If you’ve followed any tech news aggregator in the past week (the week of the 24th of May, 2015), you’ve probably seen the story about how SourceForge is taking over admin accounts for existing projects and injecting adware in installers for packages like GIMP. For anyone not following the story, SourceForge has a long history of adware laden installers, but they used to be opt-in. It appears that the process is now mandatory for many projects.
People have been wary of SourceForge ever since they added a feature to allow projects to opt-in to adware bundling, but you could at least claim that projects are doing it by choice. But now that SourceForge is clearly being malicious, they’ve wiped out all of the user trust that was built up over sixteen years of operating. No clueful person is going to ever download something from SourceForge again. If search engines start penalizing SourceForge for distributing adware, they won’t even get traffic from people who haven’t seen this story, wiping out basically all of their value.
Whenever I hear about a story like this, I’m amazed at how quickly it’s possible to destroy user trust, and how much easier it is to destroy a brand than to create one. In that vein, it’s funny to see Slashdot (which is owned by the same company as SourceForge) also attempting to destroy their own brand. They’re the only major tech news aggregator which hasn’t had a story on this, and that’s because they’ve buried every story that someone submits. This has prompted people to start submitting comments about this on other stories.
I find this to be pretty incredible. How is it possible that someone, somewhere, thinks that censoring SourceForge’s adware bundling on Slashdot is a net positive for Slashdot Media, the holding company that owns Slashdot and SourceForge? A quick search on either Google or Google News shows that the story has already made it to a number of major tech publications, making the value of suppressing the story nearly zero in the best case. And in the worst case, this censorship will create another Digg moment1, where readers stop trusting the moderators and move on to sites that aren’t as heavily censored. There’s basically no upside here and a substantial downside risk.
I can see why DHI, the holding company that owns Slashdot Media, would want to do something. Their last earnings report indicated that Slashdot Media isn’t doing well, and the last thing they need is bad publicity driving people away from Slashdot:
Corporate & Other segment revenues decreased 6% to $4.5 million for the quarter ended March 31, 2015, reflecting a decline in certain revenue streams at Slashdot Media.
Compare that to their post-acquisition revenue from Q4 2012, which is the first quarter after DHI purchased Slashdot Media:
Revenues totaled $52.7 … including $4.7 million from the Slashdot Media acquisition
“Corporate & Other” seems to encompass more than just Slashdot Media. And despite that, as well as milking SourceForge for all of the short-term revenue they can get, all of “Corporate & Other” is doing worse than Slashdot Media alone in 20122. Their original stated plan for SourceForge and Slashdot was “to keep them pretty much the same as they are [because we] are very sensitive to not disrupting how users use them …”, but it didn’t take long for them realize that wasn’t working; here’s a snippet from their 2013 earnings report:
advertising revenue has declined over the past year and there is no improvement expected in the future financial performance of Slashdot Media’s underlying advertising business. Therefore, $7.2 million of intangible assets and $6.3 million of goodwill related to Slashdot Media were reduced to zero.
I believe it was shortly afterwards that SourceForge started experimenting with adware/malware bundlers for projects that opted in, which somehow led us to where we are today.
I can understand the desire to do something to help Slashdot Media, but it’s hard to see how permanently damaging Slashdot’s reputation is going to help. As far as I can tell, they’ve fallen back to this classic syllogism: “We must do something. This is something. We must do this.”
Update: The Sourceforge/GIMP story is now on Slashdot, the week after it appeared everywhere else and a day after this was written, with a note about how the editor just got back from the weekend to people “freaking out that we’re ‘burying’ this story”, playing things down to make it sound like this would have been posted if it wasn’t the weekend. That’s not a very convincing excuse when tens of stories were posted by various editors, including the one who ended up making the Sourceforge/GIMP post, since the Sourceforge/GIMP story broke last Wednesday. The “weekend” excuse seems especially flimsy since when the Sourceforge/nmap story broke on the next Wednesday and Slashdot was under strict scrutiny for the previously delay, they were able to publish that story almost immediately on the same day, despite it having been the start of the “weekend” the last time a story broke on a Wednesday. Moreover, the Slashdot story is very careful to use terms like “modified binary” and “present third party offers” instead of “malware” or “adware”.
Of course this could all just be an innocent misunderstanding, and I doubt we’ll ever have enough information to know for sure either way. But Slashdot’s posted excuse certainly isn’t very confidence inspiring.