Hacker News new | past | comments | ask | show | jobs | submit login
Stallman: Facebook is Mass Surveillance (rt.com)
313 points by couchnaut on Jan 23, 2012 | hide | past | web | favorite | 144 comments

I find it somewhat ironic that people like Stallman have battled for years to get so much FOSS out there.

What did we do with all this free software? Used it to build things like facebook, google and various SaaS sites that not only tie our data into proprietary clouds but due to the nature of the GPL etc don't really have to share their code anyway.

What they have really achieved is to turn everything they touch into a commodity and moved the "value" of software elsewhere.

We seem to be moving to a world where most of our devices and the servers powering our apps will be running some form of Linux or BSD under the hood but we are actually more restricted than ever.

GNU has already given a solution to this kind of situation. It's called AGPL (http://www.gnu.org/licenses/agpl.html). But the problem is most people would be happy to avoid GPL, and stick with BSD, because a lot of people want that. If anyone can start with AGPL, that's a great start.

PS: AGPL is the strictest GPL there is, like, LGPL is a looser version of GPL. It pretty much means, you give away almost all the stack. I don't understand the whole license, but I do know it's the strictest.

The problem some of us have with AGPL is that we do not consider it to even be a free software license, as we think it violates freedom 0 on the FSF's definition of free software.

AGPL redefines what distribution means. It's an EULA, very unlike the GPL.

Also, some might say that GPL software was successful precisely because of the server-side loophole. That's not necessarily bad, because the cost of starting your own Google or Facebook is much, much lower than 10 years ago.

AGPL was made to also catch "hosted software". It still needs you to modify the OSS before the license kicks in. It has not been tested in any legal case as far as I know, which is why large corporations avoid using AGPL licensed software (like MongoDB).

The short version is that "distribution" includes providing access over a network.

Interesting , haven't read that license in detail. Does this mean that as soon as I run something on a network (or just the internet?) I am required to push my changes back upstream immediately?

However I have a feeling that there is a sufficient body of GPL/LGPL code out there that people will just modify that.

Since a lot of OSS code is contributed by companies, they don't really have any incentive to contribute to an AGPL project (in most cases).

Does this mean that as soon as I run something on a network (or just the internet?) I am required to push my changes back upstream immediately?

Warning: If any of the following is incorrect, I would really appreciate someone correcting me. I use the AGPL, and if I'm incorrect, I would like to know.

You never have to push your changes back upstream. I'm not aware of any license that requires you to submit your changes back to the original author. You just have to make it accessible to your users.

Just like the GPL, you can run AGPL code on a private network and not have to publicly release the source code. It's when the network is public that you have to make the source code available.

If I visit your website, enter in some data, a script/lib licensed under the AGPL does something with it and returns a result. You must release the source code of "everything that it touches".

If you have a business and on the company Intranet you have the same script, while the employees (users) are entitled to have a copy of the source code, you are not required to publicly release the source code. Of course, other laws prevent those employees from also releasing the source code to the public and AFAIK they "trump" copyright laws eg.NDA.

Since a lot of OSS code is contributed by companies, they don't really have any incentive to contribute to an AGPL project (in most cases).

I don't know, companies contribute to GPL licensed code even when they don't explicitly have to. Just off the top of my head, tarsnap comes to mind, he contributes back to libarchive even though he is not required to do so.

That doesn't mean I don't see your point though. You could just as easily suggest that if libarchive was licensed under the AGPL that tarsnap wouldn't have used it in the first place due to the fact he would have to release the source of the entire stack.

So I think you argument should really be "Why should companies even use software under the AGPL" not "Why should they contribute back". I don't really have an answer for that, but the same argument was made about the GPL and companies still use GPL licensed software. I'm sure if you asked rms that question he would say something about not caring about companies that want to restrict his freedom....

You are correct about the AGPL, just be careful with wording it like "everything that it touches". I don't think that is true at all - if you have a website and use AGPL code, the AGPL states that your users have a right to see that code. It cannot make a judgment on other software that may be licensed in a different way. For instance, if you have a website that uses AGPL code to produce an HTML page and non-AGPL code to provide a PDF from that HTML page, the two packages would indeed touch, but there would be no obligation to release the non-AGPL code, just the AGPL code.

As for requirements to push back changes - of course not. The only license I know of that does something similar is the SMF - Simple Machines Forum - license[1]. Yuck.

The argument between GPL and AGPL is similar to the one between BSD (or similar) and GPL on the desktop. My own position is that yes, I expect humans to be inherently good, kind and sharing souls and thus the BSD should be the license of choice. However, I have to be pragmatic and say - if we all assume that humans act like that, what's the harm in writing that down into the license? All it can do is make it hard for people who don't want to give back. So in my eyes, that's an important feature to have.

[1] http://www.simplemachines.org/about/smf/license.php

You are correct about the AGPL, just be careful with wording it like "everything that it touches".

Yeah, sorry. I think that was a poor choice of words on my part.

For instance, if you have a website that uses AGPL code to produce an HTML page and non-AGPL code to provide a PDF from that HTML page, the two packages would indeed touch, but there would be no obligation to release the non-AGPL code, just the AGPL code.

Interesting, in your example, if your application calls the AGPL code that is used to generate the HTML wouldn't your application also have to be released under the AGPL? Or do you only have to make available the AGPL "HTML generation library" and the changes you have made to it (if any)?

I thought that it had already been established that if you use a library under the GPL any code that uses/calls that library must be released under the GPL. The only reason companies can use GPL code server side is because it is not run on the user's machine (technically not "releasing it"), which was the basis for the creation of the AGPL, to "fix" this "loophole".


Thanks skore, yeah I think your example still stands. Specifically, in the wikipedia article you linked this part:

By contrast, pipes, sockets and command-line arguments are communication mechanisms normally used between two separate programs.

To continue the original example, if your program just runs the HTML generation program and supplies user data via a command line argument then it need not be released under a compatible license. But on the other hand if you were to "copy and paste" the functions from that program into yours, it would need to be licensed under a compatible license.

I think my example holds because it would be possible to replace either part of the process without the other one failing. That would be the argument by dependency.

Wikipedia has a pretty good section on the more broad legal background:


My understanding is that every GPL except LGPL infects your code. If you distribute code "linked" to GPL'd code (where AGPL defines distribute as being accessed), you must make your code available. It does get confusing when your PDF library is proprietary and not yours, which is why companies tend to frown on using AGPL'd code.

> To continue the original example, if your program just runs the HTML generation program and supplies user data via a command line argument then it need not be released under a compatible license.

I wonder what would happen if you modify the GPLed command line program. Would that mean you'd be required to release such changes? I would say no.

If it was licensed under the "normal" GPL, then no, if it was released under the AGPL then yes.

No, it just says that if anybody uses your software, they are entitled to get the source code. So on most GUN+Linux distributions, this is already the case. Not so much on the internet when you use a service on a website.

The AGPL basically establishes the same concept on the internet that the GPL has established on the desktop.

What's GUN+Linux? I didn't realise that ESR had created his own 2nd amendment based unix userland!

I see, interesting idea unfortunately I really can't see it taking off, most companies would just prefer to work internally and then release some bits of code as LGPL/BSD when they are ready. What advantage could AGPL give the developer (assuming they are writing OSS for commercial rather than ideological reasons)?


The commercial advantage is that it levels the playing field: If I create a library that can be used for a website and release it as FOSS under a license that is not as restrictive as the AGPL, I basically create a disadvantage to my own business: Another company could use my code in a closed service and thus benefit from my work without giving me and their users the courtesy of benefiting from their work in return.

I write commercial GPL software and will, in my next refactor, license certain parts of the software as AGPL. An example would be a library that connects an invoicing system to an online payment processor (ie. creates a full checkout process for invoice X at amount Y). I have a lot of work invested in the code (basically 5 years of my life) and the better and more reusable I make it, the easier it is to just retool it for another application. I would naturally love to see websites utilize the code, even if it is just in a SaaS setting. But since it is my work, I have decided to set the rules and if people want to use it, I think it's fair to ask that they should promote the same liberties that they received from me.

Good answer, I'm in a similar boat in some ways.

I would be more concerned about the "viral" nature of the GPL (I assume this applies to AGPL as well) i.e I would be happy to use AGPL code in my application and release any modifications I make (or create AGPL code and have others do the same for me) but there are parts of my applications that I really wouldn't want to have to release (because they are very industry specific and would be useful to competitors without modification and not useful at all to the general populance).

A similar license but one based on LGPL would be preferable.

If you're the developer of the AGPL licensed code, there's no problem in using it combined proprietary software. As the copyright owner, you don't need a license to use your own code.

Of course, if you accept patches from others, that's no longer true, unless if "force" people to dual license their code, with the second license being an exception just for you.

Of course, there is no 'viral' nature of the GPL, please don't spread FUD like that. The fact that your licenses have to be legally compatible and thus using GPL code in your software can be a restriction that benefits using more free licenses yourself does not equal a viral infection. The same would be true for proprietary licenses, just in a different direction.

A similar license based on the LGPL wouldn't make sense. The LGPL is basically the GPL with an addition that says that you don't have to be that strict on what license the software you use it in uses.

Right , hence why I used quotation marks around the word viral.

Problem is I'm not enough of a lawyer to know what would and wouldn't be compatible with the GPL (and confident enough to tell other stakeholders). With something like a BSD license it's easier to point to concrete examples of it's co existance (OS X for example).

Well, the GNU Project has a pretty extensive list[1], so I'm not sure whether you just haven't seen this yet, or whether there is a different concern here.

[1] http://www.gnu.org/licenses/license-list.html

As far as I can tell all of those licenses are some variation of libre licenses, I need something that's compatible with a license that says "this is ours , nobody else can have it".

The reason we need to use a license like that and not a libre license is that some of our software is very niche and would only be useful to a handful of companies around the world.

It's quite likely that none of these other companies employ any programmers at all bar the occasional contractor. Basically we are trying to disrupt an industry (in a small way) by getting more efficiency by doing stuff through tech that they are doing by employing legions of admin staff and using the old-boys network (it's a very old school industry).

If the source for certain parts of our software was available to them then they would most likely simply use it (employing an Indian contractor or similar for a couple of weeks to set it up) to wipe out our advantage and not contribute much if anything back to us.

There are however other parts of the software that could be generally useful to a wide number of people who are much more likely to contribute code back.

In that case, you probably want to consult a lawyer beforehand anyhow. If you're working on something truly disruptive and innovative to an established market, software licenses might be your smallest concern.

Nothing truly disruptive or innovative by HN standards, more than we operate in an area that is dominated by people who are simply clueless about technology.

We aren't planning to distribute any of our software so we get along fine just using LGPL / BSD licensed stuff and a few commercial libs for the most part.

Something like AGPL is potentially interesting but if it involves having to hire lawyers we'll probably keep things in-house or maybe release a few bits under LGPL a few years down the line.

-2 points for making a silly joke combined with a legitimate question? really guys?

Well, that's Hacker News. Then again, I would have downvoted you just for mentioning ESR. ;-)

I just don't see what the big deal is...

The set of information people publish on their own about themselves (like blogs) is almost exactly the same as the set of information they disclose via Facebook.

Anyone can datamine people's blogs for similar surveilance.


From Stallman's blog & email history on newsgroups I could work out:

  who he knows
  what projects he participates in
  his age
  infer his sexual preference
  infer his religion (may even be explicit there)
  where he lives
  where he was on any day (conference speaker history)
People shout and scream about themselves as often and loudly as they can. Facebook is just the medium du jour.

Those concerned with privacy have oodles of crypto-tools to do so with.

It's just people can't be bothered. That's the root problem.

Stallman is an intentionally public person who wants you to know these things.

Many many people besides a public figure like Stallman have written a blog or participated in a newsgroup.


Let's just see what can be done without Facebook:

You (pessimizer) have listed your email address pessimizer@xxxxxx .

  You have an HN comment history.
  Your email pops up in google under Arkansas
  You commented on a Django topic.
  I could infer your set of HN buddies (maybe not including myself now!).
All those methods are almost as bad as facebook for disclosing information.

If you use a pseudonym to hide from those - why don't you use a pseudonym as your facebook account??


I haven't listed my email, but I'm pretty sure people could work out who I was and where I lived from my comment history. But I am reasonably happy that the reward of not having to screen all my comments for incriminating info is worth the risk of someone figuring it out.

