
freedom, peace and trust, it's hard to see how the upside of this tech is
equivalent to it's potential for abuse.

The best argument might be that eventually no one will trust video.

~~~
shittyadmin
Basically, this is all possible using existing technologies, it's just labour
intensive.

As such, tools like this just prove the conclusion: No one _should_ trust
video.

~~~
timkpaine
It's funny how no major CS curriculum at a major University includes a
legitimate ethics course. In the modern era, programmers are akin to lawyers
or politicians; we wield immense, and often implicitly trusted power over
hundreds of millions of opinions. It's long past due that programmers be
required to adhere to ethical codes, maybe even to the extent of bad-style
licensing.

~~~
ISO-morphism
I recently graduated from a middle tier state school in CS/Math. The CS
portion required an ethics course, I believe its inclusion had something to do
with an ACM mandate. Out of over 100 enrolled juniors/seniors I don't believe
attendance ever reached double digits outside of 2 tests.

Sure, there was a "requierment," but I wouldn't really consider it legitimate.
It took concerted effort to "earn" any grade lower than an A. I wasn't
personally acquainted with any other student who seriously considered the
social and ethical implications of computers during or after taking a 400
level course titled "Social and Ethical Implications of Computers."

On the bright side, I heard through the grapevine that rigor, or at least
workload for the course, has increased since I took it.

Although anecdotal and perhaps specific to my institution, every recollection
of my University career makes me feel deeply thankful that I ended up
eventually pursuing a double major in mathematics. The quality and dedication
of the instructors wildly surpassed that of the CS department. Mathematics
professors were there to share knowledge. CS perfessors were pressured by
hiring statistics into "preparing us for the workforce" by essentially
quizzing specific interview questions like "what's the difference between
interfaces and subclasses in Java."

~~~
dgzl
A counter-example: I also attended a middle tier state University for CS, and
our single term required Ethics in Computing course was all but easy. That
said, it certainly didn't capture the attention of students.

~~~
gre
My one hour exam final prompt was “Networking is useful, but explain the
ethics involved in networking.” I answered with an essay about conflicts of
interest in business while my friend wrote about file-sharing.

------
jake_the_third
This is apparently github's doing, and not the people behind faceswap:
[https://github.com/deepfakes/faceswap/issues/392](https://github.com/deepfakes/faceswap/issues/392)

Github has an infamous history with imposing their feelings on projects they
don't like.

~~~
maxnoe
> Github has an infamous history with imposing their feelings on projects they
> don't like.

Can you elaborate on this part? I don't remember seeing something like this
before.

~~~
Jerry2
Github got offended over the use of a word "retard" and they nuked a whole
repo.

[https://www.techdirt.com/articles/20150802/20330431831/githu...](https://www.techdirt.com/articles/20150802/20330431831/github-
nukes-repository-over-use-word-retard.shtml)

There's lots more examples of their employees getting triggered and offended
by various things and then arbitrarily banning or censoring projects.

~~~
luch
Interesting, in French "retard" is a valid word (it means delay) which could
be used as a project's name.

Honestly it's a lost battle to try to censor hurtful projects names. At best
you can moderate US-centric ones.

~~~
zdragnar
It has the same meaning in English as well, but is rarely used aside from a
derogatory reference to mental development.

~~~
darkpuma
One instance in which it's still used is for retarders, a form of brake often
used on trucks and trains. Some forms, such as the jake brake, are very loud
so you'll occasionally see towns put up signs that say "no jake brakes" or "no
brake retarders" (because 'jake brake' is a generalized trademark.) As you
might expect, these later signs can turn into a source of amusement...

~~~
zdragnar
I think the term "fire retardant" is also fairly common in some circumstances
as well, though I'll admit to not being terribly familiar with brake
retarders.

------
alexcnwy
This is troubling in the context of OpenAI deciding not to release their code
and dataset for fear of it being put to bad use. It's a tricky topic but I get
nervous at the idea of research being censored.

