Spyke
privacy·Privacybyrrobin

Gitlab now requires phone number/credit card verification

Looks like gitlab now requires account verification for new accounts in addition to email. Either phone number or credit card.

This applies both to accounts created with a working email or by logging in using your github account. You can't even verify your email until you go through step 1.

I don't know when this started, but at least for the last month or two judging from these posts in the forums.

Fun fact: I don't even want to host on gitlab, I just wanted to report bugs in some projects. So I'm locked out.

View original on lemmy.world
444
Comments89
bamboo
lemmy.blahaj.zone

I'd assume this will be a non issue once they implement ActivityPub. They can enable whatever account restrictions on their gitlab instance, but if I don't want to provide this information to report a bug, then I can use another instance or self host my own, without the account restrictions.

88
ipkpjersireply
lemmy.ml

You really think they will add a full ActivityPub implementation? I highly doubt it.

14
bambooreply
lemmy.blahaj.zone

From the Summary in the link:

The end goal of this proposal is to build interoperability features into GitLab so that it’s possible on one instance of GitLab to open a merge request to a project hosted on an other instance, merging all willing instances in a global network

6
Lexi Sneptaurreply
pawb.social

I don’t even really see this as an issue now personally. I guess it’s the principle of the thing.

1
blindbunny
lemmy.ml

I was asking like less then a month ago what's wrong with gitlab when Firefox switched to GitHub, now I know.

62
voxelreply
sopuli.xyz
  1. firefox were using self-hosted mercurial + git with sync
  2. they just dropped mercurial, they're still not on github
    only misc. libraries and the android frontend are on github, and firefox/mozilla has never used gitlab
14
poVoqreply
slrpnk.net

Softfork. Basically the version that runs on Codeberg.org

15
poVoqreply
slrpnk.net

Work in progress, but it's taking longer than I expected.

8
kevincox
lemmy.ml

This really sucks for bug reporting. I don't mind this at all for hosting as that cost notable resources (especially their free CI tier) and they can set their own terms, but I want people to be able to report bugs without any trouble. (Although if spam is an issue maybe projects could opt-in to requiring this verification to report bugs).

A work-around is maybe the service desk feature allowing reporting bugs via email but this has issues for proper collaboration:

  1. The reporter's email is shared.
  2. The issue is private by default.
  3. Can't collaborate on an existing issue.

Maybe I'll just go back to mailing lists... Or GitHub has gotten better recently. But GitLab's CI is so much better.

34
TauZeroreply
mander.xyz

I want people to be able to report bugs without any trouble.

Thank you for being aware! I've experienced this on github.com. I've tried to submit issues several times to open source projects, complete with proposed code to solve a bug, but github shadowbans my account 6 hours after creating it (because I use a VPN? a third-party email provider? do not provide a phone number? who knows). I can see the issue and pull request when logged in, but they only see a 404 on their project page even if I give them a direct link. I ended up sending them a screenshot of the issue page just to convince them this was even possible. Sad to hear gitlab does it even worse now by making phone mandatory.

14
katy ✨
lemmy.blahaj.zone

sorry but deleting the account is absolutely ridiculous.

mark it inactive but just deleting someone's entire git history because they didn't put in a phone number or credit card is so dumb.

i don't even need a phone number or credit card for my github account.

26
MooseBoysreply
lemmy.world

deleting someone's entire git history

Based on the image text this is for new accounts only. My account has neither phone nor credit card and I’ve not been asked to re-verify. Maybe they’re having problems with bots at the moment.

16
intrepidreply
lemmy.ca

Maybe they’re having problems with bots at the moment.

I have to go through the ridiculous cloudfare verification page now. How do they have a bot issue?

0
LiveLMreply
lemmy.zip

Probably people trying to mine Crypto on the CI runners again

3
Fischreply
lemmy.ml

I think this is for new accounts only, if you already have an account, your E-Mail will already be verified

7
Wilzaxreply
lemmy.world

Good thing it's only deleting your account if it's a new account that you didn't finish the registration process for

5
Name
programming.dev

Just tried this out using a typical temporary email address (temp-mail.org) and a VPN (AirVPN).
I was only asked to confirm my e-mail address within 3 days, never for a phone address or any banking details.

Judging by the first post you've linked to, it's only necessary for paid accounts or free trials.
The person in the second post is trying to register via GitHub / Google, well... sucks for them.

25
rrobinreply
lemmy.world

I've tried a few times in the past 2 weeks. Using a good email account and also with github, no luck though. Maybe its doing some "smart" heuristics to trigger it.

I just retried now, using that temp mail (but no vpn) and got the exact same phone verification. Maybe my IP address is evil :D

7
tarneoreply
lemmy.ml

Because it's a decent competitor to the GitHub monopoly. It also has a few unique features when compared to it. Just guessing why OP uses it though (many people do)

18
GrappleHatreply
lemmy.ml

Sorry, I meant "GitLab, why'd you do that!?"

(I'm a GitLab user myself)

30
Klaymorereply
sh.itjust.works

It's unencrypted, your ISP / Starbucks wifi can read all the files you send. Use SFTP instead.

15
intrepidreply
lemmy.ca

Is there any reference for this? I can't find anything relevant. Just curious.

1
intrepidreply
lemmy.ca

I'm aware of FTP. It's still around in certain circles. But for a moment I thought that there was some sort of integration between ftp and git. I guess not.

1
voxel
sopuli.xyz

isn't the official gitlab instance primarily a paid platform? cc verification makes sense then.

15
Pantherina
feddit.de

I know this sucks. But I imagine this is because of previous abuse by bots or something. Could be simply evil though.

15
intrepidreply
lemmy.ca

How many instances will one have to register on? This isn't going to improve until forgefed is done.

2
intrepidreply
lemmy.ca

You won't be able to contribute to a project on any of those instances, unless you register on it. So if you are a prolific contributor, you might end up signing up on dozens of those instances.

Forgefed is a federation protocol for such instances. It's based on ActivityPub - the same that powers Lemmy and Mastodon. You can have just one account on a single instance and still be able to contribute to projects on multiple others. It's still in the works though. It's expected that at least gitlab, gitea and forgejo will support it.

1
privacybroreply
lemmy.ninja

this is really cool, thanks for the info. federated or decentralized git is long overdue

1
interdimensionalmeme
lemmy.ml

What's the best way to circumvent phone number verification ? My burner YouTube account, which has nothing unsavory on it, has been marked for phone number verification or else I can't login at all.

Of course I'm not giving them my real phone number. What the best way to fake this?

8
interdimensionalmemereply
lemmy.ml

I tried VoIP addresses and got the message "we can't use that number". Is Firefox relay immune to that?

1
ChaoticNeutralCzechreply
feddit.de

Impossible in some countries, like Germany with mandatory ID validaion. Luckily, our Pirate Party leader, a telecommunications expert, blocked this proposal here.

2
interdimensionalmemereply
lemmy.ml

But using the sim will identify location and IMEI. Anyway that's quite expensive, like 10$ per account ? Ouch !

1
hottarireply
lemmy.ml

There are no ways to beat this. They want your real number. That's the point.

2
macattack
lemmy.world

Experienced the same issue when I tried to sign up 2-3 months. Went down a rabbit hole and then just decided to not host w/ them.

There is a workaround where you can create an account if it is on a different gitlab instance (ie: I was able to join https://git.joinfirefish.org/ w/o the CC info) but I don't know how useful that is in the grand scheme of things.

8
Slotos
feddit.nl

Sourcehut. The answer is sourcehut.

You don’t even need an account to submit patches, just configure git send-email.

8
intrepidreply
lemmy.ca

Some people seem to think that setting up send-email and mailing patches has too much of a learning curve and 'barrier to entry'.

3
intrepidreply
lemmy.ca

Get one of those cheap thin-client or micro-ATK type desktop, install as a server and move your online services there. Too bad this isn't that popular yet.

1
Possibly linux
lemmy.zip

Codeberg looks interesting but it would be nice to see a US based version. Anyway I think its clear gitlab is problematic

4
Fischreply
lemmy.ml

Why does it matter where it's based?

6
intrepidreply
lemmy.ca

Honestly, the servers not being in the US is a feature these days - even for US-based customers.

9
Fischreply
lemmy.ml

Why does that matter? It doesn't make a difference

1
Possibly linuxreply
lemmy.zip

I does though, with all of the sketchy laws around tech. The US isn't great but at least I can vote here.

1
Denatured
lemm.ee

What would you guys recommend for a service to use to verify phone numbers for platforms, on topic, such as gitlab? I know there is some sort of list of voip service providers that most of these platforms blacklist. Where do they get such lists from and how can one view such lists?

3
onlinepersona
programming.dev

Has this already been introduced for existing accounts? Gitlab has been moving in an unsatisfying direction for a while now and these kinds of shenanigans really make me want to move.

CC BY-NC-SA 4.0

0