
Dissection of COVIDSafe (Android): Australian government's contact tracing app - ghuntley
https://docs.google.com/document/d/17GuApb1fG3Bn0_DVgDQgrtnd_QO3foBl7NVb8vaWeKc/edit#
======
mcannon
I believe the government, PM and various ministers have said the code will be
released. My sources also say exactly the same.

They’re obviously operating with extreme urgency to get the app out. For you.

Give them a few weeks to clean up code and release it (which is very normal) -
but in the meantime, here are some tips:

\- Turn the HN angry mob mode off - it’s not helpful. We’re all in this
together.

\- Commend the government on some smart privacy and security choices (data
deleted after 21 days, open source code, AWS in Australia, sensible sec
practices etc). They won’t get it all right - and we as a tech community can
help them. Find a bug & help get them closed.

\- When asked by non technical people “Should I install this app? Is my data /
privacy safe? Is it true it doesn’t track my location?” - say “Yes” and help
them understand. Fight the misinformation. Remind them how little time they
think before they download dozens of free, adware crap games that are likely
far worse for their data & privacy than this ever would be!

Thank you

~~~
discordance
I would love to trust them more, but the Australian government does not have a
good track record with regards to privacy. Two such recent examples:

\- Australian's browser history is being provided to law enforcement even
though that practice was excluded from the original intent and law [0]

\- Australia passed laws in 2018 which enable law enforcement to compel tech
companies into inserting backdoors into their software [1]

0: [https://www.theguardian.com/world/2020/feb/07/web-
browsing-h...](https://www.theguardian.com/world/2020/feb/07/web-browsing-
histories-are-being-given-to-australian-police-under-data-retention-powers)

1: [https://www.wired.com/story/australia-encryption-law-
global-...](https://www.wired.com/story/australia-encryption-law-global-
impact/)

~~~
Daishiman
The Australian government is not a single monolothic institution. It's a set
of hundreds of thousands of people with different agendas and intentions. You
cannot assign singular agency to the entire government; rather we have to go
case-by-case to understand the implications of programs like these.

~~~
roenxi
That is a little like saying the human body isn't a single organism because,
say, the digestive tract operates with its own agency and intention outside of
conscious control. It isn't correct; the politicians in the government have a
very high level of agency around what ends up being fed into the institutions
and what agendas and intentions are allowed to rise to power.

This isn't the step that gets us to a dystopian future, but it is so cheap and
convenient for government to take programs like this and expand them every
single time there is a crisis that it may as well be assumed to be coming if
people don't kick up a stink each and every time.

We don't need perfect safety. We've can't have perfect safety. Having perfect,
technologically enforced safety will create systems that will become corrupted
and evil with a high, high likelihood. I don't want the government to have the
ability figure out who I'm talking too at all; I'd rather we went in the exact
opposite direction of this app and put legal barriers in place to them even
asking. COVID-19 is horrible, but it will pass. This tracking strategy will
not.

~~~
hilbert42
_" I'd rather we went in the exact opposite direction of this app and put
legal barriers in place to them even asking. COVID-19 is horrible, but it will
pass. This tracking strategy will not."_.

Absolutely damn correct brother! 10/10.

------
jay_kyburz
Here is how I think the app should have worked.

Instead of requesting codes from a central government server to be distributed
to people you come into contact with, your phone could have generated its own
codes for distribution.

Then when a COVID infection is found, the gov could simply publish a list of
all codes collected by the infected person.

Your phone could request this public list daily and you could choose to get a
COVID test if your code is in the public list.

The government would have no way to link any codes to a particular phone or
person. A lot less data would need to collected, stored, and managed.

This app is designed to allow the government to find and collect anybody they
think needs testing. It can also be used to find and punish anybody breaking
social distancing laws.

(Updated for clarity)

~~~
jessriedel
If I understand you correctly, this is exactly the procedure that Stanford's
CovidWatch is implementing.

[https://www.covid-watch.org/article#contactTracing](https://www.covid-
watch.org/article#contactTracing)

They are pushing for a standard protocol that incorporates this mechanism. It
may or may not be compatible with the joint effort of Google and Apple, and
with Singapore's under-development BlueTrace standard.

[https://en.m.wikipedia.org/wiki/BlueTrace](https://en.m.wikipedia.org/wiki/BlueTrace)

------
tastroder
It's interesting to see these tracing app discussions crop up all over the
world at the moment. In Germany it quite literally took dozens of public
interest groups, two weeks of media attention, EU guidance and an open letter
by hundreds of scientists to make the government switch from central data
collection to an acceptable decentralised approach.

The amount of misinformation put out by lobby groups in the process was
frankly astonishing, is that similar in Australia or is this app primarily
driven by the government itself?