(edit with an example)

You make some good points, but I think there's a difference between having a few personal details about someone and surveillance. The clincher with Facebook is the amount of detailed information about the time and place that you are doing things, all in the hands of a single private entity. There's no telling what kind of analysis this data gives them and perhaps law enforcement (if not today, tomorrow?). For example, a few weeks ago there was a post circulating about how FB inferred the location of a photo without any location information in the exif data. Even if you use their ever-changing privacy controls to hide your data from people you don't know, Facebook still has access to all of it.

I've never used Django, I don't have any HN buddies, I haven't lived in Arkansas for 15 years, and you are currently replying to a piece of my very public HN history on HN.

Point taken, and partially agreed with, but the fact that facebook is systematically doing this about every aspect of every individual's life would guarantee that getting better info than you got about me, in a shorter time, would be trivial.

I meant no harm, and was just a 5 second google in a White Hat fashion. If you see some of the other posts on this topic, the same 5-second-google got some better results.

I imagine there are data-mining companies that are crawling the interwebs systematically to collect detailed information.

Facebook is the motherlode of course, no doubt about it.

No offense taken at all, and it's a good point. It's just that what facebook is doing makes random googling look primitive.

Fell, isn't using a pseudonym something FB allows? "Facebook users provide their real names and information, and we need your help to keep it that way"

Read their term http://www.facebook.com/legal/terms they are things like "transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook"

As Stallman pointed out in the interview, the scale of the monitoring is on a different level of what you can do manually. No matter how hard you try, you will not know what websites pessimizer has visited, FB got a list of his/her visits on any site that contains a like button (doesn't matter if he/she uses FB).

Beside the scale of information disclosed, that's how it can be used or not. I'm pretty sure I can decide what products are endorsed on my blog, not so much on FB, and if we visit pessimizer site, no one will now. On FB, they could use this information to know pessimizer better. Guilty by association ;)

I use a mangled pseudonym on FB, and entered a misleading DOB... how are they supposed to know?

Probably they have some common heuristics to spot a fake, but those cannot be too clever.


Re: Scale of monitoring

Does this not just make the haystack bigger for the same number of needles?

But none of that information is auto-profiled by a machine. That's already a big difference since it's not being sold/bought by companies or states.

It is auto-profiled in google and other indexers.


You (gldalmaso) don't list your email address, but you haven't used a unique username, so you pop up under twitter (your name is disclosed).

You have a StumbleUpon page which lists your age (27) and your hometown Flxxxxxxxxx, Brazil

You are clearly an Anime Lover.


This has all been automated, cached and waiting for me just to do a search.

Facebook has not been involved at all.

Now tell me who his closest friends are, tell me the odds of his being homosexual or belonging to a given political party, and what sort of music, movies and games he likes.

Sure, you could probably find that out by googling; but Facebook makes it significantly easier.

Saying that Facebook hasn't changed our privacy is like saying that firearms haven't changed the face of war. I mean, it just puts metal through your body just like a bow and arrows.

Woah there on the hyperbole! Using a war analogy is not the same as being correct: it breaks down too easily and ends up silly. Do you really care if you're shot with an arrow or a bullet if you are still killed??

I also don't want to turn gldalmaso into some sort of cruel hamster to argue a point. Suffice to say the poor guys twitter feed is completely open. You or I could easily deduce all the answers to your questions based on his past tweets and followers.

If he didn't use twitter, then I could use blog comments.

One thing that he mentions in the video is the fact that Facebook Like buttons are everywhere. They can track many of the sites you visit.

A google for "firefox facebook blocker" returned:


A simple grep of your HN comment history shows equivalents to 'Like'

How is Facebook worse than this??

I think the point is that the simple presence of a Like button tells Facebook that you've been there. You don't have to click it, you just have to load it. HN comment history is active participation.

Ok, so I see the point that the websites you visit invite Facebook tracking onto their pages.

But one can trivially block these autoinclusions.




My work's firewall directs Facebook.com and Twitter.com to /dev/null . This stops all such tracking.

Individuals could do their own blacklist via Greasemonkey / Charles proxy equivalent.

And that's exactly what some of us do. But there's no way you're getting all of your facebook friends to do the same. Facebook can build a profile on you based on your friend's tracking data. Whether it'll be accurate or not is mostly a technical question - whoever looks at it will assume it's accurate. There are a lot of nefarious uses for this information and there's no useful way to opt out right now, short of not having created a facebook account. Hence the whole "mass surveillance" bit.

The leakage of information by friends is a problem.

But it is not a problem owned and invented by Facebook, it is any network.

> From Stallman's blog & email history on newsgroups I could work out:

The problem is: FB has all these things together: blog, e-mail, network of people and surfing habits (inside FB, at least). For you and recursively for each friend of yours.

And they don't even have to try hard. It would take effort to track down this information manually from blogs and such; Facebook just has it. Don't underestimate what a difference convenience makes.

There are people who are uncomfortable about the intrusions of various websites, but who use those websites anyway. These people "just" need a better alternative to switch.

But I have no idea what to do about the people who just don't care.

For example, OKC recommended a person to me recently.

EDIT: Redacted a bit more.

She lists her blackberry pin; her facebook account; an email address; her cell / mobile phone number; and her twitter account.

That's enough information to find her profiles on a wide range of websites.

Even though you redacted that information it's quite easy to find that person still because of the poor spelling and grammar. Perhaps you should remove it.

Yes. You're right. I have done.

You'd be surprised to see how easy is to find all that with just the OKC username. Lots of people use the same handler for all kinds of services.

Is it true that sites with a facebook like button send the IP address of hits back to facebook?

The webpage doesn't send IP address, your browser contacts facebook for the icon and hence sends IP address and cookies to facebook, in the same way that image hotlinking would work.

Remember it's not just IP address, but could be cookies. Facebook can set a cookie that will be stored in your browser and will be sent to facebook each time. So if your laptop moves around, then the facebook cookie follows you.

Since this is at the browser level there are browser extensions that will block this for you if you want.

The cookie issue doesn't exist for Safari users as it disables third party cookies by default. I don't know why all browsers don't do this. I've been disabling third party cookies in my browser for years and have never come across a website that it breaks. And if Apple can do it without people complaining, I'm sure Mozilla/Microsoft can too.

I prevent the IP address leak by using the Firefox addon RequestPolicy to block cross-origin requests.

I could be mistaken, but that feature only applies to the creation of cookies by third parties.

If you visit facebook.com, a cookie will be set, then later when you visit another site with a facebook widget, it WILL send that cookie that was set earlier when it wasn't 3rd party.


