I can speak quite a bit about this "industry": We (VLC) receive 1 of those offers per day.
They are liars, shady business, IP violators and are downright dangerous.
They have all those great offers for you, but they refuse to give any details as soon as you ask any question. More than half of them are "the biggest in the world" (sic). They lie about download numbers, about download size, about number of software actually installed and about their connexions. They even lie on the actual payback price.
If you refuse, they build special websites, copying yours, with your IP and trademark and register adwords with your name, in every way possible.
They also resell their solutions/websites to other people, using "Affiliate networks", so that once you take one down, 20 appear. And the guy who you took down had no idea who you were or what the software was...
They also have deals with download.com/softopedia/softonic to change/rewrap your installer, without your agreement, often violating your license; or they give back money to those websites, so they are ranked higher than normal other downloads.
And of course, open source software are never respected.
I believe OP is very polite: There are no good reasons to not shame them publicly.
> They also have deals with download.com/softopedia/softonic to change/rewrap your installer, without your agreement, often violating your license; or they give back money to those websites, so they are ranked higher than normal other downloads.
I can confirm this, it's the reason we stopped having a download altogether even though it offered features that were hard to do without a download.
Using software I wrote as a vector to spread malware is really beyond the pale.
Heck, if it was just downloads I could still somehow steer clear of it but I really hate it when companies like Oracle and Adobe bundle this with their security updates and it is checked on by default[1]!!
Even worse to realize that reputable companies such as Google, Ask and McAfee compensate them for doing it. [2][3]
That has to be a new low. Incredible, I never knew it had gotten this bad. I saw the whole download.com debacle as a bunch of jerks taking over a formerly reputable domain, but it looks as if this is now considered legitimate income across the board.
I believe Google Earth's Windows download does the same thing: there is a checkbox to download Chrome as well and set it as the default browser, and it's checked by default. On the download page, not in the installer.
A lot of people these days are bashing Apple and Google for creating walled gardens with their app stores, but this is really the primary reason such walled gardens have taken off. They offer a mostly crapware-free experience.
If Linux on the desktop were to get popular, I'd hate to imagine what might happen to the open source Fedora and Debian/Ubuntu repositories.
If Linux on the desktop were to get popular, I'd hate to imagine what might happen to the open source Fedora and Debian/Ubuntu repositories.
Nothing. In case you haven't been paying attention, Debian repositories were "app stores" before there were app stores. The software goes through extensive vetting and rigorous testing; no, I'm not saying every line of code is inspected, but to claim that a Debian maintainer would just blithely let crapware in is ignorant.
As for the walled gardens of Google and Apple, people are objecting to precisely that: the locked in, tinker-hostile way that the platform (not the app store) is managed. It's great that Google and Apple have finally seen the light and started curating software and making it easy to install, like it's been in Debian for nearly two decades. What's not great is telling people what they are and are not allowed to do with their property by anti-competitively denying the right the to install third party apps.
...through extensive vetting and rigorous testing...
I wanted to upvote your comment, but then I almost died laughing when I read that. Most Linux distributions are better about it now than they were many years ago, but I still remember being absolutely floored when RedHat had packaged a Perl module with a syntax error some years ago.
Same goes for Debian; some of the more "fringe packages" (those of upstream projects that haven't been updated in a while) tended to rot (compilation option changes to dependencies that silently broke parts of the program), and packages from upstream projects that changed rapidly tended to have dependency issues.
I'd also like to point out that while Debian may have had "app stores" before anyone else so to speak. The implementation left much to be desired compared to today.
Today a user simply selects an application and it gets installed. There's no prompts about whether I want the 37 additional dependencies, no text-based prompts about the configuration of some obscure package, and certainly the presentation was sorely lacking.
So yes, Debian may have had the concept early on, but as usual, Apple made something only a geek could love into something usable by everyone.
Usually there's a few tiers of packages, with the first tier packages being extensively tested and maintained, and the second tier packages mostly just provided as a convenience. I believe Debian calls the first-tier "main" and the second-tier "contrib" (and Ubuntu calls them "main" and "universe").
