- cross-posted to:
- opensource@programming.dev
- lealternative@feddit.it
- cross-posted to:
- opensource@programming.dev
- lealternative@feddit.it
You must log in or register to comment.
It took me going to their GitHub to find out, but it’s GPL 3.
really appreciate you reporting back, thanks for sharing!
- sunzu2 ( @sunzu2@thebrainbin.org ) 33•7 months ago
What does this mean practically
It means it can’t ever become proprietary closed-source software (not without a major lawsuit).
Any new open source software is always a net positive.
But, there are a few small caveats to the way they’ve done it (depending on how cynical/cautious you are):
- Because Proton are not accepting contributions, they own all the copyright, so can make the code closed source again if they want to (that wouldn’t affect the already released versions, but future versions)
- They could likely take down any derivative on iOS, since Apple will always take instruction from the copyright holder, for GPL’d code
- Since the builds are not reproducible, there’s no guarantee that the binaries they distribute are built from the source code
- “Because Proton are not accepting contributions, they own all the copyright, so can make the code closed source again if they want to (that wouldn’t affect the already released versions, but future versions)”
They can’t do that actually. They can close the source, yes, but if they do they can’t then release the new closed-source version to the public.
From the GPL FAQ page:
Does the GPL require that source code of modified versions be posted to the public?
The GPL does not require you to release your modified version, or any part of it. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization.
But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program’s users, under the GPL. [Emboldened by me.]
Can the developer of a program who distributed it under the GPL later license it to another party for exclusive use?
No, because the public already has the right to use the program under the GPL, and this right cannot be withdrawn.
- “They could likely take down any derivative on iOS, since Apple will always take instruction from the copyright holder, for GPL’d code”
Does the license prohibit this? Definitely. Could they get away with it? Probably. Though I’m uncertain Proton would go that far. I mean, if they wanted to prevent forks, they wouldn’t have released the source, let alone with the GPL3 license, which requires the right to make modifications (as that’s one of the Four Freedoms).
- “Since the builds are not reproducible, there’s no guarantee that the binaries they distribute are built from the source code”
Technically true, I suppose, though again why they would do that is beyond me. If they didn’t want forks, they likely wouldn’t have allowed forks.
Again, this is all assuming I’m understanding the GPL FAQ page correctly. If I’m wrong, I would welcome someone smarter than me to correct me. :)
IANAL, but AFAIK that’s incorrect. If you’re the only copyright holder, you can issue multiple licenses for your work. GPL doesn’t allow you to rescind previous issues, so anyone in possession of your GPL code can still modify and release it under the GPL freely. But it doesn’t prevent you from issuing your own work under a different license.
There isn’t usually much economic sense for most applications to do that because anyone can fork the project and distribute it for free. For Proton, since they still hold the server as closed source, they could simply introduce a breaking protocol change and all the forks would be useless.
The way I understand it is that they can relicense it and then publish it if they want, but the GPL would still fully apply to the previous versions.
The first question you cited seems to refer to any different organisation/individual making changes to the source code. And the second seems to refer to revoking the GPL for an already released version, which they would of course not be allowed to do.
This would make sense as ownership of the copyright would supersede a license.
gpl v3 you can do pretty much anything but you have to put it the same license but it has like drm protections and Anti-Tivoization and also has some patent protections people find this license too strict
Its actually more restrictive, in a good way.
You can’t, for example, fork it, make changes, and sell that derivative software without releasing the source code
yeah but drm is too strict for some people and anti tivozation this is why linux did not do gpl 3.0 or later
Very nice, I do hope that helps us finally get a Linux version sometime soon lol
Feels like this would be a bigger win for them than a lot of other companies. The people interested in privacy focused alternative to the Google/Microsoft/Apple offerings probably have a lot of overlap with Linux users.
I believe that rclone already has Proton Drive support.
It does, yeah. Still, having access to the official client too would be nice.
sad its on github but am not complaining much
Oh it’s open source? where are the serverside repositories then
The title specifies that it’s the apps that are open source.
If it is running on the server you have no way of verifying the code or the execution environment.
Theoretically you should now be able to self host proton
TC says otherwise
There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the Trusted Platform Module, which is the ultimate hardware system where the core ‘root’ of trust in the platform has to reside.[10] If not implemented correctly, it presents a security risk to overall platform integrity and protected data
https://en.m.wikipedia.org/wiki/Trusted_Computing
Literally all TPM’s are proprietary. It’s basically a permanent, unauditable backdoor, that has had numerous issues, like this one (software), or this one (hardware).
We should move away from them, and other proprietary backdoors that deny users control over there own system, rather than towards them, and instead design apps that don’t need to trust the server, like end to end encryption.
Also: if software is APGL then they are legally required to give you the source code, behind the server software. Of course, they could just lie, but the problem of ensuring that a server runs certain software also has a legal solution.
Not all TC is proprietary
I read through the docs. I’m not sure how this enables trusted computing.
The whole idea is to be able to build a secure, distributed cloud. The whole network depends on secure enclaves.
I cannot find anything related to that in their documentation, their about page, or their whitepaper.
They talk a lot about decentralized computing, but any form of secure enclave or code verification isn’t mentioned.
Compare that to this project, which is similar, but incomplete. However, quilibrium uses it’s own language instead of python or javascript, like golem does. The docs for golem do not explain how I am supposed to verify a remote server is actually running my python/javascript code.
And I call there bluff
Its not a bluff, its cryptography lol
Except you don’t control the hardware. If the execution environment is untrusted everything goes out the window
Thats literally what TC solves
Not really as you still need trust
- JustMarkov ( @JustMarkov@lemmy.ml ) English7•7 months ago
Wow, so cool. And Mobile Calendar source code is still unreleased, right?
It would have only taken you two clicks to see if the source code of proton calendar for mobile devices is released or not.
spoiler: Yes the code for iOS and android is on GitHub.- JustMarkov ( @JustMarkov@lemmy.ml ) English7•7 months ago
Can you give a link, then? Because I can only find a web-ui source code.
Awesome! Cant wait for their wallet thing to become ready and i hope they have support for many types of coins… also i wish theyd make it so that proton drive work with joplin 😑
they can only support one coin legally. for details check out the Opt Out podcasts’s episode about this topic
Can you give a summary of why that is?
I was listening to it a few weeks ago, but vaguely there are auditing companies in the Netherlands that need to verify companies above a certain size whether they are handling their money properly. As I understand it includes tax accounting.
These auditing companies don’t like cryptocurrencies. There are several of these that don’t agree to audit Proton even because they are accepting Bitcoin, but none of the remaining would accept it if they were also accepting a second cryptocurrency.Now that I think of it, it might have actually been the reason they don’t accept Monero as a payment? In that case, the reason for Proton Wallet being bitcoin only has something to do with another wallet’s developers having been jailed recently for handling multiple cryptocurrencies.
I recommend you to listen to it though, if you understand english speech. There were interesting topics (and Opt Out generally has interesting episodes).
This episode is 54 minutes, audio only. You can find it here: https://www.buzzsprout.com/1790481/15505787-proton-wallet-w-andy-yen.mp3.
More copilot training data.
Yeah I don’t understand why they don’t have a codeberg or similar that they host themselves.
How would that help? If you release something as GPL code, you cannot prevent it from being used to train a model, no matter where it’s hosted.
There’s a difference between handing something to someone and leaving it somewhere they happen to be able to take it from.
Im personally waiting for a massive lawsuit, legally companies cannot train AI on GPL code (at least I don’t believe so)
There’s nothing in GPL that would forbid it. Only distribution without code publication is forbidden.
mhm, and how would the distribution inside an LLM work? Are those code snippets CoPilot et al produce come with dedicated license sections?
And regarding how it would help selfhosting the code: it wouldn’t be on the GITHub servers owned by Microsoft, which owns/operates CoPilot. Its akin to feeding the LLM directly by pushing it to their servers.
If Al warned about that it would be legal, I don’t believe any AI requires GPL
I started with their email services many years ago, and today I user their email + free calendar. To be true, they went too much far with all these apps, but as long as it works for them thats fine.
proton is CIA
How would that work? Proton is swiss and CIA is 'murica?
I mean the “Crypto AG” was a thing. So not that unrealistic.
But that Proton is CIA is not that realistic imho but not impossible.
Yet i cant use more than one free account on the mobile app?