Preface on This Topic

We’ve seen RIAA take down on Youtube-dl, Nintendo taking down fan projects, Github/Gitlab banning Iranian developer over dispute with USA and an angry somebody who is out for blood trying to take down somebody’s project with false DMCA take down (Remind you of YouTube DMCA anyone? No?)

Let’s be real here, Github and Gitlab are going to end up behaving the same thing as YouTube is doing with DMCA take down and that the fundamental problem with the law that isn’t going to be fixed in the next 2 lifetimes. Why would anyone want to subject themselves to the legal mess and repercussion over this?

Gitea on TOR

We already know that TOR is already purpose built for privacy so it’s good enough for this. So it bring us back around to why aren’t we discussing/setting up Gitea on TOR as a hidden service to step-side the entire legal dilemma and repercussions for above?

One of the issue I recognize with this is, how are you supposed to trust the release/source code posted on hidden service which have a very sketchy reputation?

It’s simple, you don’t.

But there ARE ways that you can use to verify that the code is legit and one of them is by making sure the source code repository commits are signed by the authors which can lessen the work you have to do to ensure that code aren’t fiddled with by hostile actors, but at the end of the day, you still need to audit the source code or have someone you trust to verify that the code is legitimately safe to use.

To be honest, this actually isn’t any different from source code being posted on Github or Gitlab, it just that gitlab/github have a better marketing, there are basically nothing stopping people from posting malware and malicious code on github and that have in fact been done repeatingly in the past.

Will GPL/LGPL licensed work still be in effect over this?

I am not a lawyer, so this is in no shape or form a legal advice, just an opinion from an internet user.

From what I understand, yep, you can argue that somebody copied your work and uploaded onto an anonymous platform and if somebody copied your work from there, the licensed work is still copyrighted to you regardless of where it’s uploaded to. You can do legitimate work and if someone copied your work onto another project in anonymous fashion, you can’t reasonably be responsible for whatever other project does with your code if your code was originally used for legitimate purpose, it’s like blaming Linux Kernel for helping run malware botnet.

Wouldn’t this raise the technical barrier for most users?

Yep, but at the end of the day, what are your options anyway? If by any consolation, each new generation of users are becoming more tech literate, so there’s that. That’s the trade off for all of the above, maybe those technically illiterate users can trust other third party to package and sign binary that were built from such anonymous source code repository.

So basically run an onion service that hosts source code?


Yup, and for collaborating development on as well.

As other commenters have said, hosting it in other countries may be a good idea. The thing with git through Tor is that you will end up having a lot of virus repos (as in virus repos that are advertised as viruses foe infosec type things). Not necessarily a bad thing. But since you are using Tor for the service, the service might get a bad rap.


If you’re going to downvote, post your reasoning why you disagree on it?


I’d just say its overkill. Torrent sites exist on the public Internet still largely by being behind ISPs that ignore US IP imperialism. You lose a huge part of what makes youtube-dl et al successful by hiding it on TOR and making it totally inaccessible to user feedback and organic developer engagement and contribution.

The only problem is here is large US based corporations are not where you put information hostile to the IP regime of the host country. Its unique to the US to be able to DMCA takedown anything you want with impunity, even just hosting youtube-dl in almost any European jurisdiction alone would be enough to stave off baseless attacks by media mafias.


Agree, no piracy-adjacent project should use any US host for security reasons. I’m not sure if they’ve moved their official repo somewhere, but a self-hosted gitea, hosted outside the US takes pretty much no time at all to set up… or they could put it up on codeberg or something.


Not codeberg, they are asshats about piracy


Maybe, but it feels like piratebay 2.0 scenario and we’re just playing a repeat of that.


I run a personal gitea with tor v3 gateway. I see no problem with it. Pretty simple to stand up.

All about open source software! Feel free to ask questions, and share news, and interesting stuff!