by Richard Stallman
You may be running nonfree programs on your computer every
day without realizing it—through your web browser.
In the free software community, the idea that nonfree programs
mistreat their users is familiar. Some of us refuse entirely to
install proprietary software, and many others consider nonfreedom a
strike against the program. Many users are aware that this issue
applies to the plug-ins that browsers offer to install, since they can
be free or nonfree.
But browsers run other nonfree programs which they don't ask you
about or even tell you about—programs that web pages contain or
other languages are also used.
once used for minor frills in web pages, such as cute but inessential
navigation and display features. It was acceptable to consider these
as mere extensions of HTML markup, rather than as true software; they
did not constitute a significant issue.
programs that do large jobs. For instance, Google Docs downloads into
compacted form that we could call Obfuscript because it has no
comments and hardly any whitespace, and the method names are one
letter long. The source code of a program is the preferred form for
modifying it; the compacted code is not source code, and the real
source code of this program is not available to the user.
nonfree. Even if you're aware of this issue, it would take you
considerable trouble to identify and then block those programs.
However, even in the free software community most users are not aware
of this issue; the browsers' silence tends to conceal it.
distributing the source code under a free software license. But even
if the program's source is available, there is no easy way to run your
modified version instead of the original. Current free browsers do
not offer a facility to run your own modified version instead of the
one delivered in the page. The effect is comparable to tivoization,
although not quite so hard to overcome.
the user. Flash supports programming through an extended variant of
recommendations. Silverlight seems likely to create a problem similar
to Flash, except worse, since Microsoft uses it as a platform for
nonfree codecs. A free replacement for Silverlight does not do the job
for the free world unless it normally comes with free replacement codecs.
Java applets also run in the browser, and raise similar issues. In
general, any sort of applet system poses this sort of problem. Having
a free execution environment for an applet only brings us far enough
to encounter the problem.
A strong movement has developed that calls for web sites to
communicate only through formats and protocols that are free (some say
"open"); that is to say, whose documentation is published and which
anyone is free to implement. With the presence of programs in web
not necessarily bad. However, as we've seen above, it also isn't
necessarily OK. When the site transmits a program to the user, it is
not enough for the program to be written in a documented and
unencumbered language; that program must be free, too. “Only free
programs transmitted to the user” must become part of the criterion
for proper behavior by web sites.
Silently loading and running nonfree programs is one among several
issues raised by "web applications". The term "web
application" was designed to disregard the fundamental
distinction between software delivered to users and software running
on the server. It can refer to a specialized client program running
in a browser; it can refer to specialized server software; it can
refer to a specialized client program that works hand in hand with
specialized server software. The client and server sides raise
different ethical issues, even if they are so closely integrated that
they arguably form parts of a single program. This article addresses
only the issue of the client-side software. We are addressing the
server issue separately.
In practical terms, how can we deal with the problem of nonfree
What do we mean by "nontrivial"? It is a matter of
degree, so this is a matter of designing a simple criterion that gives
good results, rather than finding the one correct answer.
- it makes an AJAX request or is loaded along with scripts that make
an AJAX request,
- it loads external scripts dynamically or is loaded along with
scripts that do,
- it defines functions or methods and either loads an external script
(from html) or is loaded as one,
without interpreting the program, or is loaded along with scripts
that use such constructs. These constructs are:
- using the eval function,
- calling methods with the square bracket notation,
- using any other construct than a string literal with
certain methods (Obj.write, Obj.createElement, ...).
program in a web page can state the URL where its source code is
located, and can state its license too, using stylized comments.
Finally, we need to change free browsers to detect and block
LibreJS detects nonfree,
an add-on for IceCat and IceWeasel (and Firefox).
(The specified code might be total replacement, or a modified version
to being able to do this, but not quite, since it doesn't guarantee to
execute. Using a local proxy works, but is too inconvenient now to be
a real solution. We need to construct a solution that is reliable and
convenient, as well as sites for sharing changes. The GNU Project
would like to recommend sites which are dedicated to free changes
will no longer be a particular obstacle to our freedom—no more than
C and Java are now. We will be able to reject and even replace the
nonfree packages that are offered for installation in the usual way.
In the mean time, there's one case where it is acceptable to run a
that—but remember to disable it again afterwards.
Thank you to Matt Lee
and John Resig for their help in
defining our proposed criterion, and to David Parunakian for
helping to make me aware of the problem.
For references to corresponding source code, we recommend
followed by the URL. This satisfies the GNU GPL's requirement to
distribute source code. If the source is on a different site, you
must take care
handle that properly. Source code is necessary for the program to
recommend putting the license notice between two notes of this form:
@licstart The following is the entire license notice for the
@licend The above is the entire license notice
Of course, all of this should be contained in a multiline comment.
The GNU GPL, like many other free
software licenses, requires distribution of a copy of the license with
both source and binary forms of the program. However, the GNU GPL is
be inconvenient. You can remove that requirement, for code that you
have the copyright on, with a license notice like this:
Copyright (C) YYYY Developer
redistribute it and/or modify it under the terms of the GNU
General Public License (GNU GPL) as published by the Free Software
Foundation, either version 3 of the License, or (at your option)
any later version. The code is distributed WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU GPL for more details.
As additional permission under GNU GPL version 3 section 7, you
may distribute non-source (e.g., minimized or compacted) forms of
that code without the copy of the GNU GPL normally required by
section 4, provided you include this license notice and a URL
through which recipients can access the Corresponding Source.
I thank Jaffar Rumith for bringing this issue to my attention.
on your site, clearly and consistently publishing information about
those files' licenses and source code helps your visitors make
sure that they're running free software, and help you comply with
One method of stating the licenses is the one described above in
Appendix A. A second
license web labels, can be more convenient for libraries of