Sourceforge project hijacks

Discuss anything related to portable freeware here.
Message
Author
User avatar
Midas
Posts: 5796
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Sourceforge project hijacks

#1 Post by Midas » Thu May 28, 2015 5:25 am

[Moderator note: this thread was split from the CDex thread to address the broader problem of SourceForge attaching adware to projects.]

---

A comment in CDex's database entry (http://www.portablefreeware.com/index.p ... mment27540) got me real worried about the present reputability of Sourceforge.net. If this kind of thing happens to such a large and well established organization, what's could prevent smaller ones from following suit? :cry:

romulous
Posts: 76
Joined: Fri Feb 25, 2011 5:51 pm

Re: CDex - audio conversion and CD ripper

#2 Post by romulous » Thu May 28, 2015 6:10 am

@Midas: Indeed, I thought the same thing. To me at least, SourceForge seem to be a bit desperate at the moment, and are trying to get as much money out of their DevShare program as is possible (DevShare is the name of the program where bundled offers are added to the installers) - even if they have to take over project pages themselves. It disturbs me that when they take over a project, they remove the project forums as well - this means that people cannot post messages to let other people know that they have added bundled offers to the program installers.

When they first introduced DevShare, it was opt-in - meaning the program developer had to actually sign up for it (FileZilla was the first program to do so AFAIK, and is still participating in the program, and unless you use the additional downloads page on the FileZilla site you will get the installer with bundled offers). Now, two years later, all they have to do is to claim that the project is no longer active, take over the project page and then sign it up themselves (and ignore any protests from the actual developer). As I say, it seems desperate to me - maybe projects moving away from SourceForge to Github or Google Code have caused a bigger impact on SourceForge's finances than I would have expected (SourceForge have been displaying banner ads for a while claiming it is easy to migrate from Github back to SourceForge).

romulous

romulous
Posts: 76
Joined: Fri Feb 25, 2011 5:51 pm

Re: CDex - audio conversion and CD ripper

#3 Post by romulous » Fri May 29, 2015 3:32 am

For anyone wondering, here is the list of projects 'owned' by SourceForge staff:
http://sourceforge.net/u/sf-editor1/profile/
http://sourceforge.net/u/sf-editor2/profile/
http://sourceforge.net/u/sf-editor3/profile/

Not sure how many staff accounts they have, if any, so that list may be incomplete. For editor1 and editor 3, click the 'Show More' button to show all the projects. I am not sure if they have monetised all those projects, or only the most popular ones as I have seen others claim. It would be interesting to go through the list and see how many of those are listed here on TPFC (eg Audacity), and if any of those program entries link to the SourceForge download rather than a separate official site.

romulous

User avatar
Midas
Posts: 5796
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Sourceforge project hijacks

#4 Post by Midas » Mon Jun 01, 2015 8:49 am

Thanks for that, romulous. :)

EDIT: I hate to be the messenger of doom but -- while researching how to steer free of quasi-viral systemd adoption on the Linux camp -- I found this blog post detailing further deleterious ramifications... :(

User avatar
Napiophelios
Posts: 610
Joined: Sun Mar 01, 2009 5:48 pm

Re: Sourceforge project hijacks

#5 Post by Napiophelios » Mon Jun 01, 2015 7:09 pm

SourceForge Blog June 1 2015

"In an effort to address a number of concerns we have been hearing from
the media and community at large, we at SourceForge would like to note
that we have stopped presenting third party offers for unmaintained
SourceForge projects.

While we had recently tested presenting easy-to-decline third party
offers with a very small number of unmaintained SourceForge projects,
we discontinued this practice promptly based on negative community
feedback...."

User avatar
Midas
Posts: 5796
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Sourceforge project hijacks

#6 Post by Midas » Tue Jun 02, 2015 2:29 am

There's a Ghacks.net article on this, advising on an easy way to detect if a download has been "gift wrapped" ;):
BTW, I particularly liked the terms of the apologies offered to the Gimp-Win project:
On a final note, am I the only one increasingly disturbed by ominous turn of events coming from the FOSS camp? :roll:

Above, I mentioned two examples of growing hamhandness in managing community affairs -- e.g., the Sourceforge.net project hijacking discussed here, as well as the unsavory implications of systemd widespread adoption. Let's add a third (and yet more striking) example, i.e., the politburo styled coup perpetrated against the Kubuntu project leader (possibly related to a damning donations accountability failure and outlined in layman's terms here).

All of this would be positively unthinkable with the founding neckbeards of old... :x

juvera
Posts: 22
Joined: Sat Oct 15, 2011 4:05 am

Re: Sourceforge project hijacks

#7 Post by juvera » Wed Jun 03, 2015 1:25 pm

Ars Technica on SourceForge:
http://arstechnica.com/information-tech ... vertising/

and

Sourceforge Hijacks the Nmap Sourceforge Account:
http://seclists.org/nmap-dev/2015/q2/194

romulous
Posts: 76
Joined: Fri Feb 25, 2011 5:51 pm

Re: Sourceforge project hijacks

#8 Post by romulous » Thu Jun 04, 2015 2:09 am

SourceForge - the gift that just keeps on giving...

romulous

User avatar
Midas
Posts: 5796
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Sourceforge project hijacks

#9 Post by Midas » Thu Jun 04, 2015 3:35 am

juvera wrote:Ars Technica on SourceForge:
http://arstechnica.com/information-tech ... vertising/
  • Excellent article! 8)

Specular
Posts: 433
Joined: Sun Feb 16, 2014 10:54 pm

Re: Sourceforge project hijacks

#10 Post by Specular » Fri Jun 05, 2015 3:27 pm

Regardless that they ended up reversing their decision on the installer wrappers it shows their character to do it in the first place. SMH Sourceforge.

