242 lines
15 KiB
Markdown
242 lines
15 KiB
Markdown
[//]: # (to do: merge https://libreplanet.org/wiki/FSF_2020_forge_evaluation)
|
|
[//]: # (to do: fix point 7, as adding ".git" fixes it)
|
|
|
|
# Ethical Problems with the Gitlab.com service:
|
|
|
|
There is Gitlab software, and there are services that use that
|
|
software. The software comes in two varieties: "*Community Edition*"
|
|
(CE) and "*Enterprise Edition*" (EE). The Community Edition is free
|
|
software. Several forges run Gitlab as their
|
|
backend. E.g. framagit.org, git.feneas.org, git.hardenedbsd.org,
|
|
git.jami.net, gitlab.com, gitlab.freedesktop.org, gitlab.gnome.org,
|
|
gitlab.torproject.org, source.puri.sm, and source.small-tech.org. See
|
|
the [full list](forge_comparison.md) if you're interested.
|
|
|
|
This article is only focused on the gitlab _.com_ ***service***.
|
|
These are the ethical problems with that specific instance:
|
|
|
|
1. Sexist treatment toward saleswomen who are [told to wear][sexism]
|
|
dresses, heels, etc.
|
|
1. Gitlab.com is a Google-hosted service
|
|
[of CIA agency IQT (in-q-tel)][iqt]. Consequently, the service is
|
|
inaccessible to users in Crimea, Cuba, Iran, North Korea, Sudan,
|
|
and Syria, due to [sanctions imposed][sanctions] by Office of
|
|
Foreign Assets Control of the United States. Thus
|
|
[FSF criteria C2][fsfCriteria] is unsatisfied. Quite perversely,
|
|
this actually [impacts][DoSdevs] developers who contributed free
|
|
software to Gitlab.com (without compensation), and who are now
|
|
refused service because of their national origin.
|
|
1. A survey [shows][nobugrpt] that a significant number of bug reports
|
|
are *withheld* when the bug tracker is inside a restrictive or
|
|
politically controversial walled-garden like MS Github or
|
|
gitlab.com. Even those willing and able to file a bug report are
|
|
blocked if they are in Crimea, Cuba, Iran, North Korea, Sudan, or
|
|
Syria. The chilling effect on bug reports reduces the software
|
|
quality of the commons globally.
|
|
1. Gitlab.com [proxies][cf] through privacy abuser CloudFlare.
|
|
Because we cannot check the HTTPS connection between the Gitlab EE
|
|
backend and CloudFlare's data center,
|
|
[FSF criteria C6][fsfCriteria] is unverifiable. Moreover, users
|
|
are deceived by the padlock into thinking they have e2ee with
|
|
gitlab.com's host at the other endpoint, when actually all traffic
|
|
is surreptitiously intercepted. There is absolute certainty that
|
|
the visitor-side tunnel terminates at a CloudFlare data center,
|
|
which guarantees that CloudFlare [sees all traffic][joepie]
|
|
including usernames and unhashed passwords. At a minimum this
|
|
undermines the spirit and intent of [FSF criteria C6][fsfCriteria].
|
|
[FSF criteria B1][fsfCriteria] is also unsatisfied due to
|
|
deliberate sharing all traffic with CloudFlare.
|
|
1. Excessive [tracking by Snowplow (possibly FLoC)][snowplow-cache]
|
|
renders [FSF criteria C4][fsfCriteria] unsatisfied. The terms of
|
|
service were [updated in 2019][tracking-cache] to ensure you agree
|
|
to the tracking.
|
|
1. Contrary to widespread confused notions about Gitlab being free
|
|
software, the gitlab.com *service* does *not* run the Gitlab
|
|
Community Edition (GCE). It runs the proprietary "enterprise
|
|
edition". Even if gitlab.com were to switch to GCE, visitors would
|
|
still be forced to run non-free software imposed by their content
|
|
delivery network (CDN).
