Hacker News new | past | comments | ask | show | jobs | submit login
[flagged] Tell HN: GitHub deleted anti-censorship activist repositories
293 points by zzzcpan on Apr 12, 2019 | hide | past | web | favorite | 63 comments
Github just deleted ValdikSS [1] account and all of his repositories.

Including GoodbyeDPI, bypassing some DPI-based censorship, and Super-UEFIinSecureBoot-Disk, allowing to boot things when secure boot is enabled. The interesting thing is that he recently published some work [2] breaking UEFI secure boot (not on github, but on zeronet), basically undermining Microsoft, current owner of Github and big pusher of UEFI.

His twitter account confirming that: twitter.com/ValdikSS

[1] https://github.com/ValdikSS

[2] https://habr.com/en/post/446238/

No, Github DID NOT delete my account. My account is hidden from public (shadowban).

No, this is likely not because of GoodbyeDPI or Super UEFIinSecureBoot Disk.

Most probably it's because of someone has been spamming from my ISP's /24 IP range.

>His twitter account confirming that: twitter.com/ValdikSS

No, learn to read.

Thanks for the input. So much hyperbole being thrown around in these comments.

Thanks for GoodbyeDPI. Do you plan to mirror it in Gitlab?

I want to upvote you because you're the original author and thus your comment is super relevent, but I think the last sentence of your post violates this site's guidelines. What in your tweet was misinterpreted?

>but I think the last sentence of your post violates this site's guidelines

I'm really getting pissed off when people overinterpret other people texts and create "news" based on their biased misinterpretation. What I stated in twitter post is that any company can do anything with your data or account, and you should not rely on any free service on the internet. That's it, only that. I did not say that my github account is deleted or that the reason behind that is one of my repository.

Moreover, for some reason people tend to read only that first tweet while what I wanted to say is in next 5 tweets too.

My primary language is Russian, and I'm usually very cautious of my written language and always try to write any texts (emails, blog posts, Russian craiglist listings) as clear, unambiguously and literate as possible, but always see people who just don't read. This is not an insult, I mean it literally: PLEASE learn to read in full.

> This is not an insult, I mean it literally: PLEASE learn to read in full.

I find it amusing that wanting other people to learn to read can be and often is considered insulting. Perhaps there's also a bit of a culture clash - Russians are relatively direct.

Spending your time trying to write clearly and unambiguously likely won't be appreciated much, but it does make the world a better place.

> I find it amusing that wanting other people to learn to read can be and often is considered insulting.

It's an insult when that person does know how to do it.

This issue wasn't related with his capacity to read either, which further enhance how it was used as an insult.

It was a misunderstanding, that's all. No one is specifically responsible for it.

I don't see what your are arguing at all. I see full intend of abusing the "misunderstanding" to push fake news. We should be more cautious to the adversary trends lately instead of focusing on someone's own feeling.

> Moreover, for some reason people tend to read only that first tweet while what I wanted to say is in next 5 tweets too.

I find it concerning that Twitter has become such a common way to share news. The short message format can make it impossible to get a full point across reliably.

Expecting people to read in full before commenting seems too much to ask nowadays. I wonder where this will take us.

Well, you are assuming incorrectly that I didn't read anything in full. I did read everything and I understand your views. But I didn't misinterpret them, I didn't think your views on the issue are very relevant here to even include them. Neither are relevant specifics of something that appears to be deleted to everyone, but you. The facts are: it is deleted, only Github knows why.

I think he's understandably upset that his own Twitter account is cited as a source for something that he does not agree with and did not suggest.

It seems like all that his Twitter feed confirms is that his page shows as 404, but nothing more than that. He did not mention any association between the ban and his work, instead on Twitter he's just saying self-hosting is more reliable. The latest tweet implies the shadow ban ("invisible issues, invisible commits, invisible code comments!").

>I think he's understandably upset that his own Twitter account is cited as a source for something that he does not agree with and did not suggest.

He sure is understandably upset. It sure explain WHY he answered like that, but it's not an excuse to act like that.

> It seems like all that his Twitter feed confirms is that his page shows as 404

That's pretty much what I implied. But added twitter so that people can see his perspective.

Read the misinformation, and hyperbole being thrown around in every other thread inside this post.

