Why did this repository disappear?

[schlagmichdoch]

From 17th February to 20th March 2024 my account was falsely flagged as spam by GitHub. This resulted into all repositories, issues, pull requests and comments I ever contributed to be hidden to everyone but me.

Preceding discussion and more information about the situation: fm-sys/snapdrop-android#356

My reinstatement request is still left unanswered by GitHub and I have no idea what went wrong.

I am deeply disappointed in the way GitHub handled the situation. I am still waiting for GitHub to restore missing issues and comments (see #211, #215, #265, #276). As soon as everything is complete again, I will migrate this repository to Codeberg and transform the repo here on GitHub into a mirror.

I will post any news here. Subscribe to this issue to get notified.

[schlagmichdoch]

I will answer all remaining threads here:

@stil-blue if you are in the EU, you can send Github a GDPR Data Subject Request to ask them if any automated decision making was made, how they prevent errors in the process and how you can challenge the decision.

https://noyb.eu/en/exercise-your-rights-article-22-be-protected-automated-decision-making

@andreasf Thanks for the great read! noyb does extremely valuable work! I am based in Germany so GDPR does apply. I have read the page but I am unsure, whether Article 22 applies in this case.

The use of ADM is prohibited when:

• The decision is solely based on an automated decision (...)
• The decision produces legal effects or similar significant effects:
  • Legal effects mean outcomes that affect an individual’s legal rights or legal status. This could include having a contract cancelled, being denied benefits or certain rights, such as taking legal action or voting, or being refused a change in your citizenship or marital status.
  • Similar significant effects mean effects with a comparable severity to the legal effects above. This could include being refused an online credit application, being subject to an e-recruiting process with no human intervention, being unable to access health services or education, being denied employment opportunities, or being subject to discrimination in any of these processes.

The decision was done automatically but I am not sure whether the effects are "similar significant [to legal effects]". Do you know more about this? Otherwise I will probably contact noyb directly as they offer in the last paragraph.

[schlagmichdoch]

Can you please clarify whether you had 2fa enabled prior to this?

@SimonSchick More or less. I have only added 2FA as in a separate authenticator app after the incident but prior to this I had activated the GitHub App which then automatically acts as a second factor when logging in.

[andreasf]

@schlagmichdoch I am not a lawyer but I would say that what you are experiencing is equivalent to having your contract canceled.

I have had problems with an automated fraud check on Instagram before, my account got locked, I think the system thought that I am a bot. Their GDPR staff was able to resolve the issue very quickly. I'll forward you the message I sent via email.

[andreasf]

Basically this is a way to have a real person review the decision that was made and possibly revert it

[schlagmichdoch]

You can still count on me for financial and compute ressource capacity. If you want i could even start an own gitlab instance (i currently know only gitlab and github to administer).

Thanks @kaindlnetwork for the offer! I guess when I move to codeberg there is no need for a self hosted instance as they seem to share the same values. When they finish their work on federated forges I can still move the repo to a separate forgejo instance. For now it's probably best to use the biggish community over on the codeberg instance.

I appreciate financial support! All support is used to finance the PairDrop infrastructure and is transparently visible on the buymeacoffee page. As the last donation was over two months ago, I would be very grateful for any contributions:
https://www.buymeacoffee.com/pairdrop

[schlagmichdoch]

@andreasf Thanks for the info and the mail! I will look into it. Hopefully, this is quickly resolved then.

[XHyperDEVX]

Thank you for being back! I happened to see in my docker setup that the latest image of Pairdrop cannot be retrieved. At first I thought it was a mistake on my part, until I realized that the repo and your account were gone. I thought you are going to stop working and was very sad about it. I even exported the last Pairdrop Docker image from my system and saved it locally on a hard disk so that I can continue to use this genius software in the event of an image loss. I was really afraid of not seeing this project again, so now I'm even happier that the project and your account are back 🎉

The way GitHub dealt with you after your description is not nice. And I can understand that you want to move to Codeberg. (I think Codeberg is a good alternative to github)

Don't let this get you down!

[OrcVole]

Sometimes, malicious actors flag a repo, as spam for example, in order to disrupt the developer.

This is a good reason to self-host code. Fortunately, there is an excellent solution for this already: Cloudron
https://cloudron.io

You can one-click deploy and maintain your own gitlab, gitea, github or gogs on your own server. It is free as in beer for two applications, so you could run a github and gogs gratis. There is so much additional value there on Cloudron and the development team are first-rate, it is worth supporting them too.

Incidentally, PairDrop is already supported on Cloudron as an experimental application!
I highly recommend trying it.

