Mozilla

Ubuntu, Firefox and License Issues

September 15th, 2008

Ubuntu recently included a patch that causes an End User License  Agreement for Firefox to appear. This has caused great concern on several topics. One is the content of the agreement. Another is the presentation. A third is whether there’s any reason for a license at all.

The most important thing here is to acknowledge that yes, the content of the license agreement is wrong. The correct content is clear that the code is governed by FLOSS licenses, not the typical end user license agreement language that is in the current version. We created a license that points to the FLOSS licenses, but we’ve made a giant error in not getting this to Ubuntu, other distributors, and posted publicly for review. We’ll correct this asap.

Second, the way the license is presented to people also has issues. I think the presentation might not be so bad if we had the correct content there, so that it said the software is governed by the FLOSS licenses that are so important to us. But even then the presentation may have issues. We’re certainly trying to figure this out. We’ll do this with public input; you’ll see posts about this shortly as well.

There’s a third question of services, and whether the FLOSS license for the code can include the services one accesses. We think this isn’t true all the time, and the license will reflect that. The code is governed by FLOSS licenses, and we should have been clear about that.

This leaves the question of whether it ever makes sense to show people the terms that relate to the software and services available to them. I saw some comments asking why one ever needs any terms. Again, if we had the correct content I think this would be less of an issue because then we would be telling people about FLOSS licenses. We (meaning Mozilla) have shot ourselves in the foot here given the old, wrong content. So I hope we can have a discussion on this point, but I doubt we’ll have a good one until we fix the other problems.

We take this very seriously and are working hard to fix it.

Update: text of the revised license is online.

Categories: Mozilla | Tags: ,

91 comments for “Ubuntu, Firefox and License Issues”

  1. 1

    Pingback from John’s Blog » Mitchell’s Blog » Blog Archive » Ubuntu, Firefox and License Issues

    […] Mitchell’s Blog » Blog Archive » Ubuntu, Firefox and License Issues. […]

  2. 2

    Asa Dotzler said on September 15th, 2008 at 11:53 am:

    Thanks for clearing up the issue of the EULA’s content, Mitchell.

    Unfortunately, from what I’ve read over the last couple of days, I can’t find any serious concerns expressed about the _content_ of the EULA.

    Pretty much all of what’s being discussed publicly has been about the very existence of a EULA.

    “EULAs don’t belong in Free Software” seems to be the basic sentiment.

    I don’t know how one argues against that sentiment given that every major Linux distro I’ve installed had a EULA and yet that seems unproblematic to most of the people making the demands that Mozilla not have one.

  3. 3

    Mackenzie said on September 15th, 2008 at 12:04 pm:

    My thinking is that since the MPL & the trademark stuff aren’t really about end-use, but about developers, that putting it in an official Firefox release doesn’t make a lot of sense. Since that stuff is for developers, it should go in the COPYRIGHT file in the CVS and tarballs if it’s not in there right now. That’s how that stuff is usually handled, and I think it’s how Mozilla has done it til now.

  4. 4

    James said on September 15th, 2008 at 12:30 pm:

    Asa: the content was discussed in the /. comments. Fedora removed their EULA a few releases ago.

  5. 5

    Christopher Blizzard said on September 15th, 2008 at 12:39 pm:

    Fedora still has a license agreement. It’s just a bit disguised as a link instead of being included directly in the installer:

    https://fedoraproject.org/wiki/Legal/Licenses/LicenseAgreement9

    Ubuntu has one as well, but it’s even more disguised on this page:

    http://www.ubuntu.com/legal

    > Please read these agreements before installing and using the software; by installing and using the software, you will have accepted the terms of the agreements.

    The distributions all have the same kinds of agreements, it’s just a question of how they are presented.

  6. 6

    Christopher Blizzard said on September 15th, 2008 at 12:44 pm:

    https://bugs.edge.launchpad.net/ubuntu/+source/firefox-3.0/+bug/269656

  7. 7

    Pingback from The Open Sourcerer » Is Mozilla losing the plot? [Updated x2]

    […] 2: Mitch Baker has just posted a blog entry. Basically it sounds like they fscked up but haven’t worked out a fix – yet. Tell Someone […]

  8. 8

    Vadim P. said on September 15th, 2008 at 12:52 pm:

    Mozilla’s own Firefox 3 build presented an EULA to me when I upgraded a machine from Firefox 2. I haven’t seen Ubuntu’s, because I don’t use the development version, but I certainly do wonder how was the license presented much differently than a dialog that won’t let you past.

