You are here

GPL Violations in XeroBank Browser

18 posts / 0 new
Last post
John T. Haller
John T. Haller's picture
Online
Last seen: 46 min 17 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
GPL Violations in XeroBank Browser

I'm posting to let the community know that I have informed XeroBank Browser of their violation of the GPL. As many know, XeroBank grew out of TorPark and is a combination of Firefox and Tor to allow secure connections of Firefox to the Tor Onion Router Network for anonymous web browsing. TorPark is based on my own original Portable Firefox code and I worked with the original TorPark developer on the initial versions. As that developer continued to work on it and enhance it and later switched the license from the GPL to a proprietary license that forbids commercial competition. As I did not give my permission for this, it is in violation of the GPL. As he has continued adding his code to mine, all additional work is also under the GPL and not their proprietary license.

I wrote to them today to inform them of my intention to post the source under the GPL to a new SourceForge project to ensure that it is not further used in an illegal manner. I am willing to involve the Free Software Foundation and the GPL Violations project if they wish as well.

As many of you have been involved in this project from the beginning, I felt you also had a right to know what is going on.

Kind Regards,
John

gluxon
gluxon's picture
Offline
Last seen: 4 years 2 months ago
Developer
Joined: 2008-06-21 19:26
:(

Sad

Well this really... well... sucks.

Now I feel guilty using it.

Bye bye Xerobank...

Thanks for letting us know John.

SteveTX
Offline
Last seen: 15 years 9 months ago
Joined: 2009-02-17 11:14
False Claims

John, et al.

I am the developer of xB Browser, to which John is referring to. John seems to have forgotten that we had this conversation two years ago, in which he told me a friend reverse engineered the program to find the sourcecode, and then went on to claim it used his code. Strangely, John and his friend seemed to be unaware that the xB Browser source code is public, and always has been. At that time, I informed John that there was no GPL violation, and it did not use any of the shared source since it has been rewritten.

John misunderstood that because I had thanked him by putting his name on the software splash screen, that it still used any part of his code. I told him not to worry, and I removed his crediting.

Upon reviewing the source, as anyone is capable, you will find that it contains not a single bit of Johns code, and hasn't for a very long time. It was rewritten from scratch by both myself and the NSIS developer himself, Amir Szekely, three years ago. I reject John's claim, and suggest anyone who is interested may investigate for themselves, and I will provide the tools below.

John, I haven't received your letter specifying these accusations and demands and threats about the FSF, and I suggest you email it to me personally. However, this is the second time you have made such a claim and been disproven. I expect when you actually review the source code, or your viewers do and find out you misinformed them, a public apology from you will be in order.

Steve

And now for proof for everyone:

1. Download John's core source
2. Download XeroBank's core source
3. Download WinDiff and compare them
4. Not a single line of code has been shared at all.

Zach Thibeau
Zach Thibeau's picture
Offline
Last seen: 2 years 1 month ago
Developer
Joined: 2006-05-26 12:08
would you care to provide the

would you care to provide the core nsi file you use instead of the nsh. Because what you are trying to say is nothing without the other half of the source for your app.

Another thing the Firefox Source John seems to mention is older than the one you have provided too. Perhaps John can confirm this

your friendly neighbourhood moderator Zach Thibeau

SteveTX
Offline
Last seen: 15 years 9 months ago
Joined: 2009-02-17 11:14
I would be happy to. Here is
Zach Thibeau
Zach Thibeau's picture
Offline
Last seen: 2 years 1 month ago
Developer
Joined: 2006-05-26 12:08
still by the sounds John used

still by the sounds John used the current FF code at that time, since then it evolved so your comparison to the one dated in the source by 2008 still doesn't put you in the clear. I will wait for John to confirm

your friendly neighbourhood moderator Zach Thibeau

SteveTX
Offline
Last seen: 15 years 9 months ago
Joined: 2009-02-17 11:14
It looks by that post that

It looks by that post that John made this most recent claim in this January 30th, 09. This source code I provided is from January 2nd, 09. All versions of our xB Browser code for at least the last couple years are available. I stand by my refutation of his claim. Feel free to compare any version you like.

John T. Haller
John T. Haller's picture
Online
Last seen: 46 min 17 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Comparison

Steve - Your claim in our last email amounted to 'I've changed it enough so that it's mostly new', which is not a valid argument. The fact is that you based it on my code originally, built upon it piece by piece and altered bits here and there and it still has bits of my code within it. At no time did you rewrite it from scratch as you have claimed elsewhere online.

Let's take an example...

your CURRENT main.nsh, lines 213-234:

	ProcessProfile: ;Check for an existing profile
		${DebugHeader} "ProcessProfile"
		IfFileExists "$PROFILEDIRECTORY\prefs.js" DisplaySplash
		${DebugHeader} "ProcessProfile: $PROFILEDIRECTORY\prefs.js not found"
			;No profile was found
			!insertmacro SplashSetText "No profile found"
			StrCmp $ISDEFAULTDIRECTORY "true" CopyDefaultProfile
			${DebugHeader} "ProcessProfile: ISDEFAULTDIRECTORY = $ISDEFAULTDIRECTORY"
			MessageBox MB_YESNO|MB_ICONQUESTION|MB_TOPMOST `No profile was found. Create a new profile here? $\n$PROFILEDIRECTORY\` IDYES DisplaySplash
			MessageBox MB_OK|MB_ICONINFORMATION|MB_TOPMOST `${NAME} can not run without a profile directory.  Please check your configuration.`
			Call UnloadGUI
	
	CopyDefaultProfile:
		${DebugHeader} "CopyDefaultProfile"
		CreateDirectory "$EXEDIR\Data"
		CreateDirectory "$EXEDIR\Data\Browser\plugins"
		CreateDirectory "$EXEDIR\Data\Browser\profile"
		CopyFiles /SILENT $EXEDIR\App\Browser\DefaultData\Browser\plugins\*.* $EXEDIR\Data\Browser\plugins
		CopyFiles /SILENT $EXEDIR\App\Browser\DefaultData\Browser\profile\*.* $EXEDIR\Data\Browser\profile
		GoTo DisplaySplash
		
	DisplaySplash:

My FirefoxPortable.nsh lines 227-246:

	ProfileWork:
		;=== Check for an existing profile
		IfFileExists "$PROFILEDIRECTORY\prefs.js" ProfileFound
			;=== No profile was found
			StrCmp $ISDEFAULTDIRECTORY "true" CopyDefaultProfile
			MessageBox MB_YESNO|MB_ICONQUESTION `No profile was found. Create a new profile here? $\n$PROFILEDIRECTORY\` IDYES CreateProfile
			MessageBox MB_OK|MB_ICONINFORMATION `${NAME} can not run without a profile directory.  Please check your configuration.`
			Abort
	
	CopyDefaultProfile:
		CreateDirectory "$EXEDIR\Data"
		CreateDirectory "$EXEDIR\Data\plugins"
		CreateDirectory "$EXEDIR\Data\profile"
		CreateDirectory "$EXEDIR\Data\settings"
		CopyFiles /SILENT $EXEDIR\App\DefaultData\plugins\*.* $EXEDIR\Data\plugins
		CopyFiles /SILENT $EXEDIR\App\DefaultData\profile\*.* $EXEDIR\Data\profile
		CopyFiles /SILENT $EXEDIR\App\DefaultData\settings\*.* $EXEDIR\Data\settings
		GoTo ProfileFound
	
	CreateProfile:

Now, if it was written from scratch, you wouldn't have the exact same variable and label names for gotos in multiple locations within your code. Nor would you have instances where your code is line for line identical to mine for 10 lines in a row discounting your added debug code and pushing the path in one directory (including some of my bad coding style). Nor would you be using the exact same notification language to the end user when profiles aren't found, need to be created, etc.

You built it upon my code base which was licensed to you under the GPL. You were fully aware of this and kept your code under the same license up until the point at which you decided to turn it into a money-making venture. At that point you switched the license to one which is not GPL compatible and does not abide by the requirements of the open source definition (it forbids commercial competition among other things). You did this without rewriting it from scratch (ie using NONE of my code). And you did this without my permission. And you were/are still using some of my code. Thus, you are still bound by the terms of the GPL and, thus, your current code which includes my GPL code is also under the GPL.

Sometimes, the impossible can become possible, if you're awesome!

bmguida
Offline
Last seen: 10 years 8 months ago
Joined: 2007-05-03 16:03
alternative browser

While the dispute is ongoing is there a recommended alternative browser?

Zach Thibeau
Zach Thibeau's picture
Offline
Last seen: 2 years 1 month ago
Developer
Joined: 2006-05-26 12:08
here is something here

here is something here https://portableapps.com/node/17737 this app works with Mozilla Firefox Portable Edition Smile

your friendly neighbourhood moderator Zach Thibeau

bmguida
Offline
Last seen: 10 years 8 months ago
Joined: 2007-05-03 16:03
sorry, a secure browser

I should have specified a secure browser is what i was looking for. I am already running Firefox portable

Tim Clark
Tim Clark's picture
Offline
Last seen: 13 years 7 months ago
Joined: 2006-06-18 13:55
His link is incorrect, he

[edit: His link has been fixed, the above posts will be deleted to keep this topic clean]

His link is incorrect, he can't fix it now that you have replied :-(, I sent him a message, if he gets back to me I will fix it Biggrin

He is referring to something that works with FFP, Not FFP itself, but since I don't know what he means I can't fix it till I hear from him.

Mod Tim

Things have got to get better, they can't get worse, or can they?

Zach Thibeau
Zach Thibeau's picture
Offline
Last seen: 2 years 1 month ago
Developer
Joined: 2006-05-26 12:08
http://portableapps.com/node/

your friendly neighbourhood moderator Zach Thibeau

John T. Haller
John T. Haller's picture
Online
Last seen: 46 min 17 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Different

That's just for keeping traces of your activity off the local device (including your portable device). Not for anonymizing your traffic.

Sometimes, the impossible can become possible, if you're awesome!

SteveTX
Offline
Last seen: 15 years 9 months ago
Joined: 2009-02-17 11:14
Interesting. That would

Interesting. That would probably be the most similar area, and I can see why you would pick that. It even looks more similar when your forum moves everything off the screen so people can't see.

For those of you who want a programmer's view, here is what they really look like.

As you and everyone else can see, the code is different, however in the second area the process is similar. What actually looks similar is the directories. You know what, they may be the same. That is because those are Mozilla application directories, and are not relevant nor the intellectual property of PortableApps.

Your claim is tantamount to a process patent, which FSF and the rest of the world rejects. The fact is that xB Browser is quite a few times larger than your Firefox Portable, with none of the same code, and with exceptionally different derivative features that your wrapper doesn't have.

Perhaps you should also make spurious claims against the Tor Project, because they copied the process of Torpark and engineered it into their Tor Browser.

However, I'm not unreasonable. The difference between your license and xBB's license is two-fold. The first exclusion is that it can't be used for "evil" meaning that it can't be re-released by a 3rd party with backdoors or spyware. GPL doesn't provide protection against for users. The second is the commercial exclusion to prevent competition. That license was based on the HESSLA, and added the commercial exclusion to become TESLA. What would your opinion be if it was reverted to the HESSLA, which gave commercial/open rights to anyone, but prevented 3rd parties and individuals from inserting spyware to redistribute? Or do you insist it should not have any spyware protection in the license? What does the rest of the community think? Would they rather have GPL code, or HESSLA code?

John T. Haller
John T. Haller's picture
Online
Last seen: 46 min 17 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
You changed it

Steve - Come on now. You CHANGED the visible code I posted in your screenshot. For further review, here are a few of the lines you purposely removed from your 'evidence':

YOURS:
StrCmp $ISDEFAULTDIRECTORY "true" CopyDefaultProfile
${DebugHeader} "ProcessProfile: ISDEFAULTDIRECTORY = $ISDEFAULTDIRECTORY"
MessageBox MB_YESNO|MB_ICONQUESTION|MB_TOPMOST `No profile was found. Create a new profile here? $\n$PROFILEDIRECTORY\` IDYES DisplaySplash
MessageBox MB_OK|MB_ICONINFORMATION|MB_TOPMOST `${NAME} can not run without a profile directory. Please check your configuration.`

MINE:
StrCmp $ISDEFAULTDIRECTORY "true" CopyDefaultProfile
MessageBox MB_YESNO|MB_ICONQUESTION `No profile was found. Create a new profile here? $\n$PROFILEDIRECTORY\` IDYES CreateProfile
MessageBox MB_OK|MB_ICONINFORMATION `${NAME} can not run without a profile directory. Please check your configuration.`

If you're going to outright distort evidence right in front of everyone else, I think you should do a better job than that.

Oh, and Tor is using my code. But they're keeping it under the GPL and keeping my copyrights intact as required under the GPL.

Sometimes, the impossible can become possible, if you're awesome!

SteveTX
Offline
Last seen: 15 years 9 months ago
Joined: 2009-02-17 11:14
John, I posted those code

John, I posted those code lines from FirefoxPortable.nsi that is available on your website, and that from main.nsi, available in our source code on our website. I don't know where you got your code from. Those are the same files for download that I posted in my first response. Still having trouble finding our source code after 5 years? Biggrin I would appreciate if you didn't resort to strawman and ad hominem attacks.

Anyway, I am interested in finding out what kind of license the software community wants. Please tell me what you think.

John T. Haller
John T. Haller's picture
Online
Last seen: 46 min 17 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Wrong Version

The code I posted is from the 1.x version of my launcher which is what TorPark is based on (I have improved it a lot since then). You can grab one of the earlier releases on SourceForge.net if you'd like. The one I posted is version 1.3.3 which I grabbed at random. I've posted them twice now and you seem to still be ignoring the fact that my code obviously appears in your launcher... even to a layman.

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments