Quick note that anyone using a US based cloud provider will likely be blocking all sanctioned countries. It’s not configurable at all.
It was a sticking point for us when deploying the sequel to a game I was working on. Ultimately we determined that the benefits of using the provider outweighed the benefit to users since we weren’t shipping the game there officially anyway. (With one notable exception)
It still leaves a sour taste in my mouth.
It should be noted that it’s also Cuba and Crimea that are blocked. I was principally annoyed at the lack of usability in Crimea, as any way you slice it it’s part of a country that is not being sanctioned in the same way and the citizenry did nothing wrong.
Huh, I thought it was GitLab B.V. and that still exists[1], but Wikipedia says they're headquartered in the USA as of 2018[2] and the official "About" page[3] mentions Amsterdam, the Netherlands nor B.V., but does mention a "GitLab Inc.". The history on Wikipedia doesn't mention them having moved and still has the "Tech companies from the Netherlands" category (not sure if that's because they're still originally from there, or because the category was never removed).
Not sure blocking Iran would have happened if they hadn't opened a corp overseas.
Editv2: the TOS still says that the intellectual property is with GitLab B.V. but the branding page says the trademark is held by GitLab Inc. The privacy policy is not GDPR-complaint (on multiple counts and I haven't even read it, just spotted some things like implicit+non-opt-outable consent while looking for who is the data controller) and doesn't mention who the data controller is. It does make clear that all data goes to the USA and you better suck it up. Looks like they fully embraced all of the USA's freedoms including censorship and privacy violations under their home country's law. I'm giving up searching for more info about the move at this point: there is no news article in HN search, the blog search requires me to accept more tracking which (after seeing the illegal-in-the-EU privacy policy) I'm not sure I'm willing to engage in, and the website seems to have had mixed mentions of B.V. and Inc. as of 2016.
Gitlab is hosted on google cloud, and fronted by cloudflare... those IP restrictions apply to google cloud, AWS, Azure and Oracle Cloud. (and Cloudflare since that's a US company also)
To my knowledge, services hosted on AWS are not blocked in Iran.
Also, if that were the case, literally have the internet would cease to function w/o VPN, which should give pause to those who would shrug off such a policy.
This article is talking about Iranians being able to use AWS to host services. We are talking about services I host on AWS being accessible in Iran without a VPN.
Admittedly, it's been a couple of months since I've been to Iran, so I just asked a friend in Mashad. He confirmed to me that my websites, running on a Kubernetes cluster on EC2 in the eu-west-1 are accessible without a VPN.
Maybe your issue was due to use of GCP?
I moved all my stuff to AWS specifically because Google Cloud does have this kind of block. I care about this a lot, so if your friends in Iran have different things to report, let's look into it to figure out what is going on.
Unless someone is fronting them with a transparent reverse proxy inside Iran, those services will be unavailable. Blocked on AWS’s side as part of their compliance with US sanctions.
In the past I worked for an Israeli company listed on a US stock exchange. They were proud that they had customers in virtually every corner of the world, and had just six countries they couldn't do business in. One (Lebanon) because of the Israeli government, and five (including Iran) because of the US.
Most interesting to me: apparently when they first went public and became subject to US regulation they had to close quite a large number of customer accounts in Iran.
Iran, Israel, Kingdom of Saudi Arabia... There is so much going on there. Are they all at conflict with one another? Who are allies? How does this work?
Israel is an ally of the KSA against Iran, though they both pretend not to be for domestic consumption. They are indeed both in conflict with one another, because in truth Iran is really the only country in the Middle East that could threaten to become an independent power, on the level of say, Turkey.
At least on some clouds, it's configurable, but your lawyers need to speak to their lawyers, etc, to get worldwide access enabled, and annual reconfirmation between lawyers.
You would probably have to be in an OFAC exception category, of course. Routing to sanctioned countries from a provider that mostly blocks them probably isn't the best either.
I'm not sure Azure has been available for Iranian IPs for the past few years or ever, feel free to Google "Azure Blocked Iran" though - plenty of petitions.
AWS and Azure prevent Iran-based users from having an account, but if you have an account, you can exchange traffic with Iranian IPs. GCP blocks traffic to/from Iranian IPs for all users. It sounded to me like GP was referring to the latter type of blocking.
You might want to delete the "and the citizenry did nothing wrong" ending to your otherwise reasonable post. I don't think you meant it the way it sounds.
I mean, yeah, I think that kind of is the theory behind US sanctions sometimes honestly. It's pretty messed up. (And the US, which is a "democracy", would want to avoid looking in the mirror too).
I am being misunderstood because of the wording I used. The reason "and the citizenry did nothing wrong" is problematic is because it implies that, unlike Crimea, the citizenry of countries _other_ than Crimea (Iran/Sudan/Cuba etc) _did_ do something wrong.
I was not saying that the citizens of Crimea did something wrong: I was saying the opposite.
wrong way in wrong elections :) Of course, like any Russian election it was just a formality, a décor. Nobody really needed it as the will of the people was clear - no more threats of more of those "trains of friendships" full of Western Ukrainian nationalists, especially given all the quiet massive arming of those nationalists that had happened under the cover of the Ministry of Internal Affairs in the run up to the 2014.
> I was principally annoyed at the lack of usability in Crimea, as any way you slice it it’s part of a country that is not being sanctioned in the same way and the citizenry did nothing wrong.
If "doing wrong things" is a criterion for being blocked on GitLab, then there are _so_ many organizations and states which should be blocked, and arguably hundreds of Millions of people who serve in military forces which do wrong things etc.
So, there is really no justification for this regardless of slicing. IMHO.
I’m a little confused at people who are mad at GitLab here. I’m under the impression that sanctions and export control laws tend to be fairly strict, and penalties for knowing non-compliance are harsh, including the possibility of jail time. GitLab’s hands are pretty tied here.
We shouldn't be upset at github/githlab/npm/dockerhub but our industry and ourselves - how did we let our projects/packages/tools/infrastructure to be hosted on such platforms in the first place? Hopefully this will trigger more activity on decentralised solutions; git is decentralised already, needs some ipfs/torrent/etc wrapper for issues/rest or maybe something based on fossil etc.
I don’t think I want to live in a world where software engineers make up their own foreign policy.
At the very least, enforceable sanctions give us options other than war. Giving that up could carry an immense human cost. An understanding of distributed software architecture does not come with the ability to understand and weigh that cost, nor does it make you a legitimate authority on which tradeoffs to choose. It’s probably inevitable, but I’ll be disappointed in our community if it happens.
I appreciate what you're trying to say here, but a UNSC resolution is not even a full step away from "great power games". It's not the same, but it's hardly different.
If a resolution passes the UNSC without veto, as well as passes the UN GA, then there is much higher likelihood that it is a legitimate issue and not just a game of great powers, perhaps even close to a certainty.
That is not to say that there if it fails to go through the process it is necessarily just a game of great powers, but hey, that's the world we live in.
Well, we put our projects on the most popular platform, for visibility; and visibility is important for FOSS projects.
But you make a valid point. Perhaps we should put the "master reop" on something that's decentralized and not subject to US censorship, and only place a copy on GitHub/GitLab/etc.
There are tens of thousands of companies in the US which actively provide web-services, and which do not actively go fishing for accounts that may possibly be Iranian. Are they all possibly facing jail time?
Is there a requirement to actively monitor the service for possible Iranians? What kind of actions are required specifically to be safe from jail? Is it a requirement to actively block IPs? Spoiler: These things are not specified.
Maybe we should be angry with the US government for the lack of legal certainty provided to its citizens.
However, given that no one in a situation like Gitlab has been prosecuted, maybe their hands are bound after all.
Omission (https://en.wikipedia.org/wiki/Omission_(law)) creates the exact same liabilities. It's not about fishing for accounts.
Just because you're not being prosecuted, doesn't meant that you don't need to comply with law. For a large company like GitLab is a fiduciary responsibility to do this whether or not they have the federal government telling them to do it at the current time.
> ... sanctions and export control laws tend to be fairly strict, and penalties for knowing non-compliance are harsh, including the possibility of jail time.
Yeah, no kidding. It's not even "knowing non-compliance", though -- although that's almost certainly worse.
To illustrate this with an example that most HN readers will easily understand (and which some might even be affected by):
The Office of Foreign Assets Control (OFAC) of the Department of the Treasury recently issued an advisory [0,1] to "alert" U.S. companies of the potential risks of "facilitating" ransomware payments.
The TL;DR is that "U.S. persons, wherever located" are subject to heavy civil penalties -- under "strict liability" -- if you "facilitate" a payment from a ransomware victim that ultimately ends up going to an "entity" that's in one of the embargoed/sanctioned countries (Iran, North Korea, Syria, Crimea, Cuba, ...) or on OFAC's "Specially Designated Nationals and Blocked Persons List".
"Strict Liability", by the way, means that you're still liable and subject to penalties even if you "did not know or have reason to know".
"Oh, really? Oh, well, that's too bad. You're still liable, pay up!"
Finally, think about how broadly the vague term "facilitate" might possibly be interpreted (especially by the U.S. Government!) There's belief in some infosec circles that this even means that, for example, a consultant who told a ransomware victim, "yeah, you should probably pay if you want your data back" might be considered liable.
Not in an era when information is the most valuable commodity. Just look at the discrepancy in patent treatment been the US and China: openness on our part can still go unrequited and be taken advantage of. No matter what we give a sanctioned county free access to, they can just bend it to their own will.
In order to obtain patent protection, you have to make public the details of your invention, so "open" in the sense that the information is available, and vulnerable thereby to foreign manufacturers who don't respect the patent.
That’s getting off-topic: U.S. law currently requires this. Whether or not you agree with that policy, the question is whether GitLab should knowingly break that law, incurring potentially significantly or even ruinous impact to their business, until the law is changed or should they comply while working with their representatives to change the laws? That’s a lot of risk to ask a company to take on for something which doesn’t benefit Iranians that much.
The thing about the law is, it's not the company that suffers but employees can and will be thrown in jail. Executives aren't going to stick their necks out.
There’s heated debate whether companies have to be political or not. Even whether it’s in principle possible to not be political. If someone thinks all companies should have political stance, then “silence is violence”, even worse, since gitlab is complying. US sanctions against Iran aren’t universally supported even by US satellites, and some would say are immoral. So time for some activism?
Anyone on earth with access to the internet in non-sanctioned and non-sanctioning IP ranges could set up a mirror to help Iranians and other sanction victims. Private repos might be a little more difficult to handle, but still possible. Like the "Great Firewall", USA's petty totalitarianism can be routed around if people care to do so.
I've came across websites that return a 403 to ANY IP located in Russia for some reason. Official website for NSA's Ghidra is one example. Had to use a VPN because I was having none of that bullshit.
I once had a different story — some openstack Q&A website wasn't unavailable from Russia. Turned out it wasn't the website who was blocking russian ips — it was roskomnadzor carpet-blocking whole IP ranges of cloud providers.
> it was roskomnadzor carpet-blocking whole IP ranges of cloud providers.
Oh yeah, forgot about it. RKN block is usually an SSL error, a timeout, or a page from your ISP saying "this is blocked by the government, sorry". Never a 403.
Thankfully, smaller ISPs are terrifically terrible at complying with this.
There are sites that don't work for any address from EU, because they they don't want to comply with GDPR. Not very common, but I have hit a few.
However, it's a difference whether a company does not want to serve you or whether a country that says it brings freedom to the world stops information flow for some. China is criticized for the big firewall. When the US does it to others, it's in the name of freedom.
Why not be mad at the theocratic government that refuses to conform to international expectations, and allows its citizens to suffer for those actions?
Because another "theocratic government that refuses to conform to international expectations" (The Kingdom of Saudi Arabia) is not under sanctions?
Because in reality all countries except the US are content with the nuclear deal with Iran?
So the consens is that many companies are doing this because of sanctions by the US.
What about cloudflare? They are responsible for more and more of the internet‘s traffic. And even if you are a non-us company and have servers not in the US many people use cloudflare because of its ddos protection. Does cloudflare block these countries too as they are an american company despite you not being a us company.
It might be over-compliance on GCP’s part, or it might not be. The DOJ isn’t currently prosecuting companies for not complying with sanctions, but that doesn’t mean they won’t decide tomorrow to hit every big US website that doesn’t block Iran IPs by default. The law certainly isn’t clear on where in the OSI model you’re supposed to stop doing business with Iran traffic. Maybe even IX’s are liable if they route traffic that are from Iranian IPs.
One difference is that Cloudflare doesn't directly do business with you if you visit a website that's using cloudflare, whereas signing up for GitLab (or cloudflare, for that matters) means entering in a legal agreement.
I'd have to look at the exact text of the sanctions to see if providing service like cloudflare is a violation, but it's not really the same thing as having an account.
Weaponising open source is a new low, even for this particularly clueless US regime. But this is really only meaningful in the short-term. In the mid-term (2030ish), the tech game is very likely to have drastically changed: Other countries will have taken the technological lead (china & co), while the US is still engaged in endless internal conflicts (in effect a mafia-state, akin to what happend in Russia after 1990). All the global talent that once powered the US tech innovation motor (droves of Chinese, Indian, Russian and European PhD students etc.) will have disappeared. At that point, we might see headlines along the lines of "Globally leading open source platform Gitea Blocked US Access". Personally, i would prefer to see yet another scenario, where the entire global Intellectual property market collapsed and was replace by "open source everything" - but that might be a more long term vision.
Open source code, books and knowledge should never be blocked, until we learn this we are no better than the people we are trying to "punish" with pointless and ineffective sanctions.
[Excluded are...] Technology, technical data and software that is publicly available, meaning published in periodicals, books, print, or electronic media that is available to the public at a price that does not exceed the cost of reproduction or distribution; (...)
We have learned this and we are better. Engineers are not responsible for this nonsense. It's the other half of the Randian universe that does this stuff.
One wonders if the people who worry about election hacks ever worry about the fact that voting machines are closed-source, never audited by the public, and sold by people who make no secret of their strong political leanings.
The only thing Iran is guilty of is insufficient deference to US hegemony. Any other charge you levy can have its equal found in our so-called allies in the region, or even the US itself.
As an Iranian, I have to say that while your last sentence might be true (Saudi Arabia sucks after all), I'd still rather live in a world where the opposing superpower would pressure my country to respect human rights and stop funding terrorism, fundamentalism, and misinformation. (See what North Korea's effective foreign immunity has brought its people.) This, of course, is hypocritical on the US part, but hypocrisy is better than complacency.
I wonder when the US will get sanctioned for its support of terrorists, fundamentalism, misinformation, and human rights abuse. It has a long history of these things, and they are getting worse and more blatant at an alarming rate.
Come on, didn't you understand yet that the US doesn't give a damn about Iran's respect for human rights? Do you think Israel is respecting Palestinians' human rights? Or is Saudi Arabia respecting human rights? Of course not, and yet they are the US's best buddies. The US even had an agreement that put a stop to Iran's nuclear program and soothed the tensions with the West, allowing Iranians to improve their living conditions and hopefully at some point ditch radicalism. They threw it in the bin, because what the US fears is ultimately a non-aligned country with the strenghts to stand against external aggression.
What the US really wants is not respect of human rights or better living conditions for the people (see Libya, see Iraq, see Palestine, see the bloody civil war in Syria). What they want is to reduce every non-aligned country to either vassal or rubble.
1) I and almost all my (even distant) family live in Iran.
2) I don’t know. I know there is a minority (again no idea how big) that really likes Trump because they really hate the Islamic regime, but these people tend to be poor (? Again not that sure) and have little grasp of economics or international politics.
3) The current sanctions have brought extreme hardships on us Iranians. From my own selfish viewpoint, I am hoping for much lighter sanctions from the potential Biden presidency. I would, however, prefer the harsh sanctions to the IR ever having nuclear bombs. (Not that I can see them being effective at preventing the bombs.) I am also not poor; I think a high-pressure strategy that results in a mass revolution by the poor can be to their medium term advantage (such a revolution would, of course, hurt the middle/upper classes a lot). But such a revolution might very well be impossible by the modern technology and the centralization of power. So to summarize, I think effective sanctions will be worth the hardships they cause, but ineffective sanctions not. The current hard sanctions seem ineffective to me unless they are made much more stringent (which might not be possible) or are paired with military interventions.
You’re not wrong, so far as I can tell. Not sure why you’re being downvoted. Iran has some serious issues, but they don’t appear to be worse than the Saudis or any number of other countries we (the US) consider allies.
Iran funds terrorism and is developing nuclear weapons and has a history of imperialism. Should Saudi Arabia be sanctioned too? I'd say so. Should we stop sanctioning Iran until then? no.
Afaik the U.S. no longer sponsors terrorists. I'd love a link if I'm misguided. Further, elimination of zionists is still a stated goal of the Iranian government. I'm not saying Israel is guilt free of course, but afaik they've never threatened nuking anyone. Again, feel free to correct me if I'm wrong.
Link on current US funding:https://theintercept.com/2019/10/26/syrian-rebels-turkey-kur... As other comments saying, this info always lags a few years. But there's never been any official reckoning when these details come out, so no reason to assume it has stopped. See also US promotion of Elliot Abrams, despite his connection to the EL Mozote massacres.
On your second point, I want to be clear that I'm not defending the Iranian gov't. I disagree with the use of sanctions that disproportionately effect the least powerful in there society, by design. This is compounded by the fact that the reasons for these sanctions are not moral violations, as the US and its allies behave in much the same way, but instead about international power.
Thank you for the link. I think there's an argument that the syrian rebels were fighting terrorism before they were themselves terrorists, but I agree that the US should not be involved in the conflict, and definitely shouldn't fund paramilitary groups with the potential to become terrorists. The U.S. now admitting it was a mistake is important though, because the point of sanctions is to force a government to change its policies.
Geopolitics is messy. In the end I don't see any other strategy besides war that could force Irans hand. If the choices are 1. Show the world that purposefully funding terrorism goes unpunished 2. war, or 3. sanctions I think sanctions are the choice that provides the greatest amount of utility, even if they do harm many.
Purposely funding terrorism does go unpunished, if you're a US ally. This is my point, that our sanctions against Iran have nothing to do with "morality". They are about power.
Yes, that's what being allies is. We do stuff for them they do stuff for us. I don't think that's immoral. Cooperation allows us to accomplish incredible things. Cooperation is built on relationships and trust.
"No longer" is doing a lot of work here, because by its nature none of this stuff comes out for a number of years after it occurs. We might also ask whether the "rebel" groups the US arms in e.g. Syria are terrorist organizations from another perspective, where four years ago DoD-funded groups were fighting CIA-funded groups: https://www.latimes.com/world/middleeast/la-fg-cia-pentagon-...
I find that very hard to believe, considering the activities of the CIA -- just the ones we know about -- over the last several decades (or, really, since its beginning).
--
Side note:
Does selling billions of dollars worth of arms to Saudi Arabia count as sponsoring terrorists?
A state killing a political opponent, however unacceptable, isn't terrorism. The point of terrorism is that it effects unsuspecting bystanders. I already said I think we should sanction the saudis though, because they actually are sponsoring terrorism. See the Yemen war and their funding of al queda as well as their infiltration of twitter.
The US has sponsored terrorists covertly for decades now. Just because they stopped publically sponsoring terrorists doesn't mean much when most of the last century was spent covertly sponsoring them too.
Ok but if Iran stopped publicly sponsoring terrorists and trying to nuke Israel they wouldn't be sanctioned. The public support is an integral part of why they're sanctioned.
Iran would definitely be sanctioned no matter what. The goal of sanctioning Iran is to suppress the Iranian economy and prevent them from somehow achieving the kind of influence that they would naturally have over the Middle East.
Well, I think the sanctions exists because of the nuclear program.
NATO is not going to trade and help technologically a country that's trying to develop nuclear weapons in order to threaten to NATO and their main officially stated enemy – United States.
Why would you buy oil from a country or give access to your tech to them when they are using these resources to ramp up their military against you?
> Why would you buy oil from a country or give access to your tech to them when they are using these resources to ramp up their military against you?
Does the US sanction China like it does Iran? The only difference is that China is a larger market than Iran and is close to power parity with the US.
These sanctions are ineffective and disproportionately punish your average Iranian citizen, while we ignore the elephant that is China, which is far more dangerous as an adversary [1] [2].
Different levels of adversaries require different approaches? The attempted migration of manufacturing of US business from China to other countries I believe is ongoing?
One of the things Iran's unambiguously guilty of is these same kinds of access restrictions. If you've ever wondered why Google's sanctions-related controversy was focused on Google Cloud, it's because that was the biggest Google service allowed at the time - search, Gmail, and Youtube had already been banned by the Iranian government.
So while I share the skepticism expressed upthread that blocking websites is effective diplomacy, it's hard for me to look at the situation and see a one-sided problem.
Since you know that Google search isn't blocked in Iran, can you tell me if there are any ads displayed in the results? It's something I've been curious about for a while.
Interesting, you seem to be right. I don't know how I managed to read the news about Gmail being blocked but miss that it was unblocked like a week later.
Yep, the US did terrible things to Iran 67 years ago. How much time has to pass before it's no longer appropriate? Would it have been appropriate for the US congress to chant "death to Japan" in 2008? The Islamic Revolution was 41 years ago. Should the South Korean parliament be chanting "death to China"?
As if the US has stopped harming Iran 67 years ago.
And at the same time the US still imposes embargo on Cuba, 60 years after the nationalization of the property of American companies [0]. How much time has to pass before it's no longer appropriate?
"In October 1960 a key incident occurred: Eisenhower's government refused to export oil to the island, leaving Cuba reliant on Soviet crude oil, which the American companies in Cuba refused to refine. This led the Cuban government to nationalize all three American-owned oil refineries in Cuba in response. The refinery owners were not compensated for the nationalization of their property. The refineries became part of the state-run company, Unión Cuba-Petróleo.[19][20] This prompted the Eisenhower administration to launch the first trade embargo—a prohibition against selling all products to Cuba except food and medicine. The Cuban regime responded with nationalization of all American businesses and most American privately-owned properties on the island. No compensation was given for the seizures, and a number of diplomats were expelled from Cuba."
I've found myself in an awkward position defending sanctions I don't really agree with anyway. I'm not sure these differences of opinion are reconcilable. Some people think the appropriate response to death threats is to ignore them, and others like me think the appropriate response is a cruise missile.
You realize that "Death to America" is not remotely a death threat? At worst it wants to see the fall of America and most Iranians say they just want the end of America's imperialist policies.
And you're against sanctions because they don't kill enough people.
Even a cursory Wikipedia-level glance at the US's actions in Iran over the past century should bring understanding of why people might feel that way toward us. The solution is not to punish such sentiments but address our historical misbehavior and demonstrate it won't continue in the future. We are doing neither.
The literature isn't conclusive either way, there's evidence in both directions. But sanctions definitely tend to hurt everyday citizens more than they hurt the targeted governments. Dictators and cronies aren't going to have to worry about increased prices of goods - they get whatever they want - that's sort of the point of being dictator
The point of doing this is to make the citizenry unhappy with the government causing the mess for them. The ideal case is that they force change so that the sanctions go away. But depending on local propaganda, that may or may not work.
Almost universally, the citizenry will actually be even more angered towards the Americans too. From what my friends tell me, this is largely the case in Iran. It doesn't help that the US is sanctioning alone.
The implicit premise here is that we must somehow screw with Iran, and if you don't have some idea other then sanctions to do that, you should shut up. Well, I don't accept that premise. We should leave them alone.
I hate to see these politics discussions leaking into HN but I'll bite...
Respect the deal that was reached between Iran, US, and EU members.
The US unilaterally broke that, my guess is probably because the deal was reached in a pre-Trump era. Now they are deciding to further sabre rattle with sanctions.
All other parties in the deal have pretty much politely decided to ignore Trump's administration and carry on the terms of the deal.
This is more about the US administration desperately trying to look strong for their internal voters more so than actually having a plan or a coherent external policy.
So, Russia under sanctions, for annexation of Crimea, should just be left alone to leave their lives? Next time, if they decide to annex some other part of Ukraine, or maybe Poland this time, they should also be left to live their lives?
Sanctions are not punishments. They are just a way to say – you're an asshole, and neither us nor our allies are going to play with you anymore.
The country that invaded the neighbouring countries of Iran and killed hundred of thousands of people is saying Iran is an asshole and needs to be sanctioned. Got it. Regardless of what you think of the regime in Iran, please do educate yourself and at least try to look at the situation objectively.
It's very hard to have compassion to a theocratic authoritarian dictatorship regime (Ali Khamenei is in power since 1981). It's also very hard to see them as victims or as the good guys. Sorry.
No one is saying you should have compassion towards the Iranian regime. No one is saying you should see them as victims. No one is saying you should see them as the good guys. The only thing you should be sorry about is not trying to accurately understand the replies you are getting here or look objectively at the situation.
BTW since you like whatabouism with your argument regarding Russia: Please do compare the Iranian and Saudi Arabian regimes for me; one is an enemy with sanctions and the other an ally. Internally they are not that different. Externally there is a major difference though: only one is engaging in a hostile war in another country which has resulted in civilian deaths and famine. While there are claims to be made about Iranian foreign interference it is nowhere near that level. So again please take some minutes to ponder objectively how these countries are treated.
I am quite familiar with the situation between Iran and US, and most of my life I've been on your side of this argument.
World politics is very complex with lots of nuance, historical context and long-running grudges. It is also highly subjective, in a sense that every country / group of allied countries have their own view of the historical events and try to disseminate those views as wide as possible.
As a result, I've decided to judge countries by the authoritarianism of their regimes and cruelty of their laws. If country's government is treating their own citizens like shit without rights, I do not expect them to treat people on the outside any better, regardless of how they present themselves. Thus, I do not, as an individual human being, want to see these countries / regimes to gain any more power externally.
So far, this approach for me had made most sense.
As a side note, look at the current list of best friends of a corrupt regime in Russia: Iran, North Korea, China, Philippines, Venezuela, up until recently - Turkey. Every dictatorship in the world is on their list of friends. Same with Iran. "When the character of a man is not clear, look at their friends."
Regarding whataboutism and Russia, I want to remind you that my reply to the OP was not about Iranian sanctions, but was about sanctions as a political instrument overall. For me the most prominent case lately were sanctions against Russia, so that's what I used as an example. I'm very familiar with the situation in Russia and even though sanctions indeed antagonized the regime there, it did make them stop and think whether they want to keep escalating. It's hard to imagine what over appropriate response should've been to annexation of the Crimea, downing of the Malaysian Boeing and sending troops and equipment to create essential a civil war in a big region of Ukraine.
