Latest Posts

Commercial theme suppliers selling themselves short…

The backstory

This isn’t a legal article. It’s more about marketing. Let me tell the backstory.

I’ve been looking around for a particular type of WordPress theme for a specific purpose. It’s a niche kind of site and there aren’t many solid contenders. I’ve found one contender on ThemeForest and another on a commercial theme supplier’s own website. I’ve found it difficult to choose between them, despite their significant difference in price, because they both have their pros and cons.

But the main reason I’ve not chosen one over the other yet is because neither supplier is doing a sufficient job of marketing their product. I can see how your themes look and try out your demos, sure, and one of you has some moderately good documentation that’s accessible without purchasing the theme, but neither of you show enough detail as to what’s under the hood. In particular, you’re not showing potential customers the level of customisation available through the customizer or other theme options. Unlike some of your competitors who (in my view) have inferior offerings, you’re not showing screenshots of the customisation options available or otherwise describing them in sufficient detail. In addition, I don’t know whether your home page template files are widgetised and, because neither of you seems to be using a Visual Composer or Divi-style content block/modular approach, I can’t ascertain how easy it would be to customise the home page to my liking and requirements. Yes, I can make my own home page and make it look more or less how I want (e.g., by creating a new page template with widgetised areas or by using shortcodes or by using a page layout plugin) but if your home page templates already do the heavy lifting I don’t want to do that. So I need to know.

I can ask each of you questions via online forms (and I have) but, I suggest, I really shouldn’t have to do that and having to do so just delays and potentially frustrates a decision to purchase. Indeed, for both of your products, I’ve almost said “bugger it, I’ll go somewhere else”. The only reason I haven’t is due to the niche and quality nature of your offerings.

Giving customers what they need

I reckon potential customers should be able to look at what you’ve said online and determine, without a need for undue pondering, whether your product has what they need. I would probably have purchased one of your products over the weekend if you’d said enough in your marketing collateral to give me sufficient confidence, but neither of you have. If either of you had viable competitors that did provide this information, I would have opted for them.

Now, I’m only one person. I get that. So a missed sale to me is probably insignificant in the scheme of things. But what if I was the kind of person to start ranting online in a manner that named you (I’m not) or what if others have the same experience as me? In either case that could mean thousands or possibly tens of thousands of dollars of lost sales, even though your products seem to be well designed and probably what we’re after.

In the increasingly competitive commercial themes market these oversights seem, shall we say, less than prudent. I’m sure both the suppliers I’m looking at have invested substantial time and resources into their products but they’re letting themselves down with their execution.

Some great examples

If you’re not sure whether you’re giving customers what they need and keeping up with the competition, take a look at some theme shops that do it right. For a couple of great examples, take a look at Array Themes‘ documentation (e.g., the Baseline Help File) or Elmastudio‘s documentation (e.g., the Zuki documentation). Both companies have rightly invested substantial time and effort into their documentation and it makes a difference. When I purchased Zuki for this site, I remember being confident – from the documentation – that the theme did what I wanted. And I’ve purchased from Array Themes too. Both Array Themes and Elmastudio produce beautiful themes but they go the extra mile and produce great documentation as well. I wish the theme shops I’ve been looking at had done the same.

(Thanks to Lee Campbell for the photo used for this post, available on Unsplash. To avoid doubt, the website in the photo is not one of the ones I’ve been looking at.)

Content scraper plugins, contract and copyright

The story

I thought I’d introduce this post by telling a story. It’s a story about Jim, an everyday guy who has a website for which he wants more content. Jim already works hard on his site, adding new posts frequently, but he wants more content to drive more traffic to his site and to help monetise his site. He can’t do it all alone. Jim finds a bunch of sites with interesting and relevant content that he thinks would be perfect for his own site. These sites don’t generate web feeds of any flavour so Jim does a trawl of WordPress plugins and finds a commercially available plugin in a well-known plugins marketplace that does exactly what he wants. All he has to do is:

  • install the plugin;
  • create a post or page in his site and click a new icon in the editor which opens a pop-up window that asks for a URL and a CSS selector;
  • get the URL of the page on another site that has the content he wants and enter that URL into the URL field;
  • find the class or ID of the content he wants on the page of the other website and enter it into the CSS selector field; and
  • publish his post or page.

Now, when someone goes to this new post or page on Jim’s website, it will display the selected content from the other website. Jim is obtaining substantial amounts of content from the other website and is loving it.

“Awesome!”, Jim says to himself, “now I can add all manner of rich and informative content to my website”. And that’s what he does, adding more content from a range of pages on the other website as well as from other websites.

Jim does this for a while. The traffic to his site increases immensely, he’s able to sell more products and he’s feeling pretty chuffed… until the day arrives when he receives an angry-sounding email from one of the third party site owners, making some noise about their terms of use and telling him to stop stealing their content.

“Hey, it’s a free world”, Jim thinks, “and they’ve published the same content into the public domain anyway”, so he ignores the email. A couple of weeks later he receives a rather more angry-sounding letter from the third party site owner’s lawyers. It says Jim is breaching contract, breaching copyright and that their client will take Jim to court if he doesn’t remove the content immediately.

Should Jim take this seriously? Short answer: yes.

The law

This sort of thing happens fairly frequently in the online world. Some people who do it, let’s call them “scrapers”, know full well that they may be skating on thin ice, whereas others are oblivious to the legal context. In Jim’s case, the legal context is this:

  • the terms of use on the third party website expressly prohibit scraping and other forms of copying of the site’s content;
  • even if Jim wasn’t aware of those terms initially, the site owner has brought them to his attention and he has continued to scrape anyway; and
  • Jim has reproduced substantial amounts of copyright content from the other website for his own purposes and without permission.

