Two thoughts.

Ben Thompson and James Allworth discussed an idea on an episode of The Exponent (https://exponent.fm/) the idea of a "principle stack", and at which "layer" of the stack it's appropriate to address different societal issues. I wish I could find the episode again, it was quite a few years ago. The upshot being... maybe software licensing isn't the right place to address e.g. income inequality?

On the other hand, I definitely encourage tech workers (and all workers) to think about their place in the world and whether their work aligns with their personal values. I think the existence of free and open source software is a fantastic thing, but I think we should continue to evaluate whether it is in danger, or whether it could be better, or whether our efforts might be applied to something else.

For example, I'd love to see co-ops developing shared-source infrastructure based on principles of mutuality, which the sector is built upon anyway. The co-op principles already include cooperative and communitarian ideas which mesh really well with some aspects of open-source software development. But co-ops aren't about just giving everything away either. There could be a real new approach to building a software commons for mutual businesses, rather than a kind of freedom-washed way for big tech companies to benefit from free labour.

Thinking aloud here. Start by requiring that orgs get your permission via email to license your code. Over time, formalize the patterns in your approve/deny responses into an LLM-powered API which does an instant approve/deny, with a prompt you handcrafted and backtested based on real-world data. This could even work for e.g. Linux package installation: As a pre-install hook, a prompt asks the user what organization they work for (if any) and how they intend to use your code. Make it so users can still appeal a "deny" by sending you an email, but attempting to respond to the questions a second time with different answers violates the license [within a certain timeframe at least]. If other open source devs are also interested in this scheme, you could let them piggyback off of your infrastructure... answering your qs toggles a "virtue bit" which unlocks a bunch of "ethical packages", hosted in a dedicated repository to better track downloads. Support yourself by suing companies which violate your license terms.

Since organizations evolve over time, you could have a re-authorization flow every time your users want a major version update of your software.

A flaw in this proposal is that the very worst actors (scammers, black hats, etc.) are likely to be beyond the reach of the legal system in practice. Perhaps you could mitigate this a little bit by replacing Github Issues with a private support forum for trusted licensees.

I understand the intention of what the author is trying to achieve, but I think the problem they will run into is how do you define "evil" in a legal document or license? There is a subset of acts and beliefs that wider society has deemed "evil", but I doubt large corporations are actively supporting sexual assault, torture, murder etc. What the author is referring to is things they find morally reprehensible but do not reach the level of the aforementioned acts enough to be expressly illegal and evil (and whether they are or not, IANAL).

Open source is a gift you’re giving.

Companies take that gift and use it to provide a service for cheaper than it would otherwise be if they had to build it all themselves.

You are already benefiting from open source - but it is a tiny benefit and subtle and very indirect and very diffuse.

Licensing is thorny but it’s personal choice too.. would you use a project whose license is “use it for now unless or until I decide you’re evil at my discretion”.. probably not. Probably, someone else would get the users you have now, and the corresponding popularity.

It is a tough choice, but it’s a lovely and important thing you’re doing when you provide the gift of open source software.

Free software is about freedom. Restricting it from anyone means it's not free. There is no requirement that we must create free software but if it's called free I think it should always have the basic qualities of freedom; not only when it fits our purposes and our values.

If you prevent licensing software to large corporations, small corporations won't use it, either, because small corporations may get acquired by large ones. Such a license would be a "poison pill".

I am not a lawyer and this is not legal advice.

We picked the Boost license for the D Language Foundation because it is the closest to public domain we could find.

Besides, why would "bad guys" be deterred by a license, anyway?

Just make it GPL, there is no chance evil company would tolerate the enforcement of giving back, let alone lawyers to make sure they comply.

It really seems like you just don't want to be open source. That's your choice.

Take a look at the original json.org license and all the problems that the "not for evil" clause they added to it had caused.

Ultimately though, if you put a non free license on your libraries, somebody will cry foul, fork it, and evil will still happen.

"creating software for free that largely benefits large corporations"

Who cares. The end result of this is that we all get to use amazing software, often for free.

Think of your open source contributions as a gift to all of humanity. I wouldn't get too hung up on the fact that bad people can use it. Hammer makers don't add conditions on who can buy their products, even if it could be used as a murder weapon. Take solace in the fact that your work is creating far more good than evil.

You're increasing the rate of innovation in the world. And we're all grateful for it.

The best option to stopping bad companies from doing bad things is to lobby your government to put in place laws against those bad things. Ban specific evils with regulation, thats much more effective than preventing people who do those evils from using a specific piece of software that is fairly easily replaced.

Your project would no longer be open source. It would become source-available proprietary software.

"No man is wise enough to know all the evil that he does." -Rochefoucald

How are you planning to find out about violations of the license and then enforce license compliance? The GPL is very commonly violated, and license compliance costs a lot to enforce since you have to go to court, which also takes a long time.

Let's say you accomplish your goal of dissuading "big corporations" and "bad guys" from using little auth middleware library, and you get a bunch of other open-source maintainers to do the same.

The "big corporations" will shrug and throw a few more tens of thousands into their R&D budget and will assign a few devs to create an alternative, and when they release it as open-source, they'll use it an opportunity to self-promote, it'll have a slick website, and "X by Big Corp" will become the go-to library.

The "bad guys" will just shrug and steal your code. Al Capone was brought down on tax evasion but I don't think you're going to get him on copyright infringement.

If you can somehow convince the majority of non-corporate developers to not use corporate-sponsored open-source, then that might be interesting, but not by much, because there aren't many of those.

It seems like CC-BY-NC (https://creativecommons.org/licenses/by-nc/4.0/) works perfectly for this: Anyone is allowed to use it, but they have to credit you, and they can't use it for commercial purposes.

You're still free to license it out commercially on other terms, the open-source community gets to make use of it as they please, and it ensures you're credited.

I created a software license which is effectively BSD, but lists priority boycott targets and rationale from BDS (boycott-divest-sanction for Palestinian liberation), in an information-only section that has no bearing on the software freedoms and restrictions, but is nevertheless required to be copied as part of the license[1].

I don't actually recommend using this specific license yet, because the text from bdsmovement.net is not technically available under a permissive license (they told me I could use it... but I don't think the person fielding my request really understood what I was asking), but perhaps you can make something similar out of your preferred permissive software license (this is a no-go with GPL unfortunately because any derived license would be incompatible with GPL in addition to permissive-licensed software)

If you're a fan of BDS you can also just list the priority targets in your license, or give the BDS organizers another nudge via email.

I think the power of this is that such licenses wouldn't change how people might use the software. And big corps like Google, Amazon, et al may accidentally end up using such software (which is perfectly allowable via the license), but would then have to circulate a license which calls for their boycott and highlights their complicity in oppression. So I think it'd be fun if some software using this license makes its way into an end-user product of theirs

[1]: https://ossforpalestine.top/

Make it source available. It won't help, but you might feel better.

DuckStation (PS1 emulator) changed license from GPL to CC-BY-NC, because Chinese manufacturers were including it in their hw devices. Somehow I doubt that helped.

This is already explored - use source available instead of open source.

I think the question is do you want to actually stop certain entities from using the project, or do you just want to send a message? If you want to actually stop them then ultimately there is only one way, which is you sue them. If you're not willing to aggressively sue people who use your software in ways you don't want, then I think there's little point in taking the time to craft a license that expresses acceptable uses.

If you just want to send a message, then you can change the license and not take any further action.

For end-user applications, there's potentially the PolyForm Noncommercial License[1]. But since your project is a library, I would not recommend straying from well-known OSS licenses. Very few people would consider using a non-OSS library in a project of any kind.

[1]: https://polyformproject.org/licenses/noncommercial/1.0.0/

This library has already been scanned and used for training AI. It is too late for a license change to have any effect. New projects, maybe.

The important thing to realize is that once you have release something, you have no control over how it is used. It doesn't matter whether it is an open source license or a commercial license. You have the right to take legal recourse, may that be over copyright infringement or licensing terms, but that requires both the means and desire to pursue what may be a lengthy process with an uncertain outcome. Worrying about stuff you cannot control is going to have a far more negative impact upon your life than it will upon those who are using your software for evil.

So what can you do?

Learn how to set boundaries. If a corporation demands something that you have no interest in providing, tell them no. If you are interested in providing it, request compensation for the work or request they submit a patch or let them wait until you can do the work on your terms.

For honest leechers, choose a license that discourages them. Switching from a MIT style license to a GPL style license won't prevent people from profiting from your work, but it will discourage those who want to make proprietary extensions to your work. Also realize that this won't stop dishonest leechers.

Continue to voice your concerns. Corporations don't feel guilt, but people inside them may. Even if the people within them don't feel guilt, they may still see you as an unreliable developer to exploit.

I don't understand why so many open source developers don't want truly free software. Your software isn't free if people can't do whatever they want with it.

"Evil" is also a bad descriptor to use. If I started giving out apples for free on the street (of which I had an infinite supply), I wouldn't be upset if nobody came back with an improved apple for me to use instead.

> I don’t just want to do this for my little project; I want to slowly change the discourse. I’m not sure how to do that effectively, if it’s even possible.

So he's decided that as the supreme arbiter of what is good and just that he'll be trying to slowly boil open source's collective frogs. How narcissistic.

> How can I bring more attention to this issue given the relative popularity of my project? Do I write a blog post? A callout in the documentation?

No. Because it doesn't matter.

There are plenty of licences to achieve this that'll make your code unusable.

CC-BY-NC allows you to ban commercial use. There is also the Hippocratic licence[2] which allows you to choose from a variety of "evil corporation" types, from fossil fuels, mineral exploration, the Taliban, companies that have more than 200% pay inequity, etc.

Pretty much all of these licences will make your project unusable and no longer free software, but hey, they exist!

[2] https://firstdonoharm.dev/build/

I am not a lawyer and do not know all of the other things, but I will write what my idea is.

Some possibilities (while still being FOSS) might be:

- Use AGPL3 license, and do not make exceptions. (Alternatively, make an exception but make it possible to revoke the exception.)

- Design the program for uses that are not bad so that bad uses might be more difficult.

- Sue them, if this becomes necessary.

These combination might make it difficult for bad guys to use it for bad purposes, although some organizations might ignore the license and use it anyways, but you cannot really prevent that.

Post is dated 2026-01-01, I guess it was maybe not meant to be released yet?

I expect any license change away from permissive/pushover licenses is just going to be interpreted as a rug pull and worked around using a fork, or another existing project or new project.

You can either go the custom licence route, but many people do raise (valid) concerns that if you do that, it will be incompatible with others. I do not share that view but I can certainly understand it.

A possible alternative would be using a standard licence like MIT but putting swears/slurs in either the author list or the code itself so using it would be a PR risk, and this could work as a deterrent against commercial usage.

If your project is a library, stamping a copyleft license on it will shun away corporations, AI training aside. Bad guys won't care either way.

The "no evil" goal is commendable but impossible.

Whats the context to wanting to stop "bad guys" from using your open source project?

Might want to elaborate while you're on the front page!

> I know my goal: shift the default in open source from “it’s free for anyone to use” to “please don’t use this if you’re evil”. I don’t just want to do this for my little project; I want to slowly change the discourse.

Good luck. Defining evil objectively is, of course, a challenge. But even with an unambiguous definition in hand, enforcing or detecting it is nigh impossible. Especially since the truly evil will simply lie, ignore the terms of your license, and use it anyway.

On what license to choose, this talk by Adam Jacob is good:

https://www.youtube.com/watch?v=rmhYHzJpkuo

And if you want to read about open source vs source available, this GitHub with the Red Hat lawyer and co-author of GPLv2 provides a TLDR of the sentiment. The reference from Chad gives a deep dive into the discussion and origin of FSL’s language.

https://github.com/liquibase/liquibase/issues/7374

A reminder that Open Source means surrendering your monopoly over commercial exploitation:

https://drewdevault.com/2021/01/20/FOSS-is-to-surrender-your...

There is the MIT+ni*ger license. Please don't ban me, just saying. No company would ever use your software given this license, but your users may boycott you too

I've never understood open sourcing something, but only if I like you. The answer is to have proprietary license that you only give out to select users/companies.

1. the trouble with "bad guys" is they DGAF so good luck convincing them to change their ways

2. quit using permissive licenses if you expect corporations to "give back", Open Source != Free/Libre software. You seem interested in the latter, licenses/copyright laws matter to the !bad guys.

Sounds like the guy that invented bicycle helmets. He didn’t want Nazis to feel safe letting their kids ride bikes to school either.

> Can we prevent Nazis from using our software?

Short of engaging in equally authoritarian control-freakery? I don't see how.

I'm amused by one package author that I'll leave unnamed who has a list on his site enumerating political parties around the world at one end of the political spectrum and announcing that supporters of these parties are disinvited to use his work.

I'm all: "Dude, get over yourself. Parties ALL suck. Now, do good, and consider investing less time on posturing."

You can probably close-source and sell for cheap, pick and choose who you sell it to.