How GitHub blocked me (and all my libraries)

Nikolay
10 min readMar 11, 2020

--

My name is Nikolay. I’m a web developer from Moscow, Russia. My hobby is writing Open Source libraries (libphonenumber-js, react-phone-number-input, relative-time-format, javascript-time-ago, react-responsive-ui, read-excel-file, virtual-scroller, imageboard, captchan universal imageboard frontend) and I really enjoy it. Like others, I’ve been happily using GitHub (@catamphetamine) as the primary way of publishing the source codes and communicating with the users. Until recently.

A Google-cached version of my GitHub profile, until it was blocked.

On March 9th, 2020, GitHub banned my account without any notice for an unknown reason. I found out about that only when people started sending me emails telling me that my hosted libraries have stopped working and asking me why did I delete my GitHub account (I didn’t). Apparently, for any person other than me, when navigating to any of my libraries’ page, GitHub simply displayed a “404 Not found” page. Not even a “user account suspended” page, just as if the person didn’t exist, and all their libraries too.

The ban resulted in tens of thousands of people using the libraries I maintained not being able to access the source codes, not being able to report bugs or seek assistance when they’re stuck. Some of the libraries also relied on “GitHub Pages” for hosting “static” assets (for example, country flag icons), and those have stopped working properly as a result.

The only hint from GitHub was when I navigated to their website and (only for me) it showed a notification at the top saying: “Your account has been flagged. Because of that, your profile is hidden from the public. If you believe this is a mistake, contact support to have your account status reviewed”. I’ve sent a support request to GitHub, Inc. as soon as I found out about the issue (Ticket ID: 594578). It has been almost a week and they haven’t responded yet. (spoiler: they did respond after this article was posted on Hacker News)

“Flagged”? So this is how you call “disposing of someone” in a “politically correct” manner nowadays.

What could possibly be the reason of the ban? Maybe one of my repos contained a mysterious “blacklisted” word? Or was it a hyperlink to some “blacklisted” website somewhere deep in the source codes? Or maybe I’ve called someone a moron on the internet recently? (spoiler: that finally turned out to be the case) Whatever it could be, it doesn’t justify immediately blocking off public access to a bunch of useful open-source projects tens of thousands of people rely on in production.

Also, apparently, all my comments in all issues in all other repos have instantly disappeared for anyone other than me, and some of those comments contained some valuable information/knowledge/solutions. While git version control itself makes sure that you don’t lose your code when GitHub, Inc. decides to block you, the same isn’t true for all your other intellectual assets in the form of the comments you’ve posted in issues/pull-requests/commits/etc (including your employer’s private repos). It’s funny how GitHub’s marketing is all about “sharing” and “co-creating”, and at the same time look how easily they strip the community of the source codes and knowledge base the people (not them) have collectively created with their time and effort (several people have contributed to my repos both in the form of code commits and issue comments) just to maniacally hunt down one guy who just happened to fall out of favor for an unknown reason. Is it what’s called a “loose cannon”, trusted with all our sources?

This incident has teached me that corporations are still corporations, even when proclaimed the heart of open source, even when they’ve played a huge role in growing the open source community to its current state. The main focus of every corporation are good “public relations” image and smooth operation. This giant machine can be your best friend as long as you’re good for the business. But if you accidentally happen to get in its way, it’ll simply screw you over and won’t even notice. If tomorrow a corporate lawyer decides they need to cover their corporate ass more tightly — be it international sanctions, dodging any potential lawsuits from vocal minorities, or anything else — they won’t think twice: they’ll readily dispose of anyone and betray any “ideals” you might have thought they stand for.

The issue I see here is a private corporation hijacking the good name of Open Source and using it for their own profit, at the same time not sharing the ideals the Open Source movement emerged from — the spirit of Freedom.

And I don’t blame them for that — they’re a private corporation after all. It’s just that their marketing strategy is very misleading, making people think that GitHub, Inc. is an idealistic nonprofit organization while in reality they’re a private for-profit corporation under US jurisdiction, having its own policies and opinions. And that’s what I personally find unfair towards the regular people who sincerely praise and promote GitHub on social media.

GitHub, play fair: Open Source is a free trademark, don’t try to make it seem like you invented it. If you provide people with the means to publicly host their open-source projects, that doesn’t also mean that you own them and their code. You can’t just make it all disappear at will. Well, legally, you can, but you shouldn’t behave in this manner. Remember: “With great power there must also come great responsibility”.

Anyway, I guess it’s goodbye, GitHub. We’ve had a wonderful relationship, but seems like our views have diverged too much, you getting obsessively political with every passing year. I’m leaving. I’ll start moving everything to GitLab. Competition is vital for maintaining a healty ecosystem. When it becomes a monopoly, it quickly descends into stagnation and authoritarianism. I’m for preserving the “diversity” of everything in this beautiful world, so you can call me a GitLab fanboy now.

Update: (Disclaimer: Many people will get disappointed, but) A week after I’ve opened the support ticket, GitHub has finally replied. Suspiciously, this happened right after someone important has posted a link to this article on Hacker News. So, the reason for the abrupt ban of all my public repos turned out to be just a random comment I’ve left on GitHub jokingly calling a guy a prick. Now, don’t get me wrong, I don’t bully other people without a reason. I’m actually a super friendly guy. There used to be a really convenient utility for making Windows switch keyboard layout on Caps Lock (unachievable via standard OS features) called “capslang”. The utility somehow disappeared from my OS, so I set off to re-download it only to find this message from the author (translated from Russian):

“Attention! Due to a complaint submitted by this person: zbetcheckin on urlhaus.abuse.ch in 2019, the hosting provider has forced me to delete the binaries for the utility I wrote more than 10 years ago and that hasn’t bothered anyone for all these years. You can tell this character everything you think of him to his Twitter account.”

“Ain’t no problem, bruh!”, — I thought. “I feel you, being open source devoper myself”. Only that I’m more used to GitHub so I’ve posted a (now deleted) issue rather than a tweet. The issue was titled “You’re a [funny-word]” where [funny-word] was a set of latin characters resembling a transliterated Russian mildly-offensive word for “gay” which has a very broad meaning and doesn’t actually mean “gay”. Disclaimer: I’m not against gay people, I’m actually a fan Van Darkholme, I like Ram Ranch (and the overall idea of male sex, because, if you think about it, that is the most manly type of sex because there’re no females involved, like it’s the pinnacle of masculinity), and I enjoy casually watching some gay documentaries on VICE.

It was just meant to demonstrate the dude that his actions on the internet have made other people upset, cyka blyat. I didn’t even suppose he’d get any idea. Well, apparently, he was persistent enough to file yet another takedown complaint, this time for me using “homophobic slur”. Whatever, I don’t blame him for that, that’s the way he is. GitHub though — what surprised me is how swiftly did they react, not even arranging some sort of a hearing, not even notifying me that they’re gonna take down my account, not giving me the right to respond or defend myself, and then just ignoring my ticket until I got lucky and people picked it up in social media. I could justify a temporary read-only mode, but taking down the entire account along with all the repos, issues and comments, just because someone has filed a complaint? That’s cold. And actually irresponsible.

Still, I’m glad it all happened the way it did. They’ve opened my eyes on many things. I feel like life has taught me a valuable lesson, and I’ve got some new thoughts I have yet to process.

Long story short, we’ve reached an agreement with GitHub, Inc. and they kindly agreed to unblock me and restore all the stuff as long as I agree to abide by their codes of conduct in the future. I’m still staying on GitLab though, because it’s safer this way: who knows when else could GitHub, Inc. ban me again. Thanks to the people who upvoted and reposted. Without your support, I surely wouldn’t get noticed. I really wouldn’t want to disappoint you all, but this whole thing turned out to be triggered by a random silly joke (and what would our life be without a bit of fun?). If someone thought I’m a hero or a martyr — don’t, I’m just a guy. Thanks anyway. Sorry if it caused you any inconvenience.

A funny fact: Just as I was finishing updating this post, an email from npm, Inc. hit my inbox. “We are excited to share the news that npm will be joining GitHub!”. Exciting indeed… What now, npm packages will start getting banned for having the word “retard” in them?

Good thing yarn introduced the concept of installing packages from an arbitrary URL (git repo or tarball) in 2016, and npm copied over this feature shortly after just to stay in the business. This is yet another proof that competition is great and monopoly is bad. Right, GitHub?

(Offtopic) (Random) (Not related) As the days went by, I decided to go take a look at GitHub’s “Help” website to see if there’re any other ways of resolving such issues. Turns out, there’s a dedicated “Individual Account Appeal Form” where they ask you a list of privacy-touching mandatory questions, progressively shifting the Overton window:

  • “What country do you live in? What city do you live in?”
  • “How long have you lived there?”
  • “Have you lived in any of the following locations in the last 24 months?”
  • “Have you visited or traveled to any of the following locations in the last 24 months?” (What? Coronavirus again?)
  • “How long did you stay?” (Umm… None of your business?)
  • “If you accessed GitHub.com while you were visiting Iran, North Korea, Syria, or Crimea, please tell us why you used GitHub.com.”
  • If you selected “To conduct business with persons or companies in that location,” please tell us more. Please tell us about: (1) the nature or purpose of your work in that country or region; (2) what companies or other organizations in that country or region were involved; and (3) whether you plan to continue that business activity. (GitHub, are you officially a governmental spying agency now? Gathering intel on other countries’ tech activity with such an obsessive fixation)
  • Send us a copy of your photo identification (ID) showing where you currently live. Please upload pictures of the front and back of your current (unexpired) government-issued photo identification (ID) from the country where you usually reside or live. Make sure that you provide clear, legible images. If your image is blurry or incomplete, we will not be able to process your request. Examples of acceptable forms of ID include passports, drivers licenses, and national identity cards. (Here you go, officer)
  • Send us a selfie. (You’re kidding? Selfie my ass) Please upload a photo of yourself holding your ID, with the photo side of the ID facing the camera. We will use this image to help validate that the ID really belongs to you. (Also, keep your legs crossed, put both of your hands palms down straight out in front of you, push yourself up to a kneeling position and crawl towards me, or I will shoot you)
  • Are you or do you use your account on behalf of any of the following: (1) a Specially Designated National (SDN) or another party subject to U.S. sanctions; (2) a government ministry or agency; (3) a state-owned enterprise; or (4) a prohibited Cuban government or Communist Party official?

GitHub, since when are you the police? Why do you want to interrogate me like that? Am I under arrest? Do I also have to go through a concentration and internment camp after submitting this convenient form? I don’t see how anyone having self-respect could submit something like that just for having the right to be a part of the Open Source community.

Is this about Coronavirus?
And don’t forget to put on your yellow badge.

--

--