Ubuntu

AN IRRELEVANT LICENSE IS PRESENTED TO YOU FREE-OF-CHARGE ON STARTUP

Reported by William Grant on 2008-09-13
262
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Mozilla Firefox
Fix Released
Critical
Ubufox Extension
High
Unassigned
firefox-3.0 (Ubuntu)
High
Unassigned
Intrepid
High
Unassigned
ubufox (Ubuntu)
High
Unassigned
Intrepid
High
Unassigned

Bug Description

Binary package hint: firefox-3.0

STARTING UP A CERTAIN 3.0.2 VERSION OF FIREFOX BROWSER MAKES AVAILABLE TO YOU A VERY CAPITAL END USER LICENSE AGREEMENT. THIS AGREEMENT IS OBNOXIOUS and largely irrelevant to Ubuntu users.

The license refers to installation and closed-source parts which ARE COMPLETELY IRRELEVANT TO UBUNTU USERS.

THE LICENSE PAGE ALSO DOES NOT PREVENT ME FROM USING THE BROWSER WITHOUT AGREEING TO IT.

It deserves capital punishment DUE TO EXCESSIVE USE OF CAPS.

----------
Come on Mozilla. This is just stupid.

Brian Curtis (bcurtiswx) wrote :

I cannot see how this is a bug. The notification is a one-time thing and can be closed and ignored.

Changed in firefox-3.0:
status: New → Invalid
William Grant (wgrant) wrote :

No other common piece of software does this, and Firefox never has before.

Changed in firefox-3.0:
status: Invalid → New

Yeah....what is with this? Milestoning to get it on the release team radar.

Changed in firefox-3.0:
importance: Undecided → High
milestone: none → intrepid-alpha-6
status: New → Confirmed
nullack (nullack) wrote :

Brian, please allow me to explain my point of view with this.

Firstly, as William has noted, if I object or simply dont agree to the licence what do I do? I can keep going on without in anyway indicating I accept it.

My biggest objection though, and one I think would be shared by many, is that I don't want to sit there, study and consider the license in any detail. One of the chief attributes of Ubuntu is the licence it comes with and I dont want to have to analyse how this effects me as a user with firefox potentially changing the licence.

if the licence of firefox in no way limits what I can do in the same way as the other software in a default ubuntu build there is no reason to show the user it.

if the licence of firefox is different and requires special consideration, then that alarms me.

Mark Shuttleworth (sabdfl) wrote :

Mozilla Corp asked that this be added in order for us to continue to call the browser Firefox. Since Firefox is their trademark, which we intend to respect, we have the choice of working with Mozilla to meet their requirements, or switching to an unbranded browser.

It's strongly our preference, and that of most of our users, to have Firefox as the browser in Ubuntu.

I think it's perfectly reasonable for Mozilla to have requirements and guidelines for the use of their trademark - we have the same for Ubuntu, and many other free software projects do the same. I would in fact consider it a best practice to have a good brand on a free software project, which means having trademark guidelines.

That said, I would not consider an EULA as a best practice. It's unfortunate that Mozilla feels this is absolutely necessary, but they do, and none of us are in a position to be experts about the legal constraints which Mozilla feels apply to them. We had extensive conversations with Mozilla in order to find the best possible way of meeting their requirements while preserving the flow of use of the system for our users.

Please feel free to make constructive suggestions as to how we can meet Mozilla's requirements while improving the user experience. It's not constructive to say "WTF?", nor is it constructive to rant and rave in allcaps. Your software freedoms are built on legal grounds, as are Mozilla's rights in the Firefox trademark. To act as though your rights are being infringed misses the point of free software by a mile.

I believe we have a new package in Intrepid, called abrowser, which uses the codebase behind Firefox without invoking the Firefox trade mark.

nullack (nullack) wrote :

Can I suggest please Mark that the page that shows this license Mozilla require have a link to another page, or possibly some wording within the existing page, that is a plain english FAQ like explanation. It could explain in plain english what the basic situation is. When I was confronted with it, my immediate questions in mind were what is this and how does this effect me? Then, dam, I dont want to spend the time having to understand this. A plain english FAQ could address topics like:

* why its necessary
* how it does / does not change what rights I have to modify the software, give it to others etcetc
* what it means in practice

If the single issue is just their trademark, I think Mozilla deserve our respect and recognition of the software they have built. Its a good browser and I'm thankful to them for it.

As you say Mark, I'm not a legal expert - I have faith in your judgement and those at Ubuntu who are skilled in the legal area. Im an ICT Project expert, I'd like to continue contributing my time to add value in that area that I know, and for someone skilled specifically in the legal area to explain what this means for me and other enthusiasts of your project.

Andrew (fishpie) wrote :

It would be nice if there was a very brief piece of text that appeared just above the eula explaining that the eula is a requirement of Mozilla Corp and that that those who did not wish to be bound by it could use abrowser instead, and an apturl link to abrowser could be included. I think the explanation is necessary as the eula feels very 'unubuntuy' in fact at first I assumed that its presence was the result of a packaging bug. It would also be nice if there was an obvious way to find the licence again, for those like me who agree in haste, and later want to find out what it was they agreed to. I appreciate the need for the eula, but its presence was really jarring, and the CAPITALS made it worse.

Brian Curtis (bcurtiswx) wrote :

I do see everyones point so far. I'm sorry if i made myself appear ignorant with my first post. I have always taken EULA as an explanation to others on how to use their product in a professional manner. I also said ignore in the context that most of us have seen enough EULA to get a general understanding of what they all typically say and typically choose to close it out without reading it. I agree with what everyone is mentioning now, and I appreciate the respect you've all given me, and I hope I haven't been disrespectful unintentionally. Thanks for the explanation Mark, and Andrew I like your idea!

The idea of a link to a plain English agreement and FAQ is an excellent
one, thanks! That could also describe the abrowser package.

Andrew (fishpie) wrote :

Brian,
The reason that the firefox eula has raised eyebrows is because firefox is installed by default and resides in the main repository. Ubuntu takes a pragmatic approach to free software, reluctantly allowing proprietary drivers into the kernel, making proprietary software easy to install and including Mozilla's non free artwork. This approach upsets some free software advocates. Debian refuses to ship firefox and instead distributes icedove(firefox without the trademarks and non free artwork) I don't think that you have been at all disrespectful. If you are used to using proprietary software EULAs seem completely natural. If you have used mostly linux and free software for years, a EULA stands out like a sore thumb.

rawsausage (rawsausage) wrote :

I would like to point out that click-through EULAs are legally void in many countries, such as for instance Finland.

The point there is that the threshold to just click fast through is extremely low. Any legal agreements that were agreed by a party are void, unless if all parties understood at least approximately what they were going to agree about. In electronic context the other party (in this case, Mozilla) can not verify the level of understandment at all. There is not even the slightest guarantee that the other party even actually saw any of that legalese at all. In fact, acting as if the process is valid at this moment leads to Mozilla committing a felony of misleading on purpose (that is, if there is a significant demand for anything ever from their part).

The same in plain English: Nearly no one is going to read the text at all anyways, or even attempt.

Personally, I would take great pleasure taking them into court around here (if that ever was possible) and wiping the floor with them. That being impossible works the other way as well though. I can safely ignore anything Mozilla could ever demand from me. However, that is only one part of the issue. That REAL part of the issue is that such license popups are as bad usability as it ever comes. They obstruct the users from doing tasks for completing their real life tasks, which is a grave sin.

William Grant (wgrant) wrote :
Download full text (4.4 KiB)

Mark Shuttleworth wrote:
> Mozilla Corp asked that this be added in order for us to continue to
> call the browser Firefox. Since Firefox is their trademark, which we
> intend to respect, we have the choice of working with Mozilla to
> meet their requirements, or switching to an unbranded browser.
>
> It's strongly our preference, and that of most of our users, to have
> Firefox as the browser in Ubuntu.

While I agree that keeping the Firefox name in Ubuntu is a good idea,
requests like this seem to provide good reasons to rethink this
position. The web browser is almost always going to be a user's first
impression of Ubuntu. Firefox, the current default web browser, is also
the only application in the default installation to present a EULA on
first start. It feels invasive to me, and a little frightening: I'm not
used to being required to read legal text in order to use applications
included with Ubuntu.

