[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU-linux-libre] Browser plugins

From: Leo
Subject: Re: [GNU-linux-libre] Browser plugins
Date: Tue, 24 May 2011 22:35:10 -0300
User-agent: KMail/1.13.7 (Linux/2.6.38-LIBRE; KDE/4.6.3; x86_64; ; )


On Saturday 21 May 2011 11:37:03 Sam Geeraerts wrote:
> It's been reported [1] that Konqueror suggests downloading non-free 
> plugins. Even though there's some "flashplugininstaller" Kubuntu code in 
> gNewSense, I suspected that the browser is actually just relaying 
> information from the website. This has been confirmed by KDE developers 
> [2] (thanks, Leo). This means that it's probably not a problem specific 
> to Konqueror, but that all browsers could be affected.

I just want to point out that the popup in Konqueror (which is the browser 
that generated this discussion) can be dismissed with a "Do not download" and 
it has a "Don't ask me again" checkbox. It's not optimal, but it does give the 
user the option of not seeing the popup again.
> There are several ways we can deal with this:
> a) We do nothing. It's the website author who steers the user to 
> non-free software, not the software. The author is free to suggest 
> non-free software. We treat it like a "best viewed with Internet 
> Explorer" message on the website. Strictly technically speaking the 
> software is FSDG compliant.

I kind of agree with this one.
> b) We cut out the browser code that suggests plugins. From the user's 
> perspective, the message comes from the browser, not from the website. 
> This would also block any steering to free plugins, but I have yet to 
> see a website that does that. This is the easiest/quickest fix and 
> already implemented in IceCat if I'm not mistaken.

I think that in a way we'd be doing freedom through obscurity.
The user can't play whatever flash is needed for and is left with the 
uncertainty of how to fix that. The popup suggests a solution, which in our 
eyes is not a solution at all, but at least the user can follow instructions 
on what to do.
Suggesting nonfree is wrong, but I don't agree that not suggesting anything is 
the right way to solve that. The way I see it, there are 4 possible scenarios 
after trying to see a site and not getting any notification:

0) I'm new to computers, I ask around or search in a search engine and find 
out about the de facto choice because it's the most obvious and popular one 
and I end up installing nonfree flash anyway.

1) I'm new to GNU/Linux but have used computers before; I'd probably install 
nonfree Flash anyway since that's what I'd have previous knowledge of.

2) I'm not new to GNU/Linux but I'm an opensource kind of person and I install 
nonfree flash because that's what it works and I don't want to have to deal 
with Gnash incompatibilities with some sites.

3) I'm a freetard and subscribed to the GNU-linux-libre mailing list and I 
already know about this problem and I wouldn't get anywhere near nonfree 

> c) We keep a blacklist of known non-free URLs and replace them with 
> links to free alternatives in the dialog box. While there are probably 
> not many different URLs used in the wild, we're never sure to catch them 
> all. We'd also have to keep track of the freedom status of the 
> alternatives upstream besides all the packages in the distro. There may 
> not even be something FSDG compliant to point to (which is preferably 
> also easily installable by the user).

This one I kind of agree with, but maybe with a message that says "The site 
you're visiting suggested installing nonfree software to have access to 
additional things. We suggest installing this instead: 
swfdec or whatever. Gnash is working quite well, in my experience, but I 
barely visit sites that need flash anyway.
It needs to be pointed out that, AFAIK, swfdec doesn't work with Konqueror. I 
remember there was an app called Klash (Gnash for Konqueror as a kpart), but I 
don't know the status of that anymore. Konqueror is the browser I use the most 
and, like I said, I barely use flash.
> d) We use the dialog box (or e.g. integration with Software Center) to 
> suggest a package from the distro to install for each media type.

This one seems a bit difficult, considering that packages are named different 
and that package managers work in different ways. If we suggest a generic 
name, then that would probably be right. "The site you're visiting suggested 
installing nonfree software to have access to additional things. We suggest 
that you look for Gnash/swfdec/Lightspark in your repos instead."

> I think (a) is just a poor excuse. (c) seems high cost, low gain to me. 
> A "first (b), then (d) if possible" implementation looks like the best 
> solution to me.

I think (a) is an option if a message was added to the popup; something like 
"The site suggested this plugin, which could be nonfree". I agree that (c) is 
high cost, but I don't think it has low gain. (b) I don't like much. (d) also 
sounds high cost, but if it's done how I suggested it, then it wouldn't be 

I like (a) and not (b) because I see (b) a bit like censoring. If a user 
doesn't want to install flash they can always dismiss the popup and never see 
it again. If we want to alert the user that the plugin is probably nonfree, 
then we can do that by putting a nice message warning the user right before 
the site's suggestion.
It's a bit like the DEBLOBED messages in Linux-libre; I'm not exactly in 
agreement with that (although I don't strongly disagree with it, since I only 
use 100% free software and it doesn't bother me personally). I don't know if 
making it harder for the user to find the nonfree stuff actually benefits free 
software. If the user wants to install only free software, then a message of 
"This is nonfree software and we recommend you not to install it." should be 
enough instead of obfuscating things.

Also, if flash is needed as a crucial thing to view the site then I probably 
wouldn't be visiting it again anyway, even if it works perfectly with Gnash. 
Knowing that the site also recommends nonfree software might motivate me to 
send an email to the webmaster of the site to solve both problems. If I don't 
know they are making popups show up, then I never get to know that they are 
recommending nonfree software and I can't do anything about it. I feel that 
hiding this information is patching the problem instead of solving it (the 
problem being that sites promote nonfree software); webmasters might not even 
be aware that there's an alternative to flash or that nonfree software is a 
social problem.
> Some other thoughts:
> - How do we put this on the NONFSDG list (same problem, (potentially) 
> multiple browsers)?
> - What do we expect from upstream, i.e. the browser developers?

When I posted about this in one of the KDE devs (@afiestas) offered 
to help fix this, but then we discovered that Konqueror wasn't suggesting 
Adobe Flash directly. Since KDE 4 came out, the KDE people tend to lean more 
on the free software side than on the open source side. If this bug gets 
solved with a warning for the user, then we'll probably have a better chance 
By the way, I just noticed that this is a potential security risk: I could put 
whatever link I want for the pluginspage variable and send a user to a site 
that appears to be Adobe's but isn't. Someone could be doing some serious 
phishing with this. Upstream might be interested in putting a warning about 
this, if not for the problem of nonfree.

> - Do any free CMS/wiki packages generate code with URLs to non-free plugins?

I don't know, but this is a very good question.

> Regards,
> Sam Geeraerts
> gNewSense dev


> [1]
> [2]

RMS Rose GNU/Linux-libre
#rmsgnulinux @

Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]