I don't believe this is the case. Even for iframes, the third party cookie rules come into play.

You can also just null out www.facebook.com in your hosts file and be done with it.

The widgets aren't served by WWW. Try something like to block everything:

  # Block Facebook www.facebook.com facebook.com login.facebook.com www.login.facebook.com fbcdn.net www.fbcdn.net fbcdn.com www.fbcdn.com static.ak.fbcdn.net static.ak.connect.facebook.com connect.facebook.net connect.facebook.com www.connect.facebook.net apps.facebook.com
You can also block the widgets without the site (I log in from time to time but haven't seen a widget in a very long time). These days the like buttons are served from connect.facebook.net I believe.


Well it can be way worse than just a simple IP. When you ask for a picture your browser send a bunch of infos about you that can be dangerous because it gives a footprint. If you want to see that go to that page ( hosted by EFF) it shows you how it can be used to fingerprint you: http://panopticlick.eff.org/index.php?action=log&js=yes

Also there are other attacks that can be used to go even further using for example browser cache. The browser cache has a field that can be set by the server and generally is the date for the expiration of content you are asking. But... when first designed it accepts a random string, so for example an UUID... This cache cannot be cleaned with normal procedures and you are tagged without your consent.

Other techniques can be used with Flash and cookie revival has been actively performed by companies like Quantcast. (look it up on the net)

So... what Mr. Stallman has said is true to an extent that only few people know and that's a pretty big deal.

If the like button is hosted on Facebook, your browser requests it from there when you visit the page. So the site doesn't have to do anything except include an img tag with a Facebook url in it; everything else is a consequence of how the internet works.

Google Analytics creates the same problem. This is why I use server side analytics instead. I don't want to send a list of everybody who visits my website to Google.

What do you use for those analytics? Is it something you built or a third-party thing?

My guess is that he is using Piwik (wikipedia has an entry), as that is the best OSS package that I know of. It's LAMP-based, so YMMV.

RMS: "Free software literally gives you freedom in the area of computing. It means that you can control your computing. It means that the users individually and collectively have control over their computing. And in particular it means they can protect themselves from the malicious features that are likely to be in proprietary software,"

Open-source, proprietary or not, gives you control over your computer compared to closed-source software. It's not free software versus proprietary software.

Free software goes beyond open-source, and besides safety gives you freedom.

“The Anonymous protests for the most part work by having a lot of people send a lot of commands to a website, that it can’t handle so many requests. This is equivalent of a crowd of people going to the door of a building and having a protest on the street. It’s basically legitimate."

No it's not. This is just a few persons coming in buses and stopping the entry. If you want to equal it to protest then all the requests have to come from real people, not some bots.

I'm also not agreeing with this: "I won’t use the non-free software at all! I dedicate my effort to getting away from it! So if they stop making it – that would be great!"

This is ridiculous. I understand that the current IP legislation is a load of crap but trying to get ALL software to be free is absurd. How are developers going to live? How about groceries? Can I pay for that? Or that should be free as well?

This is ridiculous. I understand that the current IP legislation is a load of crap but trying to get ALL software to be free is absurd. How are developers going to live? How about groceries? Can I pay for that? Or that should be free as well?

A few points:

1) To Stallman, having the 4 Freedoms[1] to any software you acquire (paid or not) is an Human Right. And of course, you don't violate human rights just because it employs some people. So your question is completely irrelevant to him.

2) It's Free is as in Freedom, not Beer. You can charge for free software and in fact he encourages you to charge as much as you can. Of course, any of those buyers might start distributing it for free, but on the other hand, people could have also bought the Humble Bundle for almost nothing and yet they chose to pay a decent amount.

3) You're discounting the software - possibly most of it - which is produced either in-house or by a company contracting with another to write it. If a company needs some software which doesn't exist yet, or to add some feature to an existing FOSS package, they'll pay.

In fact, I have friends which work on a company which makes money by adapting Free Software to others' needs.

4) You're leaving out value adds. Red Hat makes money, despite CentOS. Reddit makes money, despite having a repository with all the code. If your software depends on a service, you can give away the software and charge for the service.

[1]: https://www.gnu.org/philosophy/free-sw.html

I agree that you can not always compare a DDOS to people blocking a street. I think there's 2 reasons for this.

1) If you are busy protesting by blocking a street this causes you inconvenience as you can only physically be in one place at once. Whereas leaving your computer on to DOS while you go out to a bar isn't exactly a hardship.

2) Many of the DDOSers would not even be remotely aware of what they are doing , see the JS worm that they used recently.

This is ridiculous. I understand that the current IP legislation is a load of crap but trying to get ALL software to be free is absurd. How are developers going to live? How about groceries? Can I pay for that? Or that should be free as well?

You've just opened up a huge topic there, has been discussed on HN lots of times and while I have seen good arguments for copyright-less software in many areas (OS kernels , web frameworks etc) there are others where I don't think anyone has thought of another viable business model (at least not one that isn't even more freedom restricting in some way).

Some would argue that these areas should just disappear or be done only by hobbyists but I think I would miss professionally produced video games for example, indie or AAA.

To clarify though, I doubt that Stallman would support Anonymous or people who want to pirate software. To him any software that is not libre is irrelevant and should be rejected regardless of monetary cost or who distributes it.

> 1) If you are busy protesting by blocking a street this causes you inconvenience

You only have a finite amount of bandwidth, and you have to decide how much to use for DDOS and how much for your own use, so, in a way, the analogy of street blocking still holds there.

That's true but with a physical protest you don't have that choice, you pretty much have to be all in (not to mention putting yourself at risk of physical harm by counter protesters or police etc).

Also I don't think where we're at the stage yet where losing your whole internet connection temporarily (or just having it slow down) are that much of an inconvenience to life.

If you have a 10Mb pipe and you could use 90% of it for DOS for an entire day without noticing much inconvenience (unless you want to use torrent or stream HD video).

In according to his view on this we shouldn't pay for groceries because you don't know how they were grown. Everyone should get a farm and get his own vegetables, mine his own minerals etc. Saying that all software should be free is absurd.

I suspect his argument would be more along the lines of when you buy say some potatoes, you can do what you will with them.

For example you could plant them in the ground and use them to grow more potatoes or you could chop and fry them into chips, bake and serve them with with chilli etc.

