Unfortunately the changes you would like to make do not comply with our
<https://www.mozilla.org/foundation/trademarks/distribution-policy/>,
You may not add to, remove, or change any part of the software, including
the Mozilla trademarks themselves. For example, you may not add any
extensions to Firefox, change default settings, or alter search codes.
If you would like to distribute Firefox unmodified, you can use our .deb.
You can, of course, make any modifications you wish to Firefox’s open
source software if you distribute a browser without Mozilla and Firefox
trademarks. Based on your requirements, the Tor Browser might also be an
option you could consider.
For the full e-mail including headers see footnote. <ref>
From - Wed Mar 6 09:46:50 2024
X-Mozilla-Status2: 00000000
Return-Path: <mkaply@mozilla.com>
X-Original-To: adrelanos@kicksecure.com
Delivered-To: adrelanos@kicksecure.com
DMARC-Filter: OpenDMARC Filter v1.4.2 kicksecure.com 434B3360215
Authentication-Results: OpenDMARC; dmarc=pass (p=none dis=none) header.from=mozilla.com
Authentication-Results: kicksecure.com;
dkim=pass (1024-bit key; unprotected) header.d=mozilla.com header.i=@mozilla.com header.a=rsa-sha256 header.s=google header.b=KO0pwwTC;
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.128.41; helo=mail-wm1-f41.google.com; envelope-from=mkaply@mozilla.com; receiver=kicksecure.com
Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
(No client certificate requested)
by kicksecure.com (Postfix) with ESMTPS id 434B3360215
for <adrelanos@kicksecure.com>; Mon, 4 Mar 2024 21:53:55 +0000 (UTC)
Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-412ecbe4b57so5235e9.3
for <adrelanos@kicksecure.com>; Mon, 04 Mar 2024 13:53:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mozilla.com; s=google; t=1709589235; x=1710194035; darn=kicksecure.com;
h=to:subject:message-id:date:from:in-reply-to:references:mime-version
:from:to:cc:subject:date:message-id:reply-to;
bh=XP05dmdJPTeHoyDZnAH+TBrLnk5Pk9nN86hupFmiynM=;
b=KO0pwwTCrnXP5ndCK8Idwaw02FaGISaHDio7cvLHI5kUVEftpDvfZqIwVUiUlf+ejo
Vwza2tyLTSXsXargMX/r6DweuvcaXr/ORbStaNFj6/5FIdggVHnuFWRt3z7YpaiUX55u
Bg5c4HLAlo22WBp/GbDgA5CPz1NLOfBnLH+a0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1709589235; x=1710194035;
h=to:subject:message-id:date:from:in-reply-to:references:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=XP05dmdJPTeHoyDZnAH+TBrLnk5Pk9nN86hupFmiynM=;
b=Bcwyyj+W6zE5/e+hllNZwdi+utLxDjBq+Km8vDpIZ4hqd7yTkgfmxGJwMgJlKjV9Su
5kSnHn+9cHaDYqj97VgHiMojtHCdfR+AuXAj8R3eKcd82BPYLuD/o0FPz22KviwxyOOi
gH7VMuTkeYh1bDu60PdHKj4Qf5ihieIK+ZzH4a0+Uty0IiqdsE1sIfa8Li6HWkspd8pK
wtWM9+ba+KZE6AlE7YlmkB24QzI8U/JCRvKbRBIC2nJgk8a/G7IRAC5VRSeeuWS9PAqY
hGOAcimCEzLwge2yYe9wBLzlCuw132yGwb9lku72aDxDhM7BGzLac3lmH97qKLrOfLEl
X-Gm-Message-State: AOJu0YxpDPXGivRK0mFs4G9dtgoxCoyTfJ/mX6t7leiFUBLyQI2wez40
IQvQ4VkXhchvSNDMu9PEn2ZPA32/fuMZtTXo1/Y2nHnm6iCosmb7zOT9bxH4jmL+J2qyDibpTbB
XbXJvmbMkTV+18tIkP72ZCCabFHBunQ2vdgQGK/UAGc8VC/HydA==
X-Google-Smtp-Source: AGHT+IEGi33bUA1HhC2dlhFxFORD6YygNB0bn9HZl9i8sVjS5DMuaQWavGTA9U6pafzoOu4Qw7iQzV6Y/MLCJ+h7FPc=
X-Received: by 2002:a05:600c:3581:b0:412:c29d:a3d7 with SMTP id
p1-20020a05600c358100b00412c29da3d7mr7819910wmq.16.1709589235005; Mon, 04 Mar
2024 13:53:55 -0800 (PST)
References: <0cff8095-6714-43e2-abcc-effba6bd1ba9@kicksecure.com> <CABrFwTKbdhb9Dso46ywiVW1KOoLzF1PmEEM7z0cYAMMWXr2XuA@mail.gmail.com>
In-Reply-To: <CABrFwTKbdhb9Dso46ywiVW1KOoLzF1PmEEM7z0cYAMMWXr2XuA@mail.gmail.com>
From: Mike Kaply <mkaply@mozilla.com>
Date: Mon, 4 Mar 2024 16:53:43 -0500
Message-ID: <CAHueOzDskb_3-oCNwja0D6ea2TMnOHTqJ==xV0bn-5VcBJv-Wg@mail.gmail.com>
Subject: Fwd: Kicksecure Default Browser Configuration Trademark Question
To: adrelanos@kicksecure.com
Content-Type: multipart/alternative; boundary="000000000000109e5d0612dcc396"
X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_MSPIKE_H2,
