VW’s fraudulent software points to need for copylefted free software

Recently it was announced that Volkswagen had since at least 2009 “cheated to make nearly half a million diesel cars appear cleaner-burning than they are” (source, local copy of original article text, article as originally seen).

The US government has it in their power to negotiate terms here. They could choose to negotiate that VW release its car software under the GNU GPL version 3 or later and give VW owners a chance to inspect and improve the software themselves, rather than leave the tools for more fraud in the hands of known fraudsters. VW could also choose to release the software under the same terms without being pressured into doing this; this will help them rehabilitate the “broken trust of [their] customers and the public” VW CEO Martin Winterkorn referred to. In fact this will help give them a leg up above their competition in the short and long-term.

In normal use, the VW diesel cars burned fuel in a way that allowed far more pollutants to enter the air. When tested, the same car would burn fuel far more cleanly in order to pass environmental tests:

During normal driving situations, the controls are turned off, allowing the cars to spew as much as 40 times as much pollution as allowed under the Clean Air Act, the EPA said. Such pollutants are linked to a range of health problems, including asthma attacks, other respiratory diseases, and premature death.

This is obviously fraudulent but how many people were adversely affected or killed by VW’s choice?

“I don’t suppose we’ll never know how many people died—asthmatics, for example—because Volkswagen designed its ‘clean diesel’ vehicles—all 482,000 of them sold in the U.S. since 2009—to burn dirty except when they were being tested,” wrote UCLA public policy professor Mark Kleiman at The Reality-Based Community blog on Friday.

Situations like these point to the need for strongly copylefted free software—software users have permission to run, inspect, share, and modify—in all the computers they own, such as software licensed under the GNU General Public License. VW being caught is the exception and this is hardly surprising; proprietary software is often malware. This would naturally include software in their vehicles. It’s critical that derivative programs must convey the same freedoms to its users so the consumer protection of software freedom is carried on.

Copyleft—a means of protecting the freedoms of free software for derivative works—is why mere “open source” is inadequate to the task. Any call for “open source” would purposefully fail to distinguish between copyleft and non-copyleft licenses. The open source movement was built to be silent on software freedom. A non-copyleft license would allow proprietary derivatives. If VW owners get more proprietary software as a result of this, they might get more fraudulence when they’re in a bargaining position to demand and expect justice and fairness. All computer owners deserve software freedom to help them avoid fraud and make their software run safely all the time, not just when being inspected. And don’t buy into any proprietor-friendly excuses of VW’s hands being tied by upstream program providers or regulatory restrictions—people’s lives are at stake and it’s important to prioritize what people need to live safely, ethically, and not pollute their environment unnecessarily.

Update (2015-09-25): ExtremeTech.com reports that more information is coming to light which brings suspicion on more automakers—Audi, Porsche, BMW. It seems that comparable fraud and environmental damage are coming from BMW vehicles (“the BMW X3 2.0-liter diesel model spitting out 11 times more nitrogen oxide than the current level set by the European Union”). Basically, if your car has a computer in it, that computer probably runs on nonfree software. You, the car’s owner, deserve the right to run, inspect, share, and modify the software at any time for any reason. But only the proprietor does, hence the name “proprietary software”.

Related articles:

  • Wired magazine on a remotely-exploitable Jeep Cherokee as well as mention of exploits for Ford Escape and a Toyota Prius dating back to 2013, and word of a recall for the same Chrysler exploit and a lengthy list of vehicles with vulnerable software.
  • Tesla’s Model S software apparently allowed “shut[ting] the car down when it was driving“. Tesla claims to have fixed this in an “over-the-air update to Model S owners”, but without the ability to inspect the software only the untrustworthy proprietor can say what else the software allows (either pre- or post-“update”).
  • Electronic Frontier Foundation (EFF): Researchers Could Have Uncovered Volkswagen’s Emissions Cheat If Not Hindered by the DMCA. Fleeting exemptions to the DMCA are mostly a waste of time[1, 2] since they quickly render whatever is done under them unreproducible using the same methods the original researchers used under the exemption. One could even convincingly argue such exemptions were designed to discourage filing for exemptions, possibly with a long-term goal of changing the DMCA to remove exemptions if exemption applications prove sufficiently unpopular. But one exemption the EFF filed for was recently objected to by the EPA—an exemption that would let people tinker with their car’s software. It’s worth noting that “the EPA is asking the Copyright Office to leave copyright law in place as a barrier to a wide range of activities that are perfectly legal under environmental regulations: ecomodding that actually improves emissions and fuel economy, modification of vehicles for off-road racing, or activities that have nothing to do with pollution” and cars that predate computerization could be modded to not obey ecological regulation, but the US has a long history of being reacting to this by inspections and fines. So there’s no reason to stop computerized car owners from fully modifying the cars they own. And the EFF is right when it concludes, “When you entrust your health, safety, or privacy to a device, the law shouldn’t punish you for trying to understand how that device works and whether it is trustworthy.”.

