Weekly Edition
Return to the Front page
| |||||||||||||
VLC and unwelcome redistributors
The recent discussion of applying software-style freedoms to other creative
works has focused on, among other things, the possibility of confusion if a
derivative work is made to say something that the original author did not
intend or even actively disagrees with. But that concern is not felt only
by creators working outside of the software realm; freedom can be used (or
abused) to do unpleasant things in the software world too.
VLC is a well-respected media player known for its multi-platform support and its ability to play almost anything the user can come up with. If one searches for VLC in Google, the project's site comes up at the top of the list. But it is likely to be accompanied by one or more paid ads from sites offering free downloads of VLC binaries. This might strike one as an interesting situation; the people behind these sites are willing to pay money for ads so that they can offer up their bandwidth for free downloads. Either their enthusiasm for VLC is so extreme that they are willing to put considerable resources into encouraging its distribution, or something else is going on. Unsurprisingly, it seems that something else is going on. A recent blog posting by VLC developer Ludovic Fauvet names a number of these sites and complains about the business they are in:
What bothers us the most is that many of them are bundling VLC with
various crapware to monetize it in ways that mislead our users by
thinking they're downloading an original version. This is not
acceptable. The result is a poor product that doesn't work as
intended, that can't be uninstalled and that clearly abuses its
users and their privacy. Not to mention that it also discredits our
work as volunteers and that it's time-consuming, time that is not
invested in the development.
In the best case, these distributors commercialize the software for their own objectives. In progressively worse cases, they break the program, add antifeatures, or turn it into overt spyware or malware. It is not surprising that the VLC developers are not pleased by this kind of activity. One user saying "I downloaded VLC and it infected my system" can be enough to deter many others from trying the real thing. VLC is free software, released under the GPL. As long as these redistributors comply with the requirements of the GPL, they are within the rights that the VLC project gave to them - even if they may or may not be violating various laws regarding the distribution of malicious software. As it happens, readers will no doubt be shocked to learn that many of these companies fail to take the GPL's source availability requirements seriously. It's almost as if they actively didn't want others to see what they were doing to the program. Failure to comply with the GPL gives the VLC project one tool which can be used to shut some of these operators down; the project has evidently made use of this power at times. What happens if a distributor corrupts VLC in some way, but complies properly with the licensing requirements? The result can easily be unhappy users and damage to the VLC project's "brand." One could say that the VLC code base reflects the developers' opinions on how a media player should work; making user-hostile changes to that code can cause those developers to be blamed for opinions which they would never have thought to express. They would like to prevent that from happening, but, it seems, the inability to restrict modified versions ties their hands. This problem is exactly why the Mozilla project maintains such firm and uncompromising control over the use of the "Firefox" trademark. A malware version of Firefox could do untold damage to its users and, consequently, to the world's view of Firefox in general; it is not hard to imagine Firefox developers lying awake at night worrying about this scenario. A fiercely-defended trademark with a tight policy on acceptable uses gives Mozilla a means to quickly shut down Fakefoxes which behave in undesirable ways. The trademark approach has its own problems; among other things, it makes it harder for distributors to support Firefox, especially after official support for a given release ends. Strong trademark policies often seem to run counter to the spirit of free software and free expression as well; you cannot, for example, set up a community site at FedoraFans.org (say) without encountering the Fedora trademark rules. Despite these worries, the intersection of trademarks and free software has worked reasonably well most of the time. The VLC project is evidently working on its trademark policies, but VLC has a problem common to many development projects: it is not endowed with the sort of legal budget that Mozilla has. Enforcing trademarks in any non-trivial way requires lawyers; trademarks which are not enforced tend to go away. Organizations like the Software Freedom Law Center can help in the defense of trademarks, but resources for pro-bono work will be limited. So trademarks, even if handled well, are not a complete solution to this problem either. That leaves the