Latest Posts

Some thoughts on the Wix mobile app story (updated)

Published by Richard Best

The story

Perhaps not surprisingly, Matt’s recent post “The Wix Mobile App, a WordPress Joint” caught my eye. Indeed, it caught both eyes. I’ve read through his post and I’ve read the Wix CEO Avishai Abrahami’s prompt reply, “Dear Matt Mullenweg: an open letter from Wix.com’s CEO Avishai Abrahami” as well as a Wix engineer’s reply in “How I Found Myself Accused of Stealing Code from WordPress”.

The key points, it seems to me, are these:

  • Matt has said that “Wix copied WordPress without attribution, credit, or following the license. The custom icons, the class names, even the bugs. You can see the forked repositories on GitHub complete with original commits from Alex and Maxime, two developers on Automattic’s mobile team.”
  • Matt has also said:

“This explicitly contravenes the GPL, which requires attribution and a corresponding GPL license on whatever you release publicly built on top of GPL code. The GPL is what has allowed WordPress to flourish, and that let us create this code. Your app’s editor is built with stolen code, so your whole app is now in violation of the license.”

  • In his reply, Mr Abrahami says:

“Next you talk about the Wix App being stolen from WordPress. There are more than 3 million lines of code in the Wix application, notably the hotels/blogs/chat/ecommerce/scheduling/booking is all our code.

Yes, we did use the WordPress open source library for a minor part of the application (that is the concept of open source right?), and everything we improved there or modified, we submitted back as open source, see here in this link – you should check it out, pretty cool way of using it on mobile native, I really think you guys can use it with your app (and it is open source, so you are welcome to use it for free). And, by the way, the part that we used was in fact developed by another and modified by you.”

Main issues

There is, it seems to me, a range of issues. I think the main ones (but not the only ones) are these:

1. Has Wix published on or in relation to its mobile app an appropriate copyright notice and disclaimer of warranty, kept intact all the notices that refer to the GPL and to the absence of any warranty, and included a copy of the GPL (or at least a link to it) along with the app?

2. Has Wix created a derivative work of WordPress code and, if so, what is that derivative work? Is it the React Native WordPress Rich Text Editor or the whole Wix mobile app?

3. If so, when releasing the relevant derivative work, has Wix released it under the GPL as the GPL would require and, if not, what are the consequences?

I’ll give my preliminary thoughts on each of them.

But first… Before getting into these thoughts, I want to say that I’m looking at this from a legal perspective. Yes, I prefer WordPress over Wix, but I’m writing this because, at least for a lawyer, it raises an interesting set of issues. I’m not interested in vilifying anyone and I don’t intend to do so.

Inclusion of appropriate copyright notice and disclaimer of warranty and copy of or link to GPL

I’ve downloaded the Wix mobile app onto my iPhone and taken a look at the listing page on the Apple app store and the app’s various pages. As far as I can see, there’s no reference to the app including WordPress code, no copyright notice to that effect, no disclaimer of warranty in relation to that code and no copy of or link to the GPL (by contrast, the WordPress mobile app links to the source code in the relevant Github repository which also contains the GPL licensing statement and a copy of the GPL).

Whilst Wix has taken some steps to comply with these requirements in its own Github repository, I think we need to appreciate that Github is only one form of distribution and it’s not the form that most users of the mobile app would experience. Distribution of the app itself, which I assume embodies the relevant WordPress code, is a separate distribution. For this reason, to my mind, partial compliance with the GPL’s requirements on Github (in relation to inclusion of appropriate copyright notices etc) is no answer. In my view, to comply with the GPL, Wix needs to meet the requirements I’m discussing here – and which Matt is concerned about – in the distribution of its mobile app. As far as I can see, it hasn’t done so. If that is right, it is not complying with the GPL.

Derivative work

I can’t profess to know all the factual detail in relation to how the Wix mobile app works so am reluctant to nail my colours to the mast on the derivative work question. With that caveat in mind, I’d say that the ‘React Native WordPress Rich Text Editor’ in Wix’s Github repository does seem to be a derivative work of the WordPress Rich Text Editor. As far as I can tell, Wix has more or less conceded that point.

The harder question is whether the Wix mobile app is also a derivative work. Neither I nor, I suspect, any lawyer would want to give a firm view on that in the abstract, that is, without knowing how the app is architected, how the WordPress code is used, the volume of Wix’s original code, whether it’s separable from the WordPress code, and so on. Some will know the answers to those factual questions. I don’t. I wouldn’t want to hazard a guess on that in the abstract. Even with a full factual understanding, depending on the factual landscape different lawyers may have different views on this issue given the paucity of case law on the key provisions of the GPL. I think we need to appreciate that this is one of the harder and more controversial aspects of the GPL when applied in practice.

Now, I suspect some will say:

“But look at clause 2(b) of GPL2. It says: ‘You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License’. It is clear that the Wix mobile app contains at least a part of WordPress GPL’d code and, therefore, needs to be licensed as a whole under the GPL.”

The potential problem with this position is that it overlooks these words of the GPL, also in clause 2:

“These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.

In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.”

You might think the words, “[b]ut when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License”, apply here. However, is the “whole” here “a work based on the [WordPress program]”? To be honest, factually, I don’t know, and I suspect different lawyers might return different answers on this question (see, for example, GPLv3 myth#2: You can’t mix GPL software with other software). Automattic seems to think the answer is yes. Maybe it’s right. As I say, though, I don’t know. I just don’t have enough information.

