Our fight for Open Source Licenses

by Michael Tremer, October 24, 2022

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

The IPFire Project has been fighting a legal battle against someone who plagiarised our work and sold it as their own. This post is a summary about a fight in front of courts of law over the last couple of years and the lessons learned from it.

Free Software Licenses

IPFire is free software. That means that we, the people who contribute to it, grant people the right to use, study, share, and modify our software free of charge. What we, however, do not give you, is to do whatever you want - that includes giving you copyright to our work.

Copyright law governs who possesses the rights to a piece of music, film, or software. It is there to protect the interests of those people who create works that are easy to copy like all kinds of digital data. Licenses like the GNU General Public License grants exceptions like those outlined above.

In this particular case, someone has violated our software licenses as well as the law of the country by taking IPFire, rebranding it and selling it as their own product of which they hold all rights.

Collectively we spent a lot of time to decide whether and what we are going to do against it and we have come to the conclusion that there would be no need for software licenses unless we enforce them. Not to mention, there was of course a lot of anger that something we are working on so passionately every single day, has been taken away from us for the financial benefit of someone else.

What has happened? An IT company has set up a website with their own brand-new firewall that was written "from scratch" - I am not going to say who, because it does not matter for this story. Someone who purchased the plagiarised version from IPFire has contacted us because he recognised that "under the hood" IPFire was running. He asked us for support, because why get support from someone else when you can have the people who know it best?

You can imagine how surprised I was to find out all these details and how similar the feature set that was that was promoted on the website. Coincidence? No, not really. Writing a firewall like IPFire is not a small job. It will take a lot of experience and a lot of time from many people which clearly were not available in that organisation. The market is also very small and IPFire has quite a unique feature set and uses certain words for them - products of competitors might have the same feature, but call it something slightly different. These things usually give it away.

But to not bore you with a long story that you will have figured out already. The police confiscated the firewall that was purchased by this customer and a brief "forensic analysis" resulted in that it was indeed IPFire with a slightly changed design for the web user interface. Mainly the IPFire logo was replaced with the company logo, but they didn't even bother to change any colours. Therefore it was not a derivative product, but just a copy which still used our servers to download packages and updates.

The owner of this company was charged with copyright infringement (among other things) and a long legal process started that was unfortunately prolonged a lot by the pandemic. In a police statement, they have said that they do not believe at all that they have been doing anything wrong at all, and that IPFire was free to download on the internet. So what would stop them from doing what they were doing?

The answer is very simple:

Us, the Open Source Community

We know from conversations with other software projects, that this sadly is common practise. Many free software developers can tell stories about their software licenses infringed at some point. There are various license models ranging from "take my code, I do not care" to more restrictive licenses like the GPL, which requires that you will have to pass your software on under the same terms. To make that obvious for any end-users, you will have to give them a copy of the license and upon request the entire source code. This was of course denied to the customer, because that would have proven what they actually bought and paid a lot of money for.

I will again spare you the details of defamation and angry emails that we have been receiving from the person on trial. As things like this go, there was a lot of coercion, pressure and ugly words. There were lots of exceptional circumstances around this particular case which is why it ended up in front of a criminal court.

In the end, the owner of the company was sentenced and now has a criminal record. They also have to pay a fine as well as the procedural costs. Since this was a criminal case, neither the IPFire Project, nor anybody else involved has received any compensation for their time and their effort that they have spent.

What did we gain now? We have spent weeks of our own time putting together information that prosecution required. We have been internally debating this, got expertise from outsiders and have built a strategy. I am deeply disappointed that we had to spend so much time on this, when we could have invested that into development instead because of one player who is not following the rules. Instead of not only not supporting our project, they have actively damaged it. We know for a fact, that this is not the only case where someone is selling IPFire as their own software - without giving a penny back to the project. This is so damaging and incredibly disappointing.

The reason why I am telling you this whole story is, that we had the chance to bring this to court which we know has not been as easy for other software projects. Various organisations (e.g. The GPL Violations Project) have been trying to get free software licenses tested in a court of law and we had a unique opportunity and are happy that we could seize it.

I would like to use this post as a warning to everybody else who is taking advantage of IPFire or any other software project like ours. You are actively destroying the Open Source Community that you are at the same time abusing to run your business. You, your business and your customers rely on the software that you are stealing, and you rely on the maintainers to keep maintaining it. You make the whole free software ecosystem less sustainable. So many projects are underfunded and struggling due to this inacceptable behaviour.

But this does not mean that you cannot use IPFire commercially at all - the opposite is true. In fact, we want to work together with businesses who can help others to secure their business with a firewall. We want you to install IPFire at your customers' offices, data centers and everywhere else it fits. We build this software to be used, but...

We Need You To Give Back

If you have customers that can afford it, please donate. If you have customers that really do not care about money, have them donate even more. Get in touch if your organisation cannot donate for whatever reason. We have a massive backlog of things that we need to tackle, and this is the only way.

Report bugs back to us. We need to have feedback on how we are doing. Sometimes things break, but we wouldn't know. Help us test new releases, test new features and help us to make IPFire the best firewall that is out there. Your customers will all benefit from it and appreciate it, too.

Explain how you are using open source technology in your company. It is a miracle to me how their customers believe that a one-man IT company is building all these things that they have stolen on their own - it is absolute bollocks. Instead you will create more trust with your customers when you say: "We are using IPFire, which is a well-known product out there and we are well trained on it and experts who are ready to set it up in your business". And if there is a problem that you cannot solve on your own, it is good to work closely together with the developers.

If we are all going this way together, we will make the open source community stronger.

We make IPFire better and we make it possible for everyone to use it. We enable everyone in the world to secure their networks and contribute to make the Internet a nicer place to be. For that to become reality, we all need to contribute as much as we can. For some this is more, for some this is less. But that doesn't matter. If everyone supports their favourite free software projects as much as they can, we should easily achieve the required funding to take them all to the next level. And if you decide to not play on our side, rest assured that playing by the rules is way more affordable than a court trial.

Once again, if you can, please donate to the IPFire Project. If you are a business and you cannot donate, purchase an IPFire Open Source License from Lightning Wire Labs which will benefit the project just as well. It is very much appreciated by all of us here.