~~~
temac
> In Germany it quite literally took dozens of public interest groups, two
> weeks of media attention, EU guidance and an open letter by hundreds of
> scientists to make the government switch from central data collection to an
> acceptable decentralised approach.

Interesting. Do you have any pointer on the current German approach? I've been
looking at the Robert protocol from Inria+Fraunhofer, and I'm not sure I like
the central secret DB it requires.

~~~
def_true_false
I guess they meant the DP-3T. See
[https://github.com/DP-3T/documents](https://github.com/DP-3T/documents)

~~~
temac
I think so, and it seems this is very recent; I found that:
[https://www.reuters.com/article/us-health-coronavirus-
europe...](https://www.reuters.com/article/us-health-coronavirus-europe-
tech/germany-flips-on-smartphone-contact-tracing-backs-apple-and-google-
idUSKCN22807J) I hope France will follow.

------
em10fan
> Non-compliant. The CovidSAFE application heavily uses source code from
> [https://github.com/opentrace-community/opentrace-
> android](https://github.com/opentrace-community/opentrace-android) which was
> released under GPL v3

That's not to say its non-compliant, they could have reached out to the (one)
contributor and licenced it separately.

~~~
zelphirkalt
For this specific case, it would be a grave mistake to license under anything,
which does not contain a copyleft to make sure they release the source code as
well and grant the 4 freedoms.

~~~
tzs
If I'm understanding this right, this app was written by the Australian
government. Does the license for any libraries or other outside code they have
included even matter?

Generally, governments have what is called "sovereign immunity" when it comes
to civil lawsuits. They can only be sued if they decide to allow it. Some
countries waive their sovereign immunity for specific laws.

For example US copyright law waives it for the Federal government, and so if
the US government used your library without permission you could sue them for
copyright infringement. It does not waive it in regard to the US states,
however, and so if individual states used your library without permission you
would probably not be able to do anything about it.

I have no idea if Australia has sovereign immunity from Australian copyright
law. Google, Bing, and Duck Duck Go are all insisting on just returning
results about the recent US Supreme Court case that said the waiver of
sovereign immunity in US copyright just covers the Federal government, not the
state government.

~~~
angry_octet
The Australian Govt respects copyright a dictacted by legislation, rather than
some general immunity concept. So particular legislation (such as FOI,
Archives Act, etc) may dictate that copies are made and kept. In general, the
Govt pays fees as would a commercial entity, but many of the use cases could
be covered by a legislative requirement or a fair use provision, and it is
rather baroque, and the process of legal reform is quite slow.

[https://www.alrc.gov.au/publication/copyright-and-the-
digita...](https://www.alrc.gov.au/publication/copyright-and-the-digital-
economy-ip-42/crown-use-of-copyright-material/)

[https://www.smh.com.au/business/companies/government-
alleged...](https://www.smh.com.au/business/companies/government-allegedly-
owes-authors-illustrators-and-journos-copyright-millions-20171119-gzob0u.html)

As to software, I don't believe any part of the Australian Govt has been sued
for violation of open source copyright, and it is generally taken quite
seriously at agencies like CSIRO. It has always been a big talking point for
MSFT and big integrators as a reason not to use open source though.

------
thisrod
I think this discussion is putting the cart before the horse. If there is no
alternative to this app, what protections should it have? That's the second
question to ask. The first one, which hardly anyone is asking, is whether the
thing is necessary to start with.

There is one very strong reason to suspect Australians don't need this: the
app has only been here 3 days, but the novel coronavirus has been around for 3
months, and it has never looked like getting out of control. Turns out that
telephones and old-school contact tracing still work, and they work even
better with some help from DNA manipulating virus detection robots. Who would
have thunk it?

Plus, at this point, each app user has a 1 in a million chance of being
exposed to the virus. Talk about number needed to treat!

Australia should focus on prisons, aged care facilities and concentration
camps, where the risks are still meaningful. And we should rack our brains to
imagine other ways that the virus could rapidly spread beyond our capacity to
contain it. If things keep going right, we won't need this app. If something
goes wrong, it will be an unexpected thing that the app can't fix.

------
SyneRyder
I've been running COVIDSafe on Android for most of today, Samsung's Battery
monitor is showing 3% battery use by COVIDSafe after 6 hours. I guess that's
about a 10-12% battery hit over a full day, but at least it's using less
battery than Spotify or TuneIn or Pocket Casts when they were in use with the
screen off. So we're not talking Pokemon Go levels of battery drain here.

It works fine in the background on Android. Much like the Pebble smartwatch
app does for its Bluetooth connection, you get a permanent notification, and
you have to disable battery saver to stop the app sleeping. But you can still
use your phone for other things. Battery monitor regards the app as in
"Active" use the whole time, not in "background" use.

