#290 WIP: Better process for termination of the account

Closed
opened 1 month ago by kreyren · 14 comments
kreyren commented 1 month ago

This issue is work in progress...


This was mentioned in #277 where i am making a new issue to make the solution organized and trackable for possible implementation in Codeberg/org#10


DISCLAIMER: This is not a legal advise that would create client to lawyer relationship.

The issue

Currently codeberg is reserving the right to remove anything without notice which is harming the end-user experience and the service itself as the end-users can not trust codeberg’s ability to handle their repositories and organization.

Concerns

It was stated that Codeberg e.V. reserves these rights to fight abuse of the service assuming namely:

  • Spamming
  • Inappropriate content
    • Gore
    • Nudity
    • Child porn
    • Content directed to harm the minority/majority
    • Content that violates the copyright law
    • Content generated with the intention to harm the service i.e. creating X amount of repositories/files within Z amount of time used as Denial of Service (DoS) and Distributed Denial of Service (DDoS).
    • Content that distabilizes the service i.e. forcing gitea throug a bug to upload a project at a size of higher then 50 Gigabytes.
  • Content that is inapropriate to minors (being resolved in #285)
  • Politically sensitive content that might be illegal at relevant juridistical areas i.e. Edward Snowden’s case https://en.wikipedia.org/wiki/Edward_Snowden
  • Penetration tools without going through the white hat process of allowing upstream to resolve these issues in a reasonable amount of time depending on the vulnerability discovered.

Proposed solutions

Spamming

TBD

Gore

Definition: Content that shows a harm done to the organism capable of feeling pain (WIP)

Codeberg should have the right to remove such content at any time.

Nudity

Definition: WIP

Needs to be decided

Should be hidden and/or censored for minors

Child porn

Definition: WIP

Codeberg should have the right to remove such content at any time.

Needs to be decided for handling in countries that do not recognize age of consent to engage in sexual relationship.

Content directed to harm the minority/majority

Needs to be decided

Culture should be a factor in the decision as censorship is unwanted and history should be available to be used as a reference for the future.

Needs to be decided

Copyright is not enforced by some countries which depend on the ability to redistribute the material as a part of their culture i.e. Finland thus recommending to hide the content to users visiting the website from relevant geo-location once it was requested to be removed by authorized party assuming coverage by the liability of service provider.

Law enforcement should have the option to file a lawsuit or resolve these issues out-of-court agains the invidual users violating this law

Content generated with the intention to harm the service i.e. creating X amount of repositories/files within Z amount of time used as Denial of Service (DoS) and Distributed Denial of Service (DDoS).

Needs to be decided

Content that is inapropriate to minors

Being investigated in #285

Politically sensitive content

Example: Edward Snowden’s whistleblower case https://en.wikipedia.org/wiki/Edward_Snowden

Needs to be decided

Note that such content might authorize the relevant juridistiction to take the service down immediately as part of it’s homeland security act.

The terms of service should be optimized in case codeberg ever gets into a situation alike.

Penetration tools

Vulnerabilities are part of our daily lives especially in developers who find it not economical or generally refuse to perform brainstorm and peer-reviews on their code.

GitHub’s approach is to remove these tools from public view at any time which is in my humble opinion harmful to the computer science branch as these issues may go unnoticed which may result om vulnerability abused for:

  • mass survillance
  • blackmail
  • harm to the invidual
  • forced human trafficking
  • etc..

Thus recommending to provide a process which would require the author to go through which would include informing the upstream about the issue and giving them reasonable amount of time to resolve the issue depending on the severity of the vulnerability assuming all end-users informed about the vulnerability.

This approach might make it sane from a legal point of view, but needs investigating.

