Shocked to learn that Brian Dunning has done this. I've been listening to his Skeptoid podcast for years. I always pictured someone of modest or middle class means because he solicits donations to help keep the podcast going. I didn't think he was also making millions from fraud. Ironically, 'consumer frauds' is one of things he has listed on his website as a target of his skeptical inquiry.
"Cookie stuffing refers to a web site writing a cookie to your browser without your knowledge or permission. ... It’s a scary-sounding term, but it’s fundamental to the way Internet advertising works. ... Cookie stuffing is more than just a standard practice; it’s an essential component of the mechanics of serving ads effectively."
Wow, that's a whopper. (the bit about cookie stuffing being normal)
As I understand it, they would do something like this: on every 1 of 10,000 page views (to Digital Point's forums, or other sites), they would embed a page from eBay (as the source of an image), which had their affiliate code in it. The visitor was none the wiser.
Keep in mind digital point gets a ton of traffic. Though only a small percentage had a cookie dropped, it added up to many.
Purely through coincidence, some of these people would later buy something on eBay in the next 30 days, earning them a commission. Its hard to argue they earned the commission, TOS or otherwise.
The articles mentions the guy who made the cooking stuffing software. He was pretty active on a private part of a forum I'm still part of.
Anyway eBay went after the forum as well, and promptly deleted his account and all the threads mentioning eBay. They also moved their servers offshore and deleted pretty much every thread that mentioned eBay in it.
I do remember he wrote a massive long thread about how the FBI raided his house and seized all his computers. He said the FBI agents weren't even told why they were conducting a raid on him and actually felt kind of sorry for him. He charged a pretty hefty price for the software ($500/month for the basic plan), but it was pretty advanced. They figured out that they could spoof referrers in flash, so rather then have a 1x1px image file, it was a tiny .swf file.
People were banking on that though, eBay first, then Amazon. You could buy shitty porn traffic and parked domain traffic for literally $1-2/1000 uniques visitors and stuff them all with cookies.
It was also round the same time Craigslist cracked down on affiliate marketers. People were literally getting hundreds of conversions a day on rebill offers like credit ratings and dating verification offers. One guy fled to South America so Craiglist and the FBI couldn't find him as he was literally making 6 figures a day.
I probably have said too much, but now everyone is pretty smart now.
Facebook were the last ones to smarten their act up since their whole system/backend had so many loopholes in there it wasn't funny. Plus their security team only worked Monday-Friday, so if you noticed up until 2012, there would be a bunch of spam on your feed during the weekends.
I also tend to believe that these companies sanctioned this activity until they were against it. A year after they claim to have started investigating it, they invite one of the guys to a private dinner where he is the only non-eBay employee in attendance, and treat him like a king. Its a contradiction.
Very interesting stuff. That must have been a fun forum at the time, when easy money was to be made like this. Thanks for the insight.
> Much of Hogan's apartment was a clutter of screens, hard drives and keyboards — which the FBI confiscated.
That must have been some very advanced and dangerous looking screens and keyboards.
Why do we still accept this kind of confiscation of unrelated goods, while throwing big objections if the police had confiscated jewelery, clothes, or anything other non-connected but expensive items? By now, for all the tons of electronic items confiscated during raids, has any single screen or keyboard ever been part of the evidence provided to a court?
I'm sure a lot of laptop computers containing screens and keyboards have been used as evidence. It may be a little too much to ask FBI agents to only take that which contains data, when it's not necessarily always completely apparent.
Ok, there was quite a bit of discussion below about where the money is.
In verticals like e-commerce, it is indeed dominated by about 100-200 players. These guys range from RetailMeNot which is owned by Whale Shark Media to companies like FatWallet and Ebates. There is actually a big variety of major players in the space, but still most commissions are concentrated with them.
If you get into CPA, there's many, many more players out there. I know a few personally that make ~$100k+/month and one that does $500k. However, the commissions aren't concentrated with them. There are thousands of players making $5k-$15k/month with campaign churn. They tend to be 1-person shops working on the latest hot offer.
CPA is very crowded but is easy (sort of) to break into. There's a lot of money to be made, but you also deal with a huge amount of fraud and competition.
I was able to make a very comfortable living as an affiliate in high-end lead generation and B2B, both places where it was extremely difficult to compete with me. There are many segments like this where time and being willing to pick up the phone are often all the competitive advantage you need.
However, what happens is you can build a business or a site or do the campaign churn. People that build sites make some money for a while but are often crushed by more dedicated competitors. People doing the campaign churn (they don't own sites, just advertise stuff and make money off the difference) can keep going for a while, but have to constantly seek out new advantages.