bulk of free software projects without much in the way of defense against those who would misuse their code. But, somehow, as a community, we have managed to muddle along reasonably well anyway. We have some advantages in that area: we have well established trusted distribution channels for software and a natural disinclination to run binaries from suspicious-looking third-party web sites. We also, for better or worse, have relatively few big-name programs which are sought out by users of more frequently targeted operating systems. As free software continues to grow in popularity, though, we may find ourselves confronted with unpleasant actions by sleazy people more often. Somehow we'll find a way to deal with them without compromising the freedoms that make free software what it is. (Log in to post comments)
Open licences need a "no passing off" clause Posted Jul 14, 2011 9:08 UTC (Thu) by ayeomans (subscriber, #1848) [Link] This has strong links to the LWN article on Nina Paley's Rantifesto.Most current open source licences don't appear to have any direct way of protecting their name and reputation. Trademark law is used instead as this can be enforced through the offence of "Passing Off". But most projects don't want the extra burdens of applying for a trademark, but would rather work under the automatic benefits of copyright law. So I'm suggesting that open source licences for software and text would benefit from having a "no passing off" clause in the licence grant. As an example, a project I worked on wished to produce a document that encouraged re-use, but did not want any derivative works to pretend to be official. I could not find a suitable standard licence. We ended up with a CC-No Derivative more restrictive licence, then added You are free to copy, distribute, display, and perform the work, subject to appropriate attribution ..., except that in addition you may make derivative works, providing such works do not claim to be endorsed by ...Such a clause would benefit cases such as VLC in that derivative works could not be called "VLC" (without separate permission, of course).
Open licences need a "no passing off" clause Posted Jul 14, 2011 12:39 UTC (Thu) by dbruce (subscriber, #57948) [Link]
I've thought about this in connection with Mozilla's strict policy about the Firefox name, in particular the problem it poses for Debian - if even a small bug or security fix is applied by anyone other than Mozilla, the patched program can no longer be called "Firefox". This of course is not how FOSS software normally operates. When software gets packaged in collections, be it Linux distros, the BSD Ports Collection, MacPorts, or what have you, many packages require patches to be applied to the vanilla upstream sources to fix minor issues. If everyone acted like Firefox and disallowed such patching, the FOSS world would have huge problems.
I think the tricky part is how to allow the above "good" third-party patches, without opening the door to the sort of problems VLC is experiencing. I'm not sure there is a legally rigorous way to do so. Certainly, Mozilla takes the position that all modifications are incompatible with the Firefox trademark.
Open licences need a "no passing off" clause Posted Jul 14, 2011 13:23 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]
"Certainly, Mozilla takes the position that all modifications are incompatible with the Firefox trademark."
Not true. You just have to get patches approved
Open licences need a "no passing off" clause Posted Jul 14, 2011 18:18 UTC (Thu) by clugstj (subscriber, #4020) [Link]
Yes, but, what is the procedure for having them "approved"? Is it working for anyone? I seriously don't know the answers to these questions - not trying to troll.
Open licences need a "no passing off" clause Posted Jul 14, 2011 20:00 UTC (Thu) by kripkenstein (subscriber, #43281) [Link]
I don't think there is a perfect policy that can work for everyone here.
Not having a trademark leads to what VLC is now facing. That isn't an issue for Linux, GNOME, Qt, etc. because they aren't popular consumer products like VLC and Firefox. For those last two though, this is a major danger.
Having a trademark will always lead to friction at some level. It adds some limitations on what people can do with your code. But optimally this can be resolved in most cases (like how Ubuntu can ship branded Firefox).
So there isn't a perfect solution here. But I think that Linux and Qt do not need trademarks, while VLC and Firefox do.
Open licences need a "no passing off" clause Posted Jul 14, 2011 20:28 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]
actually Linux does need a trademark (and there is one, and it is enforced). 10 or so years ago this was actually a issue and soem legal work was done to settle the matter, things have been quiet since (I suppose that it's amazing what the realisation that IBM and their lawyers really care about this sort of thing can do to quiet things down, I think the major problems were settled before IBM got heavily involved with Linux, but once they started making the announcements about their involvement.....)
Open licences need a "no passing off" clause Posted Jul 14, 2011 21:18 UTC (Thu) by kripkenstein (subscriber, #43281) [Link]
I believe Linus owns the Linux trademark? In any case, there is no maintaining of the trademark, as anyone can build off of the Linux code and call it "* Linux". Because there is no enforcing of the trademark, it's doubtful whether it can still be used to do anything.
In practical terms, someone could make something called "TotallySecure Linux", but which actually contains spyware, and I'm not sure Linus (or whoever owns the Linux trademark) could do anything about that.
But this doesn't really matter, because Linux isn't a consumer brand. The people that actually use Linux - like us - know enough to not be confused by a "TotallySecure Linux". But that isn't the same for VLC and Firefox.
Open licences need a "no passing off" clause Posted Jul 14, 2011 21:45 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]
actually, if you investigate it, there is a very permissive use of the Linux trademark, to basically include anything that's based on Linux.
I believe that this did require enforcement at one point (I know that there were attempts by individuals and businesses to trademark 'Linux' as their own, and Linus had to fight it)
someone calling something TotallySecure Linux" as you say would probably not be violating the trademark on Linux (as long as there actually was linux in there).
Open licences need a "no passing off" clause Posted Jul 15, 2011 2:52 UTC (Fri) by jhhaller (subscriber, #56103) [Link]
In order to call something Linux, one needs to request use of the trademark from Linux Mark Institute, the sole authorized agent for sublicensing the trademark. It's a fairly straightforward process. Of course, Linux is a trademark for only a limited field, leading to some interesting things like a penny stock called Linux Gold, a gold exploration company, which cropped up on searches for news about Linux.
Open licences need a "no passing off" clause Posted Jul 15, 2011 3:04 UTC (Fri) by kripkenstein (subscriber, #43281) [Link]
But people create new Linux distros all the time, and use the Linux name, without asking permission in the way that you suggest. At least in the US, not protecting a trademark leads to it being lost.
Open licences need a "no passing off" clause Posted Jul 14, 2011 22:18 UTC (Thu) by roc (subscriber, #30627) [Link]
It's working for distros like Ubuntu and Fedora which distribute patched Firefoxes, yes.
Open licences need a "no passing off" clause Posted Jul 21, 2011 3:36 UTC (Thu) by slashdot (guest, #22014) [Link]
Why can't they just grant a trademark license to all the main Linux distributions? (subject to reasonable conditions about the changes, such as not intentionally malicious and not regressing a testsuite)
You don't need to register a trademark, to have a trademark. Just assert it. Posted Jul 14, 2011 13:52 UTC (Thu) by david.a.wheeler (guest, #72896) [Link] Trademark law, not copyright law, is designed to handle this sort of thing. And at least in the U.S., you do not need to formally register a trademark to have one. The USPTO's Trademark FAQ says: Must I register my trademark? No. You can establish rights in a mark based on use of the mark in commerce, without a registration. However, owning a federal trademark registration on the Principal Register provides several important benefits.
You don't need to register a trademark, to have a trademark. Just assert it. Posted Jul 14, 2011 18:22 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]
you may not have to formally register the trademark, but you do have to enforce it or you loose it.
You don't need to register a trademark, to have a trademark. Just assert it. Posted Jul 15, 2011 0:09 UTC (Fri) by giraffedata (subscriber, #1954) [Link] And I believe protection exists only for marks used in business. Does the VLC project qualify as a business? I think the fundamental question is would the project lose money if people were tricked into downloading something else thinking it were VLC's product?
You don't need to register a trademark, to have a trademark. Just assert it. Posted Jul 19, 2011 4:20 UTC (Tue) by butlerm (subscriber, #13312) [Link]
I imagine that registering the trademark, and threatening to sue anyone who knowingly abuses it would go a long way. It doesn't have to cost a lot of money.