    Out of the proposed ‘solutions’ (rebrand, use Iceweasel or Epiphany), one proposed by a Fedora memeber makes most sense – if you really, really need to have that in-your-face license:

    Mike Chambers wrote:
    > I am a Fedora user, and have heard about this little argument and
    > someone brought it up thinking we did it as well. Well, we don’t show
    > that EULA at all but we do have a link to it. The URL below is how
    > Fedora shows it during the first run of firefox and maybe if Ubuntu did
    > the same think it might help? Good luck on your decision.
    >
    > http://fedoraproject.org/static/firefox/

    @Asa: Fedora and Ubuntu are major Linux distributions and do not have an EULA. Since this is about Ubuntu, which does not have one, you can certainly understand how can one argue against that.

  9. 9

    The Open Sourcerer said on September 15th, 2008 at 12:52 pm:

    @Asa, I have never seen an EULA in *any* distro I’ve used. Fedora removed theirs in v7 IIRC.

    Mitchell, I’m glad you posted this. It will probably have a [temporary] calming effect.

    IMO there is no room in “Free Software” for an EULA.

  10. 10

    Olaf Rhialto Seibert said on September 15th, 2008 at 1:10 pm:

    I just built an *unbranded* version of firefox 3.0.1 by not using –enable-official-branding. It calls itself Minefield. You would expect that this would get an unbranded version, that does not require that EULA in any way whatsoever (and which by the looks of it violates the GPL).

    However, on first startup, I was *still* presented with a EULA window.

    That seems so, so wrong.

  11. 11

    Ben Williams said on September 15th, 2008 at 1:14 pm:

    Some questions I haven’t seen answered elsewhere:
    * Where can we see the correct content of the license?
    * Why does Mozilla believe the license is necessary?
    * Is it necessary that end users click an “I Agree” button or do they just need to be able to view the license somewhere in the software?

  12. 12

    SirYes said on September 15th, 2008 at 1:25 pm:

    This is a solution even most EULA-aware people would accept:

    http://fedoraproject.org/static/firefox/

    IMHO

  13. 13

    Anders said on September 15th, 2008 at 1:31 pm:

    Hi,

    Great you take action. I think it is very important that Free Software distinguish itself from the abusive practices of proprietary vendors. To do so it is important not to present anything that even resembles one of the foremost symbols of abuse – the EULA. So if Firefox _must_ present something it should look very different from a EULA.

    Maybe somethink like

    “””
    THIS is Free Software. We are pleased to inform you that you have essensial freedoms to use, study, modify and redistribute this software. We care about you, your freedom and how to make the web a better place. Etc. etc.
    “””

    Best
    Anders

  14. 14

    Sam Liddicott said on September 15th, 2008 at 1:51 pm:

    Lets try it out properly:

    Have a eula day when a patched window manager pops up a eula for every application launched, so we can see if we really want to go this way.

    I’ve tried it as a thought experiment but real life may be worthwhile…

    Sam

  15. 15

    Erik Postma said on September 15th, 2008 at 1:52 pm:

    Thanks for your balanced post. It’s great to read that you guys are working on this. What’s your position on the Fedora solution — is that sufficient?

  16. 16

    Damian Chiles said on September 15th, 2008 at 2:59 pm:

    Having any end-user restrictions on use of the software is a bug. If they apply only to the web service (and you need privacy consent, etc., before you can access the first URL), then you need the startup pop-up to make it very clear that consent is not needed simply to use the software, and the user may use the software after choosing any of the following three options:

    1) Accept and use the malware web service.
    2) Decline and do not use the network service.
    3) Decline and browse without the service for now, but leave the dialog up while I think about it.
    (An optional 4th choice is to accept but not use the web service for now.)

    Although personally, I’d make the 3rd choice above the default and not block browsing until the choice is made. There is a window of vulnerability if the user runs firefox for the first time with an unsafe URL argument, but I don’t think that usage pattern is typical of naive users.

  17. 17

    Pingback from Intrepid, Firefox et son CLUF « Stemp

    […] : Ça bouge du côté de Mozilla : Ubuntu, Firefox and License Issues Publié dans Logiciels Libres, Ubuntu [fr]. Tags : epiphany, firefox, iceweasel, Ubuntu, […]

  18. 18

    nobody said on September 15th, 2008 at 3:52 pm:

    An application specific click-through “EULA” is out of place on systems where all the software is redistributable. If you need a privacy statement that can be displayed via a local first run click-through HTML page. You can even take the oportunity to note the copyright status, link to the MPL and state that the mozilla trademark cannot be used without express permission in redistributed builds.

    What users don’t need is a explicit EULA when there’s already an implicit license to use the software, imagine if every program did that on first run! I’ve got around 700 packages installed here, some (eg: GNU coreutils) containing multiple programs.

  19. 19

    Dave Morris said on September 15th, 2008 at 4:05 pm:

    Hi,

    First, thank you for discussing this so promptly and openly.

    As a Fedora user, I would recommend the Fedora solution posted above, i.e. A simple page pointing to the more detailed legal page.

    However, I would also like to suggest a slight variation to the options suggested by Damian.

    Given the option, most Linux users I know would disable the safe-browsing features anyway, due to privacy concerns.

    So I would suggest that the browser puts up a pop-up asking “Do you want to use the safe-browsing web service provided by Mozilla”. If the user click ‘yes’, _then_ you ask them to agree to the service terms and conditions.

    I would suspect your users would fall into two groups.

    1) non technical users, who would be happy to use the service, who are probably not that aware of FOSS, and are probably not that concerned about having to agree to a license agreement.

    2) technical users, who would not want to use the service due to privacy concerns, and are probably the ones the most concerned about having to accept a license agreement to use FOSS.

  20. 20

    Pingback from The Licquia Blog » Blog Archive » Free Software EULAs?

    […] 2: Cautious optimism is appropriate, I think.  Mitchell Baker, Mozilla chair: We (meaning Mozilla) have shot ourselves in the foot […]

  21. 21

    mitchell said on September 15th, 2008 at 4:28 pm:

    On the services piece, yes — one can opt out of them if one wants, and keep using the product without the services.

  22. 22

    Dave Morris said on September 15th, 2008 at 4:32 pm:

    Asa:

    “I don’t know how one argues against that sentiment given that every major Linux distro I’ve installed had a EULA and yet that seems unproblematic to most of the people making the demands that Mozilla not have one.”

    From what I’ve seen, the objections were that the EULA appeared when FireFox was used rather than when it was installed.

    Accepting legal stuff when you install an application would probably be acceptable to most people.

    If the Mozilla terms could be combined with the standard page shown when the OS is installed, then that would be fine.

    If the Mozilla terms needed to be in a separate page, then I’m afraid it would probably mean that branded FireFox would have to be removed from the default install. Users could then install it afterwards, and explicitly accept the terms when they installed it.

    Popping up an EULA when applications are used is normal practice in a Windows environment, but it is *very* out of place in a Linux system. The constant intervention of license terms and conditions was one of the (many) reasons that I stopped using Windows and converted all my machines to Linux.

    I think a lot if this is due to the perception of what the ‘system’ is.

    On a Windows system you are very aware of all the different applications you need to install to get the system to do everything you need. As a result, Windows users are used to accepting lots of different legal terms and conditions from different companies.

    Most Linux users consider the whole thing as one system. As far as they are concerned they are installing ‘Ubuntu’, ‘Debian’ or ‘Fedora’, and that comes with pretty much all the tools they are going to need.

    As a result, Linux users are happy to accept the EULA for the system as a whole, but after that they don’t expect to have to agree to separate terms and conditions for each of the individual applications that come with it.

    Any application that needs an additional EULA above and beyond the EULA for the overall system is by definition making itself stand apart from the system by requiring special terms.

    In which case, it can still be available as part of the distro, but not as part of the default install. Users can then agree to the separate terms if they choose to install the application themselves.

  23. 23

    mitchell said on September 15th, 2008 at 4:33 pm:

    Text of revised license is at:

    http://lockshot.wordpress.com/2008/09/15/firefox-eula-in-linux-distributions/

  24. 24

    mitchell said on September 15th, 2008 at 4:40 pm:

    Ben Williams:

    1. See previous comment for license locaton
    2. Why does Mozilla believe the license is necessary?
    Our view is that it should be easy for people to see the terms that apply to software made available to them. This isn’t as comfortable as starting a piece of software and seeing nothing, we understand that.
    3. It’s hard to tell what’s “necessary.” It’s an unsettled area and may vary across different locales. We’ve traditionally been more conservative on this point than many Linux distros.

  25. 25

    Douglas Sims said on September 15th, 2008 at 4:41 pm:

    I’m one of the many people concerned about the EULA. On reading this blog entry, though, I’m very much reassured that Mozilla Foundation will solve this problem. Mitchell Baker’s attitude, candor, and honesty is exemplary – and rare.

  26. 26

    Jef Spaleta said on September 15th, 2008 at 4:51 pm:

    Here’s my question to Mozilla.
    What is left to figure out? Considering that Mozilla dealt with this already over the summer in the context of Fedora’s usage of the trademark.. why is this suddenly a “new” problem now for Mozilla?

    What “new” issues or understanding has Mozilla internally found beyond the issues dealt in resolving the EULA issues over the summer in the Fedora usage context?

    -jef

  27. 27

    Ben Bucksch said on September 15th, 2008 at 4:57 pm:

    Michell, thanks for the acknowledgment! I am glad to hear that you think the current EULA wording is not necessary.

    I felt it violates the open-source mantra that Mozilla operates under, because the EULA is not open-source, but a typical proprietary license.

    About necessity of the EULA: I think (IANAL, but you are 🙂 ) it is not necessary, because neither MPL nor GPL (user has the choice) make any demands or restrictions for end users. GPL even quite explicitly so. (Distributors and modifiers are irrelevant here, they need to go look for the license file anyways.)

    I think the trademarks are protected implicitly by law, nor can an end user infringe them anyways. A statement next to the MPL/GPL would make it clear also to distributors that you intend to exclude your trademarks (and artwork which embodies the trademark) from the free software grant. (This is assuming it’s reasonably easy to remove the trademarks; our build switch should make that easy enough.) Therefore, I think that the trademark protection does not require the *end user* to agree to an EULA either.

    As far as services go, I don’t know the terms for these, but if they are so bad that a user would need to agree to special terms, they should not be used in the first place. Whatever terms apply to website http fetches should also apply to the services.

    Irregardless of that. Thanks again, Mitchell, for having listened and allowing Ubuntu and others to use a better-suited EULA!

  28. 28

    Ben Bucksch said on September 15th, 2008 at 5:06 pm:

    @Olaf Rhialto Seibert:
    The fact that the unbranded Minefield presents an EULA in fact is very wrong, and I filed a bug, and fixed it. I got review, but I still need to check into trunk. I also need 3.x approval and find out which branch I need to check in.
    https://bugzilla.mozilla.org/show_bug.cgi?id=443918

    @Asa: Ubuntu does not have a EULA that I need to explicitly accept. IIRC neither does Debian nor Gentoo. Fedora was already mentioned. Leaves only SuSE as big distro.

  29. 29

    Jiff Dolotts said on September 15th, 2008 at 5:21 pm:

    I dunno dude, I switched from Firefox to Chrome the day it came out and never looked back.

    Jiff
    http://www.anonymize.us.tc

  30. 30

    Mitchell Baker said on September 15th, 2008 at 5:27 pm:

    Jef: I think the new problem is execution. slow execution. as in not getting the license posted publicly.

  31. 31

    tacone said on September 15th, 2008 at 5:36 pm:

    Thanks.

  32. 32

    Pingback from tecosystems » links for 2008-09-15

    […] Mitchell’s Blog » Blog Archive » Ubuntu, Firefox and License Issues fun w/ EULAs (tags: mozilla eula ubuntu firefox licensing mitchellbaker) […]

  33. 33

    DaGoodBoy said on September 15th, 2008 at 6:30 pm:

    Remember XFree86?

    http://en.wikipedia.org/wiki/XFree86#2004:_Licensing_controversy

    “XFree86 4.4 was released in February 2004 with a change to the license: the addition of a credit clause, similar to that in the original BSD license, but broader in scope.”

    So Mozilla, ostensibly developing free software, now requires a EULA? If nothing else, you guys will supply yet *another* object lesson in how to completely fsck up an open source application…

    DaGoodBoy

  34. 34

    jef said on September 15th, 2008 at 6:31 pm:

    in reply to Mitchell Baker:

    Just making sure there isn’t some new thinking coming from inside Mozilla. Maybe you guys got a new lawyer or something and is championing a new in-house interpretation of your legal needs. Who knows, just wanting to make sure nothing’s significantly changed since Fedora put its solution in place.

    As a larger community we have a serious problem looming when it comes to the licensing and notification of “web services” which are expected to be on by default in whatever the “online desktop of tomorrow” ends up looking like. Mozilla is positioned, right now, to take the lead on a larger community discussion as to what best practises are in how to handle these sort of deeply integrated web services in the open desktop environment. I’m worried that the current blessed solution with regard to web services licensing notification scales out to a desktop with multiple service vendors.

    -jef

  35. 35

    Vadim P. said on September 15th, 2008 at 6:44 pm:

    Mozilla should take a book out of Canonical’s trademark protection policy.

    Don’t stick the EULA into the face of everybody who doesn’t need it, but point it out to those who violate it.

  36. 36

    Ben Bucksch said on September 15th, 2008 at 7:21 pm:

    @Olaf Rhialto Seibert:
    Problem fixed in trunk for FF 3.1. Unbranded versions (Milefield) no longer show the EULA. Still waiting for 3.0.x approval.

  37. 37

    Ben Bucksch said on September 15th, 2008 at 7:22 pm:

    @Olaf Rhialto Seibert:
    Problem fixed (at least) for FF 3.1. Unbranded versions (Minefield) no longer show the EULA.

  38. 38

    Chip Bennett said on September 15th, 2008 at 7:40 pm:

    To me, it’s quite simple:

    Regardless of Ubuntu’s decision regarding Firefox’s status (and by all rights it should now be moved to Restricted, and replaced with IceWeasel or other as the default browser), if Mozilla insists that the EULA must stay, then Firefox will *not* stay on my system.

    I’m sure my profile will port just fine to IceWeasel.

    I love Firefox, but this move is horribly, atrociously ridiculous.

    Forcing this EULA in the face of users under the guise of making it “easy for people to see the terms that apply to software made available to them” is – pardon the bluntness – asinine.

    If I care, I’ll go find out the terms of the GPL/MPL or whatever else license under which I use the software on my system.

  39. 39

    michael said on September 15th, 2008 at 9:48 pm:

    > 2. Why does Mozilla believe the license is necessary?
    > Our view is that it should be easy for people to see
    > the terms that apply to software made available to
    > them. This isn’t as comfortable as starting a piece
    > of software and seeing nothing, we understand that.

    Mitchell:

    If, as you say, it is supposed to be easy for people to to see the terms of the software license, why not embed the license in the Help menu (or in Help –> About)? It wouldn’t be click through, it would be ever present. And it could be referred to at will or as needed — an expansion of the info that is already found at that location.

    It could be linked to from the info page that appears when Firefox is run for the first time after install or upgrade, and it would be there for anyone to refer to in the future, should they so desire (which would be something of a novelty considering that most licenses are never again seen once they’re dismissed).

    As a strategy, this would seem to fulfill Mozilla’s requirements of presentation, streamline the user experience by not interrupting them, and would alleviate any and all of the concerns of the Linux community.

  40. 40

    MacroRodent said on September 15th, 2008 at 9:58 pm:

    What would happen, if every application supplied with a typical distro would pop up an EULA the first time it is used? Right: The user would get disgusted in about a second, and give up with Linux. What makes Firefox so special it needs this?

    The BSD’s have a fairly practical approach. They have a licensing issue in that the version of BSD license governing many components demand acknowledgement, but this is done with a long list at the end of their readme file or similar.

