On Wednesday, June 17, 2015 at 11:52:37 PM UTC-5, Ryan Kelly wrote: > On 18/06/2015 13:56, B Galliart wrote: > > You claim Pocket(TM) being integrated into the core of Firefox to be > > pre-installed is justified because "the master goal requires Mozilla to > > attract and retain users." As such, Firefox is by extension a Pocket(TM) > > application. > > Asserting this as fact does not make it so.
The only place in the Terms of Service which seems to define the term "Pocket(TM) application" is here: "The pocket software application, supporting files and accompanying documentation (referred to collectively herein as the 'Pocket application') is provided solely for your personal, noncommercial use." My understanding is pktApi.js is a supporting file provided by Read It Later, Inc. Based on the wording, the Terms of Service is claiming Firefox now fits what it defines to be a "Pocket(TM) application" and as such the user is requested to read and agree to Pocket(TM)'s ToS and Privacy Policy "before [they] install." > "Firefox is now a pocket application" is IMHO a completely unreasonable > conclusion to jump to, unless one is deliberately looking for gotchas > with which to hate on this integration. I am completely open to an employee of Pocket(TM) providing clarification on the definition and have even requested it from them. So far, I have heard nothing back. Feel free to explain in your own words what exactly the Pocket(TM) Terms of Service is defining and how it applies now that Pocket(TM) is a non-optional install part of the core of Firefox. It is true that I am deliberately looking for gotchas. I believe the Mozilla Foundation's campaign for The Web We Want put obligations on us to look for gotchas. If I am misunderstanding the Terms of Service in a way that you can have a lawyer explain on this mailing list, then great. If this is an out of date Terms of Service that includes language that will no longer apply, then that is also great. But until then, I believe the "gotchas" are still there. Another gotchas in that definition is the restriction for personal and noncommercial use. I believe this is the first time Firefox has directly integrated a feature with such terms. Even if a company's own data regulation policies doesn't conflict with Pocket(TM)'s Privacy Policy, that may still be in violation of the ToS by attempting to roll out Pocket(TM) use to all employees. This is yet another reason why allowing for a pocket-compatible privately run server is needed and why it is problematic that a private/undocumented "/v3/firefox/*" API namespace exists. This is not out of hate. The gotchas appear regardless of if you love or hate the integration. It is just the nature of how the ToS is currently written. > As Gerv already pointed out earlier in the thread, all of the pocket > code shipping with firefox is open-source and is clearly licensed for > use without agreeing to any terms-of-service. It's declared right here > at the top of the source file: > > > https://hg.mozilla.org/mozilla-central/file/a3f280b6f8d5/browser/components/pocket/pktApi.js Yes, Gervase Markham did say the above. Later he also said the following: "Right. I take back this implied criticism of your position. I'm seeking clarification on this. I'm pretty sure the sections you mention don't apply (and are not intended to apply) to the Pocket code in Firefox, but I entirely agree it's very unclear." "I will come back to this group when I hear more." I asked Pocket(TM) for clarification back on June 6th and I am assuming he also asked around June 10th. If there is a misunderstanding, I believe Pocket(TM) could easily clear it up by responding to the pending requests. So far, I have not heard anything and over a week has passed. > > According to Pocket(TM)'s Terms of Service, merely by installing a > > Pocket(TM) application the user should have both read and agreed to the > > Pocket(TM) Terms of Service and Privacy Policy. According to Pocket(TM) > > Privacy Policy, the users are a data point to be sold in the form of > > aggregated information. > > I'm not a lawyer, but I've shipped code under the watchful eye of > Mozilla's laywers, and ToS acceptance is something they take very > seriously. My team recently had to remove a feature from an (unrelated) > project because we were not appropriately surfacing agreement to the > terms of a third-party service. That is good to know. Is there anyplace as part of Mozilla's effort to be transparent where Mozilla's lawyers provide the details or synopsis of the Terms of Service documents the reviewed? Also, how does Mozilla lawyers take into account the impact of a new currently unpublished Privacy Policy that goes into effect 30 days after publication? Are they continually monitoring and reviewing the documents as they are updated? Are they able to always accomplish a full review in less than 30 days? What is Mozilla's stated policy/method for giving notice to the impacted users when a change no longer adheres to Mozilla's mission? > I am in broad agreement that there's a lot about this integration that > could have been communicated better, coordinated better, and generally > made more transparent. I glad we are both in agreement on this. I wish you could see that this is not a result of hate of integration of feature but instead out of respect for Mozilla's previously stated mission. > But to suggest that this integration suddenly springs unrelated and > unsurfaced ToS on our unsuspecting users seems like a fanciful overreach > to me. Not only do I claim that this integration based on the wording of Pocket(TM)'s ToS springs itself on unsuspecting users, it also springs itself on unsuspecting developers as well. Putting pktApi.js under an open source license is a good first step but is not a reasonable replacement for a statement of intent regarding treating the API and service as open. Currently, the closest to a statement of intent is the Terms of Service which *revoke* rights instead of giving them. There are at least two major problems with this in terms of how the USA legal system works: (1) The court finding in Oracle vs Google show it is possible to put a specific implementation of an API under open source while still treating the API itself as being under additional restrictions. The fact "/v3/firefox/*" API namespace is undocumented and stated to be private indicates that attempting to create a pocket-protocol compatible server may still result in legal action for violating Pocket(TM)'s intellectual property. So far, only an implementation of the client has been put under the open source. The API is not stated to be an open standard for free use. (2) The lack of being able to create a private or test API server service bring us to another of USA worst laws, the Computer Fraud and Abuse Act. Currently, the only Pocket(TM) API service available is the *production* one provided under Pocket(TM)'s Terms of Service. If a developer does anything not explicitly permitted by the Terms of Service and even unintentionally disrupting service, the developer can be charged criminally. Also, under the CFAA, it is up to District Attorney, not up to the company (in this case Pocket(TM)) on if charges are to be filed. The fact that the CFAA takes the concept of a ToS being related to civil damages and make it a criminal offense make it that much more problematic when companies use the strictest restrictive language possible. In the case of the Pocket(TM) "LICENSE RESTRICTIONS" section, the language is extremely damning. It leaves no room for error in modifying the code which uses the service. I still understand that you probably still believe I am saying this out of same hate of Pocket(TM). I doubt I can change your mind about that. I don't blame Pocket(TM) for the actions of Oracle and I don't blame Pocket(TM) for the CFAA. But it is still part of the world Americans live in. If Pocket(TM) is part of a transparent "Web We Want" then is it really an act of "hate" to expect better clarification?! There has to be some common ground that can be reached where looking for gotchas is acceptable instead of "hate." Everything about the Web We Want open letter was statements of common web "gotchas." Was Mozilla operating on the basis of hate then? _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