User avatar
Userfriendly
Posts: 419
Joined: Tue Nov 27, 2012 11:41 pm

Re: Sourceforge project hijacks

#11 Post by Userfriendly » Wed Jun 10, 2015 6:37 am

http://www.reddit.com/r/technology/comm ... urceforge/
The masses on reddit will now avoid Sourceforge like the plague. Only a matter of time til we see its demise.

Am I the only one that isn't super bothered by this? I mean I've known about these download wrappers and adware stuff but I've always managed to bypass it easily. Just running adblock/noscript and avoiding cheap looking download button graphics gets me a long way. Generally knowing software downloaders are bad news and there's almost always a direct download link somewhere but somewhat obscure. As long as there is still the option to download the actual installer exe's or zips directly then it's still all good.

Sure I get all this adware clickjacking is sleazy and all, but it's so easy to workaround that it never really bothered me. Well I guess it bother's me when other people fall for it and get their computer infected and they call me to clean up their ignorance. Maybe I'm confused who to hate. The people serving these dumb adware/bitcoin mining malware junk or the filthy casual users falling for their tricks? I just wish both givers and takers get smarter about stuff like this...

User avatar
joby_toss
Posts: 2902
Joined: Sat Feb 09, 2008 9:57 am
Location: Romania
Contact:

Re: Sourceforge project hijacks

#12 Post by joby_toss » Wed Jun 10, 2015 10:15 am

Sure, but you're not everyone! You're a tech savvy guy/gal ( :oops: )!

As I see it, it's not a matter of "I hate them for doing this!". I'm not ignorant, I understand the need for revenue for bandwidth/hardware/salaries, etc. It's a question of being OPEN about it. It's a question of honesty. They took over not only inactive projects (and some just "happened" to be quite popular) and they even closed some of the forums!

The majority of projects going this way are not fully opened about it (it's a footprint info, it's a hidden download link, it's a preselected option, etc. as you've said). And it's saddening.

There is one project that I really respect and it's called Wikipedia. Just look at the way they're doing this revenue collecting thing. So, it is possible!

User avatar
webfork
Posts: 9782
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Sourceforge project hijacks

#13 Post by webfork » Wed Jun 10, 2015 3:29 pm

Userfriendly wrote:Maybe I'm confused who to hate. The people serving these dumb adware/bitcoin mining malware junk or the filthy casual users falling for their tricks?
We all started somewhere. Plus, I don't want someone who's trying to learn getting burned because they think even "legit" sites are willing to interfere with their work and slow down their computer.

I wasn't as surprised when CNet went this route. It's what they do, they're a corporation, and they never purported to be anything else. When SourceForge decided this was a good idea, it went against SO many things that the community was about. No open dialog, no requests for comment, no announcement, etc. means that your users are not partners in success but (at best) customers or (at worst) leeches.

It's a shame too because it would have been the perfect opportunity to do adware correctly. A few simple protocols could have changed everything:
  • Not sticky. Make it something that installs quickly and easily, that doesn't take over your computer, and can be easily and completely uninstalled. Stickiness is bad.
  • Stays out of your way. Not something that auto-starts, changes your homepage, takes up processor power, or has @#$%-all to do with BitCoin.
  • Provides options. Opt-out by default but making an impassioned plea to get people to support the product by A. installing something right now B. going to a webpage to donate C. switching over their Amazon.com smile account to point to their account. There's more than one way for your users to help you out.
I have seen no moves nor interest in something like this. Instead adware is garbageware.

User avatar
Userfriendly
Posts: 419
Joined: Tue Nov 27, 2012 11:41 pm

Re: Sourceforge project hijacks

#14 Post by Userfriendly » Wed Jun 10, 2015 5:03 pm

webfork wrote:
Userfriendly wrote:I have seen no moves nor interest in something like this. Instead adware is garbageware.
This is what boggles me. None of the stuff they bundle are useful in anyway way. They're all literally garbageware that either cripples or hijacks systems probably stealing info, keylogging, or using system resources for their botnet.

It feels like the virus coders or hackers who used to be punk kids doing it for fun or chaos, now just started wearing suits and set up shop working in a "legit" business. Not saying doing it for the love of the game is any good either, doing it for the money or stealing info is just worse. All these guys who get into stuff like this are probably sociopaths/psychos. They don't give a rat's poopy ass the amount of harm they cause people.

User avatar
Midas
Posts: 5796
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Sourceforge project hijacks

#15 Post by Midas » Thu Jun 11, 2015 5:36 am

My take: never attribute to evilness what can better be explained by stupidity (or greed, for the matter)... :|

Post Reply