humanacollabora/github.md

179 lines
12 KiB
Markdown

[//]: # (to do: vet the links for CF & scrub)
[0]: https://infosec.exchange/@bojkotiMalbona/104637098084869887
[1]: https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor#ComputingTechnical
[2]: https://user-images.githubusercontent.com/21023035/61580062-10fd6300-aafd-11e9-8bf2-64faddf63760.png
[3]: https://github.com/Eloston/ungoogled-chromium/issues/795#issuecomment-687991721
[4]: https://www.bleepingcomputer.com/news/security/microsofts-github-account-allegedly-hacked-500gb-stolen
[5]: https://www.zdnet.com/article/hackers-stole-github-and-gitlab-oauth-tokens-from-git-analytics-firm-waydev
[6]: https://msrc.microsoft.com/create-report
[7]: https://www.bbc.com/news/technology-50232902
[8]: https://mako.cc/writing/hill-free_tools.html
[9]: https://corporate.exxonmobil.com/news/newsroom/news-releases/2019/0222_exxonmobil-to-increase-permian-profitability-through-digital-partnership-with-microsoft
[10]: https://news.microsoft.com/2019/09/17/schlumberger-chevron-and-microsoft-announce-collaboration-to-accelerate-digital-transformation
[11]: https://www.scientificamerican.com/article/exxon-knew-about-climate-change-almost-40-years-ago
[12]: http://web.archivecrfip2lpi.onion/web/publicintegrity.org/federal-politics/republican-lawmakers-posh-hideaway-bankrolled-by-secret-corporate-cash
[13]: http://techrights.org/wiki/index.php/Microsoft_and_the_NSA
[14]: http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1&session=2017
[15]: http://web.archivecrfip2lpi.onion/web/20200318144031/www.theverge.com/2018/6/15/17468292/amazon-microsoft-uber-california-consumer-privacy-act
[16]: https://web.archive.org/web/20200722105800/tokenpost.com/Central-Bank-of-Sweden-is-testing-digital-currency-5197
[17]: https://github.com/privacytools/privacytools.io/issues/374#issuecomment-460077544
[18]: https://www.cnet.com/news/amazon-google-and-microsoft-sued-over-photos-in-facial-recognition-database
[19]: http://gnu.org/philosophy/free-software-even-more-important.html
[20]: http://gnu.org/proprietary/malware-microsoft.html
[21]: https://www.vice.com/en_us/article/43kv4q/microsoft-human-contractors-listened-to-xbox-owners-homes-kinect-cortana
[22]: https://www.rijksoverheid.nl/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office
[23]: https://www.zdnet.com/article/dutch-government-report-says-microsoft-office-telemetry-collection-breaks-gdpr
[24]: https://gdpr-info.eu/art-5-gdpr
[25]: https://gdpr-info.eu/art-17-gdpr
[26]: https://www.forbes.com/sites/thomasbrewster/2019/08/01/microsoft-slammed-for-investing-in-israeli-facial-recognition-spying-on-palestinians
[27]: https://edition.cnn.com/2018/06/03/middleeast/razan-al-najjar-gaza-nurse-killed/index.html
[28]: https://www.independent.co.uk/news/world/middle-east/gaza-protests-latest-idf-condemned-edited-video-angel-of-mercy-medic-razan-al-najjar-a8389611.html
[29]: https://companies-that-work-with-ice.com
[30]: https://thehill.com/policy/technology/393358-microsoft-employees-dissatisfied-by-ceo-response-plan-action-against-ice
[31]: https://www.theverge.com/2019/10/9/20906213/github-ice-microsoft-software-email-contract-immigration-nonprofit-donation
[32]: https://gizmodo.com/microsoft-employees-up-in-arms-over-cloud-contract-with-1826927803
[33]: http://fortune.com/2020/05/18/microsoft-fedex-partnership-build
[34]: https://www.zdnet.com/article/honeywell-set-to-launch-its-quantum-computer-with-quantum-volume-of-64
[35]: https://techinquiry.org/SiliconValley-Military
[36]: https://ai.google/principles
[37]: https://web.archive.org/web/20200529160343/www.cheatsheet.com/web/20200529160343mp_/https://www.cheatsheet.com/money-career/these-companies-started-firing-employees-right-after-getting-tax-cuts-from-trump.html
