back to article SourceForge sorry for adware, promises only opt-in in future

Software download service SourceForge has changed its adware-insertion policies after earning users' ire for wrapping popular FOSS image-wrangling app The GIMP in an adware-riddled downloader. The tale of how ads came to The GIMP is long and twisted, but the salient bits of the story are that the version of the program on …

  1. Shadow Systems Silver badge

    . too late.

    The "easily avoidable" crapware wrappers were *not* & often didn't include (Clear|Obvious|Any) means of declining the wrapped bits to get to the program you thought you had downloaded.

    The Gimp Project had not only stopped using SourceForge, but SF's editors were actively scraping the Gimp's other repository to "update" the SF version of the Gimp's page, in clear violation of both the SF & Gimp's ReleaseLicense format.

    Then SF locked out the actual owner of the Gimp's SF page so there was no way to update the page to say "If you're looking for Gimp, don't get it from here!"

    Folks have been complaining about the crapware wrappers on SF for years. FireZilla (the FTP client from Mozilla) agreed to let the installer be wrapped in a "revenue sharing" plan, and despite all the uproar from the folks that couldn't decline the crap-wrap, SF continued to infect the files.

    This situation has been going on at SF for years & the *ONLY* reason they're backpeddling now is because they did it to an "abandoned" project that wasn't, was no longer maintained on the SF site, & the real coders got it splattered all over the Media to prove what lying sacks of bullock sweat SF has been all this time.

    I (and plenty of others) have rightly avoided SF like the plague for years because of this crap. Their site's UI makes determining which "Download Me" link is the one for the program you're there to get rather than the adware they're trying to ram down your throat. The wrapped crapware means SF is profiting off the hard work of others whom are *already* paying SF to host the files. SF's causing damage to the reputations of the coders whom have possibly created awesome programs, but nobody can find that out because the crappy wrapper gets the files flagged as malicious by antivirus/antimalware programs.

    So don't use SourceForge. If you absolutely can't find the file anywhere else, be sure to scan the hell out of it before running it, & make *EXTREMELY* sure to uncheck any third party software install attempts.

    SF has already burnt their Good Will, blown up the bridge, & flushed it's reputational corpse down the toilet. That stench your smelling now is just the putrifaction seeping up through the intertubez.

    1. PJF

      Re: . too late.

      waaay to late... They, and cnet,amongst others, have earned a permanent d/l ban due to ad/mal ware, viruses, etc..

      No groveling can make up for me.

    2. TonyJ Silver badge

      Re: . too late.

      "Their site's UI makes determining which "Download Me" link is the one for the program you're there to get rather than the adware they're trying to ram down your throat. "

      Have an upvote for this alone! I gave up on them ages ago just because it's so hard to guess which link you need to click.

      1. Anonymous Coward
        Unhappy

        Re: . too late.

        Upvote from me as well, simply because I've had to uninstall the crap of so many machine because I've said "Ooo get XYZ" it does everything you need". Of course the less tech savy ones click the bloody great Download XYZ here, not noticing the tiny link somewhere else on the page.

    3. Dave 15 Silver badge

      Re: . too late.

      I tried to get filezilla from SF and having had to spend a day getting rid of the resulting trojans and viruses commented direct to filezilla about it. To date no info.

      It is a wonder that google can block all sorts on government instructions but doesn't just block SF for being the worlds biggest distributor of computer viruses.

      1. Roq D. Kasba

        Re: . too late.

        Google, or at least chrome, blocked the installer for filezilla when I tried last.

        Anyone know where a clean, honest copy of filezilla can be going? Despite its occasional fiddly bits, I'm quite fond of it and need a decent FTP client. Any suggestions?

        1. LDS Silver badge

          Re: . too late.

          Get it from here: https://filezilla-project.org/download.php?show_all=1

          You reach this page from https://filezilla-project.org/ selecting "Download" from the menu on the left, and then "Show additional download options"

          A bit convoluted, but as long FOSS means "software I don't pay for" some developers may look for some revenue streams, even some you may not like...

          1. Anonymous Coward
            Anonymous Coward

            Re: . too late.

            @LDS

            A bit convoluted, but as long FOSS means "software I don't pay for" some developers may look for some revenue streams, even some you may not like...

            Plenty of propriety pay stuff comes with shitware, spyware, adware and a whole bunch of things that were never asked for.

            1. LDS Silver badge

              Re: . too late.

              True, for the very same reason, chase revenue streams for cheap application sold without good margins. Usually, "expensive" software doesn't suffer from that.

          2. Roq D. Kasba

            Re: . too late.

            Tanks LDS, I did that, but all the links from that page point towards sourceforge??

            1. LDS Silver badge

              Re: . too late.

              Yes, but look at the URL ".../FileZilla_3.11.0.2_win64-setup.exe/download?nowrap". the "nowrap" parameter instructs to download the setup not wrapped in the ad/malware ridden "installer".

    4. Anonymous Coward
      Anonymous Coward

      Re: . too late.