~~~
xiphias2
That was very strange for me as well, as the original stated goal of OpenAI
was to decentralize power. It looks like instead of that they just want to be
one more of the few powerful entities.

~~~
skybrian
It's possible they would be willing to share with legitimate researchers who
ask. Putting it out there for anyone to download is not the only way to do it.

~~~
doctorpangloss
You're interpreting it totally backwards.

If they thing OpenAI made isn't interesting enough of a discovery without its
data (because it's all arbitrary anyway), but is very useful to spammers as a
piece of code, OpenAI has truly achieved the 200% opposite goals they were
looking for.

I mean the Faceswap people have the same problem. They could give less a shit
about porn. But that's what people used it for.

------
jamp897
The concern around deep fakes is that they could be used to trick people, fair
enough, but apparently tricking people doesn’t require much, if any,
believably. Throughout history up to today people are tricked by the most
obvious untruths with disastrous consequences on large scales.

~~~
dublo7
The end result of this is a bunch of trolls in Russia might be out of a job
soon and get replaced by a server farm running in the target country pumping
out similar but not identical stories.

What this might usher in is the era of cryptographically signed news articles.
Not just credibility but verifiability. Blocking

~~~
tcmb
> What this might usher in is the era of cryptographically signed news
> articles.

Actually, how about cryptographically signing videos as they get written on
the recording device?

Maybe there even are ways to sign data so that the integrity can get validated
on shorter segments, so that clips can be cut. Write a signature every 5
seconds for the past 5 seconds?

Edit: This exists and the term for it is 'video authentication'.

~~~
ric2b
> Actually, how about cryptographically signing videos as they get written on
> the recording device?

That wouldn't prove much besides that the person sharing the video had access
to the device's private key. I think the best you can do is timestamp the
video by uploading a hash of it to a blockchain, but even then that only
proves the video existed sometime before that instant.

------
jordwalke
More discussion on the topic:

[https://www.reddit.com/r/github/comments/99aovq/unable_to_ac...](https://www.reddit.com/r/github/comments/99aovq/unable_to_access_this_github_repository_from/)

~~~
sandov
That thread is 5 months old, so apparently the censoring is 5 months old.

~~~
akerro
Yes, microsoft blocked a lot of features in days after takeover. Try searching
for code being logged out.

~~~
majewsky
Code search has been restricted to logged-in users way before the MS takeover.

Proof: When searching "github code search login" on hn.algolia.com, it turns
up this HN thread from September 2016, nearly 2 years before MS bought GitHub:
[https://news.ycombinator.com/item?id=12581068](https://news.ycombinator.com/item?id=12581068)

------
amrrs
>Due to our concerns about malicious applications of the technology, we are
not releasing the trained model.

> We are aware that some researchers have the technical capacity to reproduce
> and open source our results. We believe our release strategy limits the
> initial set of organizations who may choose to do this, and gives the AI
> community more time to have a discussion about the implications of such
> systems.

Excerpt from the recent OpenAI blogpost about GPT2 text models. It seems valid
since giving the code or probably a web app can make anyone easily create
malicious intent content online

------
beatle_sauce
`git clone
[https://github.com/deepfakes/faceswap.git`](https://github.com/deepfakes/faceswap.git`)
still works without login...

~~~
0gz
You can also see forks without login.
[https://github.com/0i0/faceswap](https://github.com/0i0/faceswap)

------
aaronbrethorst
Technology is not inherently neutral, and it’s time our industry collectively
grows up and stops treating it as such. I hope this is a harbinger of that.

~~~
shittyadmin
What do you think about Tor? Bittorrent? Bitcoin? How about things like IDA
Pro? Many pretty amazing technologies have pretty destructive popular if not
primary uses.

I feel these tools are worth having on their own and it seems widely accepted
at this point that the tools themselves aren't at fault for their user's
actions, even if those actions are the most popular use of the tools.