~~~
rstuart4133
The battery problem seems to be an Apple thing. iOS can shut the app down if
it is in the background, and will do so if the battery is getting low. One
solution is to keep it in the foreground - but that does chew power.

------
ferros
It was interesting to hear a lead story on the nightly news talking about data
privacy issues related to where the data was stored, saying that the data
would be stored on “American company Amazon’s Servers”.

No mention of Australian regions or GovCloud etc.

~~~
maxden
The ABC is reporting that the server must store data in Australia and the data
cannot be transferred overseas.

~~~
crispinb
Unless they've done some independent investigation, that's just federal
government speak.

The feds have been at pains to present COVIDSafe as having stringent privacy
safeguards, but they have such an appalling record that few will believe them
without trustworthy independent scrutiny. I can't see how that can be possible
until (at a bare minimum) the app's source code is released.

I really hope they do, and that they make any necessary improvements
subsequently recommended. Contact tracing is a fantastic potential use of
mobile technology. It would be a pity for it to be undermined by the usual
impulse towards contemptuous patrician secrecy.

~~~
sjy
A “privacy impact assessment” was performed by an independent law firm,
reviewed by an independent statutory authority responsible for privacy
protection, and published before the app was released.
[https://www.oaic.gov.au/updates/news-and-media/privacy-
prote...](https://www.oaic.gov.au/updates/news-and-media/privacy-protections-
in-covidsafe-contact-tracing-app/)

------
aaron695
I saw this coming BUT I thought if they were clever they might get the code
from the Singapore government (Who I think developed OpenTrace) direct?

You can release you code as GPL. But you can also release you code however,
separately if you want.

Also it depends on OpenTrace's libraries and if it's been contributed to.

~~~
toyg
Uhm, no.

Once your code contains GPL code _that is not yours_ , it has to be GPL.
Particularly in v3, where a number of loopholes were closed. You are free to
attach further non-conflicting clauses to it, but the GPL of the original code
must be respected. That’s the entire point of the GPL.

Double-licensing requires you to have ownership of the entire codebase. At
that point, you are licensing _everything_ , so you’re free to pick any
license that suits you.

~~~
cyphar
You're agreeing with the OP. The point they were making was that the
Australian government could've gotten the source code under an alternative
license by asking the sole copyright holder (which I believe is either the
Singaporean government, or a contractor of the Singaporean government).

But to be honest, as an Aussie I don't think our government is remotely
competent enough to have considered the copyright license of the code they
were using. There were initial reports they would provide the source code of
the application, but these promises were quickly revoked for reasons of
"national security" or some other such rubbish.

EDIT: I meant to say that it was a bullshit reason such as "national
security", not that it was a direct quote. The actual reason they claimed was
that it was easier to hack if the source code was public.

~~~
crispinb
_but these promises were quickly revoked_

Were they? Where did you see that?

The Health Dept's response to the Privacy Impact Assessment's recommendation
for release of the app's source code says as follows:

 _Agreed. The PIA and source code will be released subject to consultation
with the Australian Signals Directorate’s Australian Cyber Security Centre_

([https://www.health.gov.au/resources/publications/covidsafe-a...](https://www.health.gov.au/resources/publications/covidsafe-
application-privacy-impact-assessment-agency-response))

