Joseph, you say:
- Firefox is open-source, but that hasn’t stopped them from implementing DRM, which is (I think) impossible with free software.
I think it’s important to keep in mind the distinction between open-source and free software. I don’t mean to be pedantic. I think it’s a distinction one has to learn and keep in mind in this discussion. Again, here is a good article about it, but here’s a good summary:
A program is free software if the program’s users have the four essential freedoms:
- The freedom to run the program as you wish, for any purpose (freedom 0).
- The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
- The freedom to redistribute copies so you can help others (freedom 2).
- The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.
I don’t know the exact story of Firefox, though I do know that they have implemented the ability to run DRM software in their browser, as you’ve stated. But it accurately highlights the distinction between open-source software and free software: just because it’s open-source is not enough for it to be free. The Free Software Foundation has released their own browser based on the Mozilla suite (the makers of Firefox) called IceCat. It is made entirely of free software, according to their definition.
I do think DRM is harmful to consumers, and I think it’s good on the Free Software Foundation for release a browser that does not include it. (Of course, I haven’t downloaded and tried it out yet… but maybe I will now. ) I admit that I’m somewhat of a hypocrite, since I do purchase content from time to time that has DRM. But I also make sure that I can remove the DRM before I purchase it. I don’t give the content away or post it on my blog, but I believe that it’s still illegal for me to do it in the United States. That’s wrong, and harmful to me, the consumer.
- Firefox is open-source, but that doesn’t stop big corporations from tracking us, and that’s true even though most of the software the big corporations started with, such as PHP and Mysql, are open source as well.
Using free software is not a panacea, and it cannot prevent this kind of behavior. The tracking that is ubiquitous on the internet has to be dealt with using other tools. I’ve really enjoyed using Firefox for the past month, since it has a neat concept of “containers”: every time I open Facebook on Firefox, it’s automatically in it’s own “container” within my browser. I think tools like that will have to address the tracking question.
- Several open-source software packages recently went closed-source (while trying to claim they were still open-source).
Nothing is to prevent non-free, open source software from going closed-source. But that’s precisely what the free software licenses were created to prevent.
- I use a lot of open-source software. I like the fact that I can file a bug report and follow it. But let’s be real. I don’t have the foggiest clue whether the software is malicious or not. The fact that I could learn to code well enough to then start to audit the code means nothing in reality.
Of course I realize that most people won’t have the foggiest idea what the code means even they study it carefully. Shoot, even experienced programmers won’t necessarily be able to understand what the code means if it’s in a language or if it’s a large project that they are unfamiliar with. But that’s no argument against free software. Free software at least gives me the ability to find someone I do trust, whether its an individual or an agency that certifies software, and lean on them to tell me whether I can trust a certain software package or not.
This makes me think of another, very related issue. Major bugs like Heartbleed occur in all software, free or not. But is it a “bug”, or is it a “back door” implemented by some government or agency wanting access to private information? Heartbleed was a bug in some software that was licensed under the Apache License 2.0, a license certified by the Free Software Foundation as truly free software. According to the Heartbleed website,
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Heartbleed was a huge security vulnerability that went unnoticed (or perhaps was hidden?) for years. It may or may not have ever been discovered in non-free software – we would never know.
But here’s my basic premise: software should be for humans. It should help humans. It should never attack them or make them more vulnerable. The fact that OpenSSL is free software meant that the problem could be address, regardless of whether the “bug” was malicious or not.