Using Ubuntu To Create An Illegitimate Referral Based Profit Center


Dirty Deeds, Done Dirt Free

As we near the release of the biggest consumer-oriented commercial software to ever hit Linux, some negative realities from other platforms may make a nasty appearance in Ubuntu.  Why?  That’s easy; as Ubuntu gains traction with the desktop buying masses, there will be more and more individuals who are simply not educated enough to discern between quality software and not.

In Windows, there is a whole boatload of illegitimate businesses that operate on a blurry line of legality.  What started as a way to monetize free-ware –not free software –, turned into a business model that exploits open source software.  For more information, take a look at this post.  It shows how criminals take open source code and rebuild the installers to gain referral income from malware, freeware and other.  The upsetting part of this is that these activities will be a whole lot easier in Ubuntu…

The Deed

In the article I referred you to previously, you learned how these modern day “journeying itinerants” take open source software, rebuild the installers, and stuff them full of advertisements and links to gain referral income.  Money for nothin’.  Many of these are not even rebuilt.  They are just a series of dialog boxes that move from referral and license agreement to the next.  Once you’re through these dialogs, the application will reach out and download the actual installer from a project mirror, wasting project bandwidth.

It will get a whole lot easier on Ubuntu…  How?  Let’s say you just installed Ubuntu on Grandpa’s computer.  Grandpa is interested in the Gimp.  He didn’t know about the software center because you forgot to tell him, so he hops on Firefox and searches for ‘Gimp for Ubuntu’.  Most of these smooth operators pay for sponsored links at the top of search results, and that’s just what he’ll see at the top.  He’ll click and see a download of Gimp for Ubuntu, only there will be no Gimp there.  It’s going to be a series of dialog boxes that moves from referral and license agreement to the next.  At the end of the script it will reach out for the Gimp with ‘sudo apt-get install gimp‘.

It gets better.  Next, the scam artist is going to offer another package for the Gimp plugin registry, also already in the Ubuntu repos.  Get ready folks.  If any of our clever readers are looking into taking on this illegitimate project, feel free to thank me in the comments for your inspiration.

Note:  We highly doubt that this future behavior will trickle down to plain-jane Debian…

About Dean Howell

Aside from being a huge Sega fan, Dean is an LPIC certified Linux professional with over a decade experience. In addition to spending his free time burning through the classics from Sega and evangelizing open source, he's also the editor-in-cheif of The Powerbase.
  • Aaron Wolf

    I guess we need to focus on educating people about Free Software rather than just caring that they use it. Grandpa needs to understand that there are con artists out there and he needs to know who to trust. So you, whoever you are, ought to be installing Adblock Plus on his Firefox! And tell him about the software center…

    • Dean Howell

      Aaron, if we all installed Adblock plus, the Internet would be a terrible place. Many great websites would disappear because they would not be able to afford to operate.

      • Aaron Wolf

        Well, Dean, it isn’t a singular answer in itself. But two things:

        1. you can whitelist any site you want to support. Adblock just gives you control. In fact, Adblock is now set on installations to default to allowing mild non-intrusive ads.

        2. In principle, we have a certain amount of resources and the ad system is not the only mechanism to route resources in certain directions. Ads are actually a very problematic solution, and we ought to be able to do better. I recognize the challenges though. I am actually working on developing other alternatives, actually founding an organization dedicated to better funding mechanisms, and I intend to contact you soon to share the ideas. They are connected to the FLOSS focus of thepowerbase…


        • Dean Howell


          I am very receptive to alternative ways to monetize. Who are you affiliated with and what are you actively pursuing? Can we help in some way?

          • Aaron Wolf

            Dean, I am founding my own venture, and it will be cooperatively run. And we are in the early stages, and I have proposals up on a draft site. I will be sending you a private invite soon. I think you will be very interested. All for now. Cheers.

        • Floss

          How about not going to sites you don’t wish to support, then you still have no use of Adblock

          • Aaron Wolf

            Only going to sites you wish to support is reasonable in some sense, but it doesn’t at all apply to helping Grandpa. Problem is: there’s no “block access to sites entirely if they use ads” system, and most people wouldn’t accept that.
            I’d be ok with a system that put a red tint over every ad and marked it ADVERTISEMENT. But the whole issue here is that Grandpa or whoever else is susceptible to ads which can often not be in their interest.
            Here’s a novel idea: I might be ok with a system in which all ads were guaranteed to meet a strict series of ethical requirements, from the manner of advertising to the ethics of the ad itself. If I could be sure the ads on a certain side met those, then I’d be willing to allow them and to visit the site with the ads unblocked.

            Seeing as the issues with things, I don’t blame people for accepting or placing ads nor for blocking them. We’re all trying to figure out how to manage best in a flawed system, and there’s no clear answer.

  • JMC

    Dean, discussion on Ubuntu aside, your continued use of this depiction of Roma/Gypsies just reinforces the idea that you most likely are a racist. Several people brought this up in comments to you a few months ago, but you apparently insist on keeping it up. What is your deal?

  • WTF

    If “grandpa” doesn’t know about Software Center or apt-get for that matter, it’s way more difficult he will come up with a search like “Gimp for Ubuntu” in Google. Most probably, he will call the one who installed Ubuntu and ask him about a “photo editing application like photoshop”, and so, then, he will learn about Software Center.

    This article is useless FUD. The problem with “illegitimate software” is in the Windows World, were everyone searches anything in Google and downloads from illegitimate sites. Linux distributions and central repositories with signed packages is the best solution for the beginners. Experienced people know better than to download/run binaries from bizarre sites.

  • PJ

    You just figured out that is why Ubuntu is headed in the direction it is…a search from the dash would have found the application requested w/o going out to untrusted sites.

    • Dean Howell

      Is the Dash the first place that you search for things?

  • m.r.f

    What if Grandpa opened Dash & searched for Gimp – ‘cos that’s where he finds everything in ubuntu ;-} – firefox – what’s that?

  • K. Darien Freeheart

    This has nothing to do with Ubuntu at all, and is entirely predicated on the fact that users are idiots.

    Users are the single biggest vector for security breeches on every OS, forever, and this will never, ever change. Even on the Windows platform, most viruses and adware are installed by the user. Users with administrator access can, and are, convinced that they want “this thing” and they will install it. I’ve seen management in IT companies that don’t escape this.

    Rather than complaining that Ubuntu is ushering in Armageddon, you should take every effort to fix the one, and only, flaw in this scenario.

    “He didn’t know about the software center because you forgot to tell him.”

    Anybody who gives another person root access (notice the sudo) to a box expecting him to administrate it themselves without first explaining fundamental basics like “How to add or remove software” is an idiot. They are a threat to the internet and probably end up wasting a lot of their life “solving” computer problems that could have easily been solved by NOT being stupid in the first place.

    If that was too harsh – you are NOT doing Grandpa a favor by switching him to an unfamiliar operating system, giving him root, and then expecting him to deal with the fallout. Why do you treat Grandpa so poorly?

  • Dean Howell

    Guys, the point of the article is not the threat posed to grandpa, or any security vulnerabilities in Ubuntu. It’s just supposed to illustrate how easy it would be to pull it off.

  • mish

    I don’t let grandpa have sudo access. I don’t tell him about the software centre. He doesn’t need it to read e-mails and look stuff up online. I keep it as simple as possible, with unity. I’d lock him down further with chromeOS if I could. Even a 3-year-old could use that, with little opportunity to install anything. That is the most secure system, one which locks him down completely. Since replacing his old windows PC for an equally-old ubuntu one, grandpa has bothered me much less than he used to. I’d never encourage him to install gimp, it would only confuse him, and he doesn’t need it to send e-mails, browse the web, look at his photos and compose letters. But, in case her does ever want it, it is there all ready installed for him, along with TeamViewer so I can have a look if he does run into problems.

    Yup, if linux on the desktop ever does get popular, I am sure somebody will find it worthwhile exploiting the vulnerable. But, as the desktop is set to become increasingly limited to users who use PC’s for things other than simply browsing the web and reading e-mails, Linux on the desktop will tend to remain limited to people for whom using a computer is an end in itself, rather than a means to end, and people less likely to be targeted than grandpa, who by then will have switched to an android tablet, chromebook, or joliOS.

    • jgmitzen

      >I don’t let grandpa have sudo access. I don’t tell him about the
      software centre.

      >He doesn’t need it to read e-mails and look stuff up
      online. I keep it as simple as

      >possible, with unity. I’d lock him down
      further with chromeOS if I could.

      If Grandpa wanted to live like that, Grandpa could still be using the Windows his computer came with. If you’re going to be locked down, locked out and not able to use the features of the OS, there’s no point to it. Per this example, Grandpa would be searching for “GIMP for Ubuntu” online precisely because you didn’t tell him about the software center!

      If you’re going to swap his OS, you’re either going to have to educate him about it, provide him with the materials to educate him about it, or assume support responsibilities yourself.

  • Pingback: Links 31/10/2012: Valve Likes GNU/Linux. EFF Does Not Like Unity in Ubuntu 12.10 | Techrights()

  • Pingback: TypeCatcher: The Best Font Fetcher For Ubuntu()

  • Pingback: TypeCatcher: The Best Font Fetcher For Ubuntu | OpenSource.Cipto.US()