His issue is not really with the cost of software (that is more a side effect of the GPL). He takes issue with the fact that with software you often have artificial restrictions in use and that the manufacturer may include features that are not to your benefit (e.g DRM , spyware , adware) and you can not remove these without breaking the license agreement.

He would liken this more to buying some potatoes that can only be legally used for one purpose and if you wish to use (physically identical) potatoes for another purpose then you must pay a higher fee.

The commercial issue with the GPL is that if you give people the rights to distribute as they see fit there is guarantee that they will give anything back to the original author.

Personally I would love to get applications with source code available that I can modify as I wish (or just fix bugs) but would require that the original author was paid a fee upon re-distribution (of original or modified version) to someone who did not already hold a license. I see this as a very good compromise in many cases.

The problem with this of course is that if I did wish to distribute the software to an unlicensed person then I could easily remove any copy protection methods prior to doing so.

In such a case ironically the best solution might be stronger copyright legislation to protect the rights of open source but non gratis software developers.

Again - Free as in Freedom, not Free as in Price.

"“Free software” does not mean “noncommercial.” A free program must be available for commercial use, commercial development, and commercial distribution. Commercial development of free software is no longer unusual; such free commercial software is very important. You may have paid money to get copies of free software, or you may have obtained copies at no charge. But regardless of how you got your copies, you always have the freedom to copy and change the software, even to sell copies."[1]

So yes, you can farm your own vegetables. But you shouldn't accept that you buy a potato without being able to plant it to make more potatoes. (Ironically, you should check back on that with Monsanto, though[2]).



Oh look, it's that tired and misleading argument again.

The Free in Free Software stands for freedom. He is not making a statement on pricing, but on liberty.

Furthermore, I must say that his DDOS argument is a lot more valid than you give it credit. After all, it IS possible to DDOS a site without malicious intent, just ask any celebrity on twitter who tweeted about a site he or she liked. And who is to say that some protests today don't consist of people who have been either paid (western countries) or forced (eastern countries) to attend them?

> it IS possible to DDOS a site without malicious intent

The whole point is to temporarily break a server someone's paying money for.

Then let me rephrase: It is possible to DDOS a site without leaving a trace that clearly shows malicious intent and thus establishes criminal liability. So while most DDOS attacks are indeed motivated to destroy, they are not the clear cut crime that some would like them to be.

I'm not taking sides here, it just occurred to me that portraying DDOS attacks as definite cyber terrorism is a problem in the discussion we have today and I think it's a slippery slope, similar to the "piracy" argument we hear so often.

I wasn't defining DDOS as cyber terrorism merely saying that it's /not/ the equivalent of protesting that Stallman makes it appear. Not in the way Anonymous did them anyway.

And I was not saying that you did - I was replying to another commenter and didn't even claim that he did.

The problem with getting worked up about DDOS is that it isn't technically possible to make a clear judgment from it - that's what I was stating. Let me put it like this: A real-world protest can be thousands of people standing in front of a building and thus making it hard for them to do business or it can be smashing in their windows. A cyber protest can be linking thousands of people to an article on a website that you don't like and reducing their quality of service - or it can mean causing their servers to melt.

There are shades of gray in this discussion that you exclude and it is not doing the nuanced point that Stallman was making justice.

"Liberty", though, also means that the price is zero. You can have free (as in beer) but not liberty software, but you can't have liberty software that is not free as in beer.

I.e you can sell the software, but anyone you sell it too has the right to just give it away for free.

What people don't seem to get, is that with Free software you get paid for the work done, not some shrink wrapped product that you resell. This is especially relevant for highly customized software. Almost all the code I write is GPL licensed and yet I get paid for it.

That you "get paid for the work done, not some shrink wrapped product that you resell", can be a problem IMHO, because a shrink wrapped product that you resell is both the best way to make money off your work and not be a coding wage slave/contractor.

Paid for OSS means less software shops, to be replaced by a few developers paid to produce some OSS (say, RedHat paid employees, people paid to work on the Linux kernel etc) and most other developers just paid to integrate and customize it (say, programmers from startups to huge enterprises using RedHat).

Actually no. He is making a statement exactly on pricing. You've got the liberty not to buy it. But he's asking ALL software developers to stop making software for money. How is that freedom? "So if they stop making it – that would be great!"

No, that's not what he was saying at all. He said people should stop making proprietary software. Whether or not a software is free as in freedom or proprietary has nothing to do with price.

Right, the pricing is more an implementation details of the licensing but of course in the real world(tm) it is an important one.

You do realize that people sell GPL'd software all the time, right?

No, the ones that employ more than one or two people and make decent amounts of money sell services related to GPLed software. (In a world where everyone had proper Internet connections, we wouldn't have companies selling GPL software on physical media at all.) This probably isn't profitable in many cases, especially when distributing directly to the consumer rather than building a product for other business.

There is another special case, but it's selling software in spite of the GPL; home routers, set top boxes, etc. Were they to use GPLv3 software, they'd have no way to protect against another company using their (potentially substantial) work on the software, building/copying the hardware design and creating cheap knock-offs within a few weeks of release, making it too costly to continue.

If a group of companies and individuals wanted to come together to build a new router platform where all would contribute back to it, but they could differentiate themselves on edge features, management interfaces, etc, the BSD license is good enough; and probably a better bet than the GPL.

And the practical differences are?

I think he just described some.

There seems to be a phenomenon on HN of hardcore anti-copyright or pro-piracy posters who reply antagonistically to posts that they appear to have either deliberately misread or not read at all.

The discussion is about the statement: "But he's asking ALL software developers to stop making software for money"

That is blatantly false. Who gives a shit if they are selling software, or selling "support" for software? Either way people are making money with GPL software.

There seems to be a phenomenon on HN of absurd pedants deliberately derailing conversations.

My post was a reply to:

"You do realize that people sell GPL'd software all the time, right?"

You specifically said sell and I asked for examples.

As I said, pedants derailing conversations. The most popular way seems to be selectively ignoring context.


So sue me.

Can you name a company (or a part of a company that is a profit center, or even an indie developer). That makes it's money primarily from selling GPL software?

Software that used to be sold commercially but was subsequently GPL'd , starving artist type programmers scraping by on donations (i.e earning significantly less than the median programmer salary for someone of their skills) or companies that produce GPL software but make money selling either support or software/hardware based around their GPL software (that itself is not GPL) don't count.

Why wouldn't they count?

