Cookie-Stuffing Targeting Major Affiliate Merchants
Benjamin Edelman - Spyware Research, Legislation, and Suits

[ Overview - Effects - Examples of Cookie-Stuffing ]

Certain affiliate web sites use pop-ups, pop-unders, IFRAMEs, JavaScript, and other methods to claim affiliate commissions on users purchases from affiliate merchants, even if users do not click on affiliates' links to the merchants. This page documents selected affiliates using these practices and selected merchants suffering from these practices.

 

Related Projects

Overview & Summary

Affiliate tracking systems are intended to pay commissions to independent web sites ("affiliates") when users click through these sites' links to affiliate merchants. Merchants are not intended to pay commission when users merely visit affiliates' sites. Instead, commission ordinarily only becomes payable in the event that a user 1) visits an affiliate's site, 2) clicks through an affiliate link to a merchant, and 3) makes a purchase from that merchant.

However, some affiliates use "cookie-stuffing" methods to cause affiliate merchants' tracking systems to conclude that a user has clicked through a tracking link (and to pay commissions accordingly) even if the user has not actually clicked through any such link. If the user subsequently makes a purchase from that merchant -- immediately, or within the "return days" period specified by the merchant's affiliate program -- the affiliate then receives a commission on the user's purchase.

This page presents the incentives that have allowed cookie-stuffing to continue, and captures selected examples of cookie-stuffing. See also the Affiliate Fraud Information Lookup, reporting of the number of observations Wesley Brandi and I have gathered in ongoing high-volume tests for cookie-stuffing.

 

Return to top

Groups Affected by Cookie-Stuffing

Affiliate Networks Benefit from Cookie-Stuffing

Affiliate merchants ordinarily pay their affiliate networks a percentage of all affiliate revenues passing through the network. For example, Commission Junction's public pricing list reports that CJ charges a merchant 30% of all amounts to be paid to affiliates. (In other words, if a merchant sells $1,000,000 of merchandise and pays a 5% affiliate commission, then it must pay $50,000 of commission to its affiliates. It must further pay 30% of $50,000, or $15,000, to Commission Junction.) As a result, in the first instance, affiliate networks benefit from cookie-stuffing. Such cookie-stuffing increases the total volume of sales flowing through affiliate networks, and increases the affiliate commissions on which, for example, CJ can charge a 30% fee.

Set against this short-run incentive is the long-term problem that if affiliate networks fall greatly in value to merchants, or if affiliate networks are perceived to facilitate fraud, then merchants may no longer be willing to pay affiliate commissions and affiliate network fees. But in the short run, affiliate networks benefit from more money flowing through their networks.

To date, affiliate networks have failed to aggressively pursue, stop, and punish those affiliates using cookie-stuffing. Indeed, LinkShare has repeatedly granted a $15,000 award to affiliates later found to be using cookie-stuffing. In each instance LinkShare subsequently withdrew the award after pressure from affiliates, merchants, and others. (See MediaPost coverage.) LinkShare's repeated awards to affiliates using cookie-stuffing reveal that this technique extends to large affiliates and to well-regarded affiliates.

That said, affiliate networks' black-letter rules generally officially prohibit cookie-stufing. For example, Commission Junction's Publisher Service Agreement states that an affiliate publisher "may earn financial compensation ... for transactions ... made from such publisher's web site ... through a click made by a visitor ... through an Internet connection (link) to a web site." In all the examples set out below, no such click occurred, and therefore no commission is fairly earned given the limitations set out in the PSA.

 

Affiliate Merchants Suffer from Cookie-Stuffing

Affiliate merchants suffer financially from cookie-stuffing. Cookie-stuffing causes merchants to pay commissions that, according to program rules, they need not pay. Cookie-stuffing also causes merchants to pay commissions to the wrong affiliates -- to affiliates who never caused an actual user click-through -- which is likely to reduce the quality and effort of affiliates participating in the merchant's program.

 

Cookie-Stuffers Profit from Cookie-Stuffing

Cookie-stuffing apparently proves profitable for those who do it. Suppose an affiliate ordinarily has a 10% click-through rate from its site to its merchants. The affiliate ordinarily receives affiliate commission only if a purchase is made by one of the 10% of users who clicks through the affiliate's link. In contrast, by cookie-stuffing, the affiliate can claim commissions from any purchases made by the entire 100% of the affiliate's visitors.

