humanacollabora/gitlab-dot-com.md

240 lines
14 KiB
Markdown

[//]: # (to do: merge https://libreplanet.org/wiki/FSF_2020_forge_evaluation)
[//]: # (to do: fix point 7, as adding ".git" fixes it)
# Ethical Problems with the Gitlab.com service:
There is Gitlab software, and there are services that use that
software. The software comes in two varieties: "*Community Edition*"
(CE) and "*Enterprise Edition*" (EE). The Community Edition is free
software. Several forges run Gitlab as their
backend. E.g. framagit.org, git.feneas.org, git.hardenedbsd.org,
git.jami.net, gitlab.com, gitlab.freedesktop.org, gitlab.gnome.org,
gitlab.torproject.org, source.puri.sm, and source.small-tech.org. See
the [full list](forge_comparison.md) if you're interested.
This article is only focused on the gitlab _.com_ ***service***.
These are the ethical problems with that specific instance:
1. Sexist treatment toward saleswomen who are [told to wear][sexism]
dresses, heels, etc.
1. Gitlab.com is a Google-hosted service
[of CIA agency IQT (in-q-tel)][iqt]. Consequently, the service is
inaccessible to users in Crimea, Cuba, Iran, North Korea, Sudan,
and Syria, due to [sanctions imposed][sanctions] by Office of
Foreign Assets Control of the United States. Thus
[FSF criteria C2][fsfCriteria] is unsatisfied. Quite perversely,
this actually [impacts][DoSdevs] developers who contributed free
software to Gitlab.com (without compensation), and who are now
refused service because of their national origin.
1. A survey [shows][nobugrpt] that a significant number of bug reports
are *withheld* when the bug tracker is inside a restrictive or
politically controversial walled-garden like MS Github or
gitlab.com. Even those willing and able to file a bug report are
blocked if they are in Crimea, Cuba, Iran, North Korea, Sudan, or
Syria. The chilling effect on bug reports reduces the software
quality of the commons globally.
1. Gitlab.com [proxies][cf] through privacy abuser CloudFlare.
Because we cannot check the HTTPS connection between the Gitlab EE
backend and CloudFlare's data center,
[FSF criteria C6][fsfCriteria] is unverifiable. Moreover, users
are deceived by the padlock into thinking they have e2ee with
gitlab.com's host at the other endpoint, when actually all traffic
is surreptitiously intercepted. There is absolute certainty that
the visitor-side tunnel terminates at a CloudFlare data center,
which guarantees that CloudFlare [sees all traffic][joepie]
including usernames and unhashed passwords. At a minimum this
undermines the spirit and intent of [FSF criteria C6][fsfCriteria].
[FSF criteria B1][fsfCriteria] is also unsatisfied due to
deliberate sharing all traffic with CloudFlare.
1. Excessive [tracking][tracking] renders [FSF criteria C4][fsfCriteria]
unsatisfied.
1. Contrary to widespread confused notions about Gitlab being free
software, the gitlab.com *service* does *not* run the Gitlab
Community Edition (GCE). It runs the proprietary "enterprise
edition". Even if gitlab.com were to switch to GCE, visitors would
still be forced to run non-free software imposed by their content
delivery network (CDN).
1. The single most important feature of any free software repository
is the ability to clone a project. It is the only feature that
secures, delivers, and enables users to exercise all software
freedoms. Yet gitlab.com's walled garden is so restricted that Tor
users are not even permitted to clone a project:
![](https://infosec.exchange/system/media_attachments/files/105/764/904/002/819/754/original/38832d4b9ffc75fa.png)
consequently [FSF criteria C3][fsfCriteria] is unmet.
8. Gitlab.com treats people trying to register with hostility if their
ISP uses CGNAT or if they use Tor. Access is inconvenient in some
cases (e.g. GUI users), while access is outright denied to other
users (e.g. terminal users with non-GUI browsers, browsers without
javascript capability, and users who happen to use a high traffic
exit node). ISPs in Serbia and India often use CGNAT for their
lowest tiers of service while charging an extra fee for IPv4 or
IPv6. This means gitlab.com is effectively discriminating against
poor people, Serbians, and Indians.
[FSF criteria C2 & C3][fsfCriteria] is therefore unmet.
1. Gitlab.com refuses service to users who attempt to register with a
`@spamgourmet.com` forwarding email address to track spam and to
protect their more sensitive internal email address. This means
people who approach gitlab.com to contribute a bug report
charitably are forced to compromise their own security. This
ultimately discourages bug reports.
1. Hostile treatment of Tor users *after* they've established an
account and have proven to be a non-spammer. The irony is that a
Tor user was denied collaboration with the PRISM-Break Project
(PBP) because a PRISM privacy abuser was given the power to control
who can participate. Google should not have that power over the
PRISM Break project. (note that PBP [refused][glbug] to leave
gitlab.com, so they have a hand in the oppression of their own
contributors).
