Correct, I wasn't a paying user — that's the point for a student building anti-censorship tools with zero budget.
"Scanning remote servers without authorization" is a mischaracterization. These were publicly listed VPN endpoints from open GitHub-hosted config files, validated with standard connectivity tests — TCP ping, handshake check, speed test. Same thing every VPN aggregator does.
As for Actions usage: ~30 min every 6 hours for one repo, ~5-10 min hourly for another. Total roughly 1-2 hours per day. Hardly the resource abuse you're imagining.
Now I'm on GitLab for code hosting and found a way to compile for free from my phone without draining its resources. Zero-cost infrastructure is the goal — I'm not married to any platform.
But I appreciate the assumption that I must be doing something shady.
GitHub is a US company that processes data of EU residents. They're subject to GDPR. I've been in cybersecurity since I was 14 — data protection laws aren't new to me.
Additionally, California BPC § 17200 applies since GitHub is California-based.
> GDPR allows companies 30 days to answer
Correct. I filed the DPO request on March 17. The 30-day window hasn't expired. I'm sharing this now because the permanent ban came 70 minutes after my legal appeal with no review of the actual arguments.
> Why FTC. Didn't you say you're from Russia?
FTC accepts complaints from anyone regarding US companies. GitHub is US-based. Their business practices affect international users.
> I'm guessing the pages were largely AI generated?
I used AI to help with English phrasing — it's not my first language. The legal framework and arguments are mine. I've been interested in cybersecurity, privacy, and cryptography since I was 14. I considered getting into cypherpunk circles at one point. GDPR Article 20 isn't exactly obscure knowledge for someone in this field.
> theft of intellectual property
Fair point on the wording. More accurately: GitHub is refusing to provide data portability as required by GDPR Article 20. I retain copyright but am being denied access without due process.
> Having no backups is hardly the provider's fault
You're right I should have had backups. But GDPR Article 20 grants an unconditional right to data portability. "You should have backed up" doesn't exempt a company from legal obligations.
> That sounds like you have the code at least
I had a local copy of the VPN client (rsquad) from March 2. I lost:
- Other repositories (hpp, node-filter, loshad-scoc, zhopa-bobra)
- All issues and pull requests
- Wiki content
- Release packages
- Account settings, SSH keys, GPG keys
> GitHub is a US company that processes data of EU residents. They're subject to GDPR.
You aren't located in the union in any way.
> I've been in cybersecurity since I was 14 — data protection laws aren't new to me.
Great, then you should be familiar with Article 3 of the GDPR:
> This Regulation applies to the processing of personal data of data subjects who are in the Union [...]
> This Regulation applies to the processing of personal data of data
subjects who are in the Union by a controller or processor not established in the Union [...]
And Article 20 does actually have several conditions, it's not unconditional.
...
> Additionally, California BPC § 17200 applies since GitHub is California-based.
What does this have to do with "unfair competition"?
"Scanning remote servers without authorization" is a mischaracterization. These were publicly listed VPN endpoints from open GitHub-hosted config files, validated with standard connectivity tests — TCP ping, handshake check, speed test. Same thing every VPN aggregator does.
As for Actions usage: ~30 min every 6 hours for one repo, ~5-10 min hourly for another. Total roughly 1-2 hours per day. Hardly the resource abuse you're imagining.
Now I'm on GitLab for code hosting and found a way to compile for free from my phone without draining its resources. Zero-cost infrastructure is the goal — I'm not married to any platform.
But I appreciate the assumption that I must be doing something shady.