Aug 02, 2019

GitHub blocks developers in Syria, Iran, and Crimea to comply with U.S. sanctions, export laws

Over the last few weeks, GitHub has quietly rolled out restrictions to its platform to comply with U.S. sanctions and export laws. The new GiHub trade restrictions affect developers in Crimea, Cuba, Iran, North Korea, and Syria. To decide what developers to block, GitHub tracks IP addresses and payment history to deduce locations, and blocks users accordingly.

Attention was brought to the issue by the story of Anatoliy Kashkin, a developer and Russian citizen living in Crimea, who had his private repositories locked. Kashkin complained that the unannounced restrictions severely impacted his ability to work on his development projects and host his websites. Another viral post, from Hamed Saeedi Fard, a developer in Iran, noted that his account had also been blocked without prior notice, preventing him from backing up his data on GitHub.

Restricted users can’t create new private GitHub repositories or access them. Affected developers also can’t use the GitHub marketplace and are not allowed to have a private paid organization account. GitHub noted that it keeps open source projects and public repository services available and accessible to support personal communications involving developers in sanctioned regions.

While some suggested using GitLab or Atlassian to get around the issue, both companies are likely to follow GitHub’s actions, especially if they notice an influx of sanctioned developers moving from GitHub to their platforms. GitHub does offer an enterprise solution that requires users to run a self-hosted virtual appliance on a private cloud, essentially running their own instance of the GitHub platform without the global community. Lastly, for those hoping to bypass the sanctions, GitHub revealed that developers in U.S.-sanctioned locations are prohibited from using VPNs or other methods of disguising their location. How GitHub enforces that rule remains to be seen.

Open source communities are often not as open as many expect. Much of the open source world depends on a network of proprietary platforms. While open source licenses allow software to traverse the world freely, companies with physical hardware, employees, or legal business entities in a particular location are subject to laws and regulations, making them a single point of failure for the open source ecosystem. Such single points of failure often fragment the community, or leave certain developers behind——a fact that open source developers will likely have to contend with more often in times of heated trade wars.

Want to get more of these in your inbox?

Subscribe for weekly updates from the Software team.