TACO Extension for Firefox Forked After Proprietary Update

← Back to Stories (view on slashdot.org)

TACO Extension for Firefox Forked After Proprietary Update

Posted by Soulskill on Friday June 18, 2010 @09:31AM from the way-to-commandeer-taco dept.

rtfa-troll writes "Beef Taco is a Firefox extension that allows a mass opt-out from tracking and targeted advertising by many ad networks. The Register reports that the original system, TACO, has become proprietary, and has added new 'features' best described as bloatware. I guess this should serve as a warning for users to always prefer software under a copyleft license where possible. If Google had chosen a license with better protection, such as the GPL, when it released its own opt-out tool, this problem would have been much less likely. This also shows why forks are so important when software development begins to get messy."

35 of 139 comments (clear)

GPL better exactly how? by fotbr · 2010-06-18 09:36 · Score: 5, Insightful

Google released theirs with the Apache 2.0 license. Someone else took that, re-wrote (apparently significant) portions and released it with a different name. THAT PERSON then sold it to a company, who then decided to bundle a bunch of for-pay stuff with it. People didn't like it, and forked the previous version.
Exactly HOW would the GPL have been better? There's still a fork of the last "good" version, which you can use if you like.
1. Re:GPL better exactly how? by Hatta · 2010-06-18 09:49 · Score: 5, Informative
  
  Someone else took that, re-wrote (apparently significant) portions and released it with a different name. THAT PERSON then sold it to a company, who then decided to bundle a bunch of for-pay stuff with it.
  Had this been GPL, the person who rewrote significant portions of the software would have to have released his derivative works as GPL. He could have sold his portion of the software under any license, but the work as a whole would have to be GPL. The company that bought the rights to the software would have to remove any GPL portion, or release the entire thing (including proprietary addons) under GPL.
  
  --
  Give me Classic Slashdot or give me death!
2. Re:GPL better exactly how? by unix1 · 2010-06-18 09:49 · Score: 2, Informative
  
  Exactly HOW would the GPL have been better? There's still a fork of the last "good" version, which you can use if you like.
  The company would have to release the source code (because it would have been a derivative of a GPL software), so their users would know exactly what was added. Then, they could make an educated decision whether to upgrade and continue using the product, or find an alternative/fork. Some would qualify this as "better."
3. Re:GPL better exactly how? by nunojsilva · 2010-06-18 10:09 · Score: 2, Insightful
  
  As said by others, this would force the proprietary version to be released under the GPL.
  Now, about how much better that is, it would allow you get the newest version and strip off any bloatware. Instead of just forking, you could maintain kind of a parallel fork, stripping each new release, or incorporate useful enhancements in Beef TACO.
4. Re:GPL better exactly how? by abigor · 2010-06-18 10:16 · Score: 3, Insightful
  
  Yeah, I know that. Let me rephrase: why is it so important to force the proprietary version to be released? It makes no difference. The original code is still sitting there.
5. Re:GPL better exactly how? by Kjella · 2010-06-18 10:19 · Score: 4, Insightful
  
  But you're also making the assumption that if the code was under the GPL would he have bothered to rewrite it since the sales value would have been near zero. There's no guarantee there'd be more open code using the GPL, there'd possibly be one less proprietary competitor but the Google explicitly released it under a license that permits it and I doubt they're so incompetent they didn't know it. If Google don't like it then it's their own mistake and they'll choose a better license next time. If they don't care, then this is just someone in the open source community being butthurt over code they didn't get the same way the MAFIAA is over a sale they didn't make.
  
  --
  Live today, because you never know what tomorrow brings
6. Re:GPL better exactly how? by Goaway · 2010-06-18 10:19 · Score: 3, Insightful
  
  More realistically, it would force people to rewrite the GPL'd parts when making it proprietary. You'd still be in the exact same situation.
7. Re:GPL better exactly how? by Changa_MC · 2010-06-18 10:46 · Score: 2
  
  They based their proprietary version off the work of people they did not pay who had released it into the wild. Under the GPL, they would owe the community something. As it stands, they owe nothing.
  Those who believe that the original copyrighted work had some value, believe the folks who took the work and modified it ought to owe something.
  
  --
  Changa hates change.
8. Re:GPL better exactly how? by erroneus · 2010-06-18 10:47 · Score: 4, Interesting
  
  I'll field this answer. There is more to it than what a commercial/proprietary interest will not be able to "take" from the community. There is also the moral, ethical and even emotional/spiritual aspects of F/OSS that need to be guarded. I don't use "spiritual" in the religious or supernatural sense either. I mean the "spirit of" meaning sense of the expression. When some people are working to build something and then some jackass comes along and uses it to make his fortune, it really takes the community spirit out of a project. It is rather like "RebelEFI" versus EmpireEFI. EmpireEFI is a nice project. RebelEFI has tainted it with their motives and their generally deceptive and selfish nature.
  So while it is true that the community still has the untainted version(s) available to them, there is still some ugliness that really tends to sap the positive energy out of a project when commercial proprietary for-profit people come along to do selfish things with it. And I don't expect you or anyone else to fully understand it. If you do understand what I am saying, then you probably already agree with me -- so I'm not changing anyone's mind or giving anyone something new to think about by stating any of this. But by seeing and acknowledging this view point and rejecting it for whatever reason, you have to be honest with yourself about who you are inside and what drives and instincts you more closely identify with. If you disagree with the perspective I have expressed, then you are quite likely from the other camp who essentially believes it is okay to use the work of others for your personal gain.
  So in short, part of the benefit of the GPL to to preserve the spirit of open source as well as the software itself.
9. Re:GPL better exactly how? by wampus · 2010-06-18 10:53 · Score: 2, Funny
  
  That has to be the stupidest goddamned thing I have ever read. You audit every piece of software you use? How do you find time to pick bugs out of your neckbeard?
10. Re:GPL better exactly how? by fotbr · 2010-06-18 10:55 · Score: 4, Insightful
  
  Except the people who wrote the original work didn't feel that way, so why is it even an issue?
11. Re:GPL better exactly how? by Changa_MC · 2010-06-18 10:55 · Score: 2, Informative
  
  There's no guarantee there'd be more open code using the GPL, there'd possibly be one less proprietary competitor...
  For some people, that's a good thing(TM).
  But really, this whole argument is irrelevant. We have Beef TACO, the hypothetical open-source version that might never have existed. No need to worry about proprietary bloatware.
  
  --
  Changa hates change.
12. Re:GPL better exactly how? by wrook · 2010-06-18 12:00 · Score: 3, Insightful
  
  Exactly HOW would the GPL have been better? There's still a fork of the last "good" version, which you can use if you like.
  There is always a balance when choosing a license. The main advantage (IMHO) with choosing the GPL over something like the Apache
  license is that you don't have to compete against proprietary versions that are based on the code you wrote. As an author this is a
  significant consideration for me. If I am the primary author, it would suck to have features from my free version used with impunity
  when I am unable to use features from the proprietary version. It gives the proprietary version an unfair advantage (unfair in that as
  the primary author I can't enjoy the same privileges).
  However, there are lots of reasons to choose non-copyleft licenses for work. Sometimes the benefit you receive from extended
  exposure outweighs the disadvantage of unfair competition. Given that Google was the primary author and *they* aren't complaining,
  I have to agree with you that there doesn't seem to be a problem. If they got what they want, then it is all good. However, I can
  understand if the authors of the forked version want to use the GPL to avoid having to unfairly compete against the proprietary
  version.
13. Re:GPL better exactly how? by dfghjk · 2010-06-19 04:40 · Score: 3, Interesting
  
  The GPL community not only wants their community to grow but it wants others to shrink. Otherwise, this wouldn't be an issue at all. What difference does it make to GPL advocates what happens to non-GPL projects? The answer is simple and revealing.
Re:forks are so important by rtfa-troll · 2010-06-18 09:40 · Score: 2, Informative

Yes; dammit; that was my joke as you can clearly see from the submission but I guess it wasn't funny enough for the greater wisdom of the our Slashdot overlords.

--
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
Dupe story is dupe by surveyork · 2010-06-18 09:40 · Score: 2, Informative

This story is a dupe of: http://slashdot.org/firehose.pl?op=view&id=13491118 I know it. I submitted it.

--
2019 is going to be the year of Linux on the desktop.
No, just a fork... by Saeed+al-Sahaf · 2010-06-18 09:44 · Score: 5, Funny

It's not a dupe, it's a FORK! Quit your complaining...