Open licences need a "no passing off" clause Posted Jul 15, 2011 12:23 UTC (Fri) by juliank (subscriber, #45896) [Link]
Such clauses exist to a certain extent in most major free software licenses.
The GPL-2 has it:
The GPL-3 has it:
The Apache license has it, with almost identical wording to GPL2:
The problem is that it only applies to the source code, not the binary, at least for GPL-2. For the Apache-2 license, it also applies to modified Object form (but since you did not modify the Object form, but the Source form, it's not actually active), and for the GPL-3 the statement could apply to binary as well, although I'm not 100% sure on it.
Open licences need a "no passing off" clause Posted Jul 21, 2011 2:19 UTC (Thu) by Hausvib6 (guest, #70606) [Link]
I agree.
One day, we'll hear a news like this "Terrorists use Linux on their computers." For the enlightened, this means nothing as the terrorists can also drink Coke, but there is a large pool of people called unwashed mass that will interpret things differently.
VLC and unwelcome redistributors Posted Jul 14, 2011 9:28 UTC (Thu) by cate (subscriber, #1359) [Link]
I think they are going to the wrong way. I don't think trademark could stop distributing suspicious files. One simple test is to search in Google one windows system file (or driver file). I find that many sites distribute them. Considering that Microsoft licenses (copyright and trademark) are very very strict, I don't think that changing licenses will improve the situation of VLC.
But OTOH VLC seems to lack good communication channels. For this reason the first page of a "VLC" search in google shows many uninteresting links.
VLC should improve communication and links to VLC and relevant sister pages.
[And also LWN should contribute, linking to VLC homepage (and download page) when speaking to VLC and wrong downloads]
Publicity is a strong defense Posted Jul 14, 2011 14:03 UTC (Thu) by ber (subscriber, #2142) [Link]
There will always be better and worse derivates from Free Software products. A strong line of defense is communication - as someone has already pointed out. Trusting sites, recommendations and original initatives will become more important. And it will solve a large part of the problem.
Publicity is a strong defense Posted Jul 14, 2011 14:42 UTC (Thu) by przemoc (subscriber, #67594) [Link]
But sometimes you may come to the application from the field outside of your expertise or even slight familiarity. Then you're not sure which site you can trust more. Obviously it's not only open source problem. A few years ago we had in Poland mks_vir vs ArcaVir "battle" (though it wasn't actually a redistributing thing but more, code acquisition/reuse and legality of it), where each side provided their own story. And similar cases possibly happen in local communities, which aren't bring up to world-wide media.
VLC and unwelcome redistributors Posted Jul 14, 2011 20:07 UTC (Thu) by iabervon (subscriber, #722) [Link]
Surely the license to the VLC code is not actually all that relevant; malware suppliers could just as easily offer something that didn't use any VLC code, since their phony VLC doesn't actually have to work all that well, or really at all (since it can't be uninstalled and can do whatever it wants even if the user doesn't intentionally run it a second time).
VLC and unwelcome redistributors Posted Jul 14, 2011 22:21 UTC (Thu) by roc (subscriber, #30627) [Link]
Perhaps some open source projects could band together behind a single brand, e.g. for the sake of argument "Libre(tm)", so Libre(tm) VLC, Libre(tm) GIMP, Libre(tm) Inkscape, etc. Then resources can be pooled together to defend that one trademark.
VLC and unwelcome redistributors Posted Jul 15, 2011 0:47 UTC (Fri) by jengelh (subscriber, #33263) [Link]
The Artistic License II seems to have solved that issue with this little passage: In addition, the Modified Version must bear a name that is different from the name of the Standard Version. Would that not also make sense for the GPL in light of this (the VLC-related) incident?
VLC and unwelcome redistributors Posted Jul 17, 2011 21:55 UTC (Sun) by ballombe (subscriber, #9523) [Link]
It should be noted that such problem only exist on platform with an habit of downloading binaries from random site.
|
|||||||||||||