From d4a2a516e4e7f8773344903ea9215b792feebada Mon Sep 17 00:00:00 2001 From: humanacollaborator Date: Sun, 4 Apr 2021 22:05:26 -0400 Subject: [PATCH] graylist CF NS sites --- forge_comparison.md | 11 +++++++++-- input_data/forges.sql | 8 +++++--- tools/gen_forge_table.sh | 4 ++-- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/forge_comparison.md b/forge_comparison.md index d7d5e27..88cd959 100644 --- a/forge_comparison.md +++ b/forge_comparison.md @@ -12,12 +12,10 @@ The following forges have no significant ethical issues: [framagit.org](https://framagit.org)|🟢|Gitlab (CE)|n|n|n|n|| [git.disroot.org](https://git.disroot.org)|🟢|Gitea 1.13.6|n|n|n|n|SSH over Tor works| [git.fuwafuwa.moe](https://git.fuwafuwa.moe)([🧅](http://git.fuwafuwaqtlkkxwc.onion))|🟢|Gitea|n|n|n|n|SSH over Tor broken; HTTPS over Tor works| -[git.hardenedbsd.org](https://git.hardenedbsd.org)|🟢|Gitlab (EE)|n|n|n|n|possibly restricted to BSD efforts| [git.jami.net](https://git.jami.net)|🟢|Gitlab (CE)|n|n|n|n|possibly restricted to Jami efforts; acces to help page blocked to non-members so CE/EE unknown| [git.nixnet.services](https://git.nixnet.services)|🔴|Gitea 1.13.1|n|n|n|n|formerly git.nixnet.xyz| [git.sdf.org](https://git.sdf.org)|🟢|Gitea 1.13.1|n|n|n|n|SSH over Tor broken but HTTPS over Tor works| [git.slashdev.space](https://git.slashdev.space)|🟢|Gitea 1.13.6|n|n|n|n|SSH over Tor broken (try HTTPS over Tor)| -[git.teknik.io](https://git.teknik.io)|🔴|Gitea 1.9.0|n|n|n|n|| [gitlab.freedesktop.org](https://gitlab.freedesktop.org)|🟢|Gitlab (CE)|n|n|n|n|possibly restricted to Freedesktop efforts| [gitlab.gnome.org](https://gitlab.gnome.org)|🟢|Gitlab (CE)|n|n|n|n|possibly restricted to Gnome efforts| [gitlab.torproject.org](https://gitlab.torproject.org)|🟢|Gitlab (CE)|n|n|n|n|open registration; repo creation possibly restricted; Google reCAPTCHA is [allegedley](https://lists.gnu.org/archive/html/repo-criteria-discuss/2021-03/msg00000.html) used, but [not at registration time](https://gitlab.onionize.space)| @@ -29,6 +27,15 @@ The following forges have no significant ethical issues: [sr.ht](https://sr.ht)|🟢|Sourcehut|n|n|n|n|javascript-free| [yerbamate.dev](https://yerbamate.dev)|💀|Gitea|n|n|n|n|**dead site**| +## Graylist + +These forges are not as seriously flawed as the blacklisted ones, but they should still be avoided if possible. Non-Cloudflare sites that use a Cloudflare NS server pose a risk for disruptions because they can trivially and spontaneously flip a switch and route all your traffic through Cloudflare, potentially cutting access to some of your contributors. + +| *forge* | *registration publicly open* | *software* | *Tor-hostile* | *sensitive info exposed to CloudFlare* | *forced re/hCAPTCHA* | *forced execution of non-free software* | *notes* | +|---|---|---|---|---|---|---|---| +[git.hardenedbsd.org](https://git.hardenedbsd.org)|🟢|Gitlab (EE)|n|n|n|n|**Cloudflare NS server (they can route all traffic via CF at the flip of a switch)**; possibly restricted to BSD efforts| +[git.teknik.io](https://git.teknik.io)|🔴|Gitea 1.9.0|n|n|n|n|**Cloudflare NS server (they can route all traffic via CF at the flip of a switch)**| + ## Blacklist These forges have severe ethical or trust issues and should be boycotted: diff --git a/input_data/forges.sql b/input_data/forges.sql index bd4ab66..2fd9a78 100644 --- a/input_data/forges.sql +++ b/input_data/forges.sql @@ -7,6 +7,7 @@ create table if not exists forgesTbl dead boolean not null default 0, openpubreg boolean not null default 1, cflogin boolean not null default 0, + cfns boolean not null default 0, antitor boolean not null default 0, forced_nfsw boolean not null default 0, aws boolean not null default 0, @@ -32,7 +33,7 @@ insert into forgesTbl (url_onion, dead) values ('http://githidep2hynhdmutuv7n2te /* Gitea */ insert into forgesTbl (url_clrnet, software, notes) values ('https://codeberg.org','Gitea', 'functions without any JavaScript and the JavaScript that exists is all 1st-party ([ref](https://github.com/privacytoolsIO/privacytools.io/issues/843#issuecomment-483830547))'); insert into forgesTbl (url_clrnet, software, openpubreg, notes) values ('https://git.nixnet.services','Gitea 1.13.1', 0, 'formerly git.nixnet.xyz'); -insert into forgesTbl (url_clrnet, software, openpubreg) values ('https://git.teknik.io','Gitea 1.9.0',0); +insert into forgesTbl (url_clrnet, software, openpubreg, cfns) values ('https://git.teknik.io','Gitea 1.9.0',0,1); insert into forgesTbl (url_clrnet, url_onion, software, notes) values ('https://git.fuwafuwa.moe','http://git.fuwafuwaqtlkkxwc.onion','Gitea','SSH over Tor broken; HTTPS over Tor works'); insert into forgesTbl (url_clrnet, software, notes) values ('https://git.slashdev.space','Gitea 1.13.6','SSH over Tor broken (try HTTPS over Tor)'); insert into forgesTbl (url_clrnet, software, notes) values ('https://git.disroot.org','Gitea 1.13.6','SSH over Tor works'); @@ -42,7 +43,7 @@ insert into forgesTbl (url_clrnet, software, notes) values ('https://git.sdf.org /* Gitlab */ insert into forgesTbl (url_clrnet, software) values ('https://framagit.org','gitlab_ce'); insert into forgesTbl (url_clrnet, software, hrecaptcha, notes) values ('https://git.feneas.org','gitlab_ce','unavoidable','reCAPTCHA impedes registration and imposes non-free s/w'); -insert into forgesTbl (url_clrnet, software, notes) values ('https://git.hardenedbsd.org','gitlab_ee','possibly restricted to BSD efforts'); +insert into forgesTbl (url_clrnet, software, cfns, notes) values ('https://git.hardenedbsd.org','gitlab_ee',1,'possibly restricted to BSD efforts'); insert into forgesTbl (url_clrnet, software, notes) values ('https://git.jami.net','gitlab_ce','possibly restricted to Jami efforts; acces to help page blocked to non-members so CE/EE unknown'); insert into forgesTbl (url_clrnet, software, cflogin, hrecaptcha, notes) values ('https://gitlab.com','gitlab_ee',1,'unavoidable','flagship instance running the *Enterprise Edition*; uses both hCAPTCHA & reCAPTCHA; heavily restricted with discriminatory policies; [copious ethical issues](gitlab-dot-com.md)'); insert into forgesTbl (url_clrnet, software, notes) values ('https://gitlab.freedesktop.org','gitlab_ce','possibly restricted to Freedesktop efforts'); @@ -52,8 +53,9 @@ insert into forgesTbl (url_clrnet, software, notes) values ('https://source.puri insert into forgesTbl (url_clrnet, software, openpubreg) values ('https://source.small-tech.org','gitlab_ce',0); update forgesTbl set forced_nfsw = 1 where hrecaptcha = 'unavoidable'; -update forgesTbl set lst_kind = 'gray' where lst_kind = 'white' and (aws or (notes is not null and (notes like '%google_cloud_hosted%'))); +update forgesTbl set lst_kind = 'gray' where lst_kind = 'white' and (aws or cfns or (notes is not null and (notes like '%google_cloud_hosted%'))); update forgesTbl set lst_kind = 'black' where cflogin or antitor or forced_nfsw; +update forgesTbl set notes = '**Cloudflare NS server (they can route all traffic via CF at the flip of a switch)**'||case when notes is null then '' else '; '||notes end where cfns; update forgesTbl set notes = '**Amazon AWS-hosted**'||case when notes is null then '' else '; '||notes end where aws; update forgesTbl set notes = '**dead site**'||case when notes is null then '' else '; '||notes end where dead; update forgesTbl set notes = '**forced h/reCAPTCHA**'||case when notes is null then '' else '; '||notes end where hrecaptcha = 'unavoidable' and notes not like '%captcha%'; diff --git a/tools/gen_forge_table.sh b/tools/gen_forge_table.sh index 8b94f86..5f96887 100755 --- a/tools/gen_forge_table.sh +++ b/tools/gen_forge_table.sh @@ -42,7 +42,7 @@ intro() printf %s\\n 'The following forges have no significant ethical issues:' ;; gray) - printf %s\\n 'These forges would normally be blacklisted, but due to the short whitelist they are set aside as a less evil compromise to those blacklisted. They should still be avoided if possible.' + printf %s\\n 'These forges are not as seriously flawed as the blacklisted ones, but they should still be avoided if possible. Non-Cloudflare sites that use a Cloudflare NS server pose a risk for disruptions because they can trivially and spontaneously flip a switch and route all your traffic through Cloudflare, potentially cutting access to some of your contributors.' ;; black) printf %s\\n 'These forges have severe ethical or trust issues and should be boycotted:' @@ -109,7 +109,7 @@ table_md() { printf %s\\n "# Directory of forges" - for lst in white black + for lst in white gray black do if [[ "$lst" == black ]] then