Mozilla EULA Followup

Following up from a few days ago, the EULA (End User License Agreement) has landed for 1.0. I copied the text here so everyone who hasn’t downloaded a build yet can see what I’m talking about:

FOR TRANSLATIONS OF THIS LICENSE INTO SELECTED LANGUAGES, PLEASE VISIT WWW.MOZILLA.ORG/LICENSING.

MOZILLA FOUNDATION

MOZILLA FIREFOX END-USER SOFTWARE LICENSE AGREEMENT

A SOURCE CODE VERSION OF CERTAIN FIREFOX BROWSER FUNCTIONALITY THAT YOU MAY USE, MODIFY AND DISTRIBUTE IS AVAILABLE TO YOU FREE-OF-CHARGE FROM WWW.MOZILLA.ORG UNDER THE MOZILLA PUBLIC LICENSE and other open source software licenses.

The accompanying executable code version of Mozilla Firefox and related documentation (the “Product”) is made available to you under the terms of this MOZILLA FIREFOX END-USER SOFTWARE LICENSE AGREEMENT (THE “AGREEMENT”). BY CLICKING THE “ACCEPT” BUTTON, OR BY INSTALLING OR USING THE MOZILLA FIREFOX BROWSER, YOU ARE CONSENTING TO BE BOUND BY THE AGREEMENT. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT, DO NOT CLICK THE “ACCEPT” BUTTON, AND DO NOT INSTALL OR USE ANY PART OF THE MOZILLA FIREFOX BROWSER.

DURING THE MOZILLA FIREFOX INSTALLATION PROCESS, AND AT LATER TIMES, YOU MAY BE GIVEN THE OPTION OF INSTALLING ADDITIONAL COMPONENTS FROM THIRD-PARTY SOFTWARE PROVIDERS. THE INSTALLATION AND USE OF THOSE THIRD-PARTY COMPONENTS MAY BE GOVERNED BY ADDITIONAL LICENSE AGREEMENTS.

1. LICENSE GRANT. The Mozilla Foundation grants you a non-exclusive license to use the executable code version of the Product. This Agreement will also govern any software upgrades provided by Mozilla that replace and/or supplement the original Product, unless such upgrades are accompanied by a separate license, in which case the terms of that license will govern.
2. TERMINATION. If you breach this Agreement your right to use the Product will terminate immediately and without notice, but all provisions of this Agreement except the License Grant (Paragraph 1) will survive termination and continue in effect. Upon termination, you must destroy all copies of the Product.
3. PROPRIETARY RIGHTS. Portions of the Product are available in source code form under the terms of the Mozilla Public License and other open source licenses (collectively, “Open Source Licenses”) at http://www.mozilla.org. Nothing in this Agreement will be construed to limit any rights granted under the Open Source Licenses. Subject to the foregoing, Mozilla, for itself and on behalf of its licensors, hereby reserves all intellectual property rights in the Product, except for the rights expressly granted in this Agreement. You may not remove or alter any trademark, logo, copyright or other proprietary notice in or on the Product. This license does not grant you any right to use the trademarks, service marks or logos of Mozilla or its licensors.
4. DISCLAIMER OF WARRANTY. THE PRODUCT IS PROVIDED “AS IS” WITH ALL FAULTS. TO THE EXTENT PERMITTED BY LAW, MOZILLA AND MOZILLA’S LICENSORS HEREBY DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES THAT THE PRODUCT IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE AND NON-INFRINGING. YOU BEAR ENTIRE RISK AS TO SELECTING THE PRODUCT FOR YOUR PURPOSES AND AS TO THE QUALITY AND PERFORMANCE OF THE PRODUCT. THIS LIMITATION WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES, SO THIS DISCLAIMER MAY NOT APPLY TO YOU.
5. LIMITATION OF LIABILITY. EXCEPT AS REQUIRED BY LAW, MOZILLA AND ITS DIRECTORS, LICENSORS, CONTRIBUTORS AND AGENTS (COLLECTIVELY, THE “MOZILLA GROUP”) WILL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES ARISING OUT OF OR IN ANY WAY RELATING TO THIS AGREEMENT OR THE USE OF OR INABILITY TO USE THE PRODUCT, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, LOST PROFITS, LOSS OF DATA, AND COMPUTER FAILURE OR MALFUNCTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND REGARDLESS OF THE THEORY (CONTRACT, TORT OR OTHERWISE) UPON WHICH SUCH CLAIM IS BASED. THE MOZILLA GROUP’S COLLECTIVE LIABILITY UNDER THIS AGREEMENT WILL NOT EXCEED THE GREATER OF $500 (FIVE HUNDRED DOLLARS) AND THE FEES PAID BY YOU UNDER THIS LICENSE (IF ANY). SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL, CONSEQUENTIAL OR SPECIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU.
6. EXPORT CONTROLS. This license is subject to all applicable export restrictions. You must comply with all export and import laws and restrictions and regulations of any United States or foreign agency or authority relating to the Product and its use.
7. U.S. GOVERNMENT END-USERS. The Product is a “commercial item,” as that term is defined in 48 C.F.R. 2.101, consisting of “commercial computer software” and “commercial computer software documentation,” as such terms are used in 48 C.F.R. 12.212 (Sept. 1995) and 48 C.F.R. 227.7202 (June 1995). Consistent with 48 C.F.R. 12.212, 48 C.F.R. 27.405(b)(2) (June 1998) and 48 C.F.R. 227.7202, all U.S. Government End Users acquire the Product with only those rights as set forth herein.
8. MISCELLANEOUS. (a) This Agreement constitutes the entire agreement between Mozilla and you concerning the subject matter hereof, and it may only be modified by a written amendment signed by an authorized executive of Mozilla. (b) Except to the extent applicable law, if any, provides otherwise, this Agreement will be governed by the laws of the state of California, U.S.A., excluding its conflict of law provisions. (c) This Agreement will not be governed by the United Nations Convention on Contracts for the International Sale of Goods. (d) If any part of this Agreement is held invalid or unenforceable, that part will be construed to reflect the parties’ original intent, and the remaining portions will remain in full force and effect. (e) A waiver by either party of any term or condition of this Agreement or any breach thereof, in any one instance, will not waive such term or condition or any subsequent breach thereof. (f) Except as required by law, the controlling language of this Agreement is English. (g) You may assign your rights under this Agreement to any party that consents to, and agrees to be bound by, its terms; the Mozilla Foundation may assign its rights under this Agreement without condition. (h) This Agreement will be binding upon and will inure to the benefit of the parties, their successors and permitted assigns.

I must say: I like it.

Privacy Policy

I’ve been an advocate of this for a while. Mozilla.org should have a privacy policy. Firefox is strongly backed by those in the media who are about privacy, and security. Firefox doesn’t have a clear privacy policy. That concerns me. Not because I think something is happening with my privacy, but because it leaves an open door for bad press. And there’s no real way around it. There’s no clear statement how information is gathered and used.

We have tools that transmit data back to the Mozilla Foundation. For example Talkback. The first time it runs, it does tell you a little about itself. But it doesn’t say enough. Does it mention talkback-public? Not last I checked. It doesn’t discuss how the information is sanitized etc. Update also “phones home”. We don’t mention that, and what’s transmitted. It should also explicitly say to the user that it’s doing so the first time (and allow you to disable should you be concerned). To the best of my knowledge it does that silently still. There are plans now for a reporter tool. That’s yet another tool that transmits info. Granted it will require user consent and intentionally making multiple clicks.

IMHO it would be best to head-off the bad press by making it clear that the Mozilla Foundation takes privacy very seriously. Otherwise, I think we are bound to get some news outlet who is going to make some waves about how Firefox is a privacy nightmare… when it’s actually not. It just doesn’t explicitly state how privacy is guarded and how info is used.

Just my $0.02.

EULA

Well, I know this is a sensitive topic, but I’m going to blog about it anyway. The usual rules on comments (no flames, no fires, no matches, no gasoline or other flammable words) apply. If your smart, you won’t dare violate that warning. I’m tired and it’s late, so pardon the usual fragmented thoughts. With that said….

There is now talk about an EULA (End User License Agreement) for Firefox. Currently there is only a stricken (not going to be used) copy of the EULA posted. A new final version is still in the works. For the sake of this post, I’ll be looking briefly at the last publicly known proposal, and the bug itself. Sources to all quotes in this post are from the mentioned bug, and it’s attachment(s).

First Benjamin Smedberg makes a very valid point that everyone should be aware of:

——- Additional Comment #52 From Benjamin Smedberg 2004-10-28 09:52 PDT [reply] ——-
Juha: Your statement is not correct. Mozilla code is licensed under the MPL, LGPL, *or* MPL. The MPL is specifically a source-level license and redistributors may release binaries under whatever license they choose. But without an license attachment approved by mitchell, this whole discussion is moot.

