As far as I remember this had nothing to do with FileZilla in particular and was instead SourceForge repackaging all the popular software hosted on its platform with adware.
No, it has been going on for a decade because they knew about it and defended the practice. You only need to look on this very thread to find more information.
The download from filezilla-project.org even now has “bundled offers” at least for the Windows version (the Windows download page even has this disclaimer “This installer may include bundled offers. Check below for more options.”).
If you click the "quick download link" on the home page it will lead you to downloading a "sponsored" version of the application, e.g. "FileZilla_3.66.5_win64_sponsored2-setup.exe" for me on Windows.
Sidenote: It was Windows Defender which pointed out to me that I had downloaded "unwanted" software, otherwise I might have missed this before running the installer since I had downloaded FileZilla many times in the past without having to worry about it being bundled with unwanted stuff.
I hate bundled adware as much as the next man here, but we also need to be fair and acknowledge that FileZilla plainly informs the user:
"This installer may include bundled offers. Check below for more options."
The download page[1] that is referred to by "check below" then gives a list of both installers (without the adware) and ZIP archives, and notably does not list the adware'd installer.
Using "may" when you know full well it's "will" isn't honest. And I imagine the UI to install the "offers" makes them not really an offering, but a default.
If the situation were reversed, and the default were clean and the adware was buried under "check below for more options," nobody would do it. The entire point here is to trick or confuse people who aren't paying attention.
I don't know why anybody would ever trust software that uses such dark patterns. Yes it's open source, but who has time to audit everything? We have to rely on other signals to determine how trustworthy a project is, and this is a strong negative signal.
On Linux you should be safe if you install FileZilla using your package manager, I have always done it this way and actually today is the first time I'm hearing of this adware issue...
No. It was removed from pretty much all modern web browsers. But not from the Windows file explorer. Maybe not even from Internet Explorer, since that uses pretty much the same technology under the hood as Windows Explorer.
Why? The support was always read-only, you still needed an external client. And if replaced with HTTP(s), you get something that's stateless, uses common port numbers, requires no special treatment from firewalls, can use standard HTTP headers (encoding, caching...)...
FileZilla raged me out so hard for years, I should have switched to WinSCP long ago.
It does this thing where it automatically downloads the latest update and prompts to install it on every launch, and you can't disable it! When you google the issue, you see devs saying basically "screw the users, we are right and they are wrong"... two middle fingers to that.
Yeah, this and another thing that annoys me basically itch me to start a fork (I connect once a month to a known server, so I'm in the target group of people who would complain about update nags and the security argument is moot in my case). There is another warning about an expired security certificate I can do nothing about - a few years ago I could just add it to exceptions but not anymore, I need to click a few times more. These are just little annoyances but at some point someone will get upset and actually start the fork - the software is very mature so basically I don't care about any new features, I want to use it as I did 10 years ago :)
Update checks can be disabled. Either this was so long ago that nobody remembers, or you're lying. I'm going to give you the benefit of the doubt and presume you aren't the latter.
So unless what you're saying is that the setting is not obeyed or doesn't work as it implies, you're either working off ancient memory or lying and I don't necessarily have reason to believe you are the latter.
Or just your file manager. Both Dolphin and Nautilus have very good support for (S)FTP. At least Dolphin can have bookmarks, dual pane, transfer resume, etc. Also thanks to KIO, the remote storage can be transparently used from any applications not just to transfer files directly inside Dolphin.
Also lftp [1] for those connecting with Chroot SFTP-Only accounts. It's mirror subsystem can mimic the behavior of rsync and can also spin up many threads for a batch of files or a single large file. Only downside is being chroot there isn't a corresponding daemon on the other side beyond sshd doing directory enumeration so that part is slower. LFTP is great for automating data synchronization across different vendor clouds or sharing data between different orgs in a company without providing shell access thus simplifying some audits.
`rclone` has replaced most of my usage of rsync, sftp, and sshfs. It can even do things such as taking an existing remote, hiding some of the files or restructuring it in some other way, and wrapping that in rclone's builtin WebDAV server for consumption by some other WebDAV-supporting software.
...as if command line is the most intuitive way of doing things, provides all the workflows and solves all the problems, while GUI has no additional benefit. Maybe for you, but not for many (if not most) people.
We deploy the version without the bundled stuff at work and we disable the auto-update since we push it ourselves internally. I don't see any other way to keep ourselves safe.
We also add the SHA256 checksums of the versions with spywares to our EDR (aka antivirus) platform to automatically quarantine them if someone attempts to download those.
For my personal use I use Mountain Duck, and I can mount those as drives which is nice (I'm not affiliated with them).
Good that I don't have to worry about things like this when downloading from official OpenSuse repos. Are they allowed to bundle adware into flatpaks and AppImages?
I haven't found anything that works as smoothly and consistently with flaky connections. It also seems to handle edge cases better than Linux filemanagers.
For instance I never managed to get Dolphin to work with usernames/passwords that had an `@` symbol in them (don't blame me.. NASA FTP servers auto-assign your email address as a username)
I don't think that you need an alternative for Ubuntu or other linuxes. The FileZilla project is open source, and as such, is present in the major package managers. And surely the sponsor stuff is not there in these builds.
winSCP for the win! WinScp is all so grate with screen readers. For anyone that needs to use one. I find it to be grate with NVDA even the file viewer.
Filezilla's UX is stunningly bad for an SFTP client. I used it for years to update my personal website. I ended up installing Cloudron on my droplet and just manage my files through there.
This is no news. I forgot the other programs but i remember that this practice was more or less common 1-2 decades ago. But today, who would still need something like filezilla anyway?
Is that ok with the macOS (non-pdf and non-apple store version)? I used that all the time and seems ok. (The other version is costly and hence not opt-in.)
FileZilla is one of those examples that makes me want overly stringent trademark laws. To me the name implies it’s part of the Mozilla family and it is neither in ownership nor in spirit and it makes me irrationally angry
Did Mozilla really came from Godzilla? I've always thought it was short form of 'Mosaic killa' (Mosaic killer). Original code of NSCA Mosaic was licensed by Microsoft Corp from Spyglass, Inc. (and so become a part of first version of Internet Explorer); while team which had written this code (Marc Andreessen et al) got venture funding from James Clark et al in 1994 to form Netscape Communications Corp and basically rewrite the browser from scratch. I.e. initial goal of that team was to kill NSCA Mosaic, their previous creation, hence the name.
> Mozilla Foundation – from the name of the web browser that preceded Netscape Navigator. When Marc Andreessen, co-founder of Netscape, created a browser to replace the Mosaic browser, it was internally named Mozilla (Mosaic-Killer, Godzilla) by Jamie Zawinski.[110]
That's not how trademark law works. Nobody has words "reserved to them", the question is whether or not your average person could reasonably believe they are related to Mozilla.
It might be hard to defend that as a unique enough trademark. Not impossible if you can afford the sort of lawyers that get words like “windows” and “apple” protected, but not easy. -zilla was a fairly common suffix for various things including, but not limited to, software when the company took on the name. I expect the majority of people hearing the name filezilla will think of Gozilla far ahead of Mozilla and assume the name comes from there rather than implying a link to the company (a lot of non-techies might not even know/care that Firefox comes from a company call Mozilla) so the chance of meaningful conclusion would take quite some arguing for.
Protections that would apply to -zilla as you suggest could be used for a lot else by other corporates, so be careful what you wish for there.
Not to say that I agree with the transparent, but: Trademarks only apply where there might be confusion. If I made a very large radioactive ape called Gozilla, it would most certainly infringe on a (hypothetical?) Godzilla trademark.
But as long as there is low risk of confusion it is not infringement. I could probably start a lepidopterist consulting firm named Amazon.
https://en.wikipedia.org/wiki/FileZilla#Bundled_adware_issue...