These "secret orders" are an abuse of power, and we already have many indications that they are being abused (eg: more used for going after drug dealers than terrorists, which was the "justification" for them originally.)
That we admit this, that our government is acting in a criminal fashion, in conflict with the constitution, and we have accepted it as "normal" is just proof that we are frogs who think the water is just fine.
We should be outraged and demanding prosecutions and investigations. But of course, who owns the prosecutors and the investigators? The government.
And we've been taught by government schools to be "good germans" (Eg: to give the benefit of the doubt and wide latitude to government.)
And just like actual frogs that are slowly heated, we will almost certainly jump out of the water if the pot approaches a boil. The apathy stems from the fact that the water is just fine for most citizens; the frogs who are subject to this abuse reside in a completely different pot than the one that most citizens enjoy. I'm not saying I condone surveillance abuse or drug war policies, but the reality is that while your average citizen may be alarmed by the presence of a hot stove, they just can't be bothered to revolt for the sake of an adjacent pot full of drug dealers.
I agree 100% with what you're saying. Do you have any ideas what can we do to improve the state of affairs? Sure, building better software, with better crypto is part of the way, but we need cultural/political/social change, and I have no idea how this should be approached. Most people don't care, sadly. How to make them care, before it's too late (i.e when changing the situation involves violence)? We know we have a problem (well, a lot of problems), I suggest we all try to think how to solve them.
So, I would assume it's fairly safe to say they got 249 NSLs or am I missing something about how people are using ranges to go about skirting this ridiculous law? Obviously it could be within that range, but that's an oddly specific number.
I read that as: "We can't disclose the exact number. The possible bins are: 0-249, 250-499, 500-749, 750-999, ... This year, the number is in the bin 0-249." (not an actual quote)
My guess is that it's to hide how widespread the program is. If loads of companies were saying 1-249 instead of 0-249 we'd be able to see how many companies they're hitting. As it is we can't see that and presumably that lack of accountability makes abusing processes simpler for them.
The most interesting take down seemed to be the one from the "The Federal Service for Supervision of Communications, Information Technology, and Mass Media of the Russian Federation".
Now you first thing it would be some anonymity tool or something like that, nope it's an empty repo with a 32 ways of how to commit suicide in the repo notes including what you need and how long it will take you to die.
Not sure why GitHub only blocked access to that content from Russian IP addresses rather than removing the repo completely like they did with cases in which the repo was actually used for legitimate purposes...
> Total Request from Subpoenas, Court Orders, and Search Warrants = 10
> Percentage where information was disclosed 70%
> Percentage where users were informed of the request 43%
EDIT: I am not smart. I didn't think of that percentage that received information on the disclosure of information and was thinking in terms of total subpoenas.
How is it not 40% or 4 users and we get 43%? One person only got 1/3 of the information?
10 requests for information, 7 responded to, and then 43% of those seven requests has the user informed. How do we get 43% of seven?
Edit - ok next paragraph tells me 10 requests for 40 accounts.
To me this seems pretty low - given that GitHub has millions of accounts, that only 40 got suspected of being involved in crimes seems amazingly low. Or that not even criminals store their secret bank robbery plans in free online hosting services :-)
In the spirit of getting a more exact estimate, would it be possible to hire a registered-agent type service (a commercial 3rd party) that posts the image of every manila envelope it forwards on to the company HQ?
So basically the only government they bent over backwards for was the Russian government. Wish they actually showed some spine like they did with China.
It could be for non-public information, could it not? Private repositories are one obvious, but hidden email addresses and IPs could easily be targets. And maybe they want the public information but in an easy-to-manage format. When you've got the tools, it's probably easier to say "Give us every commit log entry for these ten users" rather than go search for it yourself.
> Or is it to be able to "subtly add code" to existing repositories without being seen ?
I don't think it's this---I understand it to be basically impossible to mess with git repository histories without people noticing. I guess they might try to sneak it in as a new commit, but hopefully others on the project are inspecting things???
> Or is it to be able to "subtly add code" to existing repositories without being seen ?
Come on now, this is not productive to speculate on. This is "the CIA is controlling the population by putting chemicals in your water supply!" level stuff.
When people compare to the Stasi... do you even know what you are talking about? Yes surveillance is bad but encouraging people to tattle on each other is worse and encouraging children to report on their parents is horrific. Read http://competentcommunicator.blogspot.ca/2010/10/sentence-ab... much is lost in translation but perhaps some comes across.
That's a good point. Regardless of ideology, removing repositories like this and not mentioning it in the transparency report doesn't instill a lot of confidence in Github's desire to be truly transparent.
IMO for Github to be trustworthy, they would only remove repos when required by law and then they should end up in this report.
Do you carry that axe and a grindstone everywhere?
(A more neutral way to share your concern might be “I would also like to see some transparency around TOS takedowns, and not just takedowns instigated by third parties.”)
Not every slope is slippery. There is nothing wrong with getting rid of obvious trolls and doing so is not an indication of future censorship of genuine debate.
> How many repos they took down that weren't malicious in any way, but simply didn't gel with the tech industry's current strongly pro-feminist attitude?
Through precisely which mechanisms do you believe that repositories are being removed due to anything resembling "pro-feminist" ideology?
Does github have a "report this repo for not being feminist enough" button that i've been missing all this time?
The warrant canary is probably the existence of the sentence "Until such time, we are not even allowed to say if we've received zero of these reports". Watch that space.
No. The "time" it's "until" is after "The courts are currently reviewing the constitutionality of these prior restraints on free speech, and GitHub supports the efforts to increase transparency in this area.".
Until the courts change the law and say they can say if they've received zero of these reports or not, they are not allowed to. There is no 'warrant canary'. It would be illegal, and Github is not telling you they are going to break the law, they are telling you they are supporting efforts to change the law, but until such time, they will have to comply, and they can't tell you if they received any.
Until they receive 250, and then they can say they received somewhere in the range of 250-499.
[+] [-] MCRed|11 years ago|reply
That we admit this, that our government is acting in a criminal fashion, in conflict with the constitution, and we have accepted it as "normal" is just proof that we are frogs who think the water is just fine.
We should be outraged and demanding prosecutions and investigations. But of course, who owns the prosecutors and the investigators? The government.
And we've been taught by government schools to be "good germans" (Eg: to give the benefit of the doubt and wide latitude to government.)
[+] [-] vectorpush|11 years ago|reply
And just like actual frogs that are slowly heated, we will almost certainly jump out of the water if the pot approaches a boil. The apathy stems from the fact that the water is just fine for most citizens; the frogs who are subject to this abuse reside in a completely different pot than the one that most citizens enjoy. I'm not saying I condone surveillance abuse or drug war policies, but the reality is that while your average citizen may be alarmed by the presence of a hot stove, they just can't be bothered to revolt for the sake of an adjacent pot full of drug dealers.
[+] [-] rjbwork|11 years ago|reply
Who cares if they're transparent in government takedowns if they're going to actively censor their own users?
[+] [-] iyn|11 years ago|reply
[+] [-] shit_parade2|11 years ago|reply
[+] [-] bitdestroyer|11 years ago|reply
> 0-249 Affected Accounts
So, I would assume it's fairly safe to say they got 249 NSLs or am I missing something about how people are using ranges to go about skirting this ridiculous law? Obviously it could be within that range, but that's an oddly specific number.
[+] [-] vladharbuz|11 years ago|reply
[+] [-] gus_massa|11 years ago|reply
[+] [-] Igglyboo|11 years ago|reply
[+] [-] rossng|11 years ago|reply
(emphasis mine)
We can probably assume that the number is >0 rather than >=0.
[+] [-] jmilloy|11 years ago|reply
[+] [-] fastball|11 years ago|reply
[+] [-] mcintyre1994|11 years ago|reply
[+] [-] robwilliams|11 years ago|reply
[+] [-] dogma1138|11 years ago|reply
Now you first thing it would be some anonymity tool or something like that, nope it's an empty repo with a 32 ways of how to commit suicide in the repo notes including what you need and how long it will take you to die.
Not sure why GitHub only blocked access to that content from Russian IP addresses rather than removing the repo completely like they did with cases in which the repo was actually used for legitimate purposes...
[+] [-] baldfat|11 years ago|reply
EDIT: I am not smart. I didn't think of that percentage that received information on the disclosure of information and was thinking in terms of total subpoenas.
How is it not 40% or 4 users and we get 43%? One person only got 1/3 of the information?
[+] [-] jamesfe|11 years ago|reply
4/7 users were not informed = 57%
3/7 users were informed = 43%
But left over: 3/10 in which info was not disclosed
I agree, the infographic was not 100% clear (no pun intended)
[+] [-] Igglyboo|11 years ago|reply
[+] [-] nothrabannosir|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] lifeisstillgood|11 years ago|reply
10 requests for information, 7 responded to, and then 43% of those seven requests has the user informed. How do we get 43% of seven?
Edit - ok next paragraph tells me 10 requests for 40 accounts.
To me this seems pretty low - given that GitHub has millions of accounts, that only 40 got suspected of being involved in crimes seems amazingly low. Or that not even criminals store their secret bank robbery plans in free online hosting services :-)
[+] [-] dboyd|11 years ago|reply
[+] [-] Ezhik|11 years ago|reply
[+] [-] phy6|11 years ago|reply
[+] [-] Grue3|11 years ago|reply
[+] [-] balls2you|11 years ago|reply
Or is it for just the private repositories ?
Or is it to be able to "subtly add code" to existing repositories without being seen ?
What would it be for ? I am stumped.
[+] [-] Amorymeltzer|11 years ago|reply
[+] [-] Igglyboo|11 years ago|reply
[+] [-] pc2g4d|11 years ago|reply
I don't think it's this---I understand it to be basically impossible to mess with git repository histories without people noticing. I guess they might try to sneak it in as a new commit, but hopefully others on the project are inspecting things???
[+] [-] emergentcypher|11 years ago|reply
For example: account information, access logs, IP addresses, relating to the Tor project's managers, contributors, downloaders, etc etc.
[+] [-] shin_lao|11 years ago|reply
[+] [-] diminoten|11 years ago|reply
That. Relax.
> Or is it to be able to "subtly add code" to existing repositories without being seen ?
Come on now, this is not productive to speculate on. This is "the CIA is controlling the population by putting chemicals in your water supply!" level stuff.
[+] [-] steamy|11 years ago|reply
These Stasi guys don't take anything that may jeopardize the reign of their paymasters lightly
[+] [-] chx|11 years ago|reply
[+] [-] parennoob|11 years ago|reply
[deleted]
[+] [-] malvosenior|11 years ago|reply
IMO for Github to be trustworthy, they would only remove repos when required by law and then they should end up in this report.
[+] [-] untitaker_|11 years ago|reply
[+] [-] picks_at_nits|11 years ago|reply
(A more neutral way to share your concern might be “I would also like to see some transparency around TOS takedowns, and not just takedowns instigated by third parties.”)
[+] [-] slg|11 years ago|reply
[+] [-] knowtheory|11 years ago|reply
Through precisely which mechanisms do you believe that repositories are being removed due to anything resembling "pro-feminist" ideology?
Does github have a "report this repo for not being feminist enough" button that i've been missing all this time?
[+] [-] infinity0|11 years ago|reply
[+] [-] jrochkind1|11 years ago|reply
Until the courts change the law and say they can say if they've received zero of these reports or not, they are not allowed to. There is no 'warrant canary'. It would be illegal, and Github is not telling you they are going to break the law, they are telling you they are supporting efforts to change the law, but until such time, they will have to comply, and they can't tell you if they received any.
Until they receive 250, and then they can say they received somewhere in the range of 250-499.