 

Rule-Following Affiliates Suffer from Cookie-Stuffing

Rule-following affiliates suffer from cookie-stuffing. For one, rule-following affiliates' cookies may be overwritten by cookie-stuffers. Suppose a user clicks to affiliate site A, a rule-follower not using cookie-stuffing, and clicks through A's link to a given merchant. The next day, the user visits affiliate site B, a rule-breaker using cookie-stuffing as to the same merchant site. Using cookie-stuffing, site B sets an affiliate tracking cookie that overwrites A's cookie. If the user subsequently makes a purchase from the merchant, the affiliate commission will be paid to B, not A.

Rule-following affiliates also suffer from cookie-stuffing because cookie-stuffing encourages merchants to cut their commission rates. Without cookie-stuffing, merchants would be paying commissions on fewer orders. At least some merchants would likely then choose to increase commission paid on each order.

 

Return to top

Specific Examples of Cookie-Stuffing

This section links to my research and testing, showing cookie-stuffing targeting major affiliate merchants. In initial reporting, I have focused on cookie-stuffing targeting merchants CJ designates as "featured" and on merchants who participate in discussion fora on ABestWeb.

The table below gives "clear-cut" examples of cookie-stuffing -- affiliate HTML code that clearly shows intention to set affiliate cookies without a user clicking through any affiliate link.
Merchant Cookie-Stuffing Affiliate Date Notes
Amazon (an independent merchant) Avxf (qufrho-20) 10/6/08 Broken IMG loaded within forum page. Details and video.
Amazon (an independent merchant) consumernow.com (jumpondealscom) 11/6/04 Obfuscation via a redirect. Details and video.
Amazon (an independent merchant) Bannertracker-script 2/27/12 JavaScript invisibly inserted into multiple independent sites via web server hacking. 200+ affiliate IDs in use. Details.
Amazon (an independent merchant) Imgwithsmiles 5/2/12 Flash-based stuffing syndicated through Google AdSense display ad network. 49+ affiliate IDs in use. Details.
Argos (a CJ Advertiser) Eshop600 (3910892) 1/30/12 Encoded JavaScript and invisible IMG. 26 cookies stuffed at once. Details.
Barnes & Noble (a CJ Featured BFAST Advertiser) dailyedeals.com (BFAST 26682568) 11/4/04 Misleading JavaScript comments. Details and video.
Buy.com (a CJ Advertiser) Couponcodesmall (2705091) 10/5/08 Invisible IFRAME. Details and video.
Cooking.com (a LS Selected Merchant) dailyedeals.com (FZOkC4w7rNM) 11/6/04 Misleading JavaScript comments. Details and video.
Crucial.com (a CJ Featured Vantage Advertiser) dailyedeals.com (340672) 11/2/04 Details and video.
Dell (a LS Selected Merchant) jumpondeals.com (HAHu6s1Hzp4) 11/5/04 Obfuscation via a redirect. Details and video.
Dentalplans (an ABestWeb CJ merchant) consumernow.com (517038) 11/6/04 Obfuscation via a redirect. Details and video.
Drugstore.com (a LS Selected Merchant) dailyedeals.com (FZOkC4w7rNM) 11/6/04 Misleading JavaScript comments. Details and video.
Eastwood (an ABestWeb CJ merchant) aboutdiscounts.com (1311826) 11/4/04 SCRIPT after /HTML. Details and video.
eVitamins (an ABestWeb CJ merchant) couponvine.com (465743) 11/4/04  Two-step JavaScript. Details and video.
Folica (a CJ merchant) ahugedeal.us (568228) 11/8/04 Details and video.
Folica (a CJ merchant) ahugedeal.com (568228) 10/25/05 Still occurring with same affiliate ID, 11+ months after prior reporting. Obfuscation via a redirect. Details and video.
FunToCollect (an ABestWeb CJ merchant) specialoffers.com (306244) 11/6/04 Obfuscation via a redirect. Details and video.
Globat (a CJ merchant) coupon-monkey.com (1446676) 11/8/04 /CLICK loaded in IMG tag. Details and video. Note: Coupon-monkey claims cookie-stuffing was accidental. Details.
