OSS-Blacklist: A blacklist for keeping track of OSS hostile companies/organizations
codeberg.org
Just saw the discussion around the Haier Home Assistant takedown and thought it would be good to materialize the metaphorical blacklist.
You are viewing a single comment
As i understand google and Microsoft don't really fit here
Probably the definition should look something like: companies that proactively did actions towards harming open source culture/community/movement. Don't respect foss licensing, etc
I nominate Gitea for this one, for hijacking the project, and making it for profit organization
Also, Ultimate Guitar with their kido musescore, for basically trying to do the same thing that manga company is trying to do right now
And my favorite.. Facebook for their oculus privacy and for threatening to sue everyone who tries to jailbreak or modify their devices
Simple tools is probably not considered open source anymore
P.S. oh! Really also think about Proton, Brave, and Telegram
Three companies that are famous for saying they are foss, but in really it's often not exactly that
Proton's and telegram's servers are not foss
Telegram and brave had many instances of delaying publishing the source, even though they already updated the apps
Also, not sure how about now, but telegram is famous for having not reproducible builds, brave probably too
Proton's server code is not Open Source because it contains filter and anti spam detection which if released, would severely hamper their ability to detect spam and keep their users safe + detect abuse for their service.
Proton has had extensive security audits done and their claims have been backed up by independent third parties.
The definition should be further modified to include legitimate reasons for not open sourcing some code + having audits to back up claims.
Facebook has their reasons to keep stuff as closed as possible, and they don't claim to be opensource
But proton does, and it's not about privacy or security, but about using banner of foss just for their own benefit, and don't contribute what they claim to the foss community
They open source all of their clients (when not in beta). They maintain multiple open source cryptographic libraries, in multiple languages, which a lot of developers and companies go on to use. They have a yearly fundraiser for open source and digital rights groups, which they contribute a $100,000 to each year.
Just because their server code is not open source, doesn't mean they don't support open source. It's not an all or nothing situation. Binary thinking and classification is a very dangerous and naïve way to look at things.