I've had breakages in Cygwin's emacs (missing GNUTLS dependency), Fedora's node.js (mismatched version of v8), GCC 4.7 (C++11 ABI regression, widely reported), Fedora 17's sssd (broke network login after upgrade), and perhaps most galling, Fedora 16's cron (which completely failed if you upgraded from 15). That's just in the past year. I don't think any of those packages are particularly niche or stale. I used to think maintainers were making miracles...now I think they're doing just OK.
Yep, I'm aware of that. Although not every Linux distribution makes that distinction and the person to whom I replied certainly didn't leave room for that.
But in the past, even the packages in the "first tier" were often pretty busted. But even for that tier, Linux distributions are not performing "extensive vetting and rigorous testing". They don't generally test beyond relying that other components that use it work as expected, and for many components, those are only as well tested as the tests that are included with the component.
Yes, some distributions do run security analysis tools or other things on the components they integrate, but that still doesn't count as "extensive vetting and rigorous testing".
The main repository is for free software, the non-free repository is for non free software, and the contrib repository is for free softwre that you must agree to some non-free license to actualy use (because they depend on non-free software, they are just installers, or for any other reason). Those are not different tiers of software stability.
Debian has the unstable, testing and stable distros, that move on different speeds and are subject to different amounts of testing.
If you know of any commercial operating systems where those "fringe packages" receive greater testing than they do in debian I would love to hear about them.
Maybe I should have clarified, as some people obviously have forgotten that testing does not indicate the absence of bugs, and vetting is for many things.
I had hoped the addition of "not every line of code" would have made clear that I make no claim that every package in Debian is bug free. But I still insist, Debian extensively tests packages, mostly for compatibility and dependencies, not to mention bug squashing parties. They are also very careful about what's allowed in (due to being license sticklers).
Of course, all of this strays from my main point: the Debian maintainers are highly unlikely to let in crapware, as opposed to some stores that have had viruses. And that's just the stuff they (eventually) got rid of; don't start me on all the officially approved software that tracks users.
As for your opinion of the ease of use, well, you're entitled to it but it doesn't make it true. What's so hard about using apt-get or, if you can't use a keyboard, one of the graphical managers? So it asks you if you really want to install dependencies instead of just filling up your hard drive, and that's a bad thing? Does the Apple or Google way of "managing" packages even track dependencies, or are they still forcing every vender to include their own (possibly filled with security holes) copy of a library with their apps? I haven't had to answer a configuration question for years, and I've never had a dependency issue with Debian. I say this as a daily user of, developer on, and administrator of machines running Debian for the past twelve years.
You can install whatever 3rd party software you want on a Mac, side by side with software from the App Store. Note that this article is about PCs, not mobile. You seem to be conflating the two.
Name Google's PC. The article may be about PCs, but the thread definitely devolved to talking about Android and iOS, and it's already been conceded that iOS doesn't allow third party apps. If I didn't know better, I might think you were trying to steer criticism away from Apple . . .
Linux would probably do better because few people have any reason to stray outside their distribution's repositories. And these repositories are just as rigorous in their way as the Apple or Google walled gardens; Debian packages have to be signed by the GPG key of a debian maintainer who takes personal responsibility for that package, and whose identify has been verified by having their key signed by another debian member (with a chain that presumably goes all the way back to the original founders). I'm not aware of any cases of a debian maintainer being "struck off", but I'm sure there'll be procedures in place.
You would get plenty of shady sites encouraging you to add another line to /etc/apt/sources.list for cool free screensavers, but it would be a lot more practical than it is in windows to tell people to ignore them and never install anything that doesn't come with the system.
I'm not sure that's a legit fear... Linux on the desktop in 2013 is fairly 'popular' and if it were that simple to infiltrate popular repos with spyware it would have been done years ago.
There are a ton of good people who work to keep those repos clean. Lets not trivialize their contribution by acting like anyone and their mother can make changes to the repo for a popular distro. Sure, a black[/grey] hat can make their own repository, but who in their right mind will use it?
>Linux on the desktop in 2013 is fairly 'popular' and if it were that simple to infiltrate popular repos with spyware it would have been done years ago.
What on earth are you talking about? Linux on the desktop is just above line noise. If hackers don't bother targeting Mac's ~10% desktop share, why would they bother targeting Linux' ~1%?
infiltrating a repo is probably not the hard part, the hard part is getting a linux app that people would want to install.
AFAIK, 0 QC or checking is done on the contents of a repo. additionally, there have been enough times in the past where someone has just straight up rooted the servers that the repo lives on ...
AFAIK, 0 QC or checking is done on the contents of a repo. additionally, there have been enough times in the past where someone has just straight up rooted the servers that the repo lives on
Are you talking about debian/fedora repos? Because if so, that is simply false. Both have heavy QC, and the packages are all signed by the developers keys, and the OS checks those keys.
App stores are just are likely to turn to crap. I've had lots of friends complain that they bought an app, and then an "upgrade" shoved advertisements in.
It's not third-party ads, it's first-party ads, which is slightly better.
Like OP, I have a lot of sympathy for software developers trying to sell in a world full of people who don't think they should pay any dollars for software. They are still gonna pay, just in terms of their privacy and computer security.
May be the case on iOS but with Android I've had apps that stick extra shortcuts on my homescreen and spam notifications every few hours. This makes battery life and usability a lot worse throughout the phone until you can find and kill the offending app.
This is similar to saying "what stops a bad guy with a gun is a good guy with a gun". Alternatively, you could regulate, i.e., locking down the platform and sandboxing all third-party apps.
A better alternative would be for google not to publish this shit on their store but still allow useful background notifications and allow third party manual installation.
I want to switch to Android, but I fear needing to have constant vigilance over what I install. Like running a Windows install but forced to use Java as well.
However, it's still preferrable to Apple's draconian policies.
You must've forgotten Path fiasco, with its quiet uploading of user's full address book to company's servers, which turned out to be - SUR-PRI-SE - a "standard industry practice". Wall garden sanctuary my ass. Same rotten ethics, except far less visible.
As a result, you're now asked if you want the app you installed to be able to access your address book. Do you somehow feel that exe's on windows are more transparent?
If desktop Linux was widely requested by the general public, PC vendors and download sites would heavily promote custom Linux builds complete with pre-installed crapware, dubious defaults and quite possibly broken upgrade paths and most consumers would never know the difference. They'd probably have their own whored-out repositories too.
But Linux will never be in heavy demand as a brand. No great number of people will ever want to have Linux for the hell of it. The only way Linux could experience an upsurge in popularity would be through a mass increase in consumers' awareness of crapware and similar phenomena. And that could thus only be a small upsurge.
> The only way Linux could experience an upsurge in popularity would be through a mass increase in consumers' awareness
This is definitely not true. The following scenario seems to be quite possible: Due to the various problems of Windows 8, developers massively revolt and most applications are either written to older API's, or use cross-platform environments like C#, Python or Java. This essentially changes the Windows API from a moving target to a stationary target; as a result, Wine catches up -- it reaches near-100% app compatibility, perhaps with the aid of a donation from a philanthropist, Google, or some other player. OEM's recognize the cost savings possible from avoiding the Microsoft tax, and with good software compatibility now possible, they start selling discount models with Linux instead. Microsoft stops issuing new licenses for Windows less than 8 to try to pressure developers to port their stuff to Windows 8 by forcing customers to upgrade. But the move is too little, too late: The customers revolt, and since the alternative is already out of the bottle, people jump ship en masse due to lower prices and Windows 8's shortcomings.
Is this a particularly likely scenario? No. But it seems plausible, and it's not due to crapware, or consumer awareness about anything other than price tags.
Some people would say Ubuntu already went down this path with the automatic installation of Amazon advertising in a pretty intrusive way (imho at least)
As I understand it, Fedora's packaging policy is more or less the same as Debian's. Free software only (stricter than Ubuntu), though there are some practical differences. They don't like packaging emulators that are primarily useful for non-Free ROMs. It is also my understanding, different than Debian, they don't like packaging software that no longer has a maintaining developer. Also no external kernel modules, no prebuilt libraries, etc.
Open source repos should be ok, assuming that their admins don't start allowing this crap in. They haven't done so far, with the one exception of the Ubuntu amazon thing.
A risk might be drive-by malware that adds stuff to /etc/apt/sources.list though, however to do this you would need drive-by malware that can bust into the root account, or to get the user to enter the admin password.
They've 'taken off' because they are the only game in town. A real test would be to provide such a 'curated' store alongside an open economy. Then that claim would mean something.
You may be right about the industry as a whole, but I'm betting you're wrong about this particular instance based on what I know about PG and YC.
When I was reading the original TC article, I was thinking that there is actually an incredible opportunity here to create a legitimate ad network that would allow desktop developers to monetize similarly to how it's done on the web - to basically become the DoubleClick of the desktop world.
Why should ad supported desktop apps be any different than ad supported mobile or web apps?
Edit: These downvotes are pretty surprising, I didn't realize I was even being controversial. Can someone explain why creating a legitimate, privacy-respecting ad platform which allows desktop developers to monetize their applications in a manner that's almost exactly the same as ad supported web and mobile apps is that awful?
I'm not even saying that's necessarily what they're up to, I can just see where there's a tremendous opportunity to try and clean up the industry, and how, based on the people involved, the author and the commenter above could very easily be jumping to the wrong conclusions.
Desktop apps with built-in ads are okay. I've used a few here and there. I've also seen shareware model software that has ads that can be turned off by registering. That's fine too. In this case the ads are part of the application. They live within it. Uninstall the app, and the ads are gone. Such ads also tend not to invade users' privacy outside the app. They might send stuff about what you do in the app, but if you don't like it you can uninstall the app.
One of the key words here is "toolbar." It's in the same class as "HIV," "ebola," "herpes simplex virus," etc. Saying you're bundling third-party adware such as toolbars and "browser helpers" and similar is like saying you're purposefully giving someone a disease.
IT professionals managing Windows networks spend god-awful amounts of time removing such junk from Windows PCs. Not only do things like this invade privacy, they often slow down and break peoples' computers.
Still no. One thing destroys your life (or significantly alters it), the other installs some crap on your computer. You can always format and reinstall a computer.
"Can someone explain why creating a legitimate, privacy-respecting ad platform which allows desktop developers to monetize their applications in a manner that's almost exactly the same as ad supported web and mobile apps is that awful?"
Tracking IP and even MAC addresses? Hello? Spyware is spyware.
Also: ads are ads. If your product does nothing respectable (as opposed to selling eyeballs to advertisers under false pretenses) that is worth paying for it to anyone, that's bad luck. It doesn't justify deliberately and systematically messing with the rational decision making process of people, and that others are already doing that is no justification either, nor that they have been doing it for so long.
The same level of tracking is done on the web, constantly. And you don't need to give any sort of permission for it. What is different is gaining root/Administrator access on the machine in order to ensure the tracking is done vs a client side browser script asking if it can run. And then using that access to install a rootkit or mess with the registry to ensure tracking software starts on reboot, etc. That is what is annoying.
Because your browser is incredibly carefully sandboxed, and your desktop is not.
Worse yet, even the low level of sandboxing that desktops posses are almost always defeated by installers: "This installer requires administrator privileges to run"
... aka. yes, you will take our spyware-crapware-rubbish, and you'll love it, or you wont use our app. Capish?
You don't get that with websites. That's why it's ok.
(Incidentally, this is the same reason why its not ok on mobile platforms, where your options of permission are to read your contacts and make phone calls and 'services that cost money' or no, you can't play this game of Cat Pong your friends are talking about...)
They advertise that they convert 60-85% of their installs. When that percentage of users installs crapware they're clearly being tricked into it. So it doesn't look like this is a trustworthy company at all.
Goto their site: http://www.installmonetizer.com/AT_advertisers.php and checkout their advertising partners. Babylon and JackpotRewards are hardly the kind of "advertisers" to get excited about. Babylon has several toolbar partnerships (I have worked on these) and I can imagine how their partnership with Install Monetizer will just lead to another toolbar offer being presented to the users during install time.
Here, you are coming off as a sycophant who is blindly supporting PG and YC without checking your facts which could be the reason for your downvotes.
i agree - i wouldn't mind a text ad next to my unarchiving tool (which i don't use all that often so as to not justify payuing for one). But they need to be unobtrusive like google's text ads.
But therein lies the problem: a tool that you don't use often (hence a low number of ad impressions), and an unobtrusive ad that you might not even see, let alone click. That's unlikely to earn enough money to be worth it. The developer either has to drop the advertising revenue model and try another, or crank the ad model to questionable ethics. Sadly, some developers opt to do the latter.
Exactly this. I'm often advising people to install VLC when they are having problems with Windows Media Player, but whenever I tell them to google for it on their own they end up with some toolbar infested crap.
So now I specifically instruct them to go to videolan.org.
Probably the ads. For a while, Google helped made this even worse by paying companies like Dell to set the default search on new PCs to specially-customised version of Google with far more prominent ads that were less clearly distinguished from normal search results.
Dell has been installing crap since at least 2006/07. Thats when I started wondering why all new PCs at a certain company where all infected just few days after purchase. Then I realized this thing (myway?) was being installed by default.
I really didn't think it was ever a Google product though. Correct me if I'm wrong.
This just happened to my friend yesterday when I told him to install VLC. I think he may have clicked an ad instead of the first search result. I saw three pages for different add-ons and toolbars with several pre-checked checkboxes apiece. After unchecking and clicking through it just exited (hopefully) and launched the VLC install program.
After reading some comments and noticing that you're one of the VLC lead developers (awesome software, by the way!), I am wondering if you have a way to make VLC notify its users at the first launch (after install) and tell them something like
"You have installed VLC, it should have come without any additional software such as tool bars or file compressors. If this was not your case, you probably installed it from a third party that arbitrarily and without our consent added external programs. We recommend you to install VLC from videolan.org, etc."
That way, casual users will at least be aware of the external installs problem.
VLC is open source. It would be trivial for a rebundler to remove that warning. If they are violating the license already, there seems to be no impediment to changing the code for personal gain.
Yeah, it usually is trivially easy. If I were to do it, first thing I'd do is to look for the string in executable and patch it by hand with a hex editor.
The really sad part of malware that is tied to freeware or shareware is that the whole thing is a self-inflicted downward spiral. The software authors will tell you they need that malware money because nobody pays for shareware anymore. You know why I stopped downloading and buying shareware years ago? Malware.
And the really unfortunate thing is that a few big bad apples can and did ruin it for everyone else. I don't have time to figure out who is going to install shit on my system vs who isn't, so I just assume everything is bad and avoid it all, with the exception of a handful of known-good products (like VLC) from known-good sources (the author's own websites).
The end result is an ecosystem in which new useful tools (even ones that aren't malware peddlers) now have a near-impossible time creating a critical mass of users, so any money to be made in that market can only come from these terrible spammy practices, which is just sad.
This is why the Mac Gatekeeper is an awesome idea. Unfortunately they fucked up the implementation. Also they are the only CA so they can control who signs apps or not.
Please please please create auto-subtitles functionality for VLC on the Mac. I switched from Windows recently and there's nothing compared to Media Player Classic for easy subtitles. Thanks thanks thanks.
On Media Player Classic you can easily download subtitles for whatever movie you're watching by going to File>Subtitle Database>Download. It will search a DB online somewhere then let you choose and automatically load them into the player. This is something I've not found on any video players available on the Mac. It would be an awesome if it was coded into VLC.
"They are liars, shady business, IP violators and are downright dangerous."
This is completely prejudice! You've never met Install Monetizer, and don't know if they participate in the same activities as the companies that you're referring to.
"I believe OP is very polite: There are no good reasons to not shame them publicly."
This is childish, and I'd expect better from any contributing member of VLC.
I'd give him some lenience...for anyone who distributes desktop software via the web, there is a continuous battle against fake or wrapped distributions.
They are liars, shady business, IP violators and are downright dangerous.
They have all those great offers for you, but they refuse to give any details as soon as you ask any question. More than half of them are "the biggest in the world" (sic). They lie about download numbers, about download size, about number of software actually installed and about their connexions. They even lie on the actual payback price.
If you refuse, they build special websites, copying yours, with your IP and trademark and register adwords with your name, in every way possible.
They also resell their solutions/websites to other people, using "Affiliate networks", so that once you take one down, 20 appear. And the guy who you took down had no idea who you were or what the software was...
They also have deals with download.com/softopedia/softonic to change/rewrap your installer, without your agreement, often violating your license; or they give back money to those websites, so they are ranked higher than normal other downloads.
And of course, open source software are never respected.
I believe OP is very polite: There are no good reasons to not shame them publicly.