  41. 41

    Pingback from Le Weblog de Frederic Bezies » Archive du blog » Ubuntu : quand l’extrémisme libriste se rue sur un simple texte légal.

    […] L’argumentaire de Mitchell Baker, membre de la Fondation Mozilla. […]

  42. 42

    Stefan said on September 15th, 2008 at 11:11 pm:

    In Germany, the Firefox brand is protected by law, and any EULA shown AFTER the install has no legal effect whatever the user clicks.
    -> absolutely no reason to show the EULA

    Users of Firefox are practically unable to violate the lincense. Developers are!
    -> absolutely no reason to show the EULA, a good reason to have the license with the source code

  43. 43

    Meneer R said on September 15th, 2008 at 11:48 pm:

    What part of just removing the liscence is so problematic?

    It seems quite clear that when people use services, they choose to use services.

    I don’t see how all of Ubuntu doesn’t require a liscence… but somehow, in 2008 .. Firefox does…

    Go fire your lawyer… or your ceo .. but somebody is feeling too mighty here.

    Trademark laws protect your stuff just fine.

    This sort of behavior is just screaming FORK; FORK; FORK;

    Also, if the EULA is only about downloading the blacklist (why would we need an EULA for that?) .. i.e. privacy related .. .. then why would declining the EULA be a problem?

    Why not, when we decline the EULA ..just disable the security functions …

    The problem is, you have an EULA we have to agree, or we can’t browse the web … on a default linux install ..

    THat’s simply not acceptable .. it’s not installable like that .. not in a corporate environment … i can’t have every freaking distrobution and application be checked by legal …. Ubuntu was always EULA free .. hence .. no legal involved .. just install …

    Now we got to install the server image and use some other browser .. because you guys are feeling like Steve Jobbs or something..

  44. 44

    Yannis T said on September 16th, 2008 at 12:01 am:

    There is no need for EULA. A trademark is a trademark, covered by laws. We don’t want useless nag-screens!

  45. 45

    Pingback from Mozilla a EULA at stream of bytes

    […] dyskusja nad optymalnym rozwiązaniem na kanałach IRC, grupie newsowej i w komentarzach na blogu Mitchell Baker i Harveya Andersona. Dyskusja jest gorącym tematem wśród członków projektu i mam poczucie, że […]

  46. 46

    Markus Thielmann said on September 16th, 2008 at 2:13 am:

    I’m still missing some comment regarding the necessity of this (or any other) EULA on open source projects. Especially when we’re talking about inclusion of Firefox in Linux distributions.

    Some people already mentioned it: It’s not a representation issue. A lot of countries (like Germany for example) don’t honor EULAs at all. Besides that, Linux distributions are all about free software, why should Firefox (with a modified EULA) force people to read this again?

    In my humble opinion, Mozilla hurts the Firefox trademark with this decision instead of backing it up.

    So please reconsider this decision.

  47. 47

    Nathanael N said on September 16th, 2008 at 2:54 am:

    Free software cannot impose any use restrictions.

    This means that asking an enduser to agree to a EULA is utterly useless. Showing it at first use or first installation is also utterly pointless. If a user decides to start editing or redistributing, they’ll look a little deeper.

    I strongly advise putting all copyright, license (GPL/LGPL/MPL/proprietary for icons), patent (if relevant) and trademark information in the About box. (Help: About). That’s where I’d look, it’s ever-available, even GNU considers it best practice.

  48. 48

    Pingback from Richard Spindler’s Weblog » Blog Archive » Striving for excellence…

    […] UPDATE Offizial Respons. […]

  49. 49

    Pingback from Noch ein unnötiger Blog

    […] Mozilla hat dies natürlich auch bemerkt und nun Fehler eingestanden. Jedoch was mich überrascht, ist dass sie nicht die EULA an für sich als Fehler ansehen, sondern, […]

  50. 50

    Pingback from Mozilla Firefox EULA « David’s Linux Blog

    […] Firefox EULA There’s been a lot of talk lately about Mozilla asking that Ubuntu display the Firefox EULA to protect their […]

Skip past the sidebar