Personally I'm much more concerned about the ethical actions of internet
advertisers and social media giants - those who are making direct ethical
decisions that impact their users privacy and access to information.

~~~
beefhash
Tor, Bittorrent, Bitcoin and IDA Pro are all fascinating technology. Guns are
also fascinating technology. The world has gun control, but not software
control. I agree with your parent comment that we need to stop letting
dangerous knowledge and (even worse) ready-to-use tools be spread openly.

As far as I know, at least Hex-Rays screens customers very carefully before
selling IDA Pro.

~~~
wedn3sday
The world very much DOES have software control. There are whole sets of
countries that cannot use certain versions of SSL and other popular encryption
tools because of software export controls. Yes, the governments of these
places can still get access, but they can also buy weapons ect on the black
market.

[https://en.wikipedia.org/wiki/Export_of_cryptography](https://en.wikipedia.org/wiki/Export_of_cryptography)

------
Sadkov
Happened to me too, after I published my book criticizing Russia:
[https://github.com/saniv/text/blob/master/one-life-in-
russia...](https://github.com/saniv/text/blob/master/one-life-in-russia-
eng.md) Hi Nikita, Thanks for writing in. Your repositories were set to
require a login to view following multiple reports from users concerned about
their contents. This was done as an alternative to hiding or disabling the
content entirely. Thanks, GitHub Support Russians support freedom of speech
that much.

------
tokyodude
I'm of many minds about this

Censorship: bad.

That Life: The tech will get created by someone else so censoring does almost
nothing. Better to put it out there so we can try to make defenses. Maybe make
a bunch of fakes with famous people's permssion to spread the word how you
can't trust video anymore

Dangerous: To take an extreme example imagine you figured out how to make some
kind of E=MC^2 bomb simply such that anyone with the knowledge could make a
device that could blow up a city for $100 and a few hours of time. Would it be
ok to upload those instructions to the internet for any disgruntled teen to
repo?

deepfakes are certainly not at that extreme but we can also clearly imagine
the harm they could do as they progress.

There have been several examples recently of people seeming to react to
arguably false perceptions. I'm actually thinking of ones in the last 2-3 days
but I'm sure there are plenty of others.

~~~
akerro
Hey! We love opensource and AI so let's being AI to communities!

\- Community creates a project that makes it impossible to track faces in
social media and anywhere online.

yghmmm, no, not that kind of AI

------
P_I_Staker
I'm at a loss for what this will actually do in the long run. Seems like
someone can just do an unofficial "pirate fork" or dump the code somewhere
that doesn't track it's users. That would be a virtual certainty, if this ends
up being an in demand thing.

~~~
canofbars
My guess is its to prevent a few of the non programmer journalists from
viewing it and creating a drama storm.

~~~
P_I_Staker
Fair enough, I guess there's reasons, especially from a PR perspective. It
just seems like a useless gesture to me.

------
timkpaine
What's more scary than fake sex tapes is the potential for easy plausible
deniability for real criminality.

~~~
malloryerik
Or false incrimination, false flag operations and so on. You can start a war
with a video. That might change to some degree as trust in video decreases,
but what trust will take its place?

~~~
sametmax
We could already, and we probably did, fake video to start wars. The tech just
make it easy for everybody, but state actors have been manipulating pictures
for a long time.

------
akerro
Since MS took over Github also code-search requires being logged in.

~~~
saagarjha
Are you sure about that? I seem to recall them doing this for quite a while.
Or maybe that was advanced code searches?

~~~
ShorsHammer
Quite sure you are right, unless my memory is failing sitewide github search
of codebases required a login. Searching for repo names without login was ok
though.

Possibly it was only enforced for very generic search queries returning
thousands of results but it has been around a long time, Github acquisition
was only in October 2018.

~~~
tbodt
Sitewide code search has been used to find AWS keys and other secrets people
have accidentally uploaded. The login requirement is so they can set
meaningful rate limits.

------
simplecomplex
I can’t imagine the blowback about censorship would be worth this.

