Iranian dev here. I can tell you if a company goes the extra mile to provide services to us, the reason is almost always that they just care. It's not a marketing tactic. You have to care if you go through all that trouble. And there is very little publicity to these acts. No one is going to notice it but us. They only do it out of the goodness of their hearts.

Compliance with US export controls and sanctions isn't optional. That some companies are less diligent about it than others doesn't change the compliance requirements, and people can and do regularly go to prison for willful violations.

And if GitHub did not block Iranian developers _before_ it obtained the exemption, it would be in violation of sanctions, which carries both criminal and pretty much unlimited financial charges.

I don't know whether HN violates sanctions, but comparing to GitHub HN is very, very small fish. The chances that GitHub would swim under the radar were pretty slim.

Really, "this company obeys the law, so it is evil" is lame.

> They also went the extra-mile to block Iranian developers, they didn't have to do so much police, and probably tried to buy their redemption.

US sanctions, even the threat thereof, are serious business. To this day, US nationals or US tax persons are having a really hard time finding a bank in Europe that is willing to deal with them because many banks don't want any exposure to the US FATCA they can avoid.

I had an ex-girlfriend who was born in Germany to US and Greek parents. Quite the shitshow with paperwork.

I'm curious how they discover this if they are trying to stay so distant from US authorities. If you have EU citizenship which is what I assume here then presenting the Greek passport and supporting local documents isn't enough? Or, is it the case that something local like a missing local tax number, or even an accent telegraphed the situation.

With the US, it feels like everything is much more uniform with the tie back to a federal social security number. The SSN is universally requested for many types of financial and insurance setups.

Every bank I've opened an account with in recent years has asked multiple specific questions about any ties to the US during the account opening process. One even asked if I'd ever had a US telephone number or mailing address.

In some places the family name tips them off. Like here in Thailand a Thai woman who is married to a westerner and has his last name will have to fill out a form stating whether or not they are a US person.

On bank forms you are asked to provide all your citizenships, tax IDs and explicitly if you are an "US person" covered by FATCA.

Lying on these forms is punishable under our AML/KYC regulations and exposes you to civil liability for damages.

Lying to your bank is typically not a good strategy when it comes to compliance. You can get asked on a form and if you lie, they have a very good case later on to close your account.

That works exactly as long as such an US-aligned company doesn't enter the spotlight in some sanctioned entity related trouble.

Had friends working export compliance for a larger US IT company, and they once (temporarily) blocked a larger shipment to the (British) Royal Air Force because some bozo abbreviated them as "RAF" - which, obviously!, refers to the (German) Red Army Faction, a left-extremist terrorist cell that wasn't relevant for more than 10 years at that point (and wouldn't know what to do with high performance computers, anyway).

Better safe than sorry, otherwise you mess up one day, come back to the HQ on the next and all that's left is a brand new parking lot.

Hacker News probably falls under the general license for personal communications, etc. Github is not really personal communications, so caution is warranted, at least a bit. Rsync.net doesn't really provide personal communications either, IMHO, and it seems reasonable for them to not do business with people in Iran unless rsync.net obtains a specific license or finds a different general license they fit into.