There's a Dark Web GitHub For Controversial Code

It's not uncommon for files hosted on sites for open source coding, like GitHub, to draw the unwanted attention of authorities. From copyrighted material to software in support of ISIS, there are numerous examples of content that might piss off the wrong government official online.

Now, there's a service on the dark web that will let upstart developers craft their controversial projects anonymously, and with the knowledge that governments or the service itself can't block access to their code.

GitHub is a popular destination for collaborative open source coding, but it's not ideal for, shall we say, sensitive projects. For one, governments can easily ask internet providers to block access to it. Last year, both India and Russia blocked Github temporarily for hosting content supporting ISIS and hosting content relating to suicide, respectively. China, for its part, briefly blocked GitHub in 2013.

Another problem is that anonymity isn't easy to maintain. Even if you sign up with a fake name and choose to keep your email hidden, there are ways to easily circumvent that and uncover your email.

Enter git.psi.i2p [Tor link], a so-called "git without bullshit" that went live last week. The site is accessible through your choice of two privacy-protecting technologies: Tor's anonymizing Onion network, and a newer and less-tested technology called I2P. Jeff Becker, the git's creator—who also works on the main I2P project—won't be complying with any government takedown requests, he wrote me in an email.

"I am 100 percent politically neutral to all content of the site," Becker wrote me, insisting that GitHub "taking sides" politically is ruining the "meritocracy" of the internet. "Anonymity creates the purest forms of meritocracy that can exist in human society currently," he added.

So far, Becker's git repository is being used by the creators of a Russian pro-privacy social network called Onelon (the Russian equivalent to Facebook, VKontakte, was effectively sold to kremlin-friendly parties last year). Someone has also uploaded the source code to the infamous "Netflix for pirates" app, Popcorn Time, and there are some mirrors to various projects that live on the clearnet GitHub site.

In other words, the site already seems to be in use by the people you'd expect to latch on to this type of thing: people living under oppressive government regimes, and pirates. In casting his GitHub clone as a "neutral" platform, Becker—who also singled out identity politics as being one of the evils of the clearnet—suggested he might not be particularly averse to the troll-ier side of coding that has given rise to projects that discriminate against people online based on their genetic makeup. (Neither is GitHub, for what it's worth—that infamous repository is still online).

The big question for both good and bad-faith users, however, is whether or not the site is really secure. Just because the site is hosted on both the dark web and I2P doesn't mean that users won't need to be wary about what they upload.

Watch more from Motherboard: Buying Guns and Drugs on the Dark Web

Tor is thought to be reasonably anonymous, for example, but researchers have figured out a multitude of ways for attackers to keep tabs on your traffic. I2P is seen by some as heir to Tor (the successor to the famed and now-defunct Silk Road market moved to I2P), but simply hasn't been put through the same paces as Tor. While we know that Tor has its vulnerabilities, with I2P, we don't even know what we don't know.

"Would I recommend one other [sic] the other? No," Becker wrote. "Would I recommend relying on Tor or I2P to protect your life? No. All I can say is that security isn't a simple question and because of that I can't give a simple answer."

Whichever access point you choose, it's probably going to be more secure and anonymous than simply accessing the regular GitHub site over Chrome, or whatever browser you prefer. Just don't be an asshole with your newfound ability to code anonymously, okay?

CORRECTION 11/24: An earlier version of this article stated that China has blocked GitHub since 2013. In actuality, China blocked GitHub for a period of several days in 2013. This article has been updated, and Motherboard sincerely regrets the error.