It’s one thing when the folks running an Open Source software project admit to crossing over to “the dark side” and wrapping their installer with advertising software — which most people call malware. Such a project would be FileZilla, the FTP client that used to be so popular. So if you want a clean version of FileZilla, get it from Ninite. If fact, if Ninite lists anything at all that you want, theirs is probably the easiest and safest route.
But it’s another thing entirely when the folks running a project have their installer hijacked by someone else when they really don’t have much choice. In the past, SourceForge has pulled this stunt with other projects and is now doing it with GIMP for Windows. Don’t get it from them. Now, I use GIMP and recommend it for image modifications when you can’t afford PhotoShop. It’s okay for most simple uses.
So if you want a clean install you can still get it from Ninite of from their official downloads page. It doesn’t show the Windows version immediately; you have to scroll down and click on an orange link “Show other downloads”. The page will shift in most browsers so you’ll probably need to scroll down again so you can see the big download button for whatever is the current version for Windows.
I can recall when SourceForge was the very symbol of Open Source ethics. Seems to me some years ago projects started fleeing them for other services like GitHub, Savannah, etc. Recently I’ve seen a similar exodus from projects hosted by Google. Gotta watch them like a hawk.