trademark-permissions@mozilla.com
Kicksecure Default Browser Configuration Trademark Question
I am the lead developer of the Kicksecure project, a Linux distribution focused on security and based on Debian. Kicksecure is developed by the same team as Whonix, which is somewhat more well-known.
Our hardened defaults extend to the default user applications on the system, including a daily drivable web browser.
We are currently in the process of reviewing and considering potential candidates to be the default web browser on Kicksecure.
With good intentions, various Kicksecure contributors have suggested shipping Mozilla Firefox as the default browser. However, some contributors, including myself, are concerned about the modifications to Firefox's default settings we intend to make, versus Mozilla's Trademark Policy. We have no intention of rebranding or changing the compilation options of Firefox binaries. In fact, we prefer to keep the Mozilla trademarked names for the products to provide our users with a sense of familiarity.
We would acquire unaltered binaries from one of the following sources:
- Debian's official packages.debian.org repository
- Mozilla's official packages.mozilla.org repository
- Mozilla's official Firefox Flathub repository
Ideally, we would use Mozilla sources.
Here is a trademark-respecting list of things we are aware of and want to avoid for understandable reasons:
* Not using Mozilla trademarks in the name of our business, product, service, app, domain name, publication, or other offering.
* Not using marks, logos, company names, slogans, domain names, or designs that are confusingly similar to Mozilla trademarks.
* Not using Mozilla trademarks in a way that incorrectly implies affiliation with, or sponsorship, endorsement, or approval by Mozilla of our products or services.
* Not displaying Mozilla trademarks more prominently than our product, service, or company name.
* Not using Mozilla trademarks on merchandise for sale (e.g., selling t-shirts, mugs, etc.)
* Not using Mozilla trademarks for any other form of commercial use (e.g., offering technical support services), unless such use is limited to a truthful and descriptive reference (e.g., “Independent technical support for Mozilla’s Firefox browser”).
* Not modifying Mozilla’s trademarks, abbreviating them, or combining them with any other symbols, words, or images, or incorporating them into a tagline or slogan.
And here is a list of things that we would like to do. Our primary intention is to have a default policy (or employ other means if more appropriate) to do the following:
* Use unaltered binaries.
* Disable all Telemetry, Studies, Reports, and non-essential implicit outgoing connections.
* Force install the addon "uBlock Origin" by Raymond Hill.
* Set and lock hardened SSL/TLS-related settings, including, but not limited to, setting HTTPS-only mode as the default, blocking mixed content, not trusting unsafe negotiations, disabling unencrypted background requests, etc.
* Disable sponsored components, like bookmarks and suggestions.
* Set and lock strict mode for ETP.
* Change the default homepage.
* Disable the default display of the "Know Your Rights" information page.
As an illustrative point of how specifically we plan to apply these changes:
- Our intended changes would be made by providing a separate package (for example, named "hardened-browser-config").
- This package would install config file(s) in folder(s) such as /etc/firefox or /etc/firefox-esr.
- The package would be installed by default.
We are willing to elaborate on the details and consider making modifications upon request by Mozilla.
We are not asking for any special permission that does not extend to derivatives. As stated on the Debian issue tracker:
> In case of derivatives of Debian, Firefox branding can be used as long
> as the patches applied are in the same category as described above.
This is related to the Debian Free Software Guidelines (DFSG) (item 8):
> License must not be specific to Debian
> The rights attached to the program must not depend on the program's being part of a Debian system. If the program is extracted from Debian and used or distributed without Debian but otherwise within the terms of the program's license, all parties to whom the program is redistributed should have the same rights as those that are granted in conjunction with the Debian system.
We would like to be able to state similarly:
> In case of derivatives of Kicksecure, Firefox branding can be used as long as the patches applied are in the same category as described above.
We are asking for your opinion on whether this would be in conflict with Mozilla's Trademark Policy.
We intend to publish our correspondence for the sake of transparency. Our communications and your responses will be publicized in full, verbatim, without modifications.
or create an account