433
submitted 1 year ago by rrobin@lemmy.world to c/privacy@lemmy.ml

Looks like gitlab now requires account verification for new accounts in addition to email. Either phone number or credit card.

This applies both to accounts created with a working email or by logging in using your github account. You can't even verify your email until you go through step 1.

I don't know when this started, but at least for the last month or two judging from these posts in the forums.

Fun fact: I don't even want to host on gitlab, I just wanted to report bugs in some projects. So I'm locked out.

top 50 comments
sorted by: hot top controversial new old
[-] bamboo@lemmy.blahaj.zone 90 points 1 year ago

I'd assume this will be a non issue once they implement ActivityPub. They can enable whatever account restrictions on their gitlab instance, but if I don't want to provide this information to report a bug, then I can use another instance or self host my own, without the account restrictions.

[-] ipkpjersi@lemmy.ml 14 points 1 year ago

You really think they will add a full ActivityPub implementation? I highly doubt it.

load more comments (2 replies)
load more comments (2 replies)
[-] LWD@lemm.ee 70 points 1 year ago* (last edited 11 months ago)
[-] blindbunny@lemmy.ml 65 points 1 year ago

I was asking like less then a month ago what's wrong with gitlab when Firefox switched to GitHub, now I know.

[-] vox@sopuli.xyz 14 points 1 year ago* (last edited 1 year ago)
  1. firefox were using self-hosted mercurial + git with sync
  2. they just dropped mercurial, they're still not on github
    only misc. libraries and the android frontend are on github, and firefox/mozilla has never used gitlab
[-] wintermute@feddit.de 44 points 1 year ago

Glad I switched to Forgejo some time ago, never looked back : )

[-] nakal@kbin.social 6 points 1 year ago

It looks like Gitea. Is it a fork?

[-] poVoq@slrpnk.net 16 points 1 year ago

Softfork. Basically the version that runs on Codeberg.org

load more comments (3 replies)
[-] Veraxus@kbin.social 43 points 1 year ago

I really, really like Gitlab... but this is a MAJOR problem and spectacularly short-sighted.

[-] Clbull@lemmy.world 40 points 1 year ago
load more comments (2 replies)
[-] kevincox@lemmy.ml 34 points 1 year ago

This really sucks for bug reporting. I don't mind this at all for hosting as that cost notable resources (especially their free CI tier) and they can set their own terms, but I want people to be able to report bugs without any trouble. (Although if spam is an issue maybe projects could opt-in to requiring this verification to report bugs).

A work-around is maybe the service desk feature allowing reporting bugs via email but this has issues for proper collaboration:

  1. The reporter's email is shared.
  2. The issue is private by default.
  3. Can't collaborate on an existing issue.

Maybe I'll just go back to mailing lists... Or GitHub has gotten better recently. But GitLab's CI is so much better.

[-] TauZero@mander.xyz 13 points 1 year ago

I want people to be able to report bugs without any trouble.

Thank you for being aware! I've experienced this on github.com. I've tried to submit issues several times to open source projects, complete with proposed code to solve a bug, but github shadowbans my account 6 hours after creating it (because I use a VPN? a third-party email provider? do not provide a phone number? who knows). I can see the issue and pull request when logged in, but they only see a 404 on their project page even if I give them a direct link. I ended up sending them a screenshot of the issue page just to convince them this was even possible. Sad to hear gitlab does it even worse now by making phone mandatory.

[-] Bipta@kbin.social 6 points 1 year ago

Kbin uses Gitlab so it's too bad.

[-] ernest@kbin.social 16 points 1 year ago* (last edited 1 year ago)

Not really. The official repository (with issue management) is located on Codeberg. GitHub serves as a mirror in case of any issues with the primary service.

https://codeberg.org/Kbin/kbin-core

[-] roguetrick@kbin.social 9 points 1 year ago

Well what would you know about it, ernest.

[-] nix@merv.news 6 points 1 year ago
[-] Infiltrated_ad8271@kbin.social 29 points 1 year ago

Time to delete my account, before it is considered "suspicious" and I can't even log in without verification.

[-] cupcakezealot@lemmy.blahaj.zone 26 points 1 year ago

sorry but deleting the account is absolutely ridiculous.

mark it inactive but just deleting someone's entire git history because they didn't put in a phone number or credit card is so dumb.

i don't even need a phone number or credit card for my github account.

