The Social Web – Page 2

My twitter feed (full of people in the WordPress community after meeting a ton of people at WordCamp Boulder last weekend) unexpectedly caught fire this morning on the #thesiswp hashtag. I had no idea what the fuss was about, but I wasn’t surprised when I read into it: the item in question is Thesis, a robust premium WordPress theme that costs a minimum of $87, and whose source is under a closed software license.

The debate and confusion is really about the licensing status of custom WordPress themes. WordPress is covered by a copyleft license which requires that works derived from the software be covered by the same free, open source license (specifically, GPL v2.) But “derivative works” is a pretty vague concept, and can be interpreted in many different ways. That’s why WordPress founder Matt Mullenweg wrote the Software Freedom Law Center, some of the most experienced legal experts on libre software issues. They provided a rather comprehensive interpretation of the issue:

“In conclusion, the WordPress themes supplied contain elements that are derivative of WordPress’s copyrighted code. These themes, being collections of distinct works (images, CSS files, PHP files), need not be GPL-licensed as a whole. Rather, the PHP files are subject to the requirements of the GPL while the images and CSS are not. Third-party developers of such themes may apply restrictive copyrights to these elements if they wish.”

This falls in between WordPress developers’ wish that the whole community support libre software and Thesis’ completely closed license. Theme PHP must be GPL-compliant, but the graphics and CSS may be licensed otherwise.

As someone who makes custom themes for clients, I am familiar with the feelings of apprehension about open sourcing some of your work – often done for a client who neither knows nor cares about the finer points of free software principles. The common fear is that by giving away your code, you also give away your business model. This couldn’t be farther from the truth. (Unless your business model depends on every customer abiding by your copyright – a foolish strategy in light of how easy it is to pirate web app source code, not to mention an overvaluation of the originality of your source code) (UPDATE: WordPress’ own Jane Wells points out that it’s even less complicated than this for custom theme work, as you only must publish your source under GPL if the theme itself is publicly distributed.)

The truth is that many companies comply with the GPL, retain their trademarks and licensing rights (including WordPress theme graphics and CSS), and do so to great profits. Google, Apple, Facebook, Red Hat, Novell, and countless others make their GPL source available – as do many other WordPress premium theme makers. You can sell themes as long as your PHP complies with the GPL. Pirates can easily copy the rest of your theme regardless, but embracing the GPL not only complies with copyright law and the license terms, but it supports the ideals that made WordPress possible, and makes the whole community project stronger for everyone. And you don’t have to go out of your way to be financially sustainable while doing so, either. Novell and Red Hat sell their entire OS open source under the GPL, the Mac OS X kernel and UNIX userland is open source, so there is no reason why a WordPress theme can’t be both GPL-compliant and profitable.

In short:

Know the license before you use any software
REALLY know the license if you plan to make any money by reselling/extending/developing on top of that software
Comply with copyright law and license terms
Have a business model that relies on your ingenuity and competitive advantages, not on often-disrespected intellectual property laws. If it works for so many on the Fortune 500, it probably can work for your small business.

Even if you don’t read any more of this post, if you use Facebook and haven’t adjusted your Facebook privacy settings since April 2010, please go do so right now – Facebook has made your profile data and photos public for all to see, including law enforcement, corporations and creepers like me. Also, you will be safest if you treat everything you post on Facebook from now on as 100% public, as if it were your personal website or blog.

For weeks, the interwebs have been all a-twitter in anger over Facebook’s recent (as well as endemic) privacy changes. The full history is far too long to discuss here, but suffice it to say that Facebook is drawing heat for changing user data and photo privacy from being “private by default” to being accessible to the entire Web.

I think it’s important to make a distinction about exactly why this a problem. Over the last decade, the Web has become more and more centered on social interactions. The vast majority of this has happened in a totally public context – blogs, Flickr, MySpace, Twitter and many other services have all been public, though some offered the ability for users to take their information private. These services never received such blowback because their users approached all of their posts as public material, and knew how to post accordingly. But Facebook, on the other hand, started out as a 100% private network where only those specifically allowed by the user could access any profile information. But as Facebook grew beyond its initial exclusivity to college students and then to regional networks, the network quietly removed much of the privacy that was its very defining characteristic. (Matt McKeon posted a perfect visual graph depicting the devolution of Facebook privacy over time which helps understand Facebook’s many changes to privacy settings.)

Facebook users can’t be expected to follow the site’s ever-changing privacy defaults and change their personal settings accordingly. While Facebook’s privacy changes are certainly not malicious in intent, they are nevertheless betraying its users’ trust. As a tech professional, I hold myself responsible for everything I post online, but I don’t think it’s reasonable to apply the same standard to every user of a site which has become a central aspect to the social interactions of so many people. Facebook has a particularly dubious track record when it comes to their user data – check out this gem from an instant messaging conversation with CEO Mark Zuckerberg during the Facebook’s launch:

Zuckerberg: Yeah so if you ever need info about anyone at Harvard

Zuckerberg: Just ask.

Zuckerberg: I have over 4,000 emails, pictures, addresses, SNS

[Redacted Friend’s Name]: What? How’d you manage that one?

Zuckerberg: People just submitted it.

Zuckerberg: I don’t know why.

Zuckerberg: They “trust me”

Zuckerberg: Dumb fucks.

(credit: Silicon Valley Insider)

And yesterday, the same Zuckerberg announced an upcoming overhaul and simplification of Facebook’s privacy settings for his precious dumb fucks users. It’s a good change for sure, and one that Facebook couldn’t afford not to make while they prepare to go IPO. I am particularly impressed that they’re adding the ability to completely opt out of the third party Facebook Platform. But it doesn’t solve the key issue of much user data being public by default, including their profile information and photos.

New Facebook Privacy Settings — Facebook's upcoming new privacy controls: making it easier for you to lock down the profile that should have been private in the first place.

From here out, Facebook has simply lost my trust. I feel as though they’ve taken my online social interactions hostage for ransom money. I feel like it’s important to have both public and private social networks, and I would definitely trust a responsible company enough to keep my information private. But Facebook? Fat chance. I’m treating everything I post there as if it were open to the whole world to see, and eagerly looking for ways to remove myself from their attempts to own my social interactions. I’m not breaking up with you, Facebook, but it’s pretty safe to say that you’ve changed our relationship status to “It’s complicated.”