How to contribute on github anonymously via Tor?

Question

I would like to contribute anonymously to projects on github. Not to cause mischief, more in the spirit of anonymous donations.

The tool of choice for being anonymo

Answer 1

You could commit locally on a clone of the project, and then use git format-patch to send the commits via e-mail.

Answer 2

You can use tsocks or torify to make any application work through Tor.

Answer 3

Configure git proxy server Getting git to work with a proxy server

or if this doesn't work with the TOR network, then simply run your git command in a virtual machine where the host machine is using the TOR network to connect to the outside world

I assume this will obfuscate the origin of your commit, but the anonymous email part may still be difficult.

Anonymous email providers come and go, but as of 2015 Lelantos is currently a TOR hidden service that offers clearnet email addresses. Payable in Bitcoin but you can anonymize all bitcoin transactions using http://www.xmr.to which lets you pay bitcoin receipts using the more private Monero network.

Why not simply do a pseudonymous email that you also create while in TOR, never access it from outside of TOR, and use that for github compliance

Answer 4

Most of the answers in this thread do not go about replying question asked.

You asked: Is it possible to use all applications of my operating system through tor, so as to make anonymous contributions. It might be necessary to do so in occasions where contributing to software projects puts you in legal risks (e.g. contributing to cryptography libraries where cryptography is illegal.)

You have been suggested to use postal mail (currently the most popular answer?), to go to the cyber-cafe next to your home, which very probably has a camera, and to use very brittle configurations which put you at risk. Some answers are outright stupid, and some others are valid enough, though they require everything to be setup perfectly to work.

It may happen that you (or some software you install) accidentally misindents or breaks a configuration file, causing your connections to go to github in the clear. Furthermore, it is possible that an ISP level attacker see which packages you are installing for development, and he is able to identify what sort of project you are working on.

This is in most cases, unacceptable. For me, and my current setup, it is necessary that:

• All connections to Github are guaranteed to go through TOR.
• All non-tor connections are dropped, and all DNS goes through TOR.
• All TCP traffic from your machine is routed through tor. This includes apt-get, all the connections your IDE makes, everything.

This is very complex and is far out of my league. Luckily, there are distros which allow for this kind of thing, such as Tails or Whonix. There is another distro, Attack Vector, which might come with development tools, but is not as proven.

After installing one of these, you will be able to access github's interface through tor browser, and you will be able to commit either through SSH or HTTPS, whatever your preference, without special configuration.

I would suggest Whonix, since it's easier to persist data you need to work, and guarantees a root level compromise on the main machine does not compromise your identity.

Answer 5

Have you considered going the old-fashioned 'mail them a patch' route? You could simply check out the repository (using Tor and Git-over-HTTPS if you want), make your improvements, then do a git diff and send the project owners the patch using any anonymous messaging service. Freenet and postal mail come to mind.

Note that if I were the owner of a large(ish) project, I would never ever accept a patch from an anonymous entity, for a few reasons. Even if the person in question isn't necessarily nefarious, having code in the system that nobody is responsible for is a scary thought at best. Also, think about code ownership and copyright troubles.

Answer 6

You could try using the Cloud 9 IDE

Access it via Tor, create new Github and Bitbucket accounts.

Fork whichever project you want to contribute to, make your changes, send the pull request or patch

win