Hacker News new | past | comments | ask | show | jobs | submit login
GitHub banned all Iranian users. Our accounts are restricted. Please support us (github.com/1995parham)
91 points by erfaniaa on July 27, 2019 | hide | past | favorite | 102 comments

Recent discussion "GitHub and Trade Controls" https://news.ycombinator.com/item?id=20526039 and "My GitHub account has been restricted due to US sanctions as I live in Crimea" https://news.ycombinator.com/item?id=20531039 And related "How is it like to be a dev in Iran" https://news.ycombinator.com/item?id=20493699

> let us download our private repositories and also make them public (setting control).

Seems reasonable.

> change their restriction policies to not limiting users based on their Nationality.

I don't see this happening. It's US law and github (Microsoft) is bound by it. Maybe a competitor will use it to their advantage and offer

> announce their decision publicly and apologize for making this situation (like what slack did before in the same situation: https://slackhq.com/an-apology-and-an-update).

I can see how the PR team will issue a careful worded letter or blog post. It will say "we regret the situation" but I doubt be an apology.

>It's US law and GitHub (Microsoft) is bound by it.

That seems like a terrible situation. What if tomorrow there's a US law that <insert ridiculous thing which "everybody" says won't happen until the day it happens>

Maybe they should fork into GitHub US, GitHub EU and so on.

If the law is believed to be unconstitutional, a US company can fight it in court. Otherwise, the company is required to comply with all laws applicable in the jurisdictions they operate. If there is a conflict, the US law has highest authority.

In this case, if GitHub EU is owned by Microsoft, a US company, GitHub EU still must follow US rules. On the flip side, while GitHub EU must follow GDPR, GitHub US would not be required to do so.

Are you sure? Isn't the point of Azure in Ireland that the US government won't be able to request data under the patriot act?

Nope, the point of Azure in Ireland is to increase availability and decrease latency for EU clients. Microsoft challenged a warrant in 2013 to hand over emails stored in Ireland, but the SCOTUS vacated the rulings since it was moot by the CLOUD act of 2018, which allows the government to get data from US companies, no matter where the data physically is.



Huh. Azure used to have a special region in Germany (joint operation with Deutsche Telekom) but it seems they've killed it last year.

The 'Net interprets censorship as damage and routes around it. Perhaps those affected could spin up a local Gitlab instance and migrate their data to it?

Do the trade restrictions just mean they must refrain from engaging in monetary transactions?

Continuing to offer various free services would be nice.

They restrict “providing goods and services”, not just monetary transactions.

See https://www.treasury.gov/resource-center/faqs/Sanctions/Page...

Downvoters, please explain! So the rest of us would know, too :)

Microsoft banned all Iranian users. And crimea if I recall correctly.

Financial support of open source is a nice thing, but folding open source into the world of US political choas seems so wrong.

I for one will be moving my projects elsewhere. Not sure where yet, probably a bitbucket server.

Gitlab, IMHO, is the gold-standard for self-hosted Git data, CI/CD, Issue-tracking, etc (IMHO, at least). You can use their (US-based, IIRC) hosted solution, or download their Omnibus package and get a self-hosted instance running in less than an afternoon.

If your policy is not to use products of companies operated in the US (and thus bound by US laws)...you're going to have to give up a lot more than just GitHub.

I'm not a huge fan of these sanctions. Though I do think Microsoft is following the law in a fairly standard fashion.

Gitea is a lovely open source Github-esque git server.

This is well within GitHub's Account ToS in Section B 3.6. [0] so all GitHub users who are part of the US sanctioned countries list [1] are banned from having an account. Since Microsoft/GitHub are all US based companies, they must comply with US export laws and I'm afraid not even GH/Microsoft staff can intervene in this.

I don't know what to think about this 'message to GitHub' since they can't do anything about this, but I think that migrating off of GitHub and lessening or completely removing our dependence on the service is probably better for those developers and for open-source in general.

[0] https://help.github.com/en/articles/github-terms-of-service#...

[1] https://help.github.com/en/articles/github-and-trade-control...

Looks like it's time to migrate the rest of my stuff off US-based hosts.

Today Iran, tomorrow who knows?

Far easier to take a couple days to move my stuff now than having to do it under duress in a year or two.

They only block really antagonistic regimes which don’t comply with UN and other international sanctions. It has to be a really rogue regime that threatens regional or world peace.