> I think it's perfectly reasonable for Mozilla to have requirements
> and guidelines for the use of their trademark - we have the same for
> Ubuntu, and many other free software projects do the same. I would in
> fact consider it a best practice to have a good brand on a free
> software project, which means having trademark guidelines.

Brand is definitely of great importance - Mozilla Corporation should
ensure that Firefox's is only used appropriately. But many feel that
some of their restrictions are rather too onerous, and I feel that
mandating this EULA is going too far.

> That said, I would not consider an EULA as a best practice. It's
> unfortunate that Mozilla feels this is absolutely necessary, but they
> do, and none of us are in a position to be experts about the legal
> constraints which Mozilla feels apply to them. We had extensive
> conversations with Mozilla in order to find the best possible way of
> meeting their requirements while preserving the flow of use of the
> system for our users.

I am somewhat frightened that Mozilla would require a EULA which is so
waffly and contains so little substance. I also fail to see how not
carrying Firefox branding breaks "the flow of use of the system". Recall
that much of the world uses Internet Explorer, and doesn't know of the
Firefox brand in the first place.

This EULA also says strange things - that other packages might have
other licenses, for example. Why is it saying that? No other package
states that. Does it perhaps refer to the Firefox installer that we've
never used and never will? The agreement also states that portions of
the source code are available - if it is in main it must all be
available. Many parts of this EULA seem irrelevant and unnecessarily
frightening.

Why was such a change not brought up and discussed on ubuntu-devel
before it was made? This keeping of the community in the dark is highly
concerning. We were not told this change was happening. We were not
advised such discussions were happening. This bug was responded to right
from the top; everybody involved must have known well this was going to
be controversial. Canonical is not Ubuntu, and invasive changes like
this should be discussed with the community.

> Please feel free to make const...

Read more...

Dana Goyette (danagoyette) wrote :

One of my primary gripes with the EULAs of many pieces of software is this: they're almost universally written in dense legalese and all caps (YELLING), and often have just plain weird sections (for example, iTunes saying not to use it for "chemical, nuclear, or biological weaponry"). In fact, simply applying sentence case to an EULA will usually render it drastically more readable.

Compare the Firefox EULA to the Windows Vista EULA... even if you disagree with the terms of the latter, you still have to admit that it's formatted very well -- it's written in plain English, with proper capitalization, outline numbering, indenting, and such.
Perhaps Canonical should get on Mozilla's case about improving the EULA document itself, if nothing else.

When I upgraded to the next version of firefox, I was shocked to discover that there was an EULA, and I also believed that this is a bug. There is no need for this legalese or EULA, I'd go as far that requiring one violates the GPL and LGPL Firefox is licensed under since it adds additional restrictions. If we can't redistribute firefox without this EULA, then I believe firefox must be debranded and removed from main, this is simply not acceptable.

arekkusu (arekkusu-r) wrote :

I guess this will turn more into a forum discussion than a bug repport... anyway it's not really a bug.

I just think it's unreasonable from Mozilla to ask that. I can understand Mozilla wanting to protect their brand but that is going to far and I just don't see what Mozilla gains from doing that. It's not like Ubuntu is shipping a much modified version of the software anyway.

If it would be me to decide I would just change the name to "Ubuntu Web Browser" (no need to create a new fancy name IMHO) and just change the artwork. That's it. I don't think it would pose much problem to the user experience.

arekkusu (arekkusu-r) wrote :

I guess this will turn more into a forum discussion than a bug repport... anyway it's not really a bug.

I just think it's unreasonable from Mozilla to ask that. I can understand Mozilla wanting to protect their brand but that is going to far and I just don't see what Mozilla gains from doing that. It's not like Ubuntu is shipping a much modified version of the software anyway.

If it would be me to decide I would just change the name to "Ubuntu Web Browser" (no need to create a new fancy name IMHO) and just change the artwork. That's it. I don't think it would pose much problem to the user experience.

Just do it !

Daniel Letzeisen (dtl131) wrote :

If Mozilla insists on being litigious, now would be a good time to take a cue from Debian and adopt Iceweasel/Icedove as Ubuntu's default browser & e-mail (having Swiftweasel/Swiftdove in the universe repo would be nice too). This seems the most "pragmatic" thing to do.

Vadim Peretokin (vperetokin) wrote :

Seeing an EULA the first time you launch a browser might be a bit odd to new users, it's not such a huge usability problem. People are used to it.

However the brand name is (kinda) important, some a few people know about Firefox. imho, it doesn't make a diff if they rebrand it or keep the eula, same issues here and there.

(sorry, didn't cover the whole screaming freedom thing, imho those are issued a person would need to sort out themselves if they care so much about it)

Anders Aagaard (aagaande) wrote :

Time to consider epiphany/webkit for the next release? Ubuntu is built around gnome after all.

Andrius Štikonas (stikonas) wrote :

Users can switch abrowser if they want but the name and artwork of abrowser is worse than Debian's Iceweasel (which IMHO is much better name than abrowser). Are there any plans to rename abrowser in the future?

Fred (eldmannen+launchpad) wrote :

I would like to see Iceweasel in the repository, if its not already there.

Also, perhaps SFLC (Software Freedom Law Center) could help us?

Why does it have to display the EULA? Does the Windows version do that too? Or is it because we include Ubufox?

Andrius Štikonas (stikonas) wrote :

Is is because we apply patches and distribute modified version of Firefox. And Mozilla trademark policies are quite restrictive, if you want to modify browser you have to do as Mozilla says or rebrand the browser.

mlx (myxal-mxl) wrote :

Would it be possible/acceptable to display the EULA during Ubuntu install? I figure if pragmatism is the goal, then 'hiding' the EULA here could satisfy Mozilla while not stirring up the general users with changing the browser/displaying EULA at Firefox startup.

Of course, the whole thing rests on how important it is for Ubuntu to have the Firefox branded browser. I have no idea what the most of users expect to see when they try ubuntu (in many cases for the first time, mind you). Maybe if you took Iceweasel and branded it with icons which are similiar in color to Firefox - for example, take the globe and put the orange ubuntu 'circle' segment around it. You get the idea - similiar enough for Firefox users to notice it, but different enough to keep the lawsuits away ;-) Once they start it up, they probably won't care it's not called firefox.

The windows version does that the EULA. I got one when I upgraded firefox to
version 3 in virtualbox.

An EULA is just unacceptable.

This is not hate or anger; just common sense. Installing Ubuntu then suddenly becomes "the lawyers have to look at some EULA" ..

Not acceptable by default. Firefox can be offered in add/remove or as a link, or even a sort of wizard; but we can't have the risk of people clicking through EULA's in the name of their company. We can't also, everywhere, make sure we can legally accept the EULA.

I don't really understand what Mozilla is doing...
 - this is making it difficult to preinstall firefox
 - this is making installing Ubuntu a lawyer related question

At least offer an EULA-free Ubuntu-spin. EULA's are legally speaking much much more difficult to work with than (and this is ironic!) closed-source software.

Vadim Peretokin (vperetokin) wrote :

Not having a web browser at installation is worse.

And, ethnically speaking, you already agree to EULA's implicitly when you
install Ubuntu - to all of the GPL's and other licenses. Having one
presented to you so you have a choice of declining it is, well, better.

jaduncan (jaduncan) wrote :

This does indeed add an entirely different level of legal due diligence which must be done before use can be verified by legal.

The clauses are further restrictions on the GPL (problematic for derivatives), and I think at the very least it should have an explanation stating that the EULA has been added by Mozilla and does not apply to any other program.

I'd have the dialogue box offer to install abrowser if the EULA is declined. Option boxes would be something like (and I'm a law student, not a HCI guy so I'm aware wording could be better).

'Agree and start firefox' 'Disagree and quit' 'Use abrowser (Ubuntu's unbranded firefox)'

IMO applying EULAs to things in main is an *extremely* bad idea as it makes the freedoms that main claims to represent invalid. Surely firefox should now live in restricted.

jaduncan (jaduncan) wrote :

No attorney/client relationships are created by the above comment, obviously. It is merely comment, not legal opinion in any form.

KUmo (shiragumo) wrote :

In my opinion this EULA should be shown and agreed upon on install time and not when the browser is opened for the first time. Something similar to what the java-6-sun package does.

There are a lot of powerfull brands that are not installed by default but available in add/remove, for various reasons. Firefox is the _only_ package where 'brand' recognition is even brought to table as an argument in favor of inclusion. I don't get that.

Azureus is more popular (in the Windows ecosystem) than Transmission, but transmission is much better choice for a default install.

Amarok is more popular (has more brand recognition) than Rhythmbox, but rhythmbox is much better choice for a default gnome install.

Firefox is more popular on Windows than icedove (or whatever), but Icedove just became the much better choice.

Instead of hoping the Ubuntu brand becomes more popular because of Firefox, we've reached the point where firefox is hurting the Ubuntu brand. The brand that should be on the table is that of Ubuntu. There are so many separate parts of the experience, from the linux kernel, gnu-toolkit upto the desktop environments. Imagine all those brands getting the same treatment as Firefox?

Mark, please consider the fact that, __this creates a presedence__. We might not like it, it might even hurt Ubuntu, but you've got to draw the line _somewhere_.

Mozilla is interfering with the creation of the ultimate operating system. What's next? Demanding Evolution gets replaced by Thunderbird? Or else we can't legally ship firefox and _call it_ firefox.

Enough is enough.

What people feared that would happen, back when the trademark issue come up, is exactly what is happening. We might not like it, but the mozilla name has got to go. At least until they fire their new CEO .. which appearantly definately needs to happen soon. We, the nerds installing it on every machiene we got our hands on, made them big and we'll bring 'em down.

Perhaps it's time for a fork? And couldn't the Ubuntu foundation use the google and yahoo dollars that they pay to Mozilla? Don't call it abrowser .. how about uBrowser .. and install it _instead of firefox_

shockawe5 (shockawe5) wrote :

If Mozilla wants an EULA, let them have it. Firefox is a great browser, is open source, and is perfectly compatible with Windows. That to me is more valuable than having an EULA appear that no one reads and everyone agrees to anyway.

If this turns out to be a real problem to everyone, check out what Epiphany is doing with Webkit. Very cool.

@Vadim

>Not having a web browser at installation is worse.

We could install the unbranded version by default!

>And, ethnically speaking,

You mean legally...

>you already agree to EULA's implicitly when you
install Ubuntu - to all of the GPL's and other licenses. Having one
presented to you so you have a choice of declining it is, well, better.

GPL is not an EULA. GPL is a liscence from the author to whoever wants it to distrobute. The right to distrobute is not one you get by default; you have to explicitely get permission from the author; which is what the GPL Is. The GPL only applies when you are _distrobuting_ ..

Which is completely different from an EULA ..which puts restrictions on the USER.
So, if I download Ubuntu and give it to you, it's because the GPL lets me do that.
You, the receiving party, have agreed to nothing.

So, like I said before, EULA's are more problematic than closed-source software.

jaduncan (jaduncan) wrote :

@ Vadim

The GPL and other free software licenses are copyright licenses, not use licenses. Don't confuse them. Use of the software as opposed to redistribution is unrestricted.

Use licenses in main are a new and worrying thing.

No attorney/client relationship is created, this is not legal advice, etc ad nausiam.

Dread Knight (dread.knight) wrote :

I am a kubuntu/kde4 user; here is my point of view on some of the browsers:
I think google’s browser Chrome would have an EULA as well, so it would not be a solution; i consider it very user friendly, but as it is, doesn’t fit very very with the rest of the applications since it doesn’t respect the HIG by not having a menu bar (i find menu bars very 60’s anyway).

Konqueror, although it has a lot of features, shouldn’t even be installed by default since it’s not really worthy as a browser; khtml is rather defunct and i’m really looking forward to (k)Webkit implementation. I use most of the google services, especially gmail and i find the chat a must have feature, can’t just forget about it for the sake of using Konqueror. My main usage for this browser is as a FTP client.

Arora is a very neat qt-browser.

I’ve used IceWeasel for quite some time, i kinda like it.

<b>Firefox -QT i think it won’t really be maintained by Mozilla Foundation and imho it should get it’s own name (and get active maintainers of course). Consider this as branch of Firefox; could be used on both Gnome and KDE with proper integration (plugins anyone?).
Also qt 4.5 as i understand is able to get native GTK+ look as well, so i wonder if it can use the GTK+ file menu in Gnome, like when you are browsing your computer when to save a file or selecting one. </b>

Ante Karamatić (ivoks) wrote :

It just looks like blackmailing (Why now, when it's almost impossible to change default browser in Intrepid? Why not when Canonical and Mozilla agreed to ship modified Firefox?). IMHO, we shouldn't agree on that. Firefox isn't the only browser and for sure it's loosing the 'best browser for linux' title.

Mozilla is slapping it's own face. I doubt they figure that out until is too late.

Tom Arnold (g0tt) wrote :

If this is accepted, this will get out of hand at some point.

I can see Google Chrome doing the same etc.

Do we want to have a Linux distro for human beings that is plastered with EULAs?

I just don't. Reading EULAs is not software freedom IMNSHO.

Taking Iceweasel and telling users that it based on Firefox so that they know where to look for addons etc might be a good option.

It will be interesting to see how Novell and Red Hat handle this. ( Or Fedora and OpenSuse for that matter. )

( A hostile aproach would be to change the Firefox ID (or whatever) so that Google does not pay Mozilla for all the google searches _we_ do. Losing a few million Ubuntu heavy users might persuade Mozilla to treat their users a bit more respectfully and not bother them with EULAs. But I am not sugesting that. Just wanted to mention it. )

Fred (eldmannen+launchpad) wrote :

Vadim Peretokin,
The GPL is a software license, it is _NOT_ a EULA.

Fred (eldmannen+launchpad) wrote :

Lets do it Chinese-style, rename it to Godzilla Firecox.

motang (mohan-ram) wrote :

I personally don't see any problem with this. But I do get the point at why now, it hasn't been done before and why all of a sudden now. Well I think whatever happens, if I have a choice of adding Firefox or removing it I am all for. But please don't make it so that there will no Firefox at all, as I use Ubuntu on all my computers and my parents recognize the web browser as Firefox on my Asus Eee Box running Xubuntu.

@Alex

Perhaps for the home user it is acceptable to just click some EULA that isn't legally upholding anyway.
But this destroys Ubuntu for corporate usage. Every application that is offered to the users and that ships with a EULA will need that EULA to be verified by the lawyers.

Since an open source operating system contains a lot of different software using a lot of different trademarks and everything; this could lead to situtation where there are too many EULA's ..and deploying linux becomes the more expensive option.

Besides, there is enough trademark confusion anyway. Is it firefox? Is it Ubuntu? Is it gnome? Is is Linux? Is it Debian?

We might even consider having less trademarks a good thing. Just one: Ubuntu.

Steve Langasek (vorlon) on 2008-09-17
Changed in firefox-3.0:
milestone: intrepid-alpha-6 → none
Changed in firefox:
status: Unknown → New
Alexander Sack (asac) on 2008-09-19
Changed in ubufox:
importance: Undecided → High
status: New → In Progress
Changed in firefox-3.0:
status: Confirmed → In Progress
Changed in ubufox:
importance: Undecided → High
status: New → In Progress
Alexander Sack (asac) on 2008-09-19
Changed in ubufox:
status: In Progress → Fix Committed
Alexander Sack (asac) on 2008-09-19
Changed in ubufox:
status: In Progress → Fix Committed
470 comments hidden view all 550 comments
Ante Karamatić (ivoks) wrote :

On Mon, 22 Sep 2008 19:20:18 -0000
Remco <email address hidden> wrote:

> This hasn't been true for a long time. The version of Firefox that is
> shipped can not be modified freely. If we don't get permission from
> Mozilla to ship a revised binary, we can't. This has to do with the
> artwork and name, both of which are not released under a free license.

Debian, Linux, RedHat, Ubuntu... All trademarks. You can't use them
freely - as no one can use your name for something you didn't do.

If you own a website with 'linux' in the domain name, and if you use it
as a trademark, you need a sublicense from LMI - the name 'Linux' isn't
free.

Check this out (http://www.slackware.com/trademark/trademark.php):

In order to be called "Slackware", the distribution may not be altered
from the way it appears on the central FTP site (ftp.slackware.com).
This is to protect the integrity, reliability, and reputation of the
Slackware distribution.

and this (http://www.gentoo.org/foundation/en/):

The Gentoo Foundation is the legal owner of the Gentoo trademark and
logo. To protect Gentoo it will oversee the use of the Gentoo name and
logo and take appropriate action when the Gentoo Foundation feels that
the name or logo is wrongfully used.

Are Slackware and Gentoo non-free then? Even Debian has a trademark
policy which is clearly non-free, as you can't do whatever you want
with 'Debian'.

Notice how Slackware and Mozilla have identical trademark protection.
You can't change a bit in Slackware's source and call it Slackware.
This, of course, has nothing to do with software, which is free and
you can do whatever you want with it. Trademark isn't software.

unsubscribe

unimatrix9 (jochemscheelings) wrote :

To understand a bit more about the anti phishing in firefox you should read about the documentation,
http://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec , or other pages about the code.

Now know that the service is not perfect, let me explain, what i mean for the part i understand what it does:

Firefox anti service is turned on , the website you visit is compared with a blacklist that resides somewhere on google or partners servers, it has been known to go wrong,

see : http://www.finjan.com/Pressrelease.aspx?PressLan=1230&id=1261&lan=3

Or blocks sites that are no treat at all

see : http://tech.slashdot.org/article.pl?sid=08/09/21/1827209&from=rss

Yes its a powerfull censure tool , its also a way to make money, surf behavior statistics and phishing sites,
do we have any influence on the service and what is censured?

There seems to be an ( dead? ) project for open source anti phishing services :

http://opdb.berlios.de/ and http://www.antiphishing.org/events/2006_researchSummit.html

There might be more, but i could not find them. Are they safe? I would trust google more at the moment.
The service is running on their servers, so need not to be open source, the information sent comes from ours, the sending part of code also runs on ours, as you can study in the code above.
Maybe some more views on the code is wise?

I think its good to know, the ups and downs, since the discussion is coming to its conclusion, the more we understand of what we are choosing the better it is to explain the choice.

Hope to be of service,

friendly greetings from the netherland.

> All of the software in question can be freely modified and distributed.
>
>Mark

If this was so, you could have removed the EULA yourself to begin with, and much of this discussion would not have occurred. Remco put it well: "The mere fact that Mozilla has any say in this makes Firefox non-free."

Download full text (6.5 KiB)

pj wrote:
> Since Mark is asking for input on the service, I will tell you that the first thing I do is
> turn off antiphishing services, along with every other thing that tends to track my
> surfing. I turn off Javascript and cookies too, for example, so I'm definitely not the
> average person in my habits. I turn stuff on as needed, clean up, and turn it off
> again.
>
In the community of folks who are very aware of the sort of abuse that
goes on, being conservative about JS and cookies isn't unusual. Those
are definite attack vectors on one's online identity and privacy.

Out of curiosity, would you prefer that cookies and javascript be
disabled in the default case for Ubuntu, too? If the argument is that
anti-phishing might be used to track your surfing, like cookies and JS,
and therefor it should be turned off, would it not also be consistent to
want JS and cookies disabled by default? We certainly take the view that
we (Ubuntu) are entrusted with our users security, so this would be
worth exploring. My gut feel would be though that most people would say
"I'll turn that off for myself where I'm concerned, but I understand
that the default should for JS to be switched on".

A second question would be: how would one know when to turn on the
anti-phishing service? With JS and cookies it's relatively
straightforward. One surfs along without them, and then something
doesn't work, and you decide "I think this site looks trustworthy, and I
really want to complete this thing I started, I'll enable JS and
cookies". But, how would you decide to enable the anti-phishing service?
And isn't the anti-phishing service very useful in helping to decide
whether or not to enable JS and cookies? I certainly wouldn't want
cookies on at a site that was red-flagged in the anti-phishing service.

> So I don't think one can assume that there are no people who will find the antiphishing
> service objectionable.
>
Fair enough :-). I think this is what makes our discussion interesting -
we have to be aware of the extremes of abuse or attack, and we also have
to be aware of what "most people want". And in the case of Ubuntu, it's
not even that, it's what "most people like us want", where "people like
us" means people alive to these issues and interested in finding
pragmatic and usable expression for that awareness.

> I personally would prefer that it be turned off by default and allow folks to turn it on
> if they want it. There seems no reason to treat people like children, needing our
> protection whether they want it or not. How much pain would that cause Mozilla,
> compared to the pain caused to those of us who really care about Main being
> clean?
>
I don't think that people "turning off" the anti-phishing service causes
Mozilla pain. I don't have any reason to think that's anything other
than an expense for Google or Mozilla. I think though, that the general
feeling is that having it there and on makes for a better, safer
browsing experience, and the idea is that "Firefox stands for the best
browsing experience and is also, amazingly, all free software". So, I
imagine that to the Mozilla folks (and I'm *not* conveyin...

Read more...

Mark Shuttleworth (sabdfl) wrote :

Prateek Karandikar wrote:
>> All of the software in question can be freely modified and distributed.
>>
>> Mark
>>
>
> If this was so, you could have removed the EULA yourself to begin with,
> and much of this discussion would not have occurred. Remco put it well:
> "The mere fact that Mozilla has any say in this makes Firefox non-free."
>
Prateek, we have been over this several times now.

We could ABSOLUTELY have removed the EULA, and then we would have had to
call the browser something like Iceweasel or abrowser. And in fact, if
you look in Intrepid, there are packages of that there just in case we
or you want to do that.

However, since we would prefer (and our users would prefer) Firefox, we
do need to work with Mozilla. That's perfectly reasonable. And the
results of that engagement have been positive: the EULA is gone, and I
think we are converging on a reasonable approach modulo final legal
analysis as PJ described. Engagement is always our first approach, and
only if that fails should we ostracise an upstream. Upstream is our
rock, right? They do the rocket science that makes free software
possible, we should respect and engage positively with them to the very
greatest extent possible.

I hope you consider Debian free software, but you cannot just take Etch,
change a few things to suit you, and then call the result Debian. Same
for Ubuntu, or Gentoo, or ... any branded, trademarked service. That is
not a restriction on your ability to modify the code, it's a restriction
on your ability to pretend that the result is someone else's work.

Mark

_oOMOo_ (hermann-blaxhall) wrote :

The way this discussion has developed and the obvious participation of major figures in the OS community is another solid reason for me to appreciate open source software.

Whilst not directly related to the EULA, if the version of Firefox to be included in Ubuntu in the future will incorporate something similar to the proposed screenshots, would it be possible to include a few words about how the anti-phishing services work?

With regard to comment #513:

My understanding is that Firefox downloads a list of suspected attack/forgery sites and locally checks urls against this list. The list is then maintained but no user data is sent to a remote server. This is different (I believe) to the way Google Toolbar works in respect of the page rank information, where all visited URLS are checked remotely. Would it be possible to reassure users that no personal browsing data is retrieved and possibly stored by Mozilla and Google?

Alan Lord (theopensourcerer) wrote :

Just to throw in my metaphorical towel.

Chip Bennet, who I have found myself agreeing with from the beginning and who has a much better way with words than me, has apparently actually gone and read the agreement that is the final piece of this puzzle.

In comment 508: https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/269656/comments/508 he basically concludes that the new wording of the terms do not appear to require any concrete action; in fact the action is now non-compulsory:

"... I see no reason for the services not to be enabled by default - with respect to matters of software freedom. (I still contend that the matter of the *usefulness* of those services is not germane to the issues at hand and under discussion in this bug report.)"

Having just read the terms myself here (http://launchpadlibrarian.net/17836931/about_rights_expanded.png), I concur with Chip completely. The language is plain (even I can understand it) and does not appear to impose any restrictions on my usage. In reality, it simply explains to me that the service might not be 100% effective.

I'd love to see PJ's analysis but it looks fine by me.

+1 to continue including Firefox in main.

This has been a very exhilarating experience. A large cohort of community members have been able to have their say and it would seem that the majority have been very clearly heard. A most excellent outcome seems imminent for all involved.

PS - The image of the "terms" has a major typo however: *Items 4 and 5 are the same*. Please can we see the "official" terms - if they are done yet - before closing this?

3 comments hidden view all 550 comments
Alexander Sack (asac) wrote :

I am pleased to say that we reached a state where I feel comfortable to call this bug "fix committed".

Thanks to all for contributing, testing and providing feedback.