Aah Pax Americana [1]. It feels so warm and cosy knowing that the benevolent regime has my butt covered.
Look. I love the US (being a Mexican, I consider Mex/US relationship like a bug brother / little brother one) . But darn, it seems the pax-anericana epoch is getting weaker and weaker, and the US is just trying to cling at the last straws of influence that its left.
The unfortunate thing is, while no one's really that happy with how the US is running things, they've probably been one of the least bad empires in history. (Post-slavery) America Vs. say Britain? I know what I'd prefer
I always thought it was because Iran hates Israel and has openly stated their goal to destroy and dissolve it. That paired with efforts to develop nuclear weapons = sanctions. It's probably more nuanced than that, but that was my basic understanding.
"So, Russia under sanctions, for annexation of Crimea, should just be left alone to leave their lives?"
"Sanctions are not punishments. They are just a way to say – you're an asshole"
So tell me why are the American sanctions directed at the people of Crimea? [0]
The only reason for the Russian actions in the Ukraine is the American-sponsored coup in the Ukraine [0] and the intention of expanding NATO into the Ukraine.
If the US had chosen to respect Russian security interests, nothing would've happened. Finland understands that and lives just fine despite being outside of NATO and bordering Russia.
True, they do however have a very hostile stance towards US and NATO for a good quite a long time now. Them consistently looking to acquire nuclear weapons is not a good sign.
Regardless, I was talking about sanctions in general. Dismissing them as a valid instrument of politics is, in my opinion, misguided.
People should resist the temptation to defend this.
1. Blocking Iranian IPs, as opposed to accounts, is almost certainly over-compliance. Note that the vast majority of websites do not do this. Even big ones, such as Gmail, do not do this.
2. It does not speak well of the United States justice system if someone could be prosecuted for failure to block Iranian IPs. If this were required, the law should be clear. Otherwise, the US citizens deserve not to be in fear of prosecution.
3. Beyond IP-blocking, if the US government wants to require companies to go actively fishing for possible Iranian accounts, it should clearly codify this. Otherwise, companies should not have to fear prosecution.
Summary: Gitlab should grow a pair, and Americans should ask themselves if this kind of legal uncertainty is desirable.
Finally, legal effort to make websites inaccessible in Iran is entirely incompatible with being taken seriously when complaining about internet freedom in Iran.
Note that this goes so far that the entire Google Cloud network blocks Iranian IPs, including any and all services and websites hosted there, including say resources that might provide valuable information to regime opponents.
This is dangerously inaccurate information. To those reading this, the US absolutely considers blocking Iranian IPs a required action under the sanctions. The person posting this could get you in serious legal trouble.
With that said, most companies do not start blocking these IPs until they are either contacted by US authorities and asked to comply or via the recommendations of an audit by an outside private company.
Please do not trust what this person is saying. Remember, violating sanctions can get you a prison sentence, not just a fine.
Prominent examples disagree with you. Gmail for example. They even allow accounts! Now maybe Google wants to argue that Gmail qualifies for the personal communication tools exception. But wait, GitHub doesn't block Iranian IPs either! They allow free accounts as well! Call in the feds!
Is there any government guidance or legal precedent that says IP blocking is required? There is not.
Any evidence that the government warned companies privately? And is this the way things are done in the US? Private threats while the citizenry at large is left on the dark about what the law requires?
A Gitlab executive facing prison time over failure to block Iranian IPs would be unjust even with clear guidance, on the import of the offense alone. But given the lack of legal clarity, this would be banana republic stuff. One of my main points here is, Americans should not accept such a state of affairs.
It's bad enough that there is so much over compliance, it's disappointing to see people running to normalize the idea that fear of jail time in the face of legal uncertainty is a way to run a country.
>Prominent examples disagree with you. Gmail for example. They even allow accounts! Now maybe Google wants to argue that Gmail qualifies for the personal communication tools exception. But wait, GitHub doesn't block Iranian IPs either! They allow free accounts as well! Call in the feds!
Both Google and Github block accounts by Iranian IPs, and this is easily verifiable if you know anyone who lives in Iran and can access a website - attempting to use Github functionality for anything other than viewing repositories right now is currently blocked, and enterprise accounts are entirely blocked.
Personal Gmail accounts are the exception to Google services available in Iran, and some functionality is also blocked by IP - if you live in Iran currently you might know that almost all other Google services and enterprise accounts are outright blocked by IP too:
Your own link from the Github docs has this to say:
> GitHub is committed to continuing to offer free public repository services to developers with individual and organizational accounts in U.S.-sanctioned regions. This includes limited access to free services, such as public repositories for open source projects (and associated public Pages), public gists, and allotted free Action minutes, for personal communications only, and not for commercial purposes.
They do not ban Iranian IPs from accessing their site on a network level, and they do allow Iranians to have accounts to work on open source projects. These are both things that Gitlab is accused of doing here. This leaves us with a couple of options:
1. Github is not in compliance.
2. Gitlab, not allowing any Iranian to access their accounts, and blocking IPs, is over-complying.
3. It is not clear what is required to be in compliance, and Americans think that having to fear prison time in the face of such uncertainty is normal.
>Personal Gmail accounts are the exception to Google services available in Iran, and some functionality is also blocked by IP - if you live in Iran currently you might know that almost all other Google services and enterprise accounts are outright blocked by IP too:
Google services in Iran are not blocked by Google or the U.S., they are blocked by Iran. It's the Iranian regime that seeks to block the use of things like Google's search engine, not the U.S.
Iran is blocking some things (though not search), but here we are talking about the opposite, and Google is indeed blocking a huge amount of their stuff, say, for example, the entirety of developer.google.com.
Here's some additional background in an official document from Github describing the nature of what sanctions typically do, which also describes how and why some websites opt to create "downgraded" experiences rather than outright blocks in those countries:
In the absence of an authority who can comment on this or an authoritative reference, I think your comment is just as dangerous and inaccurate as the parent comment. Unfortunately everyone is using very strong language to silence the other side and no one is offering up any kind of evidence to substantiate their position. Different groups of people get harmed when such strong assertions are made without any kind of evidence.
>With that said, most companies do not start blocking these IPs until they are either contacted by US authorities and asked to comply or via the recommendations of an audit by an outside private company.
Most companies don't block IPs from within Iran, including Github, Google, or Microsoft. Is it your suggestion that GitLab's legal team knows something that Microsoft's and Google's legal team doesn't?
Now I am not an expert myself, so no one should consider my post authoritative, but the evidence that is available suggests that there is not only any requirement by U.S. companies to restrict access to people in Iran for a wide variety of software and Internet services, there actually appears to be a section regarding "Expanding Internet and Communications Freedoms" which in 2010 was used to promote the spread of mass communication technologies and internet services within Iran without the need for a company to apply for a waiver.
Now once again, I am not claiming to be right on this issue, but at the very least I am willing to provide evidence for my claims that come from authoritative sources.
Here is the interpretative guidance by the Treasury Department which authorizes the export to Iran of online services such as, and I quote "instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, and blogging, provided that such services are publicly available at no cost to the user." And there are additional examples of software that may be exported to Iran for personal use, with specific examples provided including Dropbox.
It appears that companies are permitted to export online services to individuals in Iran so long as, and I quote " is classified by the Department of Commerce as mass market software under export control classification number 5D992, and is publicly available at no cost to the user."
Given that this is the only authoritative evidence anyone has bothered to present in this discussion, it appears a case can be made that GitLab is over-enforcing trade restrictions with Iran.
Now the reason they may have for doing so is that it's not worth serving that part of the world and so be it... but the counter argument is that there are people living in Iran who can use these technologies especially during times of protest to share communications technologies with one another and so if it's not a major burden for Github, or Dropbox, or Slack to keep their services available, then they can be of great benefit to that part of the world. At the very least the Treasury Department's own interpretation of the law agrees with my position as it is documented in the link I provided.
Describing the decision to build a partially functional "sanctioned" country website and account degradation as overcompliance is misleading as it is the default behaviour for most complying to US sanctions regarding IP blocking other countries.
I didn't describe Github as overcompliance, I described GitLAB as overcompliance. There are plenty of U.S. based internet services that work in Iran. There are instances where Iran has banned Gmail, and Iran currently has bans on Facebook and some other social media sites, but that's because the government of Iran has imposed such bans to prevent its people from using the Internet to engage in the free flow of information, not because of the U.S.
The links you mention don't state that Github did any work to comply with U.S. sanctions. The links you state are consistent with the links I posted which is that Github is welcome to provide online services to Iran that are free of charge.
Feel free to counter this by pointing out any particular feature or work that Github has to implement unless your suggestion is that denying access to people in Iran paid services like Github Enterprises is somehow a form of "additional feature work put in place" to support Iranian users.
