GitHub Wire Fraud - opensupporter/osdi-docs GitHub Wiki
GitHub Wire Fraud is a set of tactics that people use to misrepresent the apparent authorship, labor and activity when viewed through GitHub blame and insights.
Intro
This is a note from Josh Cohen, the creator of OSDI. I created and led this project after the 2012 election, which functioned as an Standards Development Organization (SDO), based on common practices at other SDOs like IETF, DMTF, W3C, ISO, etc. The project functioned as a democracy through 2019, with over 300 committee meetings taking place.
The bulk of the authorship and labor that created the specification and evangelized adoption (which created the largest REST based App ecosystem) were my contributions. There are other contributors, but the overwhelming majority of work and authorship is mine. However, due to the GitHub fraud tactics described below, the authorship appears to be the work of others.
Action Network and AFL-CIO, and their joint development effort Action Squared, were passing the work off as their own, to use for their own proprietary API and ecosystem, which is contrary to the mission of interoperability standards. From the beginning, along with Nathan Woodhull and subsequent co-conspirators, they engaged in racketeering conspiracies to gain control of the project, operate it, and invest the proceeds of their racketeering activity into their own enterprises. The predicate acts include wire fraud, extortion, copyright infringement. The enterprises include Action Squared as well as venture capitalist Higher Ground Labs' portfolio companies.
In simple terms, Defendants were were exploiting my labor, proficiency, and retirement savings for over 7 years. I did the work, which helped everyone as much as myself. Defendants misappropriated the value and profited from it, using it as a proprietary app store (Action Squared) and to secure venture capital.
The intellectual property in OSDI specification is at the core of my complaint in federal court against Action Squared, Action Network, AFL-CIO, DNC, MoveOn.org, Civitech and Nathan Woodhull. The claims include racketeering, copyright infringement, and violation of section 1 of the Sherman Antitrust Act.
The complaint can be found at this URL. https://storage.courtlistener.com/recap/gov.uscourts.nysd.611005/gov.uscourts.nysd.611005.29.0.pdf
The most important part is the unfair competition section, beginning on paragraph 425, page 52. because Defendants' unlawful conduct in a market that constitutes essential resources for candidates running for election makes primary elections less fair, since Defendants used the proceeds of their racketeering to create gatekeeper powers.
Github Fraud Tactics
Git Blame Game
One tactic used is making commits that include more changes that don't constitute authorship than those that do.
GitHub "blame" shows the last person to make a change to a line in a file. That's different from authorship. A recent committer can add a period, change indentation, or copy/paste, which will change the "blame" attribution.
OSDI Core
When the OSDI specification is viewed in blame mode, the authorship appears to be that of Action Network's Director of Technology, Jason Rosenbaum, user "j-ro"
https://github.com/opensupporter/osdi-docs/blame/gh-pages/README.md
However, the underlying authorship for the essential IP in the specification is largely mine (joshco). Seeing the fraud in its entirety requires stepping through the commit history.
However, to see the highlights, here is an early version of the specification, which was sole authorship by me, emailed to the committee in 2013.
https://groups.google.com/g/osdi-dev/c/GxbZciz7dk4
Next, here is the version of the specification just before Action Network joined in November 2013.
https://github.com/opensupporter/osdi-docs/tree/precan
It can be viewed in "blame" view, which shows my underlying authorship:
https://github.com/opensupporter/osdi-docs/blame/precan/README.md
An example commit that contains a significant amount of this fraud is a commit made by j-ro on Feb 17, 2015.
Prior to that commit, the blame view of the readme shows:
https://github.com/opensupporter/osdi-docs/blame/2ecd98eb02bd14d132e55568c8c7ef29d46bc161/README.md
J-ro's commit reorganizes existing content and makes small tweaks.
"introduction update" https://github.com/opensupporter/osdi-docs/commit/4660ed9cb680c43727a42c0461386d968f662ac7
The effect of this resets the blame attribution to j-ro. An easy example to see is how j-ro moved the contributors list from the top to the bottom of the file.
These tactics are spread across many commits. Another "updating examples" makes changes to the JSON examples, but the blame for entire examples are set to j-ro.
"updating examples" https://github.com/opensupporter/osdi-docs/commit/230b3a07bddf046bf79ed31a4eafc3530e0f14d4
At this point, it should be clear that anyone who has been led to believe that Action Network is responsible for the authorship should realize that they have been misled.
For those with the energy, here is an exhibit which lays out the evolution of the authorship for each section in the README, which is the core of the specification.
https://joshco-public.s3.amazonaws.com/exhibit_2_osdi_published.pdf
OSDI Person Signup Helper
OSDI Person Signup Helper is the most commonly used part of the OSDI specification. OSDI uses Helpers to optimize common scenarios that would normally require multiple REST based operations. From the spec:
OSDI also allows a client to perform a number of operations at once that in a traditionally RESTful API would take multiple requests through the use of helpers. For example, helpers can be used to create a new Person resource and register that this new person also signed a petition at the same time, something that with REST would require two operations (first creating the person, then associating them with the petition).
The original authorship of Person Signup Helper is mine, beginning Apr 30, 2014. in the following two commits. The first is the original authorship, the second is a change to the hierarchical structure of the message.
https://github.com/opensupporter/osdi-docs/commit/e4f894def976ee35851d8bf70360ec5b9c0eee21
https://github.com/opensupporter/osdi-docs/commit/a1e290416326f5a9f604fbe4152c936359705b88
On Dec 29, 2014, Jason Rosenbaum (j-ro), copied and pasted the authorship, tweaked it, and placed it in a new file. In his commit message he states: "person signup helper first draft", which is an act of wire fraud.
https://github.com/opensupporter/osdi-docs/commit/8a50587649f12f37fcc25a76ccfc0ad2656b517a
Busywork Commits
Another tactic used was busywork activity. If you look at the insights page, it appears that Dan Ryan is a significant contributor to the work and its value.
https://github.com/opensupporter/osdi-docs/graphs/contributors
However, if his pull requests and commits are reviewed, there is little authorship. For example this pull request was to add a Ruby Gemfile, which is a build file unrelated to authorship. Within the pull requests there are 11 commits which pad his activity level.
https://github.com/opensupporter/osdi-docs/pull/324/commits
What's the point?
You may now be asking yourself, what made the specification valuable enough to put in the effort to engage in this behavior?
OSDI SDO External Network Effect in LeftPolitics
In early 2012, I started evangelizing the idea of an SDO project to define a standard API for all to use. The common wisdom at the time was that OSDI would fail quickly as previous efforts had. One conversation was with Matt Debergalis, ActBlue founder:
https://joshco-public.s3.amazonaws.com/d565_i.pdf
Gross Exploitation
Up until that point (2012), I hadn't sold any of the stock I earned at Microsoft or withdrawn from my savings. However, I felt that creating a level playing field in this market would help LGBT campaigns and candidates by increasing choice, making it easier for any app to be used with any platform. So I decided to start liquidating shares and savings to fund my time doing the OSDI work. During the first year it was mostly full-time, traveling around the country, giving talks evangelizing the benefits of a standard, convincing people that it was worth trying again. Full time employment wasn't compatible with those time commitments. I also started building a sole-proprietorship offering tools, which was only viable in a standards based ecosystem. Having to implement and track N proprietary APIs would cut into feature work time-wise as a sole-proprietor. I was using my savings to fund that too. Ultimately, Defendants spend over 7 years defrauding me out of savings, using me as free labor, and enriching themselves with the proceeds. Anyway...
I created the project, recruited and led the team, chaired the meetings until Defendants' racketeering conspiracy to gain control of it succeeded in mid 2018. Throughout the entire length of the project, I contributed the bulk of the labor and authorship. Defendants were fraudulently inducing my labor, which I was generously funding from my savings.
Beginning
Its initial governance policy was adopted in August 2013, which stipulated that derivative works of the specification, memberships, leadership positions and other decisions were made democratically, by majority vote.
The policy was adopted in August 2013:
https://groups.google.com/g/osdi-dev/c/pxHKkOGPNlc/m/PWYWbJOgwj8J
https://joshco-public.s3.amazonaws.com/D483.pdf
Motions and other committee business are saved on the committee Google Groups.
Governance decisions made by motion happened in the Governance Committee, these included approving memberships, electing leadership positions, and updates to the governance policy. These are saved on the committee google group:
https://groups.google.com/g/osdi-governance
A subset of governance was the executive committee of officers including Chair (myself) and VP of Outreach (Jason Rosenbaum). Exec focused on execution of decisions made by governance, as well as preparing proposals for governance. The exec committee met fortnightly. That business is saves on the committee google group:
https://groups.google.com/g/osdi-exec/
Technical work on the specification occurred in the tech committee, which met weekly. Derivative works of the specification, usually in the form of GitHub Pull Requests of the specification were decided by majority vote. Meeting agendas, minutes and other discussions are saved on the google group:
https://groups.google.com/g/osdi-dev
A calendar of committee meetings is below:
Racketeering Begins
When Action Network joined in November 2013, it agreed to the governance policy, which was provided via email reviewed with via a telephone meeting.
