[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] github terms of service issues

The software as an industry seems to be moving towards age-inclusiveness.  There are significant issues with allow minors to sign up for any internet-facing service, and it would likely take years of legislation on with support from many companies to provide new guidelines that protect kids and enable them to use services like github.  The main stipulation seems to be about requiring a parent's permission to use "social" features, like chat and email.  Since github allows contact between members, it would be subject to regulation protecting children's privacy.  IANAL.


Given the broad support for an enforcement of children's privacy in the USA, I don't see children being allowed on the service without a parent's permission for a long time.  From my understanding, github is no worse than other sites subject to US law, in respect to how children accounts are handled (or not).

On Wed, Mar 29, 2017 at 4:05 AM, René Dudfield <renesd@xxxxxxxxx> wrote:
I reached out to a few people, and even the PSF, and Raspberry PI foundations, and also emailed the python EDU-sig mailing list some hours ago. I expect there's a lot more educators on that list who might have figured out a solution. (Nik, are you on that list?)

However, no response at all so far. I expect this will take quite some time to find a solution to this.

It's not like they're going to go... oh, right! I see, we're discriminating against kids here - my bad. Let's fix it... done! Likewise, groups like Raspberry Pi, and the Python Software foundation (neither of which have responded yet) are not going to speak out against one of their corporate sponsors (right away at least) who also provide them with great tools for free*. Similarly, for github to fix this, it will take them quite some time. I expect these international legal issues are very complex, even for them.

I think Github have a fairly good track record of fixing issues like this. Although they benefit massively from FLOSS, they do provide great value to society, and the FLOSS movement.

So what can tiny pygame do? We can continue to raise the issue, and seek solutions in other ways. Giving attribution, and things like credit go a long way in FLOSS. I hope the copyright assignment to parents work around could be used (waiting for feedback from Nik on this?). But I think we can still credit them personally even in that case. Gold stars all round.

Github is where lots of FLOSS work is done at the moment, and I think pygame repo not being on there is going to have zero effect on fixing the issue. Additionally, I think pausing the transition for much longer is not a good idea.

But I can't really make the decision here. So I await feedback from others, and Nik in particular about if the suggested work arounds, and plan to effect change are acceptable?

[(A personal story in here, of why I think this is a big issue. One of my brothers is quite a lot younger than me, and when he was five we made a video together about trains. Well, he made up the story, and used the camera, and even edited it. Then we uploaded it to youtube together. Since then he's gone on to make hundreds of other short films with his friends. That moment when you realise you can create things, and send them out to the world is pretty amazing. Digital culture is really a big part of peoples lives, and anything we do to help people participate(and not just consume) is a gain for all of us. We did choose not to link my brothers name to it, because the internet allows any random person to 'comment' on things, and many nasty comments were in fact left (they have since cleaned their comment system up). The story from Nik where a python tutor learned python from a book co-authored by a child also shows that there is value to society in letting all people contribute.)].

On Mon, Mar 27, 2017 at 9:00 PM, Daniel Foerster <pydsigner@xxxxxxxxx> wrote:

On Mar 27, 2017 08:41, "Dominik George" <nik@xxxxxxxxxxxxx> wrote:

The first issue is children under the age of 13 years not being allowed
to register with GitHub. This issue already existed before GitHub
updated their ToS, and they claim it is because of COPPA. I do think
that they could easily fix this by not requiring a legal name, which is
the only data thewy colelct that falls under COPPA, but they don't
listen. Then, COPPA only "protects" US children, and GitHub are, in my
opinion, wrong in putting this age restriction in their ToS explicitly.
They could simply tell users "you need to be legally able to accept our
privacy terms". This would mean that in the US, the restrictions by
COPPA would apply, and in e.g. Germany, a child aged seven and above
could register given parental consent. I had a lengthy discussion about
that with GitHub Legal, but with no result.

I'm almost completely certain that the COPPA applies to websites in the US regardless of the location of the website user.

Now you might wonder whether contributors younger than 13 years do
matter at all. Please note that this is primarily opinion-based - this
aspect of my criticism is therefore explicitly opinionated. I *do* think
that excluding a certain age group is plain discrimination against a
subgroup of people. Furthermore, I have seen children as young as nine
or ten years contribute to free software, both with bug reports and with
actual code patches. This is something that is not widely seen, as
Teckids is the only organisation (according to people at international
conferences) actually helping young users to become *active* members of
the community, but it does exist and I am strongly against adding
hurdles to it.

I'd suggest looking at some of the things StackOverflow has suggested on this topic; for example, having parents set up an account and then "giving" it to the child at the legal point in time.
A quite
good analysis of that can be found here
https://www.mirbsd.org/permalinks/wlog-10_e20170301-tg.htm and here

I have spoken to two lawyers about that, and they basically say that on
first glance, the ToS are indeed very problematic.

The FSF, in the meantime, has published a post stating that the new ToS
do not conflict with the GPL license family here
(but they still discourage use of GitHub), I (and others) do not think
their view is correct, because the ToS explicitly say that they may use
works without attribution, and the GPL licenses explicitly require
copies to carry attribution. Also, even if the FSF is correct, this only
applies to GPL, and probably not to CC-BY-SA and other licenses
requiring attribution, or even prohibiting sub-licensing under other

The problem with this is that actual lawyers in the field have pointed out that these non-legal articles are almost certainly completely baseless. Saying that you think the FSF is wrong seems a bit presumptuous seeing they're paid to be able to understand this sort of law.

In any case, with GitHub imposing  terms on a license granted to
them, all contributors also need to grant this license, for past *and*
new contributions. *If* the separate terms do not conflict with GPL,
this might be a non-issue for GPL code, but it might be an issue with
other licenses. As I see that, in order to merge code into the
repository hosted on GitHub from an outside contributor would require
them to expclicitly grant a license as required by the GitHub ToS, or
even accept the ToS even if they do not register with GitHub.

I'd suggest looking at the HackerNews discussion of the mirbsd.org article if you have not already; there's no change in rights to the code beyond what is already provided by uploading code to the publicly accessible internet.