--
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
I removed it right away by Anonymous Coward · 2010-06-18 09:54 · Score: 5, Insightful

The TACO guys did it wrong. First, they changed what the add-on fundamentally did. Second, they slapped their company name all over the thing. Third, they displayed a pop-up after the update. Fourth, they loaded a web page after the update. Fifth, that web page was loaded with lots of "selling" language but no substance.
They triggered every single warning about malware I have in my brain. I didn't even bother to look into what it was they were trying to sell. I uninstalled the add-on immediately.
I'd say this is example #1 in the upcoming book, How Not To Commercialize A Firefox Add-on.
1. Re:I removed it right away by Luckyo · 2010-06-18 11:16 · Score: 3, Insightful
  
  "How not to commercialize an anti-commercial firefox addon"
This is good news by gooman · 2010-06-18 09:57 · Score: 5, Interesting

Just last week I got a notice to "upgrade" TACO to 3.0 and foolishly did so. A tiny little 8KB add-on became a 3MB disaster. Now it has new features which clash with other add ons or were redundant for me. Music streaming was broken for some sites and best of all, the old version, while available (and compatible), will no longer install on Firefox 3.6.
After uninstalling it, I downloaded the source for 2.0 and was planning attempt a fix, but now I don't have to. Obviously someone else was just as irritated, to that individual I say, "Thank you."

--
"Kittens give Morbo gas!"
Forked After Proprietary Update? by BoppreH · 2010-06-18 10:04 · Score: 5, Informative

I thought it was forked only because of the bloatware, not the license as the headline suggests ("meaningful headline in slashdot", etc etc).

Actually, the fork's author only mention about the license in his blog post was:

This classic version didn’t have much to it, and what’s more it was licensed under the Apache 2.0 License. Fork’s Away!
If I read that correctly, he seemed happy about the license only because it allowed him to fork it.
They are 'anonymising' the data then selling it by Sonny_Jimbod · 2010-06-18 10:15 · Score: 5, Interesting

This way, they can sell the data on and still stick to their 'privacy policy': "Our Abine browser add-on uses hashes of unique identifiers that are not tied to you or your IP address, to help you track versions and updates for the add-on, and a different set of randomly generated identifiers to validate service requests such as creating or updating disposable email addresses. If you chose to provide more data in order to take advantage of additional services, such as webmail, add-on identifiers are never used in a way that ties it to your name or personal information to the best of our ability." Also, Eric Jung is on their 'Advisory board': http://abine.com/team.php If you don't know who he is, he is a board member of Mozilla Add-Ons governing board. This 'update' has made a mockery of the update mechanism in Firefox and severely undermines it in my view. Here's a link to the support board over at Abine, where I have been voicing my disapproval and I recommend you do the same: https://www.getabine.com/phpBB3/viewtopic.php?f=4&t=7&start=10#p37
1. Re:They are 'anonymising' the data then selling it by Sonny_Jimbod · 2010-06-18 10:33 · Score: 2, Interesting
  
  It gets worse, check this page out: http://forums.passwordmaker.org/index.php/topic,1654.0.html Surely it's a massive conflict of interest for Eric Jung to be a board member of the Mozilla Add-ons governing board and to be actively working on an Add-on, especially one like this?
2. Re:They are 'anonymising' the data then selling it by jorgevillalobos · 2010-06-18 10:33 · Score: 4, Informative
  
  Also, Eric Jung is on their 'Advisory board': http://abine.com/team.php If you don't know who he is, he is a board member of Mozilla Add-Ons governing board.
  
  Wrong. Eric Jung is on the board of Mozdev, and independent organization dedicated to hosting Mozilla-related projects (like a specialized Sourceforge). He is not part of the Mozilla Add-ons team.
  I'm in charge of the add-on review process at Mozilla, and I personally reviewed and approved the TACO update due to its complexity. I have no relationship with Abine whatsoever.
3. Re:They are 'anonymising' the data then selling it by Sonny_Jimbod · 2010-06-18 10:37 · Score: 3, Insightful
  
  Then why does it say that on the Abine site. I'm sorry, but you should be ashamed to let this past you. It went from 8K to 3MB, that is not a simple update and I fear this is breeding a lot of mistrust in the Firefox update mechanism. How are you going to regain users trust after this?
4. Re:They are 'anonymising' the data then selling it by jorgevillalobos · 2010-06-18 10:48 · Score: 4, Informative
  
