SourceForge: Third party offers will be presented with Opt-In projects only
sourceforge.net"As a company, we at SourceForge pride ourselves on being highly responsive to our community members and, with that in mind, do our best to respond to all communications and address all concerns in a timely manner."
"Comments are closed."
...and the post is unsigned.
i use one program with frequent updates which distributes from sourceforge.
the installer is a piece of work.
first, it is a fake-installer (that installs nothing) with the actual installer inside. that program first offers you "standard" and "advanced" fake-install options (remember, it install nothing)... when you click "advanced" it now shows 3 checkboxes, checked, that will 1. install a browser toolbar, 2. set your default homepage, 3. set your default search engine. You uncheck them all and click accept (it is also showing a terms and conditions). now it will show something like "also install this tracking or browser or i don't even know what it was?" and there is only the same buttons as before on the fake-installer: "decline" and "accept". Now you have to remember to go against all your knowledge of install wizards and click the left button "decline" to proceed with your desired program only. now you click accept or finish, don't remember, one last time, and the fake-installer forks to the actual installer that you wanted from the beginning.
Opening in 7-zip and extracting the contents manually has worked in the past for me when encountering such things.
(Incidentally, many people don't know that 7-zip can extract installer executables and various other formats too...)
UniExtract is another one. But none of them open all types of installers afaik. Another possibility for msi is msiexec /a PathToMSIFile /qb TARGETDIR=DirectoryToExtractTo. Actually before installing anything at all I usually try some of these to get a portable app. It's amazing how many installers out there are bascially just automatic single-directory extractors which also happen to add some regsitry entries.
So does WinRar and Ubuntu's Archive Manager.
i tried with winrar. i don't think it worked.
Find a different program. Refuse to support developers who use such underhanded tactics
It's not the developers of the program that caused this, it's the packagers of the software at the distribution point that do this. Beware where you lay blame in situations like these, sometimes the developers are totally unaware that someone is 'wrapping' their installer with another one, and even when they are aware they are not always in a position to do something about it.
This is nice and all, but...the mere fact that SourceForge, an Open Source community site, ever thought it was even close to OK to intentionally distribute malware to anyone under any circumstances (whether with the permission of the developer, or not). AFAIK, by calling themselves and Open Source community site, SourceForge has opted into an ethical obligation not just to their developers who build the software but the entirety of the Open Source software community to protect their users from malicious code.
This episode was indicative of a severe loss of direction and guiding principles.
" … SourceForge has opted into an ethical obligation … "
Well they haven't - but they're certainly happy to laugh all the way to the bank on malware distribution payments while people assume they're "ethical" from their word-choice and propaganda…
Reputations catch up with that eventually though - I doubt Sourceforge is very far from being a doubleplusungood sarcastic misnomer - the Minitruth of Open Source...
This is where the distinction between "Open Source" and "Free Software" actually matters.
Say more, what do you think the distinction is? I think I know what 'open source' means (any software released under a license that complies with OSI's definition of open source[1]), but I'm not sure what you mean by 'free software' and the distinction.
I'll leave it to Stallman: http://www.gnu.org/philosophy/free-sw.en.html
But simply - "“Free software” means software that respects users' freedom and community." This carries with it ethical obligations that Open Source software does not.
In the extreme case, you could have Open Source pacemaker software which kills you if you don't keep up your payments, but the same thing would not be Free Software.
Some context, for those who haven't been following this story:
Sourceforge has killed itself by completely breaking the trust with their developers and their end-users.
100 times this.
Way too little, way too late.
And this is a typical corporate-speak fauxpology "Sorry you were offended"-style. _Maybe_ if they'd confessed to unethically pushing shit-ware via dark patterns, they might regain some trust, but "3rd party offers" and "easy-to-decline" are not the phrases they need to be saying to turn around my opinion/advice of "Download from Sourceforge? No chance, I wonder if there's an alternative way to get that software, or if I have to find an alternative?"
Oh right, like a project such as the GIMP (GNU Image Manipulation Program) would "opt in" with having "third party offers" (e.g. spyware) in their distribution packages. Just pull the plug, SourceForge. You are done.
>>> "At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."
Uhhhh ... I'm undoubtedly being way too cynical, but that sure sounds like a back-handed way of saying they're going to "present" these third-party "offers" on top of any projects that are already bundling such "offers".
Also, "present" ... really? What a horrible word choice, given the UX patterns involved here. Total bullshit.
And furthermore, how exactly will SourceForge gain this explicit approval by the project developer? I'd like to hear more on that note. Do they modify their terms & conditions to make this an auto-opt-in for all new accounts? Are existing accounts grandfathered into this by a default opt-in, on account of having been notified by email of newly updated Terms, the way various companies like to engage in wrong patterns for implied approvals by-means-of-using-our-service that benefit the bottom-line first, and preference typical user sentiment second?
[EDIT: wording correction]
In my mind, the damage is already done. And as damage control goes, this leaves something to be desired:
While we had recently tested presenting easy-to-decline
third party offers...
On top of this /. is burying articles critical of this: http://danluu.com/slashdot-sourceforge/
Slashdot still exists?
If they want to save /. they should post articles condemning SourceForge. Sacrifice the one to save the many.
With the likes of github around and offering much better experience, sourceforge seems outdated anyway. The damage is already done.
Oh thank you SF, that's really nice.
SF.net died years ago. This remnant that continues is a farce.
damage is already done, its a real shame too.
The death throes of a company.
Why is it so hard for many online companies/services that desire to monetize their product(s) to accept that, given the choice, nobody opts-in to ads, marketing, privacy invasion, and other shit that turns them into a product? I've been reading HN for years, and this news cycle of OMG-Custom-Whizbang-Inc-has-opted-you-in-to-Shady-Feature-Fizzbuzz seems to break on the regular.
Want to monetize your product? Start on Day Fucking One, with User Number One. Make them pay.
Want to start off free, and worry about monetizing your product later? Don't fucking automatically opt your users into being the product you sell to advertisers. Don't snoop on them, or otherwise invade their privacy. Don't be an asshole to them and force something on them they haven't already agreed to. Default to every new & existing user being opted out of any of these things. Make it an organizational principal that explicit opt-in behavior is The Right Way™ -- such as signing up for a paid tier of service, like Github and many other good actors do in this regard.
I seriously cannot think of many things that happen in the lifecycle of an online service in which automatically opting users into some process is the best and most honest experience, and the thing most people want. That people accept this crap is beyond me.
Nobody would allow this to happen in their non-digital lives:
"Hey, John, Jerk Pest Control here. You've been using our quarterly service for a while now. We're rolling out a new service that visits every month, and we're going to keep the price the same as before by selling your information to some other local businesses that want you as their customer. We've opted you into the service automatically. Why? Well, we're looking to break out of our cyclic dependency on quarterly fees to help hit business growth targets. There was a small note informing you of this opt-in that went out with your last bill."
grumbling and swearing commences. phone beeps with another call...
"Hey, Mary. Dick's Accounting Service. You left a message about phone calls received from other companies who say we shared your number. We've been taking care of your taxes for the past few years, and are testing out a new service of presenting easy-to-decline third-party financial services to you, based on how well we think they fit what we know about your annual financial picture. We've carefully chosen our partners, and we only share just enough information to help them verify your viability as a candidate for service. We opted you into this service for your convenience. Why? Well, we're trying to maximize the returns of providing excellent service for your needs beyond just the once-yearly tax visits. We sent you an email about new Terms of Service around tax time, and you agreed to them when you used us to file your taxes this year."
grumbling and swearing. inquire about opting out of the service.
"Oh, that's easy. To decline the offers, just tell them you're not interested in the service. When they ask if you would like to confirm you are sure you're not interested in being removed from their call list, or would like to decline being removed from their call list, tell them you're not interested and would like to decline. Piece of cake."
Yes, SourceForge are being total assholes with this whole debacle. But let's maybe take a minute to ponder where they even got the ideas from, and why we are only offended when a once-free service that markets itself as having something to do with "open source" or "free software" is the bad actor.
Too many online companies and services think this behavior is perfectly acceptable, and build up their services in a tech culture that accepts it. It's a bit ridiculous to draw lines in the sand and have so much outrage only for the likes of SourceForge. None of this ought to be that surprising.
</tangentially_related_rant>