Hello, On Saturday 21 May 2011 11:37:03 Sam Geeraerts wrote: > It's been reported [1] that Konqueror suggests downloading non-free > plugins. Even though there's some "flashplugininstaller" Kubuntu code in > gNewSense, I suspected that the browser is actually just relaying > information from the website. This has been confirmed by KDE developers > [2] (thanks, Leo). This means that it's probably not a problem specific > to Konqueror, but that all browsers could be affected.
I just want to point out that the popup in Konqueror (which is the browser that generated this discussion) can be dismissed with a "Do not download" and it has a "Don't ask me again" checkbox. It's not optimal, but it does give the user the option of not seeing the popup again. > There are several ways we can deal with this: > > a) We do nothing. It's the website author who steers the user to > non-free software, not the software. The author is free to suggest > non-free software. We treat it like a "best viewed with Internet > Explorer" message on the website. Strictly technically speaking the > software is FSDG compliant. I kind of agree with this one. > b) We cut out the browser code that suggests plugins. From the user's > perspective, the message comes from the browser, not from the website. > This would also block any steering to free plugins, but I have yet to > see a website that does that. This is the easiest/quickest fix and > already implemented in IceCat if I'm not mistaken. I think that in a way we'd be doing freedom through obscurity. The user can't play whatever flash is needed for and is left with the uncertainty of how to fix that. The popup suggests a solution, which in our eyes is not a solution at all, but at least the user can follow instructions on what to do. Suggesting nonfree is wrong, but I don't agree that not suggesting anything is the right way to solve that. The way I see it, there are 4 possible scenarios after trying to see a site and not getting any notification: 0) I'm new to computers, I ask around or search in a search engine and find out about the de facto choice because it's the most obvious and popular one and I end up installing nonfree flash anyway. 1) I'm new to GNU/Linux but have used computers before; I'd probably install nonfree Flash anyway since that's what I'd have previous knowledge of. 2) I'm not new to GNU/Linux but I'm an opensource kind of person and I install nonfree flash because that's what it works and I don't want to have to deal with Gnash incompatibilities with some sites. 3) I'm a freetard and subscribed to the GNU-linux-libre mailing list and I already know about this problem and I wouldn't get anywhere near nonfree software. > c) We keep a blacklist of known non-free URLs and replace them with > links to free alternatives in the dialog box. While there are probably > not many different URLs used in the wild, we're never sure to catch them > all. We'd also have to keep track of the freedom status of the > alternatives upstream besides all the packages in the distro. There may > not even be something FSDG compliant to point to (which is preferably > also easily installable by the user). This one I kind of agree with, but maybe with a message that says "The site you're visiting suggested installing nonfree software to have access to additional things. We suggest installing this instead: $INSERT_LINK_TO_FREE_FLASH_ALTERNATIVE_HERE". It could be Gnash, Lightspark, swfdec or whatever. Gnash is working quite well, in my experience, but I barely visit sites that need flash anyway. It needs to be pointed out that, AFAIK, swfdec doesn't work with Konqueror. I remember there was an app called Klash (Gnash for Konqueror as a kpart), but I don't know the status of that anymore. Konqueror is the browser I use the most and, like I said, I barely use flash. > d) We use the dialog box (or e.g. integration with Software Center) to > suggest a package from the distro to install for each media type. This one seems a bit difficult, considering that packages are named different and that package managers work in different ways. If we suggest a generic name, then that would probably be right. "The site you're visiting suggested installing nonfree software to have access to additional things. We suggest that you look for Gnash/swfdec/Lightspark in your repos instead." > I think (a) is just a poor excuse. (c) seems high cost, low gain to me. > A "first (b), then (d) if possible" implementation looks like the best > solution to me. I think (a) is an option if a message was added to the popup; something like "The site suggested this plugin, which could be nonfree". I agree that (c) is high cost, but I don't think it has low gain. (b) I don't like much. (d) also sounds high cost, but if it's done how I suggested it, then it wouldn't be hard. I like (a) and not (b) because I see (b) a bit like censoring. If a user doesn't want to install flash they can always dismiss the popup and never see it again. If we want to alert the user that the plugin is probably nonfree, then we can do that by putting a nice message warning the user right before the site's suggestion. It's a bit like the DEBLOBED messages in Linux-libre; I'm not exactly in agreement with that (although I don't strongly disagree with it, since I only use 100% free software and it doesn't bother me personally). I don't know if making it harder for the user to find the nonfree stuff actually benefits free software. If the user wants to install only free software, then a message of "This is nonfree software and we recommend you not to install it." should be enough instead of obfuscating things. Also, if flash is needed as a crucial thing to view the site then I probably wouldn't be visiting it again anyway, even if it works perfectly with Gnash. Knowing that the site also recommends nonfree software might motivate me to send an email to the webmaster of the site to solve both problems. If I don't know they are making popups show up, then I never get to know that they are recommending nonfree software and I can't do anything about it. I feel that hiding this information is patching the problem instead of solving it (the problem being that sites promote nonfree software); webmasters might not even be aware that there's an alternative to flash or that nonfree software is a social problem. > Some other thoughts: > - How do we put this on the NONFSDG list (same problem, (potentially) > multiple browsers)? > - What do we expect from upstream, i.e. the browser developers? When I posted about this in identi.ca one of the KDE devs (@afiestas) offered to help fix this, but then we discovered that Konqueror wasn't suggesting Adobe Flash directly. Since KDE 4 came out, the KDE people tend to lean more on the free software side than on the open source side. If this bug gets solved with a warning for the user, then we'll probably have a better chance upstream. By the way, I just noticed that this is a potential security risk: I could put whatever link I want for the pluginspage variable and send a user to a site that appears to be Adobe's but isn't. Someone could be doing some serious phishing with this. Upstream might be interested in putting a warning about this, if not for the problem of nonfree. > - Do any free CMS/wiki packages generate code with URLs to non-free plugins? I don't know, but this is a very good question. > Regards, > Sam Geeraerts > gNewSense dev Regards, Leo > [1] http://libreplanet.org/wiki/NONFSDG#konqueror > [2] https://bugs.kde.org/show_bug.cgi?id=273574 > > -- RMS Rose GNU/Linux-libre http://rmsgnulinux.com.ar #rmsgnulinux @ irc.freenode.net
signature.asc
Description: This is a digitally signed message part.