Under the laws of many countries, Jim’s behaviour would see him breaching contract (i.e., the other website’s terms of use) and, in all likelihood, breaching copyright. In other words, the lawyers could well be right. The third party site owner could seek and would probably obtain an injunction from the courts ordering Jim to stop reproducing the content. The site owner might also seek and obtain an award of damages from Jim.

Moral of the story

The moral of this story, then, is that if you’re thinking about installing a scraping plugin and scraping content from other people’s sites without permission, you might want to think again. Not all instances of scraping will land you in the hot seat but many of them will and the fact that you’re taking content that has already been published elsewhere will usually be irrelevant.

Selling themes yourself and on ThemeForest but with inconsistent licensing

With apologies for the radio silence for the last 5-6 months (for a while there life was just too hectic), I’m finally getting around to revving up WP and Legal Stuff again.

This post will be pretty brief but addresses a phenomenon I’ve seen from time to time across the WordPress theme shop community.

Here’s the scenario: you find a WordPress theme you really like on a theme shop’s website but, when you look at the licensing for the theme, it either limits what you can do with the theme or it’s a confusing conglomeration of terms that appear to have been plucked from an array of different sites and mashed together in the hope it’ll fly. Perhaps I’m in the minority, but I’ve deliberately not bought themes from theme shops like this because the lack of attention to clear licensing doesn’t give me much confidence in the overall soundness of the business,  its attention to detail and its customer centricity (or lack of it).

But lo and behold, later you discover that this very same theme shop is selling its themes on ThemeForest and (to its credit) has selected the 100% GPL option!

For theme purchasers keen on liberal licensing that doesn’t purport to restrict their usage of the themes they purchase, this ought to mean they’ll opt for purchasing from ThemeForest over purchasing from the theme shop’s own site. But hang on. This means ThemeForest will earn a commission from a theme sale that it wouldn’t have earned had the theme been purchased from the theme shop’s own site.

So what does all this mean? Well, it means two things. First, theme shops that do this either don’t understand licensing very well (or have used a lawyer who doesn’t understand it very well) or don’t really care about it. In either case, they don’t make the effort to make the licensing of their themes on their own sites and on ThemeForest consistent. That’s potentially confusing, if not irritating, for purchasing customers (or at least those who care about the licences that govern the use of the themes they purchase). Second, theme shops that do this potentially shoot themselves in the foot, from a revenue perspective, because in many cases they’ll get less if the theme is sold on ThemeForest instead of being sold on their own site.

You might think this sort of thing wouldn’t happen in the real world of commercial theme development but, I assure you, it does. I don’t want to call out any particular theme shop, so I won’t, but this really does happen out in the wild.

If you’re a theme shop that’s not sure whether your own licensing is consistent with the licensing you select on ThemeForest, feel free to get in touch and I’ll do my best to let you know (confidentially of course).

(Thanks to Thomas Martinsen for the photo I’ve used for this post, released on Unsplash under CC0.)

Discouraging public redistribution of commercial themes and plugins – poll results

Background

Back on 4 August of this year, I published a post called Theme and plugin shops – Discouraging public redistribution – User poll.  The poll that was included in the post sought people’s views on the reselling of commercial themes and plugins. It did this because people’s views on this issue are relevant to the inclusion of a contractual mechanism I’d proposed for theme/plugin shop terms of use. The contractual mechanism I’d proposed would seek to discourage purchasers of a commercial theme or plugin from making the theme or plugin available on a website for download by others (whether for free or a charge), even when the theme or plugin is 100% GPL-licensed.

The proposed term would say that, if a customer decides to make your commercial theme or plugin available on a website for download by others, you may exercise a right to deactivate their access keys (if that’s how you’ve set things up) and to terminate their access to support and updates. I explained why, in my view, this sort of clause is not contrary to the freedoms conferred by the GPL:

“Is this contrary to the rights they have under the GPL? I think not. This approach doesn’t stop them from distributing the theme or plugin, as they originally obtained it, on a website. But it does say this to them: ‘if you decide to exercise your GPL rights in that way, as you’re entitled to do under the GPL, you run the risk of losing your contractual right to support and updates under these separate terms of use’. This is a commercially-oriented mechanism that is distinct from, and doesn’t prevent the exercise of, one’s freedoms under the GPL. It does say ‘you can’t have it both ways, folks’, but the GPL rights are left intact. Only the separate, commercial support arrangements are affected. There may be those who would cry foul, but – legally – I don’t think their cries would be well-founded.

After I wrote this, I did a search on the web to see whether I could find other businesses doing something similar to what I’m proposing. Lo and behold, it seems that Red Hat did this a few years ago. See GPL expert gives Red Hat the all-clear.”

Poll results

I closed the poll today. In the intervening period, 121 people had taken the poll. Here’s a graphical depiction of the results (thanks to the wonders of Gravity Forms and its Polls Add-On):

Poll-results

Majority consider redistribution of commercial themes or plugins on a public website to be unethical

A majority of those who took the poll – 76 of the 121 people – think the practice of purchasing or otherwise obtaining a commercial theme or plugin and then either reselling it on a public website or giving it away on a public website, is unethical, regardless of whether it’s permissible under the GPL. A further 10 people don’t know whether it’s unethical but don’t like it. The remaining 35 didn’t have a problem with it if the GPL is complied with.

Widespread support for inclusion of proposed term

Each person that took the poll was asked to assume he or she is a purchaser of commercial themes or plugins. Each person was then asked whether he or she would support a commercial theme or plugin business including the kind of term I’ve mentioned in its terms of use. (As a reminder, the term gives the business the power to terminate support and access to updates if the customer were to openly redistribute the commercial theme or plugin on a public website, either for a price or no charge.)

An overwhelming number of those who took the poll – 101 out of 121 – supported the inclusion of such a clause, as they selected this option:

“Yes, I would support that as I understand the business is trying to protect its investment and it poses no threat to my use of the themes or plugins.”

Of the remainder, 17 did not support the inclusion of such a clause even if the GPL freedoms remained intact, and 3 didn’t know or care.

Views of theme and plugin businesses on the idea of including the suggested clause

Of the 121 people who took the poll, 67 were from a business that develops commercial themes or plugins or were thinking of becoming one. These people were asked some additional questions.

The first additional question they were asked was whether they like the idea of including the suggested clause in their terms of use (in answering this, they were told to assume they wouldn’t be criticised for including the term). 47 of the 67 said they like the idea of the proposed term. 13 didn’t like the idea of this term and the remaining 7 didn’t know or didn’t care.

The second additional question they were asked, on the assumption that they would include the proposed term in their terms of use, was whether they’d be concerned that vocal stakeholders in the WordPress community might openly criticise them for not complying with the ‘spirit’ of the GPL (even if the term doesn’t actually remove any GPL freedom). 26 of the 67 answered yes (they would be or are concerned), 17 answered no (not concerned) and the remaining 4 didn’t know or care.

Comments

General conclusions

To the extent that one can draw general conclusions from this poll (and admittedly the sample is not exactly huge), they would appear to be that:

  • a significant majority of people either think that the practice of purchasing or otherwise obtaining a commercial theme or plugin and then either reselling it on a public website or giving it away on a public website is unethical or they don’t know whether it’s unethical but still don’t like it;
  • there is widespread support for the inclusion of a term in theme and plugin shops’ terms of use that would entitle the theme or plugin shop to deactivate a customer’s access key (if that’s how they’ve set things up) and to terminate their access to support and updates;
  • a significant majority (more than two thirds) of people from businesses that develop commercial themes or plugins (or who are thinking of becoming one) like the idea of the proposed term; and
  • a bit over a third of those from businesses that develop commercial themes or plugins or are thinking of becoming one would be concerned about being openly criticised by vocal stakeholders in the WordPress community if they were to include such a term (even if the term doesn’t actually remove any GPL freedom).

Businesses should be able to protect themselves in legitimate ways without fear of attack

In my view, it’s unfortunate that the third of people mentioned in the last bullet point would be concerned about being criticised by vocal stakeholders in the WordPress community if they were to include such a term, because – for reasons already given – in my view such a term would not be contrary to the GPL.

I think it’s undeniable that the development of robust commercial themes and plugins supports rather than detracts from the growth of the WordPress ecosystem. Just look at Automattic’s acquisition of WooCommerce as an example or the power that Gravity Forms brings to WordPress as another. Businesses that depend on and support the WordPress ecosystem should be able to protect their legitimate commercial interests without fear of verbal attack from those who cling to misconceptions of what the GPL does or doesn’t allow.

Bear in mind here, too, that the GPL is not an open source licence created for WordPress. Rather, it is simply the open source licence that governed the use of B2/cafelog when Matt and others forked it to become WordPress. WordPress users don’t have any monopoly over what the GPL does or should mean or allow.

The wording of the proposed term

The WordPress theme/plugin shop terms of use that you can build online if you purchase the business package of A Practical Guide to WordPress and the GPL will provide you with terms that, among other things:

  • explain the GPL licensing of the themes or plugins;
  • accommodate the use in themes or plugins of public domain assets (such as images) or assets that have been licensed by another under a Creative Commons licence (such as photos);
  • refer customers to a human-readable summary of the GPL for more information;
  • contain an explanation of the redistribution that the GPL allows but together with information on the investment that the business has made in developing its themes or plugins and the adverse consequences (for the business, its staff and in some cases their families) that open redistribution could bring;
  • explain a customer’s access to support and updates; and
  • regulate a customer’s use of its access key, login and right to support and updates.

It is the last item in this list that contains a right for the business to deactivate a customer’s access keys (if that’s how the business has set things up) and to terminate the customer’s access to support and updates if the customer decides to make a purchased commercial theme or plugin available on a website for download by others. The suggested clause (which may need tweaking in certain cases to reflect how a business has set things up) is as follows (I’ve italicised the key part relevant to this discussion):

Access key, login and right to support personal to you

Your access key, your support login and your right to support are personal to you. You are not permitted to share any of them with, or transfer any of them to, anyone else without our prior written approval (which we may refuse at our discretion) and you are not permitted to republish support answers on any other website or medium. If you do any of these things, we may deactivate your access key and terminate your right to support and updates, with or without notice. You agree that we may also exercise these powers if we have reason to believe you are requesting support for sites that do not fall within your support entitlements or if you are making our Products available on another website for others to download, with or without charge. (This does not defeat your rights under the GPL. We are simply saying that if you decide to exercise your GPL rights in that way, you will lose your right under these terms of use to access support and updates from us.) If we believe the security of your access key or login has been compromised, we may suspend your rights of access while we investigate. If you believe your login has been compromised, please let us know as soon as possible.

No legal advice

I hope this helps. Needless to say, I’m not providing legal advice to anyone in suggesting this kind of clause. It is for each business to make its own decision on the inclusion of such a clause, with its own legal advice if required.

Happy developing!

Step-by-step guide to attributing Creative Commons-licensed images

BobWP reader seeks step-by-step guide

A while back I wrote a piece that first appeared on BobWP called Using Creative Commons images on your site with confidence (I republished it here too). Recently a reader of BobWP asked a question about the detailed mechanics of finding a Creative Commons-licensed image and applying an attribution statement to one’s use of it. He was trying to use images found through Google image and Flickr searches but wasn’t sure exactly how to go about attributing the image and was looking for a step-by-step guide.

In response, I wrote a brief step-by-step guide in the comments on Bob’s site. Because that guide might come in useful for others, I thought I’d post it here on WP and Legal Stuff too.

Key steps

1. Search an image repository that has Creative Commons-licensed images

Find an image and ensure it is licensed under a Creative Commons licence. Flickr is a good source and I’ll use that as an example from now on. Do an initial search for the topic or subject you’re interested in by using the search form on the Flickr homepage:

Flickr-homepage

2. Refine your search results

When you do a search, it will reveal all images that match your search terms, regardless of whether the images are licensed for re-use. This means you have to refine your search. To do that, on the results screen, click on the dropdown menu called “Any license”:

Flickr-licence-dropdown

(The dropdown name “Any licence” is not very clear as some images are not licensed at all). You want to select either “All creative commons” or one of the three options below it. Which one you select depends on what sort of licensing rights you need. If you want to use an image commercially, you’ll need to select “Commercial use allowed” (and so on for the other options).

3. Select an image

Once you’ve done that, you’ll see a list of images that is confined to Creative Commons licensed images. Click on one you like. When you do, you’ll be taken to that image and you’ll see the licence that has been applied to it. Here’s an example:

CC-licence

4. Identify which licence applies

To figure out which particular licence applies, click on the “Some rights reserved” link and open it in a new tab (some people will know what the icons beside “Some rights reserved” represent, but many won’t, which is why I’m suggesting opening the link in a new tab). In this case, you’ll see that the licence is a Creative Commons Attribution-ShareAlike 2.0 Generic licence:

CC-BY-SA-2-Generic

If you look to the left of the page on Flickr (further above) you’ll see that the author is someone called Celine.

5. Use the image in your site

Use the image you’ve selected in your site as you wish (consistently with the terms of the applicable Creative Commons licence).

6. Add attribution statement

Within the editing window, add your attribution statement either below the image or, for example, at the end of the post or page. To create the HTML for the attribution statement, you can use this kind of format (the code is on the left and on the right you can see how it’s rendered):

Code-snippet

Note that I’ve linked “Celine” (the owner of the photo) to the page on Flickr that contains the photo I’m using and that I’ve linked “Creative Commons Attribution-ShareAlike 2.0 Generic licence” to the Creative Commons page that contains that licence (which I accessed in step 4 above).

If you want to copy and paste that code so as to just swap out the bits relevant to the image you’re using, you can find it here on GitHub.

(Note that you don’t have to use my suggested wording, with the “Thanks to” component. I just do that to show some gratitude. I gave other examples in the original post mentioned above.)

That’s it!

That’s it. If anything is unclear, let me know. This gets easier and faster the more you do it.

Something for the future

By the way, I’ve half built and in the future will publish a tool that grabs some inputs from someone wanting to create an attribution statement and then spits out the HTML code for the attribution statement. Maybe that’ll make life easier. Hope so.

(Thanks to Celine for her dog image, licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic licence. I have cropped the image. My cropped version above is likewise licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic licence.)

A Practical Guide to WordPress and the GPL – now available – 30% introductory discount

Finally…

I’m pleased to be able to say that A Practical Guide to WordPress and the GPL is now out in the wild. You can find it right here.

Outline

Here’s a quick outline of the chapters:

1. Introduction: conception, birth and forking

2. Understanding the GPL licensing of WordPress

3. Common GPL-related questions

4. WordPress themes, the GPL and the conundrum of derivative works

5. The GPL and assumptions of automatic inheritance

6. Theme reviews, CC0, model releases and GPL-compatibility

7. Selling ThemeForest themes outside of ThemeForest

8. Reselling commercial plugins

9. The GPL and trademarks

10. Theme and plugin shop terms of use versus GPL freedoms

A-Practical-Guide-on-desk

Packages

Three different packages, or editions, are on offer:

1. The business package

If you’re into the business of developing WordPress themes or plugins (or both), you might want this package. You’ll get:

  • the ebook (PDF) of A Practical Guide to WordPress and the GPL;
  • a professionally narrated audio book, enabling you to listen to the book when you’re on the go (narrated by Steve Chase); and
  • access to a terms of use builder through which you can build draft online terms of use for your WordPress commercial themes or plugins shop, with open and honest GPL licensing as well as protections for your business.

2. The book and audio book package

With this package, you’ll get:

  • the ebook (PDF) of A Practical Guide to WordPress and the GPL; as well as
  • the professionally narrated audio book, enabling you to listen to the book when you’re on the go (narrated by Steve Chase).

3. The book package

If you’re just after the ebook of A Practical Guide to WordPress and the GPL, this package is for you. You’ll get a PDF of the ebook that you can read or dip into at your leisure.

Introductory discount

For a limited time, you can get 30% off each of these packages. To get the discount, just tweet the book’s promo page or like it on Facebook, using the buttons on the promo page (you’ll find them directly under the three package offerings). Doing that will reveal an offer code which you input at the point of purchase. Easy. The discounts will be available for around a week.

Terms of use builder

If you’d like to see a video demonstration of the terms of use builder (you get access to this with the business package), you’ll find that on the promo page too. Hell, I might as well embed it here too:

Questions

If you have any questions, feel free to ask. Otherwise, why not go and check out the book’s promo page. Thanks.

A human readable summary of the GPL?

In my ebook (A Practical Guide to WordPress and the GPL) which will be out within the next 6-8 hours, I’ve included a one page summary of the GPL which I hope will make it easy for people to understand the core concepts of the GPL. That summary outlines the position in relation to copying and distribution, fees, modifications/derivative works, distributing non-source forms, termination, and downstream licensing:

GPL-one-page-summary-in-ebook

This particular summary follows the flow of the clauses in the GPL and that’s why it flows through the subject headings I’ve just mentioned. One consequence of this common approach to summarising legal documents is that the discussion of a single topic may contain a summary of both a person’s rights and a person’s obligations. For example, the discussion of modifications / derivative works says:

“You may modify the Program or any part of it and distribute the modifications or new work as long as modified files contain notices regarding the existence and date of changes and any work that you distribute or publish that contains or is derived from the Program or any part of it is licensed as a whole at no charge to all third parties under the GPL.”

As you can see, this paragraph says “you are free to do A but if you do you also need to do X”. Rights and obligations. This approach is repeated, where relevant, for each subject.

Last night, in response to some comments on one of my posts by a couple of people, I wondered whether there was a different and perhaps even simpler way to summarise the GPL. I was also thinking about this because the terms of use that my WordPress theme/plugin shop terms of use builder will generate (available as part of my ebook business package) will summarise the GPL and also link to a human readable summary of the GPL for customers that want to read more.

Now, in my normal day job, I’ve done a huge amount of work on open licensing of government copyright works and that has involved very close examination and implementation of the Creative Commons licences. Not surprisingly, then, my mind immediately gravitated towards the ‘human readable deeds’ that Creative Commons produces for its licences. Those deeds take a slightly different approach to summarising the legal terms of the licence. Instead of addressing licence content on a subject by subject basis, which would include rights and potentially obligations per subject, they take a “you can do A, B and C, as long as you do X, Y and Z” approach. In other words, they state all freedoms and then list the obligations. For some people, this may be easier to follow.

With that in mind, last night I whipped up a GPL human readable summary, modelled on the approach taken by Creative Commons. This is what it looks like:

GPL-human-readable-summary

What do you reckon?

(Thanks to Felix E. Guerrero for the First Aid Kit and Key image, which he has licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic licence.)

Theme and plugin shops – Discouraging public redistribution – User poll

Context

Last week I sent an email to subscribers on my email list. I hadn’t proposed to publish the content of that email but, given some questions I’ve received in response, I thought it might help to publish it. I also thought it would be helpful and interesting to take a quick poll of people’s views on the reselling of commercial themes and plugins because people’s views on this issue are relevant to the inclusion of the contractual mechanism in theme/plugin shop terms of use that I discuss below. I’ll set out the email then take the poll.

(Please retweet as the more that take this super quick poll the better.)

So, the email

This is what I said:

“I’m in the process of finalising my 10 chapter ebook called A Practical Guide to WordPress and the GPL. The ebook will be offered in a range of packages, from just the ebook through to a package that will offer the ebook, an audio book and a terms of use builder for WordPress theme and plugin businesses.

In working on the terms of use builder yesterday [now last week], I had an idea as to a means by which theme and plugin shops might seek to discourage customers from making a theme or plugin available on a website for download by others (whether for free or a charge), even when the theme or plugin is 100% GPL-licensed. As you’ll know, this sort of behaviour hits legitimate businesses in the pocket and can threaten their sustainability. I thought some of you might like to know about the idea now. Note that I’m only talking here about widespread, open/public redistribution of commercial themes or plugins. [In other words, this would not affect your ability to use a theme or plugin on as many of your own or your clients’ sites, for example, as you wish.]

As you’ll know, the sale of a commercial theme or plugin usually entails access to the theme or plugin for download as well as a right to support and updates for a defined period, usually 12 months. It seems to me that some ‘public redistributors’ leverage the fact that they, as purchasers, can get access to support and updates. In other words, they use this access to seek support relevant to ‘their customers’ and/or they use it to get access to updates which they then release for download on their own sites.

Now, this sort of activity is generally permitted by the GPL, as long as they do it in the right sort of way and don’t breach any trademark rights or relevant laws. This might make you think that this kind of behaviour can’t be controlled contractually. But I think it can, at least to some extent.

How? Well, you include a clause in your terms of use which says that, if a customer decides to make your commercial theme or plugin available on a website for download by others, you may exercise a right to deactivate their access keys (if that’s how you’ve set things up) and to terminate their access to support and updates.

Is this contrary to the rights they have under the GPL? I think not. This approach doesn’t stop them from distributing the theme or plugin, as they originally obtained it, on a website. But it does say this to them: “if you decide to exercise your GPL rights in that way, as you’re entitled to do under the GPL, you run the risk of losing your contractual right to support and updates under these separate terms of use”. This is a commercially-oriented mechanism that is distinct from, and doesn’t prevent the exercise of, one’s freedoms under the GPL. It does say “you can’t have it both ways, folks”, but the GPL rights are left intact. Only the separate, commercial support arrangements are affected. There may be those who would cry foul, but – legally – I don’t think their cries would be well-founded.

After I wrote this, I did a search on the web to see whether I could find other businesses doing something similar to what I’m proposing. Lo and behold, it seems that Red Hat did this a few years ago. See GPL expert gives Red Hat the all-clear.

Theme and plugin shops need to be aware that, if they cut off access and support in practice but in a situation where their terms of use don’t regulate public redistribution in the way I’ve described or don’t reserve rights to withdraw support for any reason, they may face allegations of breach of contract if they remove a redistributing customer’s access.

The terms of use that my builder will create will (if a business wishes) contain a term that addresses this situation. If you’ve any thoughts on it, please feel free to fire me a message through my contact form at WP and Legal Stuff or email me … . This email is only being sent to my email list. For that reason, you won’t be able to leave a comment on the site itself. [No longer the case obviously. Instead of emailing me, please complete the poll below.]

All the best.

Richard

P.S. I appreciate that a mere legal term relating to support won’t stop people who are hell-bent on redistributing GPL’d themes or plugins on a publicly accessible website from doing so. But it may stop a subset of people who actually care about their access to support and updates. The inclusion of such a clause might also make would-be redistributors wonder whether that kind of redistribution is ethical.”

Now for the poll

The poll has now closed. Thanks to all those who spent the time taking the poll. Much appreciated.

 

(Thanks to The Art Gallery of Knoxville for the “FREE BEER 3.3 Ready to Drink!” image https://www.flickr.com/photos/16038409@N02/2327155978/, licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic licence https://creativecommons.org/licenses/by-sa/2.0/)

Automattic, WordPress.com, Jetpack, European cookie laws and transparency

Setting the scene

In Legal checks when building a content-driven WordPress website, I discussed cookies — not the edible variety but the small text files that are stored on your computer or mobile device when you visit or undertake certain activity on certain websites (for further information about cookies, see https://www.allaboutcookies.org.)

I observed that, whilst many countries don’t have laws that require disclosure of cookies, in Europe there are specific (and controversial) cookie laws. Website owners in European Member States are required to:

  • provide clear and comprehensive information about the cookies they are using; and
  • obtain consent to store a cookie on a user or subscriber’s device.

There are some narrow exceptions but I don’t think I need to mention them again.

Questions

The questions I want to explore in this post are these:

  • What are the implications of the European cookie laws for European users of WordPress.com and Jetpack?
  • Are users of WordPress.com and Jetpack able to obtain sufficient information as to the cookies that these services set?
  • If not, do the cookie laws erect an obstacle (at least for those who care) to European use of WordPress.com and/or Jetpack?

Implications of cookie laws for European users

The implications of the cookie laws for European users of WordPress.com and Jetpack are clear: they need to be able to provide information on the cookies that these services set and to include a consent mechanism.

Are users of WordPress.com and Jetpack able to obtain sufficient information from Automattic?

Status in 2014

In November 2014, a Spanish user of WordPress.com posted this message in the WordPress.com forums:

“There are new politics in Europe. In Spain (and maybe other countries of Europe) we need to inform about cookies. …”

I chimed in with this:

“Hi there. I’m interested in this topic too, from the perspective of the cookies that WordPress.com generates when someone with a WordPress.org site is using the Jetpack WordPress.com stats feature. I haven’t been able to find the cookie names anywhere and they are not identified by name in Automattic’s Privacy Policy. I suggest that the cookie names and functions for WordPress.com stats (and any other WordPress.com function) need to be listed somewhere to enable people in or serving European clients to adopt best practices in relation to cookie disclosures … .

In the meantime, is someone able to name what cookies (if any) are generated by Jetpack/WordPress.com Stats when used on a WordPress.org (self-installed) site?

Many thanks for your help.
Richard”

In December a WordPress.com Happiness Engineer kindly updated me, stating that “we don’t have a list of cookies readily available, so it may take some time before we have those details you requested”.

Time marched on and, well, my focus shifted to other matters.

Fast forward to 2015 – Automattic invests in cookie transparency

Fast forward to July 2015. Last week I found out that Automattic has been putting considerable effort into fostering cookie transparency. Automattic has created the following:

A cookies disclosure page for WordPress.com

Cookies-support

A widget that displays a cookies banner

widget

A cookies disclosure page for Jetpack

Jetpack

The cookies disclosure page for WordPress.com explains what cookies are, describes how WordPress.com makes use of cookies for a variety of purposes, and provides fairly detailed information on the cookies WordPress.com uses, distinguishing between cookies that are strictly necessary for technical reasons, cookies that enable a personalised experience for visitors and registered users, and cookies that allow the display of advertising from selected third party networks. It lists and describes many examples of the cookies WordPress.com uses and notes that visitors can restrict the use of cookies or prevent them from being set.

Turning to the widget, you can add an “EU Cookie Law Banner” to your WordPress.com site by adding the widget of that name to the widgets section in your site’s customizer. There’s a range of settings. For example, you can hide the banner after a user clicks the ‘close and accept’ button, or after the user scrolls the page, or after a defined period of time. You can amend the default text if you wish, you can change the colour scheme (light or dark, more if you’re a premium user), you can link to the WordPress.com cookie information or to your own cookies policy page, and you can change the button text. Here is what the default banner looks like:

Cookie banner

Last but not least, the Jetpack cookies page explains that cookies are used by Jetpack in a variety of different ways and that the cookies set will depend on the Jetpack features that are enabled. It notes that the cookies are only set when a user interacts with one of these, or to allow admin functions to be performed in wp-admin. It then names and provides other details on the cookies that are set for visitors and registered users of sites with the Jetpack plugin installed.

Superb developments

As a lawyer who has been a bit frustrated in the past about the inability to obtain information on the cookies set by WordPress.com and Jetpack, I think these developments are superb. They go a substantial way towards enabling those in Europe to comply with the cookie transparency laws.

Whether a site run by someone in a given European country complies with that country’s laws is not Automattic’s responsibility, of course, but Automattic has clearly invested a good deal of time and money in helping its European users.

Any remaining obstacle?

Cookie lists not exhaustive

You might want to note that the cookies listed for WordPress.com are not exhaustive. Rather, the kinds of cookies used are explained and numerous examples are given. The cookies page is clear in stating that the listed cookies are examples. This, I understand, is due to the dynamic and evolving nature of WordPress.com. An exhaustive list of cookies that is valid in one month might become out of date in another. Automattic is certainly not alone in taking this approach. It seems to be the same kind of approach that Google takes.

Residual risk? Unlikely

Does the fact that the cookies lists are not exhaustive pose significant residual risk to European users of WordPress.com? I can’t comment on how the European ePrivacy Directive has been implemented and interpreted in every European member state (there will likely be variance in interpretation across member states), but I can tell you what the United Kingdom’s Information Commissioner has said, namely, this:

What do we need to do to comply?

The rules on cookies are in regulation 6. The basic rule is that you must:

  • tell people the cookies are there;
  • explain what the cookies are doing and why; and
  • get the person’s consent to store a cookie on their device.

As long as you do this the first time you set cookies, you do not have to repeat it every time the same person visits your website. However, bear in mind that devices may be used by different people. If there is likely to be more than one user, you may want to consider repeating this process at suitable intervals.

What information must we give users?

[The Privacy and Electronic Communications Regulations] do not set out exactly what information you must provide or how to provide it – this is up to you. The only requirement is that it must be “clear and comprehensive” information about your purposes. You must explain the way the cookies (or other similar technologies) work and what you use them for, and the explanation must be clear and easily available. Users must be able to understand the potential consequences of allowing the cookies. You may need to make sure the language and level of detail are appropriate for your intended audience.”

In my view, the approaches taken by Automattic and Google are pragmatic and provide users with reasonable and digestible information on the fact that cookies are used, what the cookies are doing and why they are doing it. They also provide clear examples of named cookies. Arguably that is sufficient.

There will probably be those who will say the gold standard is listing each and every cookie – and yes if you do that you ought to be safe – but, for large or complex operations, that approach runs the risk of producing monstrous cookie policies that most people will never read, resulting in overly bureaucratic processes for minimal gain. They could even be counter-productive. In my view, a sensible compromise needs to be struck between transparency interests and usability or readability interests. There’s little point in drafting something that is so complete, yet so monstrously detailed, that it’ll never enter anyone’s consciousness.

If you’re in the United Kingdom, I’d be astonished if the Information Commissioner were to take a stricter view, given what it has said publicly (as quoted above). Let us hope the same common sense prevails in the other European member states.

(Update: I need to be clear that I don’t know the position in other European member states on this particular issue. I know there has been inconsistent implementation of the Directive’s requirements in relation to prior consent to the setting of cookies. It wouldn’t surprise me if there were different interpretations on this point too, but I just don’t know. That said, it is widely recognised that the lack of uniformity across Europe is shambolic and that cases involving enforcement are rare.)

(Thanks to Marjan Lazarevski for the ‘Cookie Crave‘ image, licensed under a Creative Commons Attribution-NoDerivs 2.0 Generic licence.)

Theme and plugin shop terms of use versus GPL freedoms

Introduction

For a while now I’ve wanted to address an issue that niggles away at me every time I see it. I touched on the subject slightly at the end of Readers ask: About reselling commercial plugins (updated) but I wanted to explore it a bit more in its own post.

There are so many theme and plugin shops out there now that you probably couldn’t count them all with even 20 hands. Perhaps not surprisingly, this multiplicity of WordPress businesses has resulted in a wide range of terms of use and licensing statements in relation to the themes and plugins they sell.

Of course, what these businesses say in their terms is constrained – or should be constrained – by the requirements of the GPL, at least in situations where they’ve created derivative works of WordPress or other GPL’d code or where they’ve otherwise chosen to apply the GPL to their themes or plugins.

In this post, I’m going to focus on theme and plugin shops that have expressly applied – or purport to have expressly applied – the GPL 100% to their themes or plugins. I’m going to discuss four kinds businesses:

  • businesses that clearly understand the GPL and get their licensing statements right;
  • businesses whose licensing statements are difficult to understand;
  • businesses that either don’t understand the GPL or do understand it but cloud or misrepresent (either innocently or deliberately) the freedoms that the GPL confers on purchasers of their themes or plugins; and
  • businesses who just get the GPL plain and unambiguously wrong.

I’ll also comment on businesses whose terms purport to reserve a right to change the licensing of their themes at any time. Note that almost all of the theme shops I’ve reviewed are commercial theme providers with a listing on WordPress.org.

Before I get into things, I should note that I’m not talking in this post about access to support and upgrades being restricted to paying customers. That’s all perfectly legitimate under the GPL. What I’m focusing on here is what businesses’ terms of use or pricing pages say in relation to the GPL and what a customer is entitled to do with a theme or plugin it purchases when that theme or plugin is GPL-licensed.

Businesses that get it right

There are many businesses whose terms of use are clear in their GPL licensing and there are generally two variants of the terms used by such businesses. Under the first variant, the businesses keep things simple and say something like: “Our products are licensed under the GPL” or “[name of theme/plugin] is licensed under the GNU general public license” (e.g., WooThemes, Rocket Genius/Gravity Forms). And within this variant there are those who inject some humanity into their terms. For example, Array themes says this:

“All digital goods provided by Array are released under the GNU Public License version 2.0. Go create something beautiful and share it with us.”

Nice. Even within their minimalist terms they want to delight their customers.

Businesses that opt for the second variant go a bit further and say something like this:

“All [our] themes are licensed under the GPLv2.You can use our themes for personal and commercial projects and for as many websites as you like.”

Many businesses’ terms are along these lines. In my view, they provide helpful guidance to purchasers.

Businesses whose terms are difficult to understand

I’ve come across one theme shop that says, without more, that its ‘theme code’ is licensed under the GPL. But what does ‘theme code’ actually mean? Would theme code include non-code assets within a theme’s zip file? Arguably not. This sort of licensing actually looks more like a split licence to me than full GPL. The intended meaning is unclear.

Businesses whose terms cloud or misrepresent the GPL freedoms

Some businesses who say their themes are GPL-licensed offer basic versions of themes or plugins for free or a low cost as well as ‘premium’ versions of the themes or plugins which have more functionality. That’s all fine. What’s not so fine is when they draw a distinction – either expressly or implicitly – between what can be done with a basic or low cost version as against what can be done with the premium version. I’m not referring to the different levels of functionality. Rather, I’m referring to the number of sites on which the theme or plugin can be used. For example, some theme shops say very little or nothing about what can be done with the basic or low cost version but then say, for the premium version, that it can be ‘used on unlimited websites’ or that purchasing a premium version comes with ‘the right to use the theme on an unlimited number of websites’.

To my mind, this may prompt some users to infer that the basic version cannot be used on unlimited websites. Logically, of course, the fact that ‘unlimited websites’ is stated for the premium version whilst nothing is said for the basic or low cost version doesn’t necessarily mean that the basic or low cost version can only be used on a small number of websites or a single website. However, drawing the distinction I’ve mentioned isn’t helpful and does nothing to explain to users of the basic or low cost version that, under the GPL, they too can use their version on unlimited websites. It seems that some theme or plugin businesses draw this distinction to encourage more customers to buy the premium version but I’d suggest that, in doing so, they’re not being as transparent as one might expect in relation to what the GPL allows.

Another and perhaps worse variant of this is where a theme shop says that, if you buy one of its GPL’d themes, you can use it ‘on any websites you own’. To my mind this is misleading. You do not have to own a website to use the GPL’d theme for that website.  You can use it on any website, regardless of whether you own it. Now, I’m not suggesting that this excellent theme shop that is listed on wordpress.org is intending to mislead anyone, but the wording is misleading as it implies that one cannot use the theme on a client’s site. This is particularly so when the terms go on to say that, if you purchase a developer package, you can use the theme on an unlimited number of client sites.

Businesses whose terms get the GPL plain wrong

Sometimes businesses’ terms of use just get things plain wrong. For example, one business that purports to license its themes under the GPL says that, with a single purchase, you can use the purchased theme ‘for multiple sites of your own’ but you can’t redistribute or resell it to any of your customers or clients. This just isn’t right. If I obtain a 100% GPL-licensed theme, I can use it for my own sites, I can use it for client sites, I can give it to my friends, I can give it to clients, I can sell it to clients and I can otherwise redistribute it as I please, as long as I comply with the GPL’s terms.

Another business that licenses its themes under the GPL (and it makes it clear that the GPL applies to the PHP, javascript, CSS and images) says its customers are not permitted to reproduce, duplicate, copy, sell, trade or resell its themes. Again, this is wrong. A recipient of a fully GPL’d theme is actually entitled to do all these things.

Purported rights to alter licence terms

Sometimes a business will include a term in its terms of use by which it “retains the right to change… the licensing of … our themes at any time”. On one interpretation, this is contrary to the generally accepted proposition that the GPL is irrevocable (GPL version 3 is much clearer than version 2 on this issue but even version 2 is generally regarded as being irrevocable). A licensor of all the copyright in a work that it GPL licenses may stop distributing the work under that licence and/or license it under a different licence to others, but it is generally considered that people who already have the GPL’d software can continue to use it and that a purported revocation of those people’s rights under the GPL would be ineffective. Similarly, where a GPL’d work consists of a chain of copyright components, all successively licensed by various people under the GPL, one licensor cannot take the whole and purport to apply a more restrictive licence as it won’t have the right to do so from the upstream licensors.

The short point is that a theme shop that purports to retain the right to change the licensing of its themes, when those themes have already been licensed under the GPL, should not be read as restricting those who already have the themes from exercising the freedoms that the GPL gives them.

Conclusions

Theme and plugin shops deploy a range of approaches as to how they describe the GPL-licensing of their products, from good to not-so-good to bad. I’m not suggesting that all theme and plugin shops whose terms fall in the not-so-good or bad camps are deliberately misleading customers. I suspect the reality is that some are doing this, for economic reasons, while others or their lawyers have either misunderstood the GPL or used language which just isn’t quite right, if not quite wrong.

(Thanks to Japanexperterna.se for the ‘See no evil speak no evil hear no evil‘ photo, licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic licence.)