this post was submitted on 15 Nov 2023
47 points (98.0% liked)

Privacy

41141 readers
565 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
Yayannick@lemmy.ml
ranok@sopuli.xyz
tmpod@lemmy.pt
47
Gitlab now requires phone number/credit card verification (lemmy.world)
submitted 2 years ago by rrobin@lemmy.world to c/privacy@lemmy.ml
54 comments fedilink hide all child comments
 

Looks like gitlab now requires account verification for new accounts in addition to email. Either phone number or credit card.

This applies both to accounts created with a working email or by logging in using your github account. You can't even verify your email until you go through step 1.

I don't know when this started, but at least for the last month or two judging from these posts in the forums.

Fun fact: I don't even want to host on gitlab, I just wanted to report bugs in some projects. So I'm locked out.

top 50 comments
sorted by: hot top controversial new old
[–] adamnejm@programming.dev 7 points 2 years ago* (last edited 2 years ago)

Just tried this out using a typical temporary email address (temp-mail.org) and a VPN (AirVPN).
I was only asked to confirm my e-mail address within 3 days, never for a phone address or any banking details.

Judging by the first post you've linked to, it's only necessary for paid accounts or free trials.
The person in the second post is trying to register via GitHub / Google, well... sucks for them.

[–] bamboo@lemmy.blahaj.zone 6 points 2 years ago (1 children)

I'd assume this will be a non issue once they implement ActivityPub. They can enable whatever account restrictions on their gitlab instance, but if I don't want to provide this information to report a bug, then I can use another instance or self host my own, without the account restrictions.

[–] ipkpjersi@lemmy.ml 2 points 2 years ago (1 children)

You really think they will add a full ActivityPub implementation? I highly doubt it.

[–] JackbyDev@programming.dev 0 points 2 years ago (1 children)

For discussions probably. Not for repos.

[–] bamboo@lemmy.blahaj.zone 4 points 2 years ago

From the Summary in the link:

The end goal of this proposal is to build interoperability features into GitLab so that it’s possible on one instance of GitLab to open a merge request to a project hosted on an other instance, merging all willing instances in a global network

[–] LWD@lemm.ee 4 points 2 years ago* (last edited 2 years ago)

deleted

[–] interdimensionalmeme@lemmy.ml 4 points 2 years ago (2 children)

What's the best way to circumvent phone number verification ? My burner YouTube account, which has nothing unsavory on it, has been marked for phone number verification or else I can't login at all.

Of course I'm not giving them my real phone number. What the best way to fake this?

[–] Nugget@lemm.ee 5 points 2 years ago (1 children)

There are paid services that offer phone number masking such as Firefox Relay

[–] interdimensionalmeme@lemmy.ml 1 points 2 years ago

I tried VoIP addresses and got the message "we can't use that number". Is Firefox relay immune to that?

[–] blindbunny@lemmy.ml 3 points 2 years ago (1 children)

I was asking like less then a month ago what's wrong with gitlab when Firefox switched to GitHub, now I know.

[–] vox@sopuli.xyz 3 points 2 years ago* (last edited 2 years ago)
  1. firefox were using self-hosted mercurial + git with sync
  2. they just dropped mercurial, they're still not on github
    only misc. libraries and the android frontend are on github, and firefox/mozilla has never used gitlab
[–] vox@sopuli.xyz 3 points 2 years ago* (last edited 2 years ago)

isn't the official gitlab instance primarily a paid platform? cc verification makes sense then.

[–] Veraxus@kbin.social 3 points 2 years ago

I really, really like Gitlab... but this is a MAJOR problem and spectacularly short-sighted.

[–] privacybro@lemmy.ninja 2 points 2 years ago (1 children)

For alternatives, I recommend to use a community-ran Gitea instance. Project Segfault runs one.

https://about.gitea.com/

https://git.projectsegfau.lt/

Also check out Forgejo, it's another git software. Disroot has an instance.

https://forgejo.org

https://git.disroot.org/

[–] intrepid@lemmy.ca 0 points 2 years ago (1 children)

How many instances will one have to register on? This isn't going to improve until forgefed is done.

[–] privacybro@lemmy.ninja 1 points 2 years ago (1 children)

explain further please?

[–] intrepid@lemmy.ca 1 points 2 years ago (1 children)

You won't be able to contribute to a project on any of those instances, unless you register on it. So if you are a prolific contributor, you might end up signing up on dozens of those instances.

Forgefed is a federation protocol for such instances. It's based on ActivityPub - the same that powers Lemmy and Mastodon. You can have just one account on a single instance and still be able to contribute to projects on multiple others. It's still in the works though. It's expected that at least gitlab, gitea and forgejo will support it.

