TACO Extension for Firefox Forked After Proprietary Update 139
rtfa-troll writes "Beef Taco is a Firefox extension that allows a mass opt-out from tracking and targeted advertising by many ad networks. The Register reports that the original system, TACO, has become proprietary, and has added new 'features' best described as bloatware. I guess this should serve as a warning for users to always prefer software under a copyleft license where possible. If Google had chosen a license with better protection, such as the GPL, when it released its own opt-out tool, this problem would have been much less likely. This also shows why forks are so important when software development begins to get messy."
GPL better exactly how? (Score:5, Insightful)
Google released theirs with the Apache 2.0 license. Someone else took that, re-wrote (apparently significant) portions and released it with a different name. THAT PERSON then sold it to a company, who then decided to bundle a bunch of for-pay stuff with it. People didn't like it, and forked the previous version.
Exactly HOW would the GPL have been better? There's still a fork of the last "good" version, which you can use if you like.
I removed it right away (Score:5, Insightful)
The TACO guys did it wrong. First, they changed what the add-on fundamentally did. Second, they slapped their company name all over the thing. Third, they displayed a pop-up after the update. Fourth, they loaded a web page after the update. Fifth, that web page was loaded with lots of "selling" language but no substance.
They triggered every single warning about malware I have in my brain. I didn't even bother to look into what it was they were trying to sell. I uninstalled the add-on immediately.
I'd say this is example #1 in the upcoming book, How Not To Commercialize A Firefox Add-on.
Re:I removed it right away (Score:1, Insightful)
Was similarly surprised with how TACO changed.
Re:GPL better exactly how? (Score:2, Insightful)
As said by others, this would force the proprietary version to be released under the GPL.
Now, about how much better that is, it would allow you get the newest version and strip off any bloatware. Instead of just forking, you could maintain kind of a parallel fork, stripping each new release, or incorporate useful enhancements in Beef TACO.
Re:GPL better exactly how? (Score:4, Insightful)
Yeah, I know that. Let me rephrase: why is it so important to force the proprietary version to be released? It makes no difference. The original code is still sitting there.
Re:GPL better exactly how? (Score:5, Insightful)
But you're also making the assumption that if the code was under the GPL would he have bothered to rewrite it since the sales value would have been near zero. There's no guarantee there'd be more open code using the GPL, there'd possibly be one less proprietary competitor but the Google explicitly released it under a license that permits it and I doubt they're so incompetent they didn't know it. If Google don't like it then it's their own mistake and they'll choose a better license next time. If they don't care, then this is just someone in the open source community being butthurt over code they didn't get the same way the MAFIAA is over a sale they didn't make.
Re:GPL better exactly how? (Score:4, Insightful)
More realistically, it would force people to rewrite the GPL'd parts when making it proprietary. You'd still be in the exact same situation.
Re:They are 'anonymising' the data then selling it (Score:3, Insightful)
Re:GPL better exactly how? (Score:5, Insightful)
Except the people who wrote the original work didn't feel that way, so why is it even an issue?
Re:I removed it right away (Score:4, Insightful)
"How not to commercialize an anti-commercial firefox addon"
Re:Mozilla should pull them (Score:5, Insightful)
And perpetually ban that developer/team/company from every having access again.
Or change their rules for updates, because according to the "official" Mozilla response, TACO 3.0 passed all the requirements. Mozilla doesn't seem to have a problem with it.
Re:GPL better exactly how? (Score:4, Insightful)
Exactly HOW would the GPL have been better? There's still a fork of the last "good" version, which you can use if you like.
There is always a balance when choosing a license. The main advantage (IMHO) with choosing the GPL over something like the Apache
license is that you don't have to compete against proprietary versions that are based on the code you wrote. As an author this is a
significant consideration for me. If I am the primary author, it would suck to have features from my free version used with impunity
when I am unable to use features from the proprietary version. It gives the proprietary version an unfair advantage (unfair in that as
the primary author I can't enjoy the same privileges).
However, there are lots of reasons to choose non-copyleft licenses for work. Sometimes the benefit you receive from extended
exposure outweighs the disadvantage of unfair competition. Given that Google was the primary author and *they* aren't complaining,
I have to agree with you that there doesn't seem to be a problem. If they got what they want, then it is all good. However, I can
understand if the authors of the forked version want to use the GPL to avoid having to unfairly compete against the proprietary
version.
Re:They are 'anonymising' the data then selling it (Score:5, Insightful)
We have an unexpected features policy, also called No Surprises [mozilla.org]. We wouldn't have allowed the update if it enabled unexpected features for users, or if it had really changed its core functionality. But it didn't. It added several features, but they are also privacy and security tools, and they're turned off by default.
So, in your opinion, a change that makes an add-on with no interface that just works out of the box with no interface elements at all into an add-on that adds multiple interface elements, pop-ups on pretty much every page (as almost every nominally popular site nowadays uses cookies in one form or another), and begins by flashing an introduction menu that contains among other things advertisement for "premium service"...
Is not a change that changes core functionality?
I mean really. One can split hairs and claim that it's "an add-on that generally protects your privacy by opting out of...", but in my, and apparently pretty much everyone's opinion, the sudden appearance of "features" like interface, pop-ups etc is a very, very serious change to core functionality. Which was from end-users point of view to STFU and just opt us out.
The worst part is, this approval essentially dropped my trust towards Mozilla's auto-update function and add-on review process from full one hundred to zero. Because trust is hard earned (and mind you, you earned it with your hard work so far), and lost over one major failure. And allowing a hijack like this to be piggy backed as an "update" is a pretty damn major breach of trust. Whether you like it or not, this raises a question if the next update that you will decide that change is "minor" will get our UI painted full of targeted ads, which apparently will pass your check just as well so long as ads are relevant to core functionality of an add-on?
For the next time: if an add-on that previously required no user action other then installation and didn't do anything to tell user about itself starts using flashy pop-ups to advertise itself, adds elements to UI and gets a flashy configuration window with advertisements for its host company, it's a change of core functionality for end user. Even if developer in you feels it's a "small upgrade", for end user it will be a major change and in this case, a game breaking one.
Re:They are 'anonymising' the data then selling it (Score:1, Insightful)
+1
All the comments moaning about licenses miss this point:
Any Firefox extension you have could be bought out and converted into something you don't like. And Mozilla (at least in the person of the reviewer who approved the changes to TACO [slashdot.org]) offers only limited protection [slashdot.org] from this.
The Changing of Defaults and Unexpected Features [mozilla.org] add-ons policy appears to address what an add-on does when it's first installed. It doesn't adequately address notifications of changes pushed in updates to add-on functionality.
Re:They are 'anonymising' the data then selling it (Score:3, Insightful)
Feel free to review it yourself if you like. Here's all the necessary information:
Our policies [mozilla.org]
Editor Guide [mozilla.org]
Code validator [mozilla.org]
You can also send a message to our mailing list (see wiki link) and ask another editor to corroborate.
Re:They are 'anonymising' the data then selling it (Score:5, Insightful)
What I've been trying to communicate here is that it is not our job to judge if an add-on is pretty or ugly, lightweight or bloated, subtle or in-your-face.
Except that it is. The very name of the policy, "No Suprises" clearly shows intent to prevent massive change from subtle to in-your-face, as you put it.
The problem that we have reading your replies is that you chose to go with utterly classic response that corrupt officials and companies go with when they get caught. They proceed to find a small ambiguous technicality in the letter of the policy, while murdering the entire spirit of the said policy in progress, smiling in and proclaiming their complete innocence and blaming the policy. The entire wording of the name of the policy clearly suggests that you are there to weed out "subtle to in-your-face" changes. Yet because of technicality in the policy that you as a mod can use every time you want, it actually means absolutely nothing. Nothing in it actually stops you as a moderator from, for example, paying back a "monetary favor" by allowing a company that purchased a known add-on from making it a targeted advertisement add-on, full with annoying pop-ups, as long as it mainly does what it did before. Even if doing it is a small fraction of the new version and bulk is focused around selling unwanted crap, and in fact flies in the face of everything the previous versions of add-on stood for.
I'm sorry, but this stinks. In a major way. It essentially means that the moment someone finds a morally weak spot in the mod chain, millions of end users can be literally fucked over with no recourse whatsoever.
And it's the lack of recourse that's most bothersome. There isn't even a way to properly complain about a clear breach of trust issue, because it still adheres to letter of the policy, even if spirit of it is murdered in the process, at least according to you.
I think AC below put it best:
The Changing of Defaults and Unexpected Features [mozilla.org] add-ons policy appears to address what an add-on does when it's first installed. It doesn't adequately address notifications of changes pushed in updates to add-on functionality.
Essentially there's a nice and functional loophole in the policy that allows anyone with sufficient interest in the issue to circumvent the policy entirely by publishing new add-on as a continuation of a popular existing one and making sure that mod happens to be someone he knows well enough and owes a favor, or is sufficiently naive to imagine that this isn't a "surprising change". This in spite of add-on update policy naming scheme that clearly shows that it was its intent to do the same as policy on what review happens when add-on is first installed.
Once again, the stench can be felt even across the internet.
Re:Going commercial: not just for money-grabbers (Score:3, Insightful)
It can feel frustrating when something you are using goes from free to commercial. You often get the "sold out" feeling.
I love when something free goes commercial. Red Hat is one of my favourite companies. What annoys me is when something "Free" goes proprietary. These are are two very different things. For such a license change Mozilla should be insisting on a change of name so that people who don't want the change still have their computer free of that stuff.
Re:GPL better exactly how? (Score:2, Insightful)
What a load of crap.