The screenshots i just posted reflect the current state as of rev 337 on the firefox-3.0.head branch, which is most likely what will get uploaded to intrepid quite soon.

Thanks again,

 - Alexander

Changed in firefox-3.0:
status: In Progress → Fix Committed
Remco (remco47) wrote :
Download full text (3.2 KiB)

Trademark is, like copyright and patents, an "intellectual property", designed to restrict other people. It's not in the spirit of free software to be bound by any of these. Patent problems are hard to avoid in general, which is why they should be abolished. Copyright has been tamed by free software and trademark should be used carefully, if at all. If you want your work to be redistributed as free software under its original name, trademark presents a problem.

By the way, these restrictions actually encourage cloning. Had there been no copyright on UNIX, there would have been no 10 different versions of it, including GNU. Had there been no patents on MPEG, there would have been no Theora. Had there been no trademark on Firefox®, there would have been no Iceweasel, Icecat or abrowser.

> Notice how Slackware and Mozilla have identical trademark protection.
> You can't change a bit in Slackware's source and call it Slackware.
> This, of course, has nothing to do with software, which is free and
> you can do whatever you want with it. Trademark isn't software.

Note also that other distributions (even if they were based on Slackware) are not called Slackware. And therefore, they use the free nameless version of the combined software. If they would be called Slackware, they would be non-free (they would be misleading and confusing as well).

The same is true for the Firefox code. If we use the nameless version and build our own brand, we use free software. If we use Firefox®, we aren't using free software, since the license of the branded binary is non-free.

There is a difference between distributions and application software. Trademark usually doesn't conflict with distributions, since each distribution wants its own name and identity. If a distribution's name falls under the trademark of another distribution, it would be non-free, but it would also be a bug.

However, Firefox® must be included in a distribution. This means the distribution will always fall under the trademark of Mozilla. This can only be solved by removing the trademarked parts.

Think back to the games: Wolfenstein: Enemy Territory is absolutely free.... except for the artwork. You are completely free to change the code, but there is this blob of stuff that you can't change.

Now, the following is a very small part of the problem, but still I mention it because the analogy is perfect: Mozilla Firefox is absolutely free, except for the artwork. You can't modify the logos.

But besides the logos, there is this other restriction:

Mozilla Firefox is absolutely free... except for the trademark. You are completely free to change the code, but you're not allowed to change stuff if Mozilla doesn't want you to. To keep Mozilla happy, you have to compromise by allowing this friendly notice, and whatever Mozilla may want in the future. Basically, Mozilla is an "additional terms wildcard".

I don't like this any more than anyone. I want to use Firefox, but I also want to use software that is not restricted by outsiders. The Firefox code and Firefox® are two different products with two different licenses. The one is free, but undesirable. The other is bound by Mozilla's wishes, but a ...

Read more...

On Tue, 23 Sep 2008 14:46:03 -0000
Remco <email address hidden> wrote:

> Trademark is, like copyright and patents, an "intellectual property",
> designed to restrict other people.

No, you don't understand trademarks. Trademarks are designed to watch
out for your property, where 'you' can be whatever you want; community,
open source software, a person...

Let me put it this way. If you write a poem and put your signature on
it, and make sure that everybody can see it and even base their work on
it, copy it and share it, would you accept that each derivation of that
poem is yours? If you put your signature on 'Roses are red' and someone
else modifies it into (lets be as bad as we can) 'Nazis are good',
would you be ok with your signature under that poem? I wouldn't.

GPL it self says that if you modify a software, you should add at least
add notice that this is not original software:

'If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.'

Now, if there wouldn't be trademarks on software, what would stop you
from calling Epiphany based on WebKit - a Firefox? Or, Windows Vista -
latest Slackware?

> By the way, these restrictions actually encourage cloning. Had there
> been no copyright on UNIX, there would have been no 10 different
> versions of it, including GNU.

Had there been no trademarks and no source of UNIX, we would still have
tons of different UNIX like operating systems. What's even worse,
they all might have exactly the same name, but the application X
wouldn't run on them all, even tough they are all SuperUNIX. This
doesn't look like sane environment to me. How about you?

You see how trademarks and open source don't have anything in common?
They are unrelated.

> The same is true for the Firefox code. If we use the nameless version
> and build our own brand, we use free software. If we use Firefox®, we
> aren't using free software, since the license of the branded binary is
> non-free.

There is no license on Firefox binary. There's license on Firefox
source code and there is a Firefox trademark.

> However, Firefox® must be included in a distribution. This means the
> distribution will always fall under the trademark of Mozilla. This can
> only be solved by removing the trademarked parts.

If we would start removing trademarks from Ubuntu, we would have to
remove... Almost all software in it, including linux kernel. Cause,
Linux is a trademark. Bottom line, we wouldn't have operating system.

Remco (remco47) wrote :

> No, you don't understand trademarks. Trademarks are designed to watch
> out for your property, where 'you' can be whatever you want; community,
> open source software, a person...

Yes, I do understand trademarks. The same thing is said for copyright, patents, and even technical restriction management: it protects property. But it does by severely restricting freedom.

> Let me put it this way. If you write a poem and put your signature on
> it, and make sure that everybody can see it and even base their work on
> it, copy it and share it, would you accept that each derivation of that
> poem is yours? If you put your signature on 'Roses are red' and someone
> else modifies it into (lets be as bad as we can) 'Nazis are good',
> would you be ok with your signature under that poem? I wouldn't.

That's not trademark infringement, but libel or slander.

> GPL it self says that if you modify a software, you should add at least
> add notice that this is not original software:
>
> 'If the software is modified by someone else and passed on, we
> want its recipients to know that what they have is not the original, so
> that any problems introduced by others will not reflect on the original
> authors' reputations.'

That's perfectly fine. If there were no trademarks, Ubuntu's version of Firefox could be shipped with an about window that says there were some modifications for integration and security.

> Now, if there wouldn't be trademarks on software, what would stop you
> from calling Epiphany based on WebKit - a Firefox? Or, Windows Vista -
> latest Slackware?

If it was done with the purpose of defamation, then it could be prosecuted. Otherwise, there is no problem, because you don't do such things. These are extreme cases which don't happen in reality.

> Had there been no trademarks and no source of UNIX, we would still have
> tons of different UNIX like operating systems. What's even worse,
> they all might have exactly the same name, but the application X
> wouldn't run on them all, even tough they are all SuperUNIX. This
> doesn't look like sane environment to me. How about you?

Take a look around. There are tons of Linux distributions. Most of the names are not covered by trademarks. Still, there are as many names as there are distributions. Insane?

> You see how trademarks and open source don't have anything in common?
> They are unrelated.

Nope, I don't see it. Trademark still restricts free software.

> If we would start removing trademarks from Ubuntu, we would have to
> remove... Almost all software in it, including linux kernel. Cause,
> Linux is a trademark. Bottom line, we wouldn't have operating system.

Why do you think Ubuntu is not called "Ubuntu Linux"? The trademark has been removed from the name.

pj (pj-groklaw) wrote :
Download full text (5.3 KiB)

Hi Mark, all,

I had time to read over the services wording, and I can't find serious fault with it, but IANAL. I'm sure you are asking one, so here's my only suggested change:

Firefox also *offers optional* web site information services, such as blah blah....

Instead of:

Firefox also *uses* web site information services....

http://launchpadlibrarian.net/17877776/about_rights_expanded.png

The reason for the suggested change is so people are aware that Firefox works perfectly well without the service, so they won't be afraid to turn it off if they don't want that kind of protection. If it were me, I'd explain what a "web site information service" is. It's an antiphishing service, no? Why not say so?

  I'm not clear why they use the plural "services" instead of "service" throughout. If there are several, what else is there? Or if there is only the one, are they preparing for future services? I hope not, since you don't want people to say I agree to unknown things.

6 worries me a bit, from Mozilla's standpoint. If they update, will they get an "I agree" at that time? I hope so.

Trademarks:

For the record, I would be very happy if every project understood the purpose of trademark law better. The purpose is to protect the public, so you don't buy a Brand X pretend Gucci bag instead of the real thing and get ripped off.

That's the purpose. It prevents litigation against the wrong party, and it prevents unjust damage to reputations. And it's the law, whether you make it work for you or not. You don't have to register a trademark to have one, and you can lose one if you don't act to protect it. After that, your name is in the winds, usable by anyone. Why wouldn't you make the law work for you instead of against you? A really large project has to, I think, because others will try to rip off the reputation of any successful project. It is what it is.

Whether the actual requirements here to protect the marks are needed or not as set forth, I can't say, because it would require a lawyer, not just me, and more knowledge of the specifics than I have. But to take affirmative steps to protect your project is just good sense, in my view, and I not only understand Mozilla's worries, I support in that generalized sense their desire to protect themselves. The law compels them.

And, of course I'm a huge fan of yours too, Mark. Really. Seriously.

On grannie, though, I think you may want to think from a different standpoint. I acknowledge your amazing skill and energy at mobilizing and spreading acceptance of GNU/Linux on the desktop. And part of that skill is your ability to figure out what makes it accessible to grannie too.

So it's natural you think about her and what she needs. I surely don't want to undermine those special abilities you've demonstrated. I admire them.

The only caution I feel is this: the first goal is to provide a free and open source system. After that comes usability, ease of use, convenience, protection of users, etc.

Why? I think it's because that's why we are all here, working without a dime, in many cases, just because we see the value of a computer that we can trust.

I know when I sit down at a computer...

Read more...

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firefox-3.0 - 3.0.2+build6+nobinonly-0ubuntu1

---------------
firefox-3.0 (3.0.2+build6+nobinonly-0ubuntu1) intrepid; urgency=low

  Security/Stability update (v3.0.2 build6)
    - see USN-645-1

  [ Fabien Tassin <email address hidden> ]
  * Add a -g/--debug switch to the launcher script to start firefox inside gdb.
    Note that it must be specified first on the command line.
    - update debian/firefox.sh.in
  * Make the branding patch also work for non official branding.
    - update debian/patches/browser_branding.patch

  [ Alexander Sack <email address hidden> ]
  * Fix branding code in debian/rules: a) fix .desktop target filename
    to be unversioned if and only if control ships a meta package name
    - update debian/rules
  * Don't cp debian/$(DESKTOP) debian/$(DEBIAN_APP_NAME).desktop in
    pre-build:: which is a left over from previous branding split
    approaches and unused now.
    - update debian/rules
  * Use APPNAME=`basename $0` in firefox start script; fix bug that would
    trick abrowser into restarting itself through the "firefox" command.
    - debian/firefox.sh.in
  * Fix LP: #269656 - AN IRRELEVANT LICENSE IS PRESENTED TO
    YOU FREE-OF-CHARGE ON STARTUP; we implement the "Know Your Rights..."
    approach based on the mocked-up's published by mozilla
    http://blog.lizardwrangler.com/2008/09/17/mock-ups-available-for-notices-previously-was-eula/
    - add debian/patches/lp269656_know_your_rights.patch
    - update debian/patches/series
  * abrowser Provides: firefox to ease transition of rdepends
    - update debian/control

 -- Alexander Sack <email address hidden> Tue, 23 Sep 2008 17:44:47 +0200

Changed in firefox-3.0:
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubufox - 0.6~b1-0ubuntu3

---------------
ubufox (0.6~b1-0ubuntu3) intrepid; urgency=low

  (cherry-pick rev 112 from lp:ubufox)
  * fix LP: #269656 - AN IRRELEVANT LICENSE IS PRESENTED TO YOU
    FREE-OF-CHARGE ON STARTUP; we backout the infamous firstrun feature
    (reverse apply rev 103)
    - update content/overlay.js
    - update defaults/preferences/ubufox.js
    - remove content/mozeula.html

  * fix LP: #272772: packages that Depend/Recommend/Suggest firefox
    (meta-package) must alternatively Depend/Recommend/Suggest abrowser
    - update debian/control

  (cherry-pick rev 113 from lp:ubufox)
  * set all translations for startup.homepage_override_url and
    startup.homepage_welcome_url to about:blank; this prevents firstrun
    and milestone pages to appear
    - update locale/*/ubufox.properties

  (cherry-pick rev 114 from lp:ubufox)
  * HOMEPAGE_ONLINE now points to ubuntu 8.10 release startpage
    - update content/startpage.html

  (cherry-pick rev 115 from lp:ubufox)
  * dont make alternate plugin binding break flashblock; our
    bindings are not \!important anymore
    - update content/alternatePluginsBinding.css

 -- Alexander Sack <email address hidden> Tue, 23 Sep 2008 17:48:53 +0200

Changed in ubufox:
status: Fix Committed → Fix Released
nullack (nullack) wrote :

To label trademarks in the same bucket as copyright is a strawman argument that's a very slippery slope.

Instead of restricting users, trademarks protect users from abuse by providing a consistent user experience associated with a brand. It has been lucky that the free software projects without trademarks have not had a major upset by failing to comprehend the importance of names and brands and how that could be abused by people with malicious intent.

Download full text (3.5 KiB)

Remco wrote:
> Trademark is, like copyright and patents, an "intellectual property",
> designed to restrict other people. It's not in the spirit of free
> software to be bound by any of these.
Remco, the GPL specifically constrains what you can do with code, using
copyright law. It's easy to confuse "do whatever you want" with the
carefully constructed, and enforced, freedoms in free software, but they
really are different things. Free software is not a carte blanche to use
other people's work however you want.

> The same is true for the Firefox code. If we use the nameless version
> and build our own brand, we use free software. If we use Firefox®, we
> aren't using free software, since the license of the branded binary is
> non-free.
>
No, the license is NOT non-free. The GPLv3 explicitly mentions
trademarks and says that it is reasonable to ask people to use a
different name for the results of their modifications while still
protecting the essential freedoms of Free Software.

> Mozilla Firefox is absolutely free... except for the trademark. You are
> completely free to change the code, but you're not allowed to change
> stuff if Mozilla doesn't want you to. To keep Mozilla happy, you have to
> compromise by allowing this friendly notice, and whatever Mozilla may
> want in the future. Basically, Mozilla is an "additional terms
> wildcard".
>
No, if we want to use the Firefox brand, then we must work with Mozilla,
and that's reasonable. If we don't want to use the brand, they have
kindly given us lots of rights to the code they have so lovingly produced.

> I don't like this any more than anyone. I want to use Firefox, but I
> also want to use software that is not restricted by outsiders. The
> Firefox code and Firefox® are two different products with two different
> licenses. The one is free, but undesirable. The other is bound by
> Mozilla's wishes, but a strong brand. It's a lose lose situation. Except
> if Mozilla relinquishes the Firefox trademark, which is unlikely.
>
I feel differently about this. I'm enormously grateful for the work
Mozilla does in giving free software platforms like Linux and Ubuntu a
world-class browser. I'm grateful that we can get access to the very
powerful and meaningful brand - Firefox - and confident that we can work
with Mozilla to make the terms of that access reasonable. To me, it's
important to find a way to respect the wishes of the people that
actually build free software applications. That's not always possible,
and in those cases we want to be gracious about our differences.

How about you? Are you appreciative of Mozilla's work? Do you think it's
reasonable to want to work with them, where we can? Do you contribute a
lot to Mozilla? Do you think it's right to ignore the major contributor
of a big body of work, and even berate them for wanting to create a
strong brand? Do you think the things they are actually asking for here,
now that we've been through this process of engagement with them, are
unreasonable? Or are you simply objecting to the idea that you might
have to work WITH someone instead of just doing what you want?

Sometimes, I think in the free software world we have attitudes t...

Read more...

Mark Shuttleworth (sabdfl) wrote :

Remco wrote:
> Why do you think Ubuntu is not called "Ubuntu Linux"? The trademark has
> been removed from the name.
>
No, that has nothing to do with it. Our packages use "linux" in the
name. If Linus wanted (or the Linux Foundation, I think) then they could
ask us to change them, or stop using the name.

We call the distribution "Ubuntu" and not "Ubuntu Linux" because the
things we care most about are sufficiently well described by that one word.

Mark

Mark Shuttleworth (sabdfl) wrote :

pj wrote:
> Firefox also *offers optional* web site information services, such as
> blah blah....
>
> Instead of:
>
> Firefox also *uses* web site information services....
>
Looks like an improvement to me, I'll pass on the suggestion to Mozilla
folks who may not be watching this thread.

> On grannie, though, I think you may want to think from a different
> standpoint. I acknowledge your amazing skill and energy at mobilizing
> and spreading acceptance of GNU/Linux on the desktop. And part of that
> skill is your ability to figure out what makes it accessible to grannie
> too.
>
> So it's natural you think about her and what she needs. I surely don't
> want to undermine those special abilities you've demonstrated. I admire
> them.
>
> The only caution I feel is this: the first goal is to provide a free
> and open source system. After that comes usability, ease of use,
> convenience, protection of users, etc.
>
Yes, I agree. It's that feeling of being part of something profoundly
different, and liberating, that makes us tick. And the "make users life
easier" theme is a very slippery slope, that can be used to justify the
whole shebang - Skype, Flash, you name it. Walking the fine line between
selling out and actively furthering the cause of free software through
some pragmatism is possibly the toughest thing we do, and I don't think
we can claim to be supernaturally insightful or good at it, we have to
question both our current and sometimes our past positions, regularly.

The fundamentalist "live free or die" approach sounds much easier,
though the problem there is that it's hard to agree on the precise
definition of "fundamentally free" - look at the disagreements between
the DFSG and the FSF on that front. We have Debian and gNewSense and a
few others, all of whom define themselves as being quite fundamentalist
and all of whom have different definitions! So we could adopt a position
of absolutism on this in an attempt to make our lives easier, and then
still find ourselves in tough debates with other folks that have equally
absolute views, just slightly different ones :-)

Mark

2008/9/24 Mark Shuttleworth <email address hidden>

> No, if we want to use the Firefox brand, then we must work with Mozilla,
> and that's reasonable. If we don't want to use the brand, they have
> kindly given us lots of rights to the code they have so lovingly produced.
>

I do more and more agree with you Mark. A company has the right to preserve
its image (aka brand, logo, ...).
I just wonder why Debian created Iceweasel then? I know Debian are real
zealots about the free software, but I also trust them on this subject. So
I'm a bit confuse here...
Maybe I'm wrong, but I understood that they did few Debian-specific
modifications. But as long as they modified Firefox, they can't reuse the
name.
If I'm right until then, why don't they send their modifications to Mozilla?
Mozilla refused?
Imagine you have an Ubuntu-specific feature to add to Firefox. Mozilla
doesn't want it for some reason... What's your choice? Abandon your
modification or change the name?

I'm not trying to make a point here, I'm just trying to understand a bit
better all the consequences :)

Creak wrote:
> Maybe I'm wrong, but I understood that they did few Debian-specific
> modifications. But as long as they modified Firefox, they can't reuse the
> name.
> If I'm right until then, why don't they send their modifications to Mozilla?
> Mozilla refused?
>
I wasn't part of that decision, so I'm only repeating what I heard,
which is that Debian simply preferred not to be obliged to discuss their
changes with Mozilla. I don't think there was any specific change which
Debian wanted and Mozilla felt was problematic, it was more that the
idea of having to maintain an ongoing relationship was not attractive to
the specific developers involved at Debian. And that's a perfectly
reasonable position, too.

> Imagine you have an Ubuntu-specific feature to add to Firefox. Mozilla
> doesn't want it for some reason... What's your choice? Abandon your
> modification or change the name?
>
Yes, pretty much. But so far we've always managed to agree. We always
have the right and the ability to switch to the abrowser package which
we've created, but we prefer to engage as long as possible, we benefit
from the Firefox brand and I hope Mozilla benefits from the exposure we
bring.

Mark

I must admit that I had not given much thought to naming and trademarks in free software earlier. I'm wondering if the situation with Firefox is any different from other big names which are trademarked, like KDE, GNOME, Linux, or OpenOffice. I have not heard similar controversies about them in the context of Ubuntu or Debian or any other distribution. The presence of the anti-phishing service is one difference, but is that it? Is there a reason why Firefox gets talked about more? Is there any distribution which has unbranded versions of the above mentioned products, to gain the flexibility of modifying them?

This has been said earlier, but I'd like to reiterate how awesome it is that anyone is welcome to take part in a discussion in which Mark himself is participating. :-)

Remco (remco47) wrote :

To Mark, all,

Well, I have been making too much a point of this. The reason for that is that the replies I got did not show they understood my main problem with the situation. No, I don't misunderstand trademark; trademark does impose limits on the Firefox® product -- and Firefox® is a different product from Iceweasel/Icecat/abrowser or "the code". (I use the ®-character to distinguish between the two products if necessary.)

I am perfectly OK with using whatever variation of Firefox myself, and I do think Mozilla makes a beautiful browser. I do think Mozilla is a "Good Thing" in the scheme of things, but I'm not so happy with the consequences of their trademark. I'm not against trademarks as a whole, but it has its problems.

And the reason I'd like to see Firefox® in restricted, is only because the branded product is more restricted than free software. It's a matter of sound classification, knowing what you get, so the user can choose his degree of freedom orthodoxity (is that even a word?).

For full disclosure:
* I did suggest earlier in this thread that we could switch to Epiphany. This was before the EULA had disappeared. This was mostly fueled by technical reasons. It integrates better by design.
* I also suggested that it's quite OK for services (free or non-free) to be available in Firefox. Freedom is a choice of the user as far as I'm concerned. And at some point free software has to interface with a non-free world.
* I'm not a developer of free software. I'm just a user, bug reporter and a computer science student planning on making a lot of free software in the future.
* Recovering from minor surgery, I might not have had the best mood ever. Sorry about that. ;-)

As far as I'm concerned, the matter is closed. Well, fixed.

Remco

PS. as long as we're admitting fandoms... big fan of y'all, Mark, pj, and the whole community! :) The fact that the hierarchy of communication is completely flat makes it very exciting to be here!

Mark Shuttleworth wrote:
> I wasn't part of that decision, so I'm only repeating what I heard,
> which is that Debian simply preferred not to be obliged to discuss their
> changes with Mozilla. I don't think there was any specific change which
> Debian wanted and Mozilla felt was problematic, it was more that the
> idea of having to maintain an ongoing relationship was not attractive to
> the specific developers involved at Debian. And that's a perfectly
> reasonable position, too.

That's not accurate. There were at least two sticking points where what
Mozilla insisted upon simply conflicted with the Debian Free Software
Guidelines. It was not that Debian "simply preferred" not to work with
Mozilla on an ongoing basis.

The two major problems were: 1) The Firefox (etc) logos have a copyright
license that is not DFSG-free, so Debian would not be able to use those
without a change in those licenses;[1] and 2) while Mozilla was willing
to make a Debian-specific exemption that entitled Debian to make
modifications to the code and still call the products
Firefox/Thunderbird/etc., Debian-specific licenses also violate DFSG #8,
because Debian has to be able to pass down to its users all the rights
that it has.[2] Debian cannot allow special exemptions that apply only
to Debian or this would leave its users in the lurch with less freedom
than Debian itself has.

One would think that Ubuntu, the organization that arguably benefits
from this Debian policy more than anyone else, would at least be
cognizant of it.

Brian

[1] See, e.g.,
http://www.mozilla.org/foundation/identity-guidelines/firefox.html
[2] http://www.debian.org/social_contract#guidelines

On Wed, 24 Sep 2008 18:19:24 -0000
Brian C <email address hidden> wrote:

> Debian cannot allow special exemptions that
> apply only to Debian or this would leave its users in the lurch with
> less freedom than Debian itself has.

<rant mode>

Yet again, Debian doesn't allow me to create a t-shirt with 'Debian
Official' logo on it. On the other hand, Debian developers do have that right.

</rant mode>

Brian, no offense was intended, and thank you for your clarification.

I think we've pretty much exhausted this thread, folks. We're starting
to repeat ourselves.

It's been a very interesting discussion for the most part, thanks to all
who participated. No animals were harmed in the conduct of this debate,
and the final result is quite reasonable. I expect we'll have variations
on the theme crop up in future, and I hope we can maintain a spirit of
constructive discussion.

Mark

unimatrix9 (jochemscheelings) wrote :

Its been an interesting discussion, thanks for all those involved.

FrogEatFrog (frogeatfrog) wrote :

Ante Karamatić wrote:
> <rant mode>
>
> Yet again, Debian doesn't allow me to create a t-shirt with 'Debian
> Official' logo on it. On the other hand, Debian developers do have that right.
>
> </rant mode>

Note how silly a scenario you had to create in order to make your point. According to Debian's own logo policy[1], use of their "Official Use" logo is pretty strictly controlled, but their "Open Use" logo is under a BSD-like license (no warranty, no endorsement implied). Guess which one is exclusively used in the actual Debian distribution? That's right, the Open Use logo. Debian is nothing if not consistent (sometimes to the extreme), and they do not put anything in their software that you are not allowed to use under the same terms they themselves follow. In fact, I have not seen the Official Use logo used *anywhere* in many years, making the Open Use logo the de facto logo of the Debian project, so complaints about their trademark policy are misguided..

Back on topic, thanks to Mark and everybody from Mozilla to coming to as reasonable a solution on this issue as you could. :)

[1] http://www.debian.org/logos/

kafpauzo (kafpauzo) wrote :

I think two things need to be added.

First: All this should be easy to find under Help -> About.

Second: As I understand it, when the service is turned on, Firefox contacts Google once every half hour (or some such) to update the blacklist. This should be mentioned.

By contacting Google, the browser informs Google about our browsing-time habits. This lets Google add some more details to its already vast repository of statistics on our habits, interests and other privacy-sensitive data.

Some people feel that it’s risky for our civil liberties that such huge amounts of private information gets concentrated at one entity. Because of this, such things must always be told very openly. People have a right to know about these things and decide for themselves. It may be unimportant when it's only used for serving ads, but important for someone who feels politically persecuted. That's for each person to decide. The information on Firefox doing this must be very openly available.

The text should mention whether the only identifying information in these contacts is the user's IP address, or whether there's a more uniquely identifying cookie or some such.

In fact I wish that instead Firefox contacted Canonical or Mozilla to update the blacklist, and Canonical or Mozilla got the list from Google. Privacy information should be spread out among many different entities, not concentrated at one entity.

jackb_guppy (jackb-guppy) wrote :

Another piece of information that needs to clear, in accepting the current push of FireFox, will it reset the flags that are turned off, forcing you to agree to something you have already not agreed to?

This whole problem has been handled backwards. First forcing EULA, to get a hidden by default license in front of user who does not realize they were pre-agreed to service by default. What a good way to open.

SilverWave (silverwave) wrote :

The Frankenphishing Service.

>Mark Shuttleworth wrote:
>pj wrote:
>> Since Mark is asking for input on the service, I will tell you that the first thing I do is
>> turn off antiphishing services, along with every other thing that tends to track my
>> surfing. I turn off Javascript and cookies too, for example, so I'm definitely not the
>> average person in my habits. I turn stuff on as needed, clean up, and turn it off
>> again.
>>
>In the community of folks who are very aware of the sort of abuse that
>goes on, being conservative about JS and cookies isn't unusual. Those
>are definite attack vectors on one's online identity and privacy.

>Out of curiosity, would you prefer that cookies and javascript be
>disabled in the default case for Ubuntu, too? If the argument is that
>anti-phishing might be used to track your surfing, like cookies and JS,
>and therefor it should be turned off, would it not also be consistent to
>want JS and cookies disabled by default? We certainly take the view that
>we (Ubuntu) are entrusted with our users security, so this would be
>worth exploring. My gut feel would be though that most people would say
>"I'll turn that off for myself where I'm concerned, but I understand
>that the default should for JS to be switched on".

The bug is in the way the antiphishing services works...

The old implementation was a choice between checking with google for each site you visited and downloading a blacklist that did its checking without calling home to google.

I had no problem with the second approach but then things changed and you now get the Frankenphishing service which does the "download the blacklist file and check thing" BUT if it gets a hit it then does a phone home to google to double check in realtime.

I would say that the downloading of the blacklist and local anti-phishing checking with no phone home should be the default.

No privacy concerns with this.

The problem is the phoning home to check thing.

So this whole problem with the anti-phishing services is just bad implementation.

1. The default should be that a file is downloaded every day\hour and this is used to check for bad sites.
No phone home or anything.

2. On first hit of a phishing site, ask for user to accept Terms an Conditions of the service.

3. Also ask if user wants to start checking with google in realtime or not (point out the privacy issues).

version 3.03 of firefox is repeatedly showing me this eula, which isn't really an eula, I don't care about it appearing the first time but its starting to really get on my nerves since its showing me this repeatedly!

What kind of idiot decided this was needed, surely the about item on the help menu is enough, if necessary add a button to allow the user to read the whole thing if they want.

Firefox is googles customer, not me. Larry Page and Sergey Brin.pay for firefox, I don't.

It's all a bit Anal-Retentive this Eula thing any way, so stop doing it! Google wants as many people using FireFox as possible but this showing the freaking eula every time firefox starts is annoying the hell out of me, not only that its embarrassing, I don't want to be grouped in with a bunch of anal retentitive losers because thats what it looks like, every time you fling that Eula in users faces, its not big its not clever and someone should have known better.

Firefox needs an update sharpish or another browser is getting installed!

Lol you said anal

----
----
This email was sent from a Palm Centro

-----Original Message-----

From: blackest_knight <email address hidden>
Subj: [Bug 269656] Re: AN IRRELEVANT LICENSE IS PRESENTED TO YOU FREE-OF-CHARGE ON STARTUP
Date: Mon Nov 17, 2008 11:44 am
Size: 1K
To: <email address hidden>

version 3.03 of firefox is repeatedly showing me this eula, which isn't
really an eula, I don't care about it appearing the first time but its
starting to really get on my nerves since its showing me this
repeatedly!

What kind of idiot decided this was needed, surely the about item on the help menu is enough, if necessary add a button to allow the user to read the whole thing if they want.

Firefox is googles customer, not me. Larry Page and Sergey Brin.pay for firefox, I don't.

It's all a bit Anal-Retentive this Eula thing any way, so stop doing it!
Google wants as many people using FireFox as possible but this showing
the freaking eula every time firefox starts is annoying the hell out of
me, not only that its embarrassing, I don't want to be grouped in with a
bunch of anal retentitive losers because thats what it looks like, every
time you fling that Eula in users faces, its not big its not clever and
someone should have known better.

Firefox needs an update sharpish or another browser is getting
installed!

--
AN IRRELEVANT LICENSE IS PRESENTED TO YOU FREE-OF-CHARGE ON STARTUP
https://bugs.launchpad.net/bugs/269656
You received this bug notification because you are a direct subscriber
of the bug.

--- message truncated ---

Changed in firefox:
status: New → Invalid
Changed in firefox:
status: Invalid → Unknown
Changed in firefox:
status: Unknown → Fix Released
Daniël H. (daan-is-here) wrote :

released

Changed in ubufox:
status: Fix Committed → Fix Released
Laurens V. (laurens73) wrote :

Sorry to kick this obsoleted discussion. Unfortunatly I have to admit that I too, have quit using Ubuntu. To be specific: Xubuntu. I am not the only one who quit using an Ubuntu distro. My wife who's a dedicated KDE user quit Kubuntu for the reason Canonical chose KDE4 in stead of offering the choice to use KDE3 or KDE4. Xubuntu (tried Jaunty on a customer's pc) has a great look and feel, the way installing it, using it is fantastic, but the feeling to agree with an EULA of Firefox, the knowledge my machine would become unstable after a distro upgrade made me decide me to go back to Debian, including my advices to others. I use a stable Lenny release with the advantages of the Squeeze release, thinking back on the time using Kubuntu / Xubuntu wich worked perfectly on the most recent machines (also in professional ways) but doing a distro upgrade had a 50% chance of succeeding while its origin Debian succeeds on 95% of the installs. When Canonical would change its policy in periods of distributing (*)Ubuntu letting the older installs being compatible with their first oncoming releases I (and a lot of my customers) would be some of the many to be returning to (*)Ubuntu. Canonical is doing a great job, but the product has to be workable over a longer time than it is today. I'd like to see the (*)Ubuntu distro's being upgraded as freely as other distro's do, slowly and stable changing to the next without loss of data and/or stability.

Rafael Belmonte (eaglescreen) wrote :

To Laurens V.
You do not need to accept any Eula in Ubuntu, you can use abrowser as the same way you use iceweasel on Debian.
You do not need to upgrade your system each six months, you can use LTS versions only, which is almost equal to use Debian stable.

Changed in firefox:
importance: Unknown → Critical
Displaying first 40 and last 40 comments. View all 550 comments or add a comment.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.