It's like a Mitch Hedberg punchline:

    FileZilla now contains adware...
    
    it always did, but it does now, too.

RIP Mitch. One hell of a funny guy.

"Always has been."

From the last link, the exchange went like this..

User: Just downloaded filezilla from the "official site". This one and was infected by adware which trashed my browser. WTF. I have trusted filezilla for years this is MOST Disappointing.

Admin: The offer-enabled installer may display third-party offers during installation. Nothing is installed without your prior consent. In case you have accidentally agreed to an offer, you can completely uninstall it from Windows' Add/Remove Programs dialog. If you do not wish to use the offer enabled installer, have a look at the additional download options page.

It's even a bit worse than that.

You already probably imagine that the installer has default-selected checkbox that will install something extra if you don't catch it and deselect it.

But what surprised me was, it actively reacts and tries again if you do catch it.

If you don't stop it, it installs something extra. Straightforward.

But if you DO stop it, it then tries to install a 2nd, different extra unwanted crap. There are 2 things in the installer from the get-go, but it only hits you with the 2nd one if you managed to catch and decline the 1st one.

That's a whole special extra level of actively attempting to trick and decieve. That is crossing a line from at least plausible deniability that it's just a passive annoyance, into activly adversarial behavior against your own users.

Someone please file criminal charges under the Computer Fraud and Abuse Act for that. That clearly 'exceeds authorized access'.

I didn't say it was illegal, just dickish.

Fraud... maybe. It might possibly qualify as an attempt to deceive. I think it would be a very weak case and practically impossible to make that argument.

That dynamic reactive 2nd attempt to trick you, which is only invoked if you caught and declined the first, is materially different from the first attempt, and different from if the installer always presented both extras.

The special difference is just that it exposes the intent which was theoretically deniable otherwise, even if everyone "just knows" what's really going on.

If an installer always proposes an extra, or 2, or 13, then the vendor can claim "I'm just offering this extra that I honestly and sincerely believe the user might be interested in and might benefit from".

We "just know" that's bs, but it's possible and it's hard to disprove purely on the face of it.

You could try by pointing out things like how the outer packaging only said that the contents would be Product not Product+OtherProduct, and how the checkbox for the non-advertized and un-expected extra was pre-selected and visually tiny. But that just doesn't quite add up to proof of anything.

But offering one extra, and then only trying again with another if the user declined the first, THAT exposes that the only intent of the extra was to get the user to take it any way they can manage to do it, and not a sincere "offer" of something the user might have actually voluntarily sought otherwise.

It's not that it's 100x more evil. The norm is already bad, and this is just a little more of the same.

It's that it exposes the true intent in a way that can't be denied.

It also invalidates any arguments based on "the user accepted" something. You'd never actually win in court, but in plain conversational argument, if say the crapware caused some damage, the vendor could't claim that the user voluntarily accepted the risk of damage by voluntarily installing the software. But like I said that's just fantasy academic theory. You'd never actually make that stick in court.

Why not you? You seem to know about "filing criminal charges" and the specific law he violated.

I had believed that only a government prosecutor in the United States could "file criminal charges." Do you know how this works?

I'm not an injured party.

You start here: [1]

[1] https://www.justice.gov/criminal-ccips/reporting-computer-in...

You can just download Filezilla to become an injured party.

> The offer-enabled installer may display third-party offers during installation. Nothing is installed without your prior consent. In case you have accidentally agreed to an offer, you can completely uninstall it from Windows' Add/Remove Programs dialog.

Except in looking into it further, there was a particular sketchy offer that was being sent called "Search Bundle" that was completely opaque, put what is essentially an APT on the machine, and was not listed in Add/Remove programs.

The other applications (Firefox, Opera, etc) seemed to allow for normal uninstallation, but not that one.