All based on basically a misunderstanding, which I don't believe was done out of malice. But at the end of the day this is essentially "fake news". Again, likely born out of ignorance, not malice. But I think the person being misrepresented saying "learn to read" is hardly over the top.

Your twitter postings are ambiguous.

> 2019-04-10

> Many people, incl. friends of mine, rely on "cloud" for file storage, use "free" messengers, listen to music on "services", and expect companies to provide stable and consistent service.

> This is what you get in the end: https://github.com/ValdikSS [image of 404 error]

> 2019-04-11

> I can create invisible issues, invisible commits, invisible code comments!

The first one sure looks like "deleted".

In the second, you could be talking about being shadowbanned, but getting that depends on knowing what it is.

Also, being shadowbanned is arguably worse than deleted. I've seen shadowbanned accounts post for many months, apparently unaware of their status. When I see one with a listed email address, I let them know, as a courtesy.

That's because the topic of my tweets is not about github, it's about people who (for the reason I don't understand) tend to rely on free third-party services on the internet, and expect stability and consistency from these services, but always forgot to read terms of service and do not expect that the service may delete their data of whole account without any explanation.

I always expect that, because I always read terms of service. This is an excerpt from Github ToS:

>GitHub has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately. GitHub reserves the right to refuse service to anyone for any reason at any time.

So I don't understand why people give attention to some problems with my account, why anybody should give a clue and why this is a topic for discussion. Nothing unexpected has happened. I never stored sensitive data on github, never used it for OAuth, and this account does not have serious value for me. I have all the data backed up locally, on external drive, on several others git hostings and on remote computers. I don't know the reason yet, Github did not send any notifications before shadowban and I did not receive a reply from support yet, but I'm pretty sure that neither GoodbyeDPI nor Super UEFIinSecureBoot repository are to blame. Most probably this is false positive of their anti-spam system.

I get all that.

But this isn't about you.

This is about people being concerned that GitHub is banning or shadowbanning accounts for political reasons. Your GitHub account may be worthless to you, but many have (stupidly enough, I agree) relied on GitHub. Consider the confusion if GitHub took down Docker. Or even algo or Streisand.

One of the most terrifying parts of 1984 (the Orwell novel, not the year) for me was the memory hole - a physical hole in every office where paper containing illegal ideas or "wrong" information was dumped to be immediately incinerated. So much of what we know about the past and who we are today comes from the written record and interpretations thereof - it was basically erasing history as it happened.

For a long time, we didn't really have to worry about this sort of thing, because the physical infrastructure required for such a system didn't exist, would be prohibitively expensive to create, and would likely lead to massive protests if someone tried to create it.

But now we are in the digital age, and we have slowly been creating our own memory hole infrastructure, bit by bit, in the form of centralized cloud services. This deletion is an example.

Now, these service providers should be (have to be) allowed to remove whatever they want from their platform, but the fact that they can do so should be front and center in everyone's mind when they post content to them, be it code or text or video. We should be patronizing alternatives to github, youtube, facebook, and all other large centralized data stores as much as possible.

This technology exists, it just needs to be more widespread. Scuttlebutt[1] is a system for building peer to peer applications. It's main use currently is social networking[2] but someone has already implemented a git store /GitHub alternative on top of it[3]. Nobody controls the network so it can't be censored. If we can get more developers building on top of it we could have a much more decentralized internet.

[1] https://scuttlebutt.nz



Since git users keep complete copies as a matter of course, the effect of github deletions is less dramatic. I realize this doesn't help for related information such as issue discussion.

On this note, I'm surprised there's still no de facto standard for having web UI issues associated with a repo actually be powered off text files committed in a subfolder.

There have been a few different projects for tracking issues as objects in Git storage, but they all do things in slightly different (incompatible) ways and none have gained enough mindshare to be commonly used. My guess is that none will ever gain enough mindshare without being packaged in with git itself, either, so we got ourselves a chicken and egg problem.

bugseverywhere.org is (was? seems a bit dead) a project doing exactly that - saving issues as part of a git repo

The EU's whole right to be forgotten is the first step in this direction. Honestly the whole EU has been kind of scaring me lately in terms of what they view as acceptable limits on freedoms, especially for speech.

We also have an accidental memory hold once we've lost the reading method for previous digital records.

That's nothing new. We've been forgetting how to read old records since at least 1200 BC (when the Greeks forgot how to read and write).

Interestingly, while Greek history from that period is lost, Mesopotamian/Assyrian/Persian/etc. records continue with cultural continuity from ~3000 BC right up to the Arab conquests, at which point they forgot how to read their old records too. This strongly suggests that that loss was intentional.

The most recent example in relation to written records is probably the switch of Germany, under the Nazi rule, from the traditional blackletter Fraktur script and its cursives Kurrentschrift and Sütterlin to the ‘Latin’ script. Soon enough, people didn't know how to read their grandparents' handwriting.

Try for yourself: https://en.wikipedia.org/wiki/Sütterlin

But it seems that Hitler's rationalization of “if we're to trade with the rest of Europe, those nations must understand German writing” came to be fulfilled.

This example is a little bit softer than the ones I mentioned. 'Latin' German is, I assume, letter-for-letter identical to blackletter German, just with noticeably different glyphs. Given, say, a box of correspondence, a German who'd never been trained to read blackletter could probably puzzle it out.

Akkadian and Sumerian were thousands of years old (and, obviously, long dead) when they got wiped out. And while Mycenaean Greek is not much different from classical Greek (with a gap of only a few centuries), it is written using a writing system entirely unrelated to that of classical Greek, which we assume was originally developed for some other unknown language because it fits Greek so poorly.

> “if we're to trade with the rest of Europe, those nations must understand German writing”

I don't see why this would make any difference. We trade with Japan (and had been doing so for centuries before Hitler). Recognizing the letters in a German contract isn't much good if you can't understand the words.

Unfortunately we live in a time where there is no money in doing the right thing. If you want to work on replacing these monopolies, save up your money and try to budget the best you can. It's sad that a decentralized GitHub doesn't exist yet backed by IPFS. It's unfortunate the direction browser companies is more invasive web technologies that enable sites to track your every move. You are competing against billions, if not trillions, of dollars when you want to challenge the status quo. These companies know that eventually you'll need money and they'll buy you and all your friends up to stop making things better and to join them in their mission.

>> It's unfortunate the direction browser companies is more invasive web technologies that enable sites to track your every move.

It's ironic that browser makers talk about sandboxes and isolation these days. They started out mostly that way, but then had to provide ways for web sites to gain progressively more access to your computer.

There's GitCenter in ZeroNet network. It's a git synced via bittorrent-like protocol.

ZeroNet: https://zeronet.io


thats true, and im surprised every single day webarchive is still up. it will eventually be removed/censored/etc.

There is a decentralized GitHub: https://github.com/noffle/git-ssb-intro

It isn't even open source and appears to have very little active development. Very poor quality overall. No one would switch away for something like this.

Now that's a beautiful bit of irony.

This person has PERSONALLY helped millions of Iranians to get out of the internet censorship there.

So much love and respect for you, ValdikSS.

The underlying theory is still about [1] There is some code of use get it quick [2] I also found an MS blurb about UEFI [3]

This apparently requires a Kaspersky rescue GRUB

" Red Hat GRUB Secure Boot repository[2], the only problem—PE header parser is missing. GRUB gets parsed header from shim, in a response to a function call via a special protocol. This could be easily fixed by porting the appropriate code from the shim or PreLoader to GRUB."

[1] https://habr.com/en/post/446238/

[2] https://github.com/rhboot/grub2/tree/grub-2.02-sb

[3] https://techcommunity.microsoft.com/t5/Windows-Hardware-Cert...

He was shadowbanned, not deleted.

Also, not as righteous as everyone makes him out to be. The dude was hosting torrents on things like Christchurch shootings in his repos. His content probably violated some terms of service.

> The dude was hosting torrents on things like Christchurch shootings in his repos.

He had links in gists. What terms does this violate? Shouldn't they remove it or warn him rather than locking / shadowbanning his whole account?

He was warned several times before

That's not true.

From your Twitter:

"I have other torrents in gists, and I used to have blocked repository for which Github contacted me prior to blocking this exact repository, asking to remove some files from it. This time I've got no notifications and got my account (not a repo/gist/etc) shadowed."

