#111 GNOME Software is recommending proprietary software
Opened 2 months ago by chrismurphy. Modified 15 days ago

Starting in Fedora Workstation 31, GNOME Software is actively recommending proprietary software in certain instances (that we need to better understand).


Example 1: Clean install of Fedora 31, updated as of 2019.11.24, 3rd party repo not enabled in GNOME Software. When I search for "dropbox" in GNOME Software, a single result appears: version unknown, license proprietary, source unknown, and has 1 star. The reviews are terrible suggesting this item is a mistake and should be removed.
https://bugzilla.redhat.com/show_bug.cgi?id=1776045

Example 2: Flathub enabled, user reports GNOME Software displays an advertising banner (Featured Application) for Dropbox (@catanzaro also sees Slack).
https://bugzilla.redhat.com/show_bug.cgi?id=1769967

Discussion on desktop
https://lists.fedoraproject.org/archives/list/desktop@lists.fedoraproject.org/thread/6GLONHCRN3NDROH4YPL5SLEQNE7XBBR7/#6GLONHCRN3NDROH4YPL5SLEQNE7XBBR7

I think we need some kind of filtering. Even if the user enables flathub or any other 3rd party repo that contains proprietary software, doesn't mean it's obvious the user has intended to also enable recommendations (either active via banners or passively via search) for proprietary software. I think the non-free/proprietary software visibility should be a separate op-int UI element. Not to make things harder for the user to use proprietary software, but to make it clear they've intentionally opted into it.


Example 1: Clean install of Fedora 31, updated as of 2019.11.24, 3rd party repo not enabled in GNOME Software. When I search for "dropbox" in GNOME Software, a single result appears: version unknown, license proprietary, source unknown, and has 1 star. The reviews are terrible

This is probably a web app. The terrible reviews are largely because we don't do a great job of advertising what these apps are, so people get disappointed when they try them.

We've discussed potentially retiring the web apps feature. The alternative would be to do a better job at labeling (I did some mockups for this, once upon a time).

Example 2: Flathub enabled, user reports GNOME Software displays an advertising banner (Featured Application) for Dropbox (@catanzaro also sees Slack).

I think we need some kind of filtering. Even if the user enables flathub or any other 3rd party repo that contains proprietary software, doesn't mean it's obvious the user has intended to also enable recommendations ...

I don't see "I want to be able search for app foo, but I don't want to see a banner for it" as being a compelling use-case. My feeling is that apps should be either visible or invisible: visible apps are installable and get advertised. Invisible apps cannot be seen or installed, and aren't advertised.

There have been various conversations about doing a free-only view of Flathub, and that would probably resolve this issue.

Example 1: Clean install of Fedora 31, updated as of 2019.11.24, 3rd party repo not enabled in GNOME Software. When I search for "dropbox" in GNOME Software, a single result appears: version unknown, license proprietary, source unknown, and has 1 star. The reviews are terrible suggesting this item is a mistake and should be removed.

What did you expect to get when searching for dropbox ?

It seems disingenuous to blame gnome-software for showing you what you asked for.

I don't see "I want to be able search for app foo, but I don't want to see a banner for it" as being a compelling use-case. My feeling is that apps should be either visible or invisible: visible apps are installable and get advertised. Invisible apps cannot be seen or installed, and aren't advertised.

How would you feel about e.g. Google or Valve promoting a completely crappy app/game on their front page? I'd feel that they are out of their minds. There is a difference an app being present in the depth of the store among thousands of others, and the storefront actively promoting/recommending one. The former is an anonymous app, the latter is an "editor's choice", "monthly highlights", etc. The purpose of banners is to attract/highlight/recommend something. There are surely many apps that we don't want to recommend, but also surely we don't want to prevent people from using them, if they wish. One of the guiding principles for picking the recommended set might be the app license (together with quality, popularity, etc). Because "Freedom" is one of our four foundations. That doesn't mean we have to be "freedom"-exclusive (we are not), but we should definitely strive to guide our users towards the freedom path.

We went through this before with no good resolution.

I think we should drop the web apps. They're not a great experience (see the star rating) and the list of ones that are available is small and kind of mysterious (Facebook, yes; Twitter, no....).

mclasen I get what you're saying about search results, but I think that'd be more compelling if there were a large open list (like search engine resultes), instead of a options from a small curated selection. Also, try searching for "share" — Facebook and Dropbox are the top two search results there, so it's not always a case of "someone typed 'dropbox' and got Dropbox".

I think the "featured applications" are upstream choices? That's fine but maybe we should make Fedora-specific recommendations there instead?

What is the small curated selection?

When you search for dropbox, you'll get hits from all enabled software sources. I agree that we don't have enough desktop apps on linux, but I would not call this a 'small curated selection'

Specifically, the webapps list. That's the things in /usr/share/app-info/xmls/webapps.xml, right?

Kindle Cloud Reader
Ask Fedora
BBC iPlayer
Devdocs.io
Dropbox
Facebook
Google Drive
Google Maps
Google Talk
Twitter
Telegram Web

(I was mistaken before -- Twitter is there. )

"Google Talk" isn't even a current service. And the Ask Fedora one doesn't seem to install on my system, although maybe that's a local glitch.

oh right. I think dropping webapps is a separate discussion

Yes, I suggest we consider dropping web apps to be an entirely separate discussion for a separate ticket. I agree that makes sense to get rid of them, but they are only tangentially related to this issue. The web apps have been there for many years, and despite the Proprietary licence tag in GNOME Software, they do not actually install any proprietary software as the browser is GPLv3.

Let's focus this issue on the advertisement banners. It seems inarguable that the selection of banners is both small and curated. Instead of proposing a Fedora-specific curation, which is unlikely to occur due to the significant effort that would be required, it would be more plausible to propose that Fedora removes controversial applications and otherwise sticks with the upstream curation. However, based on discussion from today's WG meeting, it seems fair to say the WG is unlikely to reach consensus to do that.

Example 1 / Bug 1776045 / webapps. I've added a strike through for that.

Example 3
1. Clean install Fedora Workstation 31 from Live ISO
2. g-i-s accept defaults
3. Launch GNOME Software, click on Let's Go Shopping
4. I see: Enable ThirdParty Repositories? I do not click enable, instead I click X.
5. Firefox, go to flathub.org, click Quick Setup, click Fedora, click Flathub repository file, accept opening flathub.flatpakrepo with Software Install (default), switch to GNOME Software and click the Install button.
6. Reboot (unnecessary but without at least doing a killall gnome-software, the flathub metadata isn't fully loaded and I don't immediately see the subsequently described behavior so it's just easier to reboot)
7. Login and launch GNOME Software
8. One of the Featured Applications (banners) is Spotify
9. Click on the Spotify banner
10. Click install button

All the way up to this point I have never seen any disclosure of non-free / proprietary software.
a. I explicitly said no to non-free in step 4
b. Nowhere on flathub.org nor in GNOME Software when adding this repo is non-free / proprietary software mentioned.
c. In step 10, only if I scroll down to see below the Spotify description, do I see License: Proprietary.

I see banner ads for proprietary software, and can install them, without ever having knowingly opted in to proprietary / non-free software.

The multiple users case is also a curiosity because any admin user can effectively cause all other users to see banner ads for proprietary software, as well as the ability to install non-free software. The opt-in to non-free appears to be system wide, not per user.

e.g. Chris installs the flathub repo and installs Spotify. Sally logs in, and now sees banner ads for proprietary software in GNOME Software, sees and can launch Spotify having not installed it, and can also install Dropbox having not expressly opted into non-free software herself.

As soon as you install the flathub remote, it is no longer a pristine workstation. Where is the difference to downloading the chrome repo file and enabling the chrome yum repo ?

I don't think single vs multi-user is relevant at all. If you are on a managed system, you get to suffer from your admins decisions, thats why the wheel group has that name...

Difference between Google Chrome repo and Flathub remote:
a. Regardless of how I enable the Chrome repo, I'm explicitly opting into proprietary software - there are disclosures of this no matter how I enable it. That's not the case for the flathub repo. For all I know this is just a large pile of free software available as flatpaks instead of RPMs.
b. After enabling the Chrome repo, GNOME Software > Software Repositories > Third Party Repositories section lists "google-chrome". Flathub repo is listed outside of this area, strongly indicating it is not a 3rd party repository.
c. If I click on the red Remove All button for Third Party Repositories, Chrome repo is uninstalled, but flathub remote remains, and by extension access to proprietary software.

Example 1 / Bug 1776045 / webapps. I've added a strike through for that.
...

None of the issues described here are about the banners, and most of them can probably be fixed without too many problems.

a. I explicitly said no to non-free in step 4

You said no to 3rd party repositories - that's not the same as saying no to all non-free software.

We could do a better job at describing what the 3rd party repos are. I'd be interested in reviewing this from a design perspective, if we have a developer lined up to work on it.

b. Nowhere on flathub.org nor in GNOME Software when adding this repo is non-free / proprietary software mentioned.

That's an easy thing to fix - it can just be added to the repo description.

c. In step 10, only if I scroll down to see below the Spotify description, do I see License: Proprietary.

From a design perspective, this is trickier. To make the proprietary info visible, it would need to be shown at the top, but there's already a lot going on in that space (see the mockups), as well as a lot of other similar information that could be shown (flatpak permissions, download size, author, distributor, etc etc).

However, if anyone wants to discuss it further, just file an issue against gnome-software.

Can we please focus only on the banners? Workstation does not promote Flathub in any way. We have no UI to enable Flathub, and we are not responsible for third-party repos that we do not ourselves promote. Saying no to our prompt to enable third-party repos means Workstation will not itself enable our promoted third-party repos; it doesn't prevent the user from enabling others. (That said, I agree, Chris, that you've found some design issues with how GNOME Software presents third-party repositories in the Software Repositories dialog. It is indeed confusing that we show third-party repositories are disabled, then list a bunch of enabled third-party repositories underneath. The distinction is that the enabled repositories are not those promoted by Fedora.)

Now, I've been reviewing our polices for third-party software (the Workstation policy, which Council has approved, and also the superseding FESCo policy). I'm fairly confident these banners, as currently implemented, do not violate any existing Fedora policy.

That said, keeping the banners means starting a highly-contentious fight within the Fedora community. I doubt we will win, and the potential for reputational harm to the WG is significant. It seems to me that expecting otherwise is not very realistic.

That said, keeping the banners means starting a highly-contentious fight within the Fedora community. I doubt we will win, and the potential for reputational harm to the WG is significant. It seems to me that expecting otherwise is not very realistic.

You keep saying that, and I'll keep disagreeing

Let's agree to hope my prediction is wrong. ;)

I'm having a little trouble following so I apologize if this is off the mark. To confirm: the banner issue is that if Flathub is enabled in any way, GNOME Software shows "Featured Applications" banners from that software source mixed in with those from the Fedora source. Is this correct?

Assuming so...

I don't think this violates any policy, but I do find it surprising. Because GNOME is the face of our most popular desktop distribution, it's easy to assume these are endorsements from Fedora — nothing shows that these particular "Featured" choices are from the third party repo. I'd really like it if the UI didn't confuse people in that way.

I suppose Flathub is promoting these things in order to show people that popular software of all times is available in that platform. I don't have a problem with that per se, although I do think it's a little odd that Flathub offers that for free to for-profit non-free-software companies. (My general assumption in an app store is that anything "featured" has paid for the privilege!) But that's their business — as long as we show that's where the recommendation is coming from, I have no problem.

I'm having a little trouble following so I apologize if this is off the mark. To confirm: the banner issue is that if Flathub is enabled in any way, GNOME Software shows "Featured Applications" banners from that software source mixed in with those from the Fedora source. Is this correct?

It is almost correct. All the banners come from Fedora, not Flathub. But we do not display the banners unless the corresponding software is installable, so proprietary software banners are not displayed unless Flathub is enabled.

it's easy to assume these are endorsements from Fedora — nothing shows that these particular "Featured" choices are from the third party repo.

So the endorsements really are coming from Fedora, although they are inherited from upstream GNOME, not something Fedora-specific that we are adding in.

I suppose Flathub is promoting these things in order to show people that popular software of all times is available in that platform.

This is not correct, because the promotions come from Fedora's GNOME Software package, not from Flathub.

Let's pretend Adobe packages Photoshop as a flatpak available in flathub.org, and produces a banner ad to be included in GNOME Software. User enables flathub repo, and now they get Photoshop banner ads on Fedora. Acceptable? Photoshop ad will inevitably bump GIMP's ad x% of the time for those users. Still acceptable?

A hypothetical is appropriate for testing the consistency of one's logical position.

I've publicly stated I think it would be a good thing if Photoshop were to become available on Linux, in any capacity, including on Fedora. But for Fedora's GNOME Software to promote it as a featured app? No way. Not unless it becomes suitably libre licensed software. There is a reason why this is called a slippery slope.

I think a distinction between Flathub and other third-party repositories is the degree to which the GNOME community has embraced Flathub. Some GNOME apps are released on Flathub before they make it into official repos or are only available on Flathub. So a free software lover who loves GNOME installs Flathub to get GNOME apps and finds that GNOME Software now recommends proprietary apps without any option to filter them.

Personally, I rather see GNOME Software provide a filter option than Fedora specifically, but I don't know where to reach out.

it's easy to assume these are endorsements from Fedora — nothing shows that these particular "Featured" choices are from the third party repo

This is a fair point and is something that we can to try to resolve.

I think a distinction between Flathub and other third-party repositories is the degree to which the GNOME community has embraced Flathub.

The design of the featured app banners predates Flatpak and Flathub.

Metadata Update from @chrismurphy:
- Issue untagged with: meeting

15 days ago

Login to comment on this ticket.

Metadata