Companies that sell software generally have services divisions as well. My company sells software for large amounts of money, and we have a separate division of the company that sells services.

If a company exists to make money, why would you discount one of their profit centers as invalid because of another of their profit centers?

Many software companies don't have service divisions, or have a service division that consists of people answering the phone and providing basic "talk you through the installation" type support.

I assume that the software your company sells for large amounts of money is not GPL , if it is pure GPL I would be very interested to know who they are and how they manage to get people to actually pay for it when they could just download it for free online.

If a company exists to make money, why would you discount one of their profit centers as invalid because of another of their profit centers?

That's not what I'm saying, what I'm saying is that I've never seen a company create GPL software as a profit center in itself and I really can't think of a business plan that would make that feasible.

Sourcefire does almost exactly that. Their software is open source and you can download and install it for free.

They sell licenses and services, and you can pay for quicker updates to firewall rules and the like. As commercial customers, you can have their software engineers onsite tuning things to your environment, etc.

Covalent is a company that sells Apache. Obviously, they didn't manufacture Apache webservers, but, like Xamp or Wamp, they sell value added bundles that include Apache configurations pre-compiled with PHP or Perl or what have you.

Again, they also have a services division, but I don't personally know much about it.

For the record, no, my company does not sell GPL software. It was proffered as an example that non-GPL-based companies rely on both software sales and services, and it doesn't really matter whether or not the software is GPLd. I don't know why you'd hold it against RedHat that their software is freely downloadable when they're still selling more than a few copies of RHEL.

Sourcefire are selling services based around a GPL product.

Not so familiar with Covalent but it appears they have some things available as GPL but if you want all the enterprise features then it isn't GPL.

Redhat is the same really, they also make their money from support. I believe you need to buy RHEL if you want the support from them, although this might have changed now.

I never suggested that GPL cannot be part of a business plan , I was just disagreeing with the statement that there are companies that sell GPL software, in all cases I can find what you are really paying for is something else not the software itself.

My point is more that there are many areas of software that this does not work in , games or most consumer software being an example.


"Using the ordinary GPL for a library gives free software developers an advantage over proprietary developers: a library that they can use, while proprietary developers cannot use it."

You can 'buy' RHEL without buying a services contract.

Sourcefire SELLS the product, flat out. If anything, they're more of a 'freemium' offering where the free product is a GPL product, and the 'premium' is a faster release cycle for patches / upgrades / definitions.

Covalent sells Apache. I've dealt with Covalent products at a number of federal installations, and I've never once seen a Covalent services rep. If their aim is to sell services, they're not doing a good job.

There are a cornucopia of other examples as well, but these are the three most fitting the description you claim doesn't exist. They do in fact exist, and are making money selling GPL software. That they also have services divisions has nothing to do with whether or not they're making money from selling software.

Apache is licensed under the apache license , not GPL.

This is an important distinction as I don't believe they could do what they do under GPL which is provide proprietary stuff on top of the open source core.

Sourcefire is selling the faster access to releases of rulesets etc, the GPL software is simply the carrot.

RHEL contains software that is not GPL and I doubt that they would stay in business without selling support.

The GPL license was designed specifically to stop people developing proprietary software on top of GPL software.

Apache is Apache licensed. Fair point, but I didn't understand that to be relevant to your initial statement (or the statement that kicked off this discussion.) If we intended to be discussing only GPLd licenses, then yes, you are correct.

As for the other two, you're still picking nits. The companies wouldn't exist without the software, and they sell it. There's still no good reason for WHY you would discount them as being irrelevent just because they're also selling other services.

Well IIRC the conversation started as a discussion about the difference between gratis and libre software as espoused by Stallman (original author of the GPL).

The crux of my argument is that with most current OSS licenses (GPL especially which is what Stallman advocates) companies can only be commercially viable by supplementing their OSS offerings by providing other products that are proprietary (i.e you are not free to redistribute) or by providing additional services on top.

I think it is a stretch to say you are selling GPL software when what people are paying you for is actually something else that is supplemental and if you didn't provide the extra then they wouldn't pay you anything. There are many good open source based businesses that is not in doubt but equally there are entire parts of the software business that simply couldn't practically release their flagship software under GPL, the games industry of course being the biggest example that springs to mind.

They don't count because they are not selling software. They are selling something else and the software is essentially a byproduct.

This means that there are categories of software where GPL does not really fit at all, games for example.

You're technically correct, burgerbrain made a poor argument.

GPL software is in no way a barrier to earning money. It's, in fact, crucial to most software today, even if indirectly.

Not sure I agree.

Your correct that a huge amount of software today uses libraries that are distributed under some form of libre licensing although in most cases this is LGPL , BSD or Apache style licenses rather than GPL. Sure perhaps they run some stuff on a GNU/Linux server but in most cases this could just as easily be a BSD , Solaris or even Windows server.

There are many types of software where GPL is absolutely a barrier , namely just about anything where the software is the end product. For example pretty much any video game or for example Adobe Photoshop/Illustrator. Some products simply don't lend themselves well to selling support , very few people are going to pay $1/min to get help running a program that is simple enough to figure out on their own from reading the manual and that should 99% of the time just install and run especially if it's not something mission critical that requires 6 nines uptime.

> Sure perhaps they run some stuff on a GNU/Linux server but in most cases this could just as easily be a BSD , Solaris or even Windows server.

Could be, but isn't [1]. There's a bunch of embedded GPL code in routers and various little bits of all kinds of systems that enable our current lifestyle, too.

I won't argue that for most (though not all) actual software intended to be sold, GPL probably isn't the best of ideas. But that doesn't prevent earning money while using GPL software.

[1] And certainly hasn't. I won't overlook the historical effect GPL'd code has had.

> This is ridiculous. I understand that the current IP legislation is a load of crap but trying to get ALL software to be free is absurd. How are developers going to live? How about groceries? Can I pay for that? Or that should be free as well?

Some business models are impossible without slavery. Does this mean slavery should be allowed?

Stallman's argument here is the same: if the particular software you make can't survive financially without abusing people, then you shouldn't have a right to make that software. And he considers all proprietary software to be abusing people's human rights.

So if you want to counter him, saying that it will put developers out if work is no more valid that saying that abolition of slavery is bad because of the financial hardship it would impose on the cotton industry.

To counter Stallman, you have to come up with arguments showing that non free software does not abuse its users.

you are confusing FREEdom with free price and they are not the same..

let me give you an example the first few pieces of FSF software was distributed by RMS by computer tape and he charged for that and that revenue paid for his living expenses.

The other big example is Redhat/JBoss..everyone of their workers get paid through services charged..

Except that it is completely voluntary.

No. It's completely "voluntary" and the quotes are important: if your whole social environment standardizes on a platform, you're an outcast if you don't step aboard. If your professional environment standardizes on a platform, you're an outcast if you don't step aboard.

It's only actually completely voluntary if you have infinite money and no issue (and no repercussion from) completely dropping whole social and professional circles out of your life.

And that still requires the network/system is honest about it[0], when Google automagically creates a G+ account for you when you sign up for (supposedly) unrelated services or forces you to create one to access other content, "voluntary" is really debatable. Again, unless you have no issue shedding whole social circles instantly.

[0] http://arstechnica.com/gadgets/news/2012/01/google-doubles-p...

I don't know if I've ever really bought into this. I've yet to hear the story of the individual who lost all social ties because they quit Facebook. I made the decision about a year ago, due to excess wasted time on the site and have yet to face any real negative side effects to doing so.

People were social long before Facebook was around, and can remain so without it. Even with an account, the information you share on Facebook is voluntarily given.

I think what Facebook has done most effectively is given people the illusion that their lives are somehow more social because of it.

It's not as if it's either/or. Clearly it is true that new technologies -- say, for example, the telephone -- affect our social lives. Consequently, abstaining, for whatever reason, from using those technologies will affect your social life. To what degree and in what manner totally depends on the individual involved, the technology itself, the way it is being used, etc.

However, one thing is certain, I think. Some technologies may have a transformative effect: The fact that you could act in manner X to get result Y before the technology gained widespread use does not mean you can continue to do so after it has. I'm sure this was true for the telephone, and I'm pretty sure it's true for Facebook and its replacements.

I think its both. While it may be possible in your group of friends to quit Facebook, it might not be so for other people. Imagine quitting the telephone. People were social long before the telephone was around, and can remain so without it. I know that quitting Facebook wouldn't harm my socialization too much, but quitting the telephone probably would. I can imagine people for whom quitting Facebook would have similar effects as me quitting the telephone.

I know a few people who haven't been invited - or have found out too late - about events because they were organised on Facebook and they're not on it.

Those same people are regularly out of the loop in conversations their friends have on Facebook, which at times makes them feel a little isolated.

I've heard of one person who made a huge social faux pas because they couldn't read about someone's breakup on Facebook.

The same are all true of some people I know who live on LiveJournal.

Facebook is a great tool for socialisation, and because of that a lot of people use it. When your social circles use it heavily and you don't, you miss out. Yes, you can do all that socialisation outside of Facebook, but the fact remains that a lot of people don't, and you can't really choose how your friends socialise.

It's not an absolute. You're unlikely to become completely socially ostracised because you're not on Facebook, but it can certainly make some peoples social lives more difficult not being on it.

There /is/ social pressure for some people to use Facebook.

We need more people making this point. How did we manage to socialise up until a mere four years ago? It's still possible today without Facebook. People who say they can't quit Facebook are like people who say it's too hard to quit smoking. No, you really can. You just don't want to.

That's not strictly true; you have to consider the entire system, not just the individual. It's not like only you picked up this new tech and can therefore, if you will it, drop it. Everyone else in your social circle needs to, as well.

It's the same as asserting that people can communicate without phones, or that they can get news without the internet, the phone or newspapers. Sure, they can, but it's incredibly inefficient, exponentially so when everyone else still does.

(I've still managed to stay away from Facebook, but, then, I don't have many friends.)

> you're an outcast if you don't step aboard. If your professional environment standardizes on a platform

Although employment and social circles DO limit your range of actions, you accept the tradeoff voluntarily in exchange for benefits. You can find a new job or people to associate with if the benefits do not justify the cost, without your employer or friends being able to legally threaten you with violence. On the other hand if you refuse to allow surveillance or investigation by the law, they are authorized to use as much force as is necessary to seize your property, imprison you, or execute you. It's completely voluntary in that regard.

"Voluntary" can be viewed as an antonym for "coerced", where coercion implies an underlying threat of violence. Forced denial of an individuals life, liberty, and property can be construed as violence or coercion. Such properties do not presuppose the presence of another person or governing body, so may be considered intrinsic to the individual. However, employers or friends denying the deliverance of their property or empathy to you cannot be construed as violence or coercion. Such exchanges presuppose the presence of multiple people, and therefore cannot be considered the denial of a property intrinsic to one individual.

I agree. I've certainly personally paid a large price socially for leaving Facebook (after the photo recognition scandal) and professionally after leaving LinkedIn (after the advertising incident).

So? If this is a problem, sign up with the minimum amount of information necessary. (Which, as of time of writing, is first/last name, email, gender, and DOB.. and the DoB doesn't have to be legitimate)

You are not forced to share anything. If you want to use Facebook as strictly a messaging platform, there is no negative effect for doing so.

Characterizing it as "surveillance" is RMS's typical good-natured extremism.

There are lots of people for who name and gender are hot topics.

And with the "Like" buttons you /are/ forced to share your browsing history (no, being able to circumnavigate it by blocking it doesn't count)

..And if it's that much of a hot topic for you, you don't sign up. Or use fake info. Who's going to know, as long as your name isn't Clark Kent with a picture of Superman?

Also, singling out Facebook for what every advertiser cookie has done since the mid 90's seems a bit silly.

The thing is that surveillance should be reserved to people who lived under something like the Stasi regime and had to risk their life to escape.

You only have to pick up the phone instead of using the computer.


G+ doesn't change the surveillance situation at all. I have a G+ account and I don't do anything with it. Google doesn't have any additional information.

I agree that people voluntarily join Facebook, but expectations are important. If I volunteer only to realize your intentions were far removed from my expectations then we have a problem.

Imagine I start a FREE postal delivery service for writing letters to your friends. But when your letter shows up at the destination, it is full of advertisements that I hand picked for your friend based on the content of your correspondence. Oh yeah, also the police asked for a copy of the letter. Oh yeah, and we also showed the letter to a bunch of your other friends because we changed our delivery rules and figured you wanted to opt-in. Didn't think you would mind.

But you can't complain. The service was free and you signed up voluntarily.