Now that 'consultation' _might_ be a delaying tactic, but it's just as likely
to be that the Dept. of Health has no idea of the implications of such
release. It certainly doesn't suggest the revocation you claim.

~~~
cyphar
I was basing it on the public statements of the Health Minister[1].

Now, it's very possible that they'll release it tomorrow and this whole
discussion will have been a waste of time -- but at the time of writing the
Minister for Government Services said unequivocally that they would release
the source code[2] and later the Health Minister said they were "unsure it
would be safe"[1], and finally when the app was released the source code was
nowhere to be seen. To be fair, he was insistent that they would release it
(despite being "unsure it would be safe").

But sure, I also wouldn't be surprised to discover that the whole process has
been delayed by some other bureaucracy. After all, they probably see releasing
the source code as a token gesture and not a form of review by the public.

[1]: [https://www.itnews.com.au/news/health-minister-now-unsure-
if...](https://www.itnews.com.au/news/health-minister-now-unsure-if-source-
code-for-covid-contact-tracing-app-is-safe-to-release-546981) [2]:
[https://www.itnews.com.au/news/govt-to-release-source-
code-o...](https://www.itnews.com.au/news/govt-to-release-source-code-of-
forthcoming-covid-trace-app-546884)

------
alfiedotwtf
Would anybody be interested in setting up a bounty? I'm thinking first team to
show a major break in privacy wins the pool. I'll put in $100, and I hope
others do too.

Edit: to be explicit, I'm talking about REing the app locally, nothing server
side

------
aapeli
It's called dual licensing.

The Au Gov got the code for TraceTogether (what OpenTrace, the open source
implementation of BlueTrace is based on) weeks before the source was publicly
released as GPL.

~~~
hyperpallium
Not disputing, but do you have a link for when they got source?

Opentrace was open sourced 16 days ago [https://github.com/opentrace-
community/opentrace-android](https://github.com/opentrace-community/opentrace-
android)

~~~
aapeli
Don't have a public source, sorry.

------
lukevdp
In the Privacy Impact assessment that was released here
[https://www.health.gov.au/sites/default/files/documents/2020...](https://www.health.gov.au/sites/default/files/documents/2020/04/covidsafe-
application-privacy-impact-assessment-agency-response.pdf)

The government is planning to release the source code “subject to consultation
with the Australian Signals Directorate’s Australian Cyber Security Centre.”

Take that for what you will. I suspect some people will take this to mean they
won’t be releasing the source, however at this point I think it’s reasonable
to believe it is still going through this process.

~~~
ggm
On national radio this morning they implied a belief in security-by-obscurity
regarding things. I can't even. (I suspect the journalists mangled what the
ASD said)

------
hyperpallium
They said they would release source, but they've distributed the app first, so
are in breach.

They also said location would not be used, but

    
    
      android.permission.ACCESS_FINE_LOCATION
    

Can't trust them on things that can be checked; therefore can't trust them on
the things that that can't be checked.

~~~
maxden
Yes, I thought they said a few days ago that the source code will be made
available for scrutiny but this now how its being reported:

"Some, if not all, of the app’s source code will be made public."

~~~
pmontra
Will Australians be able to build from source, install and connect to the
central server (if any)? Or at least build and verify that what comes from the
stores is what they built? If not, having the source code doesn't really
matter much.

~~~
barbs
I think it would go a long way in establishing trust if they release the
source code, even if you can't perfectly prove that the binaries are built
from it. They would have to be outright lying if that wasn't the case.

------
Sophistifunk
The Australian government is not to be trusted, they (both parties) have been
trying to take control of the internet for decades now, and even when they're
not trying to do something nefarious, government IT projects have a long
history of incompetence. Even recently (but before CV19) they've been
drastically increasing the reach of the state to spy on people and force
backdoors into software.

------
scoot_718
> Remind them how little time they think before they download dozens of free,
> adware crap games that are likely far worse for their data & privacy than
> this ever would be!”

Not a convincing argument for anything.

------
tgsovlerkhgsel
Does this randomize the Bluetooth address too? I saw the README (from the
dissection) mention a function that hides the name "so the other side only
gets the address", which would defeat the entire purpose of rotating
identifiers.

If it does randomize the Bluetooth address, does it use a separate identifier,
and if so, does it rotate both at the same time? Otherwise, you can use an
identifier that changes at time 1 to link the other identifier with its new
version when it changes at a different time.

~~~
rstuart4133
It's OpenTrace [0]. OpenTrace is GPLv3, and is based on a published
specification that's not too difficult understand. The fact that it _is_
dervived from OpenTrace and they haven't published the source is the whole
basis of this story.

To answer your direct questions:

\- randomize Bluetooth addresses: I expect not, as that would screw any
existing bluetooth connections, like headsets.

