• CONTEST ALERT - Experience the power of DDR5 memory with Kingston Click for details

Warning: Don’t Download Software From SourceForge If You Can Help It

Desmond

Destroy Erase Improve
Staff member
Admin
Tl;dr: There have been widespread reports that SourceForge is hijacking accounts of its projects and bundling adware and/or malware with their installers. For the love of God, DO NOT download from SourceForge.

Source: Warning: Don?t Download Software From SourceForge If You Can Help It

ximg_556d01922958c.png.pagespeed.ic.IR0GDuyZq5.png


“SourceForge are (sic) abusing the trust that we and our users had put into their service in the past,” according to the GIMP project. Since 2013, SourceForge has been bundling junkware along with their installers — sometimes without a developer’s permission.

Don’t download software from SourceForge if you can help it. Many open-source projects now host their installers elsewhere, and the versions on SourceForge may include junkware. If you absolutely have to download something from SourceForge, be extra careful.

SourceForge built up a lot of goodwill in the past, being a centralized place for downloading open-source software and hosting software repositories. Over the years, more projects have moved to other repository-hosting services like GitHub.

In 2012, Dice Holdings purchased SourceForge (and Slashdot) from Geeknet. In 2013, SourceForge enabled a feature named “DevShare.” DevShare is an opt-in feature developers can enable for their own projects. If a developer enables this feature, you’ll download their software from SourceForge to find that it’s been wrapped in SourceForge’s own installer, which pushes intrusive junkware onto your system. SourceForge and developers make money by foisting this software on you, just as practically every other download site and freeware distributor does on Windows.

DevShare does require a project owner “opt in” to enable this feature on their project, although they’re now hosting a variety of projects bundled with junkware against the wishes of their developers.

Some projects have chosen to jump onboard the DevShare train on their own, and that’s their own choice. FIleZilla was an early participant, and FileZilla’s developer responded to concerns:

“This is intentional. The installer does not install any spyware and clearly offers you a choice whether to install the offered software.”

Chrome blocked us from downloading FileZilla from SourceForge’s website, warning that it “may harm your browsing experience.”

ximg_556cfef361f99.png.pagespeed.ic.LjEL7NO2Lb.png


GIMP is a popular open-source image editor — it’s basically the open-source community’s answer to Photoshop. In 2013, GIMP’s developers pulled the GIMP Windows downloads from SourceForge. SourceForge was full of misleading advertisements masquerading as “Download” buttons — something that’s a problem all over the web. SourceForge then rolled out its own Windows installer filled with junkware, and that was the straw that broke the camel’s back. In response, the GIMP project abandoned SourceForge and began hosting their downloads elsewhere.

In 2015, SourceForge pushed back. Considering the old GIMP account on SourceForge “abandoned,” they took control over it, locking out the original maintainer. They then put GIMP downloads back up on SourceForge, wrapped in SourceForge’s own junkware-filled installer. If you’re downloading GIMP from SourceForge, you’re getting a version filled with junkware, one that GIMP’s developers don’t want you to use. SourceForge says they’re providing a valuable service to people looking to download open-source software, but GIMP’s developers strongly disagree.

Update: After a lot of negative press, SourceForge has changed their stance. “At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer,” SourceForge wrote in a statement. Given their past actions and the “at this time” wording in their statement, we’d recommend you steer clear of SourceForge anyway. They no longer deserve the trust of the open-source community.
.
.
.
Avoid using SourceForge to download software. Even if it comes up first in a Google search, skip SourceForge and head to the software project’s official download page. Follow the links to download the program from somewhere else — there’s a good chance the project has moved away from SourceForge and offers clean download links elsewhere.

Or, better yet, skip all the usual downloading and install the most useful applications using Ninite. Ninite is the only safe centralized Windows freeware download site we’ve found.

If you do have to download from SourceForge, be careful to avoid the downloads that include the SourceForge installer. Go out of your way to grab the direct downloads instead.

And, by the way, SourceForge is now bundling junkware with their Mac downloads too — just like Download.com and other websites. Even Mac users aren’t safe, although we haven’t seen DevShare extended to Linux PCs just yet. Everyone should avoid SourceForge downloads, whether you’re running Windows or not.
 
Last edited:
OP
Desmond

Desmond

Destroy Erase Improve
Staff member
Admin
Yeah. How the mighty have fallen.

Actually SourceForge used to be owned by GeekNet and was [strike]recently[/strike] purchased by Dice Holdings. They are probably to blame for such policies.
 
OP
Desmond

Desmond

Destroy Erase Improve
Staff member
Admin
Which other alternative ? FossHub ?

I heard about this news before.

On the same article there is a link to Ninite, which is a free tool that installs and updates various applications for you: Spread the Word: Ninite is the Only Safe Place to Get Windows Freeware

The site claims that this is the only safe place to get Windows applications. We will have to see about that but it is true that almost all download sites have their so called "custom installers" which pack adware and junkware.

Never used it myself before, but will try and see.
 

kg11sgbg

Indian Railways - The Vibrant and Moving INDIA
Thanks for the warning ,friend [MENTION=5007]DeSmOnD dAvId[/MENTION].
sourceforge was a real useful site for opensource project based free softwares,but now it seems to go haywire!!!!!!!!!!!!!!!!
 

kARTechnology

Sony " VA" "IO"
On the same article there is a link to Ninite, which is a free tool that installs and updates various applications for you: Spread the Word: Ninite is the Only Safe Place to Get Windows Freeware

The site claims that this is the only safe place to get Windows applications. We will have to see about that but it is true that almost all download sites have their so called "custom installers" which pack adware and junkware.

Never used it myself before, but will try and see.


i have been using ninite :clap2:from last 5 years or so and yeah, it deals with the crap really well.

installs only the program.
if u install bittorrent, it won't include the junk :)

fan of How-To Geek since last ten years i think. used to read all the pages during summer holidays when i first found the site.
 
Last edited:

a_k_s_h_a_y

Dreaming
wrong experience. instead create Source forge client like steam.
then ads and make $$

and in defense of ads..
every one mines your data, digit forum, google, fb to show you ads. So this is fine too, if filezilla developers stick to SF, so be it. Take it or leave it.

google chrome, android are the biggest adware out there disguised as a high quality browser and OS.
 

kARTechnology

Sony " VA" "IO"
wrong experience. instead create Source forge client like steam.
then ads and make $$

and in defense of ads..
every one mines your data, digit forum, google, fb to show you ads. So this is fine too, if filezilla developers stick to SF, so be it. Take it or leave it.

google chrome, android are the biggest adware out there disguised as a high quality browser and OS.


u need to be careful, just like driving a car on a road, some stupid auto/bus(adware/crapware) will try to hit you.

we have mozilla firefox for chrome :clap2:
 
OP
Desmond

Desmond

Destroy Erase Improve
Staff member
Admin
wrong experience. instead create Source forge client like steam.
then ads and make $$

and in defense of ads..
every one mines your data, digit forum, google, fb to show you ads. So this is fine too, if filezilla developers stick to SF, so be it. Take it or leave it.

google chrome, android are the biggest adware out there disguised as a high quality browser and OS.

Doing it responsibly is one thing.

Hijacking the project page of GIMP after they pulled out of SourceForge and offering it as download with adware bundled is another matter altogether.
 

TechTorpedo.com

Right off the assembly line
yeah, i've noticed the same thing on some downloads, the problem is they have some good software that you can only get from them, so hopefully there is enough complaints for them to change their policy.
 
OP
Desmond

Desmond

Destroy Erase Improve
Staff member
Admin
What about github ? anything shady on that.. I think github's a good alternative for hosting projects

github is a proper git repository hosting service. Its simple and you have complete control on your projects. Plus they have paid premium accounts so they get their revenue that way.

However, git hub is not a mass download site like download.com, softpedia or sourceforge. It allows you to clone source code of the projects and to work on them or compile them on your machine.
 

Vyom

The Power of x480
Staff member
Admin
If the article is saying that Sourceforge's own installers makes people install adware, "without user's consent" then it would be concerning. But as long as I get the choice to 'untick' the crapwares that are bundled, I am fine.

I always stop and see what components a software is installing, and not just click Next -> Next. This have prevented me from installing crapwares.

So I need to confirm whether Sourceforge's installs junk without user's consent.

[strike]Also, the article shows a screenshot of warning when downloading an exe file on Chrome. That's lol. Chrome shows that warning for 'any' .exe file you download. -_-[/strike]
Probably it doesn't block it like that.
 

Faun

Wahahaha~!
Staff member
If the article is saying that Sourceforge's own installers makes people install adware, "without user's consent" then it would be concerning. But as long as I get the choice to 'untick' the crapwares that are bundled, I am fine.

Biggest bloatware is adobe flash. When you download, , mcafee option is ticked by default.
 
Top Bottom