The Borders of Open Source Code: The Downsides, Legalities and Alternatives for Git repositories
Developers worldwide from all kinds of project backgrounds, ranging from software to hardware, have gone through a history of different ways to manage their resources and source codes for their projects, be it operating systems, drivers, office and industry applications, media software, and even entire videogames and emulators.
For those around in the coding world decades ago, developers relied on things like SVN (Subversion), CVS (Concurrent Versions System) for source code versioning control, and places like Google Code (which has been defunct since 2016) to store their projects.
The now-defunct Google Code service
With the passing of time, and also the changes in the technological landscape, Git-based project hosts became the centerpiece for almost every kind of hosted project with a proper versioned source code, or even just for archival purposes.
However, with any form of source code hosting service, there comes a fair share of rules, terms of service, and of course, region-based laws applied into the application, website or service, depending on where the company resides or operates, like every other website in the internet does.
Limited Openness
Any form of website, service or company is tied and must abide by region-specific rules and laws, which vary from country to country, and even in some cases, from state to state within the same country. The same applies to technologies, in an ever-evolving landscape of technology, the laws that regulate said technologies become quickly obsolete, sometimes relying on outdated rulings and laws established decades from any emerging technology. Such is the case for most current forms of media, like videogames and emulators, and how they're handled in comparison to the start of the 2000s.
For the specific case of source code projects and development, one of the most defining factors to determine whether or not a project can be hosted into a specific Git service is the copyright law, which in the case of software development, is the Digital Millenium Copyright Act (DMCA) for the United States, and in the case of the European Union, each country handles copyright law differently, and some countries are covered under the Electronic Commerce Directive (ECD), which handles notices and take downs, but for a general purpose, we'll focus on the General Data Protection Regulation (GDPR) for the European Union. Note however that the European Union does not necessarily constitute every European country, which will be a key point to touch upon further down in this article.
With copyright law taking an effect and extending into Git repositories, the companies offering the repository service, like GitHub or GitLab, might exert an immediate action of termination upon DMCA/GDPR notice for content hosted under their grasp.
But why is the DMCA/GDPR such a defining factor for any kind of project, specially open source ones?
The Downsides of Mainstream Git Hosts
While certain hosted repositories would certainly prompt a copyright infringement, like leaked source code for games or software, others are not that clear-cut when it comes to what would encapsulate a copyright infringement, or a plausible violation of DMCA/GDPR law. Some companies enforce these as they see fit, regardless of possible limitations or exemptions to those laws. Not only that, but to make matters worse, sometimes these so called strikes or takedowns aren't even enforced by the copyright holder itself, but rather a completely unknown and unrelated third-party, basically falling into perjury by impersonating or claiming to be the copyright holder when they are most certainly not.
In these last few years, we have seen a wide number of projects being taken down from the now-usual mainstream source code repository services, with the most prominent being GitHub, though GitLab has also been a place where takedowns aren't that rare to see as well.
Nintendo surely is the crowning example of a company enforcing takedowns in a frequent basis, but there are other companies as well eyeing these mainstream code services for possible copyright takedowns, with it sometimes going beyond a takedown and into the territory or lawsuits.
We can take a look at some of the most prominent take downs from the last couple of years:
- Take Two takes legal action against reverse engineered re3 (GTA3) and revc (GTA:VC) projects
- Nintendo reportedly issues DMCA takedown for Switch homebrew project Skyline Switch emulator, development ceased
- Yuzu emulator shutting down, paying Nintendo 2.4 million in lawsuit settlement
- GitLab has taken down the Suyu Nintendo Switch emulator
- Nintendo takedown request targets over 8500 copies of Switch emulator Yuzu
Excerpt from the Nintendo V. Tropic Haze LLC / Yuzu lawsuit
Be it a legitimate takedown or someone impersonating the actual company, most people who hold a particular source code repository will most likely not counter any of these strikes, often leading to their projects being permanently taken down from the service (alongside any forks being made). Users wanting to see the project continue might reupload it to other sites, but with most mainstream services being hosted in the US or EU, it's generally only a matter of time before the projects are once again found and removed.
