SourceForge’s new installer bundles adware!

sf - site logoFor the uninitiated; SourceForge is the primary repository for open source software, hosting more than 300,00 projects. By extension, this means that SourceForge has also become the primary download source for open source software. Apparently, SourceForge has now decided to offer developers the opportunity to monetize their projects per medium of a new revenue sharing program called DevShare.

When downloading software submitted by SourceForge’s participating developers, instead of the usual direct download, users get a “SourceForge Installer” which bundles the software with third party offers used for monetization. This is similar to the method utilized by the notorious “Download.com” at CNET, with one major exception – at SourceForge it is the software developers themselves who profit, not the download host.

The SourceForge Installer and Ask Toolbar

Let’s take a look at how the installer works when downloading the popular open source FTP software FileZilla – which is now participating in the DevShare program.

*Windows users who click on the FileZilla download button will now see a message that the “SourceForge installer download will start”:

sf installer message

This is a small installer that bundles the program with an advertisement… a sort of download wrapper. Which means you must be connected to the Internet in order to complete the installation:

sf - internet connection

Running the installation file opens the initial screen, including a “Welcome” message which confirms we are indeed dealing with the SourceForge installer:

sf installer and download 1

Click Next, and this is when the offer will now be displayed:

sf installer and download 2

As you can see, the opt-in/opt-out buttons are distinct and clearly defined, although I’m not sure about the color choices. A brighter green color for the Accept button, whereas the Decline button displays in a similar gray to that which is often associated with non-working or disabled options… hmmm!

If you hit the Decline button, from there on in installation is as per the norm, straightforward with no further complications.

If you don’t choose to accept the offer, the installation will continue, and you’ll hear no more about it. Nothing is installed without your consent, and no personally identifiable information is sent anywhere without your consent.

User comments are consistently reporting that the infamous Ask Toolbar is also included, and the information provided by SourceForge on this page… http://sourceforge.net/devshare/why… appears to confirm those reports:

The Ask Toolbar is integrated with the SourceForge installer. During the installation of projects participating in the SourceForge installer program, users are presented with an option of downloading the Ask Toolbar.

If you do not wish to install the Ask Toolbar, you can remove the check in the box. If selected, the Ask Toolbar will be installed a few minutes after the main installation has completed, to ensure that your selected product has installed successfully.

However, I went through the complete installation process under the protection of Toolwiz TimeFreeze and saw no mention of the Ask Toobar myself. A post installation check of my system also confirmed that the Ask Toolbar had not been installed. Perhaps the Ask Toolbar is just one of the products included in the additional offers and not presented in each and every case.

Read more about DevShare and its objectives here: https://sourceforge.net/blog/today-we-offer-devshare-beta-a-sustainable-way-to-fund-open-source-software/

*Note: Currently applies for Windows users only, not Mac or Linux.

Conclusion

My initial reaction to this news was one of shock and horror, SourceForge and open source have seemingly been the last bastion of bundle-free software among the multitude of defectors. After further consideration though, I settled down. Sure, there are always negatives involved with this sort of bundling policy but, in this case anyway, there are also mitigating circumstances:

  • Firstly, the bundled offer is completely transparent with a clearly defined option to Decline. Furthermore, the user cannot continue on with the installation until the decision to either Decline or Accept has been indicated by clicking on the appropriate button. Which means the additional software cannot be inadvertently installed by simply clicking ‘Next’.
  • The overriding consideration is, in my opinion anyway, that it is better to have free open source software available with transparent bundling than no free open source software at all…. or greatly diminished in numbers. If monetizing developers’ efforts is the only way to keep free and open source alive, then I’m all for it. On the proviso that the bundling and option to decline are always entirely obvious..

When you think about it, many open source software developers request a donation from their users, but how many actually comply? My guess would be a very low percentage. Perhaps if more users contributed, the need for additional monetizing programs would be largely negated?

What do you think?