Censoring will just draw more attention and traffic. What’s really unsettling
is that GitHub is playing politics with its users, without even informing them
or communicating with them. You would think they would have the courtesy to
tell the owner.

~~~
RantyDave
I don't think they're playing politics, I think they're playing "don't get
your arse kicked by the government". _Very_ interesting that someone wants to
know the names and emails of everyone accessing OSS deep fakery - I wonder
what else there is...

------
seotut2
It's interesting that git cloning the repo works even without logging in.

~~~
jordwalke
Are your ssh keys being used? Or did you use the [https://](https://)
endpoint?

~~~
davidcorbin
The https endpoint works without authentication

~~~
regecks
Another curiosity is that it still shows up in the search results for
anonymous users:
[https://github.com/search?q=faceswap](https://github.com/search?q=faceswap)

Hard to guess at the intention.

~~~
est31
Yet another curiosity is that the repo itself is only accessible to logged in
users, it's almost 3 thousand forks are not. This is a half baked GitHub
feature.

It's pretty stupid to make it only available to logged in users as all it's
doing is annoying people. Hope this "feature" stays half-baked, don't want
GitHub to become authwalled like LinkedIn has become.

------
m0zg
Heh. They might have achieved the opposite of what they wanted to do. I did
not know about this repo, and now I have a local clone, just in case they
"censor" it for good.

~~~
emerongi
Streisand effect. I also cloned the repo, just in case - wouldn't have
otherwise.

------
peterwwillis
Throughout human history, people have published information in order to
discredit or defame their opponents. Sometimes this has worked. But in the
majority of cases, what determined the result was the climate _around_ said
evidence, not the evidence itself.

I can show verifiable, witnessed audio recordings of a guy saying he likes to
grab women by the pussy, but that won't stop that guy from becoming President.
Powerful tools don't run societies, people do.

------
vortico
Just to make sure, is the relevant behavior here that going to the URL shows
its generic login form when not logged in? Definitely can't be unintentional.

------
smsm42
I see why they might have done it, but I suspect we've already seen what's
coming next. Limiting access to code used by very notorious and controversial
groups. Limiting access to code written by very notorious and outrageous
people. Limiting access to code produced by somebody who is sympathetic to
very notorious and outrageous people. Limiting access to code produced by
somebody who once said something controversial on Twitter and the outrage
machine decided to dig it up today. Etc. etc. The slope exists, and we already
have seen how slippery it is. It always starts with almost 100% clearly bad
cases. It rarely just ends there.

P.S. and yes, before the obligatory "it's a private business" comments come
in, I know I can build my own Internet and avoid all this. Thanks for
reminding.

------
eqdw
My understanding of the deepfakes timeline:

1) One day somebody posts a handful of really obviously faked janky looking
porn videos. We all have a good laugh, briefly imagine the possibilities, and
then move on

2) Like 3 weeks later, every social media platform explicitly bans this dumb
toy that wasn't even any good

3) a year or so passes

4) Now governments are passing dramatic legal bans on these things, and
there's all kinds of shady things happening. Like, this is the first instance
of this kind of public restriction I have _ever_ seen on github.

So: which major news events were completed fabricated?

------
thrownaway954
SPA = Single Page Application

Notice how that says "Application", not website. It amazes me how people want
to make their WordPress site into an SPA simply because someone told them to
do so or it was the next "hip" thing to do.

SPA have their place... migrating a desktop application to the web and making
it a SPA makes perfect sense to me.

~~~
thewarpaint
Wrong parent.

------
qwerty9876
This has been the case since it's release a year ago. very interesting, are
they collecting data on who visits it?

------
jorblumesea
I wonder if some AI technologies will need a non proliferation pact similar to
nuclear weapons. Similar to how centrifuge technology was a guarded secret,
perhaps we should consider something for the most damaging of AI patterns.

While I agree technology isn't inherently good or evil, this feels more
harmful than helpful.

------
enitihas
Asking for a login in incognito for me.

------
AndrewHampton
> We will take a zero tolerance approach to anyone using this software for any
> unethical purposes and will actively discourage any such uses.

Why not change the license to enforce the use restictions?

------
xiphias2
It looks like it was 5 months ago, not much after Microsoft bought GitHub. It
looks like they do enterprisy things already that will make people like GitLab
better.