And let’s not forget the Software Freedom Law Center’s opinion on the GPL and WordPress themes. If I create a WordPress theme, comprising not only the standard PHP files but also a range of other assets (different stylesheets, javascript, fonts, images, etc), does the whole theme file need to be licensed under the GPL? Is the overall theme “a whole which is a work based on the Program”? Well, no, not according to the Software Freedom Law Center. They’ve said only the PHP and integrated HTML are derivative of WordPress.

So, as you can see, this broader derivative/collective work issue is not straight-forward. The deeper you venture into the rabbit hole, the darker it gets.

GPL licensing

From this point, when I refer to the derivative work, I’m only referring to the React Native WordPress Rich Text Editor, not the entire Wix mobile app.

If, as I suspect, the React Native WordPress Rich Text Editor is a derivative work of the WordPress Rich Text Editor, then Wix was obliged, when distributing it, to license it under the GPL. However, and despite some of the old GPL licensing being retained in the WordPress files, the relevant Wix Github repo says that the code in the repo is licensed under the MIT licence (I know the relevant statement also says “please consider the licenses of the dependencies separately” but that doesn’t exactly foster clarity).

Now, if the entirety of the code in that repo is a derivative work, then it all needs to be distributed under the GPL.

This is where, in some people’s minds, the question of GPL compatibility comes in. They think it’s OK if a so-called GPL-compatible licence is used for a work that is derivative of GPL-licensed code. This is a problem, and it’s a problem that one even sees, to some extent, in the WordPress.org theme and plugin guidelines (a point I can explain in more detail if anyone likes). This is why it’s a problem: to the extent that a work/program is truly a derivative work of pre-existing GPL-licensed code, that derivative work must be licensed under the GPL upon distribution. If you purport to license a true derivative of a GPL-licensed work under a different licence, you’ll be breaching the GPL. The GPL does not allow you to license a derivative of a GPL-licensed work under a GPL-compatible licence. MIT code can be absorbed into a GPL work but a derivative of GPL’d code cannot be licensed under the MIT licence.

Conclusions

Whilst Wix appears to have been open-source minded in relation to the React Native WordPress Rich Text Editor in terms of its MIT-licensing on Github, I think it should have applied the GPL, not the MIT licence. If Wix were to agree then, as long as the new code contributions were original or GPL-compatible, this particular issue would be capable of an easy fix (distribute the repo code under the GPL). The more significant issue, I suspect, is how it approaches the distribution of its mobile apps via the app stores. If my analysis is correct (and if anyone disagrees feel free to say), Wix will need to do more to comply with the GPL so as to rectify what, at present, seems to be copyright infringement caused by non-compliance with the GPL.

As to the broader issue of the licensing of the Wix mobile app as a whole, as I’ve indicated, that’s a factual-legal swamp into which I don’t propose to tread any more than I already have.

(Thanks to Ming Jun Tan for the featured image I’ve used in this post, released on Unsplash.com under CC0.)

Update, 2 November 2016

This post was first published on 31 October 2016. On 1 November (where I live at least) Wix updated the licence in its wix/react-native-wordpress-editor Github repo to the GPL.

Commercial theme suppliers selling themselves short…

Published by Richard Best

The backstory

This isn’t a legal article. It’s more about marketing. Let me tell the backstory.

I’ve been looking around for a particular type of WordPress theme for a specific purpose. It’s a niche kind of site and there aren’t many solid contenders. I’ve found one contender on ThemeForest and another on a commercial theme supplier’s own website. I’ve found it difficult to choose between them, despite their significant difference in price, because they both have their pros and cons.

But the main reason I’ve not chosen one over the other yet is because neither supplier is doing a sufficient job of marketing their product. I can see how your themes look and try out your demos, sure, and one of you has some moderately good documentation that’s accessible without purchasing the theme, but neither of you show enough detail as to what’s under the hood. In particular, you’re not showing potential customers the level of customisation available through the customizer or other theme options. Unlike some of your competitors who (in my view) have inferior offerings, you’re not showing screenshots of the customisation options available or otherwise describing them in sufficient detail. In addition, I don’t know whether your home page template files are widgetised and, because neither of you seems to be using a Visual Composer or Divi-style content block/modular approach, I can’t ascertain how easy it would be to customise the home page to my liking and requirements. Yes, I can make my own home page and make it look more or less how I want (e.g., by creating a new page template with widgetised areas or by using shortcodes or by using a page layout plugin) but if your home page templates already do the heavy lifting I don’t want to do that. So I need to know.

I can ask each of you questions via online forms (and I have) but, I suggest, I really shouldn’t have to do that and having to do so just delays and potentially frustrates a decision to purchase. Indeed, for both of your products, I’ve almost said “bugger it, I’ll go somewhere else”. The only reason I haven’t is due to the niche and quality nature of your offerings.

Giving customers what they need

I reckon potential customers should be able to look at what you’ve said online and determine, without a need for undue pondering, whether your product has what they need. I would probably have purchased one of your products over the weekend if you’d said enough in your marketing collateral to give me sufficient confidence, but neither of you have. If either of you had viable competitors that did provide this information, I would have opted for them.

Now, I’m only one person. I get that. So a missed sale to me is probably insignificant in the scheme of things. But what if I was the kind of person to start ranting online in a manner that named you (I’m not) or what if others have the same experience as me? In either case that could mean thousands or possibly tens of thousands of dollars of lost sales, even though your products seem to be well designed and probably what we’re after.

In the increasingly competitive commercial themes market these oversights seem, shall we say, less than prudent. I’m sure both the suppliers I’m looking at have invested substantial time and resources into their products but they’re letting themselves down with their execution.

