Committer’s Agreement – Minor Update

We just made a small tweak to the Committer’s Agreement that everyone with privileges to check in directly to the Mozilla source code trees has to sign. The change is to the section titled “Committing Code Created by Others“, and it is:

You may check in Code to a Mozilla Foundation repository that was not written by You, provided that:

a) The checkin comment contains information (or references to information) sufficient to identify the author and the license of the Code, including at minimum an email address; and and a link to a public source repository if one is available; and
b) You make all reasonable and appropriate efforts to ensure that such Code conforms to the terms of this agreement.

It isn’t necessary or a good use of time to get everyone to re-sign it :-), but please can existing committers be aware of the need to document license and source when checking in code from external sources. It’s important that we know where our code comes from, and who to contact if there’s a problem.

German Subscription Trap Interview: Subtitling Request

Mozilla has been active in the courts in Germany, pursuing people who use Firefox as bait in “subscription traps”. On Tuesday evening, our wonderful German lawyer Anthonia Zimmermann was interviewed on German TV during a 14-minute feature on subscription traps.

Sadly, I don’t speak German. Can some kind person who speaks German and English please use the awesome Universal Subtitles to subtitle this video in English so I can watch it? :-) The URL you need is:

You may want to subtitle it in German first (i.e. do a transcript) and then translate the result.


Trademark “Equality”

Simon Phipps has written several pages of almost-entirely-good stuff about how you benchmark a project’s governance. I particularly like his description of the best governance structure as an “open, meritocratic oligarchy”. I proud of the fact that we pretty much have one of those at Mozilla.

The one issue I would disagree with him on is his comments on trademark policy. He writes:

There will be a community-equal trademark policy, granting every participant the same rights to use of the trademarks…

But who is a participant? Free software projects have fuzzy edges. If I contribute one patch, am I a participant? Does that then allow me to label the heavily modified builds of the code I am distributing with the standard project name? This seems like it could quickly mean that the trademark doesn’t offer any guarantees of what you are getting (which is the point of a trademark).

He also says:

A trademark that is under the exclusive control of one community member will be a problem if the community tries to take a direction that member objects to.

What sort of ‘problem’ will this cause? It will cause the fork to have to rename itself. But that’s OK – in fact, it’s a good thing, because if the source is different, the mark should be different. To put it in code terms, a trademark is not about identifying a codebase, it’s about identifying a distribution. Firefox is a distribution of the Mozilla codebase by the Mozilla Organization; Songbird is another one from Pioneers of the Inevitable; and TomTom Home is yet another, from TomTom. If someone else distributes some different software built from the Mozilla codebase (and all forks are different – that’s the point) and there is no agreement with the trademark holder, then it’s right that there should be a new mark so people know what they are getting and who they are getting it from.

Having said that, I entirely agree that there are good and bad practices surrounding trademarks. I think that there are things you should look for in a free software project’s trademark arrangements – such as whether the trademark is easily removable without affecting the function, whether there are a documented and approved set of steps for removing it and being in the clear legally, and whether the day-to-day usage policies are things you can live with. (I’ve been meaning to write a more detailed paper on this for at least 5 years, but still haven’t got around to it…)

But I can’t agree that a “fully egalitarian” trademark policy is necessary for good governance, or is even in the best interests of the project. What would happen to the meaning of the word “Firefox” if Mozilla had such a policy? One group who would definitely benefit would be these people

“Cash Bonanza” Clarification; Full Judgement Available

The full judgement in the recent German subscription trap case, including all pages and screenshots (but with the names of the defendants redacted) is now available (20MB+ PDF).

Some online speculators have suggested that Mozilla is bound to collect a large stash of cash from our victory in this case. This is not true, for the following excellent reasons:

  • We’re not even certain there is any large stash of cash, or if there is one, that it is still within the jurisdiction of the German court.
  • All the judgement did was to stop the infringing activity (which was our main aim). And it hasn’t even done that yet, because it is still appealable for up to 30 days. And if they appeal, they could do so on the last of those days.
  • We cannot obtain any money on the basis of the current judgement, but have to bring a second suit quantifying the damages, based on information that the judge in this suit ordered them to reveal.
  • Even if we bring such a suit, there is no certainty of compensation, or even of recovery of our costs.
  • Even if compensation is awarded, there are various ways the defendant could make themselves judgement-proof or avoid paying it.

So we are a long way from seeing a single penny, let alone larger amounts.

Germans Protecting Germans

You may remember a while back I did a series of posts on how Mozilla was protecting Germans by going after the operators of “subscription trap” websites based in Germany. I’m pleased to say that the German government has now joined the fight.

A few days ago, the German Ministry of Justice passed a legislative proposal (PDF; link in German) for an amendment to the German Civil Code. The title is “Draft Law for the enhanced protection of consumers against online subscription traps”.

Here’s the first paragraph:

Many consumers use the Internet to obtain information in an easy manner or to make use of cost-free services such as downloads of freeware. In doing so, they often fall victim to so called cost- or subscription traps (…) Shady undertakings intentionally conceal the fact that they charge for their services by means of a confusing or misleading presentation of their websites. For example, an offer on such a website will be praised, in a graphically highlighted form, as “free”, while only in the small print, or hidden in the General Terms and Conditions, is information provided about the costs of the provided services. This information is moreover often provided in small or pale print, hidden in a footnote or will only become visible on the computer screen after the consumer has scrolled further down. Consumers can therefore only recognise with difficulty that a service that is at first sight cost-free will result in costs after all.

That’s the problem in a nutshell.

When the law passes, persons or entities making commercial offers to consumers online which require payment will be required to do two things:

  1. Show a clearly visible, highlighted notice about all costs the consumer will incur when making use of the offer; and
  2. Make it so that, before contracting, the consumer actively has to confirm that he has read the cost information.

If a website does not satisfy these requirements, the contract will be void.

This proposal will now be introduced into the German “Bundestag” (the “lower House of Parliament”). Once it has been approved by the lower chamber, it will then need approval from the “Bundesrat” (the Federal Assembly, or “upper House of Parliament”). That may take approx 6 months. Our German contacts say the motion has strong support, so it is rather unlikely that it won’t become law. However, it could be amended along the way.

MPL 2: GPL Compatibility?

The Mozilla Public License 1.1 is not compatible with (any version of) the GPL – that is, you cannot put MPLed code into a GPLed binary. The alpha 3 draft of the MPL 2 has opt-in GPL compatibility which can only be chosen at the time the software is first licensed (section 11.2).

I personally believe that most or all groups who are currently licensing their software under the MPL (only) would not mind, or actively desire, GPL compatibility, and the new MPL should give them the opportunity to choose it. I think most free software developers see licensing as a pain, and license incompatibility as a double pain, and would much rather everything were upwardly compatible with everything else.

To test this belief, and so we can appropriately publicize the new version of the MPL when it comes out, I am creating a list of MPLed projects. If you know of an MPLed project please add it to the list. And I want to hear from those projects as to whether they are opposed to, in favour of, or indifferent to, GPL compatibility for existing projects being put into MPL 2. Have a discussion on your mailing list and let me know the outcome.

Particularly if you or your project chose the MPL specifically because it is GPL-incompatible, please contact me. I will treat your response in confidence if you wish.

I’m also looking to make a list of GPLed projects using MPLed libraries (with a GPL exception of some sort – or even without!). That list is at the bottom of the same wiki page. If you are a GPLed project and wanted to use MPLed libraries but couldn’t, I want to hear from you too.

Please spread the link to this blog post throughout the free software community – I want to make sure I’ve reached as many MPL-using projects as possible.

Note: this canvassing of opinion is not official and is not binding in any way on the MPL 2 drafting team.

MPL Update: New Changes For Review

We’ve published the first draft of our proposed changes to sections 2 and 3 of the MPL.

In particular, in what I’m sure will be a popular move, we’ve revised and simplified the notification and documentation requirements in section 3 (the part responsible for the boilerplate headers in every file).

We are very interested in feedback! Please do read and comment in the commenting tool.

Third Party Code

Thanks to the sterling efforts of Michael Kohler, we now have a page listing the third party code in the Mozilla tree. This is important for licence compliance and so that downstream users of our code know what they are using.

We have attempted to make sure the information is correct, but we would greatly appreciate it if some core hackers could skim down the list with the following questions in mind:

  • Have we correctly identified in which product/products each library is being used?
  • Are you able to shed light on any of the remaining queries (marked XXX)?
  • Is the list complete, to your knowledge?


Updating the MPL

Today, we are launching a project to update the MPL. (Read Mitchell’s blog post). As the first point of contact within Mozilla for licensing issues, I’m often on the receiving end of criticism about the MPL’s rougher edges (such as the amount and inflexibility of the boilerplate required). So I’m looking forward to this process. But I want to focus on the positive changes we can make as much as or more than the things we have to ‘fix’. On that front, I’m particularly hoping that we can help integrate the MPL better with the remainder of the popular Free Software licences – e.g. by achieving Apache compatibility.

While I have hopes and goals for the process, as do the other Mozilla people involved, this is not a validation exercise for pre-existing decisions. There’s a lot still undecided about how will look. And we’d love to get your input.

The Economics Of Privacy

Tristan recently blogged about privacy as a currency. His point:

Privacy is a currency for which we don’t know the [ex]change rate. It’s something we’re giving to online services without knowing what it’s worth.

I started to apply basic economics to that idea. It seems to me that a key point is that the exchange rate of the currency is not only unknown, but it is also different for different people. You may value your privacy much more highly than I do. By contrast, for people in the same socio-economic group, the value of the information to the company is (approximately) the same. For most of the readers of this blog, it’s worth about the same to (e.g.) Google to know X amount about you as it is to know X amount about me.

A mutually beneficial exchange is one in which both parties receive something of greater value than what they lost. Is our loss of privacy mutually beneficial? It depends. I may decide to put a $50 value on the privacy of my list of friends. If that list is worth $100 to Google or Facebook, and they will provide me with $70 worth of services in return for it, then clearly the exchange is a beneficial one. However, if you value your list of friends at $500, then it would not be a good exchange for you, if all else was the same.

Another important economic attribute of exchanges is that they should be ‘fair’. A fair exchange is one which is uncoerced, and in which both parties understand what they are giving away and receiving. Do people understand what they are giving away when they give away their privacy? Perhaps not. Or it could be just that they put a low value on it. In which case, it’s entirely reasonable for them to make the trade.

Conclusion: privacy advocacy is not about persuading people not to use particular privacy-reducing services, it’s about persuading people to understand the value they personally put on their privacy and perhaps, secondarily, to increase that number. But if people, once they understand, choose not to increase that number and to make privacy-reducing deals, we should respect their free choice.

MPL “Initial Developer” For Mozilla Employees

If you are an employee or contractor of the Mozilla Foundation or any of its subsidiaries (Mozilla Corporation, Mozilla Messaging, Mozilla Denmark, Mozilla Online, Mozilla Canada and Mozilla New Zealand) the “Initial Developer” section in the MPL header of new files you create should appear as follows:

The Initial Developer of the Original Code is
the Mozilla Foundation.

Also, please add the header using the official boilerplate rather than copying it from another file. The Mozilla Foundation, rather than any of the subsidiaries, holds the copyrights to work done by people in the above category. “” is not a legal entity, and so is also not correct.


Protecting Germans IV: An Example

This is the fourth in a series of blog posts (previous: 1, 2, 3) on how Mozilla is using its trademarks to try and make sure everyone gets a genuine copy of our software, for free.

Today we filed what lawyers call “main action proceedings” against the most long-standing and active of the operators of charging sites (what we would call “subscription traps”), Alexander Varin. Through his companies Content Services Ltd. and Antassia GmbH, he operates several sites of similar design (unlinked examples:,, We have been monitoring his activities since November 2008. An early C&D request was rejected. The aim of this case is to address all his infringing activities in one action.

There have already been successful court actions against Mr. Varin, brought by individual consumers (regarding their payment obligations after signing up) and by a German consumer organization (regarding infringements of consumer protection laws, amounting to unfair competition). But the core infringement of Mozilla’s trademark rights, the offer of Mozilla’s software against hidden fees, continues. Our aim in these proceedings is to put a permanent stop to it.

What will happen next is that the court will serve the statement of claims to the three defendants. They have two weeks to notify the court that they are defending the action. Should one (or all) of them not do so, we can apply for a default judgment. If they do notify the court, they will have a further deadline of a few weeks within which to respond to the statement of claims. The court will then set a date for an oral hearing.

Please note that German defamation law is quite strict where reporting of court proceedings is concerned. Only truthful facts may be reported and no suggestions or inferences be made that leave room for (negative) interpretation. So please be understanding if we can’t discuss our opinions on this case in the normally straightforward and forthright ways which generally characterize Mozilla’s communications :-)

The umbrella organization of the German consumer protection agencies (Verbraucherzentrale Bundesverband e.V.) is also very active in informing and educating consumers about subscription trap websites. They have themselves brought several main action proceedings against the operators of various such fraudulent sites, including the website “”. For further information, you can visit their website (also available, naturally, in German). If you are German and would rather speak to someone directly, you can find the contact details of your local consumer protection agency on their website, too.

Journalists who want more information can contact Martin Madej at Verbraucherzentrale Bundesverband e.V. Tel. (030) 258 00-123, or email