~~~
SamReidHughes
This behavior was around since before the acquisition [3].

[3]
[https://github.com/deepfakes/faceswap/issues/392](https://github.com/deepfakes/faceswap/issues/392)

------
Animats
Soon, "Sign in with your Microsoft account?"

------
SXX
Not a surprise. GitHub comply with censorship requests from non-US government
agencies around the world since forever.

------
40four
Comedian Kyle Dunnigan does the best stuff around with face swap
[https://www.instagram.com/kyledunnigan1/](https://www.instagram.com/kyledunnigan1/)
He does parody videos of Trump, Kardashians & a lot of other celebrities.
Really funny stuff. Take a look if you haven't seen! Everyone is focusing on
the negative, but this guy is making something positive I believe.

------
miguelmota
Can someone explain the reasoning for requiring login for this particular
project?

------
jordwalke
HN changed the title of this from the original question: “GitHub censors
deepfake source code for non logged in users? (Try incognito)”

I have no opinion about whether or not that is a better title, but I thought
it should be known that it was modified from its original.

~~~
TeMPOraL
Good you mention it, because I did not understand intended meaning of current
title ("Faceswap Github repo is public but requires a logged in user"). I
scoured the README to see how they managed to restrict a standalone, offline
piece of software. Turns out, it's Github who's restricting access.

While censorship may not be an appropriate word, this _is_ weird. Why would
Github do something like that, except to force people accessing the repo to
leave a trail leading to their PII?

~~~
dang
That's a fair point. I've modified it again to make it clearer that it's
Github that did the restriction.

------
Proven
Big deal. Why should we care?

Anyone can fork and mirror it where they want, and make it accessible to
anonymous users. Sure, that would "inconvenience" some users, but so what?
Github doesn't exist to please every single person out there.

Create your own mirror, and let us know the URL. Don't just whine and try to
manufacture outrage if you aren't willing to do contribute resources required
to host the code yourself.

I fully support Github's right to use their property (github.com) as they
please, because I want the same right for myself.

~~~
marcinzm
Github is free to do whatever they want and everyone else is free to complain
about. Freedom to do something does not mean you're free of consequences for
doing so.

------
aaronbrethorst
“I may not agree with what you have to say, but I will defend to the death
your right to create fake nudes of celebrities.”

— definitely Voltaire, for sure. /s

~~~
qubex
As a nudist I’ve often thought this DeepFakery might allow people to take a
sigh of relief, take off all their clothes if they so please, and dismiss any
photographic or video ‘evidence’ of the event as a fake. And wouldn’t that be
liberating? I’m reminded of indistinguishable-from-real-but-fake-data called “
_bogons_ ” from Neal Stephenson’s _Cryptonomicon_.

~~~
shittyadmin
I wonder if this might actually have some benefits for victims of revenge or
leaked porn, including celebrities in the long run - "oh, that's photoshopped"
seems an easy way to put something to bed.

~~~
qubex
Precisely — but how dumb is it that we actually experience a societal need to
put what evidently is pretty widespread ordinary behaviour “to bed” in a
plausibly deniable manner?

------
villgax
How soon .docx for Readme?

Works with clone though. Wonder how many more such repos exist?

Do they have a transparency report which includes such action?

------
akerro
Ah yes, Microsoft and their love and commitment to opensource!

~~~
scrollaway
As someone else said, this behaviour has been around since before the
acquisition. Completely unwarranted cynicism.

------
o10449366
I would not be surprised if it turns out Microsoft is behind this.

~~~
cazum
Well, Microsoft does own GitHub. Who else would be behind it?

~~~
alexeldeib
I think the implication was that MS directed someone in the GitHub org to do
this, rather than someone in the org making that decision independently.

As a Microsoft employee, it would be even more enormously disappointing if
this were a top down rather than internal org decision.