Thank you for creating PairDrop!

https://forum.cloudron.io/topic/9930/pairdrop-local-remote-file-sharing-in-your-browser-mobile-inspired-by-airdrop-fork-alternative-of-snapdrop?_=1711009568357

[BalazsSzeles]

Hi, I'm just wondering, what will happen to the Hosted Weblate project? Will it also sync to the new repo? I'm asking because I have just finished translating the project into Hungarian the day before the repo disappeared, and I don't know how many days it's gonna take to see the changes in the app.

[kaindlnetwork]

Hey everybody,
Great to see some progress in this matter. I still stick to my promise to support the repo and community. @schlagmichdoch Can you setup a way I can make regular financial support without thinking about it :D ? Something like Github Sponsors or Open Collective?

Keep up the good work!

Best Regards
Fabian

[schlagmichdoch]

Hello everyone,

I was taken aback a bit by this ordeal and needed some time off anyways so its been some time.

It's time for an update.

GitHub has answered my reinstatement request with the following message:

Hello schlagmichdoch,

Thanks for contacting GitHub Support.

Firstly, I sincerely apologize for the substantial delay. Our team is currently experiencing a higher volume of inquiries than usual, which has resulted in longer response times than we would like.

Secondly, our security team is currently investigating suspicious activity and account hijacking. As part of our efforts to combat this campaign, our automatic abuse-detecting systems flagged your account and removed content. Upon review, I can confirm this was done in error and there are no signs of account compromise.

We‘ve checked with our Issues team, and I’m afraid it is not currently possible to restore deleted GitHub Issues and comments. However, we were able to extract information from our logs which you could use to recreate the Issues in question. I’ve attached a CSV export with content that our security team was able to generate. We’ve tried to arrange this in a somewhat logical order, but I do apologize if the information is disjointed in any way. Please let me know if anything is missing, and I’ll do my best to follow it up. I also acknowledge this outcome may be less than ideal, and for that, I can only apologize again.

We’ve also cleared the restrictions from your account, so you now have full access to GitHub again, including your content being visible again. In addition to this, our security team have made an update to help prevent this from happening again.

Please let me know if you have any questions or concerns, or if we can assist with anything else. We’re here to help.

Kind regards,
Pip,
GitHub Support

So I have now a csv file containing 105 issues and comments which were wrongfully deleted which I have to restore manually. Thanks for nothing GitHub.

Only after I have recreated these I will be able to release the new minor version after which I will migrate the project.

I have requested some more information, how this could happen, why I wasn't notified, if this could happen again and if other users whose comments were deleted were notified. Before this was relayed to their employee, I got the following automated answer by copilot:

Hello Dominik,

I understand your concerns and I'll do my best to provide answers to your questions.

1. The specific trigger for your account being flagged as spam is not something I can provide details on. GitHub uses a variety of heuristics and machine learning algorithms to detect suspicious activity. Sometimes, legitimate accounts get caught in these measures.

2. GitHub does attempt to notify users when their account is flagged or restricted. However, I understand that you did not receive any notification. I'll pass this feedback along to our team.

3. Yes, automated decisions are part of the process. GitHub uses machine learning and other automated systems to help manage the vast amount of activity on the platform. We're continually working to improve these systems and reduce errors.

4. While we strive to prevent false positives in our spam detection, no system is perfect. If your account was flagged incorrectly, we've updated your account's status which should prevent this from happening in the future.

5. If you believe a decision has been made in error, you can appeal through our Appeal and Reinstatement form. We aim to respond to all appeals as quickly as possible.

6. The decision on which comments and issues to delete is based on the same systems that flagged the account. I understand that the selection may seem arbitrary, and we're always working to improve our systems.

7. Notifications about deleted comments or issues depend on the specific circumstances. In some cases, other users may be notified.

8. Restoring deleted comments and issues is not always possible due to technical limitations. We understand this can be frustrating and we're exploring ways to improve this process.

As a resident of the European Union, you do have rights under the GDPR. If you have further questions or concerns about how your personal data is handled, you can contact GitHub's Data Protection Officer at privacy@github.com.

I hope this helps clarify things for you. If you have any more questions, feel free to ask.

Best, Pip

I will wait for their answer and send their Data Protection Officer an email if I'm not content with it.

[schlagmichdoch]

@OrcVole Thanks for your suggestion! I have taken a look at cloudron and although I like the app store approach to lower the configuration needs for users, it's probably not for me. I will stick with codeberg / forgejo.

@BalazsSzeles I have since released Hungarian, Polish and Traditional Chinese translations in the newest version v1.10.8. Thanks for your contribution and sorry for the long delay!

@kaindlnetwork I did not know about Open Collective. This looks really great, I think it's a little oversized for this project though. I have since activated recurring contributions on the BuyMeACoffee page (they call it memberships) and there is also GitHub Sponsors. As I plan to move away from GitHub I still prefer BuyMeACoffee but whatever fits best for you.

Cheers
Dominik