Re: [tor-talk] please re-consider Tor Trademark policy

[Nick Mathewson <nickm@xxxxxxxxxxxx>]

On Wed, Feb 20, 2013 at 1:21 AM, adrelanos <adrelanos@xxxxxxxxxx> wrote:
> These pages are confusing:
> http://www.torproject.org/docs/trademark-faq.html.en
> https://trac.torproject.org/projects/tor/wiki/LikelyTMViolators
>
> Please re-consider your standpoint.
>
> It's not uncommon to include a part of the name of the original project,
> into the name of the derivate/based/related project. Out of respect or
> to show how the projects are affiliated. Official or not.

Here's my opinions, speaking on my own behalf and not on behalf of my
employer (Tor).  I generally try not to get into legal stuff, since
IANAL, and since any time I spend legalling is time that I'm not
spending on software, so please forgive my legal ignorance.

First off here, I want to thank you for writing this. I don't agree
with a lot of what you said, but I agree it's important to talk about,
and hope I can respond as thoughtfully as your message deserves. (IOW,
please forgive me if I sound like an utter asshole at any point
below-- that's not what I want to do. I mostly try to write about
technical stuff, so I'm a little out of my usual waters.)

The next thing: I don't understand how your paragraph above is using
the word "Affiliated". (Did you mean another word?) After all, I
object to projects using "Tor" exactly when they are *not* affiliated
with the Tor Project.  It's projects that are trying to feign
affiliation that I object to the most.

Actually, no. There's something I object to most of all: Any project
that actually misleads users, intentionally or not.

Here's why:

Historically we started on this road when there were a couple of
commercial efforts selling software with "Tor" in their names, doing
their very best (as far as we could tell) to make people think that
Tor was backing their efforts.  One of them was just a one-hop web
proxy running Squid or something. There were a significant number of
users who thought that by using their products, they were getting Tor.
This, frankly, pissed me off.  I wouldn't personally care very much
about people using my software's name for whatever reason, if there
weren't a substantial number of users who believed that their software
was actually made or developed or endorsed by the same people working
on mind.

(IANAL, so I won't get into the topic of trademark dilution. IIUC,
trademarks are unlike copyrights in that we we don't legally have the
flexibility to let well-intentioned folks infringe without challenging
them, if we want to keep the trademark so that we can use it to
challenge obvious imposters. Wendy could say more here probably.)

> Just examples coming to my mind.
>
> git -> github, gitorious
> Firefox -> Firesheep, FasterFox, PortableFirefox
> i2p -> i2psnark
> BitTorrent -> BitBlender
> Tor -> LASTor
> eMule -> aMule
>
> There are many more.
>
> It's sad, that a project encouraging free speech has a restrictive
> trademark policy.

Among free software projects with a trademark and a policy about use
of that trademark, who do you think is doing a better job?  Which free
software project's trademark policy would you suggest we adopt
instead?

I'd love to see ways we can be more permissive without abandoning the
trademark entirely. I'd been under the impression that we were doing
pretty good.  We seem to be at least as open as with our trademark as
Debian, for example.  Where specifically is our current policy shitty?
After reading it... what specifically should it allow IYO that it
doesn't?

>> Current domain names trying to confuse users with fake or poor
> software. Users are currently emailing us asking for help related to
> these domains:
>
> I wouldn't use fake and poor software in the same sentence.

Anybody implying that they're Tor when they aren't is IMO fake.
Anybody who accidentally implies that they're Tor is IMO accidentally
fake. (see below)

IMO also that's not the best paragraph about our trademark problems
that we could haver written.  I would personally prefer something like
"Here are a bunch of sites that have confused users into thinking that
we are producing or endorsing their software by using Tor in the
name."

But please realize that there's a tension here between transparency
and diplomacy.  I want as much as possible of Tor's work to be done in
public.  That means that I want napkin-notes and random lists like
this one to be kept on the wiki, not in some text file on Andrew's HD.

(Also, it's a wiki.  It's easy to change the paragraph there to avoid
subjective pejoritives -- I just did, because I agree that it wasn't
the optimal way to say what it needed to. Now it says, "Current domain
names confusing users about the origin of their software".  I'll stand
by that: those project names are, as a matter of objective fact,
making a substantial number of users think that we wrote the software.
 Probably still not optimal though)

> Poor is subjective and may be the result of good intend and low skill,
> while fake software includes malicious intend, which is much worse.

I understand what you're saying here, but what concerns me most is not
people's intentions, but the effect on users.  The possibility of
misattribution isn't theoretical -- it happens every day in support
requests.  People assume that projects with "Tor" in the name are made
by and endorsed by the Tor Project, all the time.

> I also don't think tormail fails in the category of poor software or
> poor service. They are offering squirrelmail and pop, and from my
> experience, it works  reliable. (Not so much for mailing lists.) For
> being the hidden service they are providing a stable service and I am
> not sure how they finance the mail exit servers.
>
> Yes, I have a tormail account. No, I don't trust tormail just as I don't
> trust any other mail provider.
>
> I don't agree, that tormail is trying to confuse users.
>
> I never thought tormail is affiliated with The Tor Project. They have a
> disclaimer at the bottom of their page and before I think any project is
> affiliated with the original one, I check that with the original. That
> is simply common sense. Not doing so is just bad practice and failing
> into such obvious traps, they will mess up anonymity one way or another
> anyway.
>
> Fighting anyone having the name "Tor" in their software or domain name
> (I am wondering why TorChat hasn't made it into that list.)

Probably because nobody's edited the list to put it on, I guess.  We
get tech support requests from people who think that we wrote and
endorse "TorChat" all the time.

>is offensive
> with respect to the work they have done by supporting the original
> project with their contribution to the ecosystem.
>
> And if you want stick with enforcing that policy, please inform projects
> as you first notice their name,

We try to do that!

That's why we have a FAQ entry, after all.  Please consider this: you
think that not reading disclaimers or checking with the original is an
"obvious trap", and that anybody who messes up there is not following
"common sense".  But then what could we say about people who decide to
start new projects based on Tor without even reading the FAQs?  To me,
that seems like it should be at least as obvious.

Also, we try to contact projects with Tor in their names as early as
we can. (Subject to our insanely overworked and disorganized
schedules. :[ )

> that you preferred a different name. In
> the beginning it's easier to change the name, they are more likely to do
> it. It might be initially more workload, but there are not *that* many
> projects with Tor in their name. Waiting for a long time, then
> complaining and perhaps getting a attorney involved creates much more
> workload in the long run.

This isn't what we do.

I think we've tried to contact *all* the people listed there as soon
as we found out about them. I don't know if we've done a good job
contacting them or not: Andrew could say more.  Despite the impression
some people have, we're a really small organization, where everybody
is overworked.  Please don't attribute to malice what can be explained
by ... trying to do as much as we can with too few hours?

I *DO* know that trademark issues are something that we've talked
about again and again on the tor-talk list.  And think about it: if
these people aren't aware that we don't want other projects using our
name like this, they aren't even reading tor-talk.  They aren't
looking at our website and clicking on the trademark link at the
bottom.

Well-intentioned people can make mistakes like that!  But I don't
think those mistakes are so very different from the kind of mistakes
that users make when they look at a website for TorWhatever and assume
that this is a Whatever made by Tor, and not merely a Whatever made
using Tor by some third party.  If I am going to treat intelligent,
thoughtful developers who overlook our trademark policy as not
necessarily evil, then I need to treat intelligent, thoughtful users
who overlook their disclaimers as not necessarily "too stupid for
anonymity".


[[Finally -- if I'm far offbase or wrong in some of my assumptions or
whatevers, please drop by some place where I hang out for chat and
chat with me, or something.  What I really want here is to do the best
thing, and I can only do that if people try to convince me when I'm
wrong.]]


[[[Okay. Back to software. Am I still awake enough for software?  Wow,
I hope so.  Software is excellent.  Of course, writing paragraphs like
this one is a sign I am maybe too sleepy for software.  let's see what
happens when I start refactoring....]]]


my opinion for whatever it's worth,
--
Nick
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk