Open source licensing and why we’re changing Plausible to the AGPL license

we’ve become aware that there are risks associated with permissive open source licenses that corporations that don’t care about open source are happy to take advantage of.

So we’re making a change to our license. This change doesn’t affect anyone subscribing to the Plausible Analytics Cloud and anyone who’s running Plausible Analytics Self-Hosted on their server. Everything stays the same.

The change will affect corporations that want to take our code and use it to create and sell proprietary tools that directly compete with us.

I think this is an interesting read of people realizing that they need to think more about their licensing.

Feels like they want a non-commercial license rather than AGPL, but good to read through someone’s thought process and then how they communicate it.

3 Likes

A non-commercial/not-for-work license would prevent a lot of self-hosting.

It sounds like they mainly want to protect against SaaS competition.

Sentry did this by switching to the Business Source License, but Polyform’s Shield and Perimeter licenses would also work.

2 Likes

Tell me more? How do you interpret that?

From my POV — for profit companies using a tool for work would need a license.

I use the term “self hosting” more for individual / personal usage, not “as a company we are hosting X ourselves”.

1 Like

My read is that if a business wants to self-host Plausible as is, a non-commercial license would prevent that but AGPLv3 would not. It seems like they don’t want non-commercial but rather network copyleft, to make sure nobody can make a downstream variant of Plausible that’s closed-source and secretly not privacy-respecting.

3 Likes

Ok thanks that’s clear.

And I guess from your context other people use the term self-host also for business, not just personal usage.

1 Like

I use to write all my software under AGPL for several years, such as some of the most popular jQuery plugins at the time (2006-2010); however I found that because of AGPL, people would just plagiarise the software as MIT instead, or just ignore the AGPL clauses; so rather than using the more restrictive yet more popular and original library, they would just rewrite it as a more permissive library, or just disregard the restrictions.

One case was it was common for my AGPL licensed and free jQuery plugins to be repackaged then sold as paid software under different names by bad actors.

Through 2010-2015 I decided to just MIT everything in response, as I was tired of seeing my work plagiarised, as I figured people will just reverse engineer anyway, so let it at least be my original work that is available to everyone to consolidate effort.

However, then big players would use my software, and I’d only get a few people donating a few dollars back, despite the maintenance burden becoming a full-time gig. Billions of installs a month should be worth more than a few dollars a month in returns.

In the end, I realised that people (such as companies) who hold secrets win, as they have a playbook that the 100% open-source/transparent people don’t. That secret keepers are a superset of the honest.

So unless you have significant barriers to entry, it may be more productive for people to just reverse engineer / reproduce your original effort: a blue ocean becoming a red ocean.

This has actually been formalised in game theory; that unless incentives and disincentives are calibrated then the more adaptive people win: https://ncase.me/trust/

5 Likes