Some modified Searx public instances found in searx.space don't comply with the AGPLv3 license

[caribpa]

Quoting an excerpt of the AGPLv3 summary found in the license page of Searx:

[...] When a modified version is used to provide a service over a network, the complete source code of the modified version must be made available.

This is expanded on Section 13 but basically means that if you change anything* from the source project, then you must offer a public link to your changes. Here is a question about this matter.

If we access to the modified public instances found in searx.space, we can find that the majority of them don't offer a link to their sources. Instead, the Source Code link provided at the bottom of their main page still points to https://github.com/asciimoo/searx (some don't even have this link) and their actual sources cannot be found anywhere on their site, violating the AGPLv3 license.

* Although not stated directly in the license, code or configuration files storing secrets are excluded, unless these specific secrets (and not others) are needed for the software to work properly, according to these two sources.

[dalf]

This makes sense but for some instance, only one image and one CSS file are different. I don't know if it can considered as publication, since the browser downloads it ?

Some instances have published a link to their source code at the bottom of the index page, for example https://spot.ecloud.global/

An idea:

• the settings.yml (in searx) configuration file contains a link to the source code.
• the theme uses that settings to display the right URL for "source code"
• the /config URL contains the source code URL ( should be in https://spot.ecloud.global/config for the spot.ecloud.global instance)

Then searx-stats2 can fetch this information and display it.

---

Brain storming / enhancement: searx.space could clone the git repository and compare

[caribpa]

According to the license, you have to publish the full source code if you modify or add anything (except in the case of non-specific secrets as stated before).

I understand that it would be a PITA having to store separately the full source code if you change only one color from a CSS sheet (and make sure it stays up to date with any other modifications), but this is the way the license works.

Though it may seem that storing just a diff in your instance (and presenting it as Source Code) will yield the same result while saving space and being more convenient when tracking the changes, there is an issue in this approach: If my modified Searx instance is based on another Searx instance and the latter goes down, my modified Searx instance would have a diff file that might fail when applying it to vanilla code. This is assuming that the diff file was created from the changes made to code from a non-vanilla public instance. But even if we decide to create a diff based on vanilla code, it may happen that the vanilla code disappears or changes, thus having the same problem as before.

So the code should be stored in its completion and should be publicly accessible.

[caribpa]

Also I believe that searx.space, apart from comparing the public instance's code with the vanilla code, it should also compare the stored instance's code with the actual webpage presented by the public instance to prevent people from lying or forgetting about updating their public source code.

[caribpa]

By the way, I suggest that an announcement or something should be presented on https://github.com/dalf/searx-instances requiring the public instances to be compliant with the AGPLv3 license, and contact the public instance owners listed on searx.space asking them to make their source code public within a month (for example) or their instances will be removed from searx.space for violating the license.

[caribpa]

Forgot to say that you are only required to store and make your source code accessible if you modified the original project (with the exceptions noted in the OP). If your public instance runs vanilla code* then you don't have to store it and the Source Code link can point to the original project.

* If my public instance is a non-modified copy of a modified Searx public instance AGPLv3 compliant (such as search.privacytools.io), my instance's code is considered vanilla so there is no need in storing it and changing the Source Code link.

[ghost]

Forgot to say that you are only required to store and make your source code accessible if you modified the original project (with the exceptions noted in the OP). If your public instance runs vanilla code* then you don't have to store it and the Source Code link can point to the original project.

***** If my public instance is a non-modified copy of a modified Searx public instance AGPLv3 compliant (such as search.privacytools.io), my instance's code is considered vanilla so there is no need in storing it and changing the Source Code link.

<script type="text/javascript">
  var _paq = window._paq || [];
  /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="https://stats.privacytools.io/";
    _paq.push(['setTrackerUrl', u+'matomo.php']);
    _paq.push(['setSiteId', '2']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<noscript><p><img src="https://stats.privacytools.io/matomo.php?idsite=2&amp;rec=1" style="border:0;" alt="" /></p></noscript>

it looks very poor!!!

[caribpa]

@nibbleidea care to explain your quote? I am not affiliated with privacytools.io nor I did write that code :)

[ghost]

@nibbleidea care to explain your quote? I am not affiliated with privacytools.io nor I did write that code :)

this code is tracking users

[caribpa]

this code is tracking users

I saw it but what does it have to do with what I said?

[caribpa]

Btw @nibbleidea privacytools.io openly states in their Privacy policy that they do track you. Ironic I know 🤦‍

[TheEvilSkeleton]

any update?

[dalf]

About new instances:

• See : https://asciimoo.github.io/searx/dev/makefile.html?highlight=brand#makefile-setup
• GIT_URL is exposed in /config : a public API in each searx instance.
• Related to external_ressources.py: add supported for GIT_URL in /config searxng/searx-space#34

About the existing instances, this is issue is related to dalf#45