HostGator (an independent merchant) Avxf (dsplcmnt01) 10/6/08 Broken IMG loaded within forum page. Details and video.
HSN (a CJ Featured BFAST Advertiser) coupons-coupon-codes.com (BFAST 38772000) 11/4/04 Obfuscation via external JavaScript and redirect. Details and video.
iPowerWeb (a CJ BFAST merchant) bids2buy.com (1525933) 11/6/04 Details and video.
Irv's Luggage (an ABestWeb CJ merchant) edealinfo.com (600263) 11/4/04 IFRAME. Details and video.
JCWhitney (an ABestWeb CJ merchant) consumernow.com (517038) 11/6/04 Obfuscation via a redirect. Details and video.
LaptopsforLess (an ABestWeb CJ merchant) find-coupon.com (1525933) 11/4/04 Popup. Details and video.
Match.com (a CJ Featured Vantage Advertiser) asmartcoupon.com (1515738) 11/4/04 /CLICK loaded in IMG tags. Details and video.
MLB.COM (a CJ Featured Vantage Advertiser) edealinfo.com (600263) 11/4/04 IFRAME. Details and video.
Napster (a CJ front-page Featured Advertiser)  coupons-online-coupon.com (1167113) 11/4/04 Popup. Details and video.
Netzero (a CJ Featured Vantage Advertiser) consumernow.com (517038) 11/4/04 Obfuscation via a redirect. Details and video.
Orbitz (a LS Selected merchant) thewinnersclub.net (HAHu6s1Hzp4) 11/8/04 Obfuscation via a redirect. Details and video.
Oreck (an ABestWeb CJ merchant) 1couponstop.com (517038) 11/4/04 Obfuscation via a redirect. Details and video.
Overstock.com (an ABestWeb LS merchant) dailyedeals.com (FZOkC4w7rNM) 11/5/04 Misleading JavaScript comments. Details and video.
PetcareCentral (an ABestWeb CJ merchant) aboutdiscounts.com (276460) 11/4/04 SCRIPT after /HTML. Details and video.
Priceline (a CJ BFAST merchant) findsavings.com (40001021) 11/7/04 Details and video.
RapidSatellite (an ABestWeb CJ merchant) smartqpon.com (979227) 11/4/04 Details and video. Details and video.
Relaxtheback.com (a LS Selected Merchant) office-coupons-online.com (g/KOq4zlIIk) 11/6/04 Details and video.
Shoes.com (an ABestWeb CJ merchant) ultimatecoupons.com / webbuyingguide.com (1417434) 11/4/04 Cookie tracking of popunder triggering. Details and video.
ShopNBC (a CJ Featured BFAST Advertiser) ultimatecoupons.com / webbuyingguide.com (BFAST 38954339) 11/4/04 IFRAME. Details and video.
SkinStore.com (a CJ BFAST merchant) discount-coupons-online.com (568228) 11/6/04 Details and video.
Spafinder.com (a LS Merchant) ultimatecoupons.com / webbuyingguide.com (OEu024dtHXs) 11/6/04 JavaScript URL variable. Details and video.
Toshiba (a CJ front-page Featured Advertiser) consumernow.com (517038) 11/4/04 Obfuscation via a redirect. Details and video.
TigerDirect.com (an ABestWeb CJ BFAST merchant) findsavings.com (39104038) 11/5/04 Details and video.
Travelocity (a CJ BFAST Selected merchant) xpcoupons.com (40031581) 11/8/04 IFRAME. Placed after /BODY. Details and video.

The table below gives additional examples of cookie-stuffing. In these examples, I see insufficient basis to determine whether the affiliate intended to set affiliate cookies without a user clicking through any affiliate link. Nonetheless, that is the net effect of the examples linked below.
Merchant Cookie-Stuffing Affiliate Date Notes
DentalPlans (an ABestWeb CJ merchant) savings-center.com 11/4/04 FRAME. Details and video.
FunToCollect (an ABestWeb CJ merchant) goodbazaar.com 11/4/04 FRAME with META tags. Details and video.
JCWhitney (an ABestWeb CJ merchant) a2zrewards.com 11/4/04 FRAME with META tags. Details and video.
Travelocity (a CJ BFAST merchant) couponmountain.com 11/8/04 Redirect with META tags, broken BACK button. Details and video.

Because LinkShare's compliance and quality problems are already well-known (e.g. as described above, as to LinkShare's repeated Titanium Award missteps), the listing above focuses primarily on Commission Junction merchants.


Last Updated: May 8, 2012 - Sign up for notification of major updates and related work.