[Dev] [Bug-gnuzilla] Several freedom-bugs in IceCat (from the Parabola team)

Loic J. Duros lduros at gnu.org
Sun Jan 6 18:08:35 GMT 2013 

Luke T. Shumaker <lukeshu at sbcglobal.net> writes:

Hi:

Thanks for these reports, we will review them thoroughly in the upcoming
days. I've added brief thoughts and comments about them as I read.

> Type: freedom issue
> Subject: Includes non-freedom respecting search engines
>
> Even though DuckDuckGo is the default, it still includes Google and
> Yahoo search engines.

AFAIK, we still want to provide alternatives to DuckDuckGo, and give
users the choice. DuckDuckGo HTML-only is the default, and non-free JS
is blocked from such sites as Google and Yahoo. Do you have other
alternatives you'd like to see there or replace the Google and Yahoo
choices?

> Type: (possible) freedom issue
> Subject: Recommends DuckDuckGo, which uses non-free javascript.
>
> DuckDuckGo uses non-free javascript, so Parabola includes DuckDuckGo
> HTML.  However, because IceCat includes LibreJS, this may be a
> non-issue, as without javascript, it will fall back to the HTML-only
> version.

DuckDuckGo in the search box and in the about:home page go directly to
the html version of DuckDuckGo, the form is given the html-only url:
https://duckduckgo.com/html/
There is no javascript in the html-only pages.

>
> I feel that it is still nescessary to include DDG HTML instead
> because even though it falls back, it still seems to be recommending

Where do you see DDG being included without the /html/ url? Maybe
there's a location where it isn't applied.

> the non-free JS.  Similar way to how Linux-libre doesn't just
> remove non-free globs, but also removes reverences to the files from
> the kernel, so that it doesn't seem that the kernel is recommending
> them.
>
> ----
>
> Type: freedom issue
> Subject: If social API stuff is enabled, Facebook is there by default
>
> Even though social.active=false by default, if it is enabled, the
> default setup includes Facebook.
>
> This affects the values of social.manifest.facebook and
> social.activation.whitelist in browser/app/profile/firefox.js

Even when enabling the Social API, I can't see Facebook enabled by
default. I talked with a few Firefox developers a while ago on this
issue. It appears you have to go to a page (from Facebook) and click
"install", after what you see the sidebar and you can like a URL, etc,
... What do you mean by "Facebook there by default"?

For the Social API code itself, it is released under a free license, and
so isn't a freedom issue per se. The services it may interact with, on
the other hand, may not be free. We probably need to warn users about
this. All in all, I think the Social API is less of a privacy concern
than the "like" buttons you may find on websites, because if you `like`
a URL with the API, only the URL value is being communicated; but I'll
have to check again. Of course, we should at least warn or discourage
people from using Facebook for the reasons given here:
https://www.fsf.org/facebook

More to come about this... But let's keep in mind it is already disabled
by default.

>
> ----
>
> Type: rebranding issue
> Subject: browser/app/Makefile tries to install /bin/firefox

Thanks for pointing this out!

> Type: rebranding issue
> Subject: Identifies w/ Mozilla in the first-run "Know your rights..." bar
>
> The bar that pops up on first run tha has the "Know your rights..."
> button reads:
>
>  > GNU IceCat is free and open source software from the non-profit
>  > Mozilla Foundation.

Thanks! This is a problem. We might want to remove the bar all together or
create a new one linking to the Free Software page.

>
> Type: technical/rebranding issue
> Subject: "Reset IceCat" does not work
>
> This is because it falls victim to Mozilla bug 756390
> The patch uploaded to the Mozilla bug tracker should fix this.
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=756390
>
> ----
>
> Type: (possible) rebranding issue
> Subject: Uses the phrase "Firefox Sync"
>
> I'm not sure if this is an issue or not.  One could look at "Firefox
> Sync" as a separate service (that is integrated) that is not being
> modified, or as part of the browser that is.

Since the servers are provided by Mozilla, changing the name to "IceCat"
didn't seem to make much sense, and could have been misleading for users.

>
> ----
>
> Type: freedom/legal issue
> Subject: Recommends using Mozilla's sync servers.
>
> Mozilla's TOS only allows "official Mozilla-branded software" to use
> their servers for Firefox Sync without special written permission.
>
> I know that Trisquel runs their own sync servers for Abrowser, I'm
> sure they'd be happy to let you use them.  I also think it would be
> cool if GNU ran their own servers.  I've also been toying with the
> idea of packaging the sync server software for Parabola and running it
> on our servers.
>
> If you do end up getting permission to use Mozilla's servers, I
> believe that the TOS and Privacy Policy are acceptable, but you'd want
> to take a look yourself. 
>
> ----
>
> Type: bug
> Subject: langpacks
>
> There are no IceCat 17 langpacks that I can tell.

I have sent an announcement on this mailing that I was looking for help
on this. I can generate the automated packages, but they have several
issues that need more focus than I have time to give them. Currently
focus is on privacy and freedom, and so anyone willing to take over
generating the langpacks would be appreciated!

>
> As another issue with the langpack script, the resulting langpacks
> overrode the normal search engine settings to be back to using Google
> by default. (apparently, en-US user here)

This is one among other issues with the bash script that does the
conversion. It needs much updating.

>
> ----
>
> Type: feature request
> Subject: Run AMO on GNU servers.
>

I have asked the sysadmins at GNU about hosting an appl a while ago, and
the best solution they gave us is to host the list of addons in the FSF
Free Software Directory. I am looking for volunteers who can help doing
this. They would need an account on the FSF directory and a brief
walkthrough on how to create the addon list.

Would you be willing to add the addons to the FSF Directory list, or
find more volunteers to do so? :-)

Also, if you are interested in working on IceCat bugs yourself and
provide patches, this would be very beneficial for the project.

Thanks for all your reports, and I'm looking forward to fixing what can
be fixed!

Loic

More information about the Dev mailing list