Why I don't support or contribute to GitHub repositories
Mirroed from the dead original
Note: I personally would add political reasons as to not use GitHub. This author has not. I feel this is primarily for the best.
Preface
GitHub is a code sharing and publishing platform founded in February 2008 at San Francisco. As of August 22, 2014, GitHub reports having 6.7 million users across 15 million repositories. It is believed to be the largest and most popular Git project hosting provider - and it surely is, everyone knows it and most developers use it.
In my view, GitHub isn't all about tea parties and unicorns where people contribute code, ideas and free software to the world. I won't go into practical usability issues - there are far more than enough blog articles about those. Instead, I'm going talk about some real and concerning issues that persist around GitHub.
GitHub as a company
GitHub isn't just a platform for hosting and managing Git projects, but GitHub is also a company. This company is commercial, and makes money from users, companies and enterprises. Registration and public repositories are free, but with money users can get upgraded accounts with private repositories.
What's wrong with this is that like many other companies, GitHub wants to control your projects on GitHub. That's how they maintain power over the users. As more people are using GitHub, a certain social pressure increases to give more people incentive to use it. This issue has been noted before and also poses other issues.
It's almost shameful for me that developers have
become enslaved by a large company telling
them how to do their project management while the
company makes money from it. Sorry, I won't judge
you. Imagine some day you are leading a large project and
then GitHub tells you no, you can't
lead this project anymore
. Read more and you'll
see that this has already happened before.
Censorship
There have been few incidents that have been covered in media where code repositories have been falsely targeted with censorship from GitHub. The problem is that GitHub leaves false takedowns for users to resolve. Such and any false censorship is unacceptable.
Third-party WhatsApp applications
On a company many people know as WhatsApp sent a DMCA takedown notice to GitHub. GitHub complied with WhatsApp's request - on an issue concerning a trademark, not copyright. Here's what Boing Boing has to say about it (emphasis mine):
This is grossly improper. DMCA takedown notices never apply to alleged trademark violations (it's called the "Digital Millennium Copyright Act" and not the "Digital Millennium Trademark Act"). Using DMCA notices to pursue trademark infringements isn't protecting your interests -- it's using barratry-like tactics to scare and bully third parties into participating in illegitimate censorship.
Part of a reason is to blame WhatsApp here. However while GitHub has restored many of the repositories, some of them remain censored to date. See 2014-02-12-WhatsApp.md for the takedown notice.
Qualcomm
Another incident of censorship comes from Qualcomm. On , Qualcomm issued DMCA takedown notices for 116 GitHub repositories – including their own. Here's what Ausdroid reported, again with extra added emphasis:
The impetus behind the takedown request is a WiFi config file – literally a text file – which is taken straight from a Sony firmware release. In this takedown Qualcomm also took down PRIMA mirror which is open source code for Atheros wireless chipsets that they release on the CodeAurora gitweb site.
Fortunately, GitHub seems to have restored most or all of the repositories by now. Some errors may happen and the DMCA is abused often, but this is another fine example on how whole repositories were taken down for one file.
Bukkit
On , GitHub complied with another false DMCA claim concerning the Bukkit project, a popular Minecraft server mod licensed under the free GPLv3+ license. To date, the Bukkit project's repositories remain censored on GitHub under false DMCA claims.
This incident created much controversy. Wesley Wolfe abusively acted on behalf of Mojang AB and made false claims that the proprietary Minecraft server software was included in CraftBukkit, and that was violating his copyrights. Mojang later published a community announcement defending the Bukkit project against Wolfe's false claims, quoted below.
Wesley Wolfe has mischaracterized and misrepresented the position with regard to the Bukkit Project & Mojang. It has been unfairly suggested that Mojang is in some way behind his request that CraftBukkit is taken down (the fact that he quoted a small part of an email I sent him in his DMCA takedown has been taken as some sort of endorsement of his claim). We want to make it clear that Mojang is not responsible and has no liability whatsoever in regard to these claims.
The official Minecraft Server software that we have made available is not included in CraftBukkit. Therefore there is no obligation for us to provide the original code or any source code to the Minecraft Server, nor any obligation to authorize its use. Our refusal to make available or authorize the use of the original / source code of the Minecraft Server software cannot therefore be considered to give rise to an infringement of any copyright of Wesley, nor any other person.
Wesley’s allegations are therefore wholly unfounded.
See also: GitHub takedown notice, Bukkit takedown notice.
Terms of Service
GitHub's Terms of Service might be the biggest compelling reason to refuse using GitHub. Some of GitHub's terms are quite concerning and alarming. A summary is available at TOS;DR. Here I'll list some things of concern, starting from the top of GitHub's terms.
Users must provide a name on signup
GitHub requires your (legal) name on signup. This name is publicly displayed on profiles. You can still use a pseudonym, however.
You must provide your name, a valid email address, and any other information requested in order to complete the signup process.
GitHub takes no liability for account security
GitHub states in their Terms of Service that they are not liable for your account's security. This means that if the error is on GitHub's side, GitHub may not take responsibility for it.
You are responsible for maintaining the security of your account and password. GitHub cannot and will not be liable for any loss or damage from your failure to comply with this security obligation.
Accounts can be suspended for any reason
GitHub can also suspend your account and delete your data at any time for any reason, which is very broad in terms of what GitHub can do.
GitHub, in its sole discretion, has the right to suspend or terminate your account and refuse any and all current or future use of the Service, or any other GitHub service, for any reason at any time. Such termination of the Service will result in the deactivation or deletion of your Account or your access to your Account, and the forfeiture and relinquishment of all Content in your Account. GitHub reserves the right to refuse service to anyone for any reason at any time.
… GitHub and its designee have the right (but not the obligation) in their sole discretion to refuse or remove any Content that is available via the Service.
Changes can happen any time and without notice
GitHub can change their Terms of Service at any time without notice. This is very concerning because it gives GitHub very broad powers for what it can do without telling the users. The term is hidden, and even if they do not mention it I can share from my own experience that they do not notify users of changes to terms.
GitHub reserves the right at any time and from time to time to modify or discontinue, temporarily or permanently, the Service (or any part thereof) with or without notice.
Users may be notified only of significant changes to GitHub's privacy policy. I don't recall ever receiving such email, however.
GitHub may periodically update this [privacy] policy. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your GitHub primary account holder account or by placing a prominent notice on our site.
You shall defend and indemnify GitHub
Finally, you also surrender your rights against a fair court battle by defending and indemnifying GitHub.
You shall defend GitHub against any claim, demand, suit or proceeding made or brought against GitHub by a third-party alleging that Your Content, or Your use of the Service in violation of this Agreement, infringes or misappropriates the intellectual property rights of a third-party or violates applicable law, and shall indemnify GitHub for any damages finally awarded against, and for reasonable attorney’s fees incurred by, GitHub in connection with any such claim, demand, suit or proceeding; provided, that GitHub (a) promptly gives You written notice of the claim, demand, suit or proceeding; (b) gives You sole control of the defense and settlement of the claim, demand, suit or proceeding (provided that You may not settle any claim, demand, suit or proceeding unless the settlement unconditionally releases GitHub of all liability); and (c) provides to You all reasonable assistance, at Your expense.
Endnotes
These are many of the compelling reasons why I refuse to contribute on GitHub and why you should also refuse. There are many other ways you can contribute to GitHub projects without using GitHub, for example most maintainers reply to issues and accept patches by email or IRC.
If you are a project manager, consider hosting your own Git server for your current and future projects. If you need help, ask your friends or collegues to set up one. The internet was made to be more decentralized.
Finally, a disclaimer: I have a GitHub account, which I may occassionally use to tag missing repository licenses. I feel this justified as a last case scenario, because it also helps people to redistribute free software from other channels and also helps me to acquire a copy.
For those developers who still value and keep fighting to protect our freedoms, thank you.