this post was submitted on 15 Nov 2023

385 points (98.2% liked)

Privacy

31833 readers

131 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

385

Gitlab now requires phone number/credit card verification (lemmy.world)

submitted 11 months ago by rrobin@lemmy.world to c/privacy@lemmy.ml

76 comments fedilink hide all child comments

Looks like gitlab now requires account verification for new accounts in addition to email. Either phone number or credit card.

This applies both to accounts created with a working email or by logging in using your github account. You can't even verify your email until you go through step 1.

I don't know when this started, but at least for the last month or two judging from these posts in the forums.

Fun fact: I don't even want to host on gitlab, I just wanted to report bugs in some projects. So I'm locked out.

top 50 comments

sorted by: hot top controversial new old

[–] bamboo@lemmy.blahaj.zone 80 points 11 months ago (3 children)

I'd assume this will be a non issue once they implement ActivityPub. They can enable whatever account restrictions on their gitlab instance, but if I don't want to provide this information to report a bug, then I can use another instance or self host my own, without the account restrictions.

[–] ipkpjersi@lemmy.ml 11 points 11 months ago (2 children)

You really think they will add a full ActivityPub implementation? I highly doubt it.

load more comments (2 replies)

[–] AppearanceBoring9229@sh.itjust.works 4 points 11 months ago

That's great news!

load more comments (1 replies)

[–] LWD@lemm.ee 63 points 11 months ago* (last edited 10 months ago)

deleted

[–] Veraxus@kbin.social 37 points 11 months ago

I really, really like Gitlab... but this is a MAJOR problem and spectacularly short-sighted.

[–] Clbull@lemmy.world 35 points 11 months ago (1 children)

Well they can just GitOut

[–] wintermute@feddit.de 34 points 11 months ago (1 children)

Glad I switched to Forgejo some time ago, never looked back : )

[–] nakal@kbin.social 5 points 11 months ago (1 children)

It looks like Gitea. Is it a fork?

[–] poVoq@slrpnk.net 13 points 11 months ago (2 children)

Softfork. Basically the version that runs on Codeberg.org

load more comments (2 replies)

[–] kevincox@lemmy.ml 30 points 11 months ago (1 children)

This really sucks for bug reporting. I don't mind this at all for hosting as that cost notable resources (especially their free CI tier) and they can set their own terms, but I want people to be able to report bugs without any trouble. (Although if spam is an issue maybe projects could opt-in to requiring this verification to report bugs).

A work-around is maybe the service desk feature allowing reporting bugs via email but this has issues for proper collaboration:

The reporter's email is shared.
The issue is private by default.
Can't collaborate on an existing issue.

Maybe I'll just go back to mailing lists... Or GitHub has gotten better recently. But GitLab's CI is so much better.

[–] Bipta@kbin.social 6 points 11 months ago (1 children)

Kbin uses Gitlab so it's too bad.

[–] nix@merv.news 5 points 11 months ago

Hopefully the move to https://codeberg.org

[–] adamnejm@programming.dev 24 points 11 months ago* (last edited 11 months ago) (1 children)

Just tried this out using a typical temporary email address (temp-mail.org) and a VPN (AirVPN).
I was only asked to confirm my e-mail address within 3 days, never for a phone address or any banking details.

Judging by the first post you've linked to, it's only necessary for paid accounts or free trials.
The person in the second post is trying to register via GitHub / Google, well... sucks for them.

[–] rrobin@lemmy.world 6 points 11 months ago

I've tried a few times in the past 2 weeks. Using a good email account and also with github, no luck though. Maybe its doing some "smart" heuristics to trigger it.

I just retried now, using that temp mail (but no vpn) and got the exact same phone verification. Maybe my IP address is evil :D

[–] cupcakezealot@lemmy.blahaj.zone 23 points 11 months ago (1 children)

sorry but deleting the account is absolutely ridiculous.

mark it inactive but just deleting someone's entire git history because they didn't put in a phone number or credit card is so dumb.

i don't even need a phone number or credit card for my github account.

[–] Wilzax@lemmy.world 4 points 11 months ago

Good thing it's only deleting your account if it's a new account that you didn't finish the registration process for

[–] GrappleHat@lemmy.ml 22 points 11 months ago (1 children)

Why GitLab!?

[–] tarneo@lemmy.ml 15 points 11 months ago (1 children)

Because it's a decent competitor to the GitHub monopoly. It also has a few unique features when compared to it. Just guessing why OP uses it though (many people do)

[–] GrappleHat@lemmy.ml 26 points 11 months ago (2 children)

Sorry, I meant "GitLab, why'd you do that!?"

(I'm a GitLab user myself)

[–] DroneRights@lemm.ee 8 points 11 months ago

Oh, well then you forgot your comma

load more comments (1 replies)

[–] vox@sopuli.xyz 16 points 11 months ago* (last edited 11 months ago)

isn't the official gitlab instance primarily a paid platform? cc verification makes sense then.

[–] peyotecosmico@programming.dev 16 points 11 months ago* (last edited 11 months ago) (6 children)

Time to start using GitDirectory named V.01 shared over FTP.

It's a joke, don't use FTP, it's not secure.

[–] lazynooblet@lazysoci.al 7 points 11 months ago (2 children)

Why isn't FTP secure

[–] MrRazamataz@lemmy.razbot.xyz 40 points 11 months ago

because it hasn't got an S in it

[–] Klaymore@sh.itjust.works 14 points 11 months ago (2 children)

It's unencrypted, your ISP / Starbucks wifi can read all the files you send. Use SFTP instead.

[–] ErwinLottemann@feddit.de 6 points 11 months ago (1 children)

or FTPS

[–] Atemu@lemmy.ml 4 points 11 months ago

Not just read but modify even.

load more comments (5 replies)

[–] Pantherina@feddit.de 15 points 11 months ago

I know this sucks. But I imagine this is because of previous abuse by bots or something. Could be simply evil though.

[–] authed@lemmy.ml 14 points 11 months ago (1 children)

fuck them

load more comments (1 replies)

[–] overshot@jlai.lu 11 points 11 months ago

Gitea for life

[–] privacybro@lemmy.ninja 11 points 11 months ago (4 children)

For alternatives, I recommend to use a community-ran Gitea instance. Project Segfault runs one.

https://about.gitea.com/

https://git.projectsegfau.lt/

Also check out Forgejo, it's another git software. Disroot has an instance.

https://forgejo.org

https://git.disroot.org/

load more comments (4 replies)

[–] beta_tester@lemmy.ml 10 points 11 months ago

Damn, that sucks

[–] interdimensionalmeme@lemmy.ml 7 points 11 months ago (2 children)

What's the best way to circumvent phone number verification ? My burner YouTube account, which has nothing unsavory on it, has been marked for phone number verification or else I can't login at all.

Of course I'm not giving them my real phone number. What the best way to fake this?

[–] Nugget@lemm.ee 5 points 11 months ago (1 children)

There are paid services that offer phone number masking such as Firefox Relay

load more comments (1 replies)

[–] AtmaJnana@lemmy.world 4 points 11 months ago* (last edited 11 months ago) (2 children)

get a burner sim. pay cash.

[–] ChaoticNeutralCzech@feddit.de 2 points 11 months ago* (last edited 11 months ago)

Impossible in some countries, like Germany with mandatory ID validaion. Luckily, our Pirate Party leader, a telecommunications expert, blocked this proposal here.

load more comments (1 replies)

[–] macattack@lemmy.world 7 points 11 months ago

Experienced the same issue when I tried to sign up 2-3 months. Went down a rabbit hole and then just decided to not host w/ them.

There is a workaround where you can create an account if it is on a different gitlab instance (ie: I was able to join https://git.joinfirefish.org/ w/o the CC info) but I don't know how useful that is in the grand scheme of things.

[–] Slotos@feddit.nl 7 points 11 months ago (2 children)

Sourcehut. The answer is sourcehut.

You don’t even need an account to submit patches, just configure git send-email.

[–] intrepid@lemmy.ca 3 points 11 months ago

Some people seem to think that setting up send-email and mailing patches has too much of a learning curve and 'barrier to entry'.

load more comments (1 replies)

[–] possiblylinux127@lemmy.zip 4 points 11 months ago (4 children)

Codeberg looks interesting but it would be nice to see a US based version. Anyway I think its clear gitlab is problematic

load more comments (4 replies)

[–] Denatured@lemm.ee 3 points 11 months ago

What would you guys recommend for a service to use to verify phone numbers for platforms, on topic, such as gitlab? I know there is some sort of list of voip service providers that most of these platforms blacklist. Where do they get such lists from and how can one view such lists?

load more comments