Sourceforge adds adware-installers to abandoned projects (and removes them again)

Sourceforge, a prominent project hosting website, began to wrap some software downloads on the site in installers that included unrelated third-party offers.

This new way of delivering downloads to users affected only program downloads of projects where the admin of the project enabled the option.

Several popular program hosted on Sourceforge, the ftp client FileZilla for instance, have been offered primarily with download wrappers ever since.

It is clear however that the majority of projects on Sourceforge are not making use of download wrappers. I checked the first three pages of the site's top apps listing and found that most don't use download wrappers right now.

The easiest way to detect if a download is direct or not is to check for the text "installer enabled" on the download button.

Sourceforge displays direct download links on the same page. As is the case on sites that use download wrappers, the "clean" link is always less visible than the adware link.

One can argue at this point that Sourceforge's approach is not that different from other sites such as Download.com that use download wrappers. In fact, the site's opt-in approach ensures that the majority of downloads on the site are still adware free.

Events have taken a turn for the worse recently though as Sourceforge began to take over what it calls abandoned projects on the site.

The developers of GIMP, a popular image editor for various operating systems, noticed several days ago that Sourceforge took over control of the account on the site and started to distribute the program with a download wrapper that included adware offers.

ArsTechnica's investigation revealed that GIMP for Windows was not the only account that SourceForge took over. The list includes popular programs that are not officially hosted anymore on Sourceforge (or never have been but were included in the Sourceforge open source mirror directory) but still available on the site as projects including VLC, Firefox, Thunderbird, Drupal, WordPress, Eclipse, Net Beans or Subversion.

The indicator that a project has been taken over is that its new owner is sf-editor1.

If you check downloads of these projects right now on SourceForge, you will notice that they are not offered with download wrappers.

Even GIMP for Windows, which was offered with download wrappers previously, is offered as a clean download on Sourceforge as of today.

While the projects are still listed under the sf-editor1 user account, it appears that all download wrapper functionality has been removed from all projects owned by that account.

An update posted to the official Sourceforge blog reveals additional details about that:

Since yesterday, SourceForge Gimp-Win mirror downloads only the original software without any offers. We also invite the Gimp-Win developer to take back control of the project if that is his desire, while respectfully asking that he maintain any project updates or allow us to do so.

While Gimp is mentioned exclusively, it is likely that the same has been done for other projects the company too over on Sourceforge. At the very least, all of them are not making use of download wrappers at the time of writing.

It is clear that Sourceforge is in full damage control mode after the story broke and while it removed wrappers from downloads, it did not hand over accounts to previous owners.

While Internet users who became aware of it may distrust Sourceforge now -- if they did not distrust the site before already starting the day it introduced download wrappers -- it is likely that the majority of users on the Internet are unaware of it.

Now You: What's your take on this?