Bug 487595

Summary: Breeze icon theme uses copyrighted icons without acknowledgement or compliance with the owners' guidelines
Product: [Plasma] Breeze Reporter: Adam Williamson <adamw>
Component: IconsAssignee: visual-bugs-null
Status: CONFIRMED ---    
Severity: normal CC: anditosan1000, kainz.a, m, nate, ngompa13, nicolas.fella, nmariusp1
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
See Also: https://bugzilla.redhat.com/show_bug.cgi?id=2283321
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Adam Williamson 2024-05-26 16:08:18 UTC 
SUMMARY
The breeze icon theme repo includes https://github.com/KDE/breeze-icons/blob/master/COPYING-ICONS , which appears to describe the copyright claims for icons in the repository. It seems to claim that all the icons are original works and copyrighted under the LGPL. However, this is clearly not true.

For example, breeze-icons/icons/actions/22/im-skype.svg is very clearly a modified version of Microsoft's Skype icon. This is copyrighted by Microsoft, and is very definitely not under the LGPL. Also, Microsoft provides a restrictive set of "brand guidelines" for Skype - currently at https://secure.skypeassets.com/content/dam/scom/pdf/skype_brand_guidelines.pdf - which specifically states "Do not alter the Skype icon in any way, including changing the colors, angle, or dimensions", but Breeze has made it monochrome.

Similarly, breeze-icons/icons/actions/22/im-facebook.svg is a modified version of Facebook's own icon, which again is very definitely not LGPL. And again, this project is also violating the owner's brand guidelines - https://about.meta.com/brand/resources/facebook/logo/ - which specifically state "DON'T change the color of the logo" and "DON'T use just the 'f' from our logo".

These are only two examples, there are several others (e.g. im-google.svg ).


STEPS TO REPRODUCE
1. Clone the git repo.
2. Read the copyright information.
3. Observe the presence of icons copyrighted by others without acknowledgement or license compliance.

OBSERVED RESULT
There are lots.

EXPECTED RESULT
There shouldn't be any.

SOFTWARE/OS VERSIONS
Irrelevant.
Comment 1 Andres Betts 2024-05-28 18:52:37 UTC 
I think something we have to remember is what type of graphic we are speaking of. Sometimes they are referring to their logo graphic which is not the same as their icon graphic. Some companies don't provide an icon graphic. In which case, you have to make something similar that would fit the bill.
However, a few companies provide their own icon graphic for various sizes, in which case, we should simply copy/paste into the icon collection for our system. Sometimes these icons contain a TM graphic as well.
For reference, I did just that on the 24px collection for icons belonging to other companies. Just copy paste, no modifications. The 22px collection had the same, but I can't ascertain if they came from a company source or from a modified icon source. Unsure.
Still, the icons belonging to companies should probably not be re-licensed.

I hope that's clear LOGO is not the same as ICON. Those are two different graphics.
Comment 2 Adam Williamson 2024-05-28 19:19:34 UTC 
The icon you are using for Facebook *is* the 'f' from the Facebook logo, isolated from the rest of the Facebook logo and with its color changed, both against Facebook's guidelines for using the logo - https://about.meta.com/brand/resources/facebook/logo/ . It is copyrighted, obviously, by Meta, and is definitely not under the LGPL.

"However, a few companies provide their own icon graphic for various sizes, in which case, we should simply copy/paste into the icon collection for our system."

I really think you need to refer this to an actual lawyer. I can refer you to Red Hat's legal team if it would help. You cannot assume you are legally permitted to just "copy/paste" an icon whose copyright is owned by someone else into your project, because that isn't the case. It is legally equivalent to copying the entire text of a popular novel, or the entirety of Taylor Swift's latest song, into your project. If you don't have their permission to do it, you can get in trouble.

Brands typically focus on typical promotional activities when publishing guidelines that provide implicit permission to reuse their branding in certain cases - for e.g. the Facebook guidelines I posted are highly focused on marketing things like including the logo in a business website. When the guidelines don't cover your case, the safest course is to assume you have *no* permission to use or redistribute the copyrighted material, because that's typically how the law works. It's never safe to assume you can just redistribute somebody else's copyright material, and it's certainly never safe to imply that *you* created it, and it's under the LGPL, if it isn't.
Comment 3 Andres Betts 2024-05-28 19:22:48 UTC 
Adam,

I appreciate your analysis and you're welcome to contact a lawyer that could explain this to us here. It's no problem. From your comments, I think you're speaking of something different than what we have and do at KDE. I would like to see how our use case fits or doesn't fit your assumptions around the legal ramifications of the icon use. Send the legal expert our way and we can review.
Comment 4 Nate Graham 2024-06-12 16:50:48 UTC 
The distinction between "icon" and "logo" doesn't actually exist; they are one and the same. If we take a brand's logo, make an icon out of it, and change it in a way that violates their guidelines and then claim LGPL-licensed copyright on it, I fear Adam may be correct that this is legally problematic.

Adam, please do feel free to contact a lawyer about this, as it would provide some legal clarity surrounding the topic. In the meantime, could you provide a full list of potentially problematic icons?
Comment 5 Adam Williamson 2024-06-12 17:34:12 UTC 
Nate: I asked Richard Fontana and he broadly confirmed my view, seems we didn't get around to getting a public comment posted, though.

> Adam, please do feel free to contact a lawyer about this, as it would provide some legal clarity surrounding the topic. In the meantime, could you provide a full list of potentially problematic icons?

I mean, I could try, but it's neither my job nor my competency, and I do have a lot of other stuff to do that *is* my job and my competency. I also wouldn't particularly want to accept any implied liability that I had done the job completely...
Comment 6 Nate Graham 2024-06-12 17:47:00 UTC 
That's fine, I wasn't trying to impose.

Do you have a list of icons you're concerned about, though?
Comment 7 Adam Williamson 2024-06-12 17:57:59 UTC 
Not beyond the one in the initial comment, no. That's as far as I looked. I got here via https://bugzilla.redhat.com/show_bug.cgi?id=2270572 , where I noticed that the Papirus icon theme has some copyrighted logos in it - https://bugzilla.redhat.com/show_bug.cgi?id=2270572#c3 - and the Papirus maintainer then decided the invoke the classic "everyone else is doing it too!" defence (note: this one does not work well in court) and throw Breeze under the bus - https://bugzilla.redhat.com/show_bug.cgi?id=2270572#c13 . So I verified that, found that there were at least three apparently-affected cases, and filed this bug.
Comment 8 Nate Graham 2024-07-31 22:28:42 UTC 
We should investigate all these icons and replace them with accepted official branding from their companies:

application-pdf
acoread
im-facebook
im-gadugadu
im-google
im-qq
im-skype
im-twitter
im-yahoo
im-youtube

After that, we should find a way to avoid claiming copyright on them.

...After which point, having icons for these brand logos in the repo itself is questionable. I wonder if we should just remove them entirely.


Also, these icons are for chat services that are defunct. The functionality should be dropped and then we can remove the icons:

im-aol
im-icq
im-identi.ca
im-google-talk
im-msn