#423 Baobab's repository censored.

Open
opened 1 week ago by tom · 13 comments
tom commented 1 week ago

Hello,

Why did you (codeberg) censor Baobab's respository https://codeberg.org/baobab/cloudflare-tor ? In addition to that why does it now show a 404 as if it never existed in the first place, which is not true. And finnaly why did you just deleted someone's repository without first notifying them of some sort of problem and giving them a reasonable amount of time to dispute or fix the problem before going and deleting things and causing a service disruption?

Baobob copied and pasted the email they got from Codeberg but it didn't make any sense and did not describe what the problem was. Only that ""illegal"" content is against the terms of service, but no proper description in what was illegal of what specific law was being violated.

Date: Mon, 5 Apr 2021 00:39:58 +0200 (CEST)

Hello baobab,

the repository:

cloudflare-tor

has been taken down due to repeated violation of the Codeberg.org Terms of Use, linked in the website footer. These forbid upload of illegal content, and §10 Telemediengesetz (TMG) requires us to disable access to and remove illegal content as soon we become aware of this content.

After careful review of relevant law and the code in this repository we recognize that the repository contains:

  • Repeated violation of privacy law, by means of numerous growing and actively updated "target lists", with personal data, lists of employment status, social media identities, linked to defamation and claims of support of the attacked entity). Publication of such data, no matter if true or not, without the explicit consent of the person in question is illegal in EU.
  • This includes using personally identifiable information of other people without their consent for feigned commit author names and email addresses, potentially incriminating non-participants of acts of privacy violation and leaking proprietary information.
  • Considering reports we received, a significant number of claims and statements were factually false. The pure existence of lists "Enemies of X" is by all rational means unlikely to have any other purpose than public shaming, defamation, threatening and libel. These are generally considered illegal in German law and elsewhere.

According to legal requirements we did remove access to the content in question immediately. We have disabled the repository in question to give you a chance to appeal against this decision via email before the content is deleted permanently.

Please note that illegal activities are not allowed under the Codeberg.org Terms of Use. Re-uploading the problematic content without addressing the issues above will result in a permanent ban.

Kind regards,

Your Codeberg e.V.

Hello, Why did you (codeberg) censor Baobab's respository https://codeberg.org/baobab/cloudflare-tor ? In addition to that why does it now show a 404 as if it never existed in the first place, which is not true. And finnaly why did you just deleted someone's repository without first notifying them of some sort of problem and giving them a reasonable amount of time to dispute or fix the problem before going and deleting things and causing a service disruption? Baobob copied and pasted the email they got from Codeberg but it didn't make any sense and did not describe what the problem was. Only that ""illegal"" content is against the terms of service, but no proper description in what was illegal of what specific law was being violated. > Date: Mon, 5 Apr 2021 00:39:58 +0200 (CEST) Hello baobab, the repository: cloudflare-tor has been taken down due to repeated violation of the Codeberg.org Terms of Use, linked in the website footer. These forbid upload of illegal content, and §10 Telemediengesetz (TMG) requires us to disable access to and remove illegal content as soon we become aware of this content. After careful review of relevant law and the code in this repository we recognize that the repository contains: - Repeated violation of privacy law, by means of numerous growing and actively updated "target lists", with personal data, lists of employment status, social media identities, linked to defamation and claims of support of the attacked entity). Publication of such data, no matter if true or not, without the explicit consent of the person in question is illegal in EU. - This includes using personally identifiable information of other people without their consent for feigned commit author names and email addresses, potentially incriminating non-participants of acts of privacy violation and leaking proprietary information. - Considering reports we received, a significant number of claims and statements were factually false. The pure existence of lists "Enemies of X" is by all rational means unlikely to have any other purpose than public shaming, defamation, threatening and libel. These are generally considered illegal in German law and elsewhere. According to legal requirements we did remove access to the content in question immediately. We have disabled the repository in question to give you a chance to appeal against this decision via email before the content is deleted permanently. Please note that illegal activities are not allowed under the Codeberg.org Terms of Use. Re-uploading the problematic content without addressing the issues above will result in a permanent ban. Kind regards, Your Codeberg e.V.
abff commented 1 week ago

interesting. . .

interesting. . .
baobab commented 1 week ago

Thanks for making the ticket tom, I reached out to codeberg via email asking for where exactly the questionable content was so that I could remove it.

I forked the repo from some other place with the intent of trying to make it look more professional. I just hadn't gotten around to finishing it yet.