[38]: http://www.theguardian.com/technology/2016/feb/02/microsoft-downloading-windows-10-automatic-update
[39]: https://www.cnet.com/news/microsoft-windows-10-forced-updates-auto-restarts-are-the-worst
[40]: https://www.howtogeek.com/442609/confirmed-windows-10-setup-now-prevents-local-account-creation
[41]: http://www.linfo.org/microsoft_tax.html
[42]: http://techrights.org/2017/03/15/still-using-patents-to-coerce
[43]: http://techrights.org/2017/02/27/microsoft-novell-v2-via-azure
[44]: https://www.gnu.org/software/repo-criteria-evaluation.html
[45]: https://ilyaigpetrov.medium.com/github-shadowbans-anti-censorship-coder-account-for-a-link-to-the-christchurch-shootings-video-c79a80b408a9
[46]: https://github.com/deCloudflare/deCloudflare
[47]: http://crimeflare.eu.org/
[48]: images/github_ban.png
[49]: https://www.iccl.ie/digital-data/iccl-report-on-the-scale-of-real-time-bidding-data-broadcasts-in-the-u-s-and-europe/
# Direct practical problems with using Microsoft Github
1. A survey [shows][0] that a significant number of bug reports are
**withheld** when the bug tracker is inside a restrictive or
politically controversial walled-garden like MS Github or
gitlab.com. This ultimately hinders the quality of software in the
commons.
1. Github is Tor-hostile [according to Tor project][1]. GH has
started forcing Tor users through an extra email verification step
that effectively discourages bug reports:
![github-tor_hostility][2]
1. Github takes a hostile posture toward burner accounts, and they
[enforce it][3]. Burner accounts are important for privacy because
aggregation of pseudo-anonymous identities enables adversaries to
identify someone. Even notwithstanding doxxing, aggregation blocks
someone from working on something like "a design for a better
marijuana bong" while also working on a project like "business
critical infrastructure" for his boss. The bong project might ruin
the user's reputation from the standpoint of a commercial job.
Burner accounts protect users so they can work on multiple
projects, and Microsoft bans that protection.
1. MS failed to secure Github, which was [breached to the tune of 500gb of private projects][4].
Then security was breached again in July 2020 when OAuth tokens were
[stolen][5] from both Github and Gitlab.com.
Security incompetence is further showcased by an MS-imposed requirement
to create and account and sign in to report an MS security bug.
And for those not discouraged by that, [the sign-in page][6] is also broken.
1. MS suppresses democracy by [blocking][7] Github access to a project
that facilitates protests in Catalonia.
MS also [banned][45] the account of an anti-censorship developer.
1. In 2021 1st quarter, MS [sabotaged][46] the deCloudflare
[project][47], a charitable humanitarian project that gives the
general public tools and knowledge to avoid Cloudflare. MS did
that silently and without warning or discussion. The user account
was also suspended:
![github-ban][48]
1. Free software projects that rely on non-free software
"[put everyone at the whim of the groups and individuals who produce the tools they depend on][8],"
and it puts free software developers in a position of hypocrisy.
## Ethical problems with using Microsoft products and services
8. Microsoft harms the **environment** by serving the two most destructive oil companies in the world: [ExxonMobil][9] and [Chevron][10].
1. (#ExxonKnew) Exxon notoriously [knew][11] about climate change
since 1977. They not only kept it secret from the public, but
they also financed a disinformation campaign.
1. Microsoft and Chevron were [caught][12] each paying $100k to
"the Cloakroom", a project to hide bribes going from large
corporations to republican politicians.