> Blocking Iranian IPs, as opposed to accounts, is almost certainly over-compliance.
Do you have a source for this being over-compliance? Gitlab and Github are both actively sharing technology. It's not like Gitlab randomly decided "Hey let's block Iran today", obviously they have in house legal council who advised this course of action.
With regards to your second point, everyone knows there are sanctions on Iran, it's been all over the news, and besides it's not like Gitlab is a random US citizen. They are a big company that is doing business overseas. It stands to reason that they should be aware of all laws and restrictions on international trade.
I think it's the other way around, companies like Google and Facebook should grow some responsibility, it is not unreasonable to ask a company to "fish" for any accounts that conflict with any laws. Google and Facebook might give the impression that it's hard, but it's really not, it's only hard if you expect to make hundreds of dollars for every dollar that you invest acquiring your user base.
> obviously they have in house legal council who advised this course of action
From my experience at technology companies, this may indeed be the case, but I would also not underestimate the chance that someone made this decision without being advised to do so by an expensive legal council.
Github does block functionality through Iranian IPs, and this is easily verifiable if you know anyone who lives in Iran and can access a website or via an Iranian proxy connection and then attempting to use private repos functionality on personal accounts, with enterprise accounts being entirely blocked.
Personal Gmail accounts are the exception to Google services available in Iran, and some functionality is also blocked by IP - if you live in Iran currently you might know that almost all other Google services and enterprise accounts are outright blocked by IPs too:
> 1. Blocking Iranian IPs, as opposed to accounts, is almost certainly over-compliance. Note that the vast majority of websites do not do this. Even big ones, such as Gmail, do not do this.
I can tell you for certain that at least AWS and Atlassian do that.
I learned that while surfing from an IP address which was mistakenly associated with being located in Iran. I only discovered that, because said websites weren't available. As I got that fixed quite fast afterwards I haven't done more browsing, that's why I can only name these two companies, but I'm pretty sure there are much more big companies doing such blocking based on IP address geolocation.
> I learned that while surfing from an IP address which was mistakenly associated with being located in Iran. […] As I got that fixed quite fast afterwards I haven't done more browsing
That was just a regular internet connection. Not sure who messed up, but somehow the (dynamic) IP address block the ISP handed out was associated with Iran at that point in time.
Come on dude. You are not a lawyer and your assessment of the situation clearly goes against federal law. You can personally feel bad about this but if the government tells you to comply with this and your vendors tell you to comply with this (so they can comply with federal law) then there's absolutely zero things you can do.
>Blocking Iranian IPs, as opposed to accounts, is almost certainly over-compliance. Note that the vast majority of websites do not do this. Even big ones, such as Gmail, do not do this.
I wish dang would ban users for blatant misinformation such as this. The number of people who end up believing these lies as truth probably outweighs the benefit of any civil discussion it could lead to: in the US, it's now obvious that "alternative facts" has led to a breakdown of civil discussion, after all.
I sympathize with your position and even agree in the context of other types of sites, but, what really needs to happen here is YC users need to learn that nothing in these comment threads is authoritative. This is the land of Dunning-Kruger and nobody should ever directly believe anything here, no matter how trustworthy it seems.
Always verify.
If effort was put into censoring bad information, that might instill a false sense of trust that could never be met by mods. Instead, effort should be put into making sure everyone knows to be skeptical. That, to me, seems more in line with how this site operates.
If people want to be believed, they should cite authoritative sources.
>You are quoting a very specific claim. That big providers such as Gmail and GitHub do not block Iranian IPs. Are you saying they do?
Yes I am saying they block accounts by Iranian IPs, and this is easily verifiable if you know anyone who lives in Iran and can access a website - attempting to use Github functionality for anything other than viewing repositories right now is currently blocked, and enterprise accounts are entirely blocked.
Personal Gmail accounts are the exception to Google services available in Iran, and some functionality is also blocked by IP - if you live in Iran currently you might know that almost all other Google services and enterprise accounts are outright blocked by IPs too:
So, I responded to you in another thread above. You seem to agree that Github is allowing Iranian IPs to browse the website, as well as have accounts to work on OpenSource projects. These are things Gitlab is not doing. Not sure where your disagreement is then.
When you describe the "big providers" such as Gmail or GitHub as allowing Iranian IPs, but they only do so on endpoints for personal use. GSuite, the same thing as Gmail and using the same address for most aspects, have IP blocked endpoints.
This is where the misinformation is: many providers outright block Iranian IPs and in the other thread I linked you to services who do just that.
Just because the most well funded consumer facing personal services don't outright IP block or account block doesn't mean it's not standard for everyone with a tighter budget.
I don’t quite understand your summary. You say “GitLab should grow a pair”, but also that any infrastructure using Google Cloud will block Iranian IPs, so many companies will end up unusable from Iranian IPs regardless of their own opinions?
> 1. Blocking Iranian IPs, as opposed to accounts, is almost certainly over-compliance. Note that the vast majority of websites do not do this. Even big ones, such as Gmail, do not do this.
How do you define an iranian account? It's a complicated rule set there. Iranians not legally resident in Iran are exempt from the sanctions for example.
I feel like IP bans are correct. If you're evading sanctions and internet censorship, you use whatever proxy and many do just this. Companies under these sanctions can write it off as not being the wiser and the users get to where they need to.
Closing accounts with an IP login from Iran does feel like an unnecessary step here.
> People should resist the temptation to defend this.
You yourself are defending these ludicrous sanctions to some extent:
> 1. Blocking Iranian IPs, as opposed to accounts, is almost certainly over-compliance.
So blocking Iranian IPs is fine?
If you tell me "but GitLab is in the US, it has to" - it chose to base itself in the US only after apparently having previously being based elsewhere. With the way things stand, it is unreasonable for an online universal service provider, with individual user accounts, to operate from the US - similarly to how it should not operate out of China or Turkey (where restrictions are even stronger).
Anyway...
> Summary: Gitlab should grow a pair, and Americans should ask themselves if this kind of legal uncertainty is desirable.
Most people in the US are barely aware of international affairs. This comes to mind from a few years back:
> Finally, legal effort to make websites inaccessible in Iran is entirely incompatible with being taken seriously when complaining about internet freedom in Iran.
You're mistaken. The US is not taken seriously on the merit of its arguments (and probably hasn't been for a couple of centuries already); it is taken seriously due to its ability to exert military and economic pressure.
>Blocking Iranian IPs, as opposed to accounts, is almost certainly over-compliance.
Very easy to set a geo blocker or conditional access policy and have full compliance. Exempting unique IP addresses becomes annoying, but if needed possible.
It also cuts down on the other side of the house of security related incidents, which, if your company offers a product interested by people in that state, or, has news that can be taken in a dim light, prevents ddos and other annoying things.
Not perfect, but one reason why there's 'over compliance'.
> It does not speak well of the United States justice system if someone could be prosecuted for failure to block Iranian IPs. If this were required, the law should be clear. Otherwise, the US citizens deserve not to be in fear of prosecution.
Cheap insurance, especially if you have no intentions of doing business from there.
It’s fear all the time. Fear is the biggest weapon for all kind of states. That’s why some of us might have self-censorship because we fear that we will get penalised hard if we do not play by the rule.
Just look here on this page. Lots of people who would decry censorship and cruelty on the part of some nations, are here arguing in support of the same qualities of the nation that could do the most harm to them.
> GitLab is not the only actor in this discrimination against Persian/Iranian people, we also blocked by GitHub, Docker, NPM, Google Developer, Android, AWS, Go, Kubernetes and etc.
Sadly to the point. I feel for Iranians in Iran (I know many, whether they call themselves Persians or Iranians as expats is their choice and I respect that).
Having had the opportunity to meet the former in their homeland so so long ago, many Americans do not understand how grueling the sanctions regime system is for average Iranian citizens in their everyday; this is sadly a minor example as I saw based experiences a decade ago. It does not impact government officials as much as we hope, and the citizens are far, far less empowered to force government change to break free of a system sanctions hopes to disincentivize (I will not even waste time here, Google and look, even recent attempts lead to backlash).
As a Westerner, and a lover of HN, I would love to see data-driven examples of sanctions actually working. Was South Africa are only positive example from US sanction strategies? I will go look, but this is one of many examples in Iran of us causing resentment and confusion for citizenry and not really helping. (For Americans, this is a not a red-blue problem if we talk long-term approach, all political parties have sided with sanction strategies in the long-term for a while: Cubans and Iranians we have punished and it has not really seemed to help us _in the long-term_ shifting their governments and policy objectives, but I would love to see evidenced counterpoints.)
The first time I was struck by this perverting are efforts in explaining open society to citizens of countries with indifferent governments was a decade ago, when SourceForge did the same thing. We respect the rule of law, but to spite the faces of democratic cultural principles. Oh well.
What non-violent (yes, there is violence inherent in sanctions, but it is a rather different scale than war) alternative would you suggest for punishing a foreign country?
EDIT: I see this question has been asked in other threads, but not answered. Whether Iran should be punished is a separate question (one on which I am personally too ignorant to hold an opinion about) from how should one country punish another.
Well in the case of authoritarian regimes, I would imagine trying to pump more information from the free world into it would be a more effective "punishment" that restricting information. In practice though that's hard. Most authoritarian regimes have state censors/firewalls to filter only information that is advantageous for the state.
China (hell, vaccinations/flat earth too) has shown that this isn’t terribly effective. The ‘west’ has been pursuing a policy of “if we enlighten them, they will revolt”, and it ain’t happening. Some have been enlightened, others have had their own biases strengthened, and the government has simply continued unchanged.
> What non-violent alternative would you suggest for punishing a foreign country?
It is not for the US to "punish" other world states, even if "Iran should be punished".
If you, or your state, believe some kind of sanctions are in order, there are international bodies and forums where this can be discussed and decided upon: The UN security council, international courts, and other more specialized bodies, some of which can make decisions which constitute sanctions.
Why should one country not allowed to enforce a policy for companies/individuals who live in/are incorporated in that country against another country, without the UN being involved?
This whole article is about a US company enforcing US rules.
> This whole article is about a US company enforcing US rules.
Not really. GitLab is an international entity regardless of where it is registered, because it presumes to be a platform for (some forms of) interaction and information sharing for people in many countries. It is implicitly agreed between users and the entity behind the website that it is accessible and usable by everyone.
> Why should one country not allowed etc.
It is not about "allowing", in the sense that I'm not in control of the US and what it does, we are discussing what is morally acceptable. And it is not morally acceptable for individual states to disrupt people's lives using the aspects of inter-dependency of people, groups and organizations across state boundaries - except according to norms which are accepted and defensible at the global level.
Countries are not people (they are made of people). Punishing them makes little sense. If one wants a country to behave some way, one should think of how to make it happen, and what's the cost to everyone involved.
Sanctions should never be part of a punitive system, which at the level of a whole country is inevitably unjust. They should only be part of an incentive system, where you hope to steer the other country to the direction you want. Looked at it this way, we wouldn't ask ourselves whether sanctions are warranted. We'd ask ourselves how effective they are.
Oh, and there's this question of whether a country should have the right to influence another country to begin with. Not gonna answer that one here.
> there's this question of whether a country should have the right to influence another country to begin with
Are sanctions influencing another country, or limiting how companies and people from the sanctioning country interact with foreign entities?
> They should only be part of an incentive system
Has an incentive system between countries ever been implemented and worked? For a specific what-if, is there a way that we could have realistically "incentivized" Cuba to disassociate with the USSR?
In the US and I agree. Sanctions are disgusting and work contrary to their goals. Ostensibly they put pressure on the governments of sanctioned countries, but in reality they strengthen people's ties to their governments while completely choking out regular people and especially the poor.
I don't think imposing sanctions has worked to our advantage ever, in any country, in the past 50 years we have used them. And in many, they have backfired, e.g. Iraq in the 90s. That isn't even to mention the hundreds of thousands of innocent people who lose their life. [1]
Yet, sanctions are considered to be "soft" and "dovish" by politicos and the general public. It's stupefying.
Also, nitpick, nobody's blocking Persians. I'm not Persian but if I go to Iran I bet I'm blocked too.
I'm strongly opposed to these sanctions, and I also think GitLab should've given people notice so they could get their data out. But I'm not sure it's a good place to pull the racism card.
I agree it's not racism on GitLab's part, but the U.S. officials behind these sanctions themselves do use phrases like that they want to 'choke Iran's economy', that is in the middle of a pandemic where people's respiratory systems are at risk, it certainly doesn't look good on their part.
Also worth noting that GitLab has previously banned hiring from China/Russia, so it's no stranger to blanket bans of questionable nature.
>Also worth noting that GitLab has previously banned hiring from China/Russia, so it's no stranger to blanket bans of questionable nature.
I wouldn't consider not hiring from countries with aggressive foreign policies and non-democratic governments that use coercion on their own citizens (including employees of said company) as questionable. GitLab's main job is to protect it's company and it's customers not to try to build some sort of utopian post-reality civilization.
If we go by that logic, the U.S. would get on that list.
> non-democratic governments that use coercion on their own citizens
If that was indeed the standard to go by, I'd agree, but the list would then need to be much, much longer and possibly include even some traditionally democratic countries like Australia who have an actual law where they can force employees to secretly install backdoors.
Saudi Arabia infiltrated Twitter and compromised some of its employees to obtain info on regime critics that could endanger their lives, as just another example.
The list would by these metrics include well over half the world.
>If we go by that logic, the U.S. would get on that list.
I put an AND in my statement for a reason, please don't cherry pick parts of sentences.
>The list would by these metrics include well over half the world.
That's like saying that if you don't want to die you should live in a cocoon and never leave the house, rather than just making sure to avoid the most dangerous activities. GitLab is blocking the countries it sees as the most risky and carry the least cost in blocking. I'm sure their lawyers would love to block half the world but that would cost them too much.
>Unless your argument is, it's not evil if we all voted for it?
This has nothing to do with good and evil which seems to be a point you're missing. It's about risk of coercion to employees of companies. The US government could be turning babies into hand bags but if it doesn't coerce it's residents into acting against their employers then it doesn't create a risk for companies.
edit: Seriously, this was all in the original sentence that you people keep cherry picking from.
The US has no more qualms about coercion of employees in order to further foreign policy than China or Russia. US legal options for such things are incredibly wide and far ranging.
Wait, I was under the impression that GitLab was originally a Dutch company (it appears to be American now)? Are the labor laws in France that much more lax than in the Netherlands?
There is nothing racist about economic sanctions against a country which is in active conflict with our armed forces outside of their borders, which is actively engaged in psy-ops to destabilize American society.
Economic sanctions against America would not be racism against scots/germans/west africans or whatever.
You can argue against sanctions on all sorts of grounds, but the flimsiest is claiming that they're racist.
> There is nothing racist about economic sanctions against a country which is in active conflict with our armed forces outside of their borders
I think that singing about how you want to destroy the country, how you want to choke it etc. do prove racist tendencies.
As for armed forces acting outside of borders, you cannot claim that U.S. armed forces are any more 'authorized' to be in these places than Iranian ones, can you?
So in the end, it comes down to nothing more than the U.S. having the ability to implement these sanctions and Iran not, there's no 'principles' in it, just geo-politics.
What is remarkable however is that this pandemic is a uniquely challenging situation even for countries not under sanctions, so placing new sanctions on the country, as was recently done, is plain inhumane.
>I agree it's not racism on GitLab's part, but the U.S. officials behind these sanctions themselves do use phrases like that they want to 'choke Iran's economy', that is in the middle of a pandemic where people's respiratory systems are at risk, it certainly doesn't look good on their part.
Oh come on. That is not scraping the barrel but the bare metal underneath for offense. And most people die of hearth attacks anyway.
Some companies will block you despite having no legal obligation, because it's more convenient, than to apply the law in a sensible manner. GitLab is apparently such a company.
> 118. I have a client that is in Iran to visit a relative. Do I need to restrict the account?
> No. As long as you are satisfied that the client is not ordinarily resident in Iran, then the account does not need to be restricted.
The same principle applies to GitLab in regards to account closure, they don't have to close an account without any interaction because the user has at some point logged in from an Iranian IP address, and they can preemptively restrict an account and ask for proof of residence.
Sure, but someone is being blocked while traveling temporarily, they can log in again once they travel back to their place of residence. I don't see why geo-blocking is unreasonable.
Fossil on something like ipfs/torrent sounds like a great solution (where tickets etc/the whole thing is embedded in the repo itself). Even for enterprise projects where we're hit by outages from time to time it feels like a great solution. What if sanctioned/blocked account has publicly used repository?
Yep, usually gets picked up when a company ends up getting SOX compliance before going public. While OFAC sanctions are not strictly speaking part of SOX, every audit I've seen ends up putting them in place anyway.
Not likely but quite definitely, the price of violating US sanctions is quite high, no one wants to be at risk of being made an example of.
Depending on the actual sanctions these might not require a blanket ban on paper but in practice there is no effective way of performing sufficient KYC for every individual from Iran to comply with the sanctions even if they only target specific individuals and institutions.
I work at a SaaS company based in the US, and we’ve actively blocked a half-dozen or so countries for years, including Iran, because of sanctions. I’m honestly surprised GitLab wasn’t already doing so.
Characterizing this as “discrimination against Persian people” is extremely dishonest. There are like half a million Persian people in America alone, as many as there are Wyomingites, who have the same access to GitLab as anyone else; this is a question of commerce between the U.S. and Iran, not a question of discrimination against Persians.
Talking about over-compliance, you should check out Transferwise blocking access to every venezuelan in their system + IP block the access of every venezuelan IP [1], just cause sanctions against few individuals [2].
