Getting deleted from GitHub

#github #open-source #freedom


On the 15.9. I got my GitHub account suspended. I don’t know the exact time, since GitHub did not send me any sort of E-Mail warning before or after I got suspended. I found out after someone contacted a friend of mine over a repository they were using and could no longer find.

Once i try logging into my account i find out that this isn’t just a regular suspension that blocks your content from being publicly accessible (which would have been annoying enough), but instead a full suspensions, including blocking me from logging in to find out at all what could have caused the suspension. My only avenue at this point in time is to contact support via E-Mail and wait for a response. Until then i stand firmly in my belief that i have been banned wrongfully (and i will tell you why in a bit).

Migration

While i wait i look at my options. It is a sunday and i am not actively working on any projects, but i want access to my data on Monday and want to cause the least amount of disruption for users of my software.

GitHub hosting mostly git repositories i don’t lose access to most of my data. Git repositories need to be locally cloned when you work on them, so almost all of my code is still available. I do lose access to outstanding issues, pull requests (other peoples code in my repositories) as well as access to their build system. This wouldn’t have been as dramatic if GitHub hadn’t pushed for centralizing all kinds of other services under their domain. It really speaks to gits distributed nature that very few people that actively work with me on code lost any data, everyone unwittingly having created their own local backups.

Alongside of my repositories, GitHub also closed down all of my github pages. While i don’t make a habit out of hosting things on there, a few websites of mine did go down in the process. Luckily i already have a VPS so hosting a couple extra html files was no big deal (aside from DNS taking forever to invalidate from GitHubs IPs to mine).

History

What makes this is doubly infuriating is the fact that i expected this suspension. Not because i have done anything against the GitHub terms of service, their acceptable use policy or any other policy GitHub imposes on users. Instead because wrongful suspensions have been happening for months in one of my online programming circles. One of the biggest projects i have been working on on GitHub is NotEnoughUpdates and a somewhat related project called SkyHanni (which has a large amount of developer overlap). Neither of these projects violate any platform rules (not for GitHub and not for Hypixel SkyBlock, the game these mods target), but for over a year there have been countless temporary suspensions on GitHub for contributors of those projects. These suspensions range from things like “forker of a specific repository getting a suspension within 21 seconds after the creation of the fork” over “frequent contributor to a repository gets a shadow ban the instant they create their fourth or so pull request to that same repository” (twice, since the exact same thing happened again after they had been reinstated) to completely wild things like “person who has not logged into github in half a year but is admin in one of those repositories getting banned”.

All of this sounds mighty suspicious and if you don’t know these projects already you might suspect that there is some foul play going on in those repositories. The reality is probably quite the opposite.

The range of people getting banned here is so broad: it ranges from first time contributors to people who have been in the project for 4 years; i cannot verify that every single one of those bans has been unjustified. There is bound to be at least one person in the dozens of suspensions that actually got what they deserved, but pretty much every single one of those suspensions has been resolved (without a reason for the suspension given, usually) after many hours of exchanges with the GitHub support. GitHub support is no doubt aware of the situation here, quite a few of the people who did get banned mentioned that other people got banned while interacting with the same repository, but nothing seems to change.

One common theory as to why those suspensions happen is mass reporting. Both NEU and SkyHanni are popular targets for trojan malware. They are both mods for Hypixel SkyBlock a community in which trojans (known in the community as RATs, even when they are not) are very widespread. Malware developers known as “ratters” upload impersonating software onto GitHub, and then advertise those repositories in game or via Discord. While this is not as lucrative of an endeavour as it used to be (most malware devs have moved on to other kinds of malware scams, like phishing, abusing unclear oauth scopes or scamming people for password reset tokens) there are still a bunch of people doing these kinds of malware on GitHub. Members of our community report the repositories hosting this content to GitHub which typically leads to their removal. Some of the owners of these taken down repositories then turn around and spite-report non-malicious forks of the repositories they were impersonating, as well as individuals who work on those mods. While i know for sure that some amount of mass reporting is happening, i can (without confirmation through GitHub) not confirm whether or not those mass reports actually lead to any of those wrongfull suspensions.

What now

I have been advocating against GitHub for as long as i have been using git. In my earlier years this was mostly an edgy desire to be different: I was using the git hosting provider that i saw as more hipster and niche. Even before i was old enough to outgrow that kind of opinion i realized there are other problems with the kind of centralization GitHub wants. Having people confined to learning only one git platform meant that i saw peers of mine entirely unable to work outside of the platform they started out on. There was a growing worry about GitHubs role in open source development and the kind of power that owning essentially all the worlds code that was given to one company. Especially after the acquisition through Microsoft (and the subsequent greatest heist in coding, GitHub copilot) the move away from GitHub was made by me and other developers.

For some people (like me), this means creating their own git servers using software like Forgejo or GitLab. For some it means joining some other git hosting service like Codeberg or sourcehut. This fragmentation obviously brings some hurdles. GitHub being the main hub does bring some advantages that your own git server lacks. Collaboration with strangers is easier if everyone already has an account. git send-mail solves this, but nobody knows how to use it. (Maybe ForgeFed will help.) GitHub is also typically ranked higher on search engines, meaning people might not even find what they are looking for if you host your own git server.

I personally will continue to use GitHub. If i want to collaborate with newcomers to coding (and especially to communal coding), there isn’t much of an alternative. But i will also push people to understand their tools better, support a more diverse git ecosystem, and continue to host my own git. Maybe in another year and another GitHub suspension i will have learnt my lesson and finally give up on the Microsoft poison.

To be continued…

I am yet to be unsuspended. Typically these suspensions last for around a week. When and if there are updates i will update this post.