|
|
1. The single most important feature of any free software repository
|
|
is the ability to clone a project. It is the only feature that
|
|
secures, delivers, and enables users to exercise all software
|
|
freedoms. Yet gitlab.com's walled garden is so restricted that Tor
|
|
users are not even permitted to clone a project:
|
|
|
|
![](https://infosec.exchange/system/media_attachments/files/105/764/904/002/819/754/original/38832d4b9ffc75fa.png)
|
|
|
|
consequently [FSF criteria C3][fsfCriteria] is unmet.
|
|
|
|
8. Gitlab.com treats people trying to register with hostility if their
|
|
ISP uses CGNAT or if they use Tor. Access is inconvenient in some
|
|
cases (e.g. GUI users), while access is outright denied to other
|
|
users (e.g. terminal users with non-GUI browsers, browsers without
|
|
JavaScript capability, and users who happen to use a high traffic
|
|
exit node). ISPs in Serbia and India often use CGNAT for their
|
|
lowest tiers of service while charging an extra fee for IPv4 or
|
|
IPv6. This means gitlab.com is effectively discriminating against
|
|
poor people, Serbians, and Indians.
|
|
[FSF criteria C2 & C3][fsfCriteria] is therefore unmet.
|
|
1. Gitlab.com refuses service to users who attempt to register with a
|
|
`@spamgourmet.com` forwarding email address to track spam and to
|
|
protect their more sensitive internal email address. This means
|
|
people who approach gitlab.com to contribute a bug report
|
|
charitably are forced to compromise their own security. This
|
|
ultimately discourages bug reports.
|
|
1. Hostile treatment of Tor users *after* they've established an
|
|
account and have proven to be a non-spammer. The irony is that a
|
|
Tor user was denied collaboration with the PRISM-Break Project
|
|
(PBP) because a PRISM privacy abuser was given the power to control
|
|
who can participate. Google should not have that power over the
|
|
PRISM Break project. (note that PBP [refused][glbug] to leave
|
|
gitlab.com, so they have a hand in the oppression of their own
|
|
contributors).
|
|
|
|
-----
|
|
Regarding the last item above, a user was simply trying to edit an
|
|
existing message that they had already posted and a CAPTCHA was forced
|
|
on them. There are several problems with gitlab.com's rampant abuse
|
|
of CAPTCHAs:
|
|
|
|
11. CAPTCHAs break robots and robots are not necessarily malicious.
|
|
E.g. An author could have had a robot correcting a widespread
|
|
misspelling error in all their posts.
|
|
1. CAPTCHAs inflict uncompensated human labor and undermine the 13th
|
|
amendment in the US (note the CIA's role in this regard). CAPTCHAs
|
|
put humans to work for machines when it is machines that should
|
|
work for humans. The fruits of the human labor does not go to the
|
|
laborer, but instead hCAPTCHA [pays][cfpaid] CloudFlare a cash
|
|
reward. Consequently the laborers benefit their oppressor.
|
|
1. Gitlab.com neglects to obtain *informed* consent to use the
|
|
CAPTCHA. That is, users are not informed about what information is
|
|
being captured by who prior to solving the CAPTCHA (e.g. they don't
|
|
know Google will get their IP address). Users are also
|
|
deceived. E.g. after solving an hCAPTCHA for Cloudflare they may be
|
|
forced to also solve a Google reCAPTCHA. This exploitation treats a
|
|
person [merely as a means][asAmeans] to a highly unethical extent.
|
|
1. CAPTCHAs are defeated. Spammers find it economical to use
|
|
third-world sweat shop labor for CAPTCHAs while legitimate users
|
|
have this burden of dealing with CAPTCHAs that are often broken.
|
|
1. hCAPTCHAs compromise security as a consequence of surveillance
|
|
capitalism that entails collection of IP address and browser
|
|
print.
|
|
* anonymity is [compromised][grcDenanymises] (the article covers
|
|
reCAPTCHA but hCAPTCHA is vulnerable for the same reasons).
|
|
* the third-party javascript that hCAPTCHA executes could linger
|
|
well after the CAPTCHA puzzle is solved and intercept user
|
|
information and actions. They could even pull an eBay move and
|
|
[scan your LAN ports][ebay].
|
|
1. GUI CAPTCHAs fail to meet [WCAG standards][wcag] and thus
|
|
discriminate against impaired people, ultimately blocking
|
|
satisfaction of [FSF criteria C2][fsfCriteria]:
|
|
<details>
|
|
<summary>(rationale)</summary>
|
|
<table>
|
|
<thead>
|
|
<tr>
|
|
<th><strong><em>WCAG Principle</em></strong></th>
|
|
<th><strong><em>How the Principle is Violated</em></strong></th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td><em>1.1: Provide text alternatives for any non-text content so that it can be changed into other forms people need, such as large print, braille, speech, symbols or simpler language.</em></td>
|
|
<td>hCAPTCHA wholly relies on graphical images. There is no option for a text or audible puzzle.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><em>1.2: Time-based media: Provide alternatives for time-based media.</em></td>
|
|
<td>hCAPTCHA has an invisible timer that the user cannot control.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><em>1.3: Create content that can be presented in different ways (for example simpler layout) without losing information or structure.</em></td>
|
|
<td>When a user attempts to use <code>lynx</code>, <code>w3m</code>, <code>wget</code>, <code>cURL</code>, or any other text-based tool, the CAPTCHA is inaccessible and thus unsolvable. The website's content is thus also inaccessible. Moreover, CloudFlare attacks robots -- robots that could help provide an alternative user interface for users that are impaired or handicapped. Robots often use wget or cURL to obtain data that is presented to the user in a more useful way.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><em>2.1: Make all functionality available from a keyboard.</em></td>
|
|
<td>The hCAPTCHA does not accept answers from the keyboard.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><em>2.2: Provide users enough time to read and use content.</em></td>
|
|
<td>If you don't solve the hCAPTCHA puzzle fast enough, the puzzle is removed and the user must start over. Some puzzles are vague and need time to ponder that exceeds the time limit.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><em>3.1: Make text content readable and understandable.</em></td>
|
|
<td>When the CAPTCHA says "select all images with parking meters", how is someone in Ireland supposed to know what a parking meter in the USA looks like? When the CAPTCHA says "click on all squares with a motorcycle" and shows an image of an apparent motorcycle instrument panel, it's unclear if that qualifies (it could be a moped). Another image showed a scooter with a faring that resembled a sports bike. Some people would consider it a motorcycle. When the CAPTCHA said "click on all squares with a train", some of the images were the interior of a subway train or tram. Some people consider a subway to be a train underground, while others don't equate the two. The instructions are also sometimes given in a language the user doesn't understand.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><em>3.2: Make web pages appear and operate in predictable ways.</em></td>
|
|
<td>It's unpredictable whether the IP reputation assessment will invoke a CAPTCHA and also unpredictable whether a CAPTCHA solution will be accepted. The time you have to solve the puzzle is also unpredictable.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><em>4.1.: Maximize compatibility with current and future user agents, including assistive technologies.</em></td>
|
|
<td>When a user attempts to use <code>lynx</code>, <code>w3m</code>, <code>wget</code>, <code>cURL</code> or any other text-based tool, the blockade imposes tooling limitations on the user.</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</details>
|
|
|
|
16. Users are forced to execute [non-free javascript][nonfreejs], thus
|
|
violating [FSF criteria C0.0][fsfCriteria].
|
|
1. The CAPTCHA requires a GUI, thus denying service to users of
|
|
text-based clients including the `git` command.
|
|
1. The CAPTCHAs are often broken. This amounts to a denial of service:
|
|
* E.g.1: the CAPTCHA server itself refuses to give the puzzle saying there is too much activity.
|
|
* E.g.2: gitlab.com has switched back and forth between Google's
|
|
reCAPTCHA and hCAPTCHA (by *Intuition Machines, Inc.*) but at the
|
|
moment they've settled on hCAPTCHA. Both have broken and both
|
|
default to access denial in that event: <table>
|
|
<thead>
|
|
<tr class="header">
|
|
<th>Google reCAPTCHA (pre-2021)</th>
|
|
<th>hCAPTCHA (gitlab.com today)</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td><img src="https://user-images.githubusercontent.com/18015852/51769530-9d494300-20e3-11e9-9830-1610b3ae9059.png" alt="ccha"/></td>
|
|
<td><img src="https://lemmy.ml/pictrs/image/dcSUfFnja5.png"/></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
|
|
19. The CAPTCHAs are often unsolvable.
|
|
* E.g.1: the CAPTCHA puzzle is broken by ambiguity (is one pixel in
|
|
a grid cell of a pole holding a street sign considered a street
|
|
sign?)
|
|
* E.g.2: the puzzle is expressed in a language the viewer doesn't
|
|
understand.
|
|
|
|
20. Network neutrality abuse: at moments when Google reCAPTCHA is
|
|
used, there is an access inequality whereby users logged into
|
|
Google accounts are given
|
|
[more favorable treatment][netneutrality] by the CAPTCHA (but then
|
|
they take on more privacy abuse). Tor users are given extra harsh
|
|
treatment.
|
|
|
|
[//]: # (I solved the hCAPTCHA, got a green checkmark, and then it looped back to an empty checkbox and I was forced to solve the hCAPTCHA for a 2nd time. And both times I had to solve 2 windows (4 windows in total [36 images]). After solving the 2nd hCAPTCHA gitlab.com brought me to a 404 error. So after all the hard work I was still blocked.)
|
|
|
|
[sexism]: https://web.archive.org/web/20200309145121/https://www.theregister.co.uk/2020/02/06/gitlab_sales_women
|
|
[sanctions]: https://en.wikipedia.org/wiki/GitLab#cite_note-30
|
|
[DoSdevs]: https://persadon.com/@danialbehzadi/104971201238264901
|
|
[cf]: https://about.gitlab.com/blog/2020/01/16/gitlab-changes-to-cloudflare
|
|
[cf-cache]: https://web.archive.org/web/20201104122751/about.gitlab.com/blog/2020/01/16/gitlab-changes-to-cloudflare
|
|
[tracking]: https://social.privacytools.io/@darylsun/103015834654172174
|
|
[tracking-cache]: https://web.archive.org/web/20210305215642if_/social.privacytools.io/@darylsun/103015834654172174
|
|
[grcDenanymises]: https://web.archive.org/web/20201108115815/https://cryptome.org/2016/07/cloudflare-de-anons-tor.htm
|
|
[nonfreejs]: https://libreplanet.org/wiki/Group:Free_Javascript_Action_Team#Ideas_for_focus
|
|
[fsfCriteria]: https://www.gnu.org/software/repo-criteria.html
|
|
[joepie]: http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem
|
|
[iqt]: https://www.iqt.org/portfolio?&taxonomy=tech_areas&tax_id=152
|
|
[nobugrpt]: https://infosec.exchange/@bojkotiMalbona/104637098084869887
|
|
[ebay]: http://web.archive.org/web/20200526092506/blog.nem.ec/2020/05/24/ebay-port-scanning
|
|
[wcag]: https://en.wikipedia.org/wiki/Web_Content_Accessibility_Guidelines
|
|
[cfpaid]: https://docs.hcaptcha.com/faq
|
|
[netneutrality]: https://www.fastcompany.com/90369697/googles-new-recaptcha-has-a-dark-sideby
|
|
[glbug]: https://web.archive.org/web/20210306172223/gitlab.com/prism-break/prism-break/-/issues/2146
|
|
[GRConTP]: https://lists.gnu.org/archive/html/repo-criteria-discuss/2021-03/msg00000.html
|
|
[asAmeans]: https://plato.stanford.edu/entries/persons-means
|
|
|
|
[//]: # (unused links)
|
|
[grcNonfree]: # ([recaptcha/api.js](https://www.google.com/recaptcha/api.js))
|
|
[signalGRC]: # (https://user-images.githubusercontent.com/18015852/55681364-07713600-5926-11e9-8874-137e4faaf423.png)
|
|
[snowplow-cache]: # (https://web.archive.org/web/20220811090954/docs.gitlab.com/ee/development/snowplow/)
|