Last, the ones that build businesses make the big bucks. And they often become more than affiliates, seeking to sell the products themselves or vertically integrating in their chosen space. One I know was dealing with travel and eventually became the booking agency for his vertical. No one can compete because he has exclusive direct relationships - the same advantage I sought in my own verticals.
There is a ton of money to be made, but it is a field fraught with risk, fraud, deception and hyper-competitive people with far fewer scruples than you.
I chose to leave the field after making my pile and build the tools I always wanted when I was in it - a much better business overall.
The dirty secret is that 90% of affiliate revenue is generated by coupon sites. For the most part retailers are giving away money that they probably would've generated any way w/o the affiliate.
I agree, but the line that defines fraud is scarily unclear, IMO.
Should the Airbnb founders be sent to prison for spoofing interest in Craigslist ads and breaking their TOS? If the consensus shifts to yes, then our industry will become a very scary place to invest time and energy.
"So eBay installed a tiny “gif” file on its homepage. A gif is simply an image file. This one was so tiny no one could see it. It sat there invisibly."
I would suspect the idea started out just as one of wondering how flawed eBay's affiliate tracking system was. Then, they figure well may be I'll be able to do this a few weeks or a month, they'll kick me off and I won't get paid. But, that doesn't happen and instead commissioned account reps (I am assuming they are on commission) keep encouraging it.
A lot of things fall under wire fraud rules. A lot of very common and routine business practices qualify as wire fraud. The fact that that is the only charge is very telling.
Does anyone get what the author actually means in the "invisible gif" paragraph? Makes no sense to me how this could actually have helped to decide if the traffic was real or malicious :/
I came really close to getting into cookie stuffing back in its heyday. I'm really glad I didn't. No one gave a second thought to it 5 years ago. I never once saw the words "fraud" and "cookie stuffing" on the same page.
Around that time I worked on finding ways to do untraceable cookie stuffing. Bouncing people through SSL to kill the referer, using Flash, etc. I even found a security hole in IE that gave me access to cross domain iframes. That was killer because you could load another site in an iframe then use JS to click an affiliate link or manipulate the page, making it appear completely legit.
Luckily it never went past research. I registered a domain and planned on creating a cookie stuffing service but never finished it and never did any actual cookie stuffing.
Real Quick: Just wondering, what if you made a browser extension that replaced all the links a user saw on every page they visited to affiliates links from Amazon and Ebay? Would that work?
[+] [-] celticjames|13 years ago|reply
Found this blog post with court documents and background: http://www.skepticalabyss.com/?p=291
EDIT: Found this old blog post by Brian Dunning: http://skeptoid.com/blog/2011/10/05/a-partial-explanation/
"Cookie stuffing refers to a web site writing a cookie to your browser without your knowledge or permission. ... It’s a scary-sounding term, but it’s fundamental to the way Internet advertising works. ... Cookie stuffing is more than just a standard practice; it’s an essential component of the mechanics of serving ads effectively."
[+] [-] qeorge|13 years ago|reply
As I understand it, they would do something like this: on every 1 of 10,000 page views (to Digital Point's forums, or other sites), they would embed a page from eBay (as the source of an image), which had their affiliate code in it. The visitor was none the wiser.
Keep in mind digital point gets a ton of traffic. Though only a small percentage had a cookie dropped, it added up to many.
Purely through coincidence, some of these people would later buy something on eBay in the next 30 days, earning them a commission. Its hard to argue they earned the commission, TOS or otherwise.
[+] [-] Matsta|13 years ago|reply
The articles mentions the guy who made the cooking stuffing software. He was pretty active on a private part of a forum I'm still part of.
Anyway eBay went after the forum as well, and promptly deleted his account and all the threads mentioning eBay. They also moved their servers offshore and deleted pretty much every thread that mentioned eBay in it.
I do remember he wrote a massive long thread about how the FBI raided his house and seized all his computers. He said the FBI agents weren't even told why they were conducting a raid on him and actually felt kind of sorry for him. He charged a pretty hefty price for the software ($500/month for the basic plan), but it was pretty advanced. They figured out that they could spoof referrers in flash, so rather then have a 1x1px image file, it was a tiny .swf file.
People were banking on that though, eBay first, then Amazon. You could buy shitty porn traffic and parked domain traffic for literally $1-2/1000 uniques visitors and stuff them all with cookies.
It was also round the same time Craigslist cracked down on affiliate marketers. People were literally getting hundreds of conversions a day on rebill offers like credit ratings and dating verification offers. One guy fled to South America so Craiglist and the FBI couldn't find him as he was literally making 6 figures a day.
I probably have said too much, but now everyone is pretty smart now. Facebook were the last ones to smarten their act up since their whole system/backend had so many loopholes in there it wasn't funny. Plus their security team only worked Monday-Friday, so if you noticed up until 2012, there would be a bunch of spam on your feed during the weekends.
