• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / It is time to blacklist SourceForge

It is time to blacklist SourceForge

2015-06-05 by Jason

SourceForge has been making headlines in recent weeks with a variety of criticisms. The once popular download destination for free software projects was sold off from its golden age and its new owners continue to demonstrate a history of bad decision making in the name of greed and profit. While SourceForge’s popularity and usability has waned as other sites like GitHub and other repository hosts has increased, it is still a common site with popular project downloads surrounded by misleading and confusing ads.

A couple of years ago, SourceForge introduced ‘DevShare’, a program to bundle third-party software such as toolbars and adware with the desired programs. FileZilla was one of the most prominent projects that joined ‘DevShare’ and the developer was defiant in face of the negative feedback. The primary download for FileZilla included adware though a download link buried a few clicks from the homepage offered the software without modification.

Recently, SourceForge has gotten more aggressive with their third-party bundling and making headlines in response. SourceForge hijacked the unmaintained GIMP for Windows account and modified the project downloads to include bloatware. GIMP gave an official response to the event, selected excerpt:

Our decision to move the Windows installers away from SourceForge in 2013 was a direct result of how its service degraded in this respect.

The situation became worse recently when SourceForge started to wrap its downloader/installer around the GIMP project binaries. That SourceForge
installer put other software apart from GIMP on our users’ systems. This was done without our knowledge and permission, and we would never have
permitted it. It was done in spite of the following promise made by SourceForge in November 2013 [2]:

“we want to reassure you that we will NEVER bundle offers with any project without the developers consent.” (emphasis in original)

To us, this firmly places SourceForge among the dodgy crowd of download sites. SourceForge are abusing the trust that we and our users had put into their service in the past.

The GIMP project’s repackaging was not an isolated event. Both Nmap and VLC reported their own instances of losing ownership of their SourceForge accounts. Nmap posted to seclists.org and a VLC developer posted to their own blog with their own accounts and frustration at the experience. Fortunately, their projects’ binaries have not been modified, though the accounts have been taken over.

SourceForge has posted two responses to the negative criticism. They first clarified that the GIMP for Windows project was not hijacked. Instead SourceForge took over the “abandoned” account to monetize the downloads. In their more recent post, they are attempting to address the latest wave of criticism by inserting third party offers into projects on an opt-in only basis.

Statements have been provided like this before. In 2013, after DevShare was introduced, they made similar promises and have clearly broken them since.

Given the track record of SourceForge’s greed coming before their visitors’ privacy and trust and before their hosted projects’ reputations, it is time to realize SourceForge for what it is – a download trap surrounded in ads, hoping for a misclick. The site should be blacklisted to prevent any visits as the downloads they offer are of questionable integrity. More notably, major software projects should move away from SourceForge to a more reliable alternative. Instead of using FileZilla, seek out alternatives that do not encourage questionable installers.

Update: Notepad++ has posted that they are leaving Notepad++ as their hosting.

Filed Under: Security and Privacy, Web

Trending

  • Microsoft Releasing Out Of Band Update to Address LNK Vulnerability Today
    In Security and Privacy, System Administration
  • IT Pros Evolution [infographic]
    In Infographics
  • The biggest data breaches of 2015, so far
    In Infographics

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Read the Event Logs on Windows Server Core Read the Event Logs on Windows Server Core
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Command line to take ownership and change permissions Command line to take ownership and change permissions
  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • customer contactless payment for drink with mobile phon at cafe counter bar,seller coffee shop accept payment by mobile.new normal lifestyle concept The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO   How Digital Technology Brought the Rise of the CMO  
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers Top 6 necessary aspects to consider when hiring Angular developers
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO  

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in