For now. There is absolutely no reason to suspect that won't change in the future.

Well if the future is just a big black box, why is it reasonable to move to hosts outside the US?

If current conditions are not a good predictor for future conditions, isn't it equally likely that other countries (same as the US), could change in the future to sanction other countries and restrict online services operated there?

Is there a jurisdiction which doesn’t have such suspicion? The 1A can weather a lot and carries a lot of weight. Obviously in this case the government has carve-outs for these things but I suspect other jurisdictions have bigger carve-outs.

I don't think it has to do anything with UN and international sanctions, Iranians once negotiated in the Obama's presidency and made a deal with 5+1, after Obama, Trump broke the deal and the US is out of that now, but the rest of the world didn't, so it is just US sanction not "International" or UN sanctions.

On the other hand, blocking Iranian GitHub accounts is helping to change Iran regime? Are Iranian GitHub Users developing nuclear bombs there?


I don't see how that applies. We typically have backchannels and other recourse when we have differences with allies (like Obama had with Israel).

The Fifth Amendment of the U.S. Constitution:

"No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation."

(Property includes intellectual property, such as computer code.)

(Due Process includes (but is not limited to) Trial by a Jury of one's peers...)

I love the US constitution as much as the next guy, but isn't it a bit of a stretch to apply this section to a non-citizen not even located in the States?

It does say "no person". But "due process" can mean anything.

"Due Process" takes on its own meaning to someone who has deeply studied Law. Without being a Lawyer, one could not easily define it.

To understand this by analogy, the word "Computer" might mean something with a screen, mouse and keyboard to some people, but it have a much deeper meaning to a Computer Engineer, Operating System Developer, Compiler Writer, or Applied Mathematician.

That's because the concept of "Computer" is intricately, intricately weaved around all sorts of interrelated technical concepts, and the result is something of sheer engineering beauty...

"Due Process" similarly, is intricately, intricately interweaved with many other concepts in Law. That's the "Due Process" that the Founding Fathers are talking about (they having had extensive backgrounds in Law).

To someone who hasn't studied Law, it would appear as two shallow words, but I assure you -- study Law and you will find these words have many more dimensions than their mere dictionary definitions...

Would you contend the US constitution applies to someone living in Finland, who is a citizen of Greece born in Norway?

I would submit that someone living in Finland, who is a citizen of Greece, born in Norway, is not contractually obligated by the U.S. Constitution, unless they accept it in some way or other, and if so, that acceptance may be in conflict with other contracts (such as other citizenships) that they may have accepted prior.

So no, probably not.

On the other hand, I would presume that anyone who works for the U.S. Government has accepted the U.S. Constitution, either explicitly (by Oath) and/or implicitly (by the act of working for the U.S. Government).

Why is this important?

Well, see, if those people are in charge of creating/enforcing sanctions, they are also contractually obligated to do so while NOT BREAKING THEIR CONTRACTUAL OBLIGATION TO UPHOLD EACH AND EVERY ASPECT OF THE CONSTITUTION.

One of the things that The Constitution says (above) is that people (all people by the way, not just some of a specific nationality, and not just those that have accepted the Constitution) are NOT to be deprived of their property without Due Process (which includes but is not limited to a Trial By a Jury of one's peers).

So... you do the math.

nor be deprived of life, liberty, or property, without due process of law

Sanctions are duly enforced laws.

If the Wikipedia page for the Law Library of Congress (https://en.wikipedia.org/wiki/Law_Library_of_Congress) is to believed (and I see no reason why it shouldn't be), then the Law Library of Congress contains 2.8 million books on the subject of Law, alone.

That's a lot of books on Law.

You seem to be telling me (by implication) that

a) That the sanctions are absolute, because they are Law.

b) That all people, under all circumstances, must follow all absolute Laws.

c) That in the 2.8 million Law books, there are no conflicting Law or Laws.

d) That in the 2.8 million Law books, there are no Laws, written at an earlier time, that govern the passage of laws at a later time, and what they may or may not contain;

e) That no trials, nor court interpretation of a Law in the broader context of all other Laws -- are necessary ever.

f) That courts have never interpreted similar Laws and changed, modified, and/or deleted their efficacy;

If I am misreading you then please feel free to correct me.