Additionally, due to the lack of a clear statement on what constitutes an actual copyright infringement and what could be possibly fall under the Fair Use or Personal Use statutes of the law, or a Reverse Engineering clause, fighting against the takedown notices would only mean that the developer or user is opening themselves up for an eventual lawsuit by the copyright holder, with the only plausible end to it being the developer being sued to bankruptcy, in heavy debt, or with actual prison time.
Both GitHub and GitLab are based in San Francisco, California within the United States (although GitLab is also found in other countries, mostly from the EU and Asia), which makes both of these completely compliant with United States laws, which includes the DMCA, and by extension, the GDPR from the European Union (and other laws that might apply in Singapore, South Korea and Australia regarding copyright law for GitLab).
Git Repo Alternatives
Given all of these inquiries and issues, what can a source code developer do then to safeguard their repositories without fear of a possible take down, be it official or an impersonated attack? What can a developer do to even safeguard their codes in the case that new laws pass down that might affect even more homebrew or fan-made projects? And what if the developer just wants to archive their source code repository for educational and historical purposes? Contrary to popular belief, both GitHub and GitLab are far from being the only Git services around.
While there are certainly a number of ways to handle, comply and/or avoid the DMCA/GDPR, and/or make your project safe in any regard, there are still projects that end up being taken down maliciously by non-copyright holders (perjury), and there's also times when the DMCA-based takedown could be countered and possibly hold a position in court, but due to the grey area of the DMCA when it comes to Fair Use, Personal Use and Reverse Engineering, as well as non-profit hacking, romhacking, fan projects and others, the usual victims are fan developers themselves that have to way of defending themselves against a multi-billion dollar company in court, so the only action for the usual developers is to cease development or change hosts to another service.
In the case of the later, what options does a developer have when their project is being targeted by DMCA/GDPR takedowns?
Given how the mainstream services are hosted within the US.
First, let's start with some of the Git services suggested by the GBAtemp community:
- Framagit.org (France by Framasoft), GitGud.io and about.0xacab.org are all powered by GitLab, so those are still tied to DMCA/GDPR laws by extension.
- Repo.or.cz is running on Germany and Czech Republic laws, so still tied to EU laws / GDPR overall. While there's not much certainty as to how much Czech Republic enforces copyrighted content, Germany is not a viable option given how tight they are towards copyright violations.
- Codeberg.org is also another service operating under German jurisdiction.
- While NotABug.org has some Tor bases on them that could potentially help towards anonymity, the actual site is hosted on rented German servers, and is owned by Dutch members, so that's still EU stuff that could be attacked by a DMCA takedowns or GDPR. Could still be a feasible solution if the site is indeed running on Onion links and such, but there is some uncertainty here.
GitProtect.io posted an article about Git hosting alternatives back in 2022, with the top spots being, of course, GitHub and GitLab, but also mentions BitBucket, SourceForge, Launchpad and CodeBase, to name a few, as other considerable options back then. However, it's worth considering that these services are mostly based on US territory (with a couple in the EU), making them just as feasible as GitHub and GitLab for this use-case, so they're not considerable options for trying to preserve your open source code online.
Most of the mentioned options above reside within the European Union, but what other options are there then that aren't based in the usual regions and countries?
We still have quite a handful of other really good options in other countries, but we first need to know what countries are lenient in regards to DMCA/GDPR laws and how they enforce them, or if they enforce them at all. Website Planet released an article recently detailing which countries tend to ignore DMCA/GDPR laws worldwide, and these could be good potential candidates to start looking into Git services hosted into these countries:
- Netherlands
- Luxembourg
- Bulgaria
- Malaysia
- Singapore
- Hong Kong
- Russia
Latin America is also known for being quite lax when it comes to copyright laws and piracy, but if the situation arise of a very extreme case, the laws from the US might extend to one of these countries due to most of Latin America's alliance with the US, and even though there hasn't been any precedent of companies from US/EU origin going after users or developers located in Latin American territory, there's always the possibility of them extending their reach.
