Censorship of GitHub

Source: Wikipedia, the free encyclopedia.

GitHub has been the target of censorship from governments using methods ranging from local Internet service provider blocks, intermediary blocking using methods such as DNS hijacking and man-in-the-middle attacks, and denial-of-service attacks on GitHub's servers from countries including China, India, Iraq, Russia, and Turkey. In all of these cases, GitHub has been eventually unblocked after backlash from users and technology businesses or compliance from GitHub.

Background

GitHub is a web-based

DMCA takedown notices.[4] GitHub uses HTTPS
for its connections, making data more secure against interception from third parties.

China

Main article: Internet censorship in China

China heavily regulates Internet traffic and has blocked many international Internet companies including Facebook and Twitter.[5] In addition, Western businesses have said that these restrictions hurt their business by reducing access to information, such as from search engines and those using VPNs.[6] In 2013, the country started blocking GitHub and it was met by protests among Chinese programmers.[7]

Akamai network was targeted for hosting GreatFire.org websites.[8]

DNS hijacking

Blockage

"No servers were able to reach your site."
Test results from viewDNS.info showing that GitHub was blocked from within China

On January 21, 2013, GitHub was blocked in China using

Sina Weibo.[11]

Criticism

Kai-Fu Lee brought attention to the block after posting about it on Sina Weibo. He derided the block, saying: "Blocking GitHub is unjustifiable, and will only derail the nation's programmers from the world, while bringing about a loss in competitiveness and insight." Lee's post was shared over 80,000 times.[11]

The Next Web called the block unfortunate, saying that "Chinese developers will have to play around with workarounds or find an alternative service when they want to work with their peers around the world."[10]

MITM attack

Attack

"Safari can't verify the identity of the website github.com."
An example of the warning users in China received from browsers when trying to access GitHub with the self-signed certificate

On January 26, 2013, GitHub users in China experienced a

SSL certificate.[12] Users attempting to access GitHub received a warning of an invalid SSL certificate, which, due to being signed by an unknown authority, was quickly detected.[13] A spokesperson for GitHub said: "Early last week, it appeared that GitHub was being at least partially blocked by the Great Firewall of China... After a couple days, it appeared that GitHub was no longer being blocked."[12] NETRESEC performed forensics of the attack and determined that it was indeed an attack, due to the large number of router hops involved (6) and because the user submitting the packet capture was from China.[14]

This attack was performed again on March 26, 2020, on GitHub Pages and March 27, 2020, on GitHub.com.[15][16]

Rationale

Gist containing names of 3 of the architects and their contact information.[17] GreatFire also said that since GitHub is HTTPS only, Chinese authorities can't block individual pages and have to completely block the website, which helps explain why they would have to resort to the attack.[13] InformationWeek noted the economic difficulty related to blocking GitHub: "What makes GitHub interesting from a censorship point of view is that it combines a critical business service—collaborative coding—with social interaction."[12]

DDoS attack

On March 26, 2015, GitHub was the target of a

distributed denial-of-service (DDoS) attack originating from China. It targeted two anti-censorship projects: GreatFire and cn-nytimes, the latter including instructions on how to access the Chinese version of The New York Times.[18] GitHub blocked China-based IP addresses from visiting these repositories. If a visitor comes from China, the page would show "Repository unavailable because of the Chinese Internet Blacklist". Based on GitHub, they are doing this so "that our users in that jurisdiction may continue to have access to GitHub to collaborate and build software." [19] They are now having a gov-takedowns repository to record all the government requirements they could show.[20]

India

Main article: Internet censorship in India

India selectively censors websites at the federal and state levels. This is enforced by the Information Technology Act, 2000, as well as licensing requirements for Internet service providers (ISPs). Critics such as Rajeev Chandrasekhar have noted the vagueness of these regulations and the Centre for Internet and Society found that ISPs tended to over-comply with takedown requests.[21]

ISP blockage

On December 17, 2014, the

Gist, Vimeo, the Internet Archive, and various pastebin services.[23]

Direction to block Internet Website

To: All Internet Service Licensees
Under the powers conferred by Section 69A of the Information Technology Act, 2000 and under the Information Technology (Procedures and Safeguards for Blocking of Access of Information by Public) Rules, 2009, it has been decided to immediately block the access to the following 32 URLs:...

Department of Telecommunications[23]

The block order was confirmed on

ISIS. Gupta also stated that websites that cooperated with the investigation were being unblocked.[24]

On January 2, 2015, the

CERT-In agency of the ministry said that the order came from the Mumbai Additional Chief Metropolitan Magistrate following an interrogation of Arif Majeed, an ISIS recruit.[26]

On January 4, 2015, a GitHub spokesperson said that some users were still having trouble accessing the site and that GitHub has attempted to reach out to the Indian government, but is still unclear about the cause of the block. They said that restoring access to the developer community in India was their top priority and that they "would like to work with the Indian government to establish a transparent process for identifying unlawful content, restore access, and ensure that GitHub continues to remain available in the future without interruption."[27]

Impact

IP blocking, the use of a proxy server, and DNS blocking. Methods for gaining access ranged from using an alternate DNS server to installing circumvention software.[28]

Criticism

Silhouettes of GitHub's Octocat and the Vimeo logo with the word "blocked" inside them, along with a description of the block
A poster by the Free Software Foundation Tamil Nadu protesting the blocks using the hashtag #GOIBlocks

Regarding the blocks,

Anonymous of India also posted several threats against the government, but did not take any action.[25]

Russia

Main article: Internet censorship in Russia

The Russian government

Roscomnadzor, Russia's regulatory agency.[30]

ISP blockage

A screenshot of the Firefox browser and an error message in Russian
The block message Russian GitHub users saw when trying to access the website on December 2, 2014[b]

On December 2, 2014, Roscomnadzor blocked GitHub due to it hosting various copies of a suicide manual. Because GitHub uses

Megafon. Maxim Ksenzov, the Deputy Head of Roscomnadzor, said in a statement that the block was due to GitHub not complying with earlier takedown requests for the manual on October 10, 2014.[31] GitHub was also momentarily blocked on October 2, 2014, until the original copy of the manual was deleted by its uploader.[32]

Banned content

The manual in question was posted on March 23, 2014, and details 31 methods of suicide in Russian.[c] It was added to a repository for a software library used for working with Windows filesystems and was forked by several users.[33] The original copy was deleted by the owner on October 2, 2014, after numerous GitHub users complained because of a block by Roscomnadzor.[d][33][34]

TechCrunch remarked that the manual seemed to be written as satire and includes methods such as "biting your tongue", "joining the military" or "getting a good gun" from a policeman.[35] The takedown targeted the manual and its copies, as well as a reposted blog entry about suicide.[36]

Response

GitHub complied and blocked access to the content within Russia saying that they were working to get reinstated. Citing its

readme of the repository, GitHub states that they are concerned about Internet censorship and believe in transparency to document the potential for chilling effects. They also warn that the presence of a notice is only for documentation and that GitHub does not pass any judgement on their validity.[38]

Turkey

See also:
Internet censorship in Turkey
Network measurements by Turkey Blocks confirming the time at which GitHub was blocked

On October 8, 2016, following the leak of emails of Turkish Minister

Homebrew. Participants in Startup Istanbul week also complained about the unavailability of infrastructure. The #GitHub hashtag became one of Twitter's top trends in Turkey. According to The Daily Dot, RedHack purposefully spread the emails using multiple services, expecting Turkey to block them so that the Streisand effect could be utilized. GitHub was unblocked 18 hours later.[41]

Notes

  1. ^ The Next Web and GreatFire both claim that it was fully blocked however.[10]
  2. ^ The text of the page consists of 4 reasons why the website breaks laws under the Russian Federation, and why therefore, the contents of the website are blocked.
  3. ^ The manual itself seems to be a translation of a text originating on Usenet.
  4. Git keeps a history
    of changes, the file was still accessible on GitHub.