But, my point is simply this. If someone placed $1,000,000 on a table, and told me to bet that that "Law" was absolute in all of its aspects, and that he would bet against me, based on what I know, I could not take that bet...

Why are these people assuming GitHub is some sort of an open source authority. Is it so difficult to understand it’s a company that hosts free and open source projects like any other service? The ignorance is just baffling.

Why would you call it either ignorant or baffling? Do you expect Iranian users to have a deep understanding of American export laws and the political intricacies that might follow from Microsoft's acquisition?

This is an completely understandable reaction regarding Github's block against Iranian accounts. Github as been around for over 10 years, and this never happened before.

> Do you expect Iranian users to have a deep understanding of American export laws

No, but I expect them to at least understand ONE law, since the sanctions affect their country significantly and their politicians talk non-stop about it.

> might follow from Microsoft's acquisition?

This has nothing to do with MSFT. GitHub has always been a US-based company.

> Github as been around for over 10 years, and this never happened before

Because GitHub hadn't been following the law before.

I don't think it has anything to do with the Microsoft acquisition... GitHub was always a US owned and operated company. The reason this hasn't happened in the last 10 years and is happening now is that the laws regarding US companies doing business with Iranians has changed during that period of time. It's not GitHub's or Microsoft's fault, it's the fault of governments, the people running them, and the people empowering then.

Github owned by Github. But this is something different. It is Github owned by Microsoft. Acquisitions, in general, do not end well for the established user-base.

Suggestion: move you repositories! Host your own repositories! Use something different, like Gerrit, to spice up your development! Take matters in your own hand! Own your data, own your compute!

Is there something about this that I've missed that has something to do with the Microsoft acquisition? The same laws would have governed GitHub if they hadn't been acquired.

From an Open Source developer point of view, yes, of course. Open Source projects should not be hosted with them. Period. It completely betrays the spirit of the licenses the code is released under, which guarantees access to anyone, regardless of political, religious, etc.

It all depends on interpretation of the law, lobbying, stalling and the amount of bad press an actor can handle. Microsoft is a much older company and is likely to have stronger ties to the established government.

I'm not talking about understanding USA law, and couldn't care less. People, developers especially, should know something about the licenses they're using. Anyways, any company will have to comply with the law. I guess Microsoft in its war against Free Software managed to sow confusion. Free Software and Open Source are about licenses, not hosting services. How would they react, if for example, Microsoft/GitHub will stop hosting Open Source projects for free?

BTW, this is why I deleted my account at GitHub the day the purchase was announced.

War against open source? They’re the largest corporate contributor to open source, they’ve open sourced a ton of projects, including XAML and .NET Core (which is also now cross platform), and they joined the Open Source Initiative. If you honestly believe 2019 Microsoft is anti-open source, you’re living in the past.

I completely agree. I don't see why some developers need to solely depend on GitHub for private use when you can self-host GitLab/cgit with a cheap computer to host your projects. Open-source development has already thrived without the likes of GitHub even before it was founded.

Perhaps the time to self-host your projects just like how Mastodon allows self-hosting an instance is more important than ever, which will probably be better for open-source instead of centralizing and increasing our dependency on GitHub.

These devs are stuck in a tough situation and your first reaction is to sneer and insult them?

The complete lack of basic empathy is just baffling.

"It's okay because CNN and Fox News tells me to be scared of the brown man".

It's amazing how people don't see that this isn't because of human rights. It's literally one country bullying another.

Did GitHub try to fight this in courts? As with Slack, why does it just happen out of the blue? Sanctions on Iran have been there for at least a year, sanctions on Crimea since 2014 - so why now?

So where is GitLab hosted? Would they be under the same restriction?

GitLab is hosted in the US and also must comply with the same US laws. When GitLab moved to GCP this issue came up because Google geo fences the embargoed countries: https://about.gitlab.com/2018/07/19/gcp-move-update/

GitLab is a US company. Although you can self host an instance wherever you want.

GitLab.com is hosted in the US. The GitLab on prem software can be hosted wherever the hell you want

Can you get GitLab on-prem if you're in a sanctioned country though, or is GitLab also not allowed to let you download it if that's where you're located?

Since at its core it's free software, you can download it from wherever you want.

But since US companies are forced to geo-restrict, how can you verify that the (free) software you've downloaded, is actually the free software offered by those companies?

With their signatures, commit hashes and distribution networks you trust (such as distro maintainers, for instance).