1. Chevron's right-leaning stance is further pushed through its
membership with ALEC, which doubles as a superPAC and bill mill
that lobbies and writes policy for U.S. republicans.
1. Microsoft is a notorious **privacy** abuser:
1. MS is a PRISM corporation prone to mass surveillance.
1. MS supported CISPA and [collaborates][13] with the NSA.
1. MS [paid][14] $195k to [fight][15] the California Consumer
Privacy Act (CCPA).
1. MS drug tests its employees, thus intruding on their privacy
outside the workplace.
1. MS finances other privacy abusers:
1. In 2012 Microsoft spent $35 million on Facebook ads and in
2015 Microsoft was the third biggest spender on Facebook
ads in the world.
1. MS proxies through Accenture to [make Sweden cashless][16].
The war on cash is war on privacy.
1. MS supplies Bing search service which gives high rankings to
[privacy-abusing][17] CloudFlare websites.
1. MS owns and operates Outlook Email and the LinkedIn social
media site, both of which are exclusive walled-gardens that
limit participation to those who have a phone number and the
will to share it with Microsoft.
1. MS supplies hotmail.com email service, which uses vigilante
extremist org *Spamhaus* to force residential internet
users to share all their e-mail metadata and payloads with
a corporate third-party.
1. MS [unlawfully][18] used people's images without consent to
train their facial recognition products
1. MS distributes a [nonfree operating system][19], Microsoft
Windows, which is jam-packed with
[malicious functionalities][20], including surveillance of
users, DRM, censorship and a universal back door.
1. MS was [caught][21] surreptitiously recording Xbox users and
paying contractors to listen to the recordings.
1. Dutch government commissioned [a study][22] which found
Microsoft to have [several GDPR violations][23]. E.g. Office
365 violates [GDPR article 5][24] ¶ `1.c`,
[GDPR article 17][25], and stores the data outside the EEA (may
also be a GDPR breach).
1. (2022) Microsoft acquired Xandr from AT&T, thus [becoming a
surveillance advertiser][49].
1. Microsoft is detrimental to **human rights** and **democracy**
1. Microsoft [finances AnyVision][26] to produce facial
recognition technology that the Israeli military uses as a
weapon against the Palestinian people who they oppress in their
occupation. Note that Israeli snipers [murdered][27] an unarmed
civilian Palestinian medic (in breach of the Geneva Convention)
then [edited][28] the video to deceive the public for PR damage
control.
1. Microsoft [supports ICE][29] in a variety of ways in the course
of ICE's implementation of Trump's xenophobic border
policies. Microsoft services an ICE contract worth
[$19.4 million dollars][30] despite protest from employees. In
addition to MS Office products, Microsoft has renewed a
[Github contract][31] and also supplies cloud computing through
its [Azure platform][32].
1. MS [partnered with FedEx][33], an NRA-supporting ALEC member as
well as [JP Morgan Chase][34], the most evil bank in the world.
1. MS [conceals][35] US military contracts to bias PR and dodge
social accountablity. They have a much bigger piece these
contracts than the rest of MACFANG, they lack Google's
[AI principles][36], and unlike Google they ignore employee
protest and petitions.
1. MS is among the top 15 recipients of Trump's corporate tax breaks,
a benefit of $128 billion. Microsoft
[sacked hundreds of employees][37] immediately after receiving the
tax breaks in February 2018.
1. MS is **anti-consumer** and anti-competitive
1. MS [tricked][38] users into "upgrading" to Windows 10, which
[sabotages][39] users in a variety of ways, one of which is to
[prevent cloud-free accounts][40].
1. MS [strong-armed][41] nearly all PC manufacturers charge every
buyer for an MS Windows license regardless of whether the user
actually wants Windows.
1. MS [hoards][42] software patents and uses them to [fight free software][43].
1. Github [has an F rating][44] by the FSF.