  The page was wrong, and it looks like they updated it already.
  The update was approved because it passes all our quality checks. It is not up to us to determine what features a developer can include or not, and it is not a new thing for an add-on to change hands like this. It is up to the developers (new or otherwise) to give their users what they want. If they screw up, they will lose their users. Our job is to make sure the add-on is safe to use and it does what it claims it does. The new TACO has a ton of new features, most disabled by default, but its core functionality remains.
  Most users are complaining about the package size and the new user interface, which are things that won't get the add-on rejected unless they make it unusable, and that it not the case for TACO. I see nothing to be ashamed about.
5. Re:They are 'anonymising' the data then selling it by jorgevillalobos · 2010-06-18 11:14 · Score: 4, Interesting
  
  We have an unexpected features policy, also called No Surprises. We wouldn't have allowed the update if it enabled unexpected features for users, or if it had really changed its core functionality. But it didn't. It added several features, but they are also privacy and security tools, and they're turned off by default.
  I don't agree that we should warn about codebase changes, since that's the developer's prerogative, but I do agree that we should communicate privacy policy or EULA changes. That's something that we can't do through Firefox at the moment, but we definitely want to include in the future.
6. Re:They are 'anonymising' the data then selling it by Luckyo · 2010-06-18 12:13 · Score: 4, Insightful
  
  We have an unexpected features policy, also called No Surprises. We wouldn't have allowed the update if it enabled unexpected features for users, or if it had really changed its core functionality. But it didn't. It added several features, but they are also privacy and security tools, and they're turned off by default.
  So, in your opinion, a change that makes an add-on with no interface that just works out of the box with no interface elements at all into an add-on that adds multiple interface elements, pop-ups on pretty much every page (as almost every nominally popular site nowadays uses cookies in one form or another), and begins by flashing an introduction menu that contains among other things advertisement for "premium service"...
  Is not a change that changes core functionality?
  I mean really. One can split hairs and claim that it's "an add-on that generally protects your privacy by opting out of...", but in my, and apparently pretty much everyone's opinion, the sudden appearance of "features" like interface, pop-ups etc is a very, very serious change to core functionality. Which was from end-users point of view to STFU and just opt us out.
  The worst part is, this approval essentially dropped my trust towards Mozilla's auto-update function and add-on review process from full one hundred to zero. Because trust is hard earned (and mind you, you earned it with your hard work so far), and lost over one major failure. And allowing a hijack like this to be piggy backed as an "update" is a pretty damn major breach of trust. Whether you like it or not, this raises a question if the next update that you will decide that change is "minor" will get our UI painted full of targeted ads, which apparently will pass your check just as well so long as ads are relevant to core functionality of an add-on?
  For the next time: if an add-on that previously required no user action other then installation and didn't do anything to tell user about itself starts using flashy pop-ups to advertise itself, adds elements to UI and gets a flashy configuration window with advertisements for its host company, it's a change of core functionality for end user. Even if developer in you feels it's a "small upgrade", for end user it will be a major change and in this case, a game breaking one.
7. Re:They are 'anonymising' the data then selling it by jorgevillalobos · 2010-06-18 12:33 · Score: 3, Informative
  
  What I've been trying to communicate here is that it is not our job to judge if an add-on is pretty or ugly, lightweight or bloated, subtle or in-your-face. Our job is to attest for its security, privacy protection, usefulness and ease of use. We reject add-ons that are impossible to figure out, have overly intrusive UI, or are annoying to users. The previous TACO did have some UI, little as it was, and the new one can be configured to be like that.
  I know the new TACO is annoying to many, but I'm sure many others think otherwise. It's obvious that many TACO users like the minimalist interface it used to have, and are angered by the change, but that's something that the users need to judge, not us. There's already an alternative available if you want to switch.
  And yes, when we say "core functionality", in this case it would mean warning about cookies and other trackers, and providing the means to block them.
  FWIW, the people at Abine are well aware of the reception of this upgrade, and are already working on improving it.
8. Re:They are 'anonymising' the data then selling it by jorgevillalobos · 2010-06-18 13:48 · Score: 2, Insightful
  