Happy Software Freedom Day!

I support free softwareSoftware freedom—the freedom to run, share, and modify the software on computers you own—is critical for an ethical way to operate a computer and retain control over that computer. Today is Software Freedom Day, a day for celebrating software freedom and spreading the message that software freedom is a value for its own sake. We should value these freedoms and insist that all of our computers run exclusively free software. Most computers come preloaded with nonfree software, software that lets someone else control our computing. This directly enables spying and remote control over our computer. Three cheers for Edward Snowden, and all of the government and business leakers who bravely gave us the evidence that non-freedom is used against us all in mass surveillance!

Here’s Richard Stallman, founder of the free software movement, with a clear definition of free software and why it matters:

So run free software on a fully-free operating system (such as any of these GNU/Linux systems) and have a happy Software Freedom Day!

More about Software Freedom Day

Don’t let the US Congress “fast-track” the Trans-Pacific Partnership

As the EFF writes: (link added)

Leaked texts of the Trans-Pacific Partnership agreement’s “Intellectual Property” chapter confirm our worst fears: Big Content companies are pushing extreme copyright provisions in a secret trade deal that would put restrictive controls on the Internet.

If you’re in the US, contact your legislators and let them know you oppose the TPP!

LibrePlanet 2015 speaker on “Document Freedom Day” equivocates on software freedom?

LibrePlanet is an annual free software conference held in Boston, Massachusetts near the home of the Free Software Foundation. I watched a recording of the LibrePlanet 2015 talk on Document Freedom Day by Robinson Tryon and heard him present a false dichotomy about software freedom as well as non-critically endorsing the use of proprietary software during his response to someone asking about music score software (such as GNU LilyPond):

I think it would be great for students to be exposed to all kinds of software that are out there on the market today. Whether that’s going to be some proprietary alternatives or some free software. I think that if you give people a solid education, if you give them a solid grounding in a lot of different tools, I think predominately they’re gonna make decisions that we are happy with, that we’re excited about because they’re gonna express the same views we do. That, you know, why would we choose this thing that has reduced functionality, I can’t use it after I graduate, and they’ll say ‘This is ridiculous!’ and we wouldn’t have to make that point for them. But I think that at this time, we aren’t coupling our education, and our use of free or proprietary software, with that lesson.

Some of the teachers that I liked the most, that I enjoyed the most when I was in high school and college were the ones that taught life lessons about their time in the military or in political situations where their higher-up told them to do something that was totally ridiculous, or told them to do something that they couldn’t possibly accomplish. But the sort of lesson was: well, if you can get it done, you know, however you can get it done. Then everything will be okay; we don’t need to know how the sausage is made.

So I think it’s really important for us to actually be honest with students, to give them a full picture. I think it’s just as irresponsible for us to tell students ‘You should only use free software’ and that’s the whole message we give, as to say ‘You should just use Microsoft products’. If we want someone to use free software we need to talk to them about everything that’s out there and why we think free software is a good choice. And then let them make their own decision. Because that’s the whole point; it’s about freedom. And so I really hope that with music and with other tools, that if we provide an ecosystem, and if we get enough people interested, that yeah, we’re gonna see some adoption of notation software.

That’s not what the free software movement, Richard Stallman, or any Free Software Foundation article argues. Stallman is on record explaining at length exactly why non-free software is unethical. And when describing how education should be set up, he says (as recently as his 2015-03-21 keynote at the LibrePlanet 2015 conference) that students should only be allowed to bring free software to class because he doesn’t want children to learn not to share. “Moral education, education in citizenship” is critical, Stallman writes, “It’s not enough for a school to teach facts and skills, it has to teach the spirit of goodwill, the habit of helping others. Therefore, every class should have this rule: “Students, if you bring software to class, you may not keep it for yourself, you must share copies with the rest of the class, including the source code in case anyone here wants to learn. Because this class is a place where we share our knowledge. Therefore, bringing a proprietary program to class is not permitted.” The school must follow its own rule to set a good example. Therefore, the school must bring only free software to class, and share copies, including the source code, with anyone in the class that wants copies.”.

