Does someone know how they do it in Monero? I remember reading they have the best dev opsec. Their devs are completely anonymous and use Tor and get paid in Monero for their work. But I don’t know if that is exaggerated but maybe it is worth to take a look and see if we can learn something from them.
3 Likes
It makes sense you haven’t seen any. It takes time for a developer to familiarize with a new project, learn all the source code for it. They can’t just start on day 1 with lots of experience and make valuable contributions. This means they have to have this as a goal but why would they make that a goal when they can see from the start that they won’t have sufficient anonymity. They will choose to never get started reading the source code in the first place.
Maybe the developers won’t even create a forum account. There’s no onion access and it requires email. This goes for normal users too, not only developers. Who knows how many people have chosen to be a lurker instead because of no .onion and email req.
Lastly, even if a developer sacrificed their privacy by creating a forum account. Then told everyone they are a developer who wants to contribute to qubes os in the future if the developer anonymity can be improved. I mean that’s a lot of privacy sacrifice, signing up without anonymity and sharing personal information in what will probably be a pointless attempt to make a change, a pointless sacrifice.
I saw someone here who wanted to do that, he was making lots of posts every day to try to get the attention so they can send a submission via mail. Also, email is probably worst privacy of all ways to communicate. So if privacy is the reason they don’t want to create an account, then submissions via email won’t be a solution.
pseudonymity is great in theory but the problem is in practice it means you have no pseudonymity/privacy. It’s like all those bitcoiners who say you have pseudonymity with bitcoin, no one can know it’s your bitcoin, you have complete privacy and when you try to explain to them that it’s not true then they link to a random transaction and challenge you to find out the real identity of the wallet owners. It’s same thing here, yes I can create a forum account and say my name is john smith but I had to use an email to create the account so i’m not protected against mass surveillance.
I think it’s less security when the real identity of the devs is known because I know U.S. deep state targets devs for projects like this. They have many different ways of attacking. They are above the law. In general I think a project is more trustworthy with anonymous devs because that means they are less likely to be attacked and it makes the project more censorship resistant too, generally speaking.
1 Like
Just to avoid potential confusion: this thread is about GitHub in particular, not about the forum, for which we have the other thread.
Yes, the overall privacy concerns for both are similar.
1 Like
Even if I didn’t say the word github I did have it in mind with much of what I said even though I also mentioned the forum it wasn’t only about the forum. I just replied on point to him and thought I was being on topic but I realize now that there can be confusion like you say.
I think the problem is that anonymity for a developer is more than just github. There are many things that are relevant for a developer’s anonymity. Even how they get paid a share of donations for their contributions. Do we merge the two topics? but it would stil not be enough then, so maybe we need a new third topic where we can discuss everything relevant to a developer’s anonymity?
1 Like
Would solving for the sorts of cases that you’re arguing for even be ethical? A contributor risking their lives to “make me happy” is not something I want, no.
I’ll leave out most of my feelings about Snowden, but will say I don’t find his actions to be suggestive of having much to offer Qubes, necessarily. He probably isn’t a great “team player” either, nor pragmatic enough for a project such as Qubes - worth mentioning because I believe this debate is (or should) be about pragmatism
When I implied or stated that contributors ought to be able to manage their own privacy if they feel they need to contribute, you seemed to feel that it was Qubes responsibility to protect those who aren’t willing or able to educate themselves about privacy:
If such a person is out there in such a situation, it would be doing them a disservice, telling them that they’re safe to trust Qubes development infrastructure and processes. Does qubes really want or need that persons participation to make Qubes better, at such a cost?
Is there really a different choice of development platform that would make you confident enough to take others’ lives in your hands for such a trivial benefit? If you believe that perfect privacy is possible, sure. But I think you know better than I that there are tools and behaviors to facilitate strong privacy, but no foolproof solution
Moving from GitHub to may be nice for the privacy conscious, but it seems to me more like theatre and a false sense of security that could be fatal to these “life and death” examples you seem adamant about supporting.
I would much rather deal with the bugs or lack of some feature or enhancement than be suggesting anyone risk their life
I won’t argue anymore about this as I believe it is not an issue for Qubes to solve for multiple reasons. Seeing how your dramatic example case would hold up is only one of them.
The less controversial one: “Reasonably secure os” is not the same as “impossible to unmask contributor mechanism”. The latter was never promised and while it’s nice, not at the cost of the core Qubes project
Still, I am very curious about these cases of open source developers being jailed, but that’s separate. And I would still like to read more about it if you or the other user that mentioned it will share.
2 Likes
Do we merge the two topics?
I am not a moderator, so I can’t say.
a new third topic where we can discuss everything relevant to a developer’s anonymity?
I don’t see many developers in the current thread or much developer’s activity in the forums in general. I have seen quite a few threads showing community member’s privacy concerns though. Unfortunately, these are often confronted with the mantra that Qubes per se is not privacy-focused. I don’t know if the latter also implies that discussions about community-member anonymity are a lost cause, although the two things are unrelated. Considering everything said here so far, I am not much hopeful but you can try.
1 Like
A contributor risking their lives to “make me happy” is not something I want, no.
I never even suggested that.
Snowden […] probably isn’t a great “team player”
Otherwise he wouldn’t show the world what “great team players” do.
[…] contributors ought to be able to manage their own privacy […]
Programming skills are unrelated to privacy skills.
Your premise that privacy protection is the sole responsibility of the individual and that it is entirely up to his abilities to do it right in a privacy-hostile environment is simply not true.
Is there really a different choice of development platform […]
Did you look at the examples I shared?
4 Likes
Especially when you consider the most fundamental rule: anonymity loves company.
We should be helping each other to have the best anonymity, we should all be using the same tools because it makes the anonymity better because anonymity loves company. It’s also strange he says he says he knows how to have anonymity but doesn’t share it when that would at least partially solve the whole topic. It’s also very possible he thinks he has anonymity but actually doesn’t, just like all the bitcoiners. That’s yet another reason it’s best to share the info so he can find out if he is right or wrong.
I just don’t understand why there is so much anti-privacy arguments in this topic. That’s one reason why someone who’s not familiar with the developers and their history might think they are compromised. They are not anonymous so they are easy to attack, and they are anti-privacy which suggests they have been compromised. Not necessarily but it’s at least something to consider and add doubt.
And Qubes OS has in the past added anonymity to qubes os so the popular argument “qubes os is only about security” is not valid. Otherwise the optional feature for updates to go through tor wouldn’t be in Qubes because that’s an anonymity feature. I know it’s to make targeted chain of supply attacks almost impossible but that’s still anonymity. Exactly same thing this topic is about where we want the devs to have anonymity because then they can’t be targeted. Anonymity is security.
I just don’t understand why someone would be so much against privacy/anonymity unless they are compromised by or working for usa deep state. This is about picking a side. Which side will you (not talking to anyone in specific) defend with your arguments? the deep state who hates privacy because they lose their power over us, or the peoples side who needs privacy for freedom and security.
1 Like
Is there evidence that the developers are anti-privacy?
2 Likes
we should all be using the same tools because it makes the anonymity better because anonymity loves company.
That is too broad. If N people use a privacy-abusing tool, which easily makes each one identifiable, that doesn’t mean increasing N would change that.
It’s also strange he says he says he knows how to have anonymity
Where did you read that?
I just don’t understand why there is so much anti-privacy arguments in this topic.
They are not anti- but rather “I don’t care about my privacy, hence yours is not my priority either.” Additionally, there is misunderstanding as well.
1 Like
Semantics. Is my 90-years old grandma “anti-privacy” because she doesn’t understand what her smartphone is doing and does not care?
In the same way, are the developers “anti-privacy” when they don’t care too much about privacy, and down-prioritise user suggestions and requests regarding privacy related enhancements?
I’d answer “no” and “no”, but there is a lot of space for interpretation.
3 Likes
(off-topic)
The problem I have with Fast Eddie from Efnet is not that he “showed the world” rather it’s the way he went about it. If his intention was to expose mass surveillance, the Prism materials would have sufficed. But the stronger point I wanted to convey was that nothing he did seemed to me to be a qualification for contributing to any operating system or application. All we really know is that he chose to rage quit the United States 
Maybe you’re more familiar with his skills or work, I admit I’m not a scholar of his past.