Some great examples

If you’re not sure whether you’re giving customers what they need and keeping up with the competition, take a look at some theme shops that do it right. For a couple of great examples, take a look at Array Themes‘ documentation (e.g., the Baseline Help File) or Elmastudio‘s documentation (e.g., the Zuki documentation). Both companies have rightly invested substantial time and effort into their documentation and it makes a difference. When I purchased Zuki for this site, I remember being confident – from the documentation – that the theme did what I wanted. And I’ve purchased from Array Themes too. Both Array Themes and Elmastudio produce beautiful themes but they go the extra mile and produce great documentation as well. I wish the theme shops I’ve been looking at had done the same.

(Thanks to Lee Campbell for the photo used for this post, available on Unsplash. To avoid doubt, the website in the photo is not one of the ones I’ve been looking at.)

Content scraper plugins, contract and copyright

Published by Richard Best

The story

I thought I’d introduce this post by telling a story. It’s a story about Jim, an everyday guy who has a website for which he wants more content. Jim already works hard on his site, adding new posts frequently, but he wants more content to drive more traffic to his site and to help monetise his site. He can’t do it all alone. Jim finds a bunch of sites with interesting and relevant content that he thinks would be perfect for his own site. These sites don’t generate web feeds of any flavour so Jim does a trawl of WordPress plugins and finds a commercially available plugin in a well-known plugins marketplace that does exactly what he wants. All he has to do is:

  • install the plugin;
  • create a post or page in his site and click a new icon in the editor which opens a pop-up window that asks for a URL and a CSS selector;
  • get the URL of the page on another site that has the content he wants and enter that URL into the URL field;
  • find the class or ID of the content he wants on the page of the other website and enter it into the CSS selector field; and
  • publish his post or page.

Now, when someone goes to this new post or page on Jim’s website, it will display the selected content from the other website. Jim is obtaining substantial amounts of content from the other website and is loving it.

“Awesome!”, Jim says to himself, “now I can add all manner of rich and informative content to my website”. And that’s what he does, adding more content from a range of pages on the other website as well as from other websites.

Jim does this for a while. The traffic to his site increases immensely, he’s able to sell more products and he’s feeling pretty chuffed… until the day arrives when he receives an angry-sounding email from one of the third party site owners, making some noise about their terms of use and telling him to stop stealing their content.

“Hey, it’s a free world”, Jim thinks, “and they’ve published the same content into the public domain anyway”, so he ignores the email. A couple of weeks later he receives a rather more angry-sounding letter from the third party site owner’s lawyers. It says Jim is breaching contract, breaching copyright and that their client will take Jim to court if he doesn’t remove the content immediately.

Should Jim take this seriously? Short answer: yes.

The law

This sort of thing happens fairly frequently in the online world. Some people who do it, let’s call them “scrapers”, know full well that they may be skating on thin ice, whereas others are oblivious to the legal context. In Jim’s case, the legal context is this:

  • the terms of use on the third party website expressly prohibit scraping and other forms of copying of the site’s content;
  • even if Jim wasn’t aware of those terms initially, the site owner has brought them to his attention and he has continued to scrape anyway; and
  • Jim has reproduced substantial amounts of copyright content from the other website for his own purposes and without permission.

Under the laws of many countries, Jim’s behaviour would see him breaching contract (i.e., the other website’s terms of use) and, in all likelihood, breaching copyright. In other words, the lawyers could well be right. The third party site owner could seek and would probably obtain an injunction from the courts ordering Jim to stop reproducing the content. The site owner might also seek and obtain an award of damages from Jim.

Moral of the story

The moral of this story, then, is that if you’re thinking about installing a scraping plugin and scraping content from other people’s sites without permission, you might want to think again. Not all instances of scraping will land you in the hot seat but many of them will and the fact that you’re taking content that has already been published elsewhere will usually be irrelevant.

Selling themes yourself and on ThemeForest but with inconsistent licensing

Published by Richard Best

With apologies for the radio silence for the last 5-6 months (for a while there life was just too hectic), I’m finally getting around to revving up WP and Legal Stuff again.

This post will be pretty brief but addresses a phenomenon I’ve seen from time to time across the WordPress theme shop community.

Here’s the scenario: you find a WordPress theme you really like on a theme shop’s website but, when you look at the licensing for the theme, it either limits what you can do with the theme or it’s a confusing conglomeration of terms that appear to have been plucked from an array of different sites and mashed together in the hope it’ll fly. Perhaps I’m in the minority, but I’ve deliberately not bought themes from theme shops like this because the lack of attention to clear licensing doesn’t give me much confidence in the overall soundness of the business,  its attention to detail and its customer centricity (or lack of it).

But lo and behold, later you discover that this very same theme shop is selling its themes on ThemeForest and (to its credit) has selected the 100% GPL option!

For theme purchasers keen on liberal licensing that doesn’t purport to restrict their usage of the themes they purchase, this ought to mean they’ll opt for purchasing from ThemeForest over purchasing from the theme shop’s own site. But hang on. This means ThemeForest will earn a commission from a theme sale that it wouldn’t have earned had the theme been purchased from the theme shop’s own site.

So what does all this mean? Well, it means two things. First, theme shops that do this either don’t understand licensing very well (or have used a lawyer who doesn’t understand it very well) or don’t really care about it. In either case, they don’t make the effort to make the licensing of their themes on their own sites and on ThemeForest consistent. That’s potentially confusing, if not irritating, for purchasing customers (or at least those who care about the licences that govern the use of the themes they purchase). Second, theme shops that do this potentially shoot themselves in the foot, from a revenue perspective, because in many cases they’ll get less if the theme is sold on ThemeForest instead of being sold on their own site.

You might think this sort of thing wouldn’t happen in the real world of commercial theme development but, I assure you, it does. I don’t want to call out any particular theme shop, so I won’t, but this really does happen out in the wild.

