EULA

Well, I know this is a sensitive topic, but I’m going to blog about it anyway. The usual rules on comments (no flames, no fires, no matches, no gasoline or other flammable words) apply. If your smart, you won’t dare violate that warning. I’m tired and it’s late, so pardon the usual fragmented thoughts. With that said….

There is now talk about an EULA (End User License Agreement) for Firefox. Currently there is only a stricken (not going to be used) copy of the EULA posted. A new final version is still in the works. For the sake of this post, I’ll be looking briefly at the last publicly known proposal, and the bug itself. Sources to all quotes in this post are from the mentioned bug, and it’s attachment(s).

First Benjamin Smedberg makes a very valid point that everyone should be aware of:

——- Additional Comment #52 From Benjamin Smedberg 2004-10-28 09:52 PDT [reply] ——-
Juha: Your statement is not correct. Mozilla code is licensed under the MPL, LGPL, *or* MPL. The MPL is specifically a source-level license and redistributors may release binaries under whatever license they choose. But without an license attachment approved by mitchell, this whole discussion is moot.

Though this doesn’t mean there aren’t consequences… There are many different EULA’s. Some much more friendly than others. The following is from an (-) invalid EULA. One that shows how evil they really can be:

4. RESTRICTIONS. Except as otherwise expressly permitted in this Agreement, or in another Licensor agreement to which Licensee is a party, Licensee may not: (i) modify or create any derivative works of the Product or documentation, including customization, translation or localization; (ii) decompile, disassemble, reverse engineer, or otherwise attempt to derive the source code for the Product (except to the extent applicable laws specifically prohibit such restriction, or the underlying ideas or algorithms of the Product; (iii) redistribute, encumber, sell, rent, lease, sublicense, or otherwise transfer rights to the Product; (iv) remove or alter any trademark, logo, copyright or other proprietary notices, legends, symbols or labels in the Product;(v) use the Product in any way that violates any Terms of Service or Privacy Policy that apply to Licensee or any laws; (vi) authorize or assist any third party to do any of the things described in this paragraph.

Now as a non-profit, open source operation, this would be rather counter-productive. If this statement were in the EULA, it would effectively make Firefox proprietary, and based on open source code. Rather than an open source product. A true open source product is one that’s distributed in a manner that encourages further open source development. I know a line along these lines would make me pretty hesitant to contribute. Taken literally, unzipping a .jar file and hacking away at the chrome to fix a bug, or customize it would be a violation. Now I’ll be honest. That’s how I like to hack on Firefox myself. I then normally back-port to my cvsroot. I find it easier to work on the nightly build itself. Just zip and restart the browser. But under these terms, that would qualify as an “attempt to derive the source code for the Product”. Of course you can argue, it’s only meaningful if MoFo decides to go after me for legal action. But that’s actually not true. Say I work for Acme Corp. They want me to help them deploy Firefox in the office. When IT is testing they find a few little UI quirks that the boss doesn’t like. He doesn’t want 3,000 computers to have this silly bug. So he wants me to quickly deal with it. Now because I’m working on the clock for the company, I’m now subject to this regardless of what MoFo says. As long as the license exists, I’m responsible, and my employer could discipline me for violations. Even if it’s fixing a simple UI quirk. That simple method of fixing the bug can’t happen in the workplace regardless of what MoFo says. Acme Corp Legal says we have to go the long way… or I can be fired.

On the PR side, this also has serious impacts. Firefox to date has been marked as an “open source browser”, not “based on open source software”. There’s going to be the potential for some backlash if such a license is implemented.

My final statement is rather simple: limit the EULA to trademark and liability talk.

5. LICENSEE’S RESPONSIBILITY. Licensee may not use the Product while driving, operating hazardous equipment, or engaging in other forms of hazardous activities. Licensee may use the Product for lawful purposes only. Licensee hereby agrees to indemnify and hold harmless Licensor for losses incurred by Licensor or another party due to someone else using Licensee’s accounts or passwords as a result of Licensee’s failure to use reasonable care to keep such information confidential or as a result of Licensee’s failure to use reasonable care while using the Product.

This makes sense, and is understandable to include. So does the trademark stuff. I’d personally like to see a bit more about privacy, and “phoning home” some that concerns many people these days. Talkback, reporter, and update all fall into this category. I’d suggest attacking this earlier than later.

20. HIGH RISK ACTIVITIES. The Product is not fault-tolerant and is not designed, manufactured or intended for use in environments in which its failure could lead directly to death, personal injury, or severe physical or environmental damage, such as in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life support machines, or weapons systems (“High Risk Activities”). ACCORDINGLY, LICENSOR AND ITS LICENSORS AND OTHER SUPPLIERS SPECIFICALLY DISCLAIM ANY EXPRESS OR IMPLIED WARRANTY OF FITNESS FOR HIGH RISK ACTIVITIES. LICENSEE AGREES THAT THE MOZILLA GROUP WILL NOT BE LIABLE FOR ANY CLAIMS OR DAMAGES ARISING FROM THE USE OF THE PRODUCT IN SUCH APPLICATIONS.

Well, I guess this wouldn’t be moving from Mozilla to Firefox. 😀

Just to simplify: EULA should be used to protect ones ass, rather than to limit another’s ass. Limit liability and trademark issues. Not prevent people from hacking, modifying, learning, and having good geeky fun.

Also should be noted that Firefox may contain proprietary products that can’t be treated as Firefox can (like talkback).

This post is distributed under GPL. You can repost, quote, discuss more, ping, comment, whatever. I am not a lawyer. No legal advice was given in this post. You should consult a lawyer before coding, eating, or breathing.

One thought on “EULA

  1. I hadn’t thought about Talkback. That’s quite important.

    One thing: to me, as a user, one of the main advantages of free/open source software is that I don’t need to worry about licensing. Ever.

    The GPL has two great phrases that make it really easy to get past legal:

    * “Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted []”

    * “You are not required to accept this License []. However, nothing else grants you permission to modify or distribute the Program or its derivative works”.

    Therefore, if I’m not distributing it, I can ignore the license. I can see that this isn’t entirely appropriate for the branded Firefox with bundled software, but it would be really nice to just not have an EULA.

    Perhaps it would make sense to split the license into use (Trademark, whatever), and redistribution (MPL, Talkback copyright)?

    Malcolm (very much NAL)

Leave a Reply

Your email address will not be published. Required fields are marked *