

Download.com Response to Nmap Offer Bundling - fendrak
http://download.cnet.com/8301-2007_4-57338809-12/a-note-from-sean-regarding-the-download.com-installer/

======
kkowalczyk
BTW: CNET is not the only entity doing that, they just happen to do it on a
scale and got noticed by the public.

There's a class of lowlifes who take popular open source programs, rename it
and wrap inside a custom installer that similarly tries to trick the user to
install some other, usually crappy, software.

My program (Sumatra PDF) is popular enough that it happened to me 3 times and
I know that other popular open-source programs were similarly violated by the
same people (not going to link to them or even mention names to not give them
google juice).

~~~
r4vik
I love Sumatra PDF, thank you for making it.

------
anon-for-this
Email to developers from download.com:

Download.com Developer Community,

My last communication to you was shortly after we launched the Download.com
Installer in late summer. At that time I asked for patience as we began work
to deliver a mutually beneficial model to market.

We are on the verge of fulfilling our vision of coming to market with an
installer model that delivers files faster and more efficiently to users,
while enabling developers to a) opt-in to the Installer, b) influence the
offers tied to their files, c) gain reporting insight into the download
funnel, and d) share in the revenue generated by the installer. However, due
to some press that surfaced yesterday and the potential for subsequent
misinformation, I am reaching out now to address that press and to provide a
progress report on the upcoming launch:

First, on the press that surfaced yesterday: a developer expressed anger and
frustration about our current model and how his file was being bundled. This
was a mistake on our part and we apologize to the developer and user
communities for the unrest it caused. As a rule, we do not bundle open source
software and in addition to taking this developers file out of the installer
flow, we have gone in and re-checked all open source files in our catalog. We
take feedback from our developer & user communities very seriously and take
pains to both act on it and respond in a timely manner.

With that, I want to share progress made thus far: This week we will launch
the alpha phase of our new installer. This alpha phase is intended to test the
tech and do QA, and will roll through the next few weeks to ensure that our
installer is bug free. Between this week and the end of January we will be
completing the necessary engineering and administrative work to roll out our
beta, which will include a small group of developers who've agreed to
participate in the beta launch. Our goal is to exit beta by end of February
and have the necessary systems in place to enable opt-in, influence over
advertising offers (for those offers that impact your product), download
funnel reporting and revenue share back to you, the developers. In the
weeks/months following the full release, we will continue to iterate on the
model, adding more features to the Installer and bringing greater efficiency
to our own download funnel (read: increased install conversion). The initial
feedback from developers on our new model has been very positive and we are
excited to bring this to the broader community as soon as possible. More
communication will follow as we move into Q1, and until then, thank you for
continuing to work with Download.com.

Sincerely,

...

------
kkowalczyk
They are lying.

I just checked and my very much open-source Sumatra PDF is still wrapped in
their cnet installer which tries to push some "special offers" or trick the
user into installing some other software.

"In addition to immediately taking Nmap out of the download manager, we
reviewed all open source files in our catalog to ensure none are being
bundled."

Like hell you did, CNET.

~~~
jaredsohn
If you read the comments, you'll see they also missed putty and filezilla.
Their 'review' indeed seems to have been pretty poor.

~~~
kkowalczyk
Yeah, I noticed. I also asked them to remove bundle from my program via
comments. It doesn't seem like there's any other, documented, way to get them
to do it.

~~~
Joakal
IANAL; Can you legally threat them for integrating closed source with your GNU
GPL?

Might also be a good idea to warn people via your download page. No one knows
where else to get it.

------
conanite
This response doesn't respond to the claim that download.com is bundling other
software as well (the original nmap post referred specifically to VLC). This
response claims that wrapping nmap was a "mistake", should we conclude that
wrapping other software was therefore deliberate?

~~~
wvenable
Of course wrapping the other software was deliberate! Someone at c|net
designed, built, and deployed the wrapping feature; that is as deliberate as
you can get.

However, _at least_ they have re-enabled the direct download link for non-
registered users so that those people who understand the difference can avoid
the wrapper. I still think it's distasteful to pray on the ignorance of users,
as all these wrappers and toolbars do, but that is how they get paid.

------
angelbob
I like how they apologized for the _unrest_. That is, they apologized for how
people reacted, not what they did.

