That's a good reminder for developers in particular to AVOID being tied to any platform and being spread in multiple countries to remain free if one contry decide something against another hitting also innocents in the middle (think for instance about sizing of private citizens assets in case of war, some might have a role, others not at all but all are hit and that's not a new thing).
Nothing wrong in using a free code hosting just to host code, many things are disasters waiting to happening depending on their infra for development.
For citizens it's the same: we have countless of example of "suspended accounts" not ONLY for government requests, using BUT not depending on any specific third party is good, depending is a threat. Or the classic: using but not depending is free market, depending is monopoly etc.
Yes, and no. Many depend on PR to develop, many use GH CI and other services. So yes, if you have the repo you are not tied, but no, if you use other GitHub services, have no ML to communicate, have no personal project website etc you are in a very dangerous position.
I say full list or no list. Other than that, it sends the wrong message that "this country" is doing censorship and "this country" is not. No mention how they would deal with a National security letter (18 U.S.C. § 2709)
transparency for some countries but not others is not transparency.
I say they should take down this repo, or mention something about how they would deal with an NSL.
from GitHub's transparency report:
https://github.blog/2022-01-27-2021-transparency-report/#Nat...
"We’re very limited in what we can legally disclose about national security letters and Foreign Intelligence Surveillance Act (FISA) orders. The US Department of Justice (DOJ) has issued guidelines that only allow us to report information about these types of requests in ranges of 250, starting with zero. As shown below, we received 0–249 notices in 2021, affecting 0–249 accounts."
I wouldn't be surprised if India or other countries have made takedown requests in the past that may have had confidentiality of some level attached to them.
For example, do not publish the request for foo since it might endanger bar etc. This theory would at least explain the very small list of included countries.
I wouldn't be surprised if takedown requests from China and Russia also have confidentiality attached to them. There are some countries you are bound by national policy (as administered through private media companies) to respect, like the Saudis for example, and others that you're lauded for not respecting, like China and Russia.
I forked a repo on GitHub. A few weeks later a DMCA take-down notice was issued against the repo (and all forks). Someone claimed the repo had stolen their copyrighted stuff.
Unfortunately, I couldn't verify whether the claim was correct because I wasn't provided with a copy of the original copyrighted material. So it wasn't possible for me to tell if the DMCA was genuine or not. I suspect the DMCA claim was valid but it was impossible for me to tell.
GitHubs process around the DMCA did not fill me with joy.
Yeah I didn't really expect they would get an original copy of the material. However, what worried me was how does the process prevent malicious DMCA notices? Could I just start filing DMCA notices against repos I don't like?
There's a wider issue around any cloud SAAS offering. You really need to keep local copies of stuff if you want to be sure you can reproduce your build. As there's a chance, even a good-natured cloud provider will be forced to take something that you rely upon down.
> It sounds like Githubs DMCA process works exactly as legally mandated...
I would hesitate to say 'mandated' here. It is available, but not mandated. You canegally ignore DMCA takedown notices. You lose your safe harbor in the process, but in and of itself, it is not illegal.
It does publish the DMCA notices at https://github.com/github/dmca, which is a lot more transparent than most companies.
At the end of the day GitHub has to comply with the law, whether they like it or not. And looking through that list of DMCA notices many of them seem fairly valid on the face of it.
> Although we may not always agree with those laws, we may need to block content if we receive a complete request from a government official so that our users in that jurisdiction may continue to have access to GitHub to collaborate and build software.
Faced with a request like you mention, they'd either take the repository down or risk users in that jurisdiction losing access (i.e. the Government chooses to block GitHub). GitHub may feel that such a request prevents them from acting transparently, so they may choose to keep it up. Or they may comply out of fear that GitHub would be blocked (or further legal actions). Basically a bunch of higher-ups have some long meetings with lawyers and pick what they feel is best.
Most of the recent takedowns from Roskomnadzor seem to be aimed at illegal gambling sites using github for hosting. Almost all of the rest are for deleted gists, so there's no telling what used to be there. I found one surviving gist and it was a list of suicide methods, written in Russian[1]. The only other takedown requests that were still intact were for references to the Hydra marketplace (which I assume many of the gists also referred to), and, amusingly, for a guide on how to dodge Russian conscription[2].
There is a long history of why it's blocked. Some repos were hosting essential code to bypass the Great Firewall. Others were spreading tools to advocates of Free Tibet and Uyghurs. And, there are some software devs who were promoting and supporting workers rights/strikes in the context of 996 scandal.
GitHub wasn't freely accessible or access to its services were disturbed during my college years ('12-'16). Any information platform that evades the PRC control system gets blocked once it achieves major attention and onboards influential users.
there is a theory that a public projection of power includes disregard for the rules that govern others. Like excess displays of money, it proves to "anyone" that power prevails. A government written request, is both a legal document to make a request, but also a display for the "public" to read. This analysis stems directly from traditions of Monarchy, or military rule in modern times. It isnt going away and may be increasing.
I echo the comments here that it appears that only some international requests are being shown, not others. Secrecy is a second mode of projection of power.
Nothing wrong in using a free code hosting just to host code, many things are disasters waiting to happening depending on their infra for development.
For citizens it's the same: we have countless of example of "suspended accounts" not ONLY for government requests, using BUT not depending on any specific third party is good, depending is a threat. Or the classic: using but not depending is free market, depending is monopoly etc.