April 13th, 2023

NuGet.org Terms of Service Update on Unexpected Behavior and Hate Speech

In recent years, the .NET open source community and NuGet package registry have become increasingly important for sharing code. However, with the growth of these platforms, there has also been a rise in unexpected behavior and hate speech, which can be harmful and intimidating to many users. We have always been committed to creating a safe and welcoming environment for all our users. To this end, we have made a couple changes to our terms of service.

In March 2023, we updated the nuget.org Terms of Use to include more contemporary language of these abuses. Read below for an overview of the changes we’re including.

Overview

Two changes were made to the nuget.org Code of Conduct:

The first change was to the pre-existing rule #5, which covers false or misleading activity. The following addition was made.

Don’t engage in activity that is false or misleading (e.g., asking for money under false pretenses; impersonating someone else; manipulating the Services to increase play count, or affect rankings, ratings, or comments; or causing unexpected behavior that is not clearly documented at the top of both the package description and package README).

We, alongside many other package registries and repository hosting providers believe that anything published to our services should do what they are described to do and not cause any additional behavior that an end-consumer would consider “unexpected”.

The most extreme case of unexpected behavior would be malicious code such as a package containing a backdoor that can be exploited by attackers. A less extreme case of unexpected behavior would be a package displaying disruptive messages to the consumer that are not clearly documented.

We have seen these cases increase over the years and thus encourage package authors to be explicit about your package’s behavior when there is a behavior that may be perceived as surprising and reported to our teams to further investigate. Clearly put, if the perceived unexpected behavior is documented in the package README and the package description, we believe it is within our terms so long as it doesn’t violate other terms of use.

The second change is a new rule (rule #12) clarifying our definition of hate speech.

Don’t publish hate speech, including violent hate speech and hateful imagery, on our services. Hate speech is content or conduct that attacks, denigrates, intimidates, or degrades individuals or groups because of one or more of their protected traits (actual or perceived race, ethnicity, national origin, gender, gender identity, sexual orientation, religious affiliation, age, disability status, caste, or any other characteristic that is consistently associated with systemic prejudice or historical marginalization).

This definition is shared by other Microsoft services. This rule essentially defines the hate speech example called out in rule #8. We noticed that through various cases of hate speech being reported on our platform, we didn’t have a formal definition. Rule #12 now includes such a definition.

These changes are meant to provide our admin team with a bit more structure for evaluating reports about hate speech in packages and to give users of our platform some clearer guidelines regarding acceptable content being hosted on nuget.org.

Keeping our ecosystem safe

Our teams remain diligent to take on these serious issues that increase in frequency year over year.

Effective content moderation on nuget.org is an important part of keeping our ecosystem safe and trustworthy.

When a package is reported to our admin team, we will evaluate the claim and take appropriate actions, such as deleting the package, unlisting it (hiding it from search), or restricting the package author from future submissions (locking). Not all reports result in a package takedown as we tend to work first with the respective maintainers to be within the terms of use.

Conclusion

We wanted to take a minute to let you know about some recent changes to the nuget.org terms of service. No widespread administrative action is planned regarding these policy updates.

Current and future reports of “unexpected behavior” or “hate speech” will however be acted upon more quickly.

If you encounter content on nuget.org that appears to violate our Terms of Use, you can use the “Report package” link on the package details page of that package and we will investigate the report.

Image ReportPackage

Thank you for helping us make nuget.org a secure and trusted place!

1 comment

Discussion is closed. Login to edit/delete existing comments.

  • Lyndon Gingerich

    Hate speech is content or conduct that attacks, denigrates, intimidates, or degrades individuals or groups because of one or more of their protected traits (actual or perceived race, ethnicity, national origin, gender, gender identity, sexual orientation, religious affiliation, age, disability status, caste, or any other characteristic that is consistently associated with systemic prejudice or historical marginalization).

    Is that "(actual or perceived race, ethnicity, national origin, gender, gender identity, sexual orientation, religious affiliation, age, disability...

    Read more