Though this doesn’t mean there aren’t consequences… There are many different EULA’s. Some much more friendly than others. The following is from an (-) invalid EULA. One that shows how evil they really can be:

4. RESTRICTIONS. Except as otherwise expressly permitted in this Agreement, or in another Licensor agreement to which Licensee is a party, Licensee may not: (i) modify or create any derivative works of the Product or documentation, including customization, translation or localization; (ii) decompile, disassemble, reverse engineer, or otherwise attempt to derive the source code for the Product (except to the extent applicable laws specifically prohibit such restriction, or the underlying ideas or algorithms of the Product; (iii) redistribute, encumber, sell, rent, lease, sublicense, or otherwise transfer rights to the Product; (iv) remove or alter any trademark, logo, copyright or other proprietary notices, legends, symbols or labels in the Product;(v) use the Product in any way that violates any Terms of Service or Privacy Policy that apply to Licensee or any laws; (vi) authorize or assist any third party to do any of the things described in this paragraph.

Now as a non-profit, open source operation, this would be rather counter-productive. If this statement were in the EULA, it would effectively make Firefox proprietary, and based on open source code. Rather than an open source product. A true open source product is one that’s distributed in a manner that encourages further open source development. I know a line along these lines would make me pretty hesitant to contribute. Taken literally, unzipping a .jar file and hacking away at the chrome to fix a bug, or customize it would be a violation. Now I’ll be honest. That’s how I like to hack on Firefox myself. I then normally back-port to my cvsroot. I find it easier to work on the nightly build itself. Just zip and restart the browser. But under these terms, that would qualify as an “attempt to derive the source code for the Product”. Of course you can argue, it’s only meaningful if MoFo decides to go after me for legal action. But that’s actually not true. Say I work for Acme Corp. They want me to help them deploy Firefox in the office. When IT is testing they find a few little UI quirks that the boss doesn’t like. He doesn’t want 3,000 computers to have this silly bug. So he wants me to quickly deal with it. Now because I’m working on the clock for the company, I’m now subject to this regardless of what MoFo says. As long as the license exists, I’m responsible, and my employer could discipline me for violations. Even if it’s fixing a simple UI quirk. That simple method of fixing the bug can’t happen in the workplace regardless of what MoFo says. Acme Corp Legal says we have to go the long way… or I can be fired.

On the PR side, this also has serious impacts. Firefox to date has been marked as an “open source browser”, not “based on open source software”. There’s going to be the potential for some backlash if such a license is implemented.

My final statement is rather simple: limit the EULA to trademark and liability talk.

5. LICENSEE’S RESPONSIBILITY. Licensee may not use the Product while driving, operating hazardous equipment, or engaging in other forms of hazardous activities. Licensee may use the Product for lawful purposes only. Licensee hereby agrees to indemnify and hold harmless Licensor for losses incurred by Licensor or another party due to someone else using Licensee’s accounts or passwords as a result of Licensee’s failure to use reasonable care to keep such information confidential or as a result of Licensee’s failure to use reasonable care while using the Product.

This makes sense, and is understandable to include. So does the trademark stuff. I’d personally like to see a bit more about privacy, and “phoning home” some that concerns many people these days. Talkback, reporter, and update all fall into this category. I’d suggest attacking this earlier than later.

20. HIGH RISK ACTIVITIES. The Product is not fault-tolerant and is not designed, manufactured or intended for use in environments in which its failure could lead directly to death, personal injury, or severe physical or environmental damage, such as in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life support machines, or weapons systems (“High Risk Activities”). ACCORDINGLY, LICENSOR AND ITS LICENSORS AND OTHER SUPPLIERS SPECIFICALLY DISCLAIM ANY EXPRESS OR IMPLIED WARRANTY OF FITNESS FOR HIGH RISK ACTIVITIES. LICENSEE AGREES THAT THE MOZILLA GROUP WILL NOT BE LIABLE FOR ANY CLAIMS OR DAMAGES ARISING FROM THE USE OF THE PRODUCT IN SUCH APPLICATIONS.

Well, I guess this wouldn’t be moving from Mozilla to Firefox. 😀

Just to simplify: EULA should be used to protect ones ass, rather than to limit another’s ass. Limit liability and trademark issues. Not prevent people from hacking, modifying, learning, and having good geeky fun.

Also should be noted that Firefox may contain proprietary products that can’t be treated as Firefox can (like talkback).

This post is distributed under GPL. You can repost, quote, discuss more, ping, comment, whatever. I am not a lawyer. No legal advice was given in this post. You should consult a lawyer before coding, eating, or breathing.