And then you have to read their BS ads that state: "We’re building money without borders"
As reminder, Venezuela is under a heavy economical crisis, where more than 6 millions citizens (9 millions as per unofficial data) out of the 30 million total had to run away, this is more people than syrian refugees numbers (5,6m).
What role transferwise had on venezuela? well, some of those that left, were using transferwise to send money to their families and friends still in venezuela, helping them feed themselves and buy medicines and cover their needs. Note that most of the money sent, wasnt even touching venezuelan banking system, as most venezuelans already have US bank accounts, money was just moving from lets say argentina (common country for a venezuelan to immigrate) to US, not to venezuela
But transferwise decided that is better to block 20millions possible users in need of humanitarian help [4], because they didnt want to check if those users were in the OFAC list that is not even 100 people long.
It's also ironic, because this is an Iranian having and using a Github account without being blocked, which some commentators here appear to believe is impossible due to US sanctions.
Not whining. Bringing this into our attention is important, especially for those who live outside the US. I've been naively trusting the US-based services as always open and free, as in freedom. It's not. Any political move may mean my data can get frozen out and become unreachable anytime. A real wake up call.
They are not whining, and GitLab could have notified them about the account suspension, and sent them a link with their archived account data to download.
No, they could not have. The law is very clear that absolutely no business activity is allowed.
Source: I implemented part of the sanctions compliance for a major tech company’s platform (and saw other projects get sunset because they didn’t implement it)
GitLab has been responding to private support requests from Iranians regarding the account closures, isn't that service considered business activity?
Btw, doesn't blocking by IP address go beyond what is required by law, since only Iranian residents are subject to sanctions? Would preemptively restricting accounts that have logged in from an Iranian IP address and asking for proof of residence break the law?
Of course GitLab can do something about it. It happened, as their tweet says, because they changed vendor. So it sounds like they may be able to work around it by changing their hosting choices.
Also, this may come as a shock to you, but when a law is sufficiently unjust, there can come a time to disobey the law. In this case, disobeying the law would not directly risk anyone's safety, lowering the barrier somewhat.
Just of clarification, did they take down the project of all Iranian nationals? or simply block access to GitLab from Users with IP from Iran? Would it be possible to hide their identity, say tor or VPN?
Can't speak for GitLab specifically, but I have spoken to Persians living abroad that had their credit cards cancelled, bank accounts frozen, and SIM cards simply stopping to work. One of them hasn't lived in Iran in two decades and denounced their citizenship half a decade ago.
Businesses don't care. It's easier for them to have a couple of false positives than it is to deal with the possible consequences.
What a defeatist attitude. What you unkindly label as whining, I see as advocacy for a good cause. Blocking access to gitlab does nothing but strengthen the autocracy in Iran and prevents Iranian devs from making a living and supporting their communities.
Putting post like that is nothing more than whining, as it doesn’t change anything. Want to do something better? Write some petitions, make a campaign or anything other, but bashing company that have to comply with US laws is just stupid. Sorry if this is unkindly and defeatist for you.
Good luck? Short of moving entirely to China or Russia, they have no chance of escaping us sanction law. If they wish to hold even a european bank account, their bank will force them to comply with the sanctions or they will be terminated.
What steps can maintainers of projects hosted on GitHub/GitLab/etc take to make their projects available to users in countries affected by this US policy?
For example, is there an alternative git hosting site where it would be helpful for me to maintain a fork, so that the README is available and people can open issues and PRs?
Similarly, where would be a good place to host the binaries built on each release so that they are accessible?
OK, and from the article it looks like GitLab is blocking all access to their site. So is your understanding that GitLab is currently much more restrictive than GitHub in this regard?
> GitHub is committed to continuing to offer free public repository services to developers with individual and organizational accounts in U.S.-sanctioned regions. This includes limited access to free services, such as public repositories for open source projects (and associated public Pages), public gists, and allotted free Action minutes, for personal communications only, and not for commercial purposes.
maybe someone can confirm how this works in practice?
>What steps can maintainers of projects hosted on GitHub/GitLab/etc take to make their projects available to users in countries affected by this US policy?
If they are under US jurisdiction it is inadvisable to try and circumvent such stuff.
I'm talking about something like keeping a fork on a git hosting website in a country where it's accessible by anyone. No individual open source developer is going to be prosecuted for doing that.
Once again for US citizen in US under US jurisdiction - testing what DoJ will consider violation of the sanctions is dangerous games with only downsides. As the Aaron Swartz case showed it is enough to get entangled.
Especially if you maintain something that could be considered dual purpose
You're so scared of the country you live in that you are publicly recommending to your fellow Americans that they don't host a project on a (gasp) German website like codeberg? You have completely lost perspective, or you are a mindless rule-follower, or a coward, or some combination of all of these.
I also find the Aaron Swartz case extremely sad and depressing, but what he was doing was very different from using a European website in the way the website owners intend.
> with only downsides.
Of course there are upsides; that is the whole point of this discussion: the upside is that the resources will be available to all people in the world.
Don't challenge state authority if you are not prepared to fight, have reasonable chance of winning and are ready to pay the price of failure.
If you are US citizen, you are forced to comply with the laws. The fact that you host something in Germany, doesn't mean it is not under sanctions.
If you tomorrow move your repo from github to codeberg and write "moved here so my iranian friends can have access to my work" - well chances are no one will notice. But if the state by bad luck puts their crosshair on you - don't be surprised if the result is the same as the Aaron Swartz case.
I am not claiming that you are even wrong. Just that when you are playing russian roulette - don't act surprised if there is a bullet.
As an international student from an embargoed country, I’m increasingly worried if at some point there will be a law resulting in blockage of my bank account.
Already I’ve heard news of PayPal causing trouble for some of us, so I’ve stopped using PayPal for good.
I am Persian. From what I gather, the middle-plus class here still mostly believes that changing the regime is costly and risky (especially since it might very well lead to a civil war, as the regime has no humanity and has shown that it will kill every single one of the people to survive). These sanctions certainly help align our incentives more with the US agenda, but they do not seem to be enough after all. Obama's strategy was definitely a failure, as well; It simply gave power and legitimacy to the Islamic regime and only got temporary limits in return, limits that ultimately did not abate either domestic abuse or extraterritorial meddling. In the end, dictators know that the Western block is finicky, unstable, and short-termish; This makes it so that high-pressure strategies do not work. I do not know of a solution, frankly; Most of my peers see immigration as the only viable solution. But the blame of the quagmire mostly lies with the democrats and the EU. If they had committed to the high-pressure strategy from the Obama era, a much better compromise would have been reachable with the IR. (The democrats+EU mostly sided with the IR in recent protests as well, just to spite Trump. They are only good for virtue signalling, and do not help the oppressed where it matters.) Western democracies generally are very bad game-theoretic agents; They play repeated games as if they are oneshots.
PS: Imagine if the USA sponsored Telegram MTPROTO proxies (and other anti-censorship tools). That'd deal a huge blow to the IR, and make the people more US-friendly as well. Does anyone know why they don't? It's an obvious LHF ...
I have basically no background in the subject, but I'd be interested in your perspectives if you feel like answering any of these questions:
- What are the United States' goals with respect to Iran?
- What goals of Iran's are being hindered, objected to, or otherwise meddled with by the United States?
- In the end, dictators know that the Western block is finicky, unstable, and short-termish; This makes it so that high-pressure strategies do not work. Just to be sure I understand this, you're saying that because Western countries (Europe / the US) cannot maintain a consistent foreign policy, their targets (other countries) see the best strategy for dealing with moments of high pressure from the West as being "wait for the pressure to go away"?
- I do not know of a solution, frankly; Most of my peers see immigration as the only viable solution. Solution to what problem? Immigration of who, from where, to where?
Western democracies generally are very bad game-theoretic agents; They play repeated games as if they are oneshots.
1 & 2) I do not have any expert knowledge on this, and doing web searches will provide better answers. But I can tell you that the only point of contention that the people also care about is security. The middle-east is a warzone, and people rightly think they need some defenses. The regime goes about this with their (effective) tactics of starting/funding foreign terrorist/militia organizations, and their ballistic and nuclear programs. If the Western block could somehow satisfy this need for security, the regime’s bad actions will become a lot more unpopular. (Of course, the Western bloc can’t do that because they can’t promise anything durable. They also abandoned the Shah, which doesn’t set a reassuring precedent.)
3) Yes. Even compromising is made more dangerous; E.g., Obama definitely paid a risk premium in his deal. The Iranian side factored in the possibility of the US annulling the agreement when they agreed to it. Inconsistency in foreign policy sucks A LOT.
4) A solution to Iran being a shitty country to live in, and things getting worse almost every single year. I also meant a solution to Iran exporting shittiness to the world, but immigration doesn’t help with this part.
