Pirating GPL Software

Software piracy is the act of distributing software that one does not have the rights. For example, if I share a copy of Adobe Photoshop with you, then that’s obviously software piracy because I don’t have the rights to distribbute that software. Probably only Adobe does. I didn’t author it and I don’t own the copyrights to it.

What about software that was written and published specifically to be allowed to be copied, such as software published under the General Public License? The GPL specifically says that anyone can copy or redistribute the software:

if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.

It would seem clear as day that you therefore cannot pirate GPL software because anyone has the right to copy it. For most of the decades of involvement I’ve had in the Linux community this seemed well understood, but recently things are getting weird.

If you’ve been involved in Linux for a long time, then you’ll remember that for many years one of the primary ways to both distribute and install Linux was via CDs. Insert disparaging comment here about millennials not knowing what optical media is. Some of the more popular ones in the earlier-ish days were Mandrake and Knoppix and of course Debian. Eventually Ubuntu hit the scene and everyone was actually very excited about the idea of Bug #1 being addressed and “Desktop Linux” getting more widespread adoption.

For many years you could actually order Ubuntu CDs from Canonical for free since at the time, for many people, downloading 700MB of data wasn’t accessible to everyone. If you were willing to pass them around and distribute them they would send you hundreds of them for free. Obviously Canonical (the company behind Ubuntu) had a vested interest in seeing the success of their platform, albeit eventually that success would be similar to RedHat in the enterprise server and cloud sector rather than Linux on the desktop.

Back then it was always understood that someone could charge for Linux CDs. Some companies did print CDs and sell them for a fee. However, these companies never tried to stop others from printing or burning their own CDs. Everyone knew that we all had the same rights afforded by the GPL. Insert comment about free as in beer.

This is interesting to me because when I got into a little snafu with the elementaryOS team about trademark usage it caused me to eventually unearth their failed trademark attempt. When I asked Cassidy (co-founder of elementaryOS) why they attempted to trademark the name and why they gave up he had an interesting answer:

Why did elementaryOS care about getting a trademark for CDs?

Because in 2012 we were wanting to prevent the unauthorized distribution of modified and potentially malicious versions of elementary OS on CDs sold online and that was the only avenue they gave us to try to prevent it.

We had a shitty lawyer who didn’t understand software because that’s all we could afford.

The USPTO didn’t understand what the trademark was for.

They asked for clarification and the lawyer wanted like $1000 more to respond.

Wait, elementaryOS based on Ubuntu which in turn is based on Debian. One of the core principles of Debian has always been the right to modify and redistribute the CD most of which is GPL code. Here is a small entry from their redistribution FAQ:

14.1. Can I make and sell Debian CDs?

Go ahead. You do not need permission to distribute anything we have released, so that you can master your CD as soon as the beta-test ends. You do not have to pay us anything. Of course, all CD manufacturers must honor the licenses of the programs in Debian. For example, many of the programs are licensed under the GPL, which requires you to distribute their source code.

That seems strange that elementaryOS developers would try to deny others the same rights that were essential in allowing them to make and distribute elementaryOS in the first place! I can see why they eventually gave up on this route since they didn’t have a leg to stand on to begin with. The whole thing seems very hypocritical and a slap in the face to the many Debian and Ubuntu developers that worked hard to make something everyone can use.

The world has moved on from CDs. Most everyone now can easily download a gig or two to get their .iso file and “burn” it to a USB thumb drive. But, just as there is a material cost in printing or mailing a CD there is a cost to the bandwidth needed to host a file. In this regard there is no difference between charging a $1 to send you a CD or charging a $1 give you a download link to a file.

Now-a-days Linux distros like elementaryOS and ZorinOS take a different approach to policing the distribution. The main tactic they use now is to control the flow of information on GitHub and social media like Reddit. Both distros have rules on their various subreddits (/r/elementaryos and /r/zorinos) that users cannot post links and sometimes information on how to build your own is removed. If someone builds their own .iso or shares the information to do so, they will have their post deleted and be banned.

A post submitted to /r/zorinos was acquired by using DHT scraping to find the ZorinOS 16 Pro download. It also verified that the SHA256 sum matched the one on the ZorinOS website which rules out any potential for malicious activity.The post was specifically removed for “software piracy”.

Obviously a large motivation to do this is because these distros derive their revenue from charging for download links or early access programs. Technically this is not a violation of the GPL because they are allowed to police their various forums however they wish. I am still free to redistribute the software and they have still published their source code changes, but it seems like a strange loophole.

Their respective communities seem convinced that you can pirate GPL software, which I find fascinating.