From baf6a80789db3d7017dbaa196b03731430a8a3b3 Mon Sep 17 00:00:00 2001 From: humanacollaborator Date: Tue, 6 Apr 2021 21:05:28 -0400 Subject: [PATCH] demote Codeberg for abusive and destructive conduct against many repos --- README.md | 4 +- codeberg.md | 204 +++++++++++++++++++++++++++++++++++++++ forge_comparison.md | 18 ++-- input_data/forges.sql | 12 +-- tools/gen_forge_table.sh | 4 +- 5 files changed, 223 insertions(+), 19 deletions(-) create mode 100644 codeberg.md diff --git a/README.md b/README.md index b365523..e222ab5 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,3 @@ -# humanacollabora +# Collaboration tools -Collaboration tools \ No newline at end of file +* [Comparison](forge_comparison.md) of software forges. diff --git a/codeberg.md b/codeberg.md new file mode 100644 index 0000000..ef4fdb1 --- /dev/null +++ b/codeberg.md @@ -0,0 +1,204 @@ +# Codeberg's Censorship, Attack on Transparency, and Attack on Cloudflare Resistance + +Codeberg hosted the Cloudflare-Tor project. In 2021, Codeberg took +down the project alleging libel. + +## what the Cloudflare-Tor (CFT) project is + +The Cloudflare-Tor (CFT) project is a non-profit charitable effort to +promote decentralization, network neutrality, and privacy with +Cloudflare (a top adversary of that cause) as the core focus. CFT +project provides a variety of free software tools to help protect the +general public from Cloudflare. An important component of protecting +the community from Cloudflare is documenting websites that subject +people to the harms of Cloudflare by maintaining a massive list of +websites to avoid. + +Unlike other tech giant adversaries to the CFT cause such as GAFAM +(Google Amazon Facebook Apple Microsoft), Cloudflare operates +surreptitiously and largely unknown to the general public, despite +having access to ~20-30% of the world's web traffic. Their existence +is so much in the shadows that privacy orgs like EFF are largely +oblivious to the threat of it. Mainstream privacy orgs not only +neglect to protect web users from Cloudflare, but some of them +actually naively use Cloudflare themselves and unwittingly work +against their own interest and declared purpose. Some privacy and +ethics advice sites like +[Switching Software](https://switching.software) actually recommend +Cloudflare sites to those who entrust them to give advice pursuant to +their own stated purpose. + +The problem is so rampant that it became important for the CFT +project's tracking of the Cloudflare problem to start keeping track of +organizations and the pseudo-anonymous aliases of representatives who +were spotted publicly promoting Cloudflare. + +## Codeberg-inflicted censorship + +Allegedly in response to complaints, Codeberg shut down the CFT +project and issued +[this statement](https://codeberg.org/Codeberg/Community/issues/423#issuecomment-187783) +to contributors, and posted +[this blog announcement](https://blog.codeberg.org/on-the-cloudflare-tor-takedown.html). + +### Analysis of Codeberg's e-mail + +> "target lists", with personal data, lists of employment status, +> social media identities, + +Calling it a "target list" entails a presumption of how the list is +used. For example, if a threat actor wants to join the CFT project to +gain access to our internal operations, it is not CFT targeting them +but rather CFT avoiding being targeted by their adversary. + +Transparency is essential in exposing the corporate bias behind the +information and advice you are getting. For example, a forum for talk +about bicycles might require Brompton representatives to be tagged as +such so that other users are aware of the bias behind their posts. It +would actually be reckless *not* to identify such conflicts of +interest. This is particularly important when dealing with Cloudflare +because they have proven to publish misinformation regularly. +Codeberg's