by Timothy Lee
Fri, Nov 2nd 2007 6:28am
CNET's Chris Soghoian raises some concerns about Google's close relationship with the Mozilla Foundation, the non-profit that owns the Firefox trademark. He points out that the vast majority of Mozilla's revenue comes from Google, and notes a number of ways that Firefox is configured to use Google as the default for various online services. Soghoian is right that close scrutiny of these sorts of relationships is healthy. However, it's pretty hard to get too worked up about the specific problems he cites. First, he notes that Mozilla has chosen not to include a couple of ad- and cookie-blocking plugins with the default Firefox package. Soghoian thinks that's a sign of something fishy going on, since those products would deprive Google of revenue. But there are thousands of plugins out there, and all sorts of reasons they might have chosen to exclude any given one. Soghoian offers no evidence it was at Google's behest. But more to the point, even if it were Google's doing, I don't understand why that would be a bad thing. Google makes a profit by selling advertising and shares a significant share of those revenues with Mozilla, which Mozilla then spends on making Firefox better. That sounds like a win-win-win proposition to us. Finally, given Google's excellent track record of making ads actually useful, relevant, and non-intrusive, it's not at all clear that users even want Firefox to block its ads. As long as Mozilla doesn't try to stop users from installing ad-blocking plugins themselves, I don't see the problem.
Soghoian also objects to the fact that Google controls Firefox's phishing blacklist. At least one prominent security researcher claims that one of Google's sites has a serious security flaw that they've refused to fix, and they've also refused to add themselves to the Mozilla phishing blacklist. Obviously, unfixed security flaws are a bad thing, but this doesn't seem to have all that much to do with the Google-Firefox relationship per se. Google is not a fly-by-night operation, and it's highly unlikely they're leaving unfixed security flaws on their site as a matter of corporate policy. More likely, any unfixed security problems are the result of honest oversights or bureaucratic incompetence. The solution, then is to put pressure on Google to fix the problem. Even if someone else controlled the blacklist, it's likely they'd be reluctant to take the drastic step of blacklisting a Google-owned site.
Free software projects like Firefox rely on contributions from a wide variety of individuals and organizations. Many of them participate for self-interested reasons, and there's absolutely nothing wrong with that. Of course, it's important to scrutinize such relationships to ensure that they don't subvert the broader goals of the organization. But I see little reason to think that describes either of Soghoian's examples. And it would be a mistake to let a general distrust of for-profit companies undermine opportunities to make free software better.
If you liked this post, you may also be interested in...
- FBI Lifts Gag Order On NSL Issued To Google... Which Doesn't Have Much To Say About It
- Charter Joins AT&T In Using Lawsuits To Try And Slow Down Google Fiber
- The Rise Of More Secure Alternatives To Everyone's Favorite Chat App, Slack
- FCC Demands TP-Link Support Open Source Third-Party Firmware On Its Routers
- Bad News: Two-Factor Authentication Pioneer YubiKey Drops Open Source PGP For Proprietary Version