Blog Post

Did Boxee Violate the GPL?

An open source advocate has alleged that Boxee and D-Link are violating the General Public License (GPL) with its Boxee Box, but Boxee has responded, saying that the code at the heart of the controversy was never used and has since been removed.

Allegations that Boxee is violating the open source license surfaced on Monday, with a website called detailing a test that seems to indicate the inclusion of code licensed under GLP v3 on the device.

Boxee is based on the open source XBMC project, and the company has been making some of its source code available online. However, the software used on the Boxee Box also contains DRM protection to secure video services from companies like Netflix (s NFLX) and prevent users from tinkering with the installed software. “Boxee has included cryptographic controls to block you from using your software on the Boxee Box. Both D-Link and Boxee refuse to release the key files required to pass these checks,” writes the author of

This wouldn’t necessarily be a problem if Boxee had used open source software licensed under the GPL’s version 2, or an even more liberal license. However, GPL v3 contains specific language that is meant to deter companies from locking down devices — a practice that the Free Software Foundation has dubbed Tivotization. The FSF explains it this way:

“Tivoization is a dangerous attempt to curtail users’ freedom: the right to modify your software will become meaningless if none of your computers let you do it. GPLv3 stops tivoization by requiring the distributor to provide you with whatever information or data is necessary to install modified software on the device.” tested for GPLv3 code by establishing a telnet connection to the device and then looking at the version of GPG, a cryptography tool. Turns out the version included with the Boxee software that shipped with the device is licensed under GPL v3. However, Boxee now says that the tool “was erroneously included — but never used, and we subsequently removed it from the Boxee Box software.” Boxee co-founder Tom Sella added in a blog post that the company has put a new process in place to avoid future mistakes like these and audit all of its existing open source software components.

This isn’t the first time Boxee’s CE hardware ambitions have faced a backlash. Some users took issue with the new UI as soon as the Boxee Box was released, and others have complained that not all of the promises made about the device have been met. Sella said that the controversy had a lot more to do with the some of the compromises the company has had to make.

“We had always hoped that the Boxee Box would be able to run XBMC, enable old-school emulators, and make breakfast in the morning”, he wrote, adding: “But it quickly became clear that to release a device with premium content, we’d need to put strict security measures in place. Lose the security requirements and lose access to some of the Boxee Box’s most popular content.”

3 Responses to “Did Boxee Violate the GPL?”

  1. There appears to be more recent developments here… Boxee Box management have actually come forward on their corporate blog and admitted to distributing GPLv3 software in the Boxee Box firmware, and by doing so, profited from software piracy! This should be interesting…will this be the first time that GPLv3 is brought before the courts?

    Check out the details:

  2. The negative publicity that Boxee Box has received is well deserved. When the CEO of any corporation looks directly into the camera and LIES, it should send a clear message to customers, investors, and the open source community that this is a company that will say anything depending on which way the wind blows.

    They say a fish always rots from the head down. I would not want to be a business partner or an investor in a company as dishonest as Boxee Box.

    I unfortunately bought into the lies, wasted $200 at retail, and subsequently had to almost give the thing away on craiglist.

  3. Boxee is starting to become the largest scam in history of GPL-software. Beside this problem, Boxee is redistributing XBMC Code with closed source components for:
    streaming content. This component is called “bxflplayer”. This is used to view online content;
    a payment model for their streaming services. they share revenue with Content Providers;
    social networking. This component is called “libboxee”. It deals with proprietary methods of communication with Boxee’s online back-end server which handles the user account information and social network communications between the users in the Boxee userbase.

    Boxee is redistributing XBMC Code with those components under a custom license and without access to the source code. In other words, Boxee prevents users to exercise their GPL-rights to redistribute those components and backport it into XBMC.

    This is not in the spirit of Open Source, the GPL and the FSF but it is no problem to the XBMC Foundation, from whom they monetized their business case! So stop using the terms Open Source and F/OSS related to Boxee.

    Besides, XBMC Foundation is supporting this setup.