Hacker News new | past | comments | ask | show | jobs | submit login

This is a good time time for EFF to step in.

This is open huge so many terrible ways for abuse.

  1. Make some random crypto project.
  2. Motivate people contribute to it, see DigitalOcean hacktoberfest.
  3. Replace the code with Tornado.Cash source.
Everyone's account is banned by Microsoft. Also I wonder what happen if you didnt sent PR yourself, but someone crafted git commit with your email and added it to such repository.



GitHub didn't remove the account of everyone who ever contributed to the repository; if you go to the Web Archive many of the people listed under "contributors" still have accounts. Presumably, they just removed the people who were a member of the organisation.


Ok this makes alot more sense. I can totally see how they would nuke every member of the org in an attempt to CYA. It sounded like they nuked every contributor which would have been insane.


It looks like only three accounts were affected, all three were org owners.


This should be the top comment and the title should be changed. The title and other comments made me wonder if GitHub deleted the account of all contributors to that repo, which is more serious than deleting the account of members in an organization.


>2. Motivate people contribute to it, see DigitalOcean hacktoberfest.

Can skip this step. Just make fake commits (https://github.com/asizikov/gang/graphs/contributors).


Always sign your commits! gpg is a pain but once you set it up you never have to think about it again.


or don't sign your commits and then you have plausible deniability about commits in your name


Yeah and leave your wifi open so that you have plausible deniability for downloading CP.


You can use ssh keys to sign commits too, since git version some-time-last-year. GitHub should have support for it sometime this month (not that this is required to verify signatures).


> Replace the code with Tornado.Cash source. Everyone's account is banned by Microsoft.

Code is speech, that's settled law. It's the entity and wallets that are sanctioned. If someone is a member of the Tornado Cash group on GitHub, it’s safe to say they’re in at least legal jeopardy. GitHub puts itself at risk by knowingly continuing to facilitate their work.


Unless they enabled PGP signed commits, can't you just forge their commits?


Yeah you can and I mentioned I curios who exactly Github has banned. It's possible they only banned people who created PRs under their own account.


I would encourage everyone on both sides of this argument to watch this [1] video from Peter van Valkenburgh at ZCON. It lays out a very clear argument why this is really much more serious than just a sanction against a bad actor.

1. https://www.youtube.com/watch?v=XpTrCA3tEKM


What would be the motivation to pull off that heist?


To prove a point I assume? Nothing else comes to mind.


What motivation do someone have for swatting people?

Problem is that Microsoft is certainly overreaching here and this precedent will be abused by malicious actors. One day someone will come to work and find out that whole organization was banned on github just by forging to commits.


Chaos, ransom etc.


Good ole trolling




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: