If you’re a startup, you should not use React (reflecting on the BSD + patents license)
That is, if you ever hope to be acquired by a larger company
[EDIT — My argument is a cautionary one, I’ve made some edits in that direction. I am not a lawyer, but I argue that — as a startup — if I’d want to keep my doors open to any future outcome, offer, exit, proposal, FB’s OSS licenses may pose an obstacle under some circumstances.]
UPDATE 22nd August 15.10 BST — Here’s an update that discusses concepts, licenses, OSS communities, etc. It is a compilation of my thoughts following the massive amount of feedback I’ve received. Many things don’t add up, and Facebook has a lot of questions to answer.
Make sure you read this article next. That way you’ll get the full picture of where we stand.
Note 1: Updated on August 19th to add clarifications where needed.
Note 2: August 20th 13.00 BST— please don’t turn this into a flamewar. Open Source Software has a >30 year history, and Facebook appears to be leveraging it as an instrument for their private benefit.
Note 3: August 20th 19.00 BST — I’ve received comments from individuals associated with the React universe. Contrary to them, I have no vested interest in one frontend framework or another. I am a backend engineer, not a frontend guy. As a result, I’m neutral and unbiased in this sense. I am not attacking the technology — I’m just providing my view on Facebook’s stance and its potential impact.
Note 4: August 20th 21.20 BST — I’ve compiled a list of ~35 companies along with their most popular Open Source projects (75+ in total), grouped by the licenses they use. The conclusion is that Facebook is nearly alone in the industry in the use of this license. Here is the article.
What’s currently happening in the Open Source community is disheartening. Especially when you realise that many startups and businesses (including Facebook) exist thanks to Open Source; as they wouldn’t be viable if they had to pay prohibitive license fees of proprietary software upfront.
Open Source is about creating communities to build better software together. It should never be used as a marketplace to exchange people’s rights — like Facebook is intending.
Facebook is pushing a licensing model called “BSD + patents” in all their projects, including the wildly popular React.
“BSD + patents” essentially means that the code is open (for everyone to see and use), but it’s copyrighted by Facebook. The BSD license grants you a copyright usage license. Additionally, they grant you a patent license as long as you’re nice to them by never suing Facebook for patent infringement.
The instant you sue Facebook, your patent rights for React — and any other Facebook ‘open source’ technology you happen to use) — are automatically revoked.
Adios, bye bye, they’re gone!
This issue was brought to public attention by the Apache Software Foundation.
[UPDATE: To go deeper into the license model, patent right grants, what strong patent retaliation vs. weak patent retaliation means, ASLv2, Mozilla Public License, MIT, OSS communities, read the following article]
This is a living document and I will keep updating it as necessarymedium.com
This restriction is boundless, and fierce
It doesn’t matter whether the intellectual property is related to the domain you’re using React for, or not.
If you use React, you cannot go against Facebook for any patent they hold. Full period.
Update Sept 18th 2017 — Actually, it’s worse. You cannot go against Facebook for any patent they wish to hold, either, e.g. if they file a patent claim that steps on your work.
In other words: quid pro quo — if you use my software, you give me immunity.
Facebook, is that what you think Open Source is about?
[UPDATE: It is normal for a license with patent grant to include weak patent retaliation, i.e. if you use React and you sue FB for a patent over React, you lose any patents granted to you for React. Note the scope: it is always React. FB’s license is different (stronger). Read more here.]
For the sake of illustration, say you’re a fridge company “Fridgebook Inc.” who markets intelligent fridges. Your fridges have a screen that runs your proprietary application, and you use React for the UI.
Overnight, you hear that Facebook decides to move into the fridge industry, and they’ve announced the worldwide launch of their new product: “FBfridge”, in just 1 week.
In the hypothetical case that Facebook blatantly infringes some of your patents with ‘FBfridge’, what can you do?
Well, you cannot sue them immediately. You’re using React on the customer-facing app, remember?
If you sue them before migrating to something else (like vue.js), you will immediately lose the patent grant for React, and suddenly you’re in breach yourself, fighting against a potential lawsuit for illegal use of software, from an almost-$500-billion company, all by yourself.
And obviously, you don’t want to interrupt customer service.
So if you want to sue them, or at least hold any leverage for doing so, you will need to find a solution migrate away from React in record time.
That’s quite a pickle you’re in, right? It’s almost an extortionary situation. The solution? Not using React in the first place, and retaining your liberty to assert your rights.
NOTE: I am not an proponent nor an opponent to patents myself. I don’t have a clear stance on the issue. I’m just analysing the give-and-take balance here.
The last time I looked, the philosophy of Open Source revolved around communities where talented people contribute their grain of sand to — together — build better software and push tech even further.
That’s the spirit of the Apache Software Foundation, the Linux Foundation, etc. who are key references in the Open Source sphere.
So, why bring patents into Open Source?
Facebook has released an official explanation, which I’ll summarise for you in a few words:
Facebook receives a large number of meritless patent claims. They waste lots of resources fighting them. So they decided to capitalise on the success of their Open Source projects (like React) to introduce a trojan horse to deter users from filing — theoretically meritless — patent claims against them. They do not reciprocate this restriction.
But here is the important part. They claim that every other company that releases Open Source software should do the same.
[UPDATE: Here I analyse what other large companies adopt this license model. Hint: not many, just 2.]
Facebook is nearly alone in their usage of BSD-3 + strong patent retaliationmedium.com
Unfortunately, this is not going to work, and would eventually lead to a closed-source industry again, for several factors:
- It requires consensus across the largest players in the market, who hold real arsenals of patents as leverage against competitors (see image below). Suddenly those arsenals would be valued at $0.
- Arriving to that consensus is highly improbable. As long as one rogue company doesn’t join, the rest will need to keep “their guards/patent arsenals up”.
- If all giants agreed to open source under the “BSD + patents” scheme, cross-adoption would grind to a halt. Why? If Google released Project X under “BSD + Patents”, and Amazon really liked it, rather than adopting it and losing their right to ever sue Google for patents, they would go off and build it on their own.
- That would mean that communities will not form around these products. Communities are the fuel and the incentive for open sourcing products. If there is no chance of igniting a community, there is no reason to open source.
- Eventually, as the above situation happens over and over again, the giants will stop seeing value in open sourcing their products, and the industry would eventually fall into a closed-source model.
Facebook’s unethical use of Open Source philosophy
Patents protect ideas and inventions. In most cases, patent assertion cases are not black or white — win or lose. Infringement evaluation is complex and costly. A lawsuit can cost hundreds of thousands or millions to file and pursue. You might have a 85% confidence that FB violated a patent of yours, but to even pursue it it’s going to cost you a lot of money.
If on top of that, you will need to invest to migrate away onto a different frontend framework first, and make sure that all your customers are using your new product version (what if you’re using React Native? your users may not upgrade the apps at once!), before you can even file the lawsuit, do you think that’s an honest, ethical usage of open source philosophy?
Open Source is not a “quid pro quo” trade. Open Source is about creating communities to build better software together. It should never be used as a marketplace to exchange rights.
In fact, Facebook itself is built on the pillars of Open Source software with permissive licenses.
Update 5: 21st August 11:20 BST — here’s another thought that crossed my mind. It clearly illustrates the unfairness of Facebook’s stance, and its lack of respect for the OSS community at large.
What’s your guess?
Why you may want to avoid React if you’re a startup
If you’re building a startup, I’m assuming you — and your investors — are hoping to land a million-dollar worth exit at some point, right?
You want to keep your door open to all acquirers, especially the large ones: Apple, Microsoft, Google, Amazon, etc.
These companies likely hold patent arsenals against Facebook — and even if they didn’t — they don’t want to surrender their rights to sue Facebook if the time came.
If your product is built on React, acquiring you means losing these rights, and this is something they might not be prepared to do.
Basically, some potential buyers might not be interested in you, if buying you means they have to surrender their rights to ever sue Facebook for patent infringement.
So if you want to keep your options open…
You may want to migrate away from React
I particularly like Preact, but I’m not sure if Facebook holds any software patents on the Virtual DOM or the React APIs.
I hope at some point the community can clarify where Preact and Inferno (another light-weight alternative to React) stand in terms of intellectual property.
Continue reading the follow-ups
22nd August 2017: I consolidated my responses to feedback in a new post. It is a bit more technical and I cover licensing, OSS development, communities, contributions, etc. I also state some questions that I believe Facebook should answer. I highly encourage you to read this post. Click here:
This is a living document and I will keep updating it as necessarymedium.com
Additionally, I also analysed the licenses of 75+ OSS projects from 35 corporations. Facebook is practically alone in their choice. Here’s the article:
If you enjoyed this article, please recommend it on Medium (clap/heart it!), and share it on Twitter, LinkedIn, etc.
Furthermore, I’m starting a magazine for high-quality Blockchain & Crypto content. Please check out consensusX, and follow us ;-)