Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Firefox Open Source News

TACO Extension for Firefox Forked After Proprietary Update 139

rtfa-troll writes "Beef Taco is a Firefox extension that allows a mass opt-out from tracking and targeted advertising by many ad networks. The Register reports that the original system, TACO, has become proprietary, and has added new 'features' best described as bloatware. I guess this should serve as a warning for users to always prefer software under a copyleft license where possible. If Google had chosen a license with better protection, such as the GPL, when it released its own opt-out tool, this problem would have been much less likely. This also shows why forks are so important when software development begins to get messy."
This discussion has been archived. No new comments can be posted.

TACO Extension for Firefox Forked After Proprietary Update

Comments Filter:
  • by fotbr ( 855184 ) on Friday June 18, 2010 @04:36PM (#32619472) Journal

    Google released theirs with the Apache 2.0 license. Someone else took that, re-wrote (apparently significant) portions and released it with a different name. THAT PERSON then sold it to a company, who then decided to bundle a bunch of for-pay stuff with it. People didn't like it, and forked the previous version.

    Exactly HOW would the GPL have been better? There's still a fork of the last "good" version, which you can use if you like.

    • The GPL would forbid the proprietary version.

      • The add-on being proprietary or not is pretty much irrelevant. People are complaining about the "bloat" and very different user interface, contrary to what the summary suggests.
      • by dfghjk ( 711126 )

        Leading to less choice.

    • I agree. The only thing lost is the name, not sure how important is that, sometimes it might be important....

    • Re: (Score:1, Funny)

      by Anonymous Coward

      If it was GPL'd, then they would have had to release their changes. That means we'd all have the bloatware version of TACO and no irrefutable reason to fork it.

    • by Hatta ( 162192 ) on Friday June 18, 2010 @04:49PM (#32619656) Journal

      Someone else took that, re-wrote (apparently significant) portions and released it with a different name. THAT PERSON then sold it to a company, who then decided to bundle a bunch of for-pay stuff with it.

      Had this been GPL, the person who rewrote significant portions of the software would have to have released his derivative works as GPL. He could have sold his portion of the software under any license, but the work as a whole would have to be GPL. The company that bought the rights to the software would have to remove any GPL portion, or release the entire thing (including proprietary addons) under GPL.

      • by Kjella ( 173770 ) on Friday June 18, 2010 @05:19PM (#32620000) Homepage

        But you're also making the assumption that if the code was under the GPL would he have bothered to rewrite it since the sales value would have been near zero. There's no guarantee there'd be more open code using the GPL, there'd possibly be one less proprietary competitor but the Google explicitly released it under a license that permits it and I doubt they're so incompetent they didn't know it. If Google don't like it then it's their own mistake and they'll choose a better license next time. If they don't care, then this is just someone in the open source community being butthurt over code they didn't get the same way the MAFIAA is over a sale they didn't make.

        • by Kjella ( 173770 )

          Note to self: Don't try to rewrite sentences without reading them again, the post by Yoda written look.

        • Re: (Score:2, Informative)

          by Changa_MC ( 827317 )

          There's no guarantee there'd be more open code using the GPL, there'd possibly be one less proprietary competitor...

          For some people, that's a good thing(TM).

          But really, this whole argument is irrelevant. We have Beef TACO, the hypothetical open-source version that might never have existed. No need to worry about proprietary bloatware.

          • by fotbr ( 855184 )

            That's pretty much my point. Why would someone say that Google using the GPL would have avoided the issue? It was an open project that got forked when one party did something others didn't like. With or without the GPL, there'd be a fork if someone added that much extra stuff to what was a very lightweight and fast addon, and there was, no GPL needed.

      • by foxtyke ( 766988 )

        If the original author re-wrote substantial portions which allowed change of license from the Apache license and then licensed it under the GPL, the sold their rights and copyright to a new buyer, the new buyer has full rights to take future versions closed source provided no other open source code was utilized or a compatible license (BSD) was covering the source code included within the whole of the source.

      • by DrXym ( 126579 )
        Had this been GPL, the person who rewrote significant portions of the software would have to have released his derivative works as GPL. He could have sold his portion of the software under any license, but the work as a whole would have to be GPL. The company that bought the rights to the software would have to remove any GPL portion, or release the entire thing (including proprietary addons) under GPL.

        Not at all. The Firefox extension could have been under GPL in its entireity, including the part that ru

      • by dfghjk ( 711126 )

        Or he may have rewritten a little more to remove the GPL entirely or he might have not done the project at all. The GPL doesn't promise that future projects will exist. That seems to be hard for for GPL fanboys to understand.

        Oddly enough, the author used existing open source to contribute to a new project in compliance with and in the spirit of the license for that source, yet people complain because THEY can't have the new source despite having contributed to none of it. The GPL wouldn't have promised t

    • Re: (Score:3, Informative)

      by unix1 ( 1667411 )

      Exactly HOW would the GPL have been better? There's still a fork of the last "good" version, which you can use if you like.

      The company would have to release the source code (because it would have been a derivative of a GPL software), so their users would know exactly what was added. Then, they could make an educated decision whether to upgrade and continue using the product, or find an alternative/fork. Some would qualify this as "better."

      • Re: (Score:3, Funny)

        by wampus ( 1932 )

        That has to be the stupidest goddamned thing I have ever read. You audit every piece of software you use? How do you find time to pick bugs out of your neckbeard?

    • Re: (Score:1, Flamebait)

      by Sir_Lewk ( 967686 )

      You're on slashdot and you really need this explained to you? Do you even know what copyleft means, or should we start from the top?

    • GPL software also forks all the time. It's not a big deal. The only argument on the GPL side seems the old dubious "proprietary is evil" one.

      The original software did not become proprietary anyway. If it did it would be impossible to fork it legally. Instead, someone added some proprietary chunks to open source software; the original software did not become proprietary and no one lost any rights anywhere regarding this software.
      • by fotbr ( 855184 )

        OK, that's pretty much my understanding as well. GPL or not, there most likely would have been a fork anyway at this point when it got so much un-wanted stuff added to it, so Google using GPL instead of the Apache 2.0 license wouldn't have avoided anything.

    • by wrook ( 134116 ) on Friday June 18, 2010 @07:00PM (#32620952) Homepage

      Exactly HOW would the GPL have been better? There's still a fork of the last "good" version, which you can use if you like.

      There is always a balance when choosing a license. The main advantage (IMHO) with choosing the GPL over something like the Apache
      license is that you don't have to compete against proprietary versions that are based on the code you wrote. As an author this is a
      significant consideration for me. If I am the primary author, it would suck to have features from my free version used with impunity
      when I am unable to use features from the proprietary version. It gives the proprietary version an unfair advantage (unfair in that as
      the primary author I can't enjoy the same privileges).

      However, there are lots of reasons to choose non-copyleft licenses for work. Sometimes the benefit you receive from extended
      exposure outweighs the disadvantage of unfair competition. Given that Google was the primary author and *they* aren't complaining,
      I have to agree with you that there doesn't seem to be a problem. If they got what they want, then it is all good. However, I can
      understand if the authors of the forked version want to use the GPL to avoid having to unfairly compete against the proprietary
      version.

  • Dupe story is dupe (Score:2, Informative)

    by surveyork ( 1505897 )
    This story is a dupe of: http://slashdot.org/firehose.pl?op=view&id=13491118 [slashdot.org] I know it. I submitted it.
    • by Saeed al-Sahaf ( 665390 ) on Friday June 18, 2010 @04:44PM (#32619580) Homepage
      It's not a dupe, it's a FORK! Quit your complaining...
    • It isn't a dupe till yours gets accepted on the front page. In fact yours would be the dupe then. Mine is a better statement of the story. Anyway

      • You failed to use the word "Fork" in the title; no pulling FOSS junkies standard strings
      • Your links were all badly formatted, showing the URL rather than a reasonable text
      • The link to the new forked software was too far down.
      • Your first sentence qualifies for a tl;dr
      • Loser.

      And following on from that bout of maturity; naaahah naaaah neee naaa naa.

      Seriously

  • by Anonymous Coward on Friday June 18, 2010 @04:54PM (#32619706)

    The TACO guys did it wrong. First, they changed what the add-on fundamentally did. Second, they slapped their company name all over the thing. Third, they displayed a pop-up after the update. Fourth, they loaded a web page after the update. Fifth, that web page was loaded with lots of "selling" language but no substance.