move to conceal who represents a company ultimately +promotes corruption and deception. + +CFT has also been attacked several times and sometimes at the hands of +insiders who gained trust by posing as those who support the CFT +cause. + +Are forums hosted in Germany really forced to conceal such conflicts +of interest from the public? Unlikely. + +For Codeberg to allege CFT tracks "personal data" with social media +identities is perversely deceptive. CFT did not track personal data +or dox any social media identities. The social media identities were +listed and only *public* data was shared -- data that is already +public on platforms like Twitter. Personally identifiable information +was not collected on social media aliases even if it was public. + +> Publication of such data, no matter if true or not, without the +> explicit consent of the person in question is illegal in EU. + +When a user posts a tweet, they do so with consent to the publication +of that tweet. If Codeberg's assertion above were true, then Nitter +would be banned in Germany for republishing the tweets of Germans. We +know this is not true because Germans have access to the Nitter +network. + +Codeberg's false accusation of illegal activity came with destructive +removal of forked repositories +[without warning, without redress, and while refusing explanation](https://codeberg.org/shadow/SpywareWatchdog/issues/77#issuecomment-188170) +to the users whose data they destroyed. + +In response, Codeberg +[claims](https://codeberg.org/shadow/SpywareWatchdog/issues/77#issuecomment-188178) +they had to act immediately to what they perceived as illegal +activity. Even if we were to accept that the already public data +somehow became sensitive merely by replication, the correct +non-reckless action is to quarantine the data in a non-public state +until court proceedings or settlement could commence. For Codeberg to +destroy people's work, and also destroy what they believed was +evidence of illegal activity was nothing short of reckless. + +A take-down request implemented properly and fairly to all sides is +temporary and non-destructive of the artifacts. + +> - This includes using personally identifiable information of other +> people without their consent for feigned commit author names and email +> addresses, potentially incriminating non-participants of acts of +> privacy violation and leaking proprietary information. + +This is just a statement of Codeberg's interpretation of law. Note +that Codeberg does not accuse CFT of this, as doing so would be libel +against CFT. So it's unclear what purpose this statement serves other +than to imply an accusation without stating it. Such weasel wording +is designed to deceive the public while dodging legal accountability. + +> - Considering reports we received, a significant number of claims and +> statements were factually false. + +CFT has received only one complaint. It involved one social media +alias that was listed and it turned out to be a misunderstanding +surrounding the word "*support*". The listed party claimed to not +personally condone Cloudflare and thus claimed to not be a Cloudflare +"supporter" on that basis. But investigation of +[public statements](https://codeberg.org/swiso/website/issues/141#issuecomment-69593) +by that individual revealed that the other party actually supported +Cloudflare operationally. + +> The pure existence of lis ts "Enemies of X" is by all rational means +> unlikely to have any other purpose than public shaming, defamation, +> threatening and libel. These are generally considered illegal in +> German law and elsewhere. + +The mere existence of a list of Cloudflare supporters certainly does +*not* imply shaming. The list *can potentially* be used for shaming +or praising, as well as in countless ways orthogonal to both praise +and shame. Codeberg further produces no evidence that the list was +used for shaming (which should be quite easy to do if they've had +complaints on the scale that they allege). + +It's important to establish bias so that readers can assess the +accuracy of statements made by someone who is biased. This is why +aliases of those entrusted with advice on matters of privacy were +collected. It's important to track the underlying bias behind privacy +advocacy sites to address the problem of detrimental advice. + +### Analysis of Codeberg's Blog Announcement + +Codeberg [said](https://blog.codeberg.org/on-the-cloudflare-tor-takedown.html): + +> In the last couple of days, we have received multiple inquiries to +> remove **sensitive information** from the crimeflare/cloudflare-tor +> repository and all clones and forks of that repository hosted on +> Codeberg.org. + +(emphasis added) + +Data published by Twitter and public forums is not sensitive. Anyone +who posts in a public space and later has regrets, they have only +themselves to blame. + +Privacy is like virginity: once you lose it, you can't have it back. + +> We have been made aware that this repository contains lists of +> usernames that are either linked with their Codeberg profile or +> their social media accounts and allegedly blamed as Cloudflare +> supporters without an evidence + +CFT was never asked for evidence. Only one complaint was received. +It was investigated and evidence was provided. + +> We started a discussion with the maintainers of this repository and +> asked to remove these sensitive information, that are apparently for +> shaming people (defamation), + +CFT did not "shame" or "defame" anyone, and no evidence was given to +that effect. Codeberg admitted earlier that their assumption is that +a list of Cloudflare supporters inherently shames people. Yet the +list is objective. It's for the reader to decide if the list is of +shame or of pride. No value judgment was expressed by the CFT +project. + +> According to GDPR, we are obligued to remove sensitive user +> information as soon as a concerned person demands us to do so. + +CFT complied. Even though the sole complaint lead to an investigation +that found the data accurate, it was removed anyway and therefore CFT +was (and remains) in compliance with the GDPR right to be forgotten. +Yet Codeberg still removed the project despite immediate compliance. + +> People reaching out to us and to the maintainers of the repository +> itself tried to make clear that they do not consider themselves as +> Cloudflare-supporters, but critical opponents of this company, and +> thus could not even imagine a reason for being listed there. + +CFT only received one complaint regarding one individual. CFT +complied with the GDPR. + +> We can not accept anyone attacking and threatening us and our users +> (or anyone for that matter), or inciting others to do so. + +This is weasel wording, as directly accusing CFT of attacking or +threatening Cloudflare supporters would constitute libel on the part +of Codeberg. So they try to imply it. These claims can only be +ignored in the absence of evidence. diff --git a/forge_comparison.md b/forge_comparison.md index 1d65070..c9b434c 100644 --- a/forge_comparison.md +++ b/forge_comparison.md @@ -5,33 +5,33 @@ The following forges have no significant ethical issues: -| *forge* | *registration publicly open* | *software* | *Tor-hostile* | *sensitive info exposed to CloudFlare* | *forced re/hCAPTCHA* | *forced execution of non-free software* | *notes* | +| *forge* | *registration publicly open* | *software* | *Tor-hostile* | *Cloudflare sees all traffic* | *forced re/hCAPTCHA* | *forced execution of non-free software* | *notes* | |---|---|---|---|---|---|---|---| -[codeberg.org](https://codeberg.org)|🟢|Gitea|n|n|n|n|censored an anti-Cloudflare project; functions without any JavaScript and the JavaScript that exists is all 1st-party ([ref](https://github.com/privacytoolsIO/privacytools.io/issues/843#issuecomment-483830547))| [git.fuwafuwa.moe](https://git.fuwafuwa.moe)([🧅](http://git.fuwafuwaqtlkkxwc.onion))|🟢|Gitea|n|n|n|n|SSH over Tor broken; HTTPS over Tor works| [git.nixnet.services](https://git.nixnet.services)|🔴|Gitea 1.13.1|n|n|n|n|formerly git.nixnet.xyz| [git.sdf.org](https://git.sdf.org)|🟢|Gitea 1.13.1|n|n|n|n|SSH over Tor broken but HTTPS over Tor works| -[git.disroot.org](https://git.disroot.org)|🟢|Gitea 1.13.6|n|n|n|n|SSH over Tor works| +[git.disroot.org](https://git.disroot.org)|🟢|Gitea 1.13.6|n|n|n|n|SSH over Tor works; based in NL| [git.slashdev.space](https://git.slashdev.space)|🟢|Gitea 1.13.6|n|n|n|n|SSH over Tor broken (try HTTPS over Tor)| [notabug.org](https://notabug.org)([🧅](http://qs3zumwfci4tntnd.onion))|🟢|Gogs|n|n|n|n|based on [liberated](https://notabug.org/hp/gogs) fork of Gogs; [supports Tor](https://notabug.org/tor) (the *onion* web UI is currently disabled in response to attack but the onion site accepts git connections); supports SSH keys and SSH over Tor to NAB's onion service; no e-voting; NAB doesn't associate PGP keys to users, so PGP signed commits may be unavailable or more manual work needed.| [launchpad.net](https://launchpad.net)|🟢|Launchpad|n|n|n|n|It's [unknown](https://wiki.freephile.org/wiki/Comparison_of_git_hosting_options) whether it functions without JavaScript; no wiki| [sr.ht](https://sr.ht)|🟢|Sourcehut|n|n|n|n|javascript-free| -[framagit.org](https://framagit.org)|🟢|Gitlab (CE)|n|n|n|n|| [git.jami.net](https://git.jami.net)|🟢|Gitlab (CE)|n|n|n|n|possibly restricted to Jami efforts; acces to help page blocked to non-members so CE/EE unknown| [gitlab.freedesktop.org](https://gitlab.freedesktop.org)|🟢|Gitlab (CE)|n|n|n|n|possibly restricted to Freedesktop efforts| [gitlab.gnome.org](https://gitlab.gnome.org)|🟢|Gitlab (CE)|n|n|n|n|possibly restricted to Gnome efforts| [gitlab.torproject.org](https://gitlab.torproject.org)|🟢|Gitlab (CE)|n|n|n|n|open registration; repo creation possibly restricted; Google reCAPTCHA is [allegedley](https://lists.gnu.org/archive/html/repo-criteria-discuss/2021-03/msg00000.html) used, but [not at registration time](https://gitlab.onionize.space)| [source.small-tech.org](https://source.small-tech.org)|🔴|Gitlab (CE)|n|n|n|n|| -[source.puri.sm](https://source.puri.sm)|🟢|Gitlab (EE)|n|n|n|n|open registration; *not* restricted to puri.sm efforts; no CAPTCHA (confirmed March 2021)| +[framagit.org](https://framagit.org)|🟢|gitlab_ce 13.10.2|n|n|n|n|| +[source.puri.sm](https://source.puri.sm)|🟢|Gitlab (EE)|n|n|n|n|open registration; *not* restricted to puri.sm efforts; no CAPTCHA (confirmed March 2021); is the JavaScript non-free with the enterprize edition?| ## Graylist -These forges are not as seriously flawed as the blacklisted ones, but they should still be avoided if possible. Non-Cloudflare sites that use a Cloudflare NS server pose a risk for disruptions because they can trivially and spontaneously flip a switch and route all your traffic through Cloudflare, potentially cutting access to some of your contributors. Dead sites are also graylisted because if they come back online, they are known to be unreliable. +These forges are not as seriously flawed as the blacklisted ones, but they should still be avoided if possible. Non-Cloudflare sites that use a Cloudflare NS server pose a risk for disruptions because they can trivially and spontaneously flip a switch and route all your traffic through Cloudflare, potentially cutting access to some of your contributors. Dead sites are also graylisted because if they come back online, they are known to be unreliable. Codeberg is graylisted for falsely accusing a repository of illegal conduct and deleting the content of all forks from that project without evidence or redress. -| *forge* | *registration publicly open* | *software* | *Tor-hostile* | *sensitive info exposed to CloudFlare* | *forced re/hCAPTCHA* | *forced execution of non-free software* | *notes* | +| *forge* | *registration publicly open* | *software* | *Tor-hostile* | *Cloudflare sees all traffic* | *forced re/hCAPTCHA* | *forced execution of non-free software* | *notes* | |---|---|---|---|---|---|---|---| ([🧅](http://githidep2hynhdmutuv7n2tei4iie2c7lyqz5fes3r5zzoxe5dshtxyd.onion))|💀||n|n|n|n|**dead site**| [sourceforge.net](https://sourceforge.net)|⛔ (exclusive walled garden)||n|n|n|n|**access granted or denied based on national origin**; Important site [functionality does not work without non-free JavaScript](https://www.gnu.org/software/repo-criteria-evaluation.html); access granted or denied based on national origin| +[codeberg.org](https://codeberg.org)|🟢|Gitea|n|n|n|n|Based in Germany; [censored an anti-Cloudflare project](codeberg.md) in a reckless and destructive manner; functions without any JavaScript and the JavaScript that exists is all 1st-party ([ref](https://github.com/privacytoolsIO/privacytools.io/issues/843#issuecomment-483830547))| [yerbamate.dev](https://yerbamate.dev)|💀|Gitea|n|n|n|n|**dead site**| [git.teknik.io](https://git.teknik.io)|🔴|Gitea 1.9.0|n|n|n|n|**Cloudflare NS server** (they can route all traffic via CF at the flip of a switch)| [git.hardenedbsd.org](https://git.hardenedbsd.org)|🟢|Gitlab (EE)|n|n|n|n|**Cloudflare NS server** (they can route all traffic via CF at the flip of a switch); possibly restricted to BSD efforts| @@ -40,12 +40,12 @@ These forges are not as seriously flawed as the blacklisted ones, but they shoul These forges have severe ethical or trust issues and should be boycotted: -| *forge* | *registration publicly open* | *software* | *Tor-hostile* | *sensitive info exposed to CloudFlare* | *forced re/hCAPTCHA* | *forced execution of non-free software* | *notes* | +| *forge* | *registration publicly open* | *software* | *Tor-hostile* | *Cloudflare sees all traffic* | *forced re/hCAPTCHA* | *forced execution of non-free software* | *notes* | |---|---|---|---|---|---|---|---| -git.openprivacy.ca|⛔ (exclusive walled garden)||👁|n|n|n|Tor users get 404 - suspected botnet; [listed](https://codeberg.org/crimeflare/cloudflare-tor/src/branch/master/cloudflare_users/cloudflare_supporter.txt) as a Cloudflare supporter| github.com|⛔ (exclusive walled garden)||👁|n|n|☣|**access granted or denied based on national origin**; [copious ethical issues](github.md)| bitbucket.org|🟢|Bitbucket Server|n|n|n|☣|**Amazon AWS-hosted**; needs non-free javascript that [clusterfucks uMatrix](https://github.com/privacytoolsIO/privacytools.io/issues/843#issuecomment-483830547); has some relationship with Netlify; access to source code [restricted](https://en.wikipedia.org/wiki/Bitbucket#Bitbucket_Server)| libregit.org|🔴|Gitea|n|🌩|n|n|reg by invite only| +git.openprivacy.ca|⛔ (exclusive walled garden)|Gitea 1.12.4|👁|n|n|n|Tor users get 404 - suspected botnet; [listed](https://codeberg.org/crimeflare/cloudflare-tor/src/branch/master/cloudflare_users/cloudflare_supporter.txt) as a Cloudflare supporter| git.feneas.org|🟢|Gitlab (CE)|n|n|⚒|☣|reCAPTCHA impedes registration and imposes non-free s/w| gitlab.com|⛔ (exclusive walled garden)|Gitlab (EE)|n|🌩|⚒|☣|flagship instance running the *Enterprise Edition*; uses both hCAPTCHA & reCAPTCHA; heavily restricted with discriminatory policies; [copious ethical issues](gitlab-dot-com.md)| diff --git a/input_data/forges.sql b/input_data/forges.sql index 3c0833c..dd7119e 100644 --- a/input_data/forges.sql +++ b/input_data/forges.sql @@ -26,22 +26,22 @@ insert into forgesTbl (url_clrnet, antitor, forced_nfsw, nation_discrimination, insert into forgesTbl (url_clrnet, software, notes) values ('https://launchpad.net','Launchpad','It''s [unknown](https://wiki.freephile.org/wiki/Comparison_of_git_hosting_options) whether it functions without JavaScript; no wiki'); insert into forgesTbl (url_clrnet, software, dead) values ('https://yerbamate.dev','Gitea',1); -insert into forgesTbl (url_clrnet, antitor, notes) values ('https://git.openprivacy.ca',1,'Tor users get 404 - suspected botnet; [listed](https://codeberg.org/crimeflare/cloudflare-tor/src/branch/master/cloudflare_users/cloudflare_supporter.txt) as a Cloudflare supporter'); +insert into forgesTbl (url_clrnet, software, antitor, notes) values ('https://git.openprivacy.ca','Gitea 1.12.4',1,'Tor users get 404 - suspected botnet; [listed](https://codeberg.org/crimeflare/cloudflare-tor/src/branch/master/cloudflare_users/cloudflare_supporter.txt) as a Cloudflare supporter'); insert into forgesTbl (url_clrnet, software, notes) values ('https://sr.ht','Sourcehut', 'javascript-free'); insert into forgesTbl (url_onion, dead) values ('http://githidep2hynhdmutuv7n2tei4iie2c7lyqz5fes3r5zzoxe5dshtxyd.onion', 1); /* Gitea */ -insert into forgesTbl (url_clrnet, software, notes) values ('https://codeberg.org','Gitea', 'censored an anti-Cloudflare project; functions without any JavaScript and the JavaScript that exists is all 1st-party ([ref](https://github.com/privacytoolsIO/privacytools.io/issues/843#issuecomment-483830547))'); +insert into forgesTbl (url_clrnet, software, notes) values ('https://codeberg.org','Gitea', 'Based in Germany; [censored an anti-Cloudflare project](codeberg.md) in a reckless and destructive manner; functions without any JavaScript and the JavaScript that exists is all 1st-party ([ref](https://github.com/privacytoolsIO/privacytools.io/issues/843#issuecomment-483830547))'); insert into forgesTbl (url_clrnet, software, openpubreg, notes) values ('https://git.nixnet.services','Gitea 1.13.1', 0, 'formerly git.nixnet.xyz'); insert into forgesTbl (url_clrnet, software, openpubreg, cfns) values ('https://git.teknik.io','Gitea 1.9.0',0,1); insert into forgesTbl (url_clrnet, url_onion, software, notes) values ('https://git.fuwafuwa.moe','http://git.fuwafuwaqtlkkxwc.onion','Gitea','SSH over Tor broken; HTTPS over Tor works'); insert into forgesTbl (url_clrnet, software, notes) values ('https://git.slashdev.space','Gitea 1.13.6','SSH over Tor broken (try HTTPS over Tor)'); -insert into forgesTbl (url_clrnet, software, notes) values ('https://git.disroot.org','Gitea 1.13.6','SSH over Tor works'); +insert into forgesTbl (url_clrnet, software, notes) values ('https://git.disroot.org','Gitea 1.13.6','SSH over Tor works; based in NL'); insert into forgesTbl (url_clrnet, software, openpubreg, cflogin, notes) values ('https://libregit.org','Gitea',0,1,'reg by invite only'); insert into forgesTbl (url_clrnet, software, notes) values ('https://git.sdf.org','Gitea 1.13.1','SSH over Tor broken but HTTPS over Tor works'); /* Gitlab */ -insert into forgesTbl (url_clrnet, software) values ('https://framagit.org','gitlab_ce'); +insert into forgesTbl (url_clrnet, software) values ('https://framagit.org','gitlab_ce 13.10.2'); insert into forgesTbl (url_clrnet, software, hrecaptcha, notes) values ('https://git.feneas.org','gitlab_ce','unavoidable','reCAPTCHA impedes registration and imposes non-free s/w'); insert into forgesTbl (url_clrnet, software, cfns, notes) values ('https://git.hardenedbsd.org','gitlab_ee',1,'possibly restricted to BSD efforts'); insert into forgesTbl (url_clrnet, software, notes) values ('https://git.jami.net','gitlab_ce','possibly restricted to Jami efforts; acces to help page blocked to non-members so CE/EE unknown'); @@ -49,11 +49,11 @@ insert into forgesTbl (url_clrnet, software, cflogin, hrecaptcha, notes) values insert into forgesTbl (url_clrnet, software, notes) values ('https://gitlab.freedesktop.org','gitlab_ce','possibly restricted to Freedesktop efforts'); insert into forgesTbl (url_clrnet, software, notes) values ('https://gitlab.gnome.org','gitlab_ce','possibly restricted to Gnome efforts'); insert into forgesTbl (url_clrnet, software, hrecaptcha, notes) values ('https://gitlab.torproject.org','gitlab_ce','non-essential tasks','open registration; repo creation possibly restricted; Google reCAPTCHA is [allegedley](https://lists.gnu.org/archive/html/repo-criteria-discuss/2021-03/msg00000.html) used, but [not at registration time](https://gitlab.onionize.space)'); -insert into forgesTbl (url_clrnet, software, notes) values ('https://source.puri.sm','gitlab_ee','open registration; *not* restricted to puri.sm efforts; no CAPTCHA (confirmed March 2021)'); +insert into forgesTbl (url_clrnet, software, notes) values ('https://source.puri.sm','gitlab_ee','open registration; *not* restricted to puri.sm efforts; no CAPTCHA (confirmed March 2021); is the JavaScript non-free with the enterprize edition?'); insert into forgesTbl (url_clrnet, software, openpubreg) values ('https://source.small-tech.org','gitlab_ce',0); update forgesTbl set forced_nfsw = 1 where hrecaptcha = 'unavoidable'; -update forgesTbl set lst_kind = 'gray' where lst_kind = 'white' and (aws or cfns or dead or nation_discrimination or (notes is not null and (notes like '%google_cloud_hosted%'))); +update forgesTbl set lst_kind = 'gray' where lst_kind = 'white' and (aws or cfns or dead or nation_discrimination or (notes is not null and (notes like '%google_cloud_hosted%' or notes like '%censor%'))); update forgesTbl set lst_kind = 'black' where cflogin or antitor or forced_nfsw; update forgesTbl set notes = '**Cloudflare NS server** (they can route all traffic via CF at the flip of a switch)'||case when notes is null then '' else '; '||notes end where cfns; update forgesTbl set notes = '**Amazon AWS-hosted**'||case when notes is null then '' else '; '||notes end where aws; diff --git a/tools/gen_forge_table.sh b/tools/gen_forge_table.sh index 9be5390..cb49595 100755 --- a/tools/gen_forge_table.sh +++ b/tools/gen_forge_table.sh @@ -42,7 +42,7 @@ intro() printf %s\\n 'The following forges have no significant ethical issues:' ;; gray) - printf %s\\n 'These forges are not as seriously flawed as the blacklisted ones, but they should still be avoided if possible. Non-Cloudflare sites that use a Cloudflare NS server pose a risk for disruptions because they can trivially and spontaneously flip a switch and route all your traffic through Cloudflare, potentially cutting access to some of your contributors. Dead sites are also graylisted because if they come back online, they are known to be unreliable.' + printf %s\\n 'These forges are not as seriously flawed as the blacklisted ones, but they should still be avoided if possible. Non-Cloudflare sites that use a Cloudflare NS server pose a risk for disruptions because they can trivially and spontaneously flip a switch and route all your traffic through Cloudflare, potentially cutting access to some of your contributors. Dead sites are also graylisted because if they come back online, they are known to be unreliable. Codeberg is graylisted for falsely accusing a repository of illegal conduct and deleting the content of all forks from that project without evidence or redress.' ;; black) printf %s\\n 'These forges have severe ethical or trust issues and should be boycotted:' @@ -121,7 +121,7 @@ table_md() $(intro $lst)"' -| *forge* | *registration publicly open* | *software* | *Tor-hostile* | *sensitive info exposed to CloudFlare* | *forced re/hCAPTCHA* | *forced execution of non-free software* | *notes* | +| *forge* | *registration publicly open* | *software* | *Tor-hostile* | *Cloudflare sees all traffic* | *forced re/hCAPTCHA* | *forced execution of non-free software* | *notes* | |---|---|---|---|---|---|---|---| ' sqlite3 "${db_file}" "select $name_clause||case when url_onion is null then '' else '([${sym[onion]}]('||url_onion||'))' end,