Question around developer privacy preservation \ stacker news ~devs

When I cycled nyms earlier this month (as a preventive opsec measure) I decided to stop exposing myself to GitHub's tracking features under this new identity.

The problem with GitHub is that if you’re interacting with a repository that is part of a GitHub organization, your geolocation and, if configured so, your IP address, is being shared with everyone in that org that has or in the near future will gain access to audit logs (everyone that has administrative rights.) Additionally, for non-enterprise plans, access to this is hard to finely configure. The retention rate of these logs in the admin UI is 6 months, but these logs can be streamed and/or downloaded off-GitHub through API and retained elsewhere. This means that anyone gaining access to a GitHub organization’s security role can collect this information and store it.

This issue can become significant when an opsec failure occurs. Real life example: you were tuning your VPN config last night and forgot to check if it were on in the morning when you pushed a commit or commented on an issue. Situations like that do happen - I know because it happened to yours truly 4 times in 12 years. In recent times though, geolocation information has become increasingly sensitive in the Bitcoin space. For instance, consider @lopp’s meatspace attack log for 2025 thus far.

To reduce the risk of accidental exposure, I decided to find and try using a publicly available Tor-only Gitea/Forgejo instance. I came across a tor-only service called "Right To Privacy" which seemed stable and reliable when I did a test run. However, when I used it for "production" last week to host source code and workflow for a little system that monitors robosats (#887106) it only lasted a few days and it’s been down for more days than it’s been up.

The problem with services like these is that they rely on donations. The alternative is a paid service, so that "users" become customers and operators have an incentive to not introduce days worth of downtime (or rug.) We have a great tool in Lightning to have exactly the type of sender anonymity needed, and for now definitely supporting small enough amounts to make weekly billing a thing. Conceptually, having a LN-invoicing git-onion could be a good match from a privacy preservation p.o.v. (caveat: but not so much for compliance of course; I'm not writing this for bank-devs, sorry.)

Before investing time and resources in developing such a tool, I'm wondering if there are other developers interested in a privacy-preserving development workflow solution.

Would I be creating something for myself alone, or do we think there could be a larger demand for this type of service?

50 sats \ 0 replies \ @elvismercury 19m

I have no expertise to offer but have been super curious for years about how the opsec, or lack of it, will play out among core devs once various important people / groups have billions, and then trillions, at stake, and are no longer okay with it riding on the whims of some small collection of neckbeards.

So far as I can tell almost no discussion or concrete action has occurred to pre-empt the issue, aside from the attrition of some good people.

121 sats \ 1 reply \ @k00b 6h

I would guess the market is small but larger than just you. Data privacy feels pretty mainstream now, but metadata privacy still seems niche. Developers are more aware of privacy issues but the majority of them have a kind of fatalist attitude about privacy.

It might be worth reaching out to someone building a small git host and see if they'll create a tor-only mode and accept bitcoin.

chr15m on github runs Hosted Gitea and also implemented gitnonymous, a shell script for pushing commits over Tor. I interviewed them when I was working on my own git host many years ago. He's an awesome open source dev.

100 sats \ 0 replies \ @optimism OP 5h

Thanks!

the majority of them have a kind of fatalist attitude about privacy.

I cared less before shtf many years ago. Can't protect against 3-letter agencies (at least not all of them, you have to make choices), but can protect against nearly everyone else. Even if it were only GitHub/MS to protect against, it would be of different importance; but the audit logs are a big issue. Tor (in secure mode w/o javascript) does fix this.

[..] see if they'll create a tor-only mode and accept bitcoin.

Good idea!

my own git host

This is very cool, sir.