this post was submitted on 09 Feb 2024
461 points (96.0% liked)

Linux

48061 readers
699 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

If your IP (and possible your browser) looks "suspicious" or has been used by other users before, you need to add additional information for registration on gitlab.com, which includes your mobile phone number and possibly credit card information. Since it is not possible to contribute or even report issues on open source projects without doing so, I do not think any open source project should use this service until they change that.

Screenshot: https://i.ibb.co/XsfcfHf/gitlab.png

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 14 points 9 months ago (5 children)

Policies like that are almost entirely about minimizing fraud and harassment. It really sucks for people who don't have mobile phones that support authentication texts or whatever (since, even as you pointed out, the requirement is mostly a phone number) but it also drastically cuts down on fake/harassment accounts.

[–] [email protected] 27 points 9 months ago (1 children)

It's about data harvesting and selling not safety or any other mentioned.

[–] [email protected] 17 points 9 months ago (1 children)

Gitlab was getting attacked with thousands of spam accounts. Trying to fix the damage almost killed the company

[–] [email protected] 1 points 9 months ago

So now not harassment, but thousands of spam accounts

[–] [email protected] 13 points 9 months ago (1 children)

Even Github does not require any personal information, so there are certainly other ways.

[–] [email protected] 5 points 9 months ago (2 children)

And Github is Microsoft who need those capabilities for basically every other website they sell.

Whereas gitlab is REALLY good software with... a website nobody ever really asked for but that still needs to exist to sell people that software.

This comes up with a lot of services. I think everyone lost their god damned minds when overwatch added phone verification?

Like, I don't like it. But I have friends who ahve had to deal with harassment campaigns against their products (or persons) and the like and get why you would do what, on the surface, is a pretty trivial ask as a way to remove sock puppets.

[–] [email protected] 4 points 9 months ago (1 children)

what, on the surface, is a pretty trivial ask

I don't think having my real life phone number tied to a website or game account is a trivial ask. I'd like my data to be private, especially something as real-life and tangible as a fucking phone number. Sure, there are ways around these things, you can get a fake phone number for cheap (or possibly even free), but that's rather more effort than I'm willing to put in for most things. If I need to enter a phone number to sign up for an account for something, chances are very extremely good I'll just decide I don't need the account that badly. I don't think I'm alone in this.

[–] [email protected] 1 points 9 months ago

Which means you likely weren't invested in engaging in a meaningful manner. That is especially important for filing a bug report on an open source project.

And I guess I just don't view a phone number as having much value from a privacy standpoint. Basically every number is compromised to the point that it is dependent on your phone/service provider to block spam. One more site having my phone number doesn't really bother me if it is a site I want to "engage" with.

Also: Never underestimate how much data is already out there just based on what pages you load. Privacy is long since dead and people do not understand how easy it is to cross reference to realize that "Jimmy in The Netherlands" is actually "Jim Stark at 101 Fake Street in Baltimore Maryland whose sister is Susie Clark with facebook username sclark_420"

[–] [email protected] 1 points 9 months ago (1 children)

Except phone number is super cheap.

[–] [email protected] 1 points 9 months ago (1 children)

It is still a monetary investment which is a major deterrent to bad faith accounts. This is why so many live games have a "you need to spend 1 dollar to get into the good queue" model. Shit like Escape from Tarkov where people buy accounts en masse are very much the exception.

But also? The issue is, like with mots things, lower income users. A lot of the cheaper/more affordable "pay as you go" phone plans won't support the SMS authentication services that these models depend on. Which is why I referenced Overwatch 2 since that was actually a really "good" example of the reasons this is not a good model.

[–] [email protected] 1 points 9 months ago (1 children)

TF2. Even in official competetive mm with phone verification and spending money there are lots of bots.

won't support the SMS authentication services that these models depend on.

Is it even legal?

[–] [email protected] 1 points 9 months ago (1 children)

There is no one solution that handles everything (or else everyone would just do that). It is always about a mixture of multiple methods.

Is it even legal?

This is the internet. Someone will always claim it is illegal in "Europe". Nobody will care enough to verify one way or the other. And, regardless of whether it is or is not, companies don't care because most of those regulations are very toothless either due to bureaucratic inertia or just not giving a fuck.

The fact of the matter is that this is a very common model used by a range of services and it is not going to get challenged any time soon.

[–] [email protected] 1 points 9 months ago

Can't say about entire Europe, especially about Kazahstan which has small part sticking out in Europe, but I'm pretry sure EU is not toothless.

[–] [email protected] 9 points 9 months ago* (last edited 9 months ago) (1 children)

It's disgusting.

It should be illegal to require any personal information unless you can prove that it's literally impossible to provide your service without it, and always illegal to share that information with anyone (but a payment provider exclusively for verification purposes) for any reason.

[–] [email protected] 1 points 9 months ago

It is still legal unless you are in EU.

[–] [email protected] 2 points 9 months ago

User flagging works too

[–] [email protected] 1 points 9 months ago

Credit card, blood ~~sacrifice~~sample. BuT tHiNk Of ThE kIdS!