Finfisher Spyware Use By Governments Expanding, Masquerades as Firefox

nk497 writes "Mozilla has sent a cease-and-desist order to Gamma International, after it was revealed the controversial creator of spyware for governments was disguising itself as Firefox on PCs. 'We cannot abide a software company using our name to disguise online surveillance tools that can be — and in several cases actually have been — used by Gamma's customers to violate citizens' human rights and online privacy,' Mozilla said." DavidGilbert99 writes on the wider implications of the Citizen Lab report: "Governmental spying software has been in the news a lot in recent months and today Citizen Lab has revealed its latest findings, showing that one of the most prolific tools in use, Finfisher, is now in use in 36 countries around the world [beware the auto playing video ads with sound]." And, Voulnet adds "According to analysis and report by CitizenLab of the Gamma FinFisher trojan spyware used against dissidents in the middle east and around the world, the FinFisher codebase uses the LGPL GNU Multiple Precision Arithmetic Library, possibly without adhering to its distribution restrictions."

Sue, sue, sue

[furbyhater]

This scum must get sued into the ground. What a disgusting company.

Re:Sue, sue, sue

[IndustrialComplex]

If I were Mozilla, I certainly would. Whenever I hear of Firefox now, I'm going to associate the name with Malware and probably just use something else. Sure after thinking about it for a bit, I'll remember this story, but that first impression matters a lot when branding is concerned.

Damage to their brand has certainly occured.

Trademark ; Copyright

[DrYak]

Mozilla's case is a very clear one. Although the software (the source code) is free and open, the trademark (the branding) *IS* NOT. (Hence all the IceWeasel and similar source builds). Gamma company is clearly using a name registered to Mozilla to masquerade itself, and abuse end-users' confusion to make them think it's a Mozilla registered product. That's almost the book case for which Trademark was designed.
The only thing which could prevent Mozilla from winning at the court would be government meddling (although, this is likely as its a widely used *surveillance* tool :-( )

In theory, Gamma should have negociated a trademark licensing deal (just as do Linux distribution which provide their own branding on top of Mozilla's. The Firefox which comes with opensuse isn't the exact binary which is available at mozilla.org, but they are allowed to package their build and still call it "Mozilla Firefox" because they obtained a permission).
In practice, Mozilla will probably refuse to grant Gamma a license.

The libGMP case is much more interesting: they copied code which don't belong to them. Either they are violating its license and breaking copyright law. Or, they'll have to abid to the license and make their surveillance tool end-user- (or should it be more properly called "end-victim"- ) modifiable. (Either the whole package if its GPL or at least the LGPL parts if there are only LGPL parts in Finfisher).
Meaning that victims could without any restriction take-over finfisher by injecting their own libraries: it would end up completely legal and possible to tamper with a wiretapping device because the license of some part of it require the end-user to be able to customise them (in case of LGPL, or to customise the whole package in case of GPL).

Re:Sue, sue, sue

[rvw]

Is the "harm" caused to Firefox's reputation worth any punitive damages? They don't sell Firefox and can't really claim loss of revenue. Maybe they can claim loss of donations to Mozilla?

Less downloads is less sponsoring from Google. But what does revenue have to do with this? Is this capitalistic brain washing that instructs you that you cannot do anything unless money is involved?

Trademark law

[DrYak]

It's a clear trademark law violation.

"Firefox" is a name owned and controller by Mozilla, and is used to clearly designate one specific product: the Firefox browser.
Gamma are abusing the same name, Firefox, to masquerade their surveillance tool as a browser. They use the same name with intent to create confusion.

This is not allowed by trademark law and is punishable. It's almost a textbook's case.

About loss of revenue: Mozilla might not be selling copies of Firefox to end-users, they are still getting paid (by Google, among other) to produce it.

If suddenly Firefox becomes knkown as a filthy malware (which is exactly what Gamma is doing, and which exactly against what trademark law was designed) Mozilla might lose revenue though from sponsors instead of end-users.

No.

[Frosty Piss]

You can't sue for damages if there aren't any.

Simply because Firefox is free to download does not mean that Mozilla does not derive any income from Firefox. Mozilla does not run off donations from people like you and I, they provide a service to a number of companies that pay they many many millions of dollars.

Loss is reputation results in fewer downloads results in a product association that is worth less to these companies.