18 thoughts on “SourceForge’s new installer bundles adware!”

  1. I completely agree transparent installers like this are perfectly fair and may help to keep software developers wedded to good sites like this rather than going to sites with more dubious methods. Personally I feel it would be good if the Source Forge model were taken and promoted as law – with one proviso, that there should be no more than two softwares offered in any one download. I have come across some, albeit transparent, installers which make users go through screen after screen of offers before getting to the download.

    Another thing in my view is that misleading downloads by having a tiny text link to the product you want in the top corner and a huge anonymous download button in the middle of the page (where you have to read the small text below) should be deemed unlawful misrepresentation.

    Most countries have some local legistlation governing advertising but we really need a worldwide code of advertising standards on the internet and sites which are in countries that abide by the code should be given priority by search engines. You wont catch them all but at the moment we seem to just accept that this is how it is.

    1. Yes GBS, it’s been obvious for some time now that the way of the freeware (and open source) future is monetizing via bundling adware, it will eventually be the standard. I do believe it will be somewhat self-regulatory, dictated by demand and popularity. Those that do the right thing will flourish, those that don’t will eventually flounder.

      Cheers… Jim

  2. Its transparent for NOW. Im sure the font will get smaller and smaller, like they all seem to do.

  3. It is somewhat sad and unfortunate yet justified but the gray color of the “Decline” button almost makes it seem like it is not clickable! Thank you!

    1. Nice observation about the gray. While I can understand the money aspect, it is the start of that downward slope. I no longer go to CNET site (Download.com) because of their installer. Now I will cross Sourceforge off the list. I have no objection to people trying to make money off their code- and some of it is quite good – but there are others who write code and share it for their own enjoyment. I did myself way back in the old DOS days when I wrote a lot of Basic and also for the RS CoCo. I gave it to club members, no strings attached. They were free to pass it on,. If someone called, I gave them a floppy, free of charge – no I did not advertise in magazines, so I wasn’t bombarded with hundreds of requests.

      My take is if someone wishes to make money off their programs, then put it out a shareware (usually on the “honor system”).
      For SourceForge to do this, is a mistake IMO.

      1. Hey Bob – Your response is perfectly understandable, if perhaps a tad harsh. As I said in the closing paragraph; if more habitual users of a particular software were to make a donation, perhaps the need for developers to pursue alternative avenues to generate funding may be largely negated.

        In that respect, to a certain extent, our fate is in our own hands.

        Cheers mate, and thanks for your input here… always appreciated.
        Jim

  4. Peter Thompson

    At the end of the day not all developers will choose this method. and for those who do, well if the program is great and free then in my opinion it doesn’t hurt to download and click a decline button.

    Maybe actually people wouldn’t mind this type of downloading if good programs were used but it tends to be the programs you want to avoid that it tries to ask you to also instal.

    As to Cnet, cnet’s downloader is a lot worse and if I see downloads without a direct link I find the actual companies site or another download site.

    1. not all developers will choose this method

      Not so sure about that one Peter. If I were a developer given the choice between zero return and the opportunity to generate income/funding, I would certainly choose the latter. Plus, these types of schemes tend to have a snowballing effect, especially within a closed eco-system. I suspect the installer may become the norm for SourceForge downloads.

      Cheers… Jim

  5. It seems perfectly reasonable to me. I just wish they wouldn’t sign the executable with Ask.com. I tried downloading FileZilla a few days ago and seeing the signer being Ask.com made be backtrack a bit to confirm that it wasn’t some fake installer put there by malware.

    1. Hi North – Thanks for your input here, appreciated.

      I agree, it does seem strange that Ask.com would be listed as the digital signatory.

      Cheers… Jim

  6. This is a perfect example of a dark pattern where the installer tries to trick users into installing malware. On first green they tell you you click the green Next button to continue. In almost all normal installers the screen after that will contain the software license with agree and decline buttons. In the case, it looks like an EULA followed with the regular agree/decline buttons, with some kind of ad at the top.

    If you would ask a random person that what will happen if they click Decline, many of them would believe that it will cancel the installation of FileZilla.

    It’s well crafted, I must admit. You can make a strong case that the user has clear options, while everyone knows that majority of those who ins
    tall the adware didn’t realize it.

  7. DevShare is a totally unacceptable violation of the trust that thousands of developers have placed in SF. This misguided effort attempts to monetize FREE software by bundling it with malware. It will destroy SF’s reputation, and ruin SF, because SF’s only meaningful product is its reputation as a trusted source of FREE software. It’s a pitifully dumb and short-sighted move, and I wouldn’t have believed it if I hadn’t seen it for myself.

    And don’t try to argue that the Ask toolbar isn’t malware:
    “Ask.com is noted for a malware toolbar that can be surreptitiously bundled in with legitimate program installations, and which generally cannot be removed from most common browsers once installed.” http://en.wikipedia.org/wiki/Ask_toolbar

    This isn’t just about abstract users and business strategies BTW, this is PERSONAL. I put thousands of hours of hard work into SF projects over the last TEN YEARS, and I never expected a dime in return. SF has violated MY trust, and I am FURIOUS!

    Chris

    [to Tim Kosse]

    I’m a fellow SF developer for ten years now. I’m sorry to
    say this because I actively use and support FileZilla, but
    this bundling is a really bad move because:

    1) It violates the trust of your users, many of whom will
    retaliate by savaging FileZilla’s reputation. They trusted
    you to not hustle them with malware and you let them down.

    2) It encourages SF to continue down a path which has the
    potential to destroy their reputation, and thereby negate
    the hard work of many thousands of SF participants. Remember
    that your vote counts for something: if all SF developers
    had simply said no to SF’s bad idea, it would have died.

  8. My AVG anti-virus detected and blocked the Sourceforge downloader as MALWARE. How’s that for reputation damage? This was a terrible thing for SF to do.

  9. I can see problems with this path, I usually download the installer and run it whilst disconnected from the internet and also keep the download file as my “golden master” however this new method of providing a shim installer that then downloads the actual install file now prevents me from making that backup and installing whilst offline. I can understand the developers wanting to get some return on the work they have done, however when it means that the reputation of the program they write is being battered (take a look at the filezilla forums to get a clear message there are a lot of unhappy people who are now looking to use another ftp program.) and it seems the shim installer also in some cases has installed other software / browser plugins etc without explicitly warning the user which then begs the question that now we have legitimate software supporting practices that might be considered questionable.

  10. It has obviously become worse since this article, more than a year old now. Today, many people downloading Filezilla through the infected Sourceforge downloader report adware to be installed without consent or against their “decline” click decision, or using deception (like displaying an EULA page seemingly for FileZilla, and installing upon “accept”). The features and behaviors of the adware clearly qualify much of it as malware, and some even report that fürther programs are downloaded by the adware, some of them classic malware like trojans.

  11. It’s not transparent for the average end user! It may be for the more tech savvy, but 99,9% of the users will click “Accept” even though they don’t want the bundled crap.
    Those extra offers do not state clearly that the software you want to install will be installed regardless of the choice you make.
    And this is why in my opinion sourceforge is actively damaging the reputation of open source software.

  12. Wow, I can’t believe that anybody could be accepting of this model. It’s so deceptive, shady, and wrong that I believe that it should be illegal. This software DAMAGES unsuspecting users’ hardware and renders their system unusable.
    And for Sourceforge to do it… I almost wanna cry. That website will be in the CNET toilet hole soon, once they’re blacklisted by everybody that knows anything about this. Ill never return, that’s for sure.
    If Microsoft and the PC manufacturers were smart, they would fight this too- I know many people that will not use Windows due to the proliferation of this malware.

Comments are closed.

Scroll to Top

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!