These "secret orders" are an abuse of power, and we already have many indications that they are being abused (eg: more used for going after drug dealers than terrorists, which was the "justification" for them originally.)
That we admit this, that our government is acting in a criminal fashion, in conflict with the constitution, and we have accepted it as "normal" is just proof that we are frogs who think the water is just fine.
We should be outraged and demanding prosecutions and investigations. But of course, who owns the prosecutors and the investigators? The government.
And we've been taught by government schools to be "good germans" (Eg: to give the benefit of the doubt and wide latitude to government.)
And just like actual frogs that are slowly heated, we will almost certainly jump out of the water if the pot approaches a boil. The apathy stems from the fact that the water is just fine for most citizens; the frogs who are subject to this abuse reside in a completely different pot than the one that most citizens enjoy. I'm not saying I condone surveillance abuse or drug war policies, but the reality is that while your average citizen may be alarmed by the presence of a hot stove, they just can't be bothered to revolt for the sake of an adjacent pot full of drug dealers.
I feel like it's tough to transpose the mindset of 1995 into the zeitgeist of 2015. The average citizen of 1995 was a lot less sensitive to the every day minutia of disparate civil rights flashpoints that culminate to create the picture we have of civil rights today. There is also a lot more deliberately controversial political content produced by today's media which sets up an environment where there's something of an implicit expectation that everyone will or should have a "stance" on every political issue. The world of 2015 is one where every average citizen has their own set of pet grievances that are wont to implicate the government in a violation of civil rights.
Can you imagine how the citizens of 1995 would have reacted to a Snowden of the time? It'd be a complete non-event.
From what I can see, it looks like GitHub employee @jakeboxer explicitly took the GamerGate one down to satisfy a feminist called @nexxylove because she claimed it contained "stalking and harassment" documents. http://imgur.com/AgSwrE2. This is the same individual claiming to be "astounded and really fucking angry" at the Intel/Gamasutra fiasco part of Gamergate (http://i.imgur.com/l1Uwkvd.png)
Yep, not evident from the transparency report that repos get taken down so casually, with other users protesting. [I'm guessing it probably didn't contain those sort of instructions, and they can't claim so in the transparency report, because that would be libelous.]
Either these takedowns need to be documented in the report, or the reasoning should be on the repo itself (i.e. "broke rule x" or "offended too many users" (which hopefully isn't a reason something is taken down)).
GitHub seems to be following the Reddit moderation style of "nothing that's illegal, or against our rules, or stuff that makes us look bad which we decide when we get grumpy emails"
I agree 100% with what you're saying. Do you have any ideas what can we do to improve the state of affairs? Sure, building better software, with better crypto is part of the way, but we need cultural/political/social change, and I have no idea how this should be approached. Most people don't care, sadly. How to make them care, before it's too late (i.e when changing the situation involves violence)? We know we have a problem (well, a lot of problems), I suggest we all try to think how to solve them.
So, I would assume it's fairly safe to say they got 249 NSLs or am I missing something about how people are using ranges to go about skirting this ridiculous law? Obviously it could be within that range, but that's an oddly specific number.
I read that as: "We can't disclose the exact number. The possible bins are: 0-249, 250-499, 500-749, 750-999, ... This year, the number is in the bin 0-249." (not an actual quote)
What if I created a band containing 0 and some urealistically high numbers? For example what if my band would include [0,1M-1M+248]. Everyone knows that 1M+ is unrealistic, so...
I believe the judge would say something that translates roughly to "don't be a wiseass". That, and the guidelines in the above-linked pdf specify bands of either 0-999 or 0-249.
My guess is that it's to hide how widespread the program is. If loads of companies were saying 1-249 instead of 0-249 we'd be able to see how many companies they're hitting. As it is we can't see that and presumably that lack of accountability makes abusing processes simpler for them.
I think a judge chose it for them in a lawsuit brought by twitter, but I could be wrong because I wasn't following the news closely at the time. Their preferred value was infinity.
The most interesting take down seemed to be the one from the "The Federal Service for Supervision of Communications, Information Technology, and Mass Media of the Russian Federation".
Now you first thing it would be some anonymity tool or something like that, nope it's an empty repo with a 32 ways of how to commit suicide in the repo notes including what you need and how long it will take you to die.
Not sure why GitHub only blocked access to that content from Russian IP addresses rather than removing the repo completely like they did with cases in which the repo was actually used for legitimate purposes...
