Floorp going closed source?

dalto · March 26, 2024, 4:10pm

Does Brave have proprietary components? If so, do you know which parts?

Kresimir · March 26, 2024, 4:16pm

I’m not sure, I just know it’s impossible or close to impossible to build if from source code (and have if as fully featured as the official build).

In the words of one of the developers:

Only Brave Software produces the official builds for Brave browser

dalto · March 26, 2024, 4:16pm

It looks like it is fully open source.

There is an AUR package for it:

https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=brave

Isn’t that true for any software? That seems like a rather meaningless statement.

With --official_build enabled, there are going to be a lot of config values needed (Google keys for safe browsing, etc) which only the Brave Software owned official build servers have configured. You can stub those config values out (putting fake or empty values)- but the services that Brave consumes at runtime (Safe browsing, fetching extensions, fetching adblock rules, Brave Rewards, Brave News, etc) will fail and folks checking the binary against the signing keys will realize it’s not an official build

I am not sure these things failing is actually a bad thing…

smokey · March 26, 2024, 4:21pm

Going through the git repo everything is public so it doesn’t seem like they are hiding a thing. Not too sure what @Kresimir is refering to with it

Kresimir · March 26, 2024, 4:21pm

What isn’t true for any software is that the user gets a different set of features from the officially distributed binary, and the binary one builds by oneself, unofficially. This difference practically ensures that Brave cannot be compiled from source by distro maintainers for the repos, at least without taking a binary from Brave.

My concern, of course, is that with binary distribution of a browser, one cannot be sure if the published source code is the one that was used to actually build the binary. So I would like my browser to be compiled by the people I trust, the distro maintainers.

dalto · March 26, 2024, 4:23pm

According to the above, the features are the same. You just don’t get the Brave keys. This makes some things not work unless you replace them with valid keys yourself.

smokey · March 26, 2024, 4:24pm

The whole code and repo are very open, binary vs the git will always be different and I can’t spare the resources to try see if there are any differences.

Kresimir · March 26, 2024, 4:25pm

Of course. But that’s missing the point. The point is: who is building the binary? Brave? Or Arch TUs?

If you use the binary from Brave, that’s completely equivalent to it being closed source, because you cannot know whether the binary was built using the published source code.

(it’s a hypothetical question, since Brave is not in the repos)

smokey · March 26, 2024, 4:28pm

Yer I don’t use and with browsers I would never use them from the AUR, I get that sort of point sorry if I missed it. I would much prefer if I was going to go that route to build it myself, sorry for the misunderstanding

keybreak · March 26, 2024, 4:33pm

Sounds like a good thing actually
SaFE BrOWsINg is used to censor some legit websites in times of political turmoil, for instance…not only scam and baddies.

smokey · March 26, 2024, 4:59pm

Yes I can think of a recent one here (george last name rhymes with bell) was blocked by all ISPs and Media wasn’t allowed to say anything about it at first except mention the outlining facts. Many people jumped online using VPNs etc at the time to expose the story. Anyone else it would have been instantly public information.

keybreak · March 26, 2024, 5:03pm

No it’s the other thing that you can’t “solve” with VPN, it’s basically a system that flags websites untrustworthy and shows huge red page saying that it’s DANGEROUS!!!1111111

It’s list curated by Google which can be abused in a short-term by…just mass-reporting.
So basically you can scare most normies away during short period of time from any website by simply abusing this crap…That’s exactly why i always turn it off in my Firefox / Librewolf.

smokey · March 26, 2024, 5:05pm

I have a virtual machine set up for links like this and the majority of these flagged sites are safe except for maybe learning the other side of the story, I get what you mean

bitterhalt · April 7, 2024, 9:27am

I want this!

mihalycsaba · April 7, 2024, 1:28pm

I’m confused by this story. What’s wrong with people only changing minimal stuff if they publish the source code of those changes? It means if there are ever any meaningful improvements he can use that to improve his own code.
I like the license he chose, if I understand it correctly, it should make it hard for people to make money from his work. I think this means that they have to publish the source code for the modifications.

3.1. Distribution of Source Form

All distribution of Covered Software in Source Code Form, including any Modifications that You create or to which You contribute, must be under the terms of this License. You must inform recipients that the Source Code Form of the Covered Software is governed by the terms of this License, and how they can obtain a copy of this License. You may not attempt to alter or restrict the recipients’ rights in the Source Code Form.

3.2. Distribution of Executable Form

If You distribute Covered Software in Executable Form then:

such Covered Software must also be made available in Source Code Form, as described in Section 3.1, and You must inform recipients of the Executable Form how they can obtain a copy of such Source Code Form by reasonable means in a timely manner, at a charge no more than the cost of distribution to the recipient; and

You may distribute such Executable Form under the terms of this License, or sublicense it under different terms, provided that the license for the Executable Form does not attempt to limit or alter the recipients’ rights in the Source Code Form under this License.

dalto · April 7, 2024, 1:37pm

If I understand the issue correctly, there were people changing only the logo/name on the browser and monetizing it. Basically, they were profiting solely off his work and not disclosing that it was based on floorp.

His new license requires both attribution and non-commercial use.

beariddle · April 7, 2024, 1:38pm

There was also the thing with those “clones” not upstreaming some of their commits in accordance with the license, other than monetizing.

mihalycsaba · April 7, 2024, 1:41pm

Where is the new license mentioned? On github I only found MPL2.0. After a bit more reading it’s a weak file based copyleft license.

Isn’t CC BY-NC-SA made for art and ‘creative’ works? Why not use AGPL? I’m planning to release something, but it’s so confusing.

dalto · April 7, 2024, 1:47pm

It looks like he changed the license again by creating his own. It is here:

github.com

Floorp-Projects/Floorp-private-components/blob/5049b3e3ebc6215018d08b65a10b9c10265f74ac/LICENSE

Floorp Shared Source License

This License governs use of the accompanying Software, and your use of the Software constitutes acceptance of this license.

You may use this Software for any non-commercial purpose, subject to the restrictions in this license. Some purposes which can be non-commercial are teaching, academic research, and personal experimentation. You may also distribute this Software with books or other teaching materials, or publish the Software on websites, that are intended to teach the use of the Software.

You may not use or distribute this Software or any derivative works in any form for commercial purposes. Examples of commercial purposes would be running business operations, licensing, leasing, or selling the Software, or distributing the Software for use with commercial products.

You may modify this Software and distribute the modified Software for non-commercial purposes, however, you may not grant rights to the Software or derivative works that are broader than those provided by this License. For example, you may not distribute modifications of the Software under terms that would permit commercial use, or under terms that purport to require the Software or derivative works to be sublicensed to others.

You may use any information in intangible form that you remember after accessing the Software. However, this right does not grant you a license to any of Floorp's copyrights or patents for anything you might create using such information.

In return, we simply require that you agree:

1. Not to remove any copyright or other notices from the Software.

2. That if you distribute the Software in source or object form, you will include a verbatim copy of this license.

3. That if you distribute derivative works of the Software in source code form you do so only under a license that includes all of the provisions of this License, and if you distribute derivative works of the Software solely in object form you do so only under a license that complies with this License.

This file has been truncated. show original

It more or less has the same core provisions.

The AGPL would be a strange choice for a web browser. It wouldn’t be much different than the GPL for that use case, right?

mihalycsaba · April 7, 2024, 2:17pm

I’m in the process of learning about licenses and it’s confusing, I’ve read some questions and answers, but they just made me more confused. So yeah, not sure when to think AGPL or GPL.

I still don’t understand, how can someone sell a version of Floorp if they only change the name and logo? Who would be stupid enough to pay for that? Was this even a real issue or the developer was overthinking?

If someone makes some useful modifications to the browser, and they want to monetize it with those, wouldn’t they be required to release the source code for those modifications under GPL?

Let’s say they don’t comply, he could DMCA them?