One of the longest-visited and most useful sites on the Web is showing signs of what happens when you get acquired by a giant corporation. I've noticed a couple of serious problems, including:
- Download links that lead to third-party sites, at least one of which served up something that is clearly not what is advertised on the page, and
- Software that is stored on download.com's servers, but which contains malware-like behavior; i.e, attempting to open up a webpage dubious enough to cause my antivirus software to block it.
Starting nearly a month ago, I have been trying to report these problems through a number of channels, including clicking the "Report a problem" link on the relevant page, posting advisories in the user review sections, sending email to several different support addresses, and tweeting @CNETDownloads, and I have gotten no response. Nor, more importantly, were the problems I reported addressed.
I finally thought to look on Facebook, and did at least get an acknowledgment there. However, the discussion thread seems to have been removed from their wall. You can still see it, but only if you know the exact link.
I am happy to report that the two specific problems I reported have been addressed as of late this morning. (He said after checking his links for this post. Thanks, Nathan.) Still, it seems worth leaving this little rant up, because I shouldn't have had to work so hard to get my messages delivered. A "Report a Problem" link should actually do something, shouldn't it?
And ideally, some sort of algorithm would scan user input and add a little weight to posts and emails from people who have been members since forever. I mean, the word Community hasn't become completely empty, has it, CBS?
Don't answer that.
And there is of course the larger problem of putting up a download link that points to a third-party server. I mean, if there is an easier way to open up a security hole that you could drive a truck through, I can't think of it.
That should never have happened.
I don't have a problem with them referring users to highly credible sites, such as addons.mozilla.org, but you can't let the guy running joes-sketchy-server.ru or whatever cash in on the trust that the download.com name carries. Or once carried.
There's yet another new annoyance. I am grateful to Trent Todd, in that FB discussion thread, for pointing out that it is actually much more obnoxious than I had realized. Here's a brief description.
Rather than just serving up the software directly, download.com has recently begun serving up their own wrapper installation program. It has been using this approach for an increasing number of specific software packages, at least based on my sampling. In addition to handling the download you actually want, this wrapper program also tries to get you to install other stuff. While I have found it easy enough to spot what I should uncheck or decline, I realize now that for a less
cynical experienced computer user, the authoritative appearance of this wrapper program -- including large-type phrases like "Strongly Recommended" -- would likely intimidate a lot of people into accepting whatever was about to be shoveled onto their machines.
I'm a little late to the dance on this one, as a look at the report by insecure.org that Trent referred me to will show. It appears that, at last, some notice has been taken by management at download.com. Perhaps not enough, if the comments under that post, and the updates at insecure.org's post, are any indication, but at least the new direction is encouraging. And as noted above, I am happy to report that my specific reports were acted upon.
The other bit of good news, which I have no doubt actually caused the response by download.com's management, is that some of the bigger guns on our side, like the EFF, Boing Boing, and a bunch of computer security pros, have been taking a hard look at download.com recently. Let's hope download.com continues to clean up its act, and let's all keep up the pressure on them until they do.