    They triggered every single warning about malware I have in my brain. I didn't even bother to look into what it was they were trying to sell. I uninstalled the add-on immediately.

    I'd say this is example #1 in the upcoming book, How Not To Commercialize A Firefox Add-on.

  • It can feel frustrating when something you are using goes from free to commercial. You often get the "sold out" feeling.

    But there's also a different perspective:

    If someone makes something, and loves working on it, why wouldn't he want to try to be able to work in it full-time? But to do so, he needs income. He needs to survive. I suppose he could ask for donations, but that might not be a viable option.

    It can be frustrating for the rest of us, but personally, I understand it if someone would want to w

    • Re: (Score:3, Insightful)

      by rtfa-troll ( 1340807 )

      It can feel frustrating when something you are using goes from free to commercial. You often get the "sold out" feeling.

      I love when something free goes commercial. Red Hat is one of my favourite companies. What annoys me is when something "Free" goes proprietary. These are are two very different things. For such a license change Mozilla should be insisting on a change of name so that people who don't want the change still have their computer free of that stuff.

  • This is good news (Score:5, Interesting)

    by gooman ( 709147 ) on Friday June 18, 2010 @04:57PM (#32619738) Journal

    Just last week I got a notice to "upgrade" TACO to 3.0 and foolishly did so. A tiny little 8KB add-on became a 3MB disaster. Now it has new features which clash with other add ons or were redundant for me. Music streaming was broken for some sites and best of all, the old version, while available (and compatible), will no longer install on Firefox 3.6.

    After uninstalling it, I downloaded the source for 2.0 and was planning attempt a fix, but now I don't have to. Obviously someone else was just as irritated, to that individual I say, "Thank you."

  • by BoppreH ( 1520463 ) on Friday June 18, 2010 @05:04PM (#32619832)
    I thought it was forked only because of the bloatware, not the license as the headline suggests ("meaningful headline in slashdot", etc etc).

    Actually, the fork's author only mention about the license in his blog post [velvetcache.org] was:

    This classic version didn’t have much to it, and what’s more it was licensed under the Apache 2.0 License. Fork’s Away!

    If I read that correctly, he seemed happy about the license only because it allowed him to fork it.

  • by Sonny_Jimbod ( 836857 ) on Friday June 18, 2010 @05:15PM (#32619954)
    This way, they can sell the data on and still stick to their 'privacy policy': "Our Abine browser add-on uses hashes of unique identifiers that are not tied to you or your IP address, to help you track versions and updates for the add-on, and a different set of randomly generated identifiers to validate service requests such as creating or updating disposable email addresses. If you chose to provide more data in order to take advantage of additional services, such as webmail, add-on identifiers are never used in a way that ties it to your name or personal information to the best of our ability." Also, Eric Jung is on their 'Advisory board': http://abine.com/team.php [abine.com] If you don't know who he is, he is a board member of Mozilla Add-Ons governing board. This 'update' has made a mockery of the update mechanism in Firefox and severely undermines it in my view. Here's a link to the support board over at Abine, where I have been voicing my disapproval and I recommend you do the same: https://www.getabine.com/phpBB3/viewtopic.php?f=4&t=7&start=10#p37 [getabine.com]
    • Re: (Score:2, Interesting)

      It gets worse, check this page out: http://forums.passwordmaker.org/index.php/topic,1654.0.html [passwordmaker.org] Surely it's a massive conflict of interest for Eric Jung to be a board member of the Mozilla Add-ons governing board and to be actively working on an Add-on, especially one like this?
    • by jorgevillalobos ( 1044924 ) on Friday June 18, 2010 @05:33PM (#32620140) Homepage

      Also, Eric Jung is on their 'Advisory board': http://abine.com/team.php [abine.com] If you don't know who he is, he is a board member of Mozilla Add-Ons governing board.

      Wrong. Eric Jung is on the board of Mozdev [mozdev.org], and independent organization dedicated to hosting Mozilla-related projects (like a specialized Sourceforge). He is not part of the Mozilla Add-ons team.

      I'm in charge of the add-on review process at Mozilla, and I personally reviewed and approved the TACO update due to its complexity. I have no relationship with Abine whatsoever.

      • Re: (Score:3, Insightful)

        Then why does it say that on the Abine site. I'm sorry, but you should be ashamed to let this past you. It went from 8K to 3MB, that is not a simple update and I fear this is breeding a lot of mistrust in the Firefox update mechanism. How are you going to regain users trust after this?
        • by jorgevillalobos ( 1044924 ) on Friday June 18, 2010 @05:48PM (#32620298) Homepage

          The page was wrong, and it looks like they updated it already.

          The update was approved because it passes all our quality checks. It is not up to us to determine what features a developer can include or not, and it is not a new thing for an add-on to change hands like this. It is up to the developers (new or otherwise) to give their users what they want. If they screw up, they will lose their users. Our job is to make sure the add-on is safe to use and it does what it claims it does. The new TACO has a ton of new features, most disabled by default, but its core functionality remains.

          Most users are complaining about the package size and the new user interface, which are things that won't get the add-on rejected unless they make it unusable, and that it not the case for TACO. I see nothing to be ashamed about.

          • The problem was, this wasn't an update, it was a total rewrite. Therefore I feel you were wrong to let this be allowed to downloaded via updating TACO 2.0. This should have been treated as an entirely seperate Add-on and it was very deceptive for it to be included in the TACO 2.0 update. Maybe it's time to have rules that state if the Add-ons original function, codebase or license changes radically then it shouldn't be allowed to update via the Firefox update mechanism?
            • by jorgevillalobos ( 1044924 ) on Friday June 18, 2010 @06:14PM (#32620522) Homepage

              We have an unexpected features policy, also called No Surprises [mozilla.org]. We wouldn't have allowed the update if it enabled unexpected features for users, or if it had really changed its core functionality. But it didn't. It added several features, but they are also privacy and security tools, and they're turned off by default.

              I don't agree that we should warn about codebase changes, since that's the developer's prerogative, but I do agree that we should communicate privacy policy or EULA changes. That's something that we can't do through Firefox at the moment, but we definitely want to include in the future.

              • I would really like to see the ability for me to see if an Add-on changes it's EULA during an update. Thanks for taking the time to respond to my questions.
              • by Luckyo ( 1726890 ) on Friday June 18, 2010 @07:13PM (#32621076)

                We have an unexpected features policy, also called No Surprises [mozilla.org]. We wouldn't have allowed the update if it enabled unexpected features for users, or if it had really changed its core functionality. But it didn't. It added several features, but they are also privacy and security tools, and they're turned off by default.

                So, in your opinion, a change that makes an add-on with no interface that just works out of the box with no interface elements at all into an add-on that adds multiple interface elements, pop-ups on pretty much every page (as almost every nominally popular site nowadays uses cookies in one form or another), and begins by flashing an introduction menu that contains among other things advertisement for "premium service"...

                Is not a change that changes core functionality?

                I mean really. One can split hairs and claim that it's "an add-on that generally protects your privacy by opting out of...", but in my, and apparently pretty much everyone's opinion, the sudden appearance of "features" like interface, pop-ups etc is a very, very serious change to core functionality. Which was from end-users point of view to STFU and just opt us out.
                The worst part is, this approval essentially dropped my trust towards Mozilla's auto-update function and add-on review process from full one hundred to zero. Because trust is hard earned (and mind you, you earned it with your hard work so far), and lost over one major failure. And allowing a hijack like this to be piggy backed as an "update" is a pretty damn major breach of trust. Whether you like it or not, this raises a question if the next update that you will decide that change is "minor" will get our UI painted full of targeted ads, which apparently will pass your check just as well so long as ads are relevant to core functionality of an add-on?

                For the next time: if an add-on that previously required no user action other then installation and didn't do anything to tell user about itself starts using flashy pop-ups to advertise itself, adds elements to UI and gets a flashy configuration window with advertisements for its host company, it's a change of core functionality for end user. Even if developer in you feels it's a "small upgrade", for end user it will be a major change and in this case, a game breaking one.

                • by jorgevillalobos ( 1044924 ) on Friday June 18, 2010 @07:33PM (#32621200) Homepage

                  What I've been trying to communicate here is that it is not our job to judge if an add-on is pretty or ugly, lightweight or bloated, subtle or in-your-face. Our job is to attest for its security, privacy protection, usefulness and ease of use. We reject add-ons that are impossible to figure out, have overly intrusive UI, or are annoying to users. The previous TACO did have some UI, little as it was, and the new one can be configured to be like that.

                  I know the new TACO is annoying to many, but I'm sure many others think otherwise. It's obvious that many TACO users like the minimalist interface it used to have, and are angered by the change, but that's something that the users need to judge, not us. There's already an alternative available if you want to switch.

                  And yes, when we say "core functionality", in this case it would mean warning about cookies and other trackers, and providing the means to block them.

                  FWIW, the people at Abine are well aware of the reception of this upgrade, and are already working on improving it.

                  • Re: (Score:1, Interesting)

                    by Anonymous Coward

                    You are beginning to sound like an Astroturfer, tbh. Is there any chance someone other than yourself could carry out a code review?

                    • Re: (Score:3, Insightful)

                      Feel free to review it yourself if you like. Here's all the necessary information:

                      Our policies [mozilla.org]

                      Editor Guide [mozilla.org]

                      Code validator [mozilla.org]

                      You can also send a message to our mailing list (see wiki link) and ask another editor to corroborate.

                    • You are beginning to sound like an Astroturfer

                      c'mon. Astroturfers by definition do not identify themselves. He's clear about who he is, why he's involved etc.

                    • But it's not open source?
                    • Extensions by their nature have most of their source code in the open. You can easily read it, but not copy it of course. There's a part of this extension that is compiled code and you won't be able to read, though. Senior reviewers do get access to the compiled component source code in order to review.
                    • Commercial add-ons commonly hide their code to avoid "the competition" to just grab it and use it.
                  • by Luckyo ( 1726890 ) on Friday June 18, 2010 @11:39PM (#32622550)

                    What I've been trying to communicate here is that it is not our job to judge if an add-on is pretty or ugly, lightweight or bloated, subtle or in-your-face.

                    Except that it is. The very name of the policy, "No Suprises" clearly shows intent to prevent massive change from subtle to in-your-face, as you put it.

                    The problem that we have reading your replies is that you chose to go with utterly classic response that corrupt officials and companies go with when they get caught. They proceed to find a small ambiguous technicality in the letter of the policy, while murdering the entire spirit of the said policy in progress, smiling in and proclaiming their complete innocence and blaming the policy. The entire wording of the name of the policy clearly suggests that you are there to weed out "subtle to in-your-face" changes. Yet because of technicality in the policy that you as a mod can use every time you want, it actually means absolutely nothing. Nothing in it actually stops you as a moderator from, for example, paying back a "monetary favor" by allowing a company that purchased a known add-on from making it a targeted advertisement add-on, full with annoying pop-ups, as long as it mainly does what it did before. Even if doing it is a small fraction of the new version and bulk is focused around selling unwanted crap, and in fact flies in the face of everything the previous versions of add-on stood for.

                    I'm sorry, but this stinks. In a major way. It essentially means that the moment someone finds a morally weak spot in the mod chain, millions of end users can be literally fucked over with no recourse whatsoever.
                    And it's the lack of recourse that's most bothersome. There isn't even a way to properly complain about a clear breach of trust issue, because it still adheres to letter of the policy, even if spirit of it is murdered in the process, at least according to you.

                    I think AC below put it best:

                    The Changing of Defaults and Unexpected Features [mozilla.org] add-ons policy appears to address what an add-on does when it's first installed. It doesn't adequately address notifications of changes pushed in updates to add-on functionality.

                    Essentially there's a nice and functional loophole in the policy that allows anyone with sufficient interest in the issue to circumvent the policy entirely by publishing new add-on as a continuation of a popular existing one and making sure that mod happens to be someone he knows well enough and owes a favor, or is sufficiently naive to imagine that this isn't a "surprising change". This in spite of add-on update policy naming scheme that clearly shows that it was its intent to do the same as policy on what review happens when add-on is first installed.

                    Once again, the stench can be felt even across the internet.

                    • I know it's very hard for some people to understand that not all commercial companies are out there to get them, with evil plots to steal their identity and money. You must think that Abine is this all-powerful corporation that bribes all editors and is scheming to take all innocent, OSS-loving TACO users and screw them over. Well, I'm sorry to disappoint you. If you think this update is harmful to the general public (and I would disagree), then that's a problem with our policies, and ultimately my problem.

                    • I was replying to somebody who was questioning my work ethics. I'm sorry if the response was harsh. I also agree that Abine could've handled things much better, but that doesn't mean that they broke our rules. Whether we should change our rules about this is a matter of debate, and we'll surely be talking about it these days.
                  • Thanks for that; now I understand your policy clearly; that you insisted on the features being switched off and that you would have liked to warn about the license, I'm much happier about the Mozilla update process than I was. Is there any bug related to the lack of license change notification that we can vote for??
                  • "We reject add-ons that are impossible to figure out, have overly intrusive UI, or are annoying to users."

                    Strangely, you have summarized most succinctly my exact impressions of the new TACO. Yet still it remains.

                • Re: (Score:1, Insightful)

                  by Anonymous Coward

                  +1

                  All the comments moaning about licenses miss this point:

                  Any Firefox extension you have could be bought out and converted into something you don't like. And Mozilla (at least in the person of the reviewer who approved the changes to TACO [slashdot.org]) offers only limited protection [slashdot.org] from this.

                  The Changing of Defaults and Unexpected Features [mozilla.org] add-ons policy appears to address what an add-on does when it's first installed. It doesn't adequately address notifications of changes pushed in updates to add-on functionality.

                  • My problem with this, and the reason why I'm willing to accept the policy as it stands is that I'm constantly surprised by the new features in NoScript [noscript.net]. However this is in a good way. I find it solving problems I had never even realised I had and that, once I know about them I realise I wanted them solved. Adding features is a good thing. It's very difficult to write a policy which says which features should be allowed and which not. The easiest way is to make sure that those that might have a privacy
              • It added several features...and they're turned off by default.

                What about the icons in the bottom right and top right of the display? What about that silly and obtrusive notification window that pops up? I'd say those are new features that were enabled.

                And according to the Register article linked, it slowed down the browser.

          • by DeanFox ( 729620 ) *

            jorgevillalobos (1044924): I'm in charge of the add-on review process at Mozilla, and I personally reviewed and approved the TACO update due to its complexity. ...I see nothing to be ashamed about.

            That's a problem. And thanks for warning us that you're in-charge. This TACO "upgrade" in your face commercialization was a HUGE surprise. If you don't understand what "No Surprises" means... That's a problem. Now unfortunately, because someone like you is in-charge, automatic upgrades are off. 100% will now have to be reviewed before acceptance. You and your supposed function have now become untrusted and thus irrelevant. Although, if you're incapable of understanding "No Surprises" I doubt you compre

  • by mrmeval ( 662166 ) <jcmeval.yahoo@com> on Friday June 18, 2010 @05:52PM (#32620338) Journal

    And perpetually ban that developer/team/company from every having access again.

  • by Sonny_Jimbod ( 836857 ) on Friday June 18, 2010 @08:04PM (#32621410)
    http://www.getabine.com/team.php [getabine.com] Jules Polonetsky - Co chair of Future of Privacy Forum, which coincidently enough was funded by AT&T. No conflict of interest there. Chief Privacy Officer at DoubleClick, you know, the people who sell lots and lots of adverts on the internet? Seems strange that he would be interested in something that was designed to stop that? Jim Jorgensen - CEO of AllAdvantage, you probably won't remember the name but you probably remember them as the company that tried to pioneer 'Paid to Surf' by bombarding users with adverts. Again, why would he be interested in something designed to thwart that? Why are these people interested in a company that seems to have no others means of making money apart from charging $50 to take down a youtube video? http://www.getabine.com/deleteme/request.php?item=youtube [getabine.com] This company stinks, I'll continue digging because I'm sure there's more
    • Except it doesn't! And I find it hysterical that ... Slashdot uses doubleclick!

      Here is a list of their opt-outs. To me it's like a grab so that they smash 100 competitors in one shot.

      Oh look. The lameness filter can't tell between an informative list and an awful string of letters!

      So I'll do it the non-TealDeer way. Go ahead & install it. Then not only look at the list without doubleclick in it, but put Ghostery on and then open Slashdot. "Nary a privacy problem to be had!!"

  • Damn. From the title of this story, I thought there was a Firefox extension for the ACM's Transaction on Architecture and Code Optimization.

Your password is pitifully obvious.

Working...