Privacy-friendly source code hosting recommendations

Hi all!

I have two questions, basically:

  1. Inspired by PTIO’s Gitea closure

I haven’t find a specific category for code hosting services (it might be that I have just missed it, sorry if this is the case).
The closest thing I’ve found (in the recommendations), so far, is Keybase’s encrypted git.
I (and I hope I am not alone here) would be interested in team’s recommendations on source code hosting services, inclined to privacy (so would you, please, consider adding such category of recommendations?).

Here are providers I have found, with characteristics that might be of interest (basically this is a compilation of information from GitComp, and those topics on forum: 1, 2, 3):

information below is actual as of April 30 2020

Github
Public repositories: unlimited & free
Private repositories: unlimited & free
Pages (static hosting): yes (free only for public repositories)
Owned by: Microsoft
Owning company runs advertisements (risk of profiling, if not now - then in future): yes
Hosted: ? self-hosted
Tor mirror: no

Gitlab
Public repositories: unlimited & free
Private repositories: unlimited & free
Pages (static hosting): yes (free for any repositories)
Owned by: GitLab Inc.
Owning company runs advertisements (risk of profiling, if not now - then in future): no
Hosted: ? cloudflare
Tor mirror: no

Bitbucket
Public repositories: unlimited & free
Private repositories: unlimited & free
Pages (static hosting): yes (free for any repositories)
Owned by: Atlassian
Owning company runs advertisements (risk of profiling, if not now - then in future): no
Hosted: ? self-hosted
Tor mirror: no

CodeGiant
Public repositories: unlimited & free
Private repositories: unlimited & free
Pages (static hosting): ? no
Owned by: Codegiant, Inc.
Owning company runs advertisements (risk of profiling, if not now - then in future): no
Hosted: ? Amazon CloudFront
Tor mirror: no

NotABug
Public repositories: unlimited & free (~1GB size limit per project)
Private repositories: unlimited & free (~100MB size limit per project)
Pages (static hosting): no
Owned by: self organized collective
Owning company runs advertisements (risk of profiling, if not now - then in future): no
Hosted: ? self-hosted
Tor mirror: yes

codeberg
Public repositories: free (? for FOSS projects only)
Private repositories: free (? for FOSS projects only)
Pages (static hosting): yes
Owned by: Codeberg (a non-profit organisation)
Owning company runs advertisements (risk of profiling, if not now - then in future): no
Hosted: ? self-hosted
Tor mirror: no

  1. Are you guys going to move PTIO from GitHub to codeberg.org (I have just stumbled on this repo, sorry if it was a “secret”)?

That’s it for now.
Thank you for important work you are doing, keep it up!
:+1:

3 Likes

most of privacy friendly services you will find option to host it on your own so i will say anything from this list that you can host it on your own server to get your own data no one else

+1 for Keybase, if you just need a plain old git repo (no wiki, no tasks, no bulids, …) and it’s for private use or a small team. It’s easy and, hopefully, about as private as they come.

Other than that, the only one I have experience with is a self-hosted Gitlab instance. It’s fantastic. I have no experience with the public Gitlab environment.

1 Like

Sourcehut is probably a good candidate too. The primary developer is an active open source developer, and being open source you can host if yourself (I’ve not tried though)

2 Likes

There is also, always a privacy/tracking concern with big entities like Atlassian, even though they do not sell advertisement directly. So best option for private repository probably, would indeed be something Keybase’s encrypted git.

UPDATE:
Here is also a link to short list of git providers, from @Mikaela in another topic.

1 Like

Has also potential ethical concern with them working with U.S. Immigration and Customs Enforcement (ICE) and blocking certain countries due to US trade export restrictions.

Hosted on Google Cloud Platform and has the same US restrictions.


On selfhosting, Gitea has been pleasantly painless experience for me while I mostly just upgrade an internal instance.

Thanks for the updates/clarifications. I thought GitLab recently moved to Cloudflare (which has it’s own perils), or have I misunderstood anything?


P.S.: Both links, in your post, lead to https://about.gitlab.com/blog/2018/07/19/gcp-move-update/, is it intentional?

1 Like

Sorry, it seems that my information is outdated and I wasn’t aware of their Cloudflare (or previously Fastly) usage. However if I understand that announcement correctly, they are staying on Google Cloud Platform, but having all traffic to them go through Cloudflare (instead of Fastly) now.

No, sorry, the other link was supposed to go to their issue tracker and user feedback from blocked countries.

I wonder if using Fastly or Cloudflare has “fixed” the GCP blocking.

1 Like

I was going to say the same, it’s your best bet in my opinion, after that I guess GitLab is okay, but their GUI is horrible and really unorganized - Haven’t tried SH, though -.

I have to take this chance to complain how GitLab makes me sad when I am interested in some project and would like to hear when they tag or release anything, but GItLab forces me to have a lot of email spam instead :frowning:

Gitea has had a lot more positive response to the request.

1 Like

Here is another service provider:

GForge
Public repositories: unlimited & free
Private repositories: unlimited & free
Pages (static hosting): no
Owned by: The GForge Group, Inc
Owning company runs advertisements (risk of profiling, if not now - then in future): no
Hosted: ? cloudflare
Tor mirror: no