![[RSS]](/static/img/feed-icon-14x14.2168a573d0d4.png){kind=icon}
Conservancy BlogDisplaying posts
tagged conservancy
by on April 16, 2026
This article discusses a current-headlines situation regarding Affero General Public License, version 3, Section 3, paragraph 4 (AGPLv3§7¶4.). I begin however with an explanation of the problem that clause sought to solve and how the clause works. This may seem an estoric license issue, but in fact this issue regularly impacts users today — particularly with the advent of “badgeware” (software that allows redistribution but includes annoying advertising that cannot be removed). Hopefully, this explanation helps readers understand the importance of the issue and gain vigilance when reviewing potential “further restrictions” placed on their copylefted software.
I began my work in copyleft licensing and policy in the late 1990s. In those days, there was a growing problem regarding usage of the GNU General Public License, version 2 (GPLv2) that threatened the software freedom and rights of users. It's a nefarious licensing slight-of-hand that works as follows:
The vendor seems to offer the software under a copyleft license. There's
a copy of GPLv2
in the top-level directory of the source code in a file called
GPLv2. All seems in order, and folks excitedly
engage in their right to copy, modify, and install modified versions of the
software. Maybe a few even think of a viable business idea that would
include (usually permissible) commercial redistribution of the software
for profit.
Unfortunately, someone notices a file
called LICENSE in the top-level directory that says:
Copyright (©) 1999, Sneaky Company, Inc.
This software is licensed under GPLv2, except that commercial modification and redistribution is strictly prohibited.
They've sadly discovered a self-contradictory license. Unfortunately, under GPLv2, these users are basically stuck; they have to go with the strictest possible interpretation given the self-contradiction. In essence, the licensor giveth, but the licensor immediately taketh away. In those days, these users couldn't start their business; they'd have to find or write another codebase.
I was tangentially involved with the drafting of GPLv3. On my list of issues to raise with the drafters was this very issue. By the time of GPLv3 drafting (circa 2006), this problem was rampant. Users were quite confused when they saw these self-contradictory licenses.
The solution was not obvious. Both GPLv2 and the earliest drafts GPLv3-family of licenses
(which includes GPLv3,
AGPLv3, and
LGPLv3)
already had this clause: You may not impose any further
restrictions on the recipients' exercise of the rights granted herein
(quoting the GPLv2 version; the
GPLv3/AGPLv3 version varies slightly).
The problem: this only prevented downstream licensors from imposing further restrictions. If a sole entity is the original author, copyright holder and initial licensor of the work — and if they hold those powers exclusively — typically that entity may issue a self-contradictory (or even completely incoherent) license. In that case, downstream licensees are awash with legal uncertainty. So, that “may not impose” clause just does not solve this particular problem.
A new clause was needed. Later drafts of the GPLv3 (which is almost textually identically to AGPLv3 — only §13 differ between the two licenses) included a fascinating solution in §7¶4:
If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term.
Copyleft is indeed most inventive when it empowers the downstream user (who, of course, is often just the next entity in a long distribution chain of (both commercial and noncommercial) software sharing). AGPLv3§7¶4 is an innovative and very necessary clause that liberates users who face the situation described at the start of this article. Had our excited new business seen this …
Copyright (©) 2008, Sneaky Company, Inc.… they could simply toss away the additional restriction like so …
This software is licensed under AGPLv3, except that commercial modification and redistribution is strictly prohibited.
Copyright (©) 2008, Sneaky Company, Inc.… and copy, modify, redistribute, redistribute modified versions and/or install modified versions of the software freely under AGPLv3's pure terms.
This software is licensed under AGPLv3, except that commercial modification and redistribution is strictly prohibited.
There remains one drawback to this solution: it demands courage from the user that strikes the “Further Restriction”. In theory, all is well and safe. In practice, the types of companies that pursue tactics like self-contradictory licenses and “gotcha” further restrictions are also the most predatory, unfriendly, litigious, and aggressive businesses. One who exercises their clear and correct rights under AGPLv3 will certainly face public condemnation, and possibly frivolous litigation.
For years, the Neo4j case was the primary exemplar of this phenomenon. SFC followed the case closely, I served as an expert witness for the Defendant, and SFC filed an amicus brief on the appeal. The lower court decision was highly problematic, and the case concluded with a voluntary dismissal (and as such has not been heard by any Appeals court). Thus, while the lower court decision does not create bad precedent, it also does not offer any good precedent for those corageous users who exercise this particular right.
(Full disclosure: SFC runs a self-hosted Nextcloud instance — but other than being fans of their work and satisfied users — we have no formal relationship with Nextcloud (or IONOS). We also certainly have no relationship whatsoever with Onlyoffice or Ascensio System SIA.)
A few weeks ago, yet another saga in the history of AGPLv3§7¶4 began. Ascensio System SIA published Onlyoffice with the sneakiest “Further Restriction” that I've ever seen. Ascensio's further restriction states:
Pursuant to Section 7(b) of the License you must retain the original Product logo when distributing the program.
Pursuant to Section 7(e) we decline to grant you any rights under trademark law for use of our trademarks.
This restriction is particularly nefarious because it is dressed in the trappings of explicitly permissible requirements in AGPLv3§7.
In addition to our beloved AGPLv3§7¶4, the rest of AGPLv3§7 includes some provisions designed for cross-FOSS-license compatibility. During the GPLv3 drafting process, a survey was conducted of all popular FOSS licenses. In the spirit of making sure no terms of GPLv3 inadvertently contradict a requirement in one of those licenses, AGPLv3§7(a-f) were devised for maximal cross-FOSS-license compatibility.
For example, the 3-Clause-BSD license's third clause states:
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission
Now, get ready for Onlyoffice's trick, which takes three moves:
The trick is “too clever by half”. Ascensio have indeed created a self-contradictory license, since the users are prohibited from displaying the trademarked logo, yet the users are also forbidden to remove the code that displays that trademark logo.
We thought through this problem already years ago during AGPLv3's drafting. In fact, I recall much discussion to verify there were no strange interactions between 7(b) and 7(e) — and there are not. AGPLv3§7(b,e) states (including relevant definitions from earlier sections):
An interactive user interface displays “Appropriate Legal Notices” to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. …
Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:…
[7]b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or …
[7]e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks;
Nota bene: there is a very short list of things that a licensor can require
downstream licensees preserve. Logos, advertising, and similar are not on the list. Badgeware
is not a reasonable legal notice
.
Nextcloud has partnered with IONOS to fork Onlyoffice to create Euro-Office. To my knowledge, this codebase complies completely with the valid AGPLv3§7(e) requirement: Ascensio's trademarks have been scrubbed from the sources. However, since what Ascensio purports as a license term supplement pursant to AGPLv3§7(b) is actually a backdoor Further Restriction, Nextcloud and IONOS are completely within their rights (pursuant to AGPLv3§7¶4) to remove that further restriction.
As expected, Ascensio published an unfair, inaccurate, aggressive, and community-unfriendly response. I predicted long ago that adjudication AGPLv3§7¶4 would require nerves of steel. This unwarranted denigration of an upstanding member of commercial FOSS community — Nextcloud — demands condemnation and Nextcloud deserves our thanks for confronting this bully.
As I did in the Neo4j case, I've told Nextcloud that I'm available as an expert witness if they end up in litigation with Ascensio. I hope, however, that Ascensio will realize their error, remove the further restriction themselves, and embrace the value of AGPLv3. Pure AGPLv3 was designed to faciliate web service business models. Our community would quickly and gladly embrace Onlyoffice, help its upstream development, and welcome them to the FOSS community. ∎
About the author: Bradley M. Kühn is a lifelong FOSS activist and has focused his career on FOSS licensing generally, and copyleft licensing in particular. Kühn invented the Affero clause in the original AGPLv1, and co-drafted AGPLv3§13.
Bradley is not a lawyer, SFC is not a law firm, and this article is not legal advice.
by on April 2, 2026
Last week, the Federal Communications Commission in the United States (the FCC) banned the sale of all new models of home routers not made in the U.S., which is ... all of them. The stated reason for this is that routers "pose an unacceptable risk to the national security of the U.S. or the safety and security of U.S. persons." A router manufacturer can apply for a "Conditional Approval" exemption to try and convince U.S. government bodies that their router should be allowed into the U.S., but this requires "A detailed, time-bound plan to establish or expand manufacturing in the United States" and "A description of committed and planned capital expenditures, financing, or other investments dedicated to U.S.-based manufacturing and assembly", and "an update on the status of their onshoring plan once a quarter" among other impractical asks. Devices built in the U.S. generally cost at least twice as much as devices built in Asia (see the Librem 5 (USA) for example) because U.S. manufacturing facilities are not ready with the scale and efficiency required to enable competitive pricing. The reason we chose to build the OpenWrt One in Asia is that it makes sure the device is as feasible as possible for people around the world to purchase. We expect it will take decades before the U.S. is ready to produce competitively-priced devices - user freedom can't wait that long.
And, in case you were hoping to buy an OpenWrt One, don't worry: the One has already received FCC approval so there is no change to its availability in the U.S. Naturally, we are concerned about the effect this has on any new hardware that SFC might develop, but this decision by the FCC does not create any near-term problems for us, or for FOSS generally.
We do applaud the FCC for recognizing how important home routers are to people's security. While the rulemaking is misguided, it's absolutely correct that the proprietary router manufacturers be accountable in relation to the hardware and software that individuals bring into their homes and their lives. We believe that manufacturers of routers that are primarily FOSS are in a much better position to evaluate the security of their devices, and so we analyzed the rulemaking taking into specific account its software aspects.
While the FCC decision focuses mainly on hardware, there are also some requirements for software. In particular, the FCC has hinted that it may restrict updates to existing hardware, in particular that existing routers "may continue to receive software and firmware updates that mitigate harm to U.S. consumers at least until March 1, 2027".
Since software updates to already-FCC-approved devices do not require a new FCC approval, it appears the FCC is trying to move beyond its usual authorization procedures to restrict what manufacturers are allowed to push to existing routers. However, the FCC notably does not restrict software changes made by owners of routers in the U.S. In particular, there is no indication that updates people make to their own routers, using software they have sourced themselves, would run afoul of any past or present FCC rule.
As a result, we do not believe that this new FCC decision affects whether and how people can run OpenWrt or other user-selected firmware updates on routers they have already purchased. Not only is this an important right in relation to our ownership and control of our own devices, it also ensures that people can keep their routers secure for far longer than the manufacturer may choose to provide security updates, by allowing them to install up-to-date community software that supports routers for 10, 15, or even more years after their initial release date, as OpenWrt does for many devices.
This leads us back to the stated goal of the FCC in making these changes: to ensure that routers do not "pose an unacceptable risk to ... the safety and security of U.S. persons." We certainly agree that all persons (including U.S. persons) should use technology that is safe and secure. And there are standards that exist to ensure this is the case, such as NIST IR 8425A, which the U.S. government already paid to research and produce and, alongside NIST, is recommended by Consumer Reports and other right-to-repair groups already. We have been assessing our existing processes (for OpenWrt, and especially the OpenWrt One) against NIST IR 8425A, and are now accelerating those efforts to ensure we can show that routers using OpenWrt are indeed safe and secure, as determined by independent bodies. This not only helps U.S. persons, but everyone around the world, as OpenWrt is available to anyone regardless of whether they are in the U.S. or not. We strongly encourage any regulation targeting safety and security to take a holistic view, recognizing that safety and security in our technology does not depend on what country we are in, but rather on common properties of the hardware and software we use, and a shared understanding of what technological safety and security means for all humans.
We have reached out to the FCC for clarity on this topic, and look forward to updating this post with their reply.
by on March 4, 2026
Earlier this week1, the U.S. Supreme Court (SCOTUS) denied certiorari (cert) in Thaler v. Perlmutter. Thaler contended that an image — generated by a Large Language Model (LLM)-backed Artificial Intelligence (AI) — deserved copyright registration. Since the U.S. Copyright Office refused to grant the registration, Thaler appealed to the U.S. District Court for the District of Columbia (DC Circuit). That Court affirmed the Copyright Office's decision. SCOTUS' denial of “cert” means they will not hear the case. Strictly speaking, this denial does not affirm the DC Circuit Court's ruling, but it does mean the DC Circuit decision stands.
Many in the Free and Open Source Software (FOSS) community raised concerns about the impact on copyleft — and even FOSS in general. TL;DR: Don't Panic! — this case is extremely limited in scope.
First, a proviso: this case is about copyright of an artistic image, not software. Copyright law — and the legal precedents around it — differ widely for different types of creative works. Analysis of the copyrightability of works of software varies in notable ways. Therefore, do not to assume that analysis for images apply broadly to software.
Second, while the decision is “published” 2, there are also many other cases related to LLMs and AI currently pending throughout the U.S. Courts. Courts and laws always lag behind technological advancement. Indeed, this is precisely why copyleft was invented: as a mechanism to achieve with existing laws and precedents what we could not accomplish in the legislature. Forty-one years after copyleft's invention, we still do not have a federal law that mandates software right to repair!
Third, the Court found that a registration was not valid (at this time) if the work's sole author is a computer program. Thaler (who was both (one of) the author(s) of that computer program and its user) repeatedly waived any claim to consider Thaler's own copyright in the LLM-backed AI prompting process. Thaler also did not argue any copyright interest in the LLM-backed AI system itself were subject of the registration. So, this decision does not evaluate any creative expression by (a) the author(s) of the prompts themselves, (b) copyrights held in the LLM, its weights, generation, curation, or its user interface, and (c) copyrights held in underlying works in the LLM training data.
Thaler's original registration was the root cause of this substantial narrowing because the registration contended that the AI system itself was the author of the image. This case only considers a copyright registration where the sole “author” is identified as a specific computer program. Thaler stipulated that the work was generated solely through prompts and no human modified the work thereafter. As such, even if the other districts begin citing this case regularly, and even if many districts decide it applies to software without further consideration of the difference in the types of works, such precedent causes no disaster for FOSS.
Admittedly, some LLM-backed generative AI agents can be merely prompted to create a work of software from scratch that has some transient utility. However, the most common workflow in using these agents (at least in FOSS development) is as follows:
Furthermore, dicta 3 — appearing in the DC Circuit ruling — supports a conclusion that the human actions on that third step would constitute creative expression — affixed in tangible medium — suitable for copyright registration. Indeed, their ruling states:
First, the human authorship requirement does not prohibit copyrighting work that was made by or with the assistance of artificial intelligence. The rule requires only that the author of that work be a human being — the person who created, operated, or used artificial intelligence — and not the machine itself. — (Thaler v. Perlmutter, 130 F.4ᵗʰ 1039, 1049 (D.C. Cir. 2025))
The Court also indicated these other issues are for a future time in another case. The DC Circuit readily admits that their ruling applies only to the state of AI systems at the time of writing4. Again quoting from their ruling:
Of course, the [Thaler's AI] Machine does not represent the limits of human technical ingenuity when it comes to artificial intelligence. Humans at some point might produce creative non–humans … Science fiction is replete with examples of creative machines that far exceed the capacities of current generative artificial intelligence. For example, Star Trek’s Data might be worse than ChatGPT at writing poetry, but Data's intelligence is comparable to that of a human being. See Star Trek: The Next Generation: “Schism” (Paramount television broadcast Oct. 19, 1992) (“Felis catus is your taxonomic nomenclature, an endothermic quadruped, carnivorous by nature”). There will be time enough for Congress and the Copyright Office to tackle those issues when they arise. — (Thaler, 130 F.4ᵗʰ at 1050)
[ As always, SFC is not a law firm, IANAL, and TINLA. ]
1 I — and my colleagues at SFC — acknowledge that SCOTUS made other decisions recently regarding an array of important social justice causes. Since SCOTUS' decision to deny cert in this particular case is so closely related to my work, I'm writing about it. However, all of us at SFC acknowledge that our community is reeling from other recent decisions.
2 In this context, “published” is a term of art that lawyers use to describe a case that the publishing Court (in this case, the DC Circuit) felt was important enough to “share officially and formally” with other Courts. While (in a precedent-based legal system) any Court can cite an unpublished case from another Court, published cases are much more likely to be cited than unpublished ones.
3 “Dicta” is explanatory language found in a court's decision that isn't necessary to the court's conclusion. . Dicta isn't precedential but it can be persuasive.
4 Note that the DC Circuit issued their ruling in March 2025. It is not uncommon for SCOTUS to delay for a year (or more) before issuing a ruling to grant or deny cert.
by on January 26, 2026
My name is Tracy and I'm the Operations Manager here at Software Freedom Conservancy. Basically that means I support many different parts of the organization, from writing up contracts for project developers to banking reconciliation. I also manage our annual conference, FOSSY.
Below is a conversation I had with our Executive Director Karen Sandler about my story with free software. Part of which centers my work with Knox Makers, the Makerspace I'm a board member of. Software freedom is an issue that affects us all, and I hope to bring some light to both my own story and a wider view of how non-FOSS developers and users interact with free software in an everyday way.
Karen Sandler: How did you first encounter the idea of software freedom?
Tracy Homer: It was a slow discovery process. When I first started using Linux, it's primary draw was that it was free (as in beer). I didn't really know it had anything to do with free as in speech and copyleft licensing. Over time I've learned how important it is to be able to modify your own devices and see what goes on behind the screens in the services that hold our most personal information.
Karen: What was the first FOSS software you used?
Tracy: Inkscape, one of SFC's member projects! I use it for all kinds of design work -both for SFC and personally. If you've been to FOSSY or visited our booth at other conferences, chances are the print material was designed in Inkscape.
Karen: We know you are very involved with the makerspace, Knox Makers. How does Knox Makers use FOSS?
Tracy: Knox Makers is committed to open source software and hardware wherever possible. We feel it is an aspect of accessibility for our members, and allows them the ability to try out and learn deeply all kinds of different tools, without having to pay expensive licensing fees, or worry about their art being sucked up by AI, or needing to buy a certain OS to run it. We've modified some software to make it more community user friendly, and written our own plugins and tools for our member's use as well. Knox Makers is actually how I learned of SFC in the first place, as a few of my good friends there are sustainers.
Karen: What are some projects you've recently done personally?
Tracy: I just finished a year's long project, embroidering a globe. It doesn't sound like it fits with free sofware but it does! I created my own pattern in QGIS (open source geographic software) using depth of the ocean translated into different shades of blue. Then I exported each of the 20 spherical triangular pieces into Inkscape to add some registration lines and print out. It took so long that I feel kind of lost what to work on next.
Karen: How does software freedom enrich your daily life?
Tracy: The few proprietary systems I still have to use are intensely frustrating. I feel like it's a game of cat and mouse trying to figure out how to use a "new and better!" interface with no documentation and no way to revert changes feels very disheartening. Any searching for error messages just brings up a long thread of other users with the same issue and maybe a rote answer from the company, typically unhelpful. That maybe doesn't answer the question, because I went the other way with it. But so most of my life is using open software and hardware that it's really become a non issue. I have a problem with something; I fix it. I can switch to something different if I really don't like it - I can even change up my whole computer system if I find it doesn't suit my needs. I don't get ads and other popups thrown in my face every where I turn, and I know my data and art belongs to only me.
Karen: You've been at SFC for over 3 years! And, as Operations Manager, you take care of some of the least glamous work that we have. What do you enjoy about your job? (hopefully it's something!)
Tracy: Working here has been great - everyone at SFC is lovely and I think we make a great team. I really enjoy meeting other people in the FOSS world, so I like tabling at conferences. And seeing everyone at FOSSY too. Weirdly, I enjoy the accounting aspects, because it feels like a puzzle to put together. All the numbers have to fit somewhere and they all have to sum up perfectly in the end so tracking down the missing pieces is a fun challenge.
Karen: What do you hope to accomplish in software freedom, either personally or professionally in the coming months or years?
Tracy: I've only done the most minor contributions to projects, and someday I'd like to develop the skills to do more. I'd also like to focus on adding more to my city in OpenStreetMap - it's pretty sparse in places. I think with SFC I'd like to help focus on on advocacy and how software freedom benefits many different aspects of life, especially in the creative space.
[1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53