~~~
rhizome
That's how you know it's a company run by bad people.

~~~
smashing
I think it is instead a bad company that runs people. Just because C/Net tends
to attract morally ambiguous people who have no qualms twisting the facts to
suit their marketing/business campaigns is a side effect of their mission
statement, "As leading destinations for the information and entertainment
people crave(1), we don't just support lifestyles – we help define them(2)."
via <http://www.cbsinteractive.com/company_info.php>

NOTE: They are in the CBS Interactive brand portfolio.

(1) Meaning media=software downloads for Downloads.com

(2) Through bundling malware which customers wouldn't intentionally install
otherwise.

~~~
rhizome
It's the result of actual people making decisions about what to say.

------
rhubarbquid
So are they saying they only intended to bundle the crapware with closed
source software, or am I misunderstanding?

~~~
metafour
That's what I took away from their release too. I'm guessing they know some
open source licenses specifically forbid what they did due to the nmap posting
and are just trying to CYA.

~~~
bdonlan
Most open source licenses don't forbid 'mere bundling' with some other
software, even if said other software is Evil. Most likely download.com just
doesn't want to have to deal with source distribution requirements from
GPL/LGPL software.

~~~
metafour
I don't doubt that you are correct. This is what I was recalling and referring
to from the seclist post regarding nmap:

This is exactly why Nmap isn't under the plain GPL. Our license
(<http://nmap.org/book/man-legal.html>) specifically adds a clause forbidding
software which "integrates/includes/aggregates Nmap into a proprietary
executable installer" unless that software itself conforms to various GPL
requirements (this proprietary C|Net download.com software and the toolbar
don't).

Can't imagine they would want to release the source code to their software at
any point, it's easier to just make a blanket statement that you don't intend
to bundle any open source software with it. Even if that's not what you
actually do which seems to be the case according to some of the other
comments.

------
bcrescimanno
Translation: We go through a rigorous process to ensure that we don't give you
any spyware / adware / malware...

...except, of course, our own.

------
ComputerGuru
Quote: _It is a Download.com policy not to bundle open source software [...]_

To the best of my knowledge, no popular FOSS license forbids bundling. But if
they bundled them, they'd have to deal with distribution of the source code
too (which is a PITA for so many products of so many different versions and
licenses), but possibly they'd also have to open source their installer (can't
see it being such a big trade secret, but CNet's that kind of company where
they'd all go OMG! Competitors steal our code and ideas!) which is probably
why they're refraining from doing so.

Now it's interesting that, reading between the lines, they'll continue to do
this for free, non-opensource software (like mine)..... which ironically _can_
and oftentimes _do_ (I do) explicitly state that commercial use is restricted
and bundling isn't allowed.

I'd say this response is jumping out of the frying pan (technical issues and
obstacles) and into the fire (illegal, in direct violation).

~~~
LukeShu
The makers of EasyBCD (non-FOSS freeware) have become pissed about this, and
demanded that download.com unbundle it, or delist it because it is a violation
of the license.

Throughout their letter they talk about how them taking action was only
possible because of their proprietary license.

------
e40
Anyone know how to remove software from being listed on download.com? In My
Products on upload.com I don't see any options, nor anything in the FAQ. I
emailed them, but I suspect it will be days before I get a response...

~~~
e40
(I would have edited my response to add this to my original reply, but there
is no "edit" link for it)

Apparently you have to email them and request removal and you need to give a
reason. I'm not sure if they would consider a reason invalid or not. We'll
see. I've requested removal of 2 products from their site.

------
hub_
They also wrap AbiWord (GPLv2 licensed) in the cnet downloader..... that ask
you if you want to install a toolbar. This does not look good either.

Time to lawyer up a bit.

