Ubuntu
firefox-3.0 package

Bug #269656
Comment #515

Comment 515 for bug 269656

Revision history for this message

Mark Shuttleworth (sabdfl) wrote on 2008-09-23: Re: [Bug 269656] Re: AN IRRELEVANT LICENSE IS PRESENTED TO YOU FREE-OF-CHARGE ON STARTUP

#515

pj wrote:
> Since Mark is asking for input on the service, I will tell you that the first thing I do is
> turn off antiphishing services, along with every other thing that tends to track my
> surfing. I turn off Javascript and cookies too, for example, so I'm definitely not the
> average person in my habits. I turn stuff on as needed, clean up, and turn it off
> again.
>
In the community of folks who are very aware of the sort of abuse that
goes on, being conservative about JS and cookies isn't unusual. Those
are definite attack vectors on one's online identity and privacy.

Out of curiosity, would you prefer that cookies and javascript be
disabled in the default case for Ubuntu, too? If the argument is that
anti-phishing might be used to track your surfing, like cookies and JS,
and therefor it should be turned off, would it not also be consistent to
want JS and cookies disabled by default? We certainly take the view that
we (Ubuntu) are entrusted with our users security, so this would be
worth exploring. My gut feel would be though that most people would say
"I'll turn that off for myself where I'm concerned, but I understand
that the default should for JS to be switched on".

A second question would be: how would one know when to turn on the
anti-phishing service? With JS and cookies it's relatively
straightforward. One surfs along without them, and then something
doesn't work, and you decide "I think this site looks trustworthy, and I
really want to complete this thing I started, I'll enable JS and
cookies". But, how would you decide to enable the anti-phishing service?
And isn't the anti-phishing service very useful in helping to decide
whether or not to enable JS and cookies? I certainly wouldn't want
cookies on at a site that was red-flagged in the anti-phishing service.

> So I don't think one can assume that there are no people who will find the antiphishing
> service objectionable.
>
Fair enough :-). I think this is what makes our discussion interesting -
we have to be aware of the extremes of abuse or attack, and we also have
to be aware of what "most people want". And in the case of Ubuntu, it's
not even that, it's what "most people like us want", where "people like
us" means people alive to these issues and interested in finding
pragmatic and usable expression for that awareness.

> I personally would prefer that it be turned off by default and allow folks to turn it on
> if they want it. There seems no reason to treat people like children, needing our
> protection whether they want it or not. How much pain would that cause Mozilla,
> compared to the pain caused to those of us who really care about Main being
> clean?
>
I don't think that people "turning off" the anti-phishing service causes
Mozilla pain. I don't have any reason to think that's anything other
than an expense for Google or Mozilla. I think though, that the general
feeling is that having it there and on makes for a better, safer
browsing experience, and the idea is that "Firefox stands for the best
browsing experience and is also, amazingly, all free software". So, I
imagine that to the Mozilla folks (and I'm *not* conveying anything
that's been said to me by them, just trying to put myself in their
shoes) they would want to make sure that anyone who ships something
called "Mozilla Firefox" delivers a consistent, predictable experience
in this regard.

Say you installed FF on your Mom's computer, she gets some nasty
phishing mail, clicks on the link, FF says "this is a scam", and she
falls in love with Mozilla on the spot and tells all her friends "That
Firefox is the right way to web". Then one of her friends installs
Ubuntu (OK, a stretch, or the sort of granny *I* want to have) and is
delighted to see Firefox there. But when her friend gets the same scam
email, she gets phished, because we turned this off by default. I can
see how that would be bad for Mozilla and for Firefox (and frankly for
Ubuntu too).

This is not treating people like children, it's taking a view on the
most appropriate configuration for folks when they start out. I can see
how reasonable people might take different views, but I don't think it's
unreasonable for us to take the view that this is the right default
configuration.

> The software is modifiable, but after you say I agree, then is it? Under the same
> license? I was sick last week, so I haven't had a chance to seriously review the
> language on the services part, so this is just to make clear that while I definitely
> see the major issue, the EULA, resolved, I haven't said the same about the
> services agreement to date.
>
I would be very interested in the results of your analysis, and there
are also other folks looking carefully at the legalese to make sure
there are no conflicts with the MPL, GPL and other specific licenses
involved. If anything comes up it will have to be addressed, or we'll
have to drop FF from main. So far, nothing has.

> My question is this, and please excuse a stupid question, but I'm not a programmer, so
> I don't know, and to analyze the language, I need to understand this point: is the
> antiphishing part strictly services, or is there not software involved too? If the latter,
> surely that software is not freely redistributable and modifiable, is it? If it isn't,
> then where are we if it is on by default?
>
My understanding is this: there is software on your machine, in Firefox,
and that code is under the same license as everything else. You can take
it, study it, change it (but you may not be allowed to *call the result
Firefox*), redistribute it, charge for it if you want, but you're bound
by the usual copyleft.

There's a network service, which if you use, you must accept is not
guaranteed to be 100% perfect. I.e. if you get phished while using it,
tough.

There's the software on the server which provides the phishing service,
and afaik nobody has said publicly what software that is, or what
license it runs under.

I think the key piece is what sorts of restrictions are placed on you by
your "acceptance of the terms of the service when you use it". I think
accepting that the service is not guaranteed to be 100% foolproof is
reasonable. I think accepting that after you use the service you should
hand over your first born son would not be :-). And this is where we
will probably have a very fruitful discussion over the next few years,
not only about this service, but about others.

And lastly, can I say, <fanboy>how cool to be discussing this on a bug
report with you</fanboy> ;-)

Mark

pj wrote:
> Since Mark is asking for input on the service, I will tell you that the first thing I do is
> turn off antiphishing services, along with every other thing that tends to track my
> surfing.  I turn off Javascript and cookies too, for example, so I'm definitely not the
> average person in my habits.  I turn stuff on as needed, clean up, and turn it off
> again.
>   
In the community of folks who are very aware of the sort of abuse that 
goes on, being conservative about JS and cookies isn't unusual. Those 
are definite attack vectors on one's online identity and privacy.

Out of curiosity, would you prefer that cookies and javascript be 
disabled in the default case for Ubuntu, too? If the argument is that 
anti-phishing might be used to track your surfing, like cookies and JS, 
and therefor it should be turned off, would it not also be consistent to 
want JS and cookies disabled by default? We certainly take the view that 
we (Ubuntu) are entrusted with our users security, so this would be 
worth exploring. My gut feel would be though that most people would say 
"I'll turn that off for myself where I'm concerned, but I understand 
that the default should for JS to be switched on".

A second question would be: how would one know when to turn on the 
anti-phishing service? With JS and cookies it's relatively 
straightforward. One surfs along without them, and then something 
doesn't work, and you decide "I think this site looks trustworthy, and I 
really want to complete this thing I started, I'll enable JS and 
cookies". But, how would you decide to enable the anti-phishing service? 
And isn't the anti-phishing service very useful in helping to decide 
whether or not to enable JS and cookies? I certainly wouldn't want 
cookies on at a site that was red-flagged in the anti-phishing service.

> So I don't think one can assume that there are no people who will find the antiphishing
> service objectionable.
>   
Fair enough :-). I think this is what makes our discussion interesting - 
we have to be aware of the extremes of abuse or attack, and we also have 
to be aware of what "most people want". And in the case of Ubuntu, it's 
not even that, it's what "most people like us want", where "people like 
us" means people alive to these issues and interested in finding 
pragmatic and usable expression for that awareness.

> I personally would prefer that it be turned off by default and allow folks to turn it on
> if they want it.  There seems no reason to treat people like children, needing our
> protection whether they want it or not.  How  much pain would that cause Mozilla,
> compared to the pain caused to those of us who really care about Main being
> clean?
>   
I don't think that people "turning off" the anti-phishing service causes 
Mozilla pain. I don't have any reason to think that's anything other 
than an expense for Google or Mozilla. I think though, that the general 
feeling is that having it there and on makes for a better, safer 
browsing experience, and the idea is that "Firefox stands for the best 
browsing experience and is also, amazingly, all free software". So, I 
imagine that to the Mozilla folks (and I'm *not* conveying anything 
that's been said to me by them, just trying to put myself in their 
shoes) they would want to make sure that anyone who ships something 
called "Mozilla Firefox" delivers a consistent, predictable experience 
in this regard.

Say you installed FF on your Mom's computer,  she gets some nasty 
phishing mail, clicks on the link,  FF says "this is a scam", and she 
falls in love with Mozilla on the spot and tells all her friends "That 
Firefox is the right way to web". Then one of her friends installs 
Ubuntu (OK, a stretch, or the sort of granny *I* want to have) and is 
delighted to see Firefox there. But when her friend gets the same scam 
email, she gets phished, because we turned this off by default. I can 
see how that would be bad for Mozilla and for Firefox (and frankly for 
Ubuntu too).

This is not treating people like children, it's taking a view on the 
most appropriate configuration for folks when they start out. I can see 
how reasonable people might take different views, but I don't think it's 
unreasonable for us to take the view that this is the right default 
configuration.

> The software is modifiable, but after you say I agree, then is it?  Under the same
> license? I was sick last week, so I haven't had a chance to seriously review the
> language on the services part, so this is just to make clear that while I definitely
> see the major issue, the EULA, resolved, I haven't said the same about the
> services agreement to date.
>   
I would be very interested in the results of your analysis, and there 
are also other folks looking carefully at the legalese to make sure 
there are no conflicts with the MPL, GPL and other specific licenses 
involved. If anything comes up it will have to be addressed, or we'll 
have to drop FF from main. So far, nothing has.

> My question is this, and please excuse a stupid question, but I'm not a programmer, so
> I don't know, and to analyze the language, I need to understand this point:  is the
> antiphishing part strictly services, or is there not software involved too?  If the latter,
> surely that software is not freely redistributable and modifiable, is it? If it isn't,
> then where are we if it is on by default?
>   
My understanding is this: there is software on your machine, in Firefox, 
and that code is under the same license as everything else. You can take 
it, study it, change it (but you may not be allowed to *call the result 
Firefox*), redistribute it, charge for it if you want, but you're bound 
by the usual copyleft.

There's a network service, which if you use, you must accept is not 
guaranteed to be 100% perfect. I.e. if you get phished while using it, 
tough.

There's the software on the server which provides the phishing service, 
and afaik nobody has said publicly what software that is, or what 
license it runs under.

I think the key piece is what sorts of restrictions are placed on you by 
your "acceptance of the terms of the service when you use it". I think 
accepting that the service is not guaranteed to be 100% foolproof is 
reasonable. I think accepting that after you use the service you should 
hand over your first born son would not be :-). And this is where we 
will probably have a very fruitful discussion over the next few years, 
not only about this service, but about others.

And lastly, can I say, <fanboy>how cool to be discussing this on a bug 
report with you</fanboy> ;-)

Mark

Ubuntufirefox-3.0 package

Comment 515 for bug 269656

Ubuntu
firefox-3.0 package