      @Shadow S.

      Round of applause, an excellent and most coherent "up yours".

    5. Trigonoceps occipitalis Silver badge

      Re: . too late.

      " ... easy-to-decline third party offers ... "

      As in "don't visit SourceForge again, ever."

  2. Anonymous Coward
    Anonymous Coward

    That's awfully fecal

    but just fighting the clunky calendar-oriented "frontend" for a project's mailman archive may have been enough to make me decide to never host anything there.

  3. Anonymous Coward
    Anonymous Coward

    Must be my bad luck, but I've never seen any adware like this off Sourceforge.

    Just checked, my projects seem to be fine.

    Maybe the codesigning cert was money well spent?

    1. Anonymous Coward
      Anonymous Coward

      I suspect they only target the most "popular" (high volume) projects for nefarious exploitation.

      No offence ;)

    2. Ilgaz

      They acted like vultures

      They hunted down non active projects to infect them with adware. As GIMP guys left them years ago...

  4. dan1980

    Once bitten . . .

    Ad-supported sites are one thing. And I get it - bandwidth and hosting isn't free. BUT, where sites have adware then that is just not on.

    Worse is those sites that have fake 'download' buttons above and/or below the real one, or that show up before the correct link displays. These fake links are just like adware that is hard to opt-out of: both are trying to trick the user into downloading and installing something they don't want and that may be detrimental to their computer.

    I believe that neither install process should qualify as obtaining consent.

    And, given that, any site that uses such measures for revenue generation clearly doesn't actually respect their visitors, once that trust is lost, it's very hard to get back because why should I believe that a site that has tried to trick me into installing something I don't want won't do it again - or use other methods instead? (Like the fake links mentioned above.)

  5. Will Godfrey Silver badge
    Unhappy

    It gets worse

    Over the last 6 months or so, their general stability has been pretty dire too - with a really weird outage last weekend.

    The project I work on was first put on SF in 2009, but now I've mirrored it to github. It's a 'wait & see' situation, but I'm not going to risk losing control of the code.

  6. GregC
    Unhappy

    Quite sad, really

    There used to be a time when something being on SF was A Good Thing.

    That seems an awfully long time ago.....

    1. This post has been deleted by its author

  7. DrXym Silver badge

    What happened to you Sourceforge?

    Once upon a time, SF was the go-to place for open source development. But since they started bundling code with installer crapware and other shenanigans, the move to github has become an exodus.

    1. Anonymous Coward
      Anonymous Coward

      Re: What happened to you Sourceforge?

      I guess the usual and expected happened: they thought: all that praise is very well, but here's the shiny-shiny dangling nearby and if we tweak the project just a little bit.. yum-my! Usual human behaviour, I'm afraid, and really can't blame them. What I do blame them is for pretending to be virginal, instead of saying openly: yes, we want THE MONEY, give us THE MONEY, give us more! And who'd refuse "more"...

  8. Doctor Syntax Silver badge

    Given that Gimp is GNU I wonder if they provided the source for the addons.

  9. David 138

    If you survive the Russian roulette wall of Download buttons your doing well. But the Filthy sods then hide the adware downloads so that they look like an EULA!!

  10. Anonymous Coward
    Anonymous Coward

    Adware / Malware free replacement for Sourceforge...

    Any recommendations? Thanks!

    1. Anonymous Coward
      Anonymous Coward

      Re: Adware / Malware free replacement for Sourceforge...

      Build from sources, as you should do with any real open source project... and meanwhile check the code and help the project...

    2. Anonymous Coward
      Anonymous Coward

      Re: Adware / Malware free replacement for Sourceforge...

      Savannah if your project is approved-- they want it and its dependencies to be Free Software

      Atlassian runs BitBucket, JIRA, etc.

      icculus.org holds a bunch of random things

  11. Dave 15 Silver badge

    Stopped using source forge

    After downloading one app and ending up with several gigabytes of trojans, viruses and other crap.

    If I ask to download ONE thing I do NOT want to have have to 'opt out' of downloading a pile of other crap. Worse still when it has undergone ZERO vetting and is full of undesirable extras. Cost me a day to clean up my machine. A total disgrace, whoever thought it was a 'good idea' should be sacked and preferably beaten with wooden sticks to an inch beyond his life.

  12. Joseph Haig

    Forking to Github

    How soon before GIMP is moved over to Github?

    While they are at it they could change the name.

    1. Anonymous Coward
      Anonymous Coward

      Re: Forking to Github

      read the first comment?

      And one might as well forget about the name change, but look on the blight side: it's not nearly as bad as PolypAudio

      1. Joseph Haig

        Re: Forking to Github

        read the first comment?

        It's a fair cop, guv. No I didn't. :-)

    2. LDS Silver badge
      Joke

      Re: Forking to Github

      CRIMP?

  13. Anonymous Coward
    Anonymous Coward

    the world free for nice ads like the ones in this story

    Fraudian slip, Fraudian slip!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021