-----
Regarding the last item above, a user was simply trying to edit an
existing message that they had already posted and a CAPTCHA was forced
on them. There are several problems with gitlab.com's rampant abuse
of CAPTCHAs:
11. CAPTCHAs break robots and robots are not necessarily malicious.
E.g. An author could have had a robot correcting a widespread
misspelling error in all their posts.
1. CAPTCHAs inflict uncompensated human labor and undermine the 13th
amendment in the US (note the CIA's role in this regard). CAPTCHAs
put humans to work for machines when it is machines that should
work for humans. The fruits of the human labor does not go to the
laborer, but instead hCAPTCHA [pays][cfpaid] CloudFlare a cash
reward. Consequently the laborers benefit their oppressor.
1. Gitlab.com neglects to obtain *informed* consent to use the
CAPTCHA. That is, users are not informed about what information is
being captured by who prior to solving the CAPTCHA (e.g. they don't
know Google will get their IP address). Users are also
deceived. E.g. after solving an hCAPTCHA for Cloudflare they may be
forced to also solve a Google reCAPTCHA. This exploitation treats a
person [merely as a means][asAmeans] to a highly unethical extent.
1. CAPTCHAs are defeated. Spammers find it economical to use
third-world sweat shop labor for CAPTCHAs while legitimate users
have this burden of dealing with CAPTCHAs that are often broken.
1. hCAPTCHAs compromise security as a consequence of surveillance
capitalism that entails collection of IP address and browser
print.
* anonymity is [compromised][grcDenanymises] (the article covers
reCAPTCHA but hCAPTCHA is vulnerable for the same reasons).
* the third-party javascript that hCAPTCHA executes could linger
well after the CAPTCHA puzzle is solved and intercept user
information and actions. They could even pull an eBay move and
[scan your LAN ports][ebay].
1. GUI CAPTCHAs fail to meet [WCAG standards][wcag] and thus
discriminate against impaired people, ultimately blocking
satisfaction of [FSF criteria C2][fsfCriteria]:
<details>
<summary>(rationale)</summary>
<table>
<thead>
<tr>
<th><strong><em>WCAG Principle</em></strong></th>
<th><strong><em>How the Principle is Violated</em></strong></th>
</tr>
</thead>
<tbody>
<tr>
<td><em>1.1: Provide text alternatives for any non-text content so that it can be changed into other forms people need, such as large print, braille, speech, symbols or simpler language.</em></td>
<td>hCAPTCHA wholly relies on graphical images. There is no option for a text or audible puzzle.</td>
</tr>
<tr>
<td><em>1.2: Time-based media: Provide alternatives for time-based media.</em></td>
<td>hCAPTCHA has an invisible timer that the user cannot control.</td>
</tr>
<tr>
<td><em>1.3: Create content that can be presented in different ways (for example simpler layout) without losing information or structure.</em></td>
<td>When a user attempts to use <code>lynx</code>, <code>w3m</code>, <code>wget</code>, <code>cURL</code>, or any other text-based tool, the CAPTCHA is inaccessible and thus unsolvable. The website's content is thus also inaccessible. Moreover, CloudFlare attacks robots -- robots that could help provide an alternative user interface for users that are impaired or handicapped. Robots often use wget or cURL to obtain data that is presented to the user in a more useful way.</td>
</tr>
<tr>
<td><em>2.1: Make all functionality available from a keyboard.</em></td>
<td>The hCAPTCHA does not accept answers from the keyboard.</td>
</tr>
<tr>
<td><em>2.2: Provide users enough time to read and use content.</em></td>
<td>If you don't solve the hCAPTCHA puzzle fast enough, the puzzle is removed and the user must start over. Some puzzles are vague and need time to ponder that exceeds the time limit.</td>
</tr>
<tr>
<td><em>3.1: Make text content readable and understandable.</em></td>
<td>When the CAPTCHA says &quot;select all images with parking meters&quot;, how is someone in Ireland supposed to know what a parking meter in the USA looks like? When the CAPTCHA says &quot;click on all squares with a motorcycle&quot; and shows an image of an apparent motorcycle instrument panel, it's unclear if that qualifies (it could be a moped). Another image showed a scooter with a faring that resembled a sports bike. Some people would consider it a motorcycle. When the CAPTCHA said &quot;click on all squares with a train&quot;, some of the images were the interior of a subway train or tram. Some people consider a subway to be a train underground, while others don't equate the two. The instructions are also sometimes given in a language the user doesn't understand.</td>
</tr>
<tr>
<td><em>3.2: Make web pages appear and operate in predictable ways.</em></td>
<td>It's unpredictable whether the IP reputation assessment will invoke a CAPTCHA and also unpredictable whether a CAPTCHA solution will be accepted. The time you have to solve the puzzle is also unpredictable.</td>
</tr>
<tr>
<td><em>4.1.: Maximize compatibility with current and future user agents, including assistive technologies.</em></td>
<td>When a user attempts to use <code>lynx</code>, <code>w3m</code>, <code>wget</code>, <code>cURL</code> or any other text-based tool, the blockade imposes tooling limitations on the user.</td>
</tr>
</tbody>
</table>
</details>
16. Users are forced to execute [non-free javascript][nonfreejs], thus
violating [FSF criteria C0.0][fsfCriteria].
