I continue to believe the risk is real and supported by my links and quotes. You’re free to disagree. I’m not a lawyer anyway.

I will stop discussing since suddenly this is about “normal” and I guess “abnormal” donations, and I don’t think we’re having a clear-headed debate here.

Did you actually read the quote I gave? I’m honestly confused.

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ%3AL_202402847

Supply in the course of a commercial activity might be characterised not only by charging a price for a product with digital elements, but also by charging a price for technical support services where this does not serve only the recuperation of actual costs, by an intention to monetise, for instance by providing a software platform through which the manufacturer monetises other services, by requiring as a condition for use the processing of personal data for reasons other than exclusively for improving the security, compatibility or interoperability of the software, or by accepting donations exceeding the costs associated with the design, development and provision of a product with digital elements

TL;DR, just donations can already be a problem, apparently. But IANAL.

As far as I understand the license doesn’t matter at all for EU regulation, other than “non-free” software is treated even worse.

Generally if you give something away for free, you can’t be claimed to be the owner.

The CRA from what I can tell applies to software given away for free, sadly. I’m not a lawyer, though. But you can perhaps see why people don’t trust the EU.

I admit it’s a complex topic, but if you read the post in detail, it should answer your questions. The “owner” is typically the maintainer, if in doubt that’s the person with repository write access. And the EU can apparently potentially require whatever to be maintained, not that I understand the exact details. The point was that the regulation doesn’t seem to avoid FOSS fallout well.

The EU has been so far bad at making sure FOSS isn’t seen as a paid product in the eyes of regulation, even in cases where it’s clearly unpaid, see here. They can’t be trusted to get this differentiation right.

Therefore, unlockable bootloader seems like the better idea. Get people to Linux and open Android variants if the closed-source companies won’t serve them.

Many of us dislike all the things you listed for their impact, including AI.

I think most people would argue 1-3% of datacenter use is still a significant global pollution factor that is a problem.

Often it is respected, but the resulting problem is platforms conflate things with the questionable AI scraping crawlers to blackmail websites into participating in feeding AI.

For example, Googlebot if enabled won’t just list you for search, but will also scrape your contents for Google’s AI. Edit: see https://arstechnica.com/tech-policy/2025/07/cloudflare-wants-google-to-change-its-ai-search-crawling-google-likely-wont/ as source. I imagine LinkedinBot, given it’s microsoft, will feed some other AI of theirs as well on top of the previews.

Until regulation steps in to require AI bots to separately ask for crawling permission, or to actually get a proper license for reuse of the contents, this situation isn’t going to improve.