References

  1. ISBN 978-3-030-60127-0
    .
  2. ^ "About". GitHub. Archived from the original on June 28, 2023. Retrieved June 28, 2023.
  3. ^ "GitHub Terms of Service". GitHub. Archived from the original on June 24, 2015. Retrieved June 27, 2015. (Specifically terms A8 and G7)
  4. ^ "DMCA Takedown Policy". GitHub. Archived from the original on July 1, 2015. Retrieved June 27, 2015.
  5. ^ Wei, Sisi (December 17, 2014). "Inside the Firewall: Tracking the News That China Blocks". ProPublica. Archived from the original on June 5, 2015. Retrieved June 27, 2015.
  6. ^ Chin, Josh (February 12, 2015). "China Internet Restrictions Hurting Business, Western Companies Say". Wall Street Journal Blogs. Archived from the original on July 4, 2015. Retrieved June 27, 2015.
  7. ISBN 978-0-691-17886-8
    .
  8. ^ Silbert, Sean (November 26, 2014). "Routing around the Great Firewall of China". LA Times. Archived from the original on June 30, 2015. Retrieved June 27, 2015.
  9. ISBN 978-1-5036-1223-5
    .
  10. ^ a b c Protalinski, Emil (January 21, 2013). "The Chinese government appears to be blocking GitHub via DNS (Update: Investigation underway)". The Next Web. Archived from the original on April 14, 2015. Retrieved April 9, 2015.
  11. ^ a b Kan, Michael (January 23, 2013). "GitHub unblocked in China after former Google head slams its censorship". Computer World. Archived from the original on March 30, 2015. Retrieved April 9, 2015.
  12. ^ a b c Claburn, Thomas (January 30, 2013). "China's GitHub Censorship Dilemma". InformationWeek. Archived from the original on July 3, 2015. Retrieved June 27, 2015.
  13. ^ a b c martin (January 30, 2013). "China, GitHub and the man-in-the-middle". GreatFire. Archived from the original on August 19, 2016. Retrieved June 27, 2015.
  14. ^ Hjelmvik, Erik (February 2, 2013). "Forensics of Chinese MITM on GitHub". NETRESEC Blog. Archived from the original on June 30, 2015. Retrieved June 27, 2015.
  15. ^ "Hacker is deploying large-scale MITM attack via domestic backbone". March 27, 2020. Archived from the original on March 26, 2020. Retrieved March 27, 2020.
  16. ^ "GitHub 遭遇中间人攻击,访问报证书错误 - OSCHINA". www.oschina.net. Retrieved March 27, 2020.
  17. ^ Muncaster, Phil (January 31, 2013). "Great Firewall architects fingered for GitHub attack". The Register. Archived from the original on June 30, 2015. Retrieved June 27, 2015.
  18. ^ Anthony, Sebastian (March 30, 2015). "GitHub battles "largest DDoS" in site's history, targeted at anti-censorship tools". ars technica. Archived from the original on January 2, 2019. Retrieved January 1, 2019.
  19. ^ Horwitz, Josh (June 28, 2016). "China's fierce censors try a new tactic with GitHub—asking nicely". Quartz. Retrieved December 25, 2020.
  20. ^ hubot. "gov-takedowns". GitHub. Retrieved December 25, 2020.
  21. ^ Patry, Melody (November 21, 2013). "India: Digital freedom under threat? Online censorship". index. Archived from the original on November 4, 2016. Retrieved April 2, 2015.
  22. ^ a b Saxena, Anupam (December 31, 2014). "Pastebin, Dailymotion, Github blocked after DoT order: Report". The Times of India. Archived from the original on March 2, 2015. Retrieved April 1, 2015.
  23. ^ a b Blue, Violet (December 31, 2014). "India blocks 32 websites, including GitHub, Internet Archive, Pastebin, Vimeo". ZDNet. Archived from the original on April 2, 2015. Retrieved April 1, 2015.
