By Jonathan Corbet
July 13, 2011
The recent discussion of applying software-style freedoms to other creative
works has focused on, among other things, the possibility of confusion if a
derivative work is made to say something that the original author did not
intend or even actively disagrees with. But that concern is not felt only
by creators working outside of the software realm; freedom can be used (or
abused) to do unpleasant things in the software world too.
VLC is a well-respected media
player known for its multi-platform support and its ability to play almost
anything the user can come up with. If one searches for VLC in Google, the
project's site comes up at the top of the list. But it is likely to be
accompanied by one or more paid ads from sites offering free downloads of
VLC binaries. This might strike one as an interesting situation; the
people behind these sites are willing to pay money for ads so that they can
offer up their bandwidth for free downloads. Either their enthusiasm for
VLC is so extreme that they are willing to put considerable resources into
encouraging its distribution, or something else is going on.
Unsurprisingly, it seems that something else is going on. A recent blog
posting by VLC developer Ludovic Fauvet names a number of these sites
and complains about the business they are in:
What bothers us the most is that many of them are bundling VLC with
various crapware to monetize it in ways that mislead our users by
thinking they're downloading an original version. This is not
acceptable. The result is a poor product that doesn't work as
intended, that can't be uninstalled and that clearly abuses its
users and their privacy. Not to mention that it also discredits our
work as volunteers and that it's time-consuming, time that is not
invested in the development.
In the best case, these distributors commercialize the software for their
own objectives. In progressively worse cases, they break the program, add
antifeatures, or turn it into overt spyware or malware. It is not
surprising that the VLC developers are not pleased by this kind of
activity. One user saying "I downloaded VLC and it infected my system" can
be enough to deter many others from trying the real thing.
VLC is free software, released under the GPL. As long as these
redistributors comply with the requirements of the GPL, they are within
the rights that the VLC project gave to them - even if they may or may not
be violating various laws regarding the distribution of malicious
software. As it happens, readers will no doubt be shocked to learn that
many of these companies fail to take the GPL's source availability
requirements seriously. It's almost as if they actively didn't want others
to see what they were doing to the program. Failure to comply with the GPL
gives the VLC project one tool which can be used to shut some of these
operators down; the project has evidently made use of this power at times.
What happens if a distributor corrupts VLC in some way, but complies
properly with the licensing requirements? The result can easily be unhappy
users and damage to the VLC project's "brand." One could say that the VLC
code base reflects the developers' opinions on how a media player should
work; making user-hostile changes to that code can cause those developers
to be blamed for opinions which they would never have thought to express.
They would like to prevent that from happening, but, it seems, the
inability to restrict modified versions ties their hands.
This problem is exactly why the Mozilla project maintains such firm and
uncompromising control over the use of the "Firefox" trademark. A malware
version of Firefox could do untold damage to its users and, consequently,
to the world's view of Firefox in general; it is not hard to imagine
Firefox developers lying awake at night worrying about this scenario. A
fiercely-defended trademark with a tight policy on acceptable uses gives
Mozilla a means to quickly shut down Fakefoxes which behave in undesirable
ways.
The trademark approach has its own problems; among other things, it makes
it harder for distributors to support Firefox, especially after official
support for a given release ends. Strong trademark policies often seem to
run counter to the spirit of free software and free expression as well; you
cannot, for example, set up a community site at FedoraFans.org (say)
without encountering the Fedora
trademark rules. Despite these worries, the intersection of trademarks
and free software has worked reasonably well most of the time.
The VLC project is evidently working on its trademark policies, but VLC has
a problem common to many development projects: it is not endowed with the
sort of legal budget that Mozilla has. Enforcing trademarks in any
non-trivial way requires lawyers; trademarks which are not enforced tend to
go away. Organizations like the Software Freedom Law Center can help in
the defense of trademarks, but resources for pro-bono work will be
limited. So trademarks, even if handled well, are not a complete solution
to this problem either.
That leaves the bulk of free software projects without much in the way of
defense against those who would misuse their code. But, somehow, as a
community, we have managed to muddle along reasonably well anyway. We have
some advantages in that area: we have well established trusted distribution
channels for software and a natural disinclination to run binaries from
suspicious-looking third-party web sites. We also, for better or worse,
have relatively few big-name programs which are sought out by users of more
frequently targeted operating systems. As free software continues to grow
in popularity, though, we may find ourselves confronted with unpleasant
actions by sleazy people more often. Somehow we'll find a way to deal with
them without compromising the freedoms that make free software what it is.
(
Log in to post comments)