This issue is work in progress... --- This was mentioned in https://codeberg.org/Codeberg/Community/issues/277 where i am making a new issue to make the solution organized and trackable for possible implementation in https://codeberg.org/Codeberg/org/pulls/10 --- **DISCLAIMER:** This is not a legal advise that would create client to lawyer relationship. ### The issue Currently codeberg is reserving the right to remove anything without notice which is harming the end-user experience and the service itself as the end-users can not trust codeberg's ability to handle their repositories and organization. ### Concerns It was stated that Codeberg e.V. reserves these rights to fight abuse of the service assuming namely: - Spamming - Inappropriate content - Gore - Nudity - Child porn - Content directed to harm the minority/majority - Content that violates the copyright law - Content generated with the intention to harm the service i.e. creating X amount of repositories/files within Z amount of time used as Denial of Service (DoS) and Distributed Denial of Service (DDoS). - Content that distabilizes the service i.e. forcing gitea throug a bug to upload a project at a size of higher then 50 Gigabytes. - Content that is inapropriate to minors (being resolved in https://codeberg.org/Codeberg/Community/issues/285) - Politically sensitive content that might be illegal at relevant juridistical areas i.e. Edward Snowden's case <https://en.wikipedia.org/wiki/Edward_Snowden> - Penetration tools without going through the white hat process of allowing upstream to resolve these issues in a reasonable amount of time depending on the vulnerability discovered. ### Proposed solutions #### Spamming TBD #### Gore Definition: Content that shows a harm done to the organism capable of feeling pain (WIP) Codeberg should have the right to remove such content at any time. #### Nudity Definition: WIP Needs to be decided Should be hidden and/or censored for minors #### Child porn Definition: WIP Codeberg should have the right to remove such content at any time. Needs to be decided for handling in countries that do not recognize age of consent to engage in sexual relationship. #### Content directed to harm the minority/majority Needs to be decided Culture should be a factor in the decision as censorship is unwanted and history should be available to be used as a reference for the future. #### Content that violates the copyright law Needs to be decided Copyright is not enforced by some countries which depend on the ability to redistribute the material as a part of their culture i.e. Finland thus recommending to hide the content to users visiting the website from relevant geo-location once it was requested to be removed by authorized party assuming coverage by the liability of service provider. Law enforcement should have the option to file a lawsuit or resolve these issues out-of-court agains the invidual users violating this law #### Content generated with the intention to harm the service i.e. creating X amount of repositories/files within Z amount of time used as Denial of Service (DoS) and Distributed Denial of Service (DDoS). Needs to be decided #### Content that is inapropriate to minors Being investigated in https://codeberg.org/Codeberg/Community/issues/285 #### Politically sensitive content Example: Edward Snowden's whistleblower case <https://en.wikipedia.org/wiki/Edward_Snowden> Needs to be decided Note that such content **might** authorize the relevant juridistiction to take the service down immediately as part of it's homeland security act. The terms of service should be optimized in case codeberg ever gets into a situation alike. #### Penetration tools Vulnerabilities are part of our daily lives especially in developers who find it not economical or generally refuse to perform brainstorm and peer-reviews on their code. GitHub's approach is to remove these tools from public view at any time which is in my humble opinion harmful to the computer science branch as these issues may go unnoticed which may result om vulnerability abused for: - mass survillance - blackmail - harm to the invidual - forced human trafficking - etc.. Thus recommending to provide a process which would require the author to go through which would include informing the upstream about the issue and giving them reasonable amount of time to resolve the issue depending on the severity of the vulnerability assuming all end-users informed about the vulnerability. This approach might make it sane from a legal point of view, but needs investigating.

Hold on, wait a minute... Did I understand you correctly that you’re saying it “Needs to be decided” whether we should tolerate child abuse?

If so:

  1. WTF?! Child abuse must never be tolerated. There is no “it depends” in this question. I’m shocked that we even have to talk about that.
  2. Codeberg will comply with German law. So as far as criminal law is concerned, there’s nothing that needs to be defined or determined (refer to Strafgesetzbuch for details).

Number 2 applies to most of your other points as well.

I’m shocked and I really hope this was just a misunderstanding...

CC @hw

Hold on, wait a minute... Did I understand you correctly that you're saying it "Needs to be decided" whether we should tolerate child abuse? If so: 1. WTF?! Child abuse must never be tolerated. There is no "it depends" in this question. I'm shocked that we even have to talk about that. 2. Codeberg will comply with German law. So as far as criminal law is concerned, there's nothing that needs to be defined or determined (refer to Strafgesetzbuch for details). Number 2 applies to most of your other points as well. I'm shocked and I really hope this was just a misunderstanding... CC @hw
kreyren commented 1 month ago
Poster

Did I understand you correctly that you’re saying it “Needs to be decided” whether we should tolerate child abuse?

Work in progress issue, didn’t decide on anything yet doing research.

> Did I understand you correctly that you’re saying it “Needs to be decided” whether we should tolerate child abuse? Work in progress issue, didn't decide on anything yet doing research.
kreyren commented 1 month ago
Poster

@lhinderberger

Needs to be decided for handling in countries that do not recognize age of consent to engage in sexual relationship.

To elaborate further, to avoid confusion and from what i’ve been told by United Arabic Emirates (country without age of consent that requires only marriage) citize preventing it might be problematic in this country and countries alike in certain scenarios i.e. preventing their prince (?) from submitting such content might be considered offensive and illegal.

EDIT: Note that i am still doing research..

@lhinderberger > Needs to be decided for handling in countries that do not recognize age of consent to engage in sexual relationship. To elaborate further, to avoid confusion and from what i've been told by United Arabic Emirates (country without age of consent that requires only marriage) citize preventing it might be problematic in this country and countries alike in certain scenarios i.e. preventing their prince (?) from submitting such content might be considered offensive and illegal. EDIT: Note that i am still doing research..
kreyren commented 1 month ago
Poster

@lhinderberger @hw deciding on the platform code of conduct when it comes to the culture would be appreciated though my general believe is to respect each country’s culture and law as much as possible and then blocking problematic content in the relevant juridistical area depending on the way that the culture and law enforcement expects it to be enforced.

@lhinderberger @hw deciding on the platform code of conduct when it comes to the culture would be appreciated though my general believe is to respect each country's culture and law as much as possible and then blocking problematic content in the relevant juridistical area depending on the way that the culture and law enforcement expects it to be enforced.
kreyren commented 1 month ago
Poster

@lhinderberger In all due respect.. calm down

Never said i want to implement such thing i said i am doing research as there might be something we can do to make the platform “viewed in a better light” in these countries while representing our point of view and believes.

@lhinderberger In all due respect.. calm down Never said i want to implement such thing i said i am doing research as there might be something we can do to make the platform "viewed in a better light" in these countries while representing our point of view and believes.
n commented 1 month ago

A lot of these points are redundant with must not contain illegal content and must not be used for illegal purposes in the ToS.

Codeberg must comply with German law. So regardless of foreign law, what’s illegal in Germany cannot be allowed on Codeberg.

A lot of these points are redundant with `must not contain illegal content and must not be used for illegal purposes` in the ToS. Codeberg must comply with German law. So regardless of foreign law, what's illegal in Germany cannot be allowed on Codeberg.
kreyren commented 1 month ago
Poster

must not contain illegal content and must not be used for illegal @n

What is illegal is subjective depending on the relevant culture and juridistical area so i believe that from a legal point of view this basically allows anyone to have a strong defense agains whatever they do on the platform. When it comes to law it’s generally better to be as explicit as possible.

Codeberg must comply with German law. So regardless of foreign law, what’s illegal in Germany cannot be allowed on Codeberg. @n

As far as i know only servers (and organizations) hosted in germany has to comply with german law, but gitea is supposedly expected to be federated which would make it subject to foreigh (from a german point of view) law.

EDIT: Rephrased

> must not contain illegal content and must not be used for illegal @n What is illegal is subjective depending on the relevant culture and juridistical area so i believe that from a legal point of view this basically allows anyone to have a strong defense agains whatever they do on the platform. When it comes to law it's generally better to be as explicit as possible. > Codeberg must comply with German law. So regardless of foreign law, what’s illegal in Germany cannot be allowed on Codeberg. @n As far as i know only servers (and organizations) hosted in germany has to comply with german law, but gitea is supposedly expected to be federated which would make it subject to foreigh (from a german point of view) law. EDIT: Rephrased
6543 commented 1 month ago
Collaborator

“What is illegal is subjective depending on the relevant culture and juridistical area” -> German Law.

"What is illegal is subjective depending on the relevant culture and juridistical area" -> German Law.
6543 commented 1 month ago
Collaborator

“gitea is supposedly expected to be federated” -> at the moment gitea can not federate at all! there is only the mirror feature witch is not federating too

hopefully this feature will exist in the future, throu the content still has a locatin then too -> like email providers (email = federated)

if you take email as example, a german email profider has to comply aganst german law not US and nothing else but german law

I dont get the concerns you have

"gitea is supposedly expected to be federated" -> at the moment gitea can not federate at all! there is only the mirror feature witch is not federating too hopefully this feature will exist in the future, throu the content still has a locatin then too -> like email providers (email = federated) if you take email as example, a german email profider has to comply aganst german law not US and nothing else but german law I dont get the concerns you have
kreyren commented 1 month ago
Poster

@6543 Makes sense to me as made decision in terms of legal approach.

To elaborate on my intentions i wanted to see if the terms of service can be implemented to comply with (for example) COPPA and Art. 8 GDPR at the same time as both of these are essentially trying to do the same thing, but somewhat differently so that the ToS could be reusable in case Codeberg decides to have services in the US or in case someone wants to run their own codeberg-like instance.

Will adapt the OP appropriately and make proposal once i am confident in the information provided.

@6543 Makes sense to me as made decision in terms of legal approach. To elaborate on my intentions i wanted to see if the terms of service can be implemented to comply with (for example) COPPA and Art. 8 GDPR at the same time as both of these are essentially trying to do the same thing, but somewhat differently so that the ToS could be reusable in case Codeberg decides to have services in the US or in case someone wants to run their own codeberg-like instance. Will adapt the OP appropriately and make proposal once i am confident in the information provided.
kreyren commented 1 month ago
Poster

I dont get the concerns you have @6543

The concern here is to decide what content is allowed, how it is allowed and how it will be handled in case it is not allowed on the platform + to handle the scenario where minors are a concern.

FWIW my motivation is to avoid loosing my repositories to german government because of insufficient legality of codeberg or in case something that is legal in my country is illegal or sensitive topic in germany or because someone just decides to blackmail me like it is currently happening on github on bases as “if you don’t do X we will create Z amount of accounts and spam report to take down your repository and/or your account”

> I dont get the concerns you have @6543 The concern here is to decide what content is allowed, how it is allowed and how it will be handled in case it is not allowed on the platform + to handle the scenario where minors are a concern. FWIW my motivation is to avoid loosing my repositories to german government because of insufficient legality of codeberg or in case something that is legal in my country is illegal or sensitive topic in germany or because someone just decides to blackmail me like it is currently happening on github on bases as "if you don't do X we will create Z amount of accounts and spam report to take down your repository and/or your account"
6543 commented 1 month ago
Collaborator

If you realy are concerned about takedowns there are really only two ways I think can fix this:

A. dont relay on other: host things yourselve
B. Backup (if you combine #12657 & #12244, you can make one without owning an instance)

If you realy are concerned about takedowns there are really only two ways I think can fix this: A. dont relay on other: host things yourselve B. Backup (if you combine [#12657](https://github.com/go-gitea/gitea/pull/12657) & [#12244](https://github.com/go-gitea/gitea/pull/12244), you can make one without owning an instance)
kreyren commented 1 month ago
Poster

A. dont relay on other: host things yourselve

That’s what i want to avoid and codeberg seems to be usable enough for it.

B. Backup (if you combine #12657 & #12244, you can make one without owning an instance)

I have backups, but i expect codeberg to be usable so that my students, contributors and subordinates are able to use it confidently.

> A. dont relay on other: host things yourselve That's what i want to avoid and codeberg seems to be usable enough for it. > B. Backup (if you combine #12657 & #12244, you can make one without owning an instance) I have backups, but i expect codeberg to be usable so that my students, contributors and subordinates are able to use it confidently.
hw commented 1 month ago
Owner

these points are redundant with must not contain illegal content and must not be used for illegal purposes in the ToS.

Codeberg must comply with German law. So regardless of foreign law, what’s illegal in Germany cannot be allowed on Codeberg.

Yes. That says it all.

We do not write our own law.

> these points are redundant with must not contain illegal content and must not be used for illegal purposes in the ToS. > > Codeberg must comply with German law. So regardless of foreign law, what’s illegal in Germany cannot be allowed on Codeberg. > Yes. That says it all. We do not write our own law.
hw closed this issue 1 month ago
hw locked as Too heated and limited conversation to collaborators 1 month ago
Sign in to join this conversation.
No Milestone
No Assignees
5 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.