Once users are aware of what's being offered, they should then have the option to opt in. Leaving them without a choice at all is downright antisocial, but even an opt-out does not go far enough because many nonspecialist users click through without reading, trusting the code developer not to pass on malware. In most cases, an opt-out clause is tantamount to deception and abuse of trust.
Finally, and especially for software that has to be updated regularly or will be part of an install workflow, there should be a download freely available that contains only the software the user is installing and that does not perform any additional actions.
Summing all this up, I suggest seven metrics for identifying best practice in download services:
- Developer opts in and is compensated
- Developer is in control of installer behavior
- User opts in to installs rather than needing to actively opt out
- All installer behavior is transparent; no surprises or side effects, including global system changes
- The software is honestly described; any special issues or undesirable behavior are not obfuscated
- Malware is not permitted and there are no pop-ups, pop-unders, and so on in the sideloaded code
- An alternative non-installer download is provided
So far, SourceForge's DevShare seems to score well against this metric. The example project SourceForge directed me to, FileZilla, offers to sideload a Windows application that claims to secure Wi-Fi connections. As you can see from the screenshot, this utility might well ring alarm bells -- it's ad-supported, and it inserts itself in network traffic -- but the description provides that information, and the install requires a positive opt-in from the user.
SourceForge representative Roberto Galoppini told me that the company positively vets all software sideloads and checks them for unacceptable behavior, including popups/pop-unders and undeclared tracking. In a competitive market for in-app advertising, SourceForge goes as far as it can in avoiding deceptive offers, according to Galoppini. This can even lead to improvements in the original application being downloaded. SourceForge checks that there's a mechanism to uninstall both the original application and anything the user opts to sideload.
For projects that want to monetize their downloads along with getting full download statistics, the new SourceForge offering looks promising. It's a welcome change from the assumption by some download-only hosts that they have an exclusive right to monetize in any way they like, even to the extent of deceiving users. In particular, SourceForge's claims to prevet the software and to ensure uninstalls are possible are refreshing. I'll be interested to watch uptake as the offering heads to a full release.
This article, "How it measures up: SourceForge's new revenue sharing for developers," was originally published at InfoWorld.com. Read more of the Open Sources blog and follow the latest developments in open source at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.