Time to boycott SourceForge?
Published May 30th, 2015 at 9:35 AM EDT , modified May 30th, 2015 at 9:35 AM EDT
On Wednesday, ArsTechnica reported that the Windows version of the open-source GIMP image editing app hosted on SourceForge has been “seized” by SourceForge and used for distributing adware. This is a troubling development, but not exactly surprising for those who have been following the antics of SourceForge lately. Is it time to boycott SourceForge, as is already recommended for sites like Download.com and Softonic?
First, let’s look at a little history. SourceForge changed hands in late 2012, being bought by Dice Holdings. Less than a year later, it began offering a program called DevShare, which allowed developers to include adware in their installers to help fund development efforts. (Of course, SourceForge gets a cut as well.) This program has caused significant controversy, such as the opinions expressed in a blog post on Gluster.
FileZilla was one that adopted this technique early on, with highly negative reactions. Initially, only the Windows version of FileZilla was affected, but early this year, FileZilla was found to be installing adware on Macs as well. (Incidentally, the current FileZilla download on SourceForge is guilty of the same malware-like behavior I recently described with MPlayerX – namely, it tries to avoid analysis by behaving differently in a virtual machine.)
The maintainers of the GIMP project withdrew from Sourceforge in 2013 over concerns about bundled adware, as well as confusing advertisements with “Download Now” buttons, linking to junkware or more adware, littering SourceForge pages. They intended for GIMP not to be available on SourceForge any longer.
Unfortunately, SourceForge recently decided to start hosting GIMP downloads again, wrapping GIMP in their adware installer. The excuse given by SourceForge was that the project had been abandoned, and that SourceForge “continues to house historical releases for community benefit.” Troublingly, however, SourceForge does not seem to understand why people might object to this kind of thing.
Worse, they don’t seem to understand that the folks behind GIMP don’t want their software hosted on SourceForge at all. They have said, “We also invite the Gimp-Win developer to take back control of the project if that is his desire, while respectfully asking that he maintain any project updates or allow us to do so.” This seems not to acknowledge that the GIMP developers didn’t want GIMP to be on SourceForge at all anymore, and does not offer the option of removing it from SourceForge as was their original desire.
The implications to developers are quite clear: if you ever choose to make your software available on SourceForge, the current management will consider that to be a lifelong binding commitment. If you should ever desire for your app to be removed from SourceForge… well, too bad. They will reserve the right to continue hosting it whether you like it or not. And it might be used to generate revenue for SourceForge through the installation of bundled adware, to boot.
For those considering the download of some software from SourceForge, caution is advised. Personally, I would advise avoiding them entirely. Any company willing to behave this way is not to be trusted.
Some will say that SourceForge isn’t doing anything wrong. After all, their installers will alert the user to the bundled “special offers” and allow him/her to opt out. However, there are some problems with that. Adware is not easy to get rid of, and modifies the system in ways that most people don’t know how to deal with. It can destabilize or slow the system, introduce security vulnerabilities, induce people to install software they shouldn’t (like MacKeeper), and other things. In some cases, adware has even been implicated in causing repeated tech support scam pop-ups.
If a developer wants to use ads for generating revenue, by all means, do so, but do it within the app’s interface. I frequently used and recommended Carbon Copy Cloner back when it was ad-supported. I also use plenty of iOS apps that include ad banners at the top or bottom of the screen. The difference in these cases is that the ownership of the ad is clear, and if I don’t like the ads, I can simply get rid of the app (or buy an ad-free version).
For those who have stumbled across adware-infested installers and who don’t know how to get rid of the adware installed, try my AdwareMedic app.