> Total Request from Subpoenas, Court Orders, and Search Warrants = 10
> Percentage where information was disclosed 70%
> Percentage where users were informed of the request 43%
EDIT: I am not smart. I didn't think of that percentage that received information on the disclosure of information and was thinking in terms of total subpoenas.
How is it not 40% or 4 users and we get 43%? One person only got 1/3 of the information?
10 requests for information, 7 responded to, and then 43% of those seven requests has the user informed. How do we get 43% of seven?
Edit - ok next paragraph tells me 10 requests for 40 accounts.
To me this seems pretty low - given that GitHub has millions of accounts, that only 40 got suspected of being involved in crimes seems amazingly low. Or that not even criminals store their secret bank robbery plans in free online hosting services :-)
In the spirit of getting a more exact estimate, would it be possible to hire a registered-agent type service (a commercial 3rd party) that posts the image of every manila envelope it forwards on to the company HQ?
So basically the only government they bent over backwards for was the Russian government. Wish they actually showed some spine like they did with China.
It could be for non-public information, could it not? Private repositories are one obvious, but hidden email addresses and IPs could easily be targets. And maybe they want the public information but in an easy-to-manage format. When you've got the tools, it's probably easier to say "Give us every commit log entry for these ten users" rather than go search for it yourself.
> And maybe they want the public information but in an easy-to-manage format
Would there be any legal requirement to satisfy such a request? Why should a business expend resources to do something the police could do on their own?
Various freedom of information laws acknowledge the importance of information being provided to the requester in a machine readable format, when that information originates from such a system. I'm not arguing that this applies to police asking a private entity for information, just that the courts/regulators are not ignorant about the difference between machine-readable data and "oh just do a search and copy-paste it from the website".
If you ever click "merge pull request", github makes the merge commit for you. That means they get to decide the SHA and the full contents of the commit. I'll leave the potential consequences as an exercise to the reader.
I guess the only protection against this would be to either never press the merge button in github, or repeat the merge locally and check there is no diff against the remote merge.
By breaking SHA1 you could covertly edit older commits, but existing contributors would still have the original version. As soon as somebody edits code at the intrusion it would be discovered because it would merge cleanly locally but cause a merge conflict on github.
Of course on big projects a lot of the code isn't touched in years but we're talking about revealing that somebody broke SHA1. It sounds very risky given the stakes.
> Or is it to be able to "subtly add code" to existing repositories without being seen ?
I don't think it's this---I understand it to be basically impossible to mess with git repository histories without people noticing. I guess they might try to sneak it in as a new commit, but hopefully others on the project are inspecting things???
Git commits are hashes of the patches, right? So, while it would be difficult to change the blockchain of bitcoin because its widely distributed and computationally expensive, it wouldn't be too hard to do it to git.
Process would be something like:
-- Take the original chain.
-- Identify a patch in the past where you want to insert the code
-- Check out back to that patch
-- Make the change
-- Roll forward with all the following patches re-applied (with new hashes of course)
-- Replace the repo with the new repo.
The end result is that hashes would change. So if you were talking to people about a particular patch using its hash, or telling people a particular release is set at a particular hash, you would notice when this changes. So it wouldn't be invisible using this method.
An alternative approach might be to generate a series of innocuous code changes that will produce the end result of restoring the hashes of the latest commit to what they should have been before the change. This might be extremely difficult or computationally intensive, unless the hash algo is weak.
But it seems theoretically possible, unless I'm missing something about how git works.
That's what `git rebase --interactive` does (which has been described as being “a bit like git commit --amend hopped up on acid and holding a chainsaw–completely insane and quite dangerous but capable of exposing entirely new states of mind”[0])
The scenario described happens frequently when people `git push -f` a rebased tree, and it certainly does not go unnoticed by other developers on the project — more “havoc” than “subtle”.
> Or is it to be able to "subtly add code" to existing repositories without being seen ?
Come on now, this is not productive to speculate on. This is "the CIA is controlling the population by putting chemicals in your water supply!" level stuff.
So, according to you, they (agencies from US, China, Russia, etc) never cross lines that you and me would never cross? They never tried to broke security, sabotage, ..., or hack someone?
I'm not talking about moon or UFO's conspiracies. I'm talking about things that, according to leaks and official documents, they already did in the past and keep doing today.
This is something else. Basic rationality demands that we not treat something as truth until we have evidence of it.
The existence of bad actors does not mean an abandonment of critical thinking! Critical thinking in this case tells us that compromising a git repo is a horrible idea, mostly because even if you broke SHA and even if you managed to slip the code in undetected, the jig is up the moment somebody makes a conflicting change in that file, wonders what's going on, and then discovers that the server copy does not jibe with the local copy.