It was only once when my repository got take down by government request, and that time I got a notification prior any actions from Github, after which they restricted access to only said repository from Russia only. I never had problems with data (incl. bittorrent links) in gists or warnings about that.

Hosting may be done for righteous motivations exactly, if the video is being censored away.

There are few good reasons to want to review a crime scene, and many good reasons against watching. There may be no direct reason to watch the video of the crime, and only the indirect chance that it might be important. There may also be perverse incentives or at least a morbid curiosity. Stipulating any of that would be unjust, though. The saving grace would be that clicking on a link is anyone's own responsibility, or the parents in case of child protection. Especially a security researcher and privacy advocate would highlight that fact. The real problem may not be the sensitive feelings but primarily advertisement, an expression of affirmation. Just what does merely hosting a video express?

Legally speaking, not formally but morally, the personality rights involved in the content stand against the matter of public interest. Claiming a matter of public interrest over this individually should be neigh impossible. It's rather confusing and contradictory to devalue others privacy, making a stand for privacy, and defending integrity of privacy.


Eventually, those terms of service will cover not-so-outrageous things. If it happens in media and corporate comms, it's only a matter of time before it trickles down into software. As more and more, cueing my inner George Carlin here, self-indignant, self-righteous SJW pricks (that is, distinguishing between real social justice inclined folk, not those who are mad their college micro-triggered them by having a Westboro baptist guy on campus, or Ben Shapiro) make it into these companies, you will see more draconian measures being taken to police thought. It's not a slippery slope if it is actually happening.

My personal opinion we do ourselves a huge disservice by filtering out these things. You should display its grotesqueness. Display the horrors of humanity. Teach people life isn't snowflakes and rainbows and that there actually are terrible, evil people out there, not a sea of undiscovered victims. Evil exists as a virtue in of it self, if not to simply show you what the opposite of evil is. Maybe you don't know what good is, but know that it isn't "that"

> Eventually,

>It's not a slippery slope if it is actually happening.

How can you start a comment with eventually and then end with, it's not a slippery slope it is actually happening?

There's a line to trace somewhere between what is acceptable to host and what isn't. You may disagree with WHERE the line is, sure, but there's a line to trace. It can be barely where it's legal in the country hosting that content (which is still open to interpretation, or else we wouldn't have court systems).

Now are you disagreeing with a line that include Christchurch shootings content? Then say that, or else, sure it will be someone else that will decide where to trace that line.

Remember when techies argued that torrent files or bare content hashes are not the data they are derived from, and all the talk about “illegal numbers”?

Yeah, me neither.

So even the hearsay about the links to the page that may include magnet links lowers your Chinese-style social credit score if nameless hard-working censor of some “respectable” corporation is triggered by that.

Apparently the account is not deleted but shadowbanned, according to his Twitter: the guy can still create issues and repos, only they're invisible.

TIL that github shadowbans.

It's the hottest new form of censorship.

Hoping (s)he reposts to Gitlab, or sets up a self-hosted instance, it's a shame this he is being blocked, though without the weight of github itself, it's unlikely to get past a lot of the nation state firewalls originally done so with.

Remember when Microsoft bought Github? Remember when lots of people said it was perfectly ok and nothing shady would happen as a result?

For every act of evil that we see Microsoft commit there are 20 that we don't see. Remember that.

Before you start blaming Microsoft for this just get some popcorn and read the current threads.

Sidenote: Github had these same rules and did ban people long before Microsoft was in the picture. I wouldn't be too quick to conclude Microsoft made the difference here.

Github censored repos before Microsoft bought them.

Would some of these tools fall under the DCMA by virtue of "circumventing access-control measures" [1]? If so some of the hate being directed at Microsoft might be better directed at US lawmakers.

[1] http://www.dmlp.org/legal-guide/circumventing-copyright-cont...

Well, this kind of behavior was predicted the very moment GitHub announced acquisition by Microsoft. No way they make something good for the humanity.

> [flagged] Tell HN: GitHub deleted anti-censorship activist repositories

Why was this thread flagged? A misleading thread title?

So everyone start putting the content of that repo (I am sure someone forked it) in every one of your repos, especially ones other people use, and see how GitHub reacts.

Didn't think Microsoft would move so quickly to censor Github, but alas... this is why I moved to gitlab.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact