Open Source Trust Abused

The matter has been a unhealed wound for more than six months, but this week the problem  that C|Net's Download.Com website has been perpetrating leapt into high profile with a complaint from the developers of NMap and others. The...

Share

The matter has been a unhealed wound for more than six months, but this week the problem  that C|Net's Download.Com website has been perpetrating leapt into high profile with a complaint from the developers of NMap and others. The download.com site is one of the oldest software download sites, running since the nineties to offer downloads of free-of-charge software of all kinds - shareware, trialware and other proprietary software with loss-leader business models as well as true open source software.

As the consumer marketplace has got tougher and tougher, the site has gradually dialled up the commercialism. While that was just advertising on the site, the service they have offered was worth the annoyance, but personally I stopped using them several years ago when the assault on the senses grew too much.

Cloud AdWare

That trajectory continued its inexorable decline and they started tampering with the actual download process, inserting promotional messages and actions which they sold to whoever wanted them. The result today is that many of the packages on Download.com are mediated in a downloader or installer that does things to your computer that you would be very unlikely to accept if they were explained to you first.

If their wrapper was indeed just "a tiny ad-supported stub installer" as their FAQ says, I doubt most of us would worry that much. But it's not - later they admit "the Download.com Installer is supported by offers for additional 3rd-party software". The wrapper seems to work out where you are and perform actions that have been paid for by a sponsor in your market. That might include changing your browser home page; changing your default search engine; installing a browser toolbar; installing plugins that may include privacy-endangering tracking; or who knows what else?

Naturally there's some text flashed on the screen to gain your "approval" in passing, and C|Net's FAQ makes big deal of the fact they "alert" downloaders first. But the result is very much like an adware attack of the kind you'd experience by opening spam e-mail. What download.com are doing is just the cloud equivalent of adware.

Monetising Trust

While some voices have tried to surprisingly claim there's no problem, I'm in no doubt that C|Net have crossed the line here and are betraying the trust of their readers. They know they have that trust - their FAQ points out that "the user is guaranteed that the file they install came from Download.com's servers" - so it's hardly unintentional. Their excuse is "Download.com is supported primarily by advertising". In their heads, it's probably justified by some variant of the usual "everyone is making money here so why shouldn't we" canard.

But in the case of the open source downloads, that's confusing the meaning of "free" in "free software". Open source software may come with a zero price ticket for the right to use, but that is a byproduct of the liberties it enshrines, not a commercial gambit like it is for proprietary no-cost software. Messing with someone's computer as a condition of download because "we have to make money" is not OK - open source is about liberty, not price.

I'm not aware that C|Net is a contributor to any of the open source communities I have so far seen them wrappering, so while there may arguably be no legal obstacle to them monetising downloads this way, they have no moral right to do so. Not only are they prostituting the trust of their readership, they are also abusing a liberty made available by each open source community they are monetising.


Follow Simon as @webmink on Twitter and Identi.Ca and also on Google+


"Recommended For You"

Still Crippled By "Free" Proprietary software vs security