A software developer from Russia found out recently that his account on GitHub had been shadow banned. He was the only one still able to see his account and access his repositories; all other users got a 404 message in their web browsers. In an article titled “How GitHub blocked me (and all my libraries)” (March 11th 2020), ironically 1 published on Medium, he details his experience with GitHub. A very insightful read; here are a few quotes:
On March 9th, 2020, GitHub banned my account without any notice for an unknown reason. I found out about that only when people started sending me emails telling me that my hosted libraries have stopped working and asking me why did I delete my GitHub account (I didn’t). Apparently, for any person other than me, when navigating to any of my libraries’ page, GitHub simply displayed a “404 Not found” page. Not even a “user account suspended” page, just as if the person didn’t exist, and all their libraries too.
The ban resulted in at least tens of thousands of people using the libraries I maintained not being able to access the source codes, not being able to report bugs or seek assistance when they’re stuck. Some of the libraries also relied on “GitHub Pages” for hosting “static” assets (for example, country flag icons), and those have stopped working properly as a result.
Also, apparently, all my comments in all issues in all other repos have instantly disappeared for anyone other than me, and some of those comments contained some useful and valuable information/knowledge/solutions. While git version control itself makes sure that you don’t lose your code when GitHub, Inc. decides to block you, the same isn’t true for all your other intellectual assets in the form of numerous comments you’ve posted in issues/pull-requests/commits/etc (including your employer’s private repos). It’s funny how GitHub’s marketing is all about “sharing” and “co-creating”, and at the same time look how easily they’re stripping the community of the source codes and knowledge base the people (not them) have collectively created with their time and effort (many people have contributed to my repos both in the form of code commits and issue comments) just to maniacally hunt down one guy who just happened to fall out of favor for an unknown reason. Is it what’s called a “loose cannon”, trusted with all our sources?
The issue I see here is a private corporation hijacking the good name of Open Source and using it for their own profit, at the same time not sharing the ideals the Open Source movement emerged from — the freedom.
He tried contacting GitHub in order to get this issue resolved, but found out that he had to answer a number of very privacy intrusive questions which he lists in his article. After his article got a lot of publicity GitHub was pressured to take a look at his account and eventually restore it.
This is just another case where we see the huge risks we’re taking when we trust corporations with our data, business and livelihood. This is not just a problem with GitHub, but practically all corporations that offer services in the cloud like I mentioned in my post “The danger of “Software as a Service” and “Infrastructure as a Service””.