  24. ^ Ghoshal, Abhimanyu (December 31, 2014). "GitHub, Vimeo and 30 more sites blocked in India over content from ISIS". The Next Web. Archived from the original on April 4, 2015. Retrieved April 1, 2015.
  25. ^ a b Sharma, Ravi (January 2, 2015). "Indian government unblocks Vimeo, Dailymotion, 2 other websites". The Times of India. Archived from the original on February 8, 2015. Retrieved April 1, 2015.
  26. ^ a b Arora, Kim (January 1, 2015). "Government blocks 32 websites to check ISIS propaganda". The Times of India - Tech. Archived from the original on January 4, 2015. Retrieved April 1, 2015.
  27. ^ Orsini, Lauren (January 2, 2015). "India Unblocks GitHub, Three Other Websites". readwrite. Archived from the original on March 20, 2015. Retrieved April 1, 2015.
  28. ^ Srikanth, Kaustubh (June 1, 2015). "Technical Observations About Recent Internet Censorship In India". The Huffington Post. Archived from the original on May 21, 2015. Retrieved April 1, 2015.
  29. ^ Russell, Jon (December 31, 2014). "India's Government Asks ISPs To Block GitHub, Vimeo And 30 Other Websites (Updated)". TechCrunch. Archived from the original on March 26, 2015. Retrieved April 1, 2015.
  30. ^ Khazan, Olga (November 9, 2012). "Russia's secret new Internet blacklist". The Washington Post. Archived from the original on May 11, 2015. Retrieved April 2, 2015.
  31. ^ Lunden, Ingrid (December 3, 2014). "Russia Blacklists, Blocks GitHub Over Pages That Refer To Suicide". TechCrunch. Archived from the original on March 27, 2015. Retrieved April 1, 2015.
  32. ^ Лихачёв, Никита (October 2, 2014). AliExpress, 2ch и GitHub попали в реестр запрещённых сайтов [AliExpress, 2ch and GitHub put on the register of banned sites]. TJournal (in Russian). Archived from the original on April 25, 2015. Retrieved April 9, 2015.
  33. ^ a b "Create suicide.txt". GitHub - amdf/objidlib. March 23, 2014. Archived from the original on June 27, 2015. Retrieved April 8, 2015.
  34. ^ "Delete suicide.txt". GitHub - amdf/objidlib. October 2, 2014. Archived from the original on June 27, 2015. Retrieved April 9, 2015.
  35. ^ a b Lunden, Ingrid (December 5, 2014). "To Get Off Russia's Blacklist, GitHub Has Blocked Access To Pages That Highlight Suicide". TechCrunch. Archived from the original on March 21, 2015. Retrieved April 1, 2015.
  36. ^ "roskomnadzor/2014-10-21-roskomnadzor.md". GitHub. October 21, 2014. Archived from the original on December 5, 2014. Retrieved April 1, 2015.
  37. ^ Geraci, Jesse (June 9, 2016). "github/roskomnadzor - README.md". GitHub. Archived from the original on June 15, 2017. Retrieved October 9, 2016.
  38. ^ Geraci, Jesse (February 20, 2015). "github/roskomnadzor - README.md". GitHub. Archived from the original on January 4, 2017. Retrieved October 9, 2016.
  39. ^ Murdock, Jason (October 10, 2016). "Turkey blocks Google, Microsoft and Dropbox services to 'suppress' mass email leaks". International Business Times. Archived from the original on October 11, 2016. Retrieved October 10, 2016.
  40. ^ "Dropbox, Google Drive and Microsoft OneDrive cloud services blocked in Turkey following leaks". Turkey Blocks. October 8, 2016. Archived from the original on December 9, 2016. Retrieved October 9, 2016.
  41. ^ Sozeri, Efe Kerem (October 12, 2016). "How hacktivist group RedHack gamed Turkey's censorship regime". Daily Dot. Archived from the original on October 13, 2016. Retrieved October 12, 2016.

External links

Retrieved from "https://en.wikipedia.org/w/index.php?title=Censorship_of_GitHub&oldid=1221239131"