You need to address the author’s points though: if you agree that spyware is a problem that impinges on user freedom, what agenda should we advance to solve it? is advocating for copyleft licensing actually helping? Do you really believe that a world where everyone only used GPL software would be free of spyware?
We should really pay for open-source. The FSF has a page saying it’s correct to charge before delivering OSS software (and the user can redistribute the software with OSS license).
We could charge access to Debian repositories for example. For example one repo could have bugfixes, and the broader audience could have a 1-year-old repo. Sure your can build from source, get a zip from a torrent, or find someone who hosts a free mirror of the paid repo, but as a company it’s much easier to get it from the official source, for security compliance. (Btw I’ve always said I’d be happy to spend $200 per year per employee for a desktop OS of macOS quality, so probably much less for our servers).
This would offer price discrimination:
- Free for individuals who want to spin off a small website,
- Paid when you need to prove compliance to security regulations,
- Developments still go to the pool of mankind’s marvels, instead of being locked with a commercial license and dying with the company,
- Customer can still fork or fix a bug themselves by building from source.
I agree with your point that we should look for a way to pay FOSS maintainers for their time, but my point was that Linux repos are not free of spyware naming the version of Unity that sent what you typed to Amazon Shopping as an example.
The line that separates legitimate features and spyware is blurry, especially when a bad default ends up leaking information of the user.
It is enough for one person to notice something strange about a program and it is really easy to fork/revert back to a version with only the needed functionality if source is available. Of course the given bad faith actor responsible for the mischief will be “punished” and will be banned from contribution.
With the apparent lack of both viruses and telemetry and the like in libre software even with the laughable default security of linux distros (your home containing basically everything free to read/modify for any user app), I would say that FOSS has quite a good track record in this metric. Nonetheless, a stronger security should be developed/strived for because it still boils down to a trust based system, but it makes me happy that the default of most people is to not cause harm.
You can't lump all GPL licenced software into one bucket. GPL <=2 is quite different to GPL 3. Which is why GPL 3 is anathema to many commercial companies.
I can pretty much guarantee that none of those "smart" TVs are running GPLv3 code.
To be pedantic, Android is under Apache[1] license, not GPL. And the apps you install in Android are (and can be) closed source (most of them).
The hypothetical scenario you describe is the one where you build Linux from scratch and you find a spyware. And this, AFAIK, is not happening right now, and one of the reasons is because it's open source and you can build it from the source code.
Android incorporates a patched GPLv2 Linux kernel, and a stack of other stuff on top of it which includes GPL, LGPL and Apache and other licenses.
And a typical android distribution - eg the one installed on a TV - includes a bunch of other software too.
And the hypothetical scenario I want is where I buy a TV and it doesn’t contain spyware. It seems that the existence of Linux has, if anything, made that less possible, given that any old hardware company can grab a Linux kernel and shove whatever spyware they want on top of it before selling it to me.
> Android incorporates a patched GPLv2 Linux kernel.
This has nothing to do with "So we have broad adoption of GPL software". Android (AOSP) is Apache. We don't have "broad adoption of GPL software". This scenario doesn't exist.
If the software of the TV is GPLv2, you must have access to the source code (even with Apache this can happen to some extent). The TV manufacturer must give you the source code of the software running on the TV (with GPLv3 they should also guarantee that you can re-flash your devices). This of course is an ideal world, and it's the freedom FSF searches for.
This way, you (or someone else) can audit the source code and check for spywares. You might be able to rebuild and reflash the software.
Unfortunately not everything is open source. On Linux you have (for example) NVIDIA drivers that are closed source. You can put a spyware in there, even if Linux is GPLv2.
EDIT: btw, you first asked "What’s the next step?". I believe the next step is to raise awareness of the rights one has over GPLvX software and to be able to truly enforce those rights. Like if you ask Samsung for the source code of your TV and they don't give it to you, you can (like) go to the nearest police station and press charges.
As far as I understood (maybe it was/is on groklaw.net somewhere), Linus didn't care as much about the users. His main concern is the developers, so he doesn't mind the users being tivoized out of their ability to run adapted code.
Not so long ago GPLv2 was anathema for corporations, but now they love it due to linux. What's left now is to gradually roll out GPLv3. It's embrace and extend tactics of sorts.
> Android is built on Linux. Android-based TVs and phones are sold to consumers every day with spyware preinstalled.
Android is built on GPLv2 Linux. GPLv2 does not protect the user against locked down hardware and firmware. In contrast, GPLv3+ does protect the user. The user does not have the freedom to modify their software on their hardware, so there is much less freedom.
Don’t straw man. The comment you’re replying to is referring to using free software exclusively. If you avoid all non-free software, including services that don’t share their source code, then you will not have to deal with any adware or spyware at all if you don’t wish to.
You’re really just supporting the FSF’s arguments against non-free software.
But plot that path out for me. Explain to me how you make a world where the average consumer has access to a spyware free phone and TV because of free software. What societal or legislative or cultural levers do you plan to pull to bring about that utopia? Is the FSF pulling them?
No magic is needed. In a world where everything is free software, almost no spyware would happen. And the "almost" is because nobody can watch everything every time. But the most used software will be thoroughly reviewed.
But we don’t live in that world yet. We live in a world where, on the contrary, companies are able to make products that distribute their spyware and do so by actively exploiting the contributions of free software developers! The Linux devs whose contributions are in android are having their software used to build TVs that spy on people! Is free software advocacy alone actually helping advance a spyware-free world, then?
No, the eventual goal of the FSF (and Stallman himself) is to make all software free. You cannot achieve this goal at once, you need to make part of the software free first.
Those repositories are used by a very small minority of users, which are also highly competent and constantly looking out for scatchy things. Yet, those scatchy things do happen occasionally on small scale be.
But it's kinda obvious that the lack ob a big and serious actor is the main reason why nothing seriously bad ever happend in linux-land so far. Everyone switching to Open Source would change this and the watchmen would likely be unable to protect their world.
I mean just look at the mildly bad things happening on mainstream-systems, which everyone knows about and still ignores them, because "that's just how it is". At the end people willingly use bad software & services, because their subjective gain is higher than the small price they pay.
It doesn't systematically free people of spywares but allows to do so. Projects already get forked for that purpose like vscode, chromium.
It also allows to audit and at least see what a software does.
