[At-Risk Shares] Enumeration of Reasons to Leave Github

[Karl]

meanwhile ... I found this on the haven issues repository, seems like
it needs more value.  (the evac guide at
https://gitlab.com/upend/github/evac-guide is stale for 2 years).

https://github.com/guardianproject/haven/issues/425

To improve the credibility of the project and attract
privacy-respecting developers, please consider moving away from
Github.

It's particularly important to get the bug tracker off MS Github to
encourage reports.

Direct practical problems with using Microsoft Github
A survey shows that a significant number of bug reports are withheld
when the bug tracker is inside a restrictive or politically
controversial walled-garden like MS Github or gitlab.com.
Github is Tor-hostile according to Tor project. GH has started forcing
Tor users through an extra email verification step that effectively
discourages bug reports: github-tor_hostility
MS failed to secure Github, which was breached to the tune of 500gb of
private projects. Security incompetence is further showcased by an
MS-imposed requirement to create and account and sign in to report an
MS security bug. And for those not discouraged by that, the sign-in
page is also broken. Then security was breached again in July 2020
when OAuth tokens were stolen from both Github and Gitlab.com.
MS suppresses democracy by blocking Github access to a project that
facilitates protests in Catalonia.
Ethical problems with using Microsoft products and services
Microsoft harms the environment by serving the two most destructive
oil companies in the world: ExxonMobil and Chevron.
(#ExxonKnew) Exxon notoriously knew about climate change since 1977.
They not only kept it secret from the public, but they also financed a
disinformation campaign.
Microsoft and Chevron were caught each paying $100k to "the
Cloakroom", a project to hide bribes going from large corporations to
republican politicians.
Chevron's right-leaning stance is further pushed through its
membership with ALEC, which doubles as a superPAC and bill mill that
lobbies and writes policy for U.S. republicans.
Microsoft is a notorious privacy abuser:
MS is a PRISM corporation prone to mass surveillance.
MS supported CISPA and collaborates with the NSA.
MS paid $195k to fight the California Consumer Privacy Act (CCPA).
MS drug tests its employees, thus intruding on their privacy outside
the workplace.
MS finances other privacy abusers:
In 2012 Microsoft spent $35 million on Facebook ads and in 2015
Microsoft was the third biggest spender on Facebook ads in the world.
MS proxies through Accenture to make Sweden cashless. The war on cash
is war on privacy.
MS supplies Bing search service which gives high rankings to
privacy-abusing CloudFlare websites.
MS owns and operates Outlook Email and the LinkedIn social media site,
both of which are exclusive walled-gardens that limit participation to
those who have a phone number and the will to share it with Microsoft.
MS supplies hotmail.com email service, which uses vigilante extremist
org Spamhaus to force residential internet users to share all their
e-mail metadata and payloads with a corporate third-party.
MS unlawfully used people's images without consent to train their
facial recognition products
MS distributes a nonfree operating system, Microsoft Windows, which is
jam-packed with malicious functionalities, including surveillance of
users, DRM, censorship and a universal back door.
MS was caught surreptitiously recording Xbox users and paying
contractors to listen to the recordings.
Dutch government commissioned a study which found Microsoft to have
several GDPR violations. E.g. Office 365 violates GDPR article 5 ¶
1.c, GDPR article 17, and stores the data outside the EEA (may also be
a GDPR breach).
Microsoft is detrimental to human rights and democracy
Microsoft finances AnyVision to produce facial recognition technology
that the Israeli military uses as a weapon against the Palestinian
people who they oppress in their occupation. Note that Israeli snipers
murdered an unarmed civilian Palestinian medic (in breach of the
Geneva Convention) then edited the video to deceive the public for PR
damage control.
Microsoft supports ICE in a variety of ways in the course of ICE's
implementation of Trump's xenophobic border policies. Microsoft
services an ICE contract worth $19.4 million dollars despite protest
from employees. In addition to MS Office products, Microsoft has
renewed a Github contract and also supplies cloud computing through
its Azure platform.
MS partnered with FedEx, an NRA-supporting ALEC member as well as JP
Morgan Chase, the most evil bank in the world.
MS conceals US military contracts to bias PR and dodge social
accountablity. They have a much bigger piece these contracts than the
rest of MACFANG, they lack Googles AI principles, and unlike Google
they ignore employee protest and petitions.
MS is among the top 15 recipients of Trump's corporate tax breaks, a
benefit of $128 billion. Microsoft sacked hundreds of employees
immediately after receiving the tax breaks in February 2018.
MS is anti-consumer and anti-competitive
MS tricked users into "upgrading" to Windows 10, which sabotages users
in a variety of ways, one of which is to prevent cloud-free accounts.
MS strong-armed nearly all PC manufacturers charge every buyer for an
MS Windows license regardless of whether the user actually wants
Windows.
MS hoards software patents and uses them to fight free software.
Bad alternative: gitlab.com service
The Gitlab.com SaaS is often considered an alternative to MS Github,
but it's even worse--

for many reasons
There's nothing wrong with self-hosting an instance running Gitlab CE
or using the Gitlab instance of another party.

Decent alternatives
self-hosting (Gogs, Gitea, Gitlab CE, etc.)
(+) avoids the "shake-up" problem of shrinking the community each time
the project moves (there is no risk that the privacy factors would
later take a negative turn).
Bitbucket
(-) dodgy j/s up the yin yang that clusterfucks uMatrix
(-) has some relationship with Netlify, who uses AWS
(-) non-free software?
Launchpad
notabug.org ("NAB") (privacy policy). Based on a liberated fork of gogs.
(+) supports Tor (although the onion web UI is currently disabled in
response to attack, so the onion site only accepts git connections)
(+) supports SSH keys and SSH over Tor
(+) no CAPTCHAs
(+) registration very non-intrusive, and not controlling about where
you get your email
(-) noteworthy drawback unrelated to privacy: e-voting non-existent.
(-) noteworthy drawback unrelated to privacy: NAB doesn't associate
PGP keys to users, so PGP signed commits may be unavailable or more
manual work needed.
(-) IRC support channel is dead.
Codeberg. Runs on Gitea, which is a Gogs fork.
(+) web UI works on Tor (probably SSH as well)
(+) supports SSH and GPG keys
(+) registration very non-intrusive, and not controlling about where
you get your email
(+) functions without any j/s, and the javascript that exists is all 1st-party
(+) supports e-voting
(-) logins don't work from all Ungoogled Chromium installations
(-) no onion address
yerbamate.dev
git.openprivacy.ca
git.nixnet.xyz
git.sr.ht
framagit.org: Gitlab CE instance
git.jami.net: Gitlab CE instance, perhaps dedicated to jami
sourcehut.org