From 8bdb57cb57c66f2784e70e426450c5c2c19a8e48 Mon Sep 17 00:00:00 2001 From: humanacollaborator Date: Thu, 1 Apr 2021 12:37:50 -0400 Subject: [PATCH] initial Github version (CF links not checked) --- github.md | 163 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 163 insertions(+) create mode 100644 github.md diff --git a/github.md b/github.md new file mode 100644 index 0000000..8ecfb52 --- /dev/null +++ b/github.md @@ -0,0 +1,163 @@ +[//]: # (to do: vet the links for CF & scrub) + +[0](https://infosec.exchange/@bojkotiMalbona/104637098084869887) +[1](https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor#ComputingTechnical) +[2](https://user-images.githubusercontent.com/21023035/61580062-10fd6300-aafd-11e9-8bf2-64faddf63760.png) +[3](https://github.com/Eloston/ungoogled-chromium/issues/795#issuecomment-687991721) +[4](https://www.bleepingcomputer.com/news/security/microsofts-github-account-allegedly-hacked-500gb-stolen) +[5](https://www.zdnet.com/article/hackers-stole-github-and-gitlab-oauth-tokens-from-git-analytics-firm-waydev) +[6](https://msrc.microsoft.com/create-report) +[7](https://www.bbc.com/news/technology-50232902) +[8](https://mako.cc/writing/hill-free_tools.html) +[9](https://corporate.exxonmobil.com/news/newsroom/news-releases/2019/0222_exxonmobil-to-increase-permian-profitability-through-digital-partnership-with-microsoft) +[10](https://news.microsoft.com/2019/09/17/schlumberger-chevron-and-microsoft-announce-collaboration-to-accelerate-digital-transformation) +[11](https://www.scientificamerican.com/article/exxon-knew-about-climate-change-almost-40-years-ago) +[12](http://web.archivecrfip2lpi.onion/web/publicintegrity.org/federal-politics/republican-lawmakers-posh-hideaway-bankrolled-by-secret-corporate-cash) +[13](http://techrights.org/wiki/index.php/Microsoft_and_the_NSA) +[14](http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1&session=2017) +[15](http://web.archivecrfip2lpi.onion/web/20200318144031/www.theverge.com/2018/6/15/17468292/amazon-microsoft-uber-california-consumer-privacy-act) +[16](https://web.archive.org/web/20200722105800/tokenpost.com/Central-Bank-of-Sweden-is-testing-digital-currency-5197) +[17](https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-460077544) +[18](https://www.cnet.com/news/amazon-google-and-microsoft-sued-over-photos-in-facial-recognition-database) +[19](http://gnu.org/philosophy/free-software-even-more-important.html) +[20](http://gnu.org/proprietary/malware-microsoft.html) +[21](https://www.vice.com/en_us/article/43kv4q/microsoft-human-contractors-listened-to-xbox-owners-homes-kinect-cortana) +[22](https://www.rijksoverheid.nl/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office) +[23](https://www.zdnet.com/article/dutch-government-report-says-microsoft-office-telemetry-collection-breaks-gdpr) +[24](https://gdpr-info.eu/art-5-gdpr/) +[25](https://gdpr-info.eu/art-17-gdpr/) +[26](https://www.forbes.com/sites/thomasbrewster/2019/08/01/microsoft-slammed-for-investing-in-israeli-facial-recognition-spying-on-palestinians) +[27](https://edition.cnn.com/2018/06/03/middleeast/razan-al-najjar-gaza-nurse-killed/index.html) +[28](https://www.independent.co.uk/news/world/middle-east/gaza-protests-latest-idf-condemned-edited-video-angel-of-mercy-medic-razan-al-najjar-a8389611.html) +[29](https://companies-that-work-with-ice.com) +[30](https://thehill.com/policy/technology/393358-microsoft-employees-dissatisfied-by-ceo-response-plan-action-against-ice) +[31](https://www.theverge.com/2019/10/9/20906213/github-ice-microsoft-software-email-contract-immigration-nonprofit-donation) +[32](https://gizmodo.com/microsoft-employees-up-in-arms-over-cloud-contract-with-1826927803) +[33](http://fortune.com/2020/05/18/microsoft-fedex-partnership-build) +[34](https://www.zdnet.com/article/honeywell-set-to-launch-its-quantum-computer-with-quantum-volume-of-64) +[35](https://techinquiry.org/SiliconValley-Military) +[36](https://ai.google/principles) +[37](https://web.archive.org/web/20200529160343/www.cheatsheet.com/web/20200529160343mp_/https://www.cheatsheet.com/money-career/these-companies-started-firing-employees-right-after-getting-tax-cuts-from-trump.html) +[38](http://www.theguardian.com/technology/2016/feb/02/microsoft-downloading-windows-10-automatic-update) +[39](https://www.cnet.com/news/microsoft-windows-10-forced-updates-auto-restarts-are-the-worst) +[40](https://www.howtogeek.com/442609/confirmed-windows-10-setup-now-prevents-local-account-creation) +[41](http://www.linfo.org/microsoft_tax.html) +[42](http://techrights.org/2017/03/15/still-using-patents-to-coerce) +[43](http://techrights.org/2017/02/27/microsoft-novell-v2-via-azure) +[44](https://www.gnu.org/software/repo-criteria-evaluation.html) + +# Direct practical problems with using Microsoft Github + +1. A survey [shows][0] that a significant number of bug reports are + **withheld** when the bug tracker is inside a restrictive or + politically controversial walled-garden like MS Github or + gitlab.com. +1. Github is Tor-hostile [according to Tor project][1]. GH has + started forcing Tor users through an extra email verification step + that effectively discourages bug reports: + ![github-tor_hostility][2] +1. Github takes a hostile posture toward burner accounts, and they + [enforce it][3]. Burner accounts are important for privacy because + aggregation of pseudo-anonymous identities enables adversaries to + identify someone. Even notwithstanding doxxing, aggregation blocks + someone from working on something like "a design for a better + marijuana bong" while also working on a project like "business + critical infrastructure" for his boss. The bong project might ruin + the user's reputation from the standpoint of a commercial job. + Burner accounts protect users so they can work on multiple + projects, and Microsoft bans that protection. +1. MS failed to secure Github, which was [breached to the tune of 500gb of private projects][4]. + Then security was breached again in July 2020 when OAuth tokens were + [stolen][5] from both Github and Gitlab.com. + Security incompetence is further showcased by an MS-imposed requirement + to create and account and sign in to report an MS security bug. + And for those not discouraged by that, [the sign-in page][6] is also broken. +1. MS suppresses democracy by [blocking][7] Github access to a project + that facilitates protests in Catalonia. +1. Free software projects that rely on non-free software + "[put everyone at the whim of the groups and individuals who produce the tools they depend on][8]," + and it puts free software developers in a position of hypocrisy. + +## Ethical problems with using Microsoft products and services + +6. Microsoft harms the **environment** by serving the two most destructive oil companies in the world: [ExxonMobil][9] and [Chevron][10]. + 1. (#ExxonKnew) Exxon notoriously [knew][11] about climate change + since 1977. They not only kept it secret from the public, but + they also financed a disinformation campaign. + 1. Microsoft and Chevron were [caught][12] each paying $100k to + "the Cloakroom", a project to hide bribes going from large + corporations to republican politicians. + 1. Chevron's right-leaning stance is further pushed through its + membership with ALEC, which doubles as a superPAC and bill mill + that lobbies and writes policy for U.S. republicans. +1. Microsoft is a notorious **privacy** abuser: + 1. MS is a PRISM corporation prone to mass surveillance. + 1. MS supported CISPA and [collaborates][13] with the NSA. + 1. MS [paid][14] $195k to [fight][15] the California Consumer + Privacy Act (CCPA). + 1. MS drug tests its employees, thus intruding on their privacy + outside the workplace. + 1. MS finances other privacy abusers: + 1. In 2012 Microsoft spent $35 million on Facebook ads and in + 2015 Microsoft was the third biggest spender on Facebook + ads in the world. + 1. MS proxies through Accenture to [make Sweden cashless][16]. + The war on cash is war on privacy. + 1. MS supplies Bing search service which gives high rankings to + [privacy-abusing][17] CloudFlare websites. + 1. MS owns and operates Outlook Email and the LinkedIn social + media site, both of which are exclusive walled-gardens that + limit participation to those who have a phone number and the + will to share it with Microsoft. + 1. MS supplies hotmail.com email service, which uses vigilante + extremist org *Spamhaus* to force residential internet + users to share all their e-mail metadata and payloads with + a corporate third-party. + 1. MS [unlawfully][18] used people's images without consent to + train their facial recognition products + 1. MS distributes a [nonfree operating system][19], Microsoft + Windows, which is jam-packed with + [malicious functionalities][20], including surveillance of + users, DRM, censorship and a universal back door. + 1. MS was [caught][21] surreptitiously recording Xbox users and + paying contractors to listen to the recordings. + 1. Dutch government commissioned [a study][22] which found + Microsoft to have [several GDPR violations][23]. E.g. Office + 365 violates [GDPR article 5][24] ΒΆ `1.c`, + [GDPR article 17][25], and stores the data outside the EEA (may + also be a GDPR breach). +1. Microsoft is detrimental to **human rights** and **democracy** + 1. Microsoft [finances AnyVision][26] to produce facial + recognition technology that the Israeli military uses as a + weapon against the Palestinian people who they oppress in their + occupation. Note that Israeli snipers [murdered][27] an unarmed + civilian Palestinian medic (in breach of the Geneva Convention) + then [edited][28] the video to deceive the public for PR damage + control. + 1. Microsoft [supports ICE][29] in a variety of ways in the course + of ICE's implementation of Trump's xenophobic border + policies. Microsoft services an ICE contract worth + [$19.4 million dollars][30] despite protest from employees. In + addition to MS Office products, Microsoft has renewed a + [Github contract][31] and also supplies cloud computing through + its [Azure platform][32]. + 1. MS [partnered with FedEx][33], an NRA-supporting ALEC member as + well as [JP Morgan Chase][34], the most evil bank in the world. + 1. MS [conceals][35] US military contracts to bias PR and dodge + social accountablity. They have a much bigger piece these + contracts than the rest of MACFANG, they lack Google's + [AI principles][36], and unlike Google they ignore employee + protest and petitions. +1. MS is among the top 15 recipients of Trump's corporate tax breaks, + a benefit of $128 billion. Microsoft + [sacked hundreds of employees][37] immediately after receiving the + tax breaks in February 2018. +1. MS is **anti-consumer** and anti-competitive + 1. MS [tricked][38] users into "upgrading" to Windows 10, which + [sabotages][39] users in a variety of ways, one of which is to + [prevent cloud-free accounts][40]. + 1. MS [strong-armed][41] nearly all PC manufacturers charge every + buyer for an MS Windows license regardless of whether the user + actually wants Windows. + 1. MS [hoards][42] software patents and uses them to [fight free software][43]. + 1. Github [has an F rating][44] by the FSF.