leave gitlab.com
I usually do not report F-Droid bugs because the hostility of gitlab.com toward Tor users is unacceptable.
Problems with Gitlab:
- Hostile treatment of Tor users trying to register.
- Hostile treatment of new users who attempt to register with a
@spamgourmet.com
forwarding email address to track spam and to protect their more sensitive internal email address. - Hostile treatment of Tor users after they've established an account and have proven to be a non-spammer.
Regarding the last bullet, I was simply trying to edit an existing message that I already posted and was forced to solve a Google CAPTCHA (attached). There are several problems with this:
- CAPTCHAs break robots and robots are not necessarily malicious. E.g. I could have had a robot correcting a widespread misspelling error in all my posts.
- CAPTCHAs put humans to work for machines when it is machines that should work for humans.
- CAPTCHAs are defeated. Spammers find it economical to use third-world sweat shop labor for CAPTCHAs while legitimate users have this burden of broken CAPTCHAs.
- The reCAPTCHA puzzle requires a connection to Google.
- Google's reCAPTCHAs compromise security as a consequence of surveillance capitalism that entails collection of IP address, browser print.
- anonymity is compromised.
- (speculative) could Google push malicious j/s that intercepts user registration information?
- Users are forced to execute non-free javascript (recaptcha/api.js).
- The reCAPTCHA requires a GUI, thus denying service to users of text-based clients. If someone were to develop a third-party non-graphical plugin or app, OWS is now dictating that all Signal apps must support a GUI and it must also be javascript capable.
- CAPTCHAs put humans to work for machines when it is machines who should be working for humans. PRISM corp Google Inc. benefits financially from the puzzle solving work, giving Google an opportunity to collect data, abuse it, and profit from it. E.g. Google can track which of their logged-in users are visiting the page presenting the CAPTCHA.
- The reCAPTCHAs are often broken. This amounts to a denial of service:
- The CAPTCHAs are often unsolvable.
- E.g.1: the CAPTCHA puzzle is broken by ambiguity (is one pixel in a grid cell of a pole holding a street sign considered a street sign?)
- E.g.2: the puzzle is expressed in a language the viewer doesn't understand.
- Network neutrality abuse: there is an access inequality whereby users logged into Google accounts are given more favorabletreatment by the CAPTCHA (but then they take on more privacy abuse).
- Google's reCAPTCHAs compromise security as a consequence of surveillance capitalism that entails collection of IP address, browser print.
Ironically, in the end I was denied collaboration with the PRISM-Break project because a PRISM privacy abuser was given the power to decide whether I could participate. Google should not have that power over the PRISM Break project.
As for alternatives, one option (at least for bug reporters) is to email bug reports. The problem with that is gitlab's mail server is Google. Google blocks email coming from residential mail servers -- and when mail gets delivered surveillance capitalism and patronization of Google is in play.
Better options
- codeberg.org
- notabug.org
- git.openprivacy.ca
It must also be stressed that github would be a poor choice (google, tor hosility, etc).