[-] MooseBoys@lemmy.world 18 points 1 year ago

deleting someone's entire git history

Based on the image text this is for new accounts only. My account has neither phone nor credit card and I’ve not been asked to re-verify. Maybe they’re having problems with bots at the moment.

load more comments (2 replies)
[-] Fisch@lemmy.ml 7 points 1 year ago

I think this is for new accounts only, if you already have an account, your E-Mail will already be verified

load more comments (1 replies)
[-] adamnejm@programming.dev 26 points 1 year ago* (last edited 1 year ago)

Just tried this out using a typical temporary email address (temp-mail.org) and a VPN (AirVPN).
I was only asked to confirm my e-mail address within 3 days, never for a phone address or any banking details.

Judging by the first post you've linked to, it's only necessary for paid accounts or free trials.
The person in the second post is trying to register via GitHub / Google, well... sucks for them.

[-] rrobin@lemmy.world 7 points 1 year ago

I've tried a few times in the past 2 weeks. Using a good email account and also with github, no luck though. Maybe its doing some "smart" heuristics to trigger it.

I just retried now, using that temp mail (but no vpn) and got the exact same phone verification. Maybe my IP address is evil :D

[-] GrappleHat@lemmy.ml 25 points 1 year ago
[-] tarneo@lemmy.ml 18 points 1 year ago

Because it's a decent competitor to the GitHub monopoly. It also has a few unique features when compared to it. Just guessing why OP uses it though (many people do)

[-] GrappleHat@lemmy.ml 30 points 1 year ago

Sorry, I meant "GitLab, why'd you do that!?"

(I'm a GitLab user myself)

[-] DroneRights@lemm.ee 8 points 1 year ago

Oh, well then you forgot your comma

load more comments (1 replies)
[-] authed@lemmy.ml 18 points 1 year ago
load more comments (1 replies)
[-] peyotecosmico@programming.dev 17 points 1 year ago* (last edited 1 year ago)

Time to start using GitDirectory named V.01 shared over FTP.

It's a joke, don't use FTP, it's not secure.

[-] lazynooblet@lazysoci.al 7 points 1 year ago
[-] MrRazamataz@lemmy.razbot.xyz 44 points 1 year ago

because it hasn't got an S in it

[-] Klaymore@sh.itjust.works 14 points 1 year ago

It's unencrypted, your ISP / Starbucks wifi can read all the files you send. Use SFTP instead.

load more comments (5 replies)
[-] vox@sopuli.xyz 16 points 1 year ago* (last edited 1 year ago)

isn't the official gitlab instance primarily a paid platform? cc verification makes sense then.

[-] Pantherina@feddit.de 15 points 1 year ago

I know this sucks. But I imagine this is because of previous abuse by bots or something. Could be simply evil though.

[-] privacybro@lemmy.ninja 13 points 1 year ago

For alternatives, I recommend to use a community-ran Gitea instance. Project Segfault runs one.

https://about.gitea.com/

https://git.projectsegfau.lt/

Also check out Forgejo, it's another git software. Disroot has an instance.

https://forgejo.org

https://git.disroot.org/

[-] Fisch@lemmy.ml 10 points 1 year ago

Codeberg also uses Forgejo

load more comments (4 replies)
[-] overshot@jlai.lu 12 points 1 year ago
[-] PropaGandalf@lemmy.world 7 points 1 year ago

forgejo for life!

[-] Slotos@feddit.nl 7 points 1 year ago

Sourcehut. The answer is sourcehut.

You don’t even need an account to submit patches, just configure git send-email.

load more comments (2 replies)
[-] macattack@lemmy.world 7 points 1 year ago

Experienced the same issue when I tried to sign up 2-3 months. Went down a rabbit hole and then just decided to not host w/ them.

There is a workaround where you can create an account if it is on a different gitlab instance (ie: I was able to join https://git.joinfirefish.org/ w/o the CC info) but I don't know how useful that is in the grand scheme of things.

[-] interdimensionalmeme@lemmy.ml 7 points 1 year ago

What's the best way to circumvent phone number verification ? My burner YouTube account, which has nothing unsavory on it, has been marked for phone number verification or else I can't login at all.

Of course I'm not giving them my real phone number. What the best way to fake this?

load more comments (7 replies)
load more comments
view more: next ›
this post was submitted on 15 Nov 2023
433 points (98.4% liked)

Privacy

32130 readers
443 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS