Throughout last week, there has been a rise of complaints from developers in countries facing U.S. sanctions. The company most often mentioned is GitHub and its message to all sanctioned users, which reads:
In the beginning, much of the outcry came from devs in Iran posting on personal blogs and on Medium. A Reddit user joked about GitHub providing open source to everyone but Iran. However, Microsoft’s restriction of GitHub’s features applies to other countries facing US sanctions. According to GitHub’s Trade and Controls page, the territories and/or countries that GitHub can’t be exported to are Crimea, Cuba, Iran, North Korea, and Syria.
GitHub’s CEO Nat Friedman confirmed that GitHub was in fact limiting certain users, stating that “GitHub is subject to US trade law, just like any company that does business in the US.” He also dispelled criticism that claimed that GitHub could have warned users about the restrictions by writing, “Our understanding of the law doesn’t give us the option to give anyone prior notice.”
As a result of the surprise bans, developers like Anatoliy Kashkin have had to find alternative means of version controlling their products. Kashkin himself is a Crimean developer who built an aggregator for PC games called GameHub. His website was also hosted on Github Pages. In light of his ban, he’s had to find a new hosting provider, but, more importantly, he’s had to consider what to do with his GameHub platform. In his project status thread, some offered up the idea of using a VPN; proxies and VPNs, unfortunately, are the reality of many developers trying to access and provide open source products. As detailed in a blog post by Iranian developer Shahin Sorkh, developers in restricted countries use a cocktail of proxies, VPNs, and TOR to survive. Sorkh himself uses “bind/named to proxy few certain domain queries through shecan and privoxy to tunnel all supported domains by FOD through FOD, and others through TOR.” However, these methods should not be recommended since GitHub has prohibited anyone “from using IP proxies, VPNs, or other methods to disguise their location when accessing GitHub.com services.”
For Kashkin and others looking to keep their hands clean, there aren’t many, if not any, viable options available. The combination of censorship and looming sanctions eliminates Gitlab. Bitbucket, as a ZDNet reporter notes, has been listed on the US NASDAQ exchange which may subject it to the same trade restrictions GitHub is subjected to. Already, the biggest version control systems have been restricted from use. What’s left may not grant companies or individuals the exposure their product needs.
Friedman, aware of the damage done, wrote, “It is painful for me to hear how trade restrictions have hurt people. We have gone to great lengths to do no more than what is required by the law, but of course people are still affected.”
The affects that GitHub’s restriction has had on developers has rallied many GitHub users together to protest the restrictions. They’ve created a page called GitHub Do Not Ban Us. The first sentence of their message to GitHub reads, “GitHub used to be an open and free platform for everyone, but it has decided to restrict Iranian accounts from contributing and being part of the open-source ecosystem.”
Unfortunately, the advocates have failed to realize that GitHub was never free or open source. GitHub has always been a company that monetizes using a subscription model. They offer a limited free service while allowing users to upgrade to a premium account. There is not a case to be had for GitHub’s “openness” either. Open source, according to Richard Stallman, is “amoral.” It’s not an ethical movement. It’s simply a type of software that can be licensed in myriad ways, all subject to the laws of the land it resides in. GitHub doesn’t even fall in that category, though what they curate often does. Still, GitHub is home to many closed software that companies fund to stay closed. In the end, GitHub is a US business and, as Friedman stated, is subject to US laws.
Those who believe in decentralization have a great argument to make about the conflicts that can arise when entrusting open source to centralized companies. Perhaps the overwhelming motivation for companies like GitHub to lobby for looser sanctions could be the rise of decentralized version control. For now, those affected will have to be content with finding current alternatives or tweeting, #githubForEveryone.