In the absence of an authority who can comment on this or an authoritative reference, I think your comment is just as dangerous and inaccurate as the parent comment. Unfortunately everyone is using very strong language to silence the other side and no one is offering up any kind of evidence to substantiate their position. Different groups of people get harmed when such strong assertions are made without any kind of evidence.
>With that said, most companies do not start blocking these IPs until they are either contacted by US authorities and asked to comply or via the recommendations of an audit by an outside private company.
Most companies don't block IPs from within Iran, including Github, Google, or Microsoft. Is it your suggestion that GitLab's legal team knows something that Microsoft's and Google's legal team doesn't?
Now I am not an expert myself, so no one should consider my post authoritative, but the evidence that is available suggests that there is not only any requirement by U.S. companies to restrict access to people in Iran for a wide variety of software and Internet services, there actually appears to be a section regarding "Expanding Internet and Communications Freedoms" which in 2010 was used to promote the spread of mass communication technologies and internet services within Iran without the need for a company to apply for a waiver.
Now once again, I am not claiming to be right on this issue, but at the very least I am willing to provide evidence for my claims that come from authoritative sources.
Here is the interpretative guidance by the Treasury Department which authorizes the export to Iran of online services such as, and I quote "instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, and blogging, provided that such services are publicly available at no cost to the user." And there are additional examples of software that may be exported to Iran for personal use, with specific examples provided including Dropbox.
It appears that companies are permitted to export online services to individuals in Iran so long as, and I quote " is classified by the Department of Commerce as mass market software under export control classification number 5D992, and is publicly available at no cost to the user."
Given that this is the only authoritative evidence anyone has bothered to present in this discussion, it appears a case can be made that GitLab is over-enforcing trade restrictions with Iran.
Now the reason they may have for doing so is that it's not worth serving that part of the world and so be it... but the counter argument is that there are people living in Iran who can use these technologies especially during times of protest to share communications technologies with one another and so if it's not a major burden for Github, or Dropbox, or Slack to keep their services available, then they can be of great benefit to that part of the world. At the very least the Treasury Department's own interpretation of the law agrees with my position as it is documented in the link I provided.
Describing the decision to build a partially functional "sanctioned" country website and account degradation as overcompliance is misleading as it is the default behaviour for most complying to US sanctions regarding IP blocking other countries.
I didn't describe Github as overcompliance, I described GitLAB as overcompliance. There are plenty of U.S. based internet services that work in Iran. There are instances where Iran has banned Gmail, and Iran currently has bans on Facebook and some other social media sites, but that's because the government of Iran has imposed such bans to prevent its people from using the Internet to engage in the free flow of information, not because of the U.S.
The links you mention don't state that Github did any work to comply with U.S. sanctions. The links you state are consistent with the links I posted which is that Github is welcome to provide online services to Iran that are free of charge.
Feel free to counter this by pointing out any particular feature or work that Github has to implement unless your suggestion is that denying access to people in Iran paid services like Github Enterprises is somehow a form of "additional feature work put in place" to support Iranian users.
>With that said, most companies do not start blocking these IPs until they are either contacted by US authorities and asked to comply or via the recommendations of an audit by an outside private company.
Most companies don't block IPs from within Iran, including Github, Google, or Microsoft. Is it your suggestion that GitLab's legal team knows something that Microsoft's and Google's legal team doesn't?
Now I am not an expert myself, so no one should consider my post authoritative, but the evidence that is available suggests that there is not only any requirement by U.S. companies to restrict access to people in Iran for a wide variety of software and Internet services, there actually appears to be a section regarding "Expanding Internet and Communications Freedoms" which in 2010 was used to promote the spread of mass communication technologies and internet services within Iran without the need for a company to apply for a waiver.
Now once again, I am not claiming to be right on this issue, but at the very least I am willing to provide evidence for my claims that come from authoritative sources.
Here is the interpretative guidance by the Treasury Department which authorizes the export to Iran of online services such as, and I quote "instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, and blogging, provided that such services are publicly available at no cost to the user." And there are additional examples of software that may be exported to Iran for personal use, with specific examples provided including Dropbox.
https://www.treasury.gov/press-center/press-releases/Pages/t...
Here is an FAS report prepared for Congress that explains the kinds of software that is legally permissible to export to Iran (page 34):
https://fas.org/sgp/crs/mideast/RS20871.pdf
It appears that companies are permitted to export online services to individuals in Iran so long as, and I quote " is classified by the Department of Commerce as mass market software under export control classification number 5D992, and is publicly available at no cost to the user."
Given that this is the only authoritative evidence anyone has bothered to present in this discussion, it appears a case can be made that GitLab is over-enforcing trade restrictions with Iran.
Now the reason they may have for doing so is that it's not worth serving that part of the world and so be it... but the counter argument is that there are people living in Iran who can use these technologies especially during times of protest to share communications technologies with one another and so if it's not a major burden for Github, or Dropbox, or Slack to keep their services available, then they can be of great benefit to that part of the world. At the very least the Treasury Department's own interpretation of the law agrees with my position as it is documented in the link I provided.