GL sent me this statement. For the record, I didn't publish vulnerable systems, I published stores that have malware.
---
Willem,
GitLab has opted to remove the list of servers that you posted in your snippet. GitLab views the exposure of the vulnerable systems as egregious and will not abide it.
While GiLab reserves the right take further action, up to and including termination (https://about.gitlab.com/terms/), we have chosen not to terminate or lock your account.
Please know this decision was not reached lightly and we appreciate your understanding on the matter.
>For the record, I didn't publish vulnerable systems, I published stores that have malware.
This is a crucial point, because it shows GitLab is basically nonresponsive to the key issue; it's the difference between "Here's how to hack Giant Anchor Retailer" (unethical, possibly illegal) and "Giant Anchor Retailer has been hacked, estimated NNN cards may have been compromised" (of public interest, not illegal). In my case, I want to know if I used any of the retailers on the list!
For GitLab to call this "egregious" and that they "will not abide it" suggests that either GitLab is technically incompetent in security matters, or that they've received legal notices and decided that the shortest path to resolution is to throw their users under the nearest publicly-operated multiwheeled passenger conveyance. In either case, poor show, good reason to seriously consider moving off GH and GL.
And even if it were (a list of vulnerable systems, that is), why the fuck do they think that they should censor serious journalism? If you operate a public venue, then it is an important societal role of journalism to report on it if that public venue poses a risk to the public, whether that might also have negative consequences for the people operating it is completely irrelevant.
I really hate this trend of journalism leaking into services like Github. We have secure ways to share files with high redundancy, why put a service like Github/Gitlab in the line of fire when their primary goal is to enable open collaboration, vs open information.
Torrents are what in mind really, low barrier of entry for viewing, and someone in an oppressed state who can get arround a website block can probably get the torrent anonymously. To me not being easy to edit is an upside, additional data should require the initial trusted party to share a new magnet
Lots of people are saying "But the sites are already exploited" ... they are probably still exploitable further also, and GH/GL don't want to be at that party.
No, they would not be required - they are a private business and set their own terms.
As for being responsible - that is their motivation.
Should I assume that now you have access to this list that you will be contacting the site owners to notify them their sites are infected & exploitable? Would that be responsible on your part?
There is a right of free speech in many countries (I assume you are in one of them), but that right does not force anyone else to distribute or publish your speech.
Their servers, and their decision on what data is on them.
Want to make it available for every to read? Run your own server and host it there.
tl;dr - you have the right to say what you want, but you cant force anyone to listen.
And that's why no one is talking about forcing GitHub and Gitlab to do anything. They're merely complaining. Just because someone complains about something doesn't mean they think it is illegal or ought to be illegal.
Yes, but one by one the word "censorship" loses it's meaning. It used to mean preventing people from publishing their work. Now all it means is disagreeing about what should get shown prominently on social networks.
Anyone suppressing a work based on ethical judgments is practicing censorship. They could be acting on the authority of a state or religious institution, they could be removing immodest young adult fiction from the shelves at a children's library, or they could be moderating the content of a web site. Web sites are new, but the concept is the same as it's always been.
Sorry for our mistake Willem, we reinstated the snippet. Also see our blog post about this on https://about.gitlab.com/2016/10/15/gitlab-reinstates-list-o... TLDR; The owners of web stores have a responsibility to their users. And it is in the users interest to have the list published so owners. We currently think that the interest of the user weights heavier.
This is not a CVS, so you would still need to run something like git locally on your own server, but the idea of self-hosted modules will solve for the censorship of central authorities.
Did you ask them for permission to publish a private communication? Probably not, bad of you! -
Github/-lab is for projects imho and not a publishing platform. Why don't you publish it on your blog or something? All power to Github/-lab, kick out such stuff!
As you said: to some extent! Have a look at the "What is Github Pages" [1] and one clearly feels that Pages is meant for software, projects, manuals etc. And NOT to publish documents to shame 3rd party misbehaviour and hopefully attract publicity and quarrel. Such content should go to other places (imho).
Why are you so angry? This is not about shaming, but protecting customers - first thing I did even before reading the full article was to click the link to see if I have given my CC to fraudsters, then I was gifted with a 404 from GitLab.
---
Willem,
GitLab has opted to remove the list of servers that you posted in your snippet. GitLab views the exposure of the vulnerable systems as egregious and will not abide it. While GiLab reserves the right take further action, up to and including termination (https://about.gitlab.com/terms/), we have chosen not to terminate or lock your account.
Please know this decision was not reached lightly and we appreciate your understanding on the matter.
Regards, GitLab
GitLab Support Team GitLab, Inc.