Re: wip/cliqz: Request for review

[Santhosh Raju <santhosh.raju%gmail.com@localhost>]

On Mon, Apr 15, 2019 at 7:23 PM Santhosh Raju <santhosh.raju%gmail.com@localhost> wrote:
>
> On Mon, Apr 15, 2019 at 7:11 PM Greg Troxel <gdt%lexort.com@localhost> wrote:
> >
> > Santhosh Raju <santhosh.raju%gmail.com@localhost> writes:
> >
> > > On Sun, Apr 14, 2019 at 11:21 AM Greg Troxel <gdt%lexort.com@localhost> wrote:
> > >>
> > >> Santhosh Raju <santhosh.raju%gmail.com@localhost> writes:
> > >>
> > > Thank you for bringing this up, it made me look into the details of
> > > how Cliqz browser is built and the various ingredients that go into
> > > it.
> > >
> > > Let me elaborate this further since License is an important thing for
> > > the users of pkgsrc.
> > >
> > > So Cliqz develops an extension[1] for Firefox which helps with
> > > anti-tracking / ad blocking / search facilities etc.
> > >
> > > The extensions itself is open source[2] and comes under MPL 2.0. So
> > > one can install this plugin directly into any generic Firefox
> > > installation and it should work.
> > >
> > > In addition to the above Cliqz also has their own customized version
> > > of Firefox called Cliqz browser[3] which keeps track of upstream
> > > Firefox. When building this browser which is what this package does,
> > > it does pull in the Cliqz plugin automatically along with couple of
> > > other plugins and all of these are mentioned in the distinfo[4] (I
> > > think mentioned this wrongly as distfile).
> >
> > So if these are all the same license that's completely ok.
> >
>
> Good to hear.
>
> > > The propriety part is the "search service" provided by Cliqz (if I
> > > understand correctly) where in when you type a string in the address
> > > bar it will return possible search results via the Cliqz plugin (which
> > > is open source). This search service is provided by Cliqz and this the
> > > proprietary part which is mentioned in their description.
> >
> > I see.  But essentially all of the other search engines are not open
> > source, so f-droid would say "promotes non-Free network service".  So
> > really this is just "this browser defaults to the cliqz search engine".
> >
>
> Pretty much yeah. And some ad-blocking + anti-tracking features,
> provided by the same plugin.
>
> > > So AFAIK, the plugins which are pulled into the browser during build
> > > time are open source, but they are not built during the browser build
> > > process.
> > >
> > > The search service provided by Cliqz is proprietary. And this is my
> > > understanding.
> >
> > > I agree with this, in this specific scenario the other two plugins,
> > > one of them is https-everywhere[5] and the other is gdprtool[6] they
> > > are pulling in are GPLv2 and MPL 2.0 respectively.
> > >
> > > The pkgsrc script pulls in all 3 extensions during the fetch phase and
> > > they have their respective hashes checked against in the distinfo[4]
> > > file.
> >
> > So we should add to LICENSE "and gnu-gpl-v2".
> >
>
> I can do that no problem. I shall update this in the pkgsrc-wip repository.
>
> > > I am not sure if pulling in these directly constitute any sort of
> > > License violation from the current one which is being done, if so I am
> > > ready to take the necessary steps to make the user who is installing
> > > aware of these files being pulled in.
> >
> > The only real issue is if the licenses are compatible, but on the other
> > hand a plugin with a browser smells like aggregation rather than derived
> > work (but IANAL, TINLA).  I decline to object :-)
> >
>
> You are right it is aggregation.
>
> > > Hopefully this provides more clarity on the licensing parts of the software.
> >
> > Thanks - that helps a lot.
> >
>
> You are welcome. :)
>
> > Besides adding GPL2 to LICENSE, I think it would be good to adjust DESCR
> > to describe what's different from firefox, so that somebody would get
> > the right impression on first reading.
> >
> > I think this is something like
> >
> >   Cliqz is based on firefox, but pre-installs the Cliqz add-on, which
> >   [?]  and causes search terms to be sent to Cliqz as the default search
> >   engine.  Advertising is downloaded in bulk and presented based on
> >   local evaluation of search terms, rather than the conventional
> >   server-side profiling and ad choice.  In addition the HTTPS Everywhere
> >   addon is installed, and an addon to manage consent to data processing.
> >
> > Until now, I had no idea about the local ad notion.  I may have the
> > above wrong in the details, but I am suggesting that kind of information
> > for the prospective user.
>
> I do not think they serve "Ads" yet, but it is something that might
> happen in the future. What I meant is the "search results" are
> presented from their end when you start typing in into your address
> bar as of now no "ads" are being served (Last I checked).
>
> Based on the above description I have made some minor corrections and
> made this for the DESCR.
>
> "Cliqz develops novel Internet browsers that incorporate proprietary
> features such as search and anti-tracking. Cliqz desktop browser is
> based on Mozilla Firefox.
>
> Cliqz pre-installs the Cliqz add-on, which causes search terms to
> be sent to Cliqz as the default search engine. In addition the
> HTTPS Everywhere addon is installed, and an addon to manage consent
> to data processing."
>
> Let me know your thoughts on this.
>

Dropped the word "proprietary" in description to prevent further
complications on licensing in the future.

Updated the LICENSE and DESCR in pkgsrc-wip.

> Regards
> Santhosh

If there are no other comments, I shall move this to pkgsrc-current
sometime in the weekend.

Regards
Santhosh