You most likely already do that without any sanctions that affect you.

Iran is under US sanctions, I wouldn't expect Iranians to have access to services from any US company.

It sucks, but that's the whole point of sanctions.

So there should be no protest then ? Of course it is the point of sanctions. But this is also why sanctions are wrong. As Ron Paul repeatedly said, sanctions are akin to war. Shouldn‘t one protest the bombing of cities because „that‘s the whole point of war“

There's no way to punish a government without punishing the country. The sanctions are not on the people themselves, for instance Iranians can and do visit the US.

Iranians and US citizens should protest against their governments causing this political situation. From my limited research, neither party is innocent. Bothering GitHub doesn't have a purpose, they are only blocking Iranians to comply with laws.

So, should we do something about it? I get that it's the law, but not that long ago it was illegal for people of color to vote here.

This is the point of sanctions. If you can still provide goods and services to sanctioned countries, they're not really sanctions.

I don't understand why this was done suddenly. Warning Iranians that there account will be blocked next month and offering read-only access in the meantime would be much more reasonable. I'd expect legal action to impose the ban would likely take at least this long. I'm glad git is a distributed system, and hope no one lost any information.

I think the only solution is to move open source communities to a more neutral country. Unfortunately, the US as it stands right now, is getting a less suitable place for international organizations day by day

They can alway use this https://coding.net/ yes, I know there is a minor problem of the language.

Git was meant to be distributed, however convenience usually wins thus centralization case again. Hints: git-issues, git-remote-ipfs, gitea and some mirroring via VPNs.

Are all U.S. based companies required to prevent Iranian users by IP address? Would this be true for social media apps like Twitter as well?

As someone of Iranian Heritage, even though I‘ve never been to Iran, because my Father fled the country after beeing sentenced to death twice, for fighting the Mullah Regime, the Ignorance and total lack of emphaty for Iranian Devs and Open-Source contributors displayed in this thread is shocking to me. People who have nothing to do with politics and are already suffering under crippling economic sanctions as well under their own government are apparently not considered to be part of the „community“. Giving them the „helpful“ advise to „fight“ their government even though there is currently no active opposition in Iran and every increase in tensions is making the majority of the population stand more firmly behind their government is just insane.

Can‘t you see that the people asking for support are not „enemies of america“ but instead people who consider the Trump administrations policies to be an abberation, non-representative of the will of the american people, who they consider to be their friends and Open-Source-Community Brothers ?

This is incredibly dumb. Hopefully some GitHub exec intervenes.

Edit: Happy to take the karma hit. Stupid is stupid, regardless of jurisdiction and consequences.

Why would an exec intentionally violate US law for this?

There is no US law that forces Microsoft-hub to do what they did. They can easily fight whatever order they received if they wanted to.

Because it's the right thing to do and MS has the power to do it.

In what way do they have that power? Do you just mean in the way that anyone has the power to break laws and face the consequences, or something else?

Microsoft is not untouchable by any means, but, probably more than any company in the world right now, they have the power to gain clarity on these sanctions (and possibly also the EAR issue).

Microsoft has obviously turned a corner recently into dramatic support for open source collaboration. They're pushing VSCode. They bought github. They support linux. None of us will be surprised to hear that they're seeking to buy StackExchange or Discord soon.

I'm saying: if these are their true colors, then they mount a full-throated resistance to this nonsense. They have the legal team, the technical talent, and the political connections to do so.

Start by refusing to take down Github Pages of nationals of sanctioned countries and refusing to disappear repositories maintained by the same, absent a specific court order. Then, challenge it in court.

Will the US Government have the gall to go to Seattle and cuff somebody over this? If they do, it will be a major international incident and rallying cry, and that person (and Microsoft) will look internationally heroic.

It looks like you've been using HN primarily for political battle. That's against the site guidelines and we ban accounts that do it. Would you please review https://news.ycombinator.com/newsguidelines.html and use HN as intended? It's intended for intellectual curiosity.

Plenty more explanation here:

I really wish Microsoft challenged this sanction in court.

We'd finally get the actual sanctions clarified.

No, they don't have the power...

no they dont

Does the US law say that the repos should be revoked with no notice, or that a zip of the code can not be sent when revoking access?

if the law says you need to stop doing business with Iran, then yes.

What are they supposed to? Management buyout and relocation to Switzerland?