\- does it use a separate randomised identifier: yes.

On Android at least you would be foolish to trust it without a verifiable
chain of trust from the source to the binary you are running. It has two
things that matter greatly: your true name, and your precise location. There
is nothing physically preventing them from uploading your whereabouts every 10
minutes to a server - so you have to trust the binary doesn't do that. Right
now we only have their word [1]. Whether you care enough above the sort of
information it could leak to need to trust it is a different question. But if
you do care, you would be a fool to do so without a verifiable chain.

A verifiable chain of trust means:

\- source starts from a trusted origin. (It does: opentrace)

\- there is a cryptographically signed audit trail showing how they change it
to get to its current state. (The original is in github, so that's possible).

\- they publish the source before deployment. (The two points above means
someone inspecting the result only has to look at the changes, not the entire
thing).

\- they use a reproducible build.

[0] [https://github.com/opentrace-community](https://github.com/opentrace-
community)

[1] Right now I'm sure they are good for their word. Move on 24 months and if
you still have it installed, then based on their past history I would not
trust them as far as I could kick them.

~~~
tgsovlerkhgsel
The Apple/Google protocol does randomize:

> The advertiser address type shall be Random Non-resolvable.

> The advertiser address, RollingProximityIdentifier, and Associated Encrypted
> Metadata shall be changed synchronously so that they cannot be linked.

(page 5, [https://covid19-static.cdn-
apple.com/applications/covid19/cu...](https://covid19-static.cdn-
apple.com/applications/covid19/current/static/contact-
tracing/pdf/ExposureNotification-BluetoothSpecificationv1.1.pdf))

I assume you can use your "regular" Bluetooth address for any communication
with paired devices (which is then just as trackable as it would be
otherwise), while still using this at the same time for the BTLE
announcements.

However, I suspect these APIs may not be available to non-OS applications.

~~~
rstuart4133
You made me look, and my times have changed.

> I assume you can use your "regular" Bluetooth address for any communication
> with paired devices

It turns out even that's not true. It's normal to use a different mac each
time you connect to the same paired device:
[https://www.lairdconnect.com/support/faqs/why-does-ble-
mac-a...](https://www.lairdconnect.com/support/faqs/why-does-ble-mac-address-
keep-changing-my-smartphone)

I don't know whether it multiple mac's in flight at the same time, but given
the the effort they've put into it, it's entirely possible.

------
enturn
Are there concerns that unpatched Android devices could be vulnerable to the
Bluetooth bug discovered in February this year?

[https://www.welivesecurity.com/2020/02/07/google-critical-
an...](https://www.welivesecurity.com/2020/02/07/google-critical-android-
bluetooth-flaw-attack/)

~~~
gruez
Exploit details were released a few days ago[1]. Some essential bits were
removed, so not any script kiddie can use it, but it's only a matter of time
before a full exploit available publicly.

As for how it relates to the app, I don't think it matters much. I'd imagine
most people already have bluetooth enabled, so using this app or not won't
change their vulnerability status.

[1] [https://insinuator.net/2020/04/cve-2020-0022-an-
android-8-0-...](https://insinuator.net/2020/04/cve-2020-0022-an-
android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/)

------
ggm
I'd love to know where 15 minutes exposed came from. Feels like a value
imputed from a join over battery drain and usefulness. I thought five minutes
made more sense. If you are 15 min within 1.5m of a stranger in most
Australian states you're probably mildly in beach of social distancing.

~~~
aiham
15 minutes was part of the definition for a casual contact 2 months ago, a lot
earlier than the app and the social distancing rules.

[https://www.health.gov.au/sites/default/files/documents/2020...](https://www.health.gov.au/sites/default/files/documents/2020/03/coronavirus-
covid-19-information-for-casual-contacts-of-a-confirmed-case.pdf)

~~~
ggm
You will notice in that guidance that if you subsequently fall ill as a casual
(sub 15 min) contact they will need to talk to you for contacts tracing..

So that implies there is a health risk burden under 15 which needs to incur
costs of contact tracing at which time this app cannot help.

------
bamboozled
I'm wondering how the application protects against people running malicious
clients works? If the point of this app is to broadcast identifiable
information into the public domain, what is stopping others from snooping this
information and creating their own tracing DB?

~~~
mickotron
Cool go ahead, you're only gonna get my device identifier, phone model, some
encrypted temporary ID that identifies me for 15 minutes, which health agency
the app is affiliated with (the same as the attacker given we are in range),
etc.