Did you read the rest of my sentence?
Of course there are “other development solutions”. I glanced at them, they’re interesting, but my initial points stand. Particularly the one about there being nothing providing equivalent CI/CD functionality, which someone more familiar with how it’s used also commented on afterwards
I don’t understand the trust you place in third parties simply because they’re unknown, obscure, say they’re “for hackers,” or say they operate in some non-US jurisdiction. These sorts of things are magnets for surveillance, and the US has much more powerful/comprehensive and active surveillance capabilities outside of the US. Luckily, we can disagree about this. We have different concerns and priorities
Good chat, but oh my, you’re exhausting 
2 Likes
For what it’s worth, I’d be happy to host a GitLab that would be a mirror of the GitHub repo, that anyone could commit to, and accessible via Tor. The only thing is that my bandwidth would be limited to 50mbps, which is more than sufficient for Tor users,
but would be far less than what anything commercial would be able to offer (you know, the guys who basically are their own ISPs…). Storage would also likely be limited to something like 10TB.
But hey, it would be free, so beggars can’t be choosers…
Would be happy to set up a cronjob to take all commits and push them to the GitHub as merge requests as something like torusers@qubes-os.org, or a dummy email, say, every 24 hours, if that would help. Or give the devs admin access. Or both. Whatever they prefer…
Just throwing it out there 
5 Likes
Did you read the rest of my sentence?
Yes. I also read the reductio ad absurdum regarding “perfect privacy” and the false analogy between “reasonably secure os” and contributor privacy. I just prefer not to reply to fallacies, as they became too many.
I don’t understand the trust you place in third parties simply because they’re unknown, obscure, say they’re “for hackers,” or say they operate in some non-US jurisdiction.
I never said that either.
1 Like
He didn’t rage quit usa. He fled because he didn’t want to spend the left of this life in prison for blowing the whistle against the corrupt and illegal mass surveillance NSA was doing (probably still is). He sacrificed everything for us, how is that not a team player? Are you saying that everyone in the world is not a team player if they are not a FOSS developer?
I would like to answer this but it would become too political and off topic. So short answer is you just need to start reading the news. There is a tsunami of proof of so much federal corruption coming out now. Just take your pick really, I wouldn’t know where to begin because it’s endless amount of crazy corruption from usa. They are even admitting that there was a deep state, saying they prefer a deep state instead of trump. They are not even hiding their corruption anymore because it’s all out in the open and exposed now with lots of proof. But if you read the news you will see they actually do target FOSS developers, especially if they do any security or privacy projects, and even more especially if it involves blockchain.
Anonymity would help with not becoming targeted by usa’s corrupt feds. But yes, you need to have good opsec then, not use any email would be a good start. Why do you trust someone just because you know their real name? Trust needs to be earned over time, so it doesnt matter if they are pseudonymous or real identity. But it has to be real pseudonymous then without any email or anything which links/leaks them to their real identity.
2 Likes
That’s a really nice offer but the main problem (of this topic) will remain the same as Javascript is required by Gitlab.
4 Likes
So what about Gitea, then?
http://qubesxxfyl3fxhemrtjtp3xrhv6wc6gkco7j43lwseb5yjqqb723beyd.onion/
Works almost flawlessly with the Safer setting on the Tor browser.
2 Likes
3 Likes
Not as a full migration. As a mirror for those who are unable to contribute via Github (which is what I’ve set it up as).
I’ll leave it up anyway. If anyone feels that it works for them, feel free to use it.
2 Likes
So what about Gitea, then?
Gitea requires JS and “Safer” is what GitHub currently requires too. So, the only difference is the self-hosting.
If you would like, you could probably try self-hosting sourcehut which was mentioned earlier:
https://man.sr.ht/installation.md
Disclaimer: I have never used it. I just found it recently. Registration through Tor without any JS and CSS whatsoever works fine.
1 Like