Is it really an option? Is Switzerland free to not accept sanctions on Iran by America?

maybe its time to pick up the thread again and present an effective decentralized version of GitHub and thumb our noses at the notion of borders.

its technically quite feasible..there's no reason the US government gets to decide who writes open source software. and there's no reason github has to play a role here if they choose or are forced to act this way.

Intervenes? Where? In white house?

Negotiating with a non-US entity for as smooth a mirror as possible? Not sure, but resistance to stupidity isn't futile.

While I’ve no familiarity with the law in this area, I’d imagine this is surely still illegal too? If one could just openly pass the business to a foreign partner it would somewhat defeat the purpose of sanctions.

I don't want to be the one to invoke Godwin's law, but there are ways to remain within the law and still resist in a meaningful way when the stakes are high.

> when the stakes are high.

The stakes are not high here.

That comment deserves more detail. Blocking an entire sovereign nation from significant useful "free" information seems pretty important to me.

Iranian users being unable to use GitHub is an incredibly insignificant issue.

Please don't add nationalistic insults to HN threads. Also, please don't post unsubstantive comments generally.


Oy, really? Care to cede control over what portions of GitHub you're allowed to access over to me?

Yeah, watching Hacker News try to violate sanctions from first principles is amusing.

Please elaborate. Sanctions don't ban every effort to not be stupid. Compliance isn't condolance. "Following orders" is demonstrably not a great defense.

These sanctions are immoral.


Please don't take HN threads into nationalistic flamewar.


Russia invades and takes over Crimea (again). This has repercussions for the people living there, many of whom are displacing those who lived there before.

Iran threatens to nuke other countries as soon as they can develop the nukes. They are in the process of trying to take over the whole middle ease, fighting in Yemen, Syria, Iraq, Lebanon, etc. This has repercussions for the people living there.

The US is not going to lift these restrictions. Why would they? If you live in these terrible places, I’m sorry, but you need to start fighting at home. I don’t know enough about your specific situations or what level of action you should take, but everything from peaceful protest to armed rebellion are options. Yes, you might have to die. You might be killed just for peaceful protest or if you’re government suspects you might be “trouble.” This is your burden, but liberty is worth it.

And by what logic exactly does the US have the right to "push for freedom" in foreign countries?

Why do people from such countries have to doubly suffer, because not one but two governments are fucking them up?

Yes, it sucks, but they do have to doubly suffer. Do you think that giving them access to GitHub is going to make them suffer less?

BTW you're literally advocating against freedom.

> https://en.wikipedia.org/wiki/1953_Iranian_coup_d%27%C3%A9ta...

> The 1953 Iranian coup d'état, known in Iran as the 28 Mordad coup d'état (Persian: کودتای ۲۸ مرداد‎), was the overthrow of the democratically elected Prime Minister Mohammad Mosaddegh in favour of strengthening the monarchical rule of Mohammad Reza Pahlavi on 19 August 1953, orchestrated by the United States (under the name TPAJAX Project or "Operation Ajax") and the United Kingdom (under the name "Operation Boot"). It was the first covert action of the United States to overthrow a foreign government during peacetime.

> https://en.wikipedia.org/wiki/Iranian_Revolution

> The Iranian Revolution (Persian: انقلاب ایران‎, romanized: Enqelābe Irān;), also known as the Islamic Revolution or the 1979 Revolution, was a series of events that involved the overthrow of the last monarch of Iran, Mohammad Reza Shah Pahlavi, and the replacement of his government with an Islamic republic under the Grand Ayatollah Ruhollah Khomeini, a leader of one of the factions in the revolt. The movement against the United States-backed monarchy was supported by various leftist and Islamist organizations and student movements.

I'm not sure what your point is? Irrespective of the past (whatever wrongdoing the US may or may not have engaged in), it matters not to the current situation for the people of Crimea, Cuba, Iran, North Korea, and Syria.

> The US is not going to lift these restrictions. Why would they? If you live in these terrible places

"these terrible places" == "The US"?

> armed rebellion

Armed. Definitely, the US was meant.

Don't be tedious. You know what I meant.

Just a joke.

So you are following your own advice, fighting in the streets against the Trump Regime ?

Obviously I think the Trump Administration is terrible, but do you really think it is at the level of Iran or North Korea? Please. If it was, I would be willing to die for liberty, absolutely.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact