SourceForge Becomes Yet Another Download Site To Resort To Bundling Crapware

SourceForge was once the de facto site for searching and downloading open source software. Two of the biggest software projects to ever host software there was the VLC media player and GIMP image manipulation tool. I also used to wind up at the site many times to snag the FileZilla FTP client. All in all, up until a year or so ago, the service continued to do its job well.

That’s since changed. I can’t recall exactly when it happened, but on one occasion, I went to download FileZilla and it came bundled with a tricky installer – one wrong click would install crapware to the machine. I believe developers have the right to earn money, but earning it by tricking users is not the way to do it. About a month after this, I tried to download the app through Chrome and Firefox, and neither would actually let me save it – both marked it as malware. Things certainly seemed to be going downhill.

As I write this, FileZilla’s client download seems a-OK only if you download via a link from the official source. If you download it through SourceForge’s website itself via the default methods, you’ll wind up with what you see above.

In recent weeks, SourceForge has been under fire for taking over certain open source projects in an attempt to bundle the binaries with added software. The first big example of this happened just last week, to the GIMP project. GIMP had actually left SourceForge in 2013, but the website continued to distribute updated copies of the installer by fetching it itself. Earlier this week, a VLC developer relayed an almost identical story.

In that particular post, VLC developer Ludovic Fauvet says that things began going downhill years ago, when SourceForce decided to begin showing scammy ads on its site. We’ve all seen these – ads claiming to give you the download you’re looking for, when in reality, they give you a lot more than you bargain for. Experienced users are going to spot these from a mile away, but most regular folk won’t.

At some point, SourceForge made a deal with VLC to share some ad revenue, which granted the project a “few thousands” of dollars every few months. Eventually, the problem of misleading ads persisted for too long, and the project went on its merry way.

Credit: Ludovic Fauvet

The problem becomes this: VLC can’t easily stop SourceForge from taking its software and then redistributing it with crapware. Over the past week, SourceForge took over some project accounts, locking out the original creators. You can tell if an account has been taken over if a user such as “sf-editor1” is tied to it. As of the time of writing, the VLC installer hosted there seems clean, and I couldn’t spot any trickery ads on any of the project’s related pages. It goes without saying that the VLC developers would rather the software not be available on SourceForge at all, though.

Ludovic goes on to say that when things really went awry for SourceForge was when Dice Holdings came in and acquired the network. This hasn’t bode well for its sister sites either, such as Slashdot. It’s been reported over the past week that the website has been censoring this controversy. Interestingly, this censorship seems to have just ended, as a related post has been made, although it’s only to discredit the nmap maintainer’s claims that their project had been taken over by SourceForge. Up to this point, neither Dice nor SourceForge have apologized for its actions.

It really does seem like SourceForge is on its last legs, because it hasn’t yet made an attempt to improve the situation, nor has even acknowledged it as being a bad one. It could soon wind up as another one of the Web’s best-known services that began off great, but quicky died off thanks to the adverse effects of an acquisition.