Concerns Over Moq and SponsorLink
.NET OSS ecosystem had a lot of drama, but I haven’t seen anything like what happened in Moq’s repo. And I participated in it. I normally don’t get into this type of discussion in the software world, but this was an awful implementation of a bad idea, followed by potential security concerns and an unauthorised email scraping from the user machines.
I’m not going to talk about what SponsorLink is in detail, you can check Daniel’s own explanation and Sean Killeen’s blog post. But briefly recapping: A NuGet package that automatically checks if you’re a GitHub Sponsor for the OSS library you’re using, and “nags” you to be one.
The original implementation of SponsorLink was very problematic; it was closed-source, and it included scraping the current user’s email, sending it to a third-party endpoint and storing it there. According to Daniel, it’s being reworked, and an offline operating model will be introduced. But it won’t change what SponsorLink is: A bad idea.
SponsorLink Rediscovered America, erm, Licensing
There are many ways to earn money from software. True, it’s not as rich as the new content creator economy, which Daniel is aiming for (and missing it by a great margin). And I understand people to earn money from their public efforts, especially when big corporate giants are benefitting from those same efforts like crazy. I really get that.
But like it or not, BSD-3 is a contracting agreement you’re entering with your users. You’re telling them, “you can use this for free”.
If you wanted to earn money from your effort, you would first start by creating your financial model around it. You could make a paid version of your free product. You could offer services, consultancy, training, etc. You could sell swag. Or, you could change the licence of your free library. Make it dual-licensed: Companies with over 1M$ income could pay for their licences. But no, Daniel didn’t want to do that. From his blog post on SponsorLink:
I don’t want to have to deal with setting up licenses on a server, provisioning test agents or whatever.
Then, he went ahead and implemented it thing anyway, just by piggybacking GitHub’s Sponsor infrastructure. Because he wanted the money, but not the hassle.
Don’t get confused, Moq is now a paid product. You just pay it with coffee, or your patience. The model of SponsorLink powered-libraries is now a paid-licensing model disguised as “FOSS”, and it’s called “Nagged Until Paid”.
The Concept Of “Nagged Until Paid” Is Passive-Aggressive
Moq was always a free software, as numerous others, released under the BSD-3 licence. You have the permission to use it, free of charge, either personally or commercially. As of today, that’s still the promise. You don’t need to pay or sponsor Daniel or any other contributor if you don’t want to.
But Daniel’s approach was to create build warnings to coerce you into paying by constantly nagging you and slowing your builds between 0 and 4 seconds. He says he’s planning to change it, but the promise of SponsorLink is the same: “Nag you until you pay”. By the way, I’m not using the term “nag” myself; it is something said by Daniel, openly, and like something to be proud of doing.
It isn’t. It is a very, VERY passive-aggressive form of communication, and he’s showing it down the throats of Moq users and asking other OSS contributors to do the same. SponsorLink is built onto the promise of guilt-shaming you because you didn’t tip $1 to the contributor. And it does it on your machine, on your codebase, within your IDE. Let me give an example of the situation with a metaphor, which I already used in Moq’s GH issue:
Imagine a musician, playing by the river. They are playing it for free, just with a tip box. You see them, stay for a few minutes, enjoy the music, maybe make an instagram story, then move on without tipping. Then you come back home, finding the musician sitting in your living room, butt-naked, asking you to pay, or they would follow you around the house. What would you do?
I understand that Daniel wanted to create a better and sustainable licensing for OSS developers, similar to a subscription model like Spotify (his own words from Twitter here and here). Does SponsorLink sound like a platform that would achieve that? He could build a platform like SetApp for developers to bring their tools under a shared subscription model that would be distributed between them. It could’ve worked as a NuGet proxy feed, for people to opt in and use. That would at least resemble Spotify in a sense.
But no. He decided to remind you that you didn’t tip, every time you play his song, even though it was freely given. He wanted to “nag” you.
See the problem?