URIBL_BLOCKED autolearn=ham autolearn_force=no version=4.0.0
* -1.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
* [209.85.128.41 listed in wl.mailspike.net]
* 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
* See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
* 0.0 HTML_MESSAGE BODY: HTML included in message
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on kicksecure.com
--000000000000109e5d0612dcc396
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Unfortunately the changes you would like to make do not comply with our
<https://www.mozilla.org/foundation/trademarks/distribution-policy/>,
You may not add to, remove, or change any part of the software, including
the Mozilla trademarks themselves. For example, you may not add any
extensions to Firefox, change default settings, or alter search codes.
If you would like to distribute Firefox unmodified, you can use our .deb.
You can, of course, make any modifications you wish to Firefox=E2=80=99s op=
source software if you distribute a browser without Mozilla and Firefox
trademarks. Based on your requirements, the Tor Browser might also be an
option you could consider.
On Thu, Feb 15, 2024 at 12:32=E2=80=AFAM 'Patrick Schleizer' via trademark
permissions <trademark-permissions@mozilla.com> wrote:
> I am the lead developer of the Kicksecure project, a Linux distribution
> focused on security and based on Debian. Kicksecure is developed by the
> same team as Whonix, which is somewhat more well-known.
> Our hardened defaults extend to the default user applications on the
> system, including a daily drivable web browser.
> We are currently in the process of reviewing and considering potential
> candidates to be the default web browser on Kicksecure.
> With good intentions, various Kicksecure contributors have suggested
> shipping Mozilla Firefox as the default browser. However, some
> contributors, including myself, are concerned about the modifications to
> Firefox's default settings we intend to make, versus Mozilla's Trademark
> Policy. We have no intention of rebranding or changing the compilation
> options of Firefox binaries. In fact, we prefer to keep the Mozilla
> trademarked names for the products to provide our users with a sense of
> We would acquire unaltered binaries from one of the following sources:
> - Debian's official packages.debian.org repository
> - Mozilla's official packages.mozilla.org repository
> - Mozilla's official Firefox Flathub repository
> Ideally, we would use Mozilla sources.
> Here is a trademark-respecting list of things we are aware of and want
> to avoid for understandable reasons:
> * Not using Mozilla trademarks in the name of our business, product,
> service, app, domain name, publication, or other offering.
> * Not using marks, logos, company names, slogans, domain names, or
> designs that are confusingly similar to Mozilla trademarks.
> * Not using Mozilla trademarks in a way that incorrectly implies
> affiliation with, or sponsorship, endorsement, or approval by Mozilla of
> our products or services.
> * Not displaying Mozilla trademarks more prominently than our product,
> service, or company name.
> * Not using Mozilla trademarks on merchandise for sale (e.g., selling
> * Not using Mozilla trademarks for any other form of commercial use
> (e.g., offering technical support services), unless such use is limited
> to a truthful and descriptive reference (e.g., =E2=80=9CIndependent techn=
> support for Mozilla=E2=80=99s Firefox browser=E2=80=9D).
> * Not modifying Mozilla=E2=80=99s trademarks, abbreviating them, or combi=
> them with any other symbols, words, or images, or incorporating them
> into a tagline or slogan.
> And here is a list of things that we would like to do. Our primary
> intention is to have a default policy (or employ other means if more
> appropriate) to do the following:
> * Use unaltered binaries.
> * Disable all Telemetry, Studies, Reports, and non-essential implicit
> * Force install the addon "uBlock Origin" by Raymond Hill.
> * Set and lock hardened SSL/TLS-related settings, including, but not
> limited to, setting HTTPS-only mode as the default, blocking mixed
> content, not trusting unsafe negotiations, disabling unencrypted
> background requests, etc.
> * Disable sponsored components, like bookmarks and suggestions.
> * Set and lock strict mode for ETP.
> * Change the default homepage.
> * Disable the default display of the "Know Your Rights" information page.
> As an illustrative point of how specifically we plan to apply these
> - Our intended changes would be made by providing a separate package
> (for example, named "hardened-browser-config").
> - This package would install config file(s) in folder(s) such as
> /etc/firefox or /etc/firefox-esr.
> - The package would be installed by default.
> We are willing to elaborate on the details and consider making
> modifications upon request by Mozilla.
> We are not asking for any special permission that does not extend to
> derivatives. As stated on the Debian issue tracker:
> > In case of derivatives of Debian, Firefox branding can be used as long
> > as the patches applied are in the same category as described above.
> This is related to the Debian Free Software Guidelines (DFSG) (item 8):
> > License must not be specific to Debian
> > The rights attached to the program must not depend on the program's
> being part of a Debian system. If the program is extracted from Debian
> and used or distributed without Debian but otherwise within the terms of
> the program's license, all parties to whom the program is redistributed
> should have the same rights as those that are granted in conjunction
> with the Debian system.
> We would like to be able to state similarly:
> > In case of derivatives of Kicksecure, Firefox branding can be used as
> long as the patches applied are in the same category as described above.
> We are asking for your opinion on whether this would be in conflict with
> Mozilla's Trademark Policy.
> We intend to publish our correspondence for the sake of transparency.
> Our communications and your responses will be publicized in full,
> verbatim, without modifications.
> You received this message because you are subscribed to the Google Groups
> "trademark permissions" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to trademark-permissions+unsubscribe@mozilla.com.
--000000000000109e5d0612dcc396
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>Patrick,</div><div><br></div><div>Thanks for your ema=
il.<br></div><div><br></div><div>Unfortunately the changes you would like t=
o make do not comply with our<a href=3D"https://www.mozilla.org/foundation/=
trademarks/distribution-policy/"> distribution policy</a>, including the fo=
llowing:</div><br><div style=3D"margin-left:40px">You may not add to, remov=
e, or change any part of the software, including the Mozilla trademarks the=
mselves. For example, you may not add any extensions to Firefox, change def=
ault settings, or alter search codes.<br></div><br>If you would like to dis=
tribute Firefox unmodified, you can use our .deb.<br><br>You can, of course=
, make any modifications you wish to Firefox=E2=80=99s open source software=
if you distribute a browser without Mozilla and Firefox trademarks. Based =
on your requirements, the Tor Browser might also be an option you could con=
sider.<br><div><br></div><div>Mike Kaply</div><div>Technical Partner Lead</=
div><div>Mozilla Corporation<br></div><div class=3D"gmail_quote"><br><div c=
lass=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Thu, Feb 15, =
2024 at 12:32=E2=80=AFAM 'Patrick Schleizer' via trademark permissi=
ons <<a href=3D"mailto:trademark-permissions@mozilla.com" target=3D"_bla=
nk">trademark-permissions@mozilla.com</a>> wrote:<br></div><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px soli=
d rgb(204,204,204);padding-left:1ex">I am the lead developer of the Kicksec=
ure project, a Linux distribution <br>
focused on security and based on Debian. Kicksecure is developed by the <br=
same team as Whonix, which is somewhat more well-known.<br>
Our hardened defaults extend to the default user applications on the <br>
system, including a daily drivable web browser.<br>
We are currently in the process of reviewing and considering potential <br>
candidates to be the default web browser on Kicksecure.<br>
With good intentions, various Kicksecure contributors have suggested <br>
shipping Mozilla Firefox as the default browser. However, some <br>
contributors, including myself, are concerned about the modifications to <b=
Firefox's default settings we intend to make, versus Mozilla's Trad=
Policy. We have no intention of rebranding or changing the compilation <br>
options of Firefox binaries. In fact, we prefer to keep the Mozilla <br>
trademarked names for the products to provide our users with a sense of <br=
We would acquire unaltered binaries from one of the following sources:<br>
- Debian's official <a href=3D"http://packages.debian.org" rel=3D"noref=
errer" target=3D"_blank">packages.debian.org</a> repository<br>
- Mozilla's official <a href=3D"http://packages.mozilla.org" rel=3D"nor=
eferrer" target=3D"_blank">packages.mozilla.org</a> repository<br>
- Mozilla's official Firefox Flathub repository<br>
Ideally, we would use Mozilla sources.<br>
Here is a trademark-respecting list of things we are aware of and want <br>
to avoid for understandable reasons:<br>
* Not using Mozilla trademarks in the name of our business, product, <br>
service, app, domain name, publication, or other offering.<br>
* Not using marks, logos, company names, slogans, domain names, or <br>
designs that are confusingly similar to Mozilla trademarks.<br>
* Not using Mozilla trademarks in a way that incorrectly implies <br>
affiliation with, or sponsorship, endorsement, or approval by Mozilla of <b=
our products or services.<br>
* Not displaying Mozilla trademarks more prominently than our product, <br>
service, or company name.<br>
* Not using Mozilla trademarks on merchandise for sale (e.g., selling <br>
t-shirts, mugs, etc.)<br>
* Not using Mozilla trademarks for any other form of commercial use <br>
(e.g., offering technical support services), unless such use is limited <br=
to a truthful and descriptive reference (e.g., =E2=80=9CIndependent technic=
support for Mozilla=E2=80=99s Firefox browser=E2=80=9D).<br>
* Not modifying Mozilla=E2=80=99s trademarks, abbreviating them, or combini=
them with any other symbols, words, or images, or incorporating them <br>
into a tagline or slogan.<br>
And here is a list of things that we would like to do. Our primary <br>
intention is to have a default policy (or employ other means if more <br>
appropriate) to do the following:<br>
* Use unaltered binaries.<br>
* Disable all Telemetry, Studies, Reports, and non-essential implicit <br>
outgoing connections.<br>
* Force install the addon "uBlock Origin" by Raymond Hill.<br>
* Set and lock hardened SSL/TLS-related settings, including, but not <br>
limited to, setting HTTPS-only mode as the default, blocking mixed <br>
content, not trusting unsafe negotiations, disabling unencrypted <br>
background requests, etc.<br>
* Disable sponsored components, like bookmarks and suggestions.<br>
* Set and lock strict mode for ETP.<br>
* Change the default homepage.<br>
* Disable the default display of the "Know Your Rights" informati=
As an illustrative point of how specifically we plan to apply these changes=
- Our intended changes would be made by providing a separate package <br>
(for example, named "hardened-browser-config").<br>
- This package would install config file(s) in folder(s) such as <br>
/etc/firefox or /etc/firefox-esr.<br>
- The package would be installed by default.<br>
We are willing to elaborate on the details and consider making <br>
modifications upon request by Mozilla.<br>
We are not asking for any special permission that does not extend to <br>
derivatives. As stated on the Debian issue tracker:<br>
=C2=A0> In case of derivatives of Debian, Firefox branding can be used a=
=C2=A0> as the patches applied are in the same category as described abo=
This is related to the Debian Free Software Guidelines (DFSG) (item 8):<br>
=C2=A0> License must not be specific to Debian<br>
=C2=A0> The rights attached to the program must not depend on the progra=
being part of a Debian system. If the program is extracted from Debian <br>
and used or distributed without Debian but otherwise within the terms of <b=
the program's license, all parties to whom the program is redistributed=
should have the same rights as those that are granted in conjunction <br>
with the Debian system.<br>
We would like to be able to state similarly:<br>
=C2=A0> In case of derivatives of Kicksecure, Firefox branding can be us=
long as the patches applied are in the same category as described above.<br=
We are asking for your opinion on whether this would be in conflict with <b=
Mozilla's Trademark Policy.<br>
We intend to publish our correspondence for the sake of transparency. <br>
Our communications and your responses will be publicized in full, <br>
verbatim, without modifications.<br>
You received this message because you are subscribed to the Google Groups &=
quot;trademark permissions" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:trademark-permissions%2Bunsubscribe@mozilla.com" =
target=3D"_blank">trademark-permissions+unsubscribe@mozilla.com</a>.<br>
</blockquote></div><div dir=3D"ltr"><div><div dir=3D"ltr"><div><br><span><s=
pan></span></span></div></div></div></div>
--000000000000109e5d0612dcc396--
or create an account