But we can't blindly defend governments, agencies or countries and attack someone just because their opinion or ideia doesn't fit on the "official version".
There is also a big deference between what I did (considering the ability to do something) and accuse them of doing something. You don't need evidence to think if they can or not do it.
> I'm talking about things that, according to leaks and official documents, they already did in the past and keep doing today.
Please cite an official document that shows the US government forcing GitHub to secretly modify the source code of a project in one of its repos.
As far as I'm aware, they've literally never done that, and to suggest they have means you have to show evidence that such a thing has taken place.
This is some Fox News level bullshit. "How do we know the FBI hasn't raped and murdered a girl in 1990? They've never come out and specifically stated they haven't!"
diminoten, you started by comparing one of @balls2you questions to a plan/plot/conspiracy. I commented saying that just because it's something you think that no government would ever do, doesn't means that they don't do it. I compared it to the NSA leaks, because until Snowden, everyone that talked about NSA (and other agencies) controlling the internet was called crazy. Now we now that those guys weren't that crazy.
I'm not saying that the US (or other country) government did change some code on some repo on Github, what I'm saying is: if they want, they can do it legally or illegally. Do you understand my comment now?
I've always understood your comment, what I don't agree with is the need to state it now.
When we make statements, we do so with context, and in this context, stating "the US government could do X" is implying that, yes, in fact the US government did do X.
Furthermore, saying "we don't know they didn't" is a specious argument, at best, because it suggests they did do X, when in reality they're no more likely to have done X, than I am to have done Y, which is some arbitrary other thing which is, while in the realm of possiblity, a complete waste of time to consider.
There exists, within the set of possible things, a set of things which are not among the greater set of things one must consider. The US government secretly forcing GitHub to modify source code in one of their repositories is one of those things that we can safely not consider, even though it is, you're right, technically and politically possible.
On the other hand, consider a computer system. If you wish to have a secure computer system, you try to design it in such a way so as to make undesired behaviour impossible. For example, we spend a lot of effort looking at weaknesses in our systems and saying, "Well, someone could overflow this buffer here and get root access". Our reasoning is that if it is possible, it is probably only a matter of time before someone actually exploits it.
So while I completely relate to your feeling of trying to avoid conspiracy theory fantasies of "how do we know they haven't done that", I think it is probably not a good idea to say, "[this] is one of those things that we can safely not consider, even though it is... technically and politically possible".
Whether or not it has happened in the past, we probably don't want it to be possible and we probably should consider to consequences of what would happen if the government decided to take that action. 'Eternal vigilance is the price of liberty,' and all that rot.
"Good germans," even years after war, were certain there's no way their government could have perpetrated something like the holocaust and were convinced it was just allied propaganda.
Hence the phrase "good germans" for people who believe anything the government tells them, without question, despite the history of government criminal activity, pretty much nonstop going back to the revolution. (Hell, imposing the constitution was done by a coup, there was no mechanism for replacing the prior government, so they just did it with fait accompli. That said, I wish we operated under that constitution, then there would be no need for these reports to reveal just how many people's (in bands of 250) constitutional rights are being violated.)
the thing about that claim is that they did try (LSD in drinking water as part of MKULTRA), that it didnt work doesnt really matter, if they thought they could again you could bet your bottom dollar that they would try again.
The combined letters "water" shows up in that text 7 times. In all but one of the cases, it's because of Senator Barry Goldwater's name is in the report.
In the remaining case (the only time the word 'water' itself shows up) is this sentence:
> One police writer claims that the threat of scopolamine interrogation has been effective in extracting confessions from criminal suspects, who are told they will first be rendered unconscious by chloral hydrate placed covertly in their coffee or drinking water.
Which is absolutely unrelated to putting chemicals in the drinking supply of a population in an attempt to mind control them.
Try searching for "unwitting". I think it's completely fair (and true) to state that past government programs tested chemicals on unwitting Americans and foreigners. Might not have literally been attempts at "mind-control" or "tainting water supplies with psychedelics", but misdirection and abuse of power definitely occurred and continues to occur.
"In order to meet the perceived threat to the national security, substantial programs for the testing and use of chemical and biological agents-including projects involving the surreptitious administration of LSD to unwitting nonvolunteer subjects "at all social levels, high and low, native American and foreign"-were conceived, and implemented. These programs resulted in substantial violations of the rights of individuals within the United States."
>Then what the fuck are we talking about?
Seriously, what the fuck are you doing?
I'm beyond tired of folks derailing conversations like what you've just done.
So much anger, in such a personal form. Why the chip on your shoulder?
This thread, while straying from the content of the submitted post, has come to be about your implication regarding CIA and mind control. I have admitted that the CIA directly participating in mind control efforts via water supply poisoning seems outlandish, while pointing out that you are overlooking some crucial tidbits in the above link. The CIA has participated in some unsavory experiments on unknowing citizens in the past. While NSLs and the CIA have a tenuous connection at best, you did indeed bring the CIA into the conversation in the first place. I'd say that pointing out past government indiscretion (MKULTRA) is fair game, when we are considering the merits of another (NSLs).
When people compare to the Stasi... do you even know what you are talking about? Yes surveillance is bad but encouraging people to tattle on each other is worse and encouraging children to report on their parents is horrific. Read http://competentcommunicator.blogspot.ca/2010/10/sentence-ab... much is lost in translation but perhaps some comes across.
That's a good point. Regardless of ideology, removing repositories like this and not mentioning it in the transparency report doesn't instill a lot of confidence in Github's desire to be truly transparent.
IMO for Github to be trustworthy, they would only remove repos when required by law and then they should end up in this report.
Oh okay, in that case I can understand why it was taken down. I'm assuming you're https://github.com/untitaker, and I respect your projects a lot. Did you get any troll PRs from them? My impression at the time (from reading news articles and the Geek Feminism wiki) was that it was taken down without any cogent reason.
[Also, someone seems to have flagged my original comment so it isn't visible. Could they unflag it, so people can follow the conversation, and how my viewpoint changed? Aside: bit funny that this happened in my comment about censorship against unpopular viewpoints.]
Yeah, Hacker News is full of not only censorship, but doing it secretly. I've been on this site since at least 2007.
For instance, I once had my account hellbanned for talking about how I'd met grace hopper as a kid. Seriously, was the only post in weeks and then poof, gone.
The unaccountable unelected masters of Hacker News have acted extremely capriciously and in a very politically biased fashion in the past.
I know there have been changes, but Hacker News should have a transparency report. Or some transparency.
Then why were the forks also disabled? Terminating an account, fine, and perfectly legitimate if they were actually doing that, but also flattening everyone else's copy? That's a bit heavy handed for a parody, don't you think?
Do you carry that axe and a grindstone everywhere?
(A more neutral way to share your concern might be “I would also like to see some transparency around TOS takedowns, and not just takedowns instigated by third parties.”)
I would request you to refrain from personal attacks.
I don't know if it was a ToS takedown at all. Look at what the page[1] says -- "Access to this repository has been disabled by GitHub staff. Contact support to restore access to this repository." Geek Feminism's wiki [2] says "Misogynist C Plus Equality satire project announced and repositories were created on GitHub and BitBucket, with commits impersonating various geek feminists. GitHub removed it quickly." without mentioning a reason.
A metaphorical suggestion that you have an axe to grind is a description of your behaviour, not a criticism of you as a person.
You obviously dragged your baggage into this discussion. It’s your baggage, drag it everywhere you like, but do not be surprised if you get called for ranting about feminist conspiracies in tech in a discussion that is not about feminism.
Sure, GitHub has taken some repos offline. Fine and good to suggest that it would be helpful for them to report on these things, in this or another report.
Excellent to bring up an example that matters to you personally. You’re invested in it, you feel strongly about it.
But the moment you started to talk about tech culture as a whole and some bias the industry may have with respect to feminism, you left the subject matter behind.
Since Andrea Dworkin died in 2005, I'm not sure how she could have a github account today, so the "impersonation" claim might be a little thin. I think it would be akin to creating a github user called "ErwinRommel" or something -- referencing a well known person who isn't around any more.
Not every slope is slippery. There is nothing wrong with getting rid of obvious trolls and doing so is not an indication of future censorship of genuine debate.
It's not really about debate though. It's about policy. Repos should be sacred. It doesn't matter what they contain (as long as it's legal). Github shouldn't have an ideology. Would you trust Google if they started filtering pro or anti feminist results from their search? Github should never remove a repo unless they're forced to by law.
There is a line there. I can't set fire to your home and call it art to avoid punishment. Why should I be allowed to figuratively set fire to your corner of the internet in the name of art?
You realize that Github pretty much did exactly that with the repo, right?
It was a silly, somewhat mean-spirited project, but it lived in its own dumb little bubble and didn't hurt anyone who didn't choose to go there and be outraged.
They did not set fire to anything. They repudiated their relationship with something.
Compare them to a bookstore. Say the bookstore sends some books back to the publisher (without saying why, but maybe the owner didn't like the paper or something). The bookstore might not be a very good bookstore, but it hasn't burned any books.
Anybody hosting the only copy of anything on Github is making a mistake, so it isn't fair to use an analogy implying that they destroyed something.
Given that Github is now big enough that Google is hosting their code there, I think that view needs to be a bit more nuanced. Yours is a very slick reply that could easily be a boilerplate one for, say, privacy concerns with Google -- "Hey, it's their service, they can do whatever they want".
That's fine, but if they subsequently publish a Transparency Report that isn't very transparent about some things, it's probably a good thing to call them out on it. Would you agree?
Actually, on second thought -- I'm not at all convinced that it was trolling (and have changed my "trollfest" description to "heavy-handed parody"). I said "troll" because everyone else did, and I suspect the same is true of you. At what point does making comments to your own repo constitute "trolling"?
"Heavy-handed parody" and "trollfest" aren't mutually exclusive. Parody is the overarching category that can include both trolling and satire. The difference between the two is motive. A troll's only goal is to get a response, usually through anger and outrage. While a satirist is using parody to actually change opinions. Trolling is an aggressive action. Satire is a political action. I am perfectly fine protecting the later while punishing the former.
> How many repos they took down that weren't malicious in any way, but simply didn't gel with the tech industry's current strongly pro-feminist attitude?
Through precisely which mechanisms do you believe that repositories are being removed due to anything resembling "pro-feminist" ideology?
Does github have a "report this repo for not being feminist enough" button that i've been missing all this time?
> Through precisely which mechanisms do you believe that repositories are being removed due to anything resembling "pro-feminist" ideology?
My guess is, internally. Someone says, "Ugh, we don't want these anti-feminist people pushing commits to this repo, let's disable access to it."
> Does github have a "report this repo for not being feminist enough" button that i've been missing all this time?
I appreciate the heavy sarcasm, but if you think about it, it's a bit chilling. Github, which stood up to the Chinese government, is not strong enough to stand up for the rights of its users who want to make an anti-feminist parody language.
Both individuals and groups tend to resist opposing view points as it stirs conflict and disagreement. So it's much simpler to remove repos with anti-feminist ideology.
While Github held out against the Chinese, they did not make any outward statements of accusation towards the Chinese government in a smart move. That form of political tension is better handled by the United States government such that Github does not face further backlash. Github's role was purely technical: stopping the DDoS.
Github decided to do something. Nobody forced them to do it. They decided. We also don't know on what terms they decided to take that repository down.
Positioning feminism as an outside pressure group that is more powerful than the Chinese Government is pretty weaselly framing, so... ¯\_(ツ)_/¯ you tell me who's trying to chill whom.
This sure looks like feminist pressuring: http://imgur.com/AgSwrE2.png Notice how the other users are protesting?
Imagine if the Chinese Government sent a tweet to Github and they took down the "offensive" repos at one stroke over the protests of dissenters. Why do you think this case is special? If it contains personal info or something (which I strongly doubt, by the way), fine. Take it down, and mark it as such -- and put it in your “Transparency Report”.
A anti-feminist parody language was censored by github ?
I'm a little confused here.
So someone was making fun of people who are anti-feminists, and then it was censored ?
A group called this "Feminist Software Foundation", which is apparently comprised of trolls/jokers from 4chan. I think that they were making fun of (i.e. parodying) feminists, not anti-feminists.
The warrant canary is probably the existence of the sentence "Until such time, we are not even allowed to say if we've received zero of these reports". Watch that space.
No. The "time" it's "until" is after "The courts are currently reviewing the constitutionality of these prior restraints on free speech, and GitHub supports the efforts to increase transparency in this area.".
Until the courts change the law and say they can say if they've received zero of these reports or not, they are not allowed to. There is no 'warrant canary'. It would be illegal, and Github is not telling you they are going to break the law, they are telling you they are supporting efforts to change the law, but until such time, they will have to comply, and they can't tell you if they received any.
Until they receive 250, and then they can say they received somewhere in the range of 250-499.
That we admit this, that our government is acting in a criminal fashion, in conflict with the constitution, and we have accepted it as "normal" is just proof that we are frogs who think the water is just fine.
We should be outraged and demanding prosecutions and investigations. But of course, who owns the prosecutors and the investigators? The government.
And we've been taught by government schools to be "good germans" (Eg: to give the benefit of the doubt and wide latitude to government.)