https://joshco-public.s3.amazonaws.com/D208_i.pdf
After joining, Action Network implemented the specification using source code I provided for their Rails application and copied parts of the specification into their product documentation. In summer 2014, Action Network and Woodhull attempted to undermine the project by antagonizing NGPVAN, causing them to step back from OSDI and launch their own proprietary API at their Innovation Platform Event (instead of implementing OSDI), which would make OSDI Action Network's API by default. After NGPVAN's Innovation Platform Event, I chatted with Rosenbaum via SMS, where he stated Action Network's goal of being "one of two" widely used API's in the market. (which is the opposite of the mission of a standard)
https://joshco-public.s3.amazonaws.com/D420_i.pdf
Nathan Woodhull hoped to use OSDI to secure venture capital to build a "universal adapter", which would not be viable if OSDI succeeded.
https://joshco-public.s3.amazonaws.com/D1991_i.pdf
I was able to reverse the damage and got the project back on track, with an implementation from the dominant player, NGPVAN. Though Action Network promised not to try to undermine OSDI's democracy again, they continued their racketeering activity covertly. The following diagram shows the racketeering schemes and predicate acts used by Defendants.
Tipping Point
In September 2015, NGPVAN, the dominant player released their OSDI implementation.
https://web.archive.org/web/20150912235526/http://developers.ngpvan.com:80/osdi
The effect of this was that an application vendor could write an OSDI connector, and gain a 2x ROI for interoperability with the dominant player, which was a requirement, as well as a fledgling new startup, Action Network, that was starting from zero.
By 2017, the set of applications that were compliant with the OSDI specification was the largest REST based application ecosystem in the market for Digital Microtargeting Platforms. The platforms and applications are essential tools needed by people who run for elections and ballot initiatives.
Platform 3: PDI
In summer 2017, PDI (which had been dominant in California) released a new national platform, intended to join and implement OSDI. Had PDI been proceeded, application developers would have had a 3x ROI. PDI would have had a vote equal to Action Network's and the window for Action Network to gain dominant control would have closed. (PDI was locked out as a result of Defendants' racketeering)
PDI Launch https://joshco-public.s3.amazonaws.com/d385_i.pdf
PDI Plans to Implement https://joshco-public.s3.amazonaws.com/d318_i.pdf
In digital platform markets, which this market is, an app stores model (vs the WWW) results in concentration. Like the mobile space, there will likely be a few dominant app stores and new app stores will be unlikely to gain a critical mass.
DNC Marketplace
In July 2017 Raffi Krikorian, newly hired DNC CTO reached out to me, and through February 2018 we negotiated a plan to reduce support costs in DNC's marketplace of products and increase customer choice by making OSDI compliance a preferred criteria for participation in its marketplace aka "backpack". This reduces the anticompetitive effects of vertical agreements with product vendors, and helps democratize access to political technology resources.
https://joshco-public.s3.amazonaws.com/d318_i.pdf
Plaintiff reviewed the proposal with OSDI committee members, and it was approved by vote for sending to the DNC on February 1st, 2018.
https://groups.google.com/g/osdi-governance/c/ccgQnH0eVEA/m/U4vMNHbRBwAJ
Had these discussions followed through to their conclusion, other platforms and applications would have gained equal benefit and Action Network would not have been able to use those benefits for its proprietary advantage. Voting me out by motion and majority vote would not have prevented this. This is another reason why Defendants needed to resort to extortion.
Reid Hoffman Enters the Market
In 2017, Reid Hoffman entered the market. His political director, Dimitri Mehlhorn disbursed Hoffman's money. In August 2017 Mehlhorn pitched me to fund OSDI but use it as a proprietary asset by what would become VC Higher Ground Labs. I refused because I was only interested building a level playing field.
In August 2017, I was introduced to Dimitri Melhorn, Political Director for Reid Hoffman by Brady Kriss/RagTag, who suggested I meet with Dimitri for an OSDI briefing, and to listen to Dimitri's funding ideas. On August 8/15/2017, I met with Dimitri, who offered to fund OSDI if I would agree to use OSDI as a proprietary walled garden.
https://joshco-public.s3.amazonaws.com/D672_i.pdf
I refused because I wasn't using retirement savings to build anyone's proprietary API, and wasn't doing the work for money. However, others saw gaining control of OSDI as a way to secure funding from Reid Hoffman. An example was Brady Kriss/Ragtag below
https://joshco-public.s3.amazonaws.com/D676_i.pdf
Others in the space saw OSDI as the default API choice.
https://joshco-public.s3.amazonaws.com/D1873_i.pdf
Removing me my motion and majority vote would not have allowed the VCs to use the ecosystem to bootstrap their portfolio companies. This is another reason why Defendants had to resort to extortion and Abuse of Process. (provoking a false-flag lawsuit)
Extortion
In the end, Higher Ground Labs' portfolio ultimately used OSDI for their own proprietary benefit. How that happened was trough racketeering using predicate acts of wire fraud, extortion, and copyright infringement.
The extortion scheme began in summer 2016, trying to coerce me to abandon my copyrights by concealing the fact that I am gay, framing me as an example of sexual harassment and violence towards women. This allowed Defendants to apply "the man's side doesn't matter" to a gay male's property rights, and disguise a robbery by extortion by portraying themselves as holding another man accountable.
Their scheme used deception to inflict serious unjust harm to my economic viability and created a foreseeable risk if inciting violence against me. This scheme can be used as a pretext for a third party to commit a hate crime against a gay male.
Defendants' engaged in reckless endangerment in plain sight.
Abuse of Process
I chose to endure the extortion, and in summer 2017, the window for Action Network to gain dominant control of the ecosystem was about to close. Defendants conspired to provoke a false-flag lawsuit that they could misrepresent. Action Network and others used that as a pretext to gain control of OSDI and try to coerce me to resign. I insisted that Action Network keep its agreement to democracy as a governance structure. If they wanted me out, they could make a motion and secure majority vote, which they had the power to do. Instead they resorted to coercion.
On 5/30/2018, Jason Rosenbaum attempted to coerce me to resign. The audio call is cued to the point where Rosenbaum confirms the conspiracy with the DNC, MoveOn and others:
https://youtu.be/iy9jQYpJ9rY?si=gU9kSOu6v5pGlrfs&t=1905
The scheme also allowed defendants to try to coerce other OSDI members to vote me out or face retaliation for not supporting women.
https://joshco-public.s3.amazonaws.com/d4_i.png
Weaponized Disinformation Tactics
The participants in the racketeering conspiracy also engage in other, sophisticated fraud:
https://www.nytimes.com/2018/12/26/us/reid-hoffman-alabama-election-disinformation.html
Where did the proceeds of their racketeering go?
Misappropriating the essential IP in the specification allows the recipient to use the OSDI application ecosystem to get a head start on their proprietary ecosystems. In order to do that, Defendants engaged in copyright infringement. Defendants engaged in racketeering conspiracies to gain control of OSDI, operate it, and invest the proceeds of their racketeering into their own enterprises. RICO laws are designed to prevent this type of criminal behavior. The two main enterprises places this IP ended up was the portfolio companies of venture capitalist Higher Ground Labs and Action Squared, a joint effort between Action Network and AFL-CIO.
Action Squared
Action Network's use of the OSDI IP can be found at:
- https://web.archive.org/web/20201216013651/https://actionnetwork.org/docs/v2/
- https://web.archive.org/web/20201216022013/https://actionnetwork.org/docs/v2/person_signup_helper
In Summer 2022, ActionBuilder released their API, which is published at:
https://web.archive.org/web/20220914003447/https://www.actionbuilder.org/docs/v1/index.html
Higher Ground Labs portfolio company Civitech
Civitech's infringement is the most harmful to the fairness of primary elections, so I've focused on that. Civitech's API definition copies parts of the OSDI specification. Defendants also used a shell game to essential launder the IP. The original product was called LightRail, funded by VC Acronym, renamed Shadow, divested and renamed Bluelink, then acquired by Civitech.
Bluelink/Lightrail functions as a universal adapter. Universal adapters are not a viable business when interoperability is standardized. In the market for laptops, which is converging on USBC, universal adapters are decreasing in value as they are not needed. Defendants have essentially coerced this market away from an external network effect like USBC back to proprietary connectors. That's good for VCs and wealthy organizations which can pay to fund duplicative work, which creates an artificial inefficiency. That artificial inefficiency is an economy of scale that they can control, even though it increases customer costs.
In other markets this would just be anti-competitive behavior, but since this market constitutes essential resources for candidates who run for election, it gives Defendants gatekeeper powers over what you need to run for election.
Reviewing their documentation shows copying of OSDI Person. Though it is obfuscated, their API spec is OSDI person signup helper.
Since filing my complaint, Bluelink has deleted their API specification, which is destorying evidence to prevent discovery. However, in 2023, I archived the page on the Internet Archive. It's URL is
https://web.archive.org/web/20230528101658/https://bluelinkdata.github.io/docs/BluelinkApiGuide
The Internet Archive doesn't preserve the rendering of Markup, so it is text based. I took screenshots (prior to their deletion) and paired it with the parts of the OSDI spec they copied. Bluelink's API copies parts of OSDI and includes small, incompatible changes. This facilitates exploitative behavior. With little extra coding, Bluelink can be compatible with OSDI implementations, allowing it to get a head start. By adding proprietary, incompatible changes, developers who write code according to Bluelink's documentation will be incompatible with OSDI and locked in to Bluelink's proprietary API (which is really obfuscated OSDI). Developers will not know that they are using OSDI.
OSDI Person
OSDI Phone Numbers
OSDI Addresses
On the Wire
The similarities to OSDI can be seen in the JSON representations sent back and forth over the wire.