I haven’t been a full-time Windows user in a long time, but I do have to use it from time-to-time, and I am often asked for recommendations for nerdier software like FTP clients by Windows users. For many years my stock answer was the same, if you’re on Windows and you need a free FTP client, get FileZilla. This week that advice bit me, and the person I gave it to, in the backside badly.

FileZilla’s project page directs people to a .exe installer hosted on SourceForge. Trusting that I would not recommend malicious software, the person who asked my advice downloaded the installer without reading the fine print and installed FileZilla – they got a lot more than they bargained for! That .exe installer did do what you would expect, and installed FileZilla, but it did more than that, it hijacked their browser and installed adware. Suddenly they were getting popups with ads telling them they could optimise their PC, and websites which don’t host ads suddenly started to contain ads!

Had this person read all the small print they would have seen that they were getting more than they wanted, but, that’s not the point. I can’t recommend software that tries to sneak malware onto people’s computers! I can’t say “download this great app, but check all the small print, and go into the advanced mode in the installer and be sure to un-check all the unwanted junk-ware”.

To me this is about trust, and these kinds of installers rely on users trusting the source enough to let their guard down, and not notice the subtle notifications of what the installer does. In my mind, these are digital booby traps. Like a hand buzzer, they turn people’s trust against them. These kinds of installers are not against the rules of Open Source licenses, but I’d argue they fly in the face of the spirit of the Open Source Community.

That brings us to SourceForge. They use these sneaky installers as a revenue stream. My faith in SourceForge had already been shaken by their adoption of ads that look like download buttons, again, trying to trick naive users. This escalation to Download.com-style installers was the final straw for me. I no longer feel safe recommending anyone use a service that makes money in what I consider a dishonest way. Again, I’m not saying there is anything illegal happening here, I just find it immoral. In my mind, I now group SourceForge with Download.com, which is sad.

Finally, just to be clear, I have no problems with people making money from software, be it open or closed source software. Programers should be able to make a good living from their craft! What I object to is business models which rely on fooling users (with things like ads that look like download buttons and installers that install more than you want by default). Someone looking for an FTP client is not looking to have their homepage or search preferences altered, or to have ads injected into their computing experience – they are looking for an FTP client! If you need to rely on the fact that people don’t read the small print to make a living, then in my opinion, you’re breaking Wheaton’s Law, and I want nothing to do with you!