Thanks for making the ticket tom, I reached out to codeberg via email asking for where exactly the questionable content was so that I could remove it. I forked the repo from some other place with the intent of trying to make it look more professional. I just hadn't gotten around to finishing it yet.
anonymous commented 1 week ago

I too would like to know what exactly was illegal about it.
How could the commit history be retrieved to even reupload it without the "problematic" content?

I too would like to know what exactly was illegal about it. How could the commit history be retrieved to even reupload it without the "problematic" content?
tom commented 1 week ago
Poster

np baobab. I am very interested in hearing how this turns out. What particularly rubs me the wrong way is when I go to that URL it says HTTP 404, not a 421 Removed for legal reason or 410 Gone. This gives users the impression that it never existed before.

Even if Codeberg does not restore the repository to working order the least they could do is send us a backup of the bare git repostory so it can be hosted elsewhere.

np baobab. I am very interested in hearing how this turns out. What particularly rubs me the wrong way is when I go to that URL it says HTTP 404, not a 421 Removed for legal reason or 410 Gone. This gives users the impression that it never existed before. Even if Codeberg does not restore the repository to working order the least they could do is send us a backup of the bare git repostory so it can be hosted elsewhere.
qorg11 commented 1 week ago

I got my repo deleted as well.

I got my repo deleted as well.
hw commented 1 week ago
Owner

Illegal content has to be taken down immediately (§10TMG). Emails explaining the takedown reasons and the appeal process have been sent out simultaneously to repo owners via email (carbon copy below).

A blog post for wider audience has been posted to https://blog.codeberg.org/on-the-cloudflare-tor-takedown.html.


Hello $owner,

the repository:

$reponame

has been taken down due to repeated violation of the Codeberg.org Terms of Use, linked in the website footer. These forbid upload of illegal content, and §10 Telemediengesetz (TMG) requires us to disable access to and remove illegal content as soon we become aware of this content.

After careful review of relevant law and the code in this repository we recognize that the repository contains:

  • Repeated violation of privacy law, by means of numerous growing and actively updated "target lists", with personal data, lists of employment status, social media identities, linked to defamation and claims of support of the attacked entity). Publication of such data, no matter if true or not, without the explicit consent of the person in question is illegal in EU.
  • This includes using personally identifiable information of other people without their consent for feigned commit author names and email addresses, potentially incriminating non-participants of acts of privacy violation and leaking proprietary information.
  • Considering reports we received, a significant number of claims and statements were factually false. The pure existence of lists "Enemies of X" is by all rational means unlikely to have any other purpose than public shaming, defamation, threatening and libel. These are generally considered illegal in German law and elsewhere.

According to legal requirements we did remove access to the content in question immediately. We have disabled the repository in question to give you a chance to appeal against this decision via email before the content is deleted permanently.

Please note that illegal activities are not allowed under the Codeberg.org Terms of Use. Re-uploading the problematic content without addressing the issues above will result in a permanent ban.

Kind regards,

Your Codeberg e.V.

--
https://codeberg.org
Codeberg e.V. – Gormannstraße 14 – 10119 Berlin – Germany
Registered at registration court Amtsgericht Charlottenburg VR36929.

Illegal content has to be taken down immediately (§10TMG). Emails explaining the takedown reasons and the appeal process have been sent out simultaneously to repo owners via email (carbon copy below). A blog post for wider audience has been posted to https://blog.codeberg.org/on-the-cloudflare-tor-takedown.html. ---- Hello $owner, the repository: $reponame has been taken down due to repeated violation of the Codeberg.org Terms of Use, linked in the website footer. These forbid upload of illegal content, and §10 Telemediengesetz (TMG) requires us to disable access to and remove illegal content as soon we become aware of this content. After careful review of relevant law and the code in this repository we recognize that the repository contains: - Repeated violation of privacy law, by means of numerous growing and actively updated \"target lists\", with personal data, lists of employment status, social media identities, linked to defamation and claims of support of the attacked entity). Publication of such data, no matter if true or not, without the explicit consent of the person in question is illegal in EU. - This includes using personally identifiable information of other people without their consent for feigned commit author names and email addresses, potentially incriminating non-participants of acts of privacy violation and leaking proprietary information. - Considering reports we received, a significant number of claims and statements were factually false. The pure existence of lists \"Enemies of X\" is by all rational means unlikely to have any other purpose than public shaming, defamation, threatening and libel. These are generally considered illegal in German law and elsewhere. According to legal requirements we did remove access to the content in question immediately. We have disabled the repository in question to give you a chance to appeal against this decision via email before the content is deleted permanently. Please note that illegal activities are not allowed under the Codeberg.org Terms of Use. Re-uploading the problematic content without addressing the issues above will result in a permanent ban. Kind regards, Your Codeberg e.V. -- https://codeberg.org Codeberg e.V. – Gormannstraße 14 – 10119 Berlin – Germany Registered at registration court Amtsgericht Charlottenburg VR36929.
baobab commented 1 week ago

@hw, can you tell me which part of the repository had the illegal content so that I can remove it? No one contacted me before my repository was removed.

Looking into my local repository, I think these two files are the only two offending files. Can you please tell me if these two files are the only offending files?

cloudflare-tor/cloudflare_users/cloudflare_supporter.txt
cloudflare-tor/cloudflare_users/ex_cloudflare_users.md

If I nuke those two files, can I get my repository reinstated?

EDIT: This too: cloudflare-tor/cloudflare_inc/cloudflare_members.md
ANOTHER EDIT: removed ex_cloudflare users as it shows just domains that went off of cloudflare.

@hw, can you tell me which part of the repository had the illegal content so that I can remove it? No one contacted me before my repository was removed. Looking into my local repository, I think these two files are the only two offending files. Can you please tell me if these two files are the only offending files? cloudflare-tor/cloudflare_users/cloudflare_supporter.txt ~~cloudflare-tor/cloudflare_users/ex_cloudflare_users.md~~ If I nuke those two files, can I get my repository reinstated? EDIT: This too: cloudflare-tor/cloudflare_inc/cloudflare_members.md ANOTHER EDIT: removed ex_cloudflare users as it shows just domains that went off of cloudflare.

Hello there,

thank you for reaching out in this case, but please note that all relevant information has already been provided via e-mail.

We want to clarify that we do not silently remove content from our platform, but in case we get aware of legal violations, we have to remove access to it immediately. Furthermore, we are trying to be as transparent as possible about these processes and posted a blog post that gives some more details as well as our point of view: https://blog.codeberg.org/on-the-cloudflare-tor-takedown.html.

To repeat the most important points of violation:

  • this repository included a list of user handles and cloudflare employee names that can and was used for public shaming
  • the commit messages used the information of cloudflare employees (not relevant for your repository)

This means you would indeed have to remove at least the files you mentioned and all similar files, including from the git history. We can check the repo afterwards. Since your git history is already divergent and does not seem include false commit identities, this should not be a problem. While rewriting git history, make sure to not use a feigned identity that might incriminate real-world persons.

Let's also repeat this important point from the blog:

Publicly posting criticism about worrisome tech companies and their products or business model (by providing reasonable arguments) is explicitly not a problem. We are always concerned about user privacy and encourage everyone to start working on viable alternatives to monopolistic data collection companies and/or spread information about their issues as well as share knowledge about existing alternatives.

We are looking forward to see your continued effort in information about monopolistic software platforms, privacy issues and more that is worrisome to the health of the internet. But since illegal content, hate speech and shaming lists are also unhealthy to the web, we are taking our duty seriously and take down this content as soon as we become aware of.

To the prior notice: Although not necessary, we reached out to the developers of the crimeflare/cloudflare-tor repo in advance and asked them to remove the content in question. We are used to projects with a clear developer / maintainer distribution and thus chose the most active repository that contained the content, and considered all other repos with similar content as clones, forks, or even unmaintained copies of the former. We are sorry if this did not reflect your specific development strategy (which is quite uncommon among FLOSS developers).

On the 404 error: This is a common response on public websites, indicating according to spec "Not Found. The requested resource could not be found but may be available in the future. Subsequent requests by the client are permissible". This content is not yet purged but inaccessible, thus "not found". If you consider another response more appropriate and of general interest to Codeberg.org and/or Gitea users, a feature request is highly welcome!

We hope we could answer your questions and appreciate your cooperation. Let us know if we can continue to be of any help.

Kind regards,

Your Codeberg e.V.

Hello there, thank you for reaching out in this case, but please note that all relevant information has already been provided via e-mail. We want to clarify that we do not silently remove content from our platform, but in case we get aware of legal violations, we have to remove access to it immediately. Furthermore, we are trying to be as transparent as possible about these processes and posted a blog post that gives some more details as well as our point of view: https://blog.codeberg.org/on-the-cloudflare-tor-takedown.html. To repeat the most important points of violation: - this repository included a list of user handles and cloudflare employee names that can and was used for public shaming - the commit messages used the information of cloudflare employees (not relevant for your repository) This means you would indeed have to remove at least the files you mentioned and all similar files, including from the git history. We can check the repo afterwards. Since your git history is already divergent and does not seem include false commit identities, this should not be a problem. While rewriting git history, make sure to not use a feigned identity that might incriminate real-world persons. Let's also repeat this important point from the blog: > Publicly posting criticism about worrisome tech companies and their products or business model (by providing reasonable arguments) is explicitly not a problem. We are always concerned about user privacy and encourage everyone to start working on viable alternatives to monopolistic data collection companies and/or spread information about their issues as well as share knowledge about existing alternatives. We are looking forward to see your continued effort in information about monopolistic software platforms, privacy issues and more that is worrisome to the health of the internet. But since illegal content, hate speech and shaming lists are also unhealthy to the web, we are taking our duty seriously and take down this content as soon as we become aware of. To the prior notice: Although not necessary, we reached out to the developers of the crimeflare/cloudflare-tor repo in advance and asked them to remove the content in question. We are used to projects with a clear developer / maintainer distribution and thus chose the most active repository that contained the content, and considered all other repos with similar content as clones, forks, or even unmaintained copies of the former. We are sorry if this did not reflect your specific development strategy (which is quite uncommon among FLOSS developers). On the 404 error: This is a common response on public websites, indicating according to spec "Not Found. The requested resource could not be found but may be available in the future. Subsequent requests by the client are permissible". This content is not yet purged but inaccessible, thus "not found". If you consider another response more appropriate and of general interest to Codeberg.org and/or Gitea users, a feature request is highly welcome! We hope we could answer your questions and appreciate your cooperation. Let us know if we can continue to be of any help. Kind regards, Your Codeberg e.V.
Codeberg.org added the
legal
label 1 week ago
Codeberg.org added the
question
label 1 week ago
baobab commented 1 week ago

@Codeberg.org, it seems like a catch 22. I have to remove the files to get my repo back and you can't give the repo back unless I remove the files. I was wondering if you can give the repo back to me and set to private mode so that I can make the changes needed? And are these two files the only offending files?

cloudflare-tor/cloudflare_users/cloudflare_supporter.txt
cloudflare-tor/cloudflare_inc/cloudflare_members.md

@Codeberg.org, it seems like a catch 22. I have to remove the files to get my repo back and you can't give the repo back unless I remove the files. I was wondering if you can give the repo back to me and set to private mode so that I can make the changes needed? And are these two files the only offending files? cloudflare-tor/cloudflare_users/cloudflare_supporter.txt cloudflare-tor/cloudflare_inc/cloudflare_members.md
hw commented 1 week ago
Owner

Of course we cannot absolve you of all future responsibility by giving you a list of files to whitewash. Maybe we can phrase it this way: All content that fits the pattern of these files are clearly and obviously violating privacy laws and all kind of other laws. Removing them is probably a good starting point. Others might too. It is your responsibility to review them carefully.

Of course we cannot absolve you of all future responsibility by giving you a list of files to whitewash. Maybe we can phrase it this way: All content that fits the pattern of these files are clearly and obviously violating privacy laws and all kind of other laws. Removing them is probably a good starting point. Others might too. It is your responsibility to review them carefully.
fnetX commented 1 week ago
Collaborator

Looking into my local repository

you obviously have a local copy, so I do not see a reason for granting you access to the online one. Just filter git history and upload it as private repo again.

> Looking into my local repository you obviously have a local copy, so I do not see a reason for granting you access to the online one. Just filter git history and upload it as private repo again.
fnetX commented 1 week ago
Collaborator

with the intent of trying to make it look more professional

If this intent includes improving the information a user can get by looking at the repo without scaring them with shaming lists, this change would surely be really appreciated.

Personally, I think that users looking at the repo for the first time are rather scared than informed as the presentation of the content is not in a way that makes users feel safe and welcome imho, but rather like a preparation for a war which makes them rather stay away (without reading your valid points).
Whether or not you are moving away or filtering the repo, just wanted to add this as a some personal feedback.

> with the intent of trying to make it look more professional If this intent includes improving the information a user can get by looking at the repo without scaring them with shaming lists, this change would surely be really appreciated. Personally, I think that users looking at the repo for the first time are rather scared than informed as the presentation of the content is not in a way that makes users feel safe and welcome imho, but rather like a preparation for a war which makes them rather stay away (without reading your valid points). Whether or not you are moving away or filtering the repo, just wanted to add this as a some personal feedback.
tom commented 6 days ago
Poster

It is worth noting that regarding the takedown, this is a Nuremberg Defense

It is worth noting that regarding the takedown, this is a Nuremberg Defense
Sign in to join this conversation.
Loading…
There is no content yet.