What we see in American schools is the opposite—proprietary software is unquestioningly installed and used without anyone teaching about software freedom, using free software (except maybe for a cost savings), or valuing software freedom for its own sake. Using free software to save on software licensing cost seems like a good goal if you measure success in terms of popularity. But popularity fades and is easily reversed by wealthy proprietors eager to use schools to introduce their proprietary software to students. This is what should get LibrePlanet speakers riled.

So where would anyone get the idea that the difficult choice we face is whether to teach exclusively free software without informing students of the unethical nature of non-free software, versus using only non-free software? I suspect this false dichotomy is the result of the philosophy of the open source movement. That movement doesn’t say non-free software is wrong. The open source movement was developed to placate businesses by pitching a developmental methodology which stresses convenience. Sometimes this means endorsing proprietary software. The FSF has written about the beginnings of the open source movement in a couple of essays (an older essay, a newer essay).

Software freedom is not about maximizing the number of software choices. Proponents of non-free software conflate choice with freedom because it gives them another opportunity to promote their non-free software even if they have to do that right along side free software, talking about the two together as if the two are ethically equivalent. This helps take ethics off the table for discussion and grants proprietors a chance to reframe any debate around technical convenience. The problem for users remains: One cannot gain or keep software freedom by using non-free software.

We shouldn’t look for ways out of teaching students what ills proprietary software brings society. We should not present all options as if they’re equally ethical and hope that people figure this out on their own (“let [students] make their own decision”, as Tryon put it). Moral education is critical and schools must do this. If we don’t teach people to value their freedom and fight for it we will lose our freedom. We know this is true from history with proprietary derivatives of non-copylefted free software, and we heard from Karen Sandler’s LibrePlanet 2015 conference closing speech that she was unsuccessful in trying to get VMWare to comply with the GNU General Public License (a license that grants software freedom to all users so long as they pass on that same freedom if they distribute the software further). As she said in her talk, one way you can help is by endorsing free software licenses that defend software freedom for derivative works (known as “copylefted” free software licenses like the GNU GPL):

We not only need financial help, we need your help as advocates. We need you to be going out and supporting enforcement. We need you to explain why copyleft is important, and why it matters. And we won’t be able to do it alone.

And most importantly, I think, seeing a public swell of support for the GPL and for copyleft, could even influence the lawsuit itself. You don’t know; by showing that the public cares about it, it escalates this issue to one of public importance.

Helping people understand the value of keeping their software freedom via copyleft requires teaching people to value software freedom for its own sake.

But just as free software lawyer Eben Moglen often points out in his talks, “Stallman was right”, Stallman had already written about so much of what came up:

Coca-Cola’s Fanta history is no “mistake”, corporations have propped up fascists for a long time

Sure, the following clip from the 2014-03-09 “Last Week Tonight with John Oliver” was funny:

but this was no “mistake”, hardly “unintended”. Coca-Cola’s Fanta ad is the result of telling the truth about its ugly history. Furthermore, this ugliness is hardly new.

Corporations have long propped up governments that serve their interests including backing fascism. One of the best documentaries available, “The Corporation” reminds us:

See/download “The Corporation” in its entirety and get the 2-disc DVD which has lots of interview extras and commentary that are well worth your time.

FSF to Lenovo: Users need laptops certified to respect user freedom

In February 2015 the public discovered that Lenovo released new Lenovo laptops with Microsoft Windows came preinstalled with “Superfish” which allowed, among other things, spying on user’s web connections even if those connections were encrypted. The software responsible for this is “Superfish”. You can read more about Lenovo/Superfish on Ars Technica and Wikipedia. Lenovo claims laptops shipped between October and December 2014 have Superfish preinstalled and Lenovo claims they won’t resume shipping Superfish. But why trust them?

The Free Software Foundation (FSF) calls on Lenovo “to create and sell laptops that are certified to respect user freedom and come with a preinstalled free operating system“. The FSF also points out the difference between proprietary security exploitation (such as what was done with Superfish) and free software privacy mistakes (such as what happened with Heartbleed and POODLE):

Recent high-profile security vulnerabilities in free software, like Heartbleed and POODLE, were created when well-intentioned developers made mistakes that were difficult to detect. But this is different — Lenovo and Superfish caused a massive security breach for the sake of expedience in generating ad revenue.

