Cookie-Stuffing Targeting
Cookie-Stuffing Targeting Major Affiliate Merchants - Ben Edelman

More than eleven months ago, I specifically reported cookie-stuffing by, targeting Despite that report, substantially the same targeting remains in effect today -- still using the same Commission Junction publisher ID (PID) to target Folica in the same way.

As of October 25, 2005, the page page was #44 in Google results for "folica coupon" (without quotes). The specified URL included the following JavaScript code, which opened a new window giving the Folica site as reached through an affiliate link:

<script language="JavaScript">
<script language="javascript">

My packet sniffer confirmed that entails a redirect to a CJ affiliate link to Folica:

GET /merchants/s4623.php?afsrc=1 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Connection: Keep-Alive

HