When Firefox Mac and Windows users install Firefox, they are prompted with a screen to accept the End-User License Agreement. As usual, we don’t read a thing, assume everything is OK and just do whatever necessary to have it installed and be done with it.

Here’s the EULA.

Ubuntu (and about every Linux distribution) ships with Firefox already installed so users are not prompted with the EULA at any time. Mozilla wants Ubuntu 8.10 (due next month) to include a patch to display the EULA on its first run to ensure users sign the EULA, which as said before doesn’t mean most of them will actually read it. Instead, most of them, will just click on whatever they need to.

Point one: why include an annoying EULA prompt?

There are two other points: does an open source product needs an EULA?, and, are the terms of the EULA appropriate?

So, does Firefox needs a EULA? I am not a lawyer or anything close but my understanding is that this is all about protection: your computer could crash, hardware could fail, which could lead to data loss, which if happens to include your precious wedding pictures, will also lead to psychological damage. You may lose time, and hence, money. You may feel too confident with the antiphishing and malware protection services and suddenly realize your identity was stolen after all. There may be a delay in serving a Firefox or extensions update to you and be infected by a known and already patched vulnerability, etc., etc.

In short, you may feel disappointed (specially f you loose money) and feel a sudden itch to sue Mozilla. Maybe not you, but there must be a troll or two among the millions of Firefox users. But he won’t be able to do so or at least not just everyone, depending on your local specific legislation, because the troll would have signed the EULA and accepted its terms.

So, is there a need for such protection? My gut feeling says yes. I don’t know how offering a product for free or letting everyone see how it is done would relieve Mozilla from being held responsible for any damage it may do. That other open source projects (or even if all of them) aren’t getting this kind of protection doesn’t make it the right thing.

Another factor is scale. Firefox is the most used open source product, so it has the largest area of exposure (to lawsuits that is).

So I believe the EULA is necessary.

What about the terms of the EULA terms? Mitchell Baker, Mozilla Foundation, has recognized that the current (as shipped in Firefox 3)  terms fail to clearly state that the software is open source in all its forms: code and binaries. An updated EULA has been posted to make this crystal clear.

I’ve read the EULA in discussion several times now and I just can’t find something that I as a user wouldn’t sign (fortunately because I’ve already had). Aside from releasing Mozilla of any liability for causing you any loss, you agree to their privacy policy, to comply with with import/export regulations (like, you are not supposed to send it to Syria or Cuba, ROFL), and to respect the Firefox logo and name trademarks.

The Firefox logo and name trademarks, were subject to another heated discussion with the Debian community a few years ago because it’s their policy not to ship anything with trademarks. It couldn’t be settled and Firefox code was rebranded as Iceweasel.

This is another necessary evil. If it wasn’t, I for example, could abuse of unknowingly Firefox users who visit Mozilla Links and point them to my special “Firefox Mozilla Links Edition” seeded with spyware, rootkits, and cool affiliate links to fill my bank account. Mozilla policy is you can do that as it is open source code, but you can’t call it Firefox or put the Firefox log on it. The trademark allows Mozilla to go after this kind of scammers, but also after people who could just want to add a couple of mega-helpful features. As said, a necessary evil.

So, back to the original issue, which after reading so many comment in Mitchell’s blog, Slashdot and several other blogs, seems to be the main one here: an annoying dialog with a legal document no one reads.

Mitchell says Mozilla will also look for alternative ways to ensure the user is aware of the terms in the least obtrusive way.

So what do you think. Does Mozilla needs an EULA? Are the terms correct? Is there a point in having an EULA if the user is not aware at least of its existence?