PDFCreator installer includes the closed-source "pdfforge Toolbar"

[jasonspiro]

http://prdownloads.sourceforge.net/pdfcreator/PDFCreator-1_2_1_setup.exe includes the "pdfforge Toolbar" adware. But as mikelococo pointed out in comment:3:ticket:2409, the toolbar is not open source. It looks like http://pdfcreator.svn.sourceforge.net/viewvc/pdfcreator/trunk/Setup/License/Program%20license%20-%20english.rtf?revision=429&view=markup includes the toolbar license agreement. See lines 259-260 of that file: "You agree not to modify, copy, publish, license, create derivative works from or sell the Toolbar".

Please give the developer a couple of months' warning. Then, if the developer doesn't fix things, please remove the installer from SourceForge.

If the maintainer keeps on insisting that PDFCreator is open-source even though they include a closed-source toolbar, maybe you should ask the maintainer to leave SourceForge. Bundled adware can make good open-source software look bad in users' eyes.

[jasonspiro]

See http://666kb.com/i/btn4m6rlkttkmc91c.png for a screenshot of the installer asking for permission to install the toolbar. (Link found via http://www.pdfforge.org/forum/open-discussion/7074-pdfcreator-121-released#comment-4280.)

[ctsai]

This is under internal investigation by our staff.

Regards,
Chris Tsai, SourceForge.net Support

[jeremy23]

Can we have a further comment on this? As the issue is as of yet unfixed, the ticket being marked as "fixed" is simply a convenient way of sweeping this under the carpet.

The file hosted at http://downloads.sourceforge.net/project/pdfcreator/PDFCreator/PDFCreator%201.2.3/PDFCreator-1_2_3_setup.exe contains the malware still.

[rbowen]

As far as I can determine, this is not malware. It's a search toolbar. Naturally, it sends the search query terms to the server, so that the search can be performed. And the bit that is not Open Source is 1) Not included in the stuff on SourceForge and 2) only installed if you request, during the install, for it to be installed.

Here's a more complete response from the author, for the record:

===============
Hello,

Basically, some people don't like that we offer a toolbar during the install. We have reworked the way it is offered two times, as people do not read the installer screens but just click through them. Also, they don't like the terms of the toolbar offer, as it states, that information that are entered in the search box will be transferred to the search provider and maybe used for optimizations. For technical guys, this is not really surprising that the search engine will have to know what is being searched.

We have also written an FAQ article on that: http://www.pdfforge.org/content/pdfcreator-toolbar-spyware

I hope that clarifies the way we see it. If you want to have a look at the toolbar itself, you can install PDFCreator and accept the toolbar offer.

Please also note, that the toolbar is not hosted on sourceforge. The installer for that is downloaded during the setup.

If you have any more questions on this, please let me know.

kind regards,
Philip
================

Based on my investigation, therefore, this ticket remains closed.

[jasonspiro]

Ah. I had assumed the toolbar is hosted on SourceForge. My mistake; I apologize that I bothered you.

Thanks for investigating. If I may suggest, next time, please keep complaint tickets open until your investigation is done. :)