Digital Citizen agrees with this call. Lenovo can set a trend for respecting user freedom by working with the FSF and the FSF’s Respects Your Freedom campaign to produce laptops that users can buy which respect the user’s freedom right out of the box.

Update (2015-02-22): Ars Technica publishes an article saying that there are now 14 known programs using the same code that renders users helpless against secure website spying. And the article also reminds us that “Superfish CEO Adi Pinhas issued a statement on Friday saying Superfish software posed no security risk“. It’s worth keeping this in mind the next time you hear any proprietor tell you their software is secure. Free software offers no guarantee of security but software freedom lets you inspect the program to make sure it does only what you want it to do, alter the program until it meets your needs, and distribute the program to help others. Proprietary programs are an unknown quantity—you can’t tell all of what they do because you have no complete corresponding source code, you have no distribution rights so you can’t help others or get much help from them, and some proprietary programs even restrict when they may be run.

Congratulations on 30 years of promoting software freedom!

Most people interact with free software every day, but many of those people don’t know what free software is or why they should go out of their way to use it. The Free Software Foundation (FSF) wants to fix that (and I think you want to fix this too), so the FSF commissioned a short video that makes free software easy for everyone to understand:

Download and share copies of the video

Without fleeting reference to nonfree software: full resolution, 1080p, 720p, 360p, 240p

With fleeting reference to nonfree software (around 2m19s): full resolution, 1080p, 720p, 360p, 240p

Production files are also available (local copy, copy hosted at the FSF).

Links to copies

Without fleeting reference to nonfree software hosted at the FSF: full resolution, 1080p, 360p, 240p

With fleeting reference to nonfree software (around 2m19s) hosted at the FSF: full resolution, 1080p, 360p, 240p

More about this video from the Free Software Foundation.

Update 2015-01-02: FSF Executive Director John Sullivan posted a new version of the video without a fleeting reference to nonfree software:

There are a few small “easter eggs,” both intentional and unintentional, in the “User Liberation” video we just released. One that drew some comments is the desktop screenshot flashing by near the video’s end.

Is that…a Skype icon? Is that…Flash? Is that…nVidia? IN AN FSF VIDEO?

After this was brought to my attention, I first thought it was fine to include the icons, because of the overall framing. The narrator in that section of the video says, “We’ve still got work to do.” None of the context promotes or recommends use of those programs, and since the icons flashed by in a second, I didn’t think we were increasing their recognizability or notoriety. Everything about the video problematizes proprietary software and advocates user freedom. The only application the character is directly using is free software. The other icons seemed merely part of a realistic scenery, and as we all know, the scenery of our digital lives contains much ugliness.

Video credits

Urchin Studio

Fateh Slavitskaya (Script, Voice), Bassam Kurdali (Animation/Production)

Free Software Foundation

Libby Reinish, John Sullivan, Zak Rogoff


James P. McQuoid (Guitar)

SFX from freesound.org under CC0 and CC BY by:
airtaxi, benboncan, cactus2003, crashoverride61088, dave-des, davidbain, ecfike, elliotlp, flint10, gchase, hunter4708, irishcinema, jamesabdulrahman, jasonlon, lavik89 lloydevans09, ludvique, martypinso, misscellany, monotraum, muses212, northern-monkey, pandotrix-emark, primeval-polypod, simosco, snapper4298, soundsexciting, swiftoid, wjoojoo


Script: gedit, Piratepad, TextPlay (command line fountain renderer), Trelby (dedicated screenwriting application)

Sound recording: Audacity (voice), Ardour (music)

Story boards: Krita

Vector Mockups: Inkscape

Visuals, animation, rendering, editing, sound editing: Blender

webm encoding: Transmageddon (first batch), Pitivi (second batch)

While Open Source leads to patent traps, Free Software warns and liberates

Microsoft recently announced that they were releasing their .NET software under the MIT license; ostensibly making Microsoft’s .NET implementation Free Software. Microsoft also published a patent promise telling each user Microsoft won’t “assert any .NET Patents against you for making, using, selling, offering for sale, importing, or distributing” covered .NET code. Mono, a .NET implementation, has incorporated Microsoft’s previous code contributions and plans to do more of this.

Mono developer Miguel de Icaza mentioned “Open Source” 9 times in his blog post, each time endorsing the open source movement and Microsoft’s actions.

But Microsoft’s software has a patent trap within: Microsoft is not clearly granting each user an irrevocable patent license for all of its patents that Mono actually exercises.

Was it ever wise to include Microsoft’s code?
Is it wise to do this now?
Is it wise to build dependencies on C#, a language that depends on a .NET implementation?
Is it wise to build dependencies on anything else involving .NET?

It’s worth looking at history to see what traps Microsoft has set and determine if those problems still exist.

In 2009 the FSF advised against writing software in C# and pointed to a practical alternative to C# while making it clear that the problem lies not with C# or .NET implementations but with taking great risks believing Microsoft’s patents won’t be used to sue users into losing the very freedoms they ostensibly gained. Here’s how the trap would work: Neither Microsoft’s Patent Promise nor Microsoft’s chosen license grant you an irrevocable patent license. Microsoft has promised to not sue you. A promise not to sue and an irrevocable patent license are not the same thing because the circumstances that make Microsoft’s promise true today can change tomorrow rendering the promise obsolete. The same is not true of an irrevocable patent license. As the FSF pointed out in 2009:

The Community Promise does not give you any rights to exercise the patented claims. It only says that Microsoft will not sue you over claims in patents that it owns or controls. If Microsoft sells one of those patents, there’s nothing stopping the buyer from suing everyone who uses the software.

The FSF’s 2009 essay cites quotes to clearly show how Microsoft has the intention to be a patent aggressor targeting Free Software users. It should be obvious that Microsoft has the means to litigate.

Computer users beware: Avoid .NET dependencies (including C# and .NET applications) and don’t get other users into a patent trap. As FSF Executive Director John Sullivan wrote in 2009 it’s not bad to have free .NET implementations but we should not depend on them because they carry unnecessary patent infringement risk:

We should systematically arrange to depend on the free C# implementations as little as possible. In other words, we should discourage people from writing programs in C#. Therefore, we should not include C# implementations in the default installation of GNU/Linux distributions or in their principal ways of installing GNOME, and we should distribute and recommend non-C# applications rather than comparable C# applications whenever possible.

I can’t help but notice how “open source” is all over the announcement and supporters’ blog posts encouraging you to take Microsoft’s patent bait. I don’t see one open source proponent warn you about any potential patent problems. And I notice that the Free Software Foundation offers sage warnings about patent ownership, about how ownership changes render patent promises moot, and I see that the FSF gives us practical solutions to avoid Microsoft’s patent trap. This is no accident. It’s part of how Free Software and Open Source differ and how those philosophical differences sometimes lead to radical differences on the ground.

The Free Software movement is a social movement known for looking out for every computer user’s software freedoms to run, share, and modify published computer software. Open Source is a younger business-friendly developmental methodology designed to never raise software freedom as an issue so your loss of those freedoms never comes to mind (read source 1 and source 2 for more information on this).

A note (2014-11-12): According to End Software Patents speculates that “the 2012 “in re Spansion” case in the USA and the judge ruled that a promise is the same as a licence. (See The value of promises and estoppel defences)”. However, this might not matter because:

  • it’s not explicit in the ruling if this still applies when someone else buys the patents“, in other words it’s not clear that a patent promise is as good as a license,
  • “you’re only protected if you’re distributing the code “as part of either a .NET Runtime or as part of any application designed to run on a .NET Runtime“. So if you add any of the code to another project, then you lose protection and MS reserves the right to sue you or ask for royalties” (source)
  • “the protection only applies to a “compliant implementation” of .NET. So if you want to remove some parts and make a streamlined framework for embedded devices, then your implementation won’t be compliant and the protection doesn’t apply to you.” (source)

So even if ESP is correct and a promise not to sue is as good as a license, Microsoft’s patent promise has enough problems with it that you’re still left with the same result: you’re better off not building dependencies on .NET. Don’t follow the aforementioned “open source” promotions.

First signs of how Mozilla implements DRM, continued signs of how Free Software benefits all its users

Today I came across a report in Trisquel GNU/Linux’s issue tracker describing a new bug in Mozilla Firefox which, Trisquel developer Rubén Rodríguez Pérez says “allows Mozilla to install any binary into the browser, through a dedicated system of updates”.

This situation is a clear indication of how Free Software underscores one’s security and how nonfree (or proprietary) software undermines one’s security.


Trisquel is a fully-free GNU/Linux operating system. The software in this system is entirely free for users to run, share, and modify at any time for any reason. Mozilla Firefox is a web browser developed by the Mozilla organization, a proponent of the Open Source development methodology which distributes Firefox as Free Software. The Free Software Foundation is a non-profit organization dedicated to informing computer users about software freedom (the freedom to use, study, copy, modify, and redistribute computer programs).

One week after the International Day Against DRM, Mozilla announced a partnership with proprietary software company Adobe to implement support for Web-based Digital Restrictions Management (DRM) in its Firefox browser. Mozilla changed Firefox so Firefox would prompt the user to install a proprietary program to decode a certain kind of video, the kind of video some video distributors such as Netflix, wish to use. Firefox will do this by looking at a list of repositories from which Firefox can download the program, download a program to do this job, and then run the program from the user’s system.

Firefox’s current implementation

We now know that this alleged “feature” is implemented in such a way that it could allow Mozilla to get the user to run any program Mozilla wants to publish (as Pérez describes). This is troubling because if the repository ever comes under the control of someone untrustworthy, the repository could be used as a distribution point for malware.

Mozilla could have chosen not to implement this at all; they could have chosen to point out the unethical underpinnings of nonfree software. The Free Software Foundation condemned Mozilla’s decision partly on this basis. But because of Mozilla’s allegiance to the Open Source development methodology which aims to not bring a user’s software freedoms or the ethics of software freedom to anyone’s attention and because of a fear of losing popularity with users for which there is no evidence, Mozilla instead praised their relationship with Adobe, a known enemy of software freedom.

But couldn’t any browser do the same? Why is Firefox uniquely worthy of mention here?

Any browser could implement the same mechanism in the same way (and for all we know other nonfree browsers already do this). But since Firefox is Free Software users have the freedom to:

  • modify the browser to not load the externally-provided binaries in the first place thus avoiding the entire issue,
  • distribute the improved freedom-respecting variant to others to help one’s community avoid the nonfree software,
  • run the improved browser whenever they want and make it a part of a wholly Free Software operating system as Trisquel is doing. The power of a better example is compelling.

These freedoms allow programmers to deliver derivatives of Firefox such as “Abrowser” which respect a user’s software freedom by effectively disabling the malware-loading code and changing the browser so it won’t introduce users to nonfree add-ons by default.

Fortunately Firefox is not the only Free Software browser out there and users of other Free Software browsers have the same freedoms. Users of nonfree browsers don’t have these freedoms and are thus at the mercy of whatever the browser developers want to allow (and whatever the programs those browsers install allow).

So the big deal is freedom of choice, right?

No. Software freedom is not freedom of choice because freedom of choice is easily turned against the user. Imagine if all the browsers a user had to choose from were nonfree. That user would have to choose amongst a variety of browsers where none of the choices were safe from this malware distribution mechanism. If a user didn’t want malware they’d have no freedom to prevent malware from being distributed to them, posing as a program purporting to offer some benefit, and running that malware without having any opportunity to vet the software or reject it.

But I’m not a programmer! I can’t vet any software. Whether the browser is Free Software or not doesn’t matter to me, right?

Software freedom should matter to all computer users because we all need to make sure our computers are safe for us to use. There’s too much Free Software out there to vet all of it ourselves, we have to rely on someone to do some vetting for us. But if we don’t support software freedom for its own sake we can’t trust anyone to review software with our interests in mind. This leaves us at the mercy of those who will do us harm by getting our computers to run malware.

How bad can this get?

In 2008 Argentinian security researcher Francisco Amato notified Apple of a remotely-exploitable hole in iTunes. Apple iTunes users had no way to know that a bogus update wasn’t coming from Apple but was instead “FinFisher”, a trojan horse program designed “to permit surreptitious PC and mobile phone surveillance” according to Brian Krebs. Apple took over 3 years to distribute a patch fixing the security update mechanism.

We can’t know what other problems await iTunes users because iTunes was and is nonfree software. Users aren’t allowed to inspect, share, or modify the program. So even if users find another problem with iTunes they can’t legally prepare and distribute an improved version of iTunes that doesn’t have the flaw. The same problem applies to all nonfree programs.

Problems like this inevitably arise when one uses nonfree programs.

What can Mozilla do instead?

Mozilla can’t and shouldn’t control which websites one visits. But Mozilla can control what Firefox presents to the user as a reasonable addition to enable some desired functionality. And this situation gives Mozilla an opportunity to educate users about the problems with DRM and the tough choice they face in delivering a browser that respects user’s software freedom even when those freedoms mean doing without Netflix. Mozilla should not make it easier for users to run nonfree software.