1. The CAPTCHA requires a GUI, thus denying service to users of
text-based clients including the `git` command.
1. The CAPTCHAs are often broken. This amounts to a denial of service:
* E.g.1: the CAPTCHA server itself refuses to give the puzzle saying there is too much activity.
* E.g.2: gitlab.com has switched back and forth between Google's
reCAPTCHA and hCAPTCHA (by *Intuition Machines, Inc.*) but at the
moment they've settled on hCAPTCHA. Both have broken and both
default to access denial in that event: <table>
<thead>
<tr class="header">
<th>Google reCAPTCHA (pre-2021)</th>
<th>hCAPTCHA (gitlab.com today)</th>
</tr>
</thead>
<tbody>
<tr>
<td><img src="https://user-images.githubusercontent.com/18015852/51769530-9d494300-20e3-11e9-9830-1610b3ae9059.png" alt="ccha"/></td>
<td><img src="https://lemmy.ml/pictrs/image/dcSUfFnja5.png"/></td>
</tr>
</tbody>
</table>
19. The CAPTCHAs are often unsolvable.
* E.g.1: the CAPTCHA puzzle is broken by ambiguity (is one pixel in
a grid cell of a pole holding a street sign considered a street
sign?)
* E.g.2: the puzzle is expressed in a language the viewer doesn't
understand.
20. Network neutrality abuse: at moments when Google reCAPTCHA is
used, there is an access inequality whereby users logged into
Google accounts are given
[more favorable treatment][netneutrality] by the CAPTCHA (but then
they take on more privacy abuse). Tor users are given extra harsh
treatment.
[//]: # (I solved the hCAPTCHA, got a green checkmark, and then it looped back to an empty checkbox and I was forced to solve the hCAPTCHA for a 2nd time. And both times I had to solve 2 windows (4 windows in total [36 images]). After solving the 2nd hCAPTCHA gitlab.com brought me to a 404 error. So after all the hard work I was still blocked.)
[sexism]: https://web.archive.org/web/20200309145121/https://www.theregister.co.uk/2020/02/06/gitlab_sales_women
[sanctions]: https://en.wikipedia.org/wiki/GitLab#cite_note-30
[DoSdevs]: https://persadon.com/@danialbehzadi/104971201238264901
[cf]: https://about.gitlab.com/blog/2020/01/16/gitlab-changes-to-cloudflare
[cf-cache]: https://web.archive.org/web/20201104122751/about.gitlab.com/blog/2020/01/16/gitlab-changes-to-cloudflare
[tracking]: https://social.privacytools.io/@darylsun/103015834654172174
[tracking-cache]: https://web.archive.org/web/20210305215642if_/social.privacytools.io/@darylsun/103015834654172174
[grcDenanymises]: https://web.archive.org/web/20201108115815/https://cryptome.org/2016/07/cloudflare-de-anons-tor.htm
[nonfreejs]: https://libreplanet.org/wiki/Group:Free_Javascript_Action_Team#Ideas_for_focus
[fsfCriteria]: https://www.gnu.org/software/repo-criteria.html
[joepie]: http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem
[iqt]: https://www.iqt.org/portfolio?&taxonomy=tech_areas&tax_id=152
[nobugrpt]: https://infosec.exchange/@bojkotiMalbona/104637098084869887
[ebay]: http://web.archive.org/web/20200526092506/blog.nem.ec/2020/05/24/ebay-port-scanning
[wcag]: https://en.wikipedia.org/wiki/Web_Content_Accessibility_Guidelines
[cfpaid]: https://docs.hcaptcha.com/faq
[netneutrality]: https://www.fastcompany.com/90369697/googles-new-recaptcha-has-a-dark-sideby
[glbug]: https://web.archive.org/web/20210306172223/gitlab.com/prism-break/prism-break/-/issues/2146
[GRConTP]: https://lists.gnu.org/archive/html/repo-criteria-discuss/2021-03/msg00000.html
[asAmeans]: https://plato.stanford.edu/entries/persons-means
[//]: # (unused links)
[grcNonfree]: # ([recaptcha/api.js](https://www.google.com/recaptcha/api.js))
[signalGRC]: # (https://user-images.githubusercontent.com/18015852/55681364-07713600-5926-11e9-8874-137e4faaf423.png)