[+] [-] unreal37|13 years ago|reply
Very interesting stuff. That must have been a fun forum at the time, when easy money was to be made like this. Thanks for the insight.
[+] [-] driverdan|13 years ago|reply
[+] [-] belorn|13 years ago|reply
That must have been some very advanced and dangerous looking screens and keyboards.
Why do we still accept this kind of confiscation of unrelated goods, while throwing big objections if the police had confiscated jewelery, clothes, or anything other non-connected but expensive items? By now, for all the tons of electronic items confiscated during raids, has any single screen or keyboard ever been part of the evidence provided to a court?
[+] [-] Sujan|13 years ago|reply
(And yeah, I'm totally ok with it)
[+] [-] unknown|13 years ago|reply
[deleted]
[+] [-] mikeash|13 years ago|reply
[+] [-] kposehn|13 years ago|reply
A better statement would be: "The problem with the eBay affiliate program is that there isn't much money in it."
This is not a problem with affiliate marketing in general.
[+] [-] kposehn|13 years ago|reply
In verticals like e-commerce, it is indeed dominated by about 100-200 players. These guys range from RetailMeNot which is owned by Whale Shark Media to companies like FatWallet and Ebates. There is actually a big variety of major players in the space, but still most commissions are concentrated with them.
If you get into CPA, there's many, many more players out there. I know a few personally that make ~$100k+/month and one that does $500k. However, the commissions aren't concentrated with them. There are thousands of players making $5k-$15k/month with campaign churn. They tend to be 1-person shops working on the latest hot offer.
CPA is very crowded but is easy (sort of) to break into. There's a lot of money to be made, but you also deal with a huge amount of fraud and competition.
I was able to make a very comfortable living as an affiliate in high-end lead generation and B2B, both places where it was extremely difficult to compete with me. There are many segments like this where time and being willing to pick up the phone are often all the competitive advantage you need.
However, what happens is you can build a business or a site or do the campaign churn. People that build sites make some money for a while but are often crushed by more dedicated competitors. People doing the campaign churn (they don't own sites, just advertise stuff and make money off the difference) can keep going for a while, but have to constantly seek out new advantages.
Last, the ones that build businesses make the big bucks. And they often become more than affiliates, seeking to sell the products themselves or vertically integrating in their chosen space. One I know was dealing with travel and eventually became the booking agency for his vertical. No one can compete because he has exclusive direct relationships - the same advantage I sought in my own verticals.
There is a ton of money to be made, but it is a field fraught with risk, fraud, deception and hyper-competitive people with far fewer scruples than you.
I chose to leave the field after making my pile and build the tools I always wanted when I was in it - a much better business overall.
[+] [-] AznHisoka|13 years ago|reply
The dirty secret is that 90% of affiliate revenue is generated by coupon sites. For the most part retailers are giving away money that they probably would've generated any way w/o the affiliate.
[+] [-] rwmj|13 years ago|reply
[+] [-] thetrumanshow|13 years ago|reply
Should the Airbnb founders be sent to prison for spoofing interest in Craigslist ads and breaking their TOS? If the consensus shifts to yes, then our industry will become a very scary place to invest time and energy.
[+] [-] unknown|13 years ago|reply
[deleted]
[+] [-] curiousdannii|13 years ago|reply
[+] [-] AJ007|13 years ago|reply
A lot of things fall under wire fraud rules. A lot of very common and routine business practices qualify as wire fraud. The fact that that is the only charge is very telling.
[+] [-] Sujan|13 years ago|reply
[+] [-] kreilly|13 years ago|reply
[+] [-] dopamean|13 years ago|reply
[+] [-] mmanfrin|13 years ago|reply
[+] [-] robk|13 years ago|reply
[+] [-] xSwag|13 years ago|reply
[+] [-] ianhawes|13 years ago|reply
[+] [-] alanlewis|13 years ago|reply
[+] [-] hackerboos|13 years ago|reply
[+] [-] driverdan|13 years ago|reply
Around that time I worked on finding ways to do untraceable cookie stuffing. Bouncing people through SSL to kill the referer, using Flash, etc. I even found a security hole in IE that gave me access to cross domain iframes. That was killer because you could load another site in an iframe then use JS to click an affiliate link or manipulate the page, making it appear completely legit.
Luckily it never went past research. I registered a domain and planned on creating a cookie stuffing service but never finished it and never did any actual cookie stuffing.
[+] [-] magikbum|13 years ago|reply
[+] [-] ChrisNorstrom|13 years ago|reply
[+] [-] dude3|13 years ago|reply
[+] [-] cpncrunch|13 years ago|reply