Not OP, not Iranian, but going by my Iranian friend, it's mostly as follows:
- odd that you're asking an Iranian Qn#1. They don't know either
- Iran wants to play a regional power in the Middle East, far greater than it is now. It is to be noted that many countries in the ME, such as the UAE, Qatar, Syria, Iraq, Lebanon and Bahrain have significant Shia minorities or majorities in some cases. When the Arab Spring happened, Iran actively encouraged protests within the Shia population to overthrow the monarchy in Bahrain, until the UAE and Saudi Arabia reacted. Even now, the UAE regularly arrests Shia folks it suspects of cavorting with Iran (a large part of the Arab population in the Emirates are descended from Persia). Not to mention, Iran invaded and expelled the local Arab population of a tiny island of one of the constituent Emirates of the UAE, before the country's formation and during the time of the Shah. Iran is quite the expansionist.
- basically what Rouhani thinks. Wait until Biden gets into power, and hope that he's going to continue the Obama policy. This is not common among all dictators though - some want Trump to be in power, like the monarchs of the Arab states, since he's an Iran hawk.
- a solution to Iran's repressive regime, duh. Iranians have been immigrating en masse for a long time to the US, Canada, UK and Europe. Anywhere there is a democracy. There are a ton of Americans, British, Europeans and Canadians who graduated from Sharif University of Technology, the equivalent of Iran's MIT.
- not just term limits, but the need to "pander" to their constituencies. One decade, they warred in the Middle East, the next decade they want to leave the mess they created, but then commit more troops (Obama on Iraq)? It's definitely not like Russia or China or India (all of which are/were friendly with Iran) who have had a steady policy in the region of being on talking terms with everyone.
Which is just a part of playing the Middle Eastern powers game. The current five major powers in the region are Israel, Saudi Arabia, Qatar, UAE and Iran. Out of them, one is rumored to be a nuclear power, three are delayed nuclear powers, while all but one are state sponsors of terrorism directly, and the last one sponsors them indirectly. Two of them want Israel destroyed, one is openly allied to Israel and one is secretly allied to Israel.
You got it the other way around - the UAE is the open ally, Saudi Arabia is the secret one.
If you're wondering about the rest, Israel is the secret nuclear power, the UAE recently became a nuclear power (civilian purposes, of course :P), Iran is building up nuclear capability, and if it does, Saudi Arabia will just buy nukes off Pakistan since they funded the latter's nuclear programme.
Whenever anyone uses the term “virtue signalling” I automatically discard their opinion in the same way this phrase does with the people it’s referring to: that a bloc of people (the entire EU and democrat party of the US no less) are simply “pretending to care to look good”.
The use of this phrase belies a cynical, reductionist attitude that I have no respect for whatsoever
No, that's not it. I just find that in almost every case when someone uses that term specifically, they are trying to cynically dismiss good faith efforts of a person or org to do something good. Just like in this comment -- are we really to believe the entire EU bloc and democrat party are just "virtue signalling" with their posture towards Iran? Come on.
The regime is here and as you pointed out it's not easy to "just change it"; the point of Obama's strategy was to limit the regime's access to nuclear weapons, not to directly make life better for the average Iranian. It was effective at that goal. And Iran with nuclear weapons would make regime change in the future even harder.
International politics with these kind of countries are tricky business; personally I'd love nothing more than see Iran become a better place, but you can't just force things like this. We tried in Afghanistan and Iraq, and that didn't turn out so well. People are still trying in Syria and we can't exactly call this a great success either.
So ... your best bet is to deal with these kind of regimes the best you can, by applying pressure in one area and making a deal in another. I think few people are especially happy with this, but it's the best option out of a bad bunch.
From what I have heard the "high pressure" has only affected ordinary people who can't get things like meds and equipment. Just look how they were affected by corona, so much worse than their neighbors.
I would highly, _highly_, doubt a person actually living there would consider the "high pressure" strategy a good thing.
Not to mention, such a comment seems to directly challenge HN admins to implement the same policy that Gitlab have, for HN users who live in Iran. That is, if we can believe the hyperbolic descriptions of "USA law" we read here...
US government does sponsor a lot of anti-censorship tools of that type: Tor was funded by the Navy and DARPA, Signal received initial funding from the same organization that runs Voice of America.
My condolences, but on the other hand, you have to understand that not all open source licenses/projects are borderless, like MIT and Apache they are US-based, and so the curse US cast upon will be effectively apply there too.
Only libre software like GNU and public domain works will probably give you the complete freedom to not be wary of this kind of nation-to-nation wraith.
The internet is not a parallel universe. Of course, if you are in one country and your country has not trade with country B, then you adhere to those rules. There are many examples of this, not just in the sanction sense.
People getting pissed. Seriously, this is macro economics!
What many don't seem to understand about Crimea, is that Crimea is an occupied territory of Ukraine [0] (as understood by UN, as well as most countries except the Russian Federation and several of its affiliated states).
As an occupied territory, it doesn't have any legitimate institutions (such as a recognised government, banks, courts, etc.) — only a foreign occupation regime. Same way as Germany's Reichskommissariats and Reichprotektorats during WW2 were never legitimate entities despite being de facto governed by Germany.
This means than no contract (private or public) with a Crimean entity can be internationally recognised and will be easily contested by any court/arbitrage outside of the RF.
In addition to this, there's a moral concern of giving legitimacy to a foreign occupation. There's just no way to justify this unless one supports the mentioned occupation, with following systemic abuse of human rights, change of ethnic composition and militarisation.
On the other hand, many of the people living there are not at fault for any of this. They just ... live there.
This is why I have such mixed feelings about these kind of sanctions: sure, I don't really disagree with what you're saying, but on the other hand in practice it means hurting normal people just building a life for themselves.
I read an opinion piece by Margret Meed (I think, memory may be off). Her claim was sanctions don't work. And all the burden falls on the powerless. All you end up doing is harming people that can't do anything and are blameless.
I haven't seen anything in the last 35 years that contradicts that.
The worse thing I've seen is the US is now so schizophrenic that countries under sanctions can't trust that making a deal with US to get sanctions lifted won't prevent them from being reimposed because some other fraction gains power.
I think I read the same piece a while ago, or something very similar to it. I'm not entirely sure what to think of it, I'd have to do some in-depth study to really have an informed opinion and chances are the effectiveness depends on the country as well; I'm not sure if generalizing "all sanctions are {good,bad}" across all countries is a good idea, as North-Korea is not the same as Iran. One case where sanctions and other pressure probably helped is ending apartheid in South-Africa.
FWIW the people of Crimea overwhelmingly support Russian occupation according to independent Pew surveys. Any sanctions only serve to punish Crimeans, presumably to appease the Ukraine government (which is just as corrupt as Russia).
Conducting 'independent surveys' under military occupation in an authoritarian state is a thoroughly nonsensical proposition. In Russia, it is literally a crime (incitement of separatism) to question Crimea's status as rightfully Russian[0].
I'm more inclined to trust nonpartisan independent Pew Research than your opinion. It's not the only independent survey either. There's also survey evidence from before the occupation.
Polls before occupation were in the range of 40-60%. If that's a good enough metric for conducting drive-by referenda under the watchful eye of heavily armed 'observers', someone tell the Catalonians and the Scots about this option (among many others).
It is not a nuance, it is a terrible precedent showing that Russia can just come and take away a sovereign states territory. It is like a bigger tougher person coming into your home and starting to live there and there is nobody who is going to help you.
Yeah Russia took The Crimea from the Turks almost 250 years ago. Western designs on the place never have anything to do with the people that live there. Always blow up in their face to determent of the various peoples that live there.
Does the law have an exemption for notifying people and giving them a grace period? As this is sanctions / export control, I was under the impression that deficiencies in compliance had to be corrected as soon as they were noticed - which in this case would mean cutting off business relations and communications immediately.
That's so lame, basically it has nothing to do with free software and open source, you can still use them if you wish. in fact it is the corporations who are blocking us not the software!!!.
Moreover we have to point our fingers toward Iranian corrupt regime because they are bringing misery to the the people. We have to be asking this question every day: why on earth countries like japan or korea never get sanctioned. I guess the answer is simple
> while your country has not had a single step for resolution of the sanctions.
Uhm, it was literally the USA that withdrew from the signed deal without any wrongdoings from Iran. You might consider not being so tough on the internet when you are factually wrong.
TL, DR; is the Nth time I read the same story, someone losing access to something they think they owned.
I don't want to sound too heinous or else ..but please don't be so naive to trust github, operated by microsoft,an usa company, with your life work. You own what you can defend. Your github account is not yours. Sober up. Using any service inside USA is a priviledge not a right.
It was a sticking point for us when deploying the sequel to a game I was working on. Ultimately we determined that the benefits of using the provider outweighed the benefit to users since we weren’t shipping the game there officially anyway. (With one notable exception)
It still leaves a sour taste in my mouth.
It should be noted that it’s also Cuba and Crimea that are blocked. I was principally annoyed at the lack of usability in Crimea, as any way you slice it it’s part of a country that is not being sanctioned in the same way and the citizenry did nothing wrong.