If you’re a theme shop that’s not sure whether your own licensing is consistent with the licensing you select on ThemeForest, feel free to get in touch and I’ll do my best to let you know (confidentially of course).

(Thanks to Thomas Martinsen for the photo I’ve used for this post, released on Unsplash under CC0.)

Discouraging public redistribution of commercial themes and plugins – poll results

Published by Richard Best

Background

Back on 4 August of this year, I published a post called Theme and plugin shops – Discouraging public redistribution – User poll.  The poll that was included in the post sought people’s views on the reselling of commercial themes and plugins. It did this because people’s views on this issue are relevant to the inclusion of a contractual mechanism I’d proposed for theme/plugin shop terms of use. The contractual mechanism I’d proposed would seek to discourage purchasers of a commercial theme or plugin from making the theme or plugin available on a website for download by others (whether for free or a charge), even when the theme or plugin is 100% GPL-licensed.

The proposed term would say that, if a customer decides to make your commercial theme or plugin available on a website for download by others, you may exercise a right to deactivate their access keys (if that’s how you’ve set things up) and to terminate their access to support and updates. I explained why, in my view, this sort of clause is not contrary to the freedoms conferred by the GPL:

“Is this contrary to the rights they have under the GPL? I think not. This approach doesn’t stop them from distributing the theme or plugin, as they originally obtained it, on a website. But it does say this to them: ‘if you decide to exercise your GPL rights in that way, as you’re entitled to do under the GPL, you run the risk of losing your contractual right to support and updates under these separate terms of use’. This is a commercially-oriented mechanism that is distinct from, and doesn’t prevent the exercise of, one’s freedoms under the GPL. It does say ‘you can’t have it both ways, folks’, but the GPL rights are left intact. Only the separate, commercial support arrangements are affected. There may be those who would cry foul, but – legally – I don’t think their cries would be well-founded.

After I wrote this, I did a search on the web to see whether I could find other businesses doing something similar to what I’m proposing. Lo and behold, it seems that Red Hat did this a few years ago. See GPL expert gives Red Hat the all-clear.”

Poll results

I closed the poll today. In the intervening period, 121 people had taken the poll. Here’s a graphical depiction of the results (thanks to the wonders of Gravity Forms and its Polls Add-On):

Poll-results

Majority consider redistribution of commercial themes or plugins on a public website to be unethical

A majority of those who took the poll – 76 of the 121 people – think the practice of purchasing or otherwise obtaining a commercial theme or plugin and then either reselling it on a public website or giving it away on a public website, is unethical, regardless of whether it’s permissible under the GPL. A further 10 people don’t know whether it’s unethical but don’t like it. The remaining 35 didn’t have a problem with it if the GPL is complied with.

Widespread support for inclusion of proposed term

Each person that took the poll was asked to assume he or she is a purchaser of commercial themes or plugins. Each person was then asked whether he or she would support a commercial theme or plugin business including the kind of term I’ve mentioned in its terms of use. (As a reminder, the term gives the business the power to terminate support and access to updates if the customer were to openly redistribute the commercial theme or plugin on a public website, either for a price or no charge.)

An overwhelming number of those who took the poll – 101 out of 121 – supported the inclusion of such a clause, as they selected this option:

“Yes, I would support that as I understand the business is trying to protect its investment and it poses no threat to my use of the themes or plugins.”

Of the remainder, 17 did not support the inclusion of such a clause even if the GPL freedoms remained intact, and 3 didn’t know or care.

Views of theme and plugin businesses on the idea of including the suggested clause

Of the 121 people who took the poll, 67 were from a business that develops commercial themes or plugins or were thinking of becoming one. These people were asked some additional questions.

The first additional question they were asked was whether they like the idea of including the suggested clause in their terms of use (in answering this, they were told to assume they wouldn’t be criticised for including the term). 47 of the 67 said they like the idea of the proposed term. 13 didn’t like the idea of this term and the remaining 7 didn’t know or didn’t care.

The second additional question they were asked, on the assumption that they would include the proposed term in their terms of use, was whether they’d be concerned that vocal stakeholders in the WordPress community might openly criticise them for not complying with the ‘spirit’ of the GPL (even if the term doesn’t actually remove any GPL freedom). 26 of the 67 answered yes (they would be or are concerned), 17 answered no (not concerned) and the remaining 4 didn’t know or care.

Comments

General conclusions

To the extent that one can draw general conclusions from this poll (and admittedly the sample is not exactly huge), they would appear to be that:

  • a significant majority of people either think that the practice of purchasing or otherwise obtaining a commercial theme or plugin and then either reselling it on a public website or giving it away on a public website is unethical or they don’t know whether it’s unethical but still don’t like it;
  • there is widespread support for the inclusion of a term in theme and plugin shops’ terms of use that would entitle the theme or plugin shop to deactivate a customer’s access key (if that’s how they’ve set things up) and to terminate their access to support and updates;
  • a significant majority (more than two thirds) of people from businesses that develop commercial themes or plugins (or who are thinking of becoming one) like the idea of the proposed term; and
  • a bit over a third of those from businesses that develop commercial themes or plugins or are thinking of becoming one would be concerned about being openly criticised by vocal stakeholders in the WordPress community if they were to include such a term (even if the term doesn’t actually remove any GPL freedom).

Businesses should be able to protect themselves in legitimate ways without fear of attack

In my view, it’s unfortunate that the third of people mentioned in the last bullet point would be concerned about being criticised by vocal stakeholders in the WordPress community if they were to include such a term, because – for reasons already given – in my view such a term would not be contrary to the GPL.

I think it’s undeniable that the development of robust commercial themes and plugins supports rather than detracts from the growth of the WordPress ecosystem. Just look at Automattic’s acquisition of WooCommerce as an example or the power that Gravity Forms brings to WordPress as another. Businesses that depend on and support the WordPress ecosystem should be able to protect their legitimate commercial interests without fear of verbal attack from those who cling to misconceptions of what the GPL does or doesn’t allow.

Bear in mind here, too, that the GPL is not an open source licence created for WordPress. Rather, it is simply the open source licence that governed the use of B2/cafelog when Matt and others forked it to become WordPress. WordPress users don’t have any monopoly over what the GPL does or should mean or allow.

The wording of the proposed term

The WordPress theme/plugin shop terms of use that you can build online if you purchase the business package of A Practical Guide to WordPress and the GPL will provide you with terms that, among other things:

  • explain the GPL licensing of the themes or plugins;
  • accommodate the use in themes or plugins of public domain assets (such as images) or assets that have been licensed by another under a Creative Commons licence (such as photos);
  • refer customers to a human-readable summary of the GPL for more information;
  • contain an explanation of the redistribution that the GPL allows but together with information on the investment that the business has made in developing its themes or plugins and the adverse consequences (for the business, its staff and in some cases their families) that open redistribution could bring;
  • explain a customer’s access to support and updates; and
  • regulate a customer’s use of its access key, login and right to support and updates.

It is the last item in this list that contains a right for the business to deactivate a customer’s access keys (if that’s how the business has set things up) and to terminate the customer’s access to support and updates if the customer decides to make a purchased commercial theme or plugin available on a website for download by others. The suggested clause (which may need tweaking in certain cases to reflect how a business has set things up) is as follows (I’ve italicised the key part relevant to this discussion):

Access key, login and right to support personal to you

Your access key, your support login and your right to support are personal to you. You are not permitted to share any of them with, or transfer any of them to, anyone else without our prior written approval (which we may refuse at our discretion) and you are not permitted to republish support answers on any other website or medium. If you do any of these things, we may deactivate your access key and terminate your right to support and updates, with or without notice. You agree that we may also exercise these powers if we have reason to believe you are requesting support for sites that do not fall within your support entitlements or if you are making our Products available on another website for others to download, with or without charge. (This does not defeat your rights under the GPL. We are simply saying that if you decide to exercise your GPL rights in that way, you will lose your right under these terms of use to access support and updates from us.) If we believe the security of your access key or login has been compromised, we may suspend your rights of access while we investigate. If you believe your login has been compromised, please let us know as soon as possible.

No legal advice

I hope this helps. Needless to say, I’m not providing legal advice to anyone in suggesting this kind of clause. It is for each business to make its own decision on the inclusion of such a clause, with its own legal advice if required.

Happy developing!

Step-by-step guide to attributing Creative Commons-licensed images

Published by Richard Best

BobWP reader seeks step-by-step guide

A while back I wrote a piece that first appeared on BobWP called Using Creative Commons images on your site with confidence (I republished it here too). Recently a reader of BobWP asked a question about the detailed mechanics of finding a Creative Commons-licensed image and applying an attribution statement to one’s use of it. He was trying to use images found through Google image and Flickr searches but wasn’t sure exactly how to go about attributing the image and was looking for a step-by-step guide.

In response, I wrote a brief step-by-step guide in the comments on Bob’s site. Because that guide might come in useful for others, I thought I’d post it here on WP and Legal Stuff too.

Key steps

1. Search an image repository that has Creative Commons-licensed images

Find an image and ensure it is licensed under a Creative Commons licence. Flickr is a good source and I’ll use that as an example from now on. Do an initial search for the topic or subject you’re interested in by using the search form on the Flickr homepage:

Flickr-homepage

2. Refine your search results

When you do a search, it will reveal all images that match your search terms, regardless of whether the images are licensed for re-use. This means you have to refine your search. To do that, on the results screen, click on the dropdown menu called “Any license”:

Flickr-licence-dropdown

(The dropdown name “Any licence” is not very clear as some images are not licensed at all). You want to select either “All creative commons” or one of the three options below it. Which one you select depends on what sort of licensing rights you need. If you want to use an image commercially, you’ll need to select “Commercial use allowed” (and so on for the other options).

3. Select an image

Once you’ve done that, you’ll see a list of images that is confined to Creative Commons licensed images. Click on one you like. When you do, you’ll be taken to that image and you’ll see the licence that has been applied to it. Here’s an example:

CC-licence

4. Identify which licence applies

To figure out which particular licence applies, click on the “Some rights reserved” link and open it in a new tab (some people will know what the icons beside “Some rights reserved” represent, but many won’t, which is why I’m suggesting opening the link in a new tab). In this case, you’ll see that the licence is a Creative Commons Attribution-ShareAlike 2.0 Generic licence:

CC-BY-SA-2-Generic

If you look to the left of the page on Flickr (further above) you’ll see that the author is someone called Celine.

5. Use the image in your site

Use the image you’ve selected in your site as you wish (consistently with the terms of the applicable Creative Commons licence).

6. Add attribution statement

Within the editing window, add your attribution statement either below the image or, for example, at the end of the post or page. To create the HTML for the attribution statement, you can use this kind of format (the code is on the left and on the right you can see how it’s rendered):

Code-snippet

Note that I’ve linked “Celine” (the owner of the photo) to the page on Flickr that contains the photo I’m using and that I’ve linked “Creative Commons Attribution-ShareAlike 2.0 Generic licence” to the Creative Commons page that contains that licence (which I accessed in step 4 above).

If you want to copy and paste that code so as to just swap out the bits relevant to the image you’re using, you can find it here on GitHub.

(Note that you don’t have to use my suggested wording, with the “Thanks to” component. I just do that to show some gratitude. I gave other examples in the original post mentioned above.)

That’s it!

That’s it. If anything is unclear, let me know. This gets easier and faster the more you do it.

Something for the future

By the way, I’ve half built and in the future will publish a tool that grabs some inputs from someone wanting to create an attribution statement and then spits out the HTML code for the attribution statement. Maybe that’ll make life easier. Hope so.

(Thanks to Celine for her dog image, licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic licence. I have cropped the image. My cropped version above is likewise licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic licence.)

A Practical Guide to WordPress and the GPL – now available – 30% introductory discount

Published by Richard Best

Finally…

I’m pleased to be able to say that A Practical Guide to WordPress and the GPL is now out in the wild. You can find it right here.

Outline

Here’s a quick outline of the chapters:

1. Introduction: conception, birth and forking

2. Understanding the GPL licensing of WordPress

3. Common GPL-related questions

4. WordPress themes, the GPL and the conundrum of derivative works

5. The GPL and assumptions of automatic inheritance

6. Theme reviews, CC0, model releases and GPL-compatibility

7. Selling ThemeForest themes outside of ThemeForest

8. Reselling commercial plugins

9. The GPL and trademarks

10. Theme and plugin shop terms of use versus GPL freedoms

A-Practical-Guide-on-desk

Packages

Three different packages, or editions, are on offer:

1. The business package

If you’re into the business of developing WordPress themes or plugins (or both), you might want this package. You’ll get:

  • the ebook (PDF) of A Practical Guide to WordPress and the GPL;
  • a professionally narrated audio book, enabling you to listen to the book when you’re on the go (narrated by Steve Chase); and
  • access to a terms of use builder through which you can build draft online terms of use for your WordPress commercial themes or plugins shop, with open and honest GPL licensing as well as protections for your business.

2. The book and audio book package

With this package, you’ll get:

  • the ebook (PDF) of A Practical Guide to WordPress and the GPL; as well as
  • the professionally narrated audio book, enabling you to listen to the book when you’re on the go (narrated by Steve Chase).

3. The book package

If you’re just after the ebook of A Practical Guide to WordPress and the GPL, this package is for you. You’ll get a PDF of the ebook that you can read or dip into at your leisure.

Introductory discount

For a limited time, you can get 30% off each of these packages. To get the discount, just tweet the book’s promo page or like it on Facebook, using the buttons on the promo page (you’ll find them directly under the three package offerings). Doing that will reveal an offer code which you input at the point of purchase. Easy. The discounts will be available for around a week.

Terms of use builder

If you’d like to see a video demonstration of the terms of use builder (you get access to this with the business package), you’ll find that on the promo page too. Hell, I might as well embed it here too:

Questions

If you have any questions, feel free to ask. Otherwise, why not go and check out the book’s promo page. Thanks.

A human readable summary of the GPL?

Published by Richard Best

In my ebook (A Practical Guide to WordPress and the GPL) which will be out within the next 6-8 hours, I’ve included a one page summary of the GPL which I hope will make it easy for people to understand the core concepts of the GPL. That summary outlines the position in relation to copying and distribution, fees, modifications/derivative works, distributing non-source forms, termination, and downstream licensing:

GPL-one-page-summary-in-ebook

This particular summary follows the flow of the clauses in the GPL and that’s why it flows through the subject headings I’ve just mentioned. One consequence of this common approach to summarising legal documents is that the discussion of a single topic may contain a summary of both a person’s rights and a person’s obligations. For example, the discussion of modifications / derivative works says:

“You may modify the Program or any part of it and distribute the modifications or new work as long as modified files contain notices regarding the existence and date of changes and any work that you distribute or publish that contains or is derived from the Program or any part of it is licensed as a whole at no charge to all third parties under the GPL.”

As you can see, this paragraph says “you are free to do A but if you do you also need to do X”. Rights and obligations. This approach is repeated, where relevant, for each subject.

Last night, in response to some comments on one of my posts by a couple of people, I wondered whether there was a different and perhaps even simpler way to summarise the GPL. I was also thinking about this because the terms of use that my WordPress theme/plugin shop terms of use builder will generate (available as part of my ebook business package) will summarise the GPL and also link to a human readable summary of the GPL for customers that want to read more.

Now, in my normal day job, I’ve done a huge amount of work on open licensing of government copyright works and that has involved very close examination and implementation of the Creative Commons licences. Not surprisingly, then, my mind immediately gravitated towards the ‘human readable deeds’ that Creative Commons produces for its licences. Those deeds take a slightly different approach to summarising the legal terms of the licence. Instead of addressing licence content on a subject by subject basis, which would include rights and potentially obligations per subject, they take a “you can do A, B and C, as long as you do X, Y and Z” approach. In other words, they state all freedoms and then list the obligations. For some people, this may be easier to follow.

With that in mind, last night I whipped up a GPL human readable summary, modelled on the approach taken by Creative Commons. This is what it looks like:

GPL-human-readable-summary

What do you reckon?

(Thanks to Felix E. Guerrero for the First Aid Kit and Key image, which he has licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic licence.)

Theme and plugin shops – Discouraging public redistribution – User poll

Published by Richard Best

Context

Last week I sent an email to subscribers on my email list. I hadn’t proposed to publish the content of that email but, given some questions I’ve received in response, I thought it might help to publish it. I also thought it would be helpful and interesting to take a quick poll of people’s views on the reselling of commercial themes and plugins because people’s views on this issue are relevant to the inclusion of the contractual mechanism in theme/plugin shop terms of use that I discuss below. I’ll set out the email then take the poll.

(Please retweet as the more that take this super quick poll the better.)

So, the email

This is what I said:

“I’m in the process of finalising my 10 chapter ebook called A Practical Guide to WordPress and the GPL. The ebook will be offered in a range of packages, from just the ebook through to a package that will offer the ebook, an audio book and a terms of use builder for WordPress theme and plugin businesses.

In working on the terms of use builder yesterday [now last week], I had an idea as to a means by which theme and plugin shops might seek to discourage customers from making a theme or plugin available on a website for download by others (whether for free or a charge), even when the theme or plugin is 100% GPL-licensed. As you’ll know, this sort of behaviour hits legitimate businesses in the pocket and can threaten their sustainability. I thought some of you might like to know about the idea now. Note that I’m only talking here about widespread, open/public redistribution of commercial themes or plugins. [In other words, this would not affect your ability to use a theme or plugin on as many of your own or your clients’ sites, for example, as you wish.]

As you’ll know, the sale of a commercial theme or plugin usually entails access to the theme or plugin for download as well as a right to support and updates for a defined period, usually 12 months. It seems to me that some ‘public redistributors’ leverage the fact that they, as purchasers, can get access to support and updates. In other words, they use this access to seek support relevant to ‘their customers’ and/or they use it to get access to updates which they then release for download on their own sites.

Now, this sort of activity is generally permitted by the GPL, as long as they do it in the right sort of way and don’t breach any trademark rights or relevant laws. This might make you think that this kind of behaviour can’t be controlled contractually. But I think it can, at least to some extent.

How? Well, you include a clause in your terms of use which says that, if a customer decides to make your commercial theme or plugin available on a website for download by others, you may exercise a right to deactivate their access keys (if that’s how you’ve set things up) and to terminate their access to support and updates.

Is this contrary to the rights they have under the GPL? I think not. This approach doesn’t stop them from distributing the theme or plugin, as they originally obtained it, on a website. But it does say this to them: “if you decide to exercise your GPL rights in that way, as you’re entitled to do under the GPL, you run the risk of losing your contractual right to support and updates under these separate terms of use”. This is a commercially-oriented mechanism that is distinct from, and doesn’t prevent the exercise of, one’s freedoms under the GPL. It does say “you can’t have it both ways, folks”, but the GPL rights are left intact. Only the separate, commercial support arrangements are affected. There may be those who would cry foul, but – legally – I don’t think their cries would be well-founded.

After I wrote this, I did a search on the web to see whether I could find other businesses doing something similar to what I’m proposing. Lo and behold, it seems that Red Hat did this a few years ago. See GPL expert gives Red Hat the all-clear.

Theme and plugin shops need to be aware that, if they cut off access and support in practice but in a situation where their terms of use don’t regulate public redistribution in the way I’ve described or don’t reserve rights to withdraw support for any reason, they may face allegations of breach of contract if they remove a redistributing customer’s access.

The terms of use that my builder will create will (if a business wishes) contain a term that addresses this situation. If you’ve any thoughts on it, please feel free to fire me a message through my contact form at WP and Legal Stuff or email me … . This email is only being sent to my email list. For that reason, you won’t be able to leave a comment on the site itself. [No longer the case obviously. Instead of emailing me, please complete the poll below.]

All the best.

Richard

P.S. I appreciate that a mere legal term relating to support won’t stop people who are hell-bent on redistributing GPL’d themes or plugins on a publicly accessible website from doing so. But it may stop a subset of people who actually care about their access to support and updates. The inclusion of such a clause might also make would-be redistributors wonder whether that kind of redistribution is ethical.”

Now for the poll

The poll has now closed. Thanks to all those who spent the time taking the poll. Much appreciated.

 

(Thanks to The Art Gallery of Knoxville for the “FREE BEER 3.3 Ready to Drink!” image https://www.flickr.com/photos/16038409@N02/2327155978/, licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic licence https://creativecommons.org/licenses/by-sa/2.0/)

Automattic, WordPress.com, Jetpack, European cookie laws and transparency

Published by Richard Best

Setting the scene

In Legal checks when building a content-driven WordPress website, I discussed cookies — not the edible variety but the small text files that are stored on your computer or mobile device when you visit or undertake certain activity on certain websites (for further information about cookies, see https://www.allaboutcookies.org.)

I observed that, whilst many countries don’t have laws that require disclosure of cookies, in Europe there are specific (and controversial) cookie laws. Website owners in European Member States are required to:

  • provide clear and comprehensive information about the cookies they are using; and
  • obtain consent to store a cookie on a user or subscriber’s device.

There are some narrow exceptions but I don’t think I need to mention them again.

Questions

The questions I want to explore in this post are these:

  • What are the implications of the European cookie laws for European users of WordPress.com and Jetpack?
  • Are users of WordPress.com and Jetpack able to obtain sufficient information as to the cookies that these services set?
  • If not, do the cookie laws erect an obstacle (at least for those who care) to European use of WordPress.com and/or Jetpack?

Implications of cookie laws for European users

The implications of the cookie laws for European users of WordPress.com and Jetpack are clear: they need to be able to provide information on the cookies that these services set and to include a consent mechanism.

Are users of WordPress.com and Jetpack able to obtain sufficient information from Automattic?

Status in 2014

In November 2014, a Spanish user of WordPress.com posted this message in the WordPress.com forums:

“There are new politics in Europe. In Spain (and maybe other countries of Europe) we need to inform about cookies. …”

I chimed in with this:

“Hi there. I’m interested in this topic too, from the perspective of the cookies that WordPress.com generates when someone with a WordPress.org site is using the Jetpack WordPress.com stats feature. I haven’t been able to find the cookie names anywhere and they are not identified by name in Automattic’s Privacy Policy. I suggest that the cookie names and functions for WordPress.com stats (and any other WordPress.com function) need to be listed somewhere to enable people in or serving European clients to adopt best practices in relation to cookie disclosures … .

In the meantime, is someone able to name what cookies (if any) are generated by Jetpack/WordPress.com Stats when used on a WordPress.org (self-installed) site?

Many thanks for your help.
Richard”

In December a WordPress.com Happiness Engineer kindly updated me, stating that “we don’t have a list of cookies readily available, so it may take some time before we have those details you requested”.

Time marched on and, well, my focus shifted to other matters.

Fast forward to 2015 – Automattic invests in cookie transparency

Fast forward to July 2015. Last week I found out that Automattic has been putting considerable effort into fostering cookie transparency. Automattic has created the following:

A cookies disclosure page for WordPress.com

Cookies-support

A widget that displays a cookies banner

widget

A cookies disclosure page for Jetpack

Jetpack

The cookies disclosure page for WordPress.com explains what cookies are, describes how WordPress.com makes use of cookies for a variety of purposes, and provides fairly detailed information on the cookies WordPress.com uses, distinguishing between cookies that are strictly necessary for technical reasons, cookies that enable a personalised experience for visitors and registered users, and cookies that allow the display of advertising from selected third party networks. It lists and describes many examples of the cookies WordPress.com uses and notes that visitors can restrict the use of cookies or prevent them from being set.

Turning to the widget, you can add an “EU Cookie Law Banner” to your WordPress.com site by adding the widget of that name to the widgets section in your site’s customizer. There’s a range of settings. For example, you can hide the banner after a user clicks the ‘close and accept’ button, or after the user scrolls the page, or after a defined period of time. You can amend the default text if you wish, you can change the colour scheme (light or dark, more if you’re a premium user), you can link to the WordPress.com cookie information or to your own cookies policy page, and you can change the button text. Here is what the default banner looks like:

Cookie banner

Last but not least, the Jetpack cookies page explains that cookies are used by Jetpack in a variety of different ways and that the cookies set will depend on the Jetpack features that are enabled. It notes that the cookies are only set when a user interacts with one of these, or to allow admin functions to be performed in wp-admin. It then names and provides other details on the cookies that are set for visitors and registered users of sites with the Jetpack plugin installed.

Superb developments

As a lawyer who has been a bit frustrated in the past about the inability to obtain information on the cookies set by WordPress.com and Jetpack, I think these developments are superb. They go a substantial way towards enabling those in Europe to comply with the cookie transparency laws.

Whether a site run by someone in a given European country complies with that country’s laws is not Automattic’s responsibility, of course, but Automattic has clearly invested a good deal of time and money in helping its European users.

Any remaining obstacle?

Cookie lists not exhaustive

You might want to note that the cookies listed for WordPress.com are not exhaustive. Rather, the kinds of cookies used are explained and numerous examples are given. The cookies page is clear in stating that the listed cookies are examples. This, I understand, is due to the dynamic and evolving nature of WordPress.com. An exhaustive list of cookies that is valid in one month might become out of date in another. Automattic is certainly not alone in taking this approach. It seems to be the same kind of approach that Google takes.

Residual risk? Unlikely

Does the fact that the cookies lists are not exhaustive pose significant residual risk to European users of WordPress.com? I can’t comment on how the European ePrivacy Directive has been implemented and interpreted in every European member state (there will likely be variance in interpretation across member states), but I can tell you what the United Kingdom’s Information Commissioner has said, namely, this:

What do we need to do to comply?

The rules on cookies are in regulation 6. The basic rule is that you must:

  • tell people the cookies are there;
  • explain what the cookies are doing and why; and
  • get the person’s consent to store a cookie on their device.

As long as you do this the first time you set cookies, you do not have to repeat it every time the same person visits your website. However, bear in mind that devices may be used by different people. If there is likely to be more than one user, you may want to consider repeating this process at suitable intervals.

What information must we give users?

[The Privacy and Electronic Communications Regulations] do not set out exactly what information you must provide or how to provide it – this is up to you. The only requirement is that it must be “clear and comprehensive” information about your purposes. You must explain the way the cookies (or other similar technologies) work and what you use them for, and the explanation must be clear and easily available. Users must be able to understand the potential consequences of allowing the cookies. You may need to make sure the language and level of detail are appropriate for your intended audience.”

In my view, the approaches taken by Automattic and Google are pragmatic and provide users with reasonable and digestible information on the fact that cookies are used, what the cookies are doing and why they are doing it. They also provide clear examples of named cookies. Arguably that is sufficient.

There will probably be those who will say the gold standard is listing each and every cookie – and yes if you do that you ought to be safe – but, for large or complex operations, that approach runs the risk of producing monstrous cookie policies that most people will never read, resulting in overly bureaucratic processes for minimal gain. They could even be counter-productive. In my view, a sensible compromise needs to be struck between transparency interests and usability or readability interests. There’s little point in drafting something that is so complete, yet so monstrously detailed, that it’ll never enter anyone’s consciousness.

If you’re in the United Kingdom, I’d be astonished if the Information Commissioner were to take a stricter view, given what it has said publicly (as quoted above). Let us hope the same common sense prevails in the other European member states.

(Update: I need to be clear that I don’t know the position in other European member states on this particular issue. I know there has been inconsistent implementation of the Directive’s requirements in relation to prior consent to the setting of cookies. It wouldn’t surprise me if there were different interpretations on this point too, but I just don’t know. That said, it is widely recognised that the lack of uniformity across Europe is shambolic and that cases involving enforcement are rare.)

(Thanks to Marjan Lazarevski for the ‘Cookie Crave‘ image, licensed under a Creative Commons Attribution-NoDerivs 2.0 Generic licence.)