I'm neither pro / con on the Facebook thing. I never know when the real world rules should apply to the electrons. I think we are just making it up as we go.

Signing up and using facebook is voluntary. But how do you deal with other people signing up and giving facebook information about you? These people certainly don't have malicious intent, yet the end result is that facebook has a pretty good profile of me even though I've never once signed up for the service. Off the top of my head, they have:

My personal email. My work email (can infer where I work from this). Many of the people whom I know who searched for me on facebook. Highschool friend links (can infer my highschool and possibly even age from this). I know for a fact that they have photos of me tagged with my name.

I didn't authorize any of this, yet there it is. Never before has it been so easy to aggregate this sort of information, or perhaps even possible.

You have to do extra work to opt out of Facebook tracking, though. At least your IP address will be tracked everywhere if you don't block Facebook somehow.

just imagine the legal consequences if establishing a connection to your computer wasn't regarded as being voluntary

Considering that Facebook has been caught tracking people without Facebook accounts, I won't go so far as to say that it is completely voluntary.

well it depends on if you can or can't know in advance if you are tracked on some website. but if you are worried of tracking there are allready available solutions to that problem . like proxyes, but that is another safety hazard by itself. world is not necessary a safe place.

True, but you shouldn't have to know in advance. It should be illegal for companies to track you; especially companies who you do no business with.

People can be tricked into giving away absolutely everything. As Facebook so aptly proves.

It still happened voluntarily. I'm not saying that this means that it is therefore morally good, I'm just staying that there is a qualitative difference between facebook and the secret police terrorizing people in dictatorships.

What has to be noted here is that this is published on Russia Today. From my understanding of it, it tries to offset the US crazies like Fox and its ilk...

RT happened to have the longest and most full presentation of the interview that I could find in a minute. I originally saw this in Free Software Magazine which linked to this piece http://www.deccanchronicle.com/channels/sci-tech/others/rich... but it seemed too short for HN.

Now (regarding other more strong notes on this thread) - Stallman has his opinions and he supports them in a very logical way (albeit a bit too passionate). Moreover, he tries to support personal freedom, which in my books is more of an American value than anyone's else. So, trying to dump the real issue here by referring to what RT may be (according to what sounds like post modern cold war psychosis) is at least cheap propaganda.

To me RT is a Kremlin mouthpiece giving a voice to obscure anti-US and anti-EU voices. At one stage is was nothing but 24 hr anti-Georgia propaganda.

I've seen the BBC and other western media quoting some random unknown Chinese or Russian intellectual and giving them the world stage because they agreed with the western perspective on China or Russia.

There are a lot of people here who don't seem to understand you can earn money and a good living with 'free' software.

The term 'free' is very misunderstood in this context. Its free as in freedom/free speech, not (necessarily) free as in beer.

Although sometimes (most times) its both. This doesn't stop you using it to earn a living. It allows you to freely use and modify it to your own purposes. Contrast that with non-free (i.e. locked, obfuscated and proprietary).

I've written freely available stuff that people have (never the less and willingly) paid me rather handsomely for the privilege of using or modding to their own needs. They didn't have to, but people can be inherently decent that way.

I could have made it entirely closed and I think I'd have made less out of it if I had. I would have had to market it for a start -- and that's a fucking headache. I'm not a salesman and don't want to be.

Anyhow, Stallman is 100% right. Everything he's been warning us about for years is already upon us. With much worse to come.

Stallmans reminds me of Ted Kaczynski unabomber. (no offence) similair world view, he doesn't care of inovation because probably thinks that it leads to more controlled society. both are Neo-Luddites. only Kaczynski was more radical in his actions. If you want more of the same I suggest you read unabomber manifesto http://editions-hache.com/essais/pdf/kaczynski2.pdf

The creator of Emacs and gcc is a Neo-Luddite and on the same side as unabomber?!! Apparently there is some kind of nth humor level involved here that I can't really comprehend.

yes, what is your point? for fighting technology you can use technology. (and im not saying that he was neo-luddite allways)

No offense but you're implying it and my point anyway is that it's somewhat weird (if not anything worse) to draw parallels with unabomber just because Stallman said what's just obvious to anyone but Facebook addicts.

For better or worse there is a growing danger in FB regarding the tons of personal data that the same users would just never give away if it weren't for FB. He is just trying to make users aware of that. He's certainly not the first to do it and hopefully not the last. Also he said nothing that could be interpreted as innovation stopper.

Out and over.

To be honest I didn't see the video but even if he said that he should be "punched" for the reasons where he bases his opinion and not the opinion itself (unless "innovation" is a divine truth that we must accept no matter what - DDT was innovative at its time but it was no good). Moreover the transcript reads: “With software patents the US has become a dangerous place for software development, including innovative software development, because when a program is innovative, that means it has some new ideas in it. But it also has lots of well-known ideas in it. A large program combines thousands of ideas. So if you have some new ideas and you want to use them, in order to use them you have to combine them with a lot of other ideas that are well-known. And if you are not allowed to do that because those other ideas are patented, you can’t use your new idea,” not exactly hostile to innovation.

Anyway - he is Stallman and he's known for not being extra diplomatic or even smart at politics. Like you, he speaks the way he feels - point is that IMHO there is a growing problem with all the data that we - FB users - carelessly upload.

(Moreover I'm not convinced that FB has all that much to do with innovation any more but that's an entirely different conversation.)

PS: Sorry if I sounded hostile but the unabomber reference drove me mad. My bad.

PS2: this was supposed to be an answer to a comment that's not there any more - anyway.

Amazing, how discussion involving that person bring out people failing to see things in context, some absolutist blindness.

What "tons" of personal data? I doubt I could myself collect tons or personal data about myself, not to mention data that would be dangerous.

Amazing indeed.

I bet that you're quite computer literal yourself (hard to suppose otherwise since we're talking through HN) so as to be quite cautious as to how much of yourself you'll expose on the net. Unfortunately most people aren't plus they are quite good at documenting their lives (photos,videos,writings, etc) and linking in with people they know and share data and the like.

That's "tons of personal data" - it's not an absolutist firework but it's the main reason that gives FB such a high market value. AFAIK FB is considered a gold-mine in terms of highly targeted advertising and marketing that's because it hosts "tons of personal data" of high granularity and of high relevance to the real identities of the people uploading it. Otherwise wordpress for example would be considered of at least equal value with FB.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact