Issue #1629

F-Droid may not respect the GNU free system distributions guidelines

Added by Denis 'GNUtoo' Carikli about 1 year ago. Updated about 4 hours ago.

Status:In Progress Start date:02/06/2016
Priority:Immediate Due date:
Assignee:- % Done:

33%

Category:Upstream antifeatures
Target version:Any version
Resolution: Device:

Description

The guidelines are here: https://www.gnu.org/distros/free-system-distribution-guidelines.html

While I didn't find a smoking gun yet, the following page raises some concern:
https://f-droid.org/wiki/page/Antifeatures

To check:

1) What, practically speaking, each anti-feature really is.
For instance the description of the advertizing anti-feature says that no applications is known to have it,
but the list of application with that anti-feature is not empty.
We should check with upstream and fix the descriptions if we can.
2) Look if Replicant is affected
For instance Firefox exist in f-droid but it's not possible to run on Replicant.
Still, Firefox should not be possible to install on Replicant because it can suggest non-free add ons.
3) List and check well known suspicious applications such as firefox.
4) List and check emulators, Parabola has a good reference on it here:
https://wiki.parabola.nu/Emulator_licensing_issues

If no issues are to be found, Documentation should be made more clear.

If issues are to be found, F-droid will have to be fixed upstream, not to show any application with anti-features to Replicant users.
We should also look which implementations would satisfy the guidelines requirements:
  • Should the filter be made automatic and not possible to disable.
  • Can the filter be a setting, and be enabled by default on Replicant.
  • Can upstream simply remove applications with anti-features?
    Having F-droid fixed upstream is desirable not to have to maintain a fork.

Subtasks

Issue #1635: F-droid Antifeature:NonFreeAssets wiki page is unclearIn Progress

Issue #1647: F-droid Antifeature:Ads wiki page is unclearFeedbackDenis 'GNUtoo' Carikli

Issue #1782: F-droid Antifeature: NonFreeAdd definition unclearClosedWolfgang Wiedmeyer

History

Updated by Denis 'GNUtoo' Carikli about 1 year ago

  • Assignee deleted (Paul Kocialkowski)

Not sure if I should assign the bug, removing the assignement.

Updated by Denis 'GNUtoo' Carikli about 1 year ago

We should start by looking at what anti-features are not problematic inside the list:
  • Ads
  • Tracking
  • Non-free Network Services
  • Non free Addons
  • Non free Dependencies
  • Upstream Non-free
  • Non-Free Assets
Categorization:
  • Non-FSDG: The non-FSDG compliant applications and anti-features will have to be filtered out.
  • Annoyances: Some anti-features are probably FSDG compliant but are an annoyance.
  • Informational: some might be permitted by the FSDG and not annoy the user but might still be important to know about.

Updated by Denis 'GNUtoo' Carikli about 1 year ago

According to its description, "Upstream Non-free" fits into the "Informational" category: Upstream has non-free code inside its repository, so F-droid removes that non-free part.

Updated by Denis 'GNUtoo' Carikli about 1 year ago

As I understand the "NonFreeNet" fits into the "informational" category:
Free software applications that interact with websites like facebook are FSDG compliant, even if there is no free software implementation of the facebook website available that you can run on your own server.

Updated by Denis 'GNUtoo' Carikli about 1 year ago

"Non free assets" Seem to correspond to FSDG's "Non-functional Data" but "non free assets" description only gives examples to explain what it it.
TODO:

Updated by Denis 'GNUtoo' Carikli about 1 year ago

Now the review of the Adds anti-feature:
"Hungarian Rings for Android" is installable under Replicant. It's under the games category.
At each startup it display a different image that looks like a splash screen. Unfortunately it's not a splash screen, it's an add.

Assuming the application is 100% free software, and that it's the same for other applications in that category, it's classed as an annoyance.

The anti-feature description should still be updated for sake of clarity.

References:
-----------
https://f-droid.org/wiki/page/eu.veldsoft.hungarian.rings
https://f-droid.org/repository/browse/?fdfilter=hungarian&fdid=eu.veldsoft.hungarian.rings

Updated by Denis 'GNUtoo' Carikli about 1 year ago

Anti-feature analysis summary:
------------------------------

Annoyances:
  • Ads
Informational:
  • Non-free Network Services
  • Upstream Non-free
To be clarified:
  • Non-Free Assets
TODO:
  • Tracking
  • Non free Addons
  • Non free Dependencies

Updated by Paul Kocialkowski about 1 year ago

  • Subject changed from Check extensively if f-droid repositories still respects the GNU Free system distribution guidelines to F-Droid may not respect the GNU free system distributions guidelines

Updated by Paul Kocialkowski about 1 year ago

  • Category changed from Legal to Upstream antifeatures
  • Device deleted (Not device specific)

Updated by Denis 'GNUtoo' Carikli about 1 year ago

In Games section, we have (extensive at the time of writing):
  • Dolphin3 (Gamecube, Wii and Triforce emulator): In Parabola4.
  • GameBoid6 (Nintendo Gameboy Advance emulator): Some game boy advance emulators are in Parabola5, however GameBoid's description states: "To run this, you need a non-free BIOS file, which must be obtained elsewhere."
  • GBCoid8
  • Instead9: We will need to check if it supports free software games.
  • L9Droid11: We will need to check if it supports free software games.
  • Mupen6412 (Nintendo 64 emulator): In Parabola13. Seem to downloads files at startup.
  • nds4droid14 (Nintendo DS emulator)
  • Neko Project II for Android15 (PC-98 emulator)
  • Nesoid (Nintendo NES emulator)[16]: In the menu, "Search ROMs" makes it go to a website with a search bar. TODO: Verify if that website has non-free roms, if so that is probably considered as promoting non-free software. The "ROM Gripper" buttons points to a google play page, which says "We're sorry, the requested URL was not found on this server"
  • PPSSPP17 (PSP emulator)
  • Quest Player (Russian interactive fiction): is it an emulator? does it requires data?
  • Reicast2 (Dreamcast emulator): ITs description states "Bios/flash have to be on /sdcard/[...]" and it asks for BIOS files at startup. Howver it's in parabola5. According to [1], the GNU/Linux version is acceptable since it "BIOS" is "built-in free ReiOS uses as default to run the emulator". I don't know why the Android and GNU/Linux version differ. This should be investigated.
  • ScummVM22: In parabola23, Probably fine since some free software games exist.
  • Signal From Mars24 (Interactive story): OK (Data included, not an emulator).
  • Son of Hunky Punk25 (Interactive fiction player)
  • Text Fiction26 (Z-Machine emulator)
  • WonderDroid27 (Bandai WonderSwan (Mono & Color) emulator)
Other games requiring data (probably not extensive):
  • Kwaak310
  • PrBoom18 For Android (PrBoom Doom game engine): Probably fine thanks to freedoom.
  • Quake19 (Quake 1 port)
  • Quake220 (Quake 2 port)

Note that other emulators are not in the game section, such as dosbox.
They need to be added to the list.

References:
-----------
[1]https://wiki.parabola.nu/Emulator_licensing_issues
[2]https://f-droid.org/repository/browse/?fdfilter=reicast&fdid=com.reicast.emulator
[3]https://f-droid.org/repository/browse/?fdfilter=dolphin&fdid=org.dolphinemu.dolphinemu
[4]community/dolphin-emu 1:4.0.2-13
[5]pcr/reicast-git r1688.0e4949e-1
[6]https://f-droid.org/repository/browse/?fdfilter=GameBoid&fdid=com.androidemu.gba
[7]community/gambatte-{qt,sdl}, community/mgba-{qt,sdl}, community/vbam-{gtk,sdl,wx}
[8]https://f-droid.org/repository/browse/?fdfilter=gbcoid&fdid=com.androidemu.gbc
[9]https://f-droid.org/repository/browse/?fdfilter=instead&fdid=com.silentlexx.instead
[10]https://f-droid.org/repository/browse/?fdfilter=kwaak&fdid=org.kwaak3
[11]https://f-droid.org/repository/browse/?fdfilter=l9droid&fdid=pro.oneredpixel.l9droid
[12]https://f-droid.org/repository/browse/?fdfilter=mupen&fdid=paulscode.android.mupen64plusae
[13]community/mupen64plus 2.5-4
[14]https://f-droid.org/repository/browse/?fdfilter=nds4&fdid=com.opendoorstudios.ds4droid
[15]https://f-droid.org/repository/browse/?fdfilter=neko&fdid=jp.sawada.np2android
[16]https://f-droid.org/repository/browse/?fdfilter=nesoid&fdid=com.androidemu.nes
[17]https://f-droid.org/repository/browse/?fdfilter=PPSSPP&fdid=org.ppsspp.ppsspp
[18]https://f-droid.org/repository/browse/?fdfilter=prboom&fdid=android.game.prboom
[19]https://f-droid.org/repository/browse/?fdfilter=quake&fdid=com.android.quake
[20]https://f-droid.org/repository/browse/?fdfilter=quake&fdid=com.jeyries.quake2
[21]https://f-droid.org/repository/browse/?fdfilter=quest+player&fdid=com.qsp.player
[22]https://f-droid.org/repository/browse/?fdfilter=scummvm&fdid=org.scummvm.scummvm
[23]community/scummvm 1.7.0-2
[24]https://f-droid.org/repository/browse/?fdfilter=Signal+from+mars&fdid=com.fisheradelakin.interactivestory
[25]https://f-droid.org/repository/browse/?fdfilter=hunky&fdid=org.andglkmod.hunkypunk
[26]https://f-droid.org/repository/browse/?fdfilter=Text+fiction&fdid=de.onyxbits.textfiction
[27]https://f-droid.org/repository/browse/?fdfilter=WonderDroid&fdid=uk.org.cardboardbox.wonderdroid

Updated by Denis 'GNUtoo' Carikli about 1 year ago

The plan was to1:
  • Ask F-droid to implement a setting button to filter out applications with anti features.
  • Enable that filter by default when Replicant is detected.
Instead of sticking to that plan, I tried to evaluate the status quo, to avoid false positive.
To avoid the long delay that is a consequence of that, why not instead:
  • Stick to the plan and filter out all anti-features, even if some of the filtered application
    do respect the GNU free system distributions guidelines
  • Evaluate the remaining applications to find which ones still don't respect the GNU free
    system distributions guidelines. This means looking at suspicious applications such as
    emulators.
    Then submit patches to the fdroid-data repository, to tag each of such applications with either
    Non free Addons, Non free Dependencies, or other relative anti-feature.

Then in a second time, the false-positives due to the filter of all anti-features could be looked into.

References:
-----------
[1] The idea comes from our2 discussion at FOSDEM.
[2] Paul, Me, Tiberiu-Cezar from Tehnoetic, Wolfgang Wiedmeyer.

Updated by Wolfgang Wiedmeyer 3 days ago

Relevant upstream bug about hiding apps with antifeatures: https://gitlab.com/fdroid/fdroidclient/issues/564

Since some time, F-Droid has an option in the settings that grey out apps with antifeatures. This option is disabled by default.

Updated by Wolfgang Wiedmeyer 3 days ago

The F-Droid team is currently in the process of migrating the website to a new one. The sources of the new website can be found here: https://gitlab.com/fdroid/fdroid-website

It looks like the current wiki won't be used for much longer and there doesn't seem to be a way to contribute to this wiki.

I was advised on the F-Droid irc channel that future work on the anti-feature definitions should be done in this document: https://gitlab.com/fdroid/fdroid-website/blob/master/_docs/Build_Metadata_Reference.md#AntiFeatures

Updated by Wolfgang Wiedmeyer 3 days ago

Added subtask #1782 for the NonFreeAdd anti-feature definition.

Updated by Wolfgang Wiedmeyer 3 days ago

Regarding the tracking anti-feature: I only found the "No Malware" section in the FSDG guidelines and it only states that the distro must not contain spyware. The F-Droid anti-feature definition is actually more elaborate and clear than the FSDG definition in this regard.

So I guess apps with the tracking anti-feature need to be hidden, too?
This would hide the Wikipedia app, among a few others.

It is also not always clear with these anti-feature definitions in F-Droid if only the upstream version is meant and the anti-feature was actually removed in the F-Droid version.

Updated by Wolfgang Wiedmeyer 2 days ago

Although it is not explicitly mentioned in the FSDG guidelines: what about nonfree Javascript? There are two articles by RMS about this:
Applying the Free Software Criteria has a section about websites and there is the The JavaScript Trap article.

There are many apps that embed a webview for displaying websites. Most of these have very likely Javascript enabled in the webview. The default browser that is shipped with Replicant also has Javascript enabled. I'm not aware of a plugin that can be used to selectively allow Javascript and that works with the webview engine.

I'm not sure if it would be enough to advise users on the website or the wiki to disable Javascript by default and only enable it on pages they trust to serve free Javascript without spyware. Without too much effort, it would probably be possible for us to at least disable Javascript by default in the default browser and educate users about nonfree Javascript that might run in other places like apps with embedded webview or Browsers installed from F-Droid.

Updated by Wolfgang Wiedmeyer 1 day ago

  • Status changed from New to In Progress

F-Droid client merge request: https://gitlab.com/fdroid/fdroidclient/merge_requests/452

The merge request tries to solve the task of filtering apps that have anti-features which violate FSDG.

Also available in: Atom PDF