Advertising, Bundling, Community and Criticism

By rgaloppini

Over the last days, we heard a number of concerns around how our business practices affect the community sentiment. A few concerns were expressed by several developers, included the GIMP community, about confusing ads on SourceForge pages. Along with that, we also heard complaints about the DevShare program. We want you to be assured that we are always listening to you, learning from you, and taking action on your feedback.

1. About the Confusing Ads

We work with several different Ad Network partners like Google to show ads on our site, and from time to time, a few confusing ads show up. Just like all of you, we do not like these ads, and last month, we asked our Ad Network partners to remove over 200 deceptive ads; however, it’s an ongoing process and we need your help.

In order to eliminate these sometimes misleading ads from SourceForge pages, we’re asking you to drop us an email at [email protected] providing the screenshot and, more importantly, the full link to the confusing ads [to copy it right click on the link, and choose “Copy Link Location” in FireFox; “Copy Shortcut” in Internet Explorer; “Copy Link” in Safari and “Copy Link Address” in Chrome]. We will make sure to review all such requests, and if we agree with you, take immediate action. Please help us to make SourceForge a better place. Your input is material to help mitigate this issue.

2. About Bundling Open Source with Additional Offers

In July 2013, we launched a pilot version of an opt-in revenue-sharing program called DevShare. DevShare is a partnership program offered to SourceForge developers to turn downloads into a source of revenue for them, by bundling their applications with third parties’ offers. This revenue will help these projects grow, help the developers keep contributing to the Open Source community, and help us keep offering free hosting, distribution, and other services.

Let’s start by providing some context around this issue first.

We started the DevShare program for two reasons:

  1. Some projects were already using the SourceForge infrastructure to deliver bundled offers to monetize their downloads, and most of them were complaining about the lack of control on the quality of the offers and user experience. In addition, many other open source projects expressed interest in monetizing their downloads by bundling relevant offers, but the lack of control with Installer Partners was a key concern for them.
  2. SourceForge also makes a small amount of revenue from this program to continue offer free hosting, distribution, support and ultimately to keep enhancing Allura, it’s fully open source platform now in incubation at Apache.

Therefore, we evaluated a few Installer Partners to help us address end-users’ complaints related to one or more of the following reasons:

a) opaque installation flows providing little or no choice about secondary offering installations;

b) undocumented and difficult to uninstall procedures for those secondary offerings;

c) secondary offerings that are not always safe, trusted and secure applications.

We addressed points a) to c), and our approach was highly appreciated by eminent members of different open source communities.

What DevShare Means to You

End-users are provided with a clear and transparent installer behavior, all programs are malware-free and clearly described. All uninstall procedures are extensively tested, so that if end-users install it by mistake they can easily remove it.

Developers aren’t just compensated in money, but they are in full control of both the installer behavior and what sort of secondary offerings will be presented to their users.

Where are We and Where are We Going

Currently in the Pilot phase, we only have 3 projects participating in the DevShare program all of which explicitly opted-in. This represents 3 out of 300,000+ projects in our entire catalog. This is a 100% opt-in program for the developer, and we want to reassure you that we will NEVER bundle offers with any project without the developers consent.

The DevShare program has been designed to be fully transparent. The installation flow has no deceptive steps, all offers are fully disclosed, and the clear option to completely decline the offer is always available. All uninstallation procedures are exhaustively documented, and all third party offers go through a comprehensive compliance process to make sure they are virus and malware free.

Having said that, we believe we should do more to make sure all our stakeholders are pleased with the program and how it works.

In the near future, we’ll share a blueprint of how we believe this program can be improved, and we’ll ask the community for feedback. We will not be accepting any new projects into this pilot until the community has vetted possible changes and improvements to the program.

In Closing

You are welcome to join the conversation at the DevShare forum on SourceForge, your opinion rules.

31 Responses

  1. No Way Jose says:

    SourceForge is now, and has been garbage. I do not use it any longer.

  2. Developer says:

    If you think the descrition “a few confusing ads show up” is accurate, I suggest that you pay more attention to your business.  You know very well that policing the ads will reduce your revenue.

    You are in danger of losing the support of the open source community.  Perhaps you that as positive rather than negative since they do not provide direct revenue, but I suggest that is short sighted.
    There are two distinct types of developers – those who wish to monetize via advertising (deceptive or not) and those who do not.  You should immediately stop using your installer for those who wish their install process to be transparent and free.  To do otherwise makes you appear greedy, since developers are not dumb – they know you are monetizing their work for yourself.
    As an open source developer, I resent the use of your installer and the deceptive advertising.  Because I do no believe that you are still willing to host open source software without monetizing it, I will no longer be using SF to host my projects.
    Dice should stick to its core business instead of picking a fight with the open source community.

  3. Dev1 says:

    If you think that hand-waving away the concerns by making adware more transparent or whatever is going to win back favor from the community, I’ve got some bad news for you.  Whether or not 3 or 300,000 applications are using

  4. JasonTreadwell says:

    I used to see sourceforge as a reliable source. Now when searching software and see a link for sourceforge, I run away, assuming it is some sort of scamware of malware. So sad, as many in the open source community once flocked here, but the trust has been erased. It’s only a notch or two above MacKeeper on the scamware levels…

  5. happyskeptic says:

    Recently the only safe way for normal users to download something from Sourceforge was with an ad-blocker, otherwise they got tricked into installing malware and crapware by those big green ‘Download Now’ ads that appear on every download page. All this post says is that the deceptive big green buttons are now going to start appearing in the installers as well. 
    Notice how in the Filezilla installer on the page where it presents the malware/crapware it has a greyed-out ‘Decline’ button and a big green ‘Accept’ button. This is clearly designed to trick users who are used to clicking ‘Accept’ through SW license agreements during installs, and associate the ‘Decline’ option with cancelling the installation. A fairer wording would be ‘Install Filezilla without installing promotional software’ or ‘Install Filezilla with promotional software’, with both buttons in green!

  6. cquirke says:

    What you are suggesting is stepping on ants, one by one – we’re supposed to tell you when you are hosting bad ads (implying you have no control or monitoring in place) and then you “may” act.  That’s playing whack-a-mole, and pretty much ensures you will still have bad ads at any time, on the basis that “no-one has complained” (yet).

  7. galoppini says:

    @cquirkeUnfortunately there is no other way around. Take the adsense page, it says that in order to block ads you have to
         Enter the [exact!]display URL shown on the ad or the destination
         URL to block new and existing ads.
    There is no way to know in advance what kind of ads would be displayed, and having over 300.000 projects we might hardly be able to remove all confusing ads if we do not get help from the community.

  8. […] alle critiche sollevate in Rete, SourceForge non fa ammenda ma promette ora trasparenza e libertà di scelta. Il repository, che già lavorerebbe con i network di […]

  9. chilinux says:

    The idea that a close source installer can be fully transparent sounds like marketing double talk.
    A key point made by the GIMP project was:
    >  “[they] strongly encourage the top projects to use a new (closed source only) installer”
    SourceForge not only seems to have missed this key point but has completely reversed it’s previous position on Open Source being a key component to transparency. Instead, SourceForge claims:
    >  “The DevShare program has been designed to be fully transparent. The installation flow has no deceptive steps…”
    Who says it has no deceptive steps? How do I audit the source code to the installation flow?
    For anyone that reads the SourceForge blog, this seems to be a very jarring change in prospective on the part of SourceForge. Several previous SourceForge blog posts bring up transparency, but always in the context Open Source Software. Before November 2013, I can’t find any SourceForge blog posts that refer to close source as “fully transparent.” I also can’t find any other SourceForge blog post that tries to claim close source software contain no deceptive steps. Once SourceForge is able to make the leap that a close source installer is fully transparent, there really is no common ground to continue a discussion on. It isn’t a matter of a third party being a bad actor, SourceForge itself is the bad actor. 
    Bottom line, this SourceForge blog post which backs the use of a close source installer is proof of erosion taking place on fundamental ideal of the foundation of SourceForge.

  10. Free Willy says:

    Offering things for free to the public and establishing a cash flow by selling ads is the only business model that keeps the Internet alive. The free offer like all these beautiful cloud services or search engines or social networks are the baits. The fish is data to precisely place ads.  So even Microsoft discovered this a few month ago and now eagerly tries to use Windows 8.1 as a platform for this. Nevertheless this business model is completely unethical, because it forces people to pay for something  they never ordered just by taking some beer or chocolate from the supermarket.
    So if South Forge is a valuable service and distributes great software, both developers and downloaders should pay for it. But dont try to become an orgainsation like mozilla that claims to be open und for free and in reality earn tens of millions of dollars just by favoring Google as a Starter Page and using Google “technology” for scanning sites to profile the user.

  11. galoppini says:

    @DeveloperWe are fighting deceptive advertising and do
    not want it on our site.  We have no interest in revenues from
    deceptive advertisers.  We have layers of protection to stop these ads
    coming in from ad networks, but no level of protection stops it
    completely – so we need the communities help.  You can help us prove the
    point that we don’t want revenue from deceptive advertisers.
    We do not bundle any project without their consent, and it has never been our intention to do so. DevShare partners have opted-in and are all paid on a revenue-sharing basis.

  12. galoppini says:

    @happyskepticFilezilla’s installer flow has been throughly discussed and reviewed with the project’s admin, both for what concerns the installation flow and how offers are presented. You can actually choose to either ‘Accept’ or ‘Decline’ the offer, while many installers have just a ‘Next’ button. The description of the additional offer provides information, and the install requires a positive opt-in from the user. Last but not least you have a link to a web page describing why you’re seeing this offer.

  13. galoppini says:

    chilinuxThanks for your feedback. We
    disagree that we strongly encourage top projects to join the DevShare
    program. The Gimp-Win Administrator wrote this to us – “while you
    (Sourceforge) were offering the bundle, when I said I’m not interested,
    that was it.”  Feel free to ask him for confirmation.  We informed our
    projects about the program and some of them asked to talk to know more.
    About deceptive steps. The DevShare program is compliant with Google’s strictest policies about secondary offerings, moreover we received positive feedback from community members as the OSI Director Simon Phipps. 
    Along the line of the upcoming blueprint we’ll consider if creating an
    open source installer would make a difference to our community.

  14. chilinux says:


    Your welcome for the feedback.  Thank you for your reply.

    Getting endorsements is not the same as transparency.

    In regards to Google, several
    of the RSS feeds I monitor have had recent reports about Google being
    fined between $17 million and $22.5 million in the Safari privacy case. 
    Also, there has been an on-going stream of articles about members of the
    security community claiming problems with malware distributed via the
    Google Play application store.  So, if Google has such great policies in
    place to stop deceptive activity, why are they having so much trouble
    actually stopping it?  And if it is Google we should put our trust in,
    why don’t we just move our projects to Google Code and the binary
    downloads to Google Docs?

    I understand that OSI
    Director Simon Phipps may have positive things to say about money being
    invested back into projects on SourceForge via the DevShare program. 
    But  do you have any quotes from Simon Phipps which indicate that he
    believes close source programs to be just as transparent as open source
    programs?  The claim of “positive feedback” is also not an indication of

    It is being able to actually audit the activity of a company or program that results in transparency.  If you want instead to
    play the game using the names of impressive companies or people as the
    right way to handle this, then I can play that game too.  I can produce several quotes that are very favorable towards Enron.  None of them would change what Enron was or did but they would be quotes from key companies and people.  I want SourceForge to be something more than the Arther Andersen of project hosting.  It is my hope that you want that as well.

    bothers me the most, is no one has explained the “cost” which would be involved in the DevShare
    program being based on truly fully transparent open source installer. 
    For example, if secondary offerings where provided by a NullSoft Installer
    and publically available NSIS script, then would installs of the
    secondary offering be worth less?  Is clicking to install a secondary
    offering from a closed source installer actually worth more than
    clicking to install a secondary offering from an open source installer? 
    What is the percentage difference in worth between an install performed
    by an open installer vs. a closed installer?  Please explain to me if DevShare is already “designed to be fully transparent” then why does it
    require the installer to be closed source?
    Thanks again for your reply.

  15. wanderson1 says:

    About two thirds of my friends and/or family members attempting to download Free/Open Source Software (FOSS) from Sourceforge that I recommend end up “inadvertently” downloading some proprietary crap to their Windows machines.
    In reviewing their experiences, I fully understand how difficult it has become for innocent persons – and even for me if not paying astute attention to a ‘simple’ download, to discern the differences  between the desired application download versus some bloatware, even with the download process itself.
    Sourceforge must have a, “enforced”  process by which  any ‘proprietary’ download or other type category application is ‘explicitly” clarified – clearly and obviously displayed – as not being part of or necessary to the FOSS application download, before the download process begins.
    Anything else is deceit.

  16. RAINMAN says:

    last week i downloaded a program from sourceforge with one of those “transparent” installers….at first i was somewhat shocked, having to carefully- very carefully re-read, and then re-read again, so i did not end up with some crap/garbage on my computer: i found the wording, and layout TO BE VERY DECEPTIVE-AS TO TRICK ME INTO ALLOWING UNWANTED MATERIAL!!!! i made it past the B.S.-but it would have BEEN VERY EASY TO HAVE MADE A MISTAKE WITHOUT TREATING IT LIKE A LAWYER DOES WITH A LEGAL DOCUMENT!!!!
    RAINMAN- one of many loyal subjects-one who still wants to believe that Camelot still shines brightly!

  17. […] Thursday, in an attempt at damage control, the folks at SourceForge explained the DevShare program in some […]

  18. […] SourceForge defends its installer and ads […]

  19. galoppini says:

    @Free Willy Are you suggesting we charge a minor fee for downloading on a per download basis?  Interesting suggestion.

  20. galoppini says:

    wanderson1 Thanks for your feedback on the “enforced” process, we’ll take it into consideration as we work through the new blueprint.

  21. xsudo64 says:

    galoppini PLEASE don’t charge us or the developers for downloads. Adware can be avoided (though a pain) it’s still worth the promotion of FOSS.

  22. xsudo64 says:

    galoppini PLEASE don’t charge us. Adware is farely easy to  maneuver  around, and it’s worth having free software!

  23. galoppini says:

    chilinuxThanks again for your further comment.
    agree that endorsements are different than transparency, however, Simon
    Phipps described how what we do matches his own seven metrics for
    identifying best practice in download services.  We scored pretty well
    and one metric is specifically – transparency.  As per Simon, “All
    installer behavior is transparent; no surprises or side effects,
    including global system changes.”  So in this case, the fact that we are
    transparent was part of the broader endorsement.
    policies about how secondary offers are proposed to end-users are the
    strictest on the market.  Talking about Google Code we’re actually
    observing the opposite pattern: some projects hosted on google code are
    now moving their downloads to SourceForge, since Google will soon
    eliminate that service.
    Last but not least, we’ll consider if making our installer open source
    would make a difference to our audience, stay tuned for reviewing our

  24. galoppini says:

    JasonTreadwell , thank you for your criticism which we
    disagree with and many in the open source community do as well.  That
    said, we want everyone to use Sourceforge and look forward to winning
    back you trust – thank you for letting us know because we have to hear
    all feedback to make the best possible service for everyone

  25. galoppini says:

    @RAINMAN There
    are so few projects that are part of the devshare program that I’m what
    you ran into was someone else’s installer.  Just last week, we had to
    remove a project (fromimagestovideos) because it was bundling a search
    engine that was not easy to remove.  Can you share the project with me?
    have work to do on the blueprint and your input is being heard– on our
    installer all offers are clearly presented and transparent.  If this was
    someone else’s installer, this is the issue we were trying to address
    with the devshare program in the first place.

  26. galoppini says:

    For further comments and feedback everyone is invited to use at our forum, thanks.

  27. […] We are not alone: the developers of the open source image editor GIMP no longer upload their releases to the SourceForge file system; for the sake of completeness and fairness, here is SourceForge’s statement regarding to this discussion. […]

  28. jeez says:

    I guess I won’t be donating to sourceforge anymore, as you have decided to go this alternative financing route. If you ask for donations, you better not have any of this adware crap. Good luck with your choices.