Recommended Git Alternatives
While the options mentioned above are viable for hosting open source code, the following recommendations are potentially the most safe haven for open source projects to be hosted without fear of a DMCA strike. For the first couple options, it's suggested to use a translation tool or browser extension like TWP (Translate Web Pages) by Filipe, so those interested can navigate the next 2 options in their native language without a language barrier:
- Gitee: https://gitee.com/
China's webpage for their own Git service, Gitee
Gitee is one of the most feasible options for those that might want their code to work outside of the usual countries, as this one operates within China, specifically, based on Shenzhen.
However, we have to take into consideration that the multimedia company Tencent, based in Shenzhen, is currently operating in the region and works as a publisher for several western and other Asian companies, as well as holding stocks in big gaming companies, like Epic and Activision Blizzard. Tencent also worked alongside Nintendo to release the Switch in a jointly effort to bring the console into Chinese territory, so it's another thing to consider if one wishes to host code on this Chinese-based Git service.
Gitee offers a few registration options for worldwide users, directly with an email, through a Google account, and even registration via your own GitHub account (and even GitLab and Huawei accounts in some instances). It also offers some additional registration options for Chinese users as well.
- GitFlic: https://gitflic.ru/
GitFlic, the Russian-based Git service
GitFlic is a really obscure Git service, and with good reason. Despite its obscurity, it is one of the best options to host source code to this day (alongside the following two options), given how the Git service is entirely and solely based in Russia and is completely impervious to any kind of copyright law from the US or EU. Due current on-going world events (and to avoid going into details), Russia made software piracy legal nationwide back in 2022 making hosting any kind of project or source code hosted in it legal under Russian law, even if it the code itself infringes on copyright laws from other countries.
The registration options that GitFlic offers for worldwide users are a bit more limited that Gitee's, as it only allows registration either directly with an email (which is the most accessible out of the available ones), or through one of Russia's own media services, with these being Yandex (a Google-like equivalent in Russia) or VK (a FB-like equivalent in Russia). Once the user has created an ID in either Yandex or VK, they can sign in to GitFlic using any of the two, though these last two options for registering should only be considered if the email registration failed.
- Torrent-based Git repositories: https://github.com/cjb/GitTorrent
Decentralizing GitHub with torrent-based Git projects through GitTorrent
If the developer is interested in still using GitHub/GitLab powered repositories, but not rely on the company exerting their claws unto their projects, there's also the option of creating a distribution of the source code/project through a torrent service, or better yet, merging both Git and Torrent into a single network to decentralize the repositories themselves, which prompted for the creation of GitTorrent.
GitTorrent works by sharing Git repositories with BitTorrent over a peer-to-peer network, which effectively makes the users themselves the hosts for the repositories being shared. The GitTorrent repository has instructions on how to clone the repository and install it, and how to manage a personal Git repository for sharing over GitTorrent itself.
- Self-Hosted Git repository:
Another option a developer could have if they still want to use some form of similarity to GitHub/GitLab and not rely on them entirely is a self-hosted Git repository. This is more or less similar to making a server which hosts the repository itself, which means the developer will be in charge of the installation and maintenance of the repository.
The benefits of a self-hosted repository are that the repository made in this manner is subject to the laws of whichever country the repository is hosted in. If the repository is hosted in a country where DMCA/GDPR laws aren't that prominent, then that could mean a plausible safe place for the project to thrive without much worry about a strike or takedown due to copyrights.
GitLab itself offers a way to create a self-hosted and self-managed repository based on their service, which might make it still viable to their Term of Service. However, there's also wide variety of other options to choose from when it comes to self-hosting repositories, with some of these options being Gitea, Gogs, GitBucket and Frog Git, among others.
Inedo Blog featured a very detailed article regarding self-hosted git tools, and the most recommended Git tool for this according to them was Gitea.
Slant has a really good list of options for self-hosted Git managers if a developer chooses to go with this alternative. GitProtect.io also offered a good list of alternatives for a self-hosted Git repository in 2022, so those could also be looked upon for those interested in going this route for their own projects.
Precautions, Warnings, and Potential Liability
Hosting your "legally grey" source code in another Git host outside the usual jurisdiction could save your project from potential takedowns and DMCA/GDPR claims, but that doesn't mean it will also save you as a developer from the almighty corporate eyes and ninjas.
While surely hosting your projects in some of the above recommended Git services could mean a safe haven for your projects, the region where the developer who created the source code lives will also play a huge part in what action the companies involved in copyright claims might take against the developer itself. Anonymity online is a pivotal part for legally doubtful projects, since if the project itself is considered infringing by the copyright holder, and the developer is already circumventing the copyright laws by going into other country's Git service, if the developer itself resides within any of the DMCA/GDPR abiding countries, they copyright holder could instead go directly after the developer itself, instead of relying on a third-party company like GitHub or GitLab to strike down the repositories on their behalf.
if the previous scenario becomes a possibility, there's three potential outcomes if the company gets a hold of the developer:
- The least aggressive outcome, and the most plausible, could be either a direct DMCA or C&D notice directly to the developer's email or through contact form of some kind. The developer should never underestimate the resources that a copyright holder has, more so in the case of big companies, like Nintendo or Microsoft.
In this case the best course of action would be to comply with the DMCA notice and cease development, otherwise they risk escalating the situation into the next point.
- The developer risks a potential legal fee for infringing copyright. In this case, the fee might be settled by a court, depending on how much the copyright holder and its analysts could consider in damages. Additionally, the developer will be forced to shut down the project on its end, though this doesn't mean it could put an end to forks and other re-brandings of the project outside of the original developer's jurisdiction.
- The worst case scenario, and the less likely to occur, is a jail time settled in court. This is hardly (and almost never) the case when it comes to possible DMCA-infringing repositories. The only case in recent memory of a person getting jail time due to copyright infringement was the case of Nintendo VS. Gary Bowser, but this particular case point was due to actual money being made from the whole ordeal, with hardware that bypassed device protections being sold.
If a developer does end up going with any of these listed alternatives, do take into consideration all of this plausible outcomes,
Summary
There's currently a lot of options outside of the usual GitHub and GitLab repositories for developers throughout the world to make use of, and while many of them are based within the United States and the European Union, developers that want to keep their projects alive and without risks of potential takedowns or strikes, they can still make use of any of the listed options.
The most recommended options of the entirety listed here are without a doubt GitFlic, and making and sharing your own repository by the developer's own terms, be it through a self-hosted Git manager, or by sharing their Git repository through a peer to peer network with GitTorrent.
Closing Thoughts
The current state of open source projects, emulation, and the tools that allow emulation to be possible in the current age are getting more and more media attention day by day, and that also means gaining attention towards the companies that hold the copyrights to the titles played in said emulators.
Previous court cases, like Sony VS. Connectix, gave a precedent and a protection to emulators back in the early days when emulators were on the rise, but with how quickly the evolution of technological measures are being applied by companies in a modern market, the laws that protected said emulators back then could be at risk unless new exemptions to copyright laws are made that allow for the consumer to have complete ownership of the product they purchase, and how the consumer wants to make use of their purchased goods and how to experience them.
The targeted source code projects under these circumstances are a clear indication that such changes are starting to take shape, and developers are seeking options to preserve and allow others to make use of their own purchased goods at their own leisure, without the ever-seeing eye of the company telling them how to and how not to enjoy their purchase.
Developers worldwide should have all the options possible at their disposal to preserve whichever developments they make, be it for archival, educational, or whatever else purpose they seek, and that those projects become an everlasting imprint in the history of technology and humankind as a whole, not only made by the big corporations, but by fans and deeply devoted and talented humans alike.
Splinter Cell: Chaos Theory