[–] privacybro@lemmy.ninja 1 points 2 years ago

this is really cool, thanks for the info. federated or decentralized git is long overdue

[–] cupcakezealot@lemmy.blahaj.zone 2 points 2 years ago

sorry but deleting the account is absolutely ridiculous.

mark it inactive but just deleting someone's entire git history because they didn't put in a phone number or credit card is so dumb.

i don't even need a phone number or credit card for my github account.

[–] Slotos@feddit.nl 2 points 2 years ago (2 children)

Sourcehut. The answer is sourcehut.

You don’t even need an account to submit patches, just configure git send-email.

[–] intrepid@lemmy.ca 1 points 2 years ago

Some people seem to think that setting up send-email and mailing patches has too much of a learning curve and 'barrier to entry'.

[–] fluffery@lemmy.ml 1 points 2 years ago

Forgejo?

[–] peyotecosmico@programming.dev 1 points 2 years ago* (last edited 2 years ago) (5 children)

Time to start using GitDirectory named V.01 shared over FTP.

It's a joke, don't use FTP, it's not secure.

[–] intrepid@lemmy.ca 0 points 2 years ago (1 children)

Is there any reference for this? I can't find anything relevant. Just curious.

[–] peyotecosmico@programming.dev 1 points 2 years ago (1 children)

Of FTP not being secure? Check the links in the comments below

FTP it's not encrypted

[–] intrepid@lemmy.ca 1 points 2 years ago (1 children)

No. I mean gitdirectory over FTP.

[–] peyotecosmico@programming.dev 1 points 2 years ago (1 children)

There's no GitDirectory, it's the way we used to share files back then, a shared directory over FTP

[–] intrepid@lemmy.ca 1 points 2 years ago

I'm aware of FTP. It's still around in certain circles. But for a moment I thought that there was some sort of integration between ftp and git. I guess not.

load more comments (4 replies)
[–] kevincox@lemmy.ml 1 points 2 years ago (2 children)

This really sucks for bug reporting. I don't mind this at all for hosting as that cost notable resources (especially their free CI tier) and they can set their own terms, but I want people to be able to report bugs without any trouble. (Although if spam is an issue maybe projects could opt-in to requiring this verification to report bugs).

A work-around is maybe the service desk feature allowing reporting bugs via email but this has issues for proper collaboration:

  1. The reporter's email is shared.
  2. The issue is private by default.
  3. Can't collaborate on an existing issue.

Maybe I'll just go back to mailing lists... Or GitHub has gotten better recently. But GitLab's CI is so much better.

[–] TauZero@mander.xyz 1 points 2 years ago

I want people to be able to report bugs without any trouble.

Thank you for being aware! I've experienced this on github.com. I've tried to submit issues several times to open source projects, complete with proposed code to solve a bug, but github shadowbans my account 6 hours after creating it (because I use a VPN? a third-party email provider? do not provide a phone number? who knows). I can see the issue and pull request when logged in, but they only see a 404 on their project page even if I give them a direct link. I ended up sending them a screenshot of the issue page just to convince them this was even possible. Sad to hear gitlab does it even worse now by making phone mandatory.

[–] Bipta@kbin.social 0 points 2 years ago (1 children)

Kbin uses Gitlab so it's too bad.

[–] ernest@kbin.social 1 points 2 years ago

Not really. The official repository (with issue management) is located on Codeberg. GitHub serves as a mirror in case of any issues with the primary service.

https://codeberg.org/Kbin/kbin-core

[–] wintermute@feddit.de 1 points 2 years ago (1 children)

Glad I switched to Forgejo some time ago, never looked back : )

[–] nakal@kbin.social 0 points 2 years ago (1 children)

It looks like Gitea. Is it a fork?

[–] poVoq@slrpnk.net 1 points 2 years ago (1 children)

Softfork. Basically the version that runs on Codeberg.org

[–] PropaGandalf@lemmy.world 0 points 2 years ago* (last edited 2 years ago) (1 children)

And soon with ActivityPub integration? Pls?

[–] poVoq@slrpnk.net 1 points 2 years ago

Work in progress, but it's taking longer than I expected.

[–] onlinepersona@programming.dev 0 points 2 years ago

Has this already been introduced for existing accounts? Gitlab has been moving in an unsatisfying direction for a while now and these kinds of shenanigans really make me want to move.

CC BY-NC-SA 4.0

[–] authed@lemmy.ml 0 points 2 years ago

fuck them

[–] GrappleHat@lemmy.ml 0 points 2 years ago (2 children)

Why GitLab!?

load more comments (2 replies)
load more comments
view more: next ›