  Feel free to review it yourself if you like. Here's all the necessary information:
  Our policies
  Editor Guide
  Code validator
  You can also send a message to our mailing list (see wiki link) and ask another editor to corroborate.
9. Re:They are 'anonymising' the data then selling it by Luckyo · 2010-06-18 16:39 · Score: 4, Insightful
  
  What I've been trying to communicate here is that it is not our job to judge if an add-on is pretty or ugly, lightweight or bloated, subtle or in-your-face.
  Except that it is. The very name of the policy, "No Suprises" clearly shows intent to prevent massive change from subtle to in-your-face, as you put it.
  The problem that we have reading your replies is that you chose to go with utterly classic response that corrupt officials and companies go with when they get caught. They proceed to find a small ambiguous technicality in the letter of the policy, while murdering the entire spirit of the said policy in progress, smiling in and proclaiming their complete innocence and blaming the policy. The entire wording of the name of the policy clearly suggests that you are there to weed out "subtle to in-your-face" changes. Yet because of technicality in the policy that you as a mod can use every time you want, it actually means absolutely nothing. Nothing in it actually stops you as a moderator from, for example, paying back a "monetary favor" by allowing a company that purchased a known add-on from making it a targeted advertisement add-on, full with annoying pop-ups, as long as it mainly does what it did before. Even if doing it is a small fraction of the new version and bulk is focused around selling unwanted crap, and in fact flies in the face of everything the previous versions of add-on stood for.
  I'm sorry, but this stinks. In a major way. It essentially means that the moment someone finds a morally weak spot in the mod chain, millions of end users can be literally fucked over with no recourse whatsoever.
  And it's the lack of recourse that's most bothersome. There isn't even a way to properly complain about a clear breach of trust issue, because it still adheres to letter of the policy, even if spirit of it is murdered in the process, at least according to you.
  I think AC below put it best:
  
  The Changing of Defaults and Unexpected Features [mozilla.org] add-ons policy appears to address what an add-on does when it's first installed. It doesn't adequately address notifications of changes pushed in updates to add-on functionality.
  Essentially there's a nice and functional loophole in the policy that allows anyone with sufficient interest in the issue to circumvent the policy entirely by publishing new add-on as a continuation of a popular existing one and making sure that mod happens to be someone he knows well enough and owes a favor, or is sufficiently naive to imagine that this isn't a "surprising change". This in spite of add-on update policy naming scheme that clearly shows that it was its intent to do the same as policy on what review happens when add-on is first installed.
  Once again, the stench can be felt even across the internet.
Mozilla should pull them by mrmeval · 2010-06-18 10:52 · Score: 4, Interesting

And perpetually ban that developer/team/company from every having access again.

--
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
1. Re:Mozilla should pull them by Saeed+al-Sahaf · 2010-06-18 11:26 · Score: 4, Insightful
  
  And perpetually ban that developer/team/company from every having access again.
  Or change their rules for updates, because according to the "official" Mozilla response, TACO 3.0 passed all the requirements. Mozilla doesn't seem to have a problem with it.
  
  --
  "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Their Advisory board members dirty laundry by Sonny_Jimbod · 2010-06-18 13:04 · Score: 5, Informative

http://www.getabine.com/team.php Jules Polonetsky - Co chair of Future of Privacy Forum, which coincidently enough was funded by AT&T. No conflict of interest there. Chief Privacy Officer at DoubleClick, you know, the people who sell lots and lots of adverts on the internet? Seems strange that he would be interested in something that was designed to stop that? Jim Jorgensen - CEO of AllAdvantage, you probably won't remember the name but you probably remember them as the company that tried to pioneer 'Paid to Surf' by bombarding users with adverts. Again, why would he be interested in something designed to thwart that? Why are these people interested in a company that seems to have no others means of making money apart from charging $50 to take down a youtube video? http://www.getabine.com/deleteme/request.php?item=youtube This company stinks, I'll continue digging because I'm sure there's more
Re:Going commercial: not just for money-grabbers by rtfa-troll · 2010-06-18 18:12 · Score: 2, Insightful

It can feel frustrating when something you are using goes from free to commercial. You often get the "sold out" feeling.
I love when something free goes commercial. Red Hat is one of my favourite companies. What annoys me is when something "Free" goes proprietary. These are are two very different things. For such a license change Mozilla should be insisting on a change of name so that people who don't want the change still have their computer free of that stuff.

--
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();