Seriously my Facebook app and the underlying Android OS is sucking way more
sensitive data than this is broadcasting. And only to the restricted physical
range of Bluetooth.

And if you did happen to get my device identifier, TempId etc, you still have
to map those to my personal identity. Decrypt my TempId and what do you get,
my app UserId. Not even my phone number. Try harder.

My bigger concern is a malicious client that can exploit a weakness in mine by
sending a specially crafted json payload and gaining remote code execution.

The data on its own is pretty worthless for location tracking. It needs
enrichment or correlation with other data to be used for that purpose.

------
bfgeek
[https://docs.google.com/document/d/17GuApb1fG3Bn0_DVgDQgrtnd...](https://docs.google.com/document/d/17GuApb1fG3Bn0_DVgDQgrtnd_QO3foBl7NVb8vaWeKc/preview)

(preview link might be more useful).

------
stephen_g
My biggest worry (apart from the fact that any Australian law enforcement
agency or intelligence service could serve the department that released the
app with a notice under the TOLA Act (AA bill) to add a backdoor, and they
would be compelled to do it and then deny its existence), is that it probably
just won't be extremely effective, but people will see it as a magic bullet
out of lockdown.

There is a lot of pressure from the right wing and business lobbies to re-open
everything, but the only reason that we have had such low numbers is because
we locked down early and hard.

People are saying "Install the app so we can go back to normal quicker"
already - this is dangerous. With commercial grade hardware and software not
designed for this, we can't assume the app will be reliable all (or even most)
of the time. The period of time somebody is infectious seems to be quite long.
So using the app as an excuse to ease lockdown will not work and would
probably just result in unrestrained community transmission. Especially as we
are coming into winter, we really don't want a second wave!

------
discordance
@Dang - there are a suspicious number of new users on this thread leaving
positive comments about the about the Australian governments new surveillance
app

~~~
processing
Yes, don't think they were aware of news profile names being green for first
<2 weeks. In this instance for the 5 hours they signed up to astroturf.

~~~
dang
Please don't do this here. The site guidelines ask you not to:
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

------
timkam
I would assume many GPL-licensed applications are GPL non-compliant. From a
user's perspective, what are the most relevant problems when this is the case?
(Excluding problems of philosophical nature that only free software geeks care
about. No intention to be disrespectful; but the more practical the problems,
the more likely it is that ordinary users can relate to them.)

~~~
zelphirkalt
These "problems of philosophical nature that only free software geeks care
about" however, tend to quickly have very practical consequences, that many
people care about, though. Only that many do not realize, that their problems
would not have happened, if they had used free software. Most people are not
even aware what free software means or that it exists.

So I would not mix the two issues of a problem being a real problem and
people's lack of knowledge about the software licensing world or software in
general. Just because people don't know what the actual root cause is, it does
not mean, that the problem does not exist, or that the people will not care
about consequences, that will affect them.

I will also say,that without idealism of many great people creating free
software and little pockets of free society, we would not be, where we are
today. A very general statement, I know, but I have no doubt in my mind, that
the idea of making knowledge freely available and making sure it stays that
way does help advance society in many areas.

~~~
timkam
It's hard to disagree with the statements you make in this comment, but this
does not answer my question. To say "free software is important" is one thing;
another thing is to say "if a GPL-licensed software includes a closed-source
dependency, this is a news-breaking problem". Considering the deep dependency
trees many applications have, I would assume incompatible licenses in an app
or library, and yes--even closed source dependencies in GPL-licensed
applications--is a problem that occurs rather frequently. I think there is a
generic problem at the intersection of license management and dependency
management. COVIDSafe is just an example of this, and given the prevalence of
these issues, I think it is in itself not particularly newsworthy.

------
henvic
In my opinion, GPL is just another flavor of proprietary software and they
should stop calling it free software or even opensource. Something like
"Copyleft shared source" would make more sense to what it really is.

[https://medium.com/@henvic/opensource-and-go-what-
license-f6...](https://medium.com/@henvic/opensource-and-go-what-
license-f6b36c201854)

~~~
MaxBarraclough
As terms-of-art in the software world, 'Free software' and 'Open Source
software' have clear accepted definitions. There's nothing wrong with being an
advocate for 'copycenter' licences, but please don't muddy the waters.

