Hello dear Lemmy Community,

I have a very nice story to tell you all. I was having a blast over the last few days setting up a home server with completely open-source software. As usual, I encountered some small problems with specific apps, so I wrote two issues and one feature request on their respective GitHub pages. After a few days, I received no responses in the very active communities, but nothing too strange yet.

Today, in the evening, I used my phone to check if a specific issue had gotten any reactions by now, but I couldn’t find my issue at all. I just saw “23 open issues,” and none of them were mine. After logging in, it miraculously changed to 24 open issues.

Well, after a bit more testing, it turned out I was shadow banned. After discovering that, I tried to contact their support, but I was told I need to activate 2FA via an app or phone number first. “No thanks,” I thought, and went ahead to try deleting my (not so important) GitHub account. But surprise, surprise: the account deletion button was greyed out, and I was told to write their support! Which I can’t do because I don’t have 2FA!

What the fuck, GitHub?!

Thanks for reading! I hope you had more fun reading this than I had experiencing it.

  • KissakiEnglish
    8·
    2 days ago

    I wonder if it was only because of 2FA, or because of it in combination with being flagged for suspicious behavior [patterns]?

    from https://github.blog/news-insights/product-news/raising-the-bar-for-software-security-github-2fa-begins-march-13/

    we will officially begin rolling out our initiative to require all developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023

    If your account is selected for enrollment, you will be notified via email and see a banner on GitHub.com, asking you to enroll. You’ll have 45 days to configure 2FA on your account—before that date nothing will change about using GitHub except for the reminders. We’ll let you know when your enablement deadline is getting close, and once it has passed you will be required to enable 2FA the first time you access GitHub.com. You’ll have the ability to snooze this notification for up to a week, but after that your ability to access your account will be limited. Don’t worry: this snooze period only starts once you’ve signed in after the deadline, so if you’re on vacation or out of office, you’ll still get that one week period to set up 2FA when you’re back at your desk.

    They also describe why the requirement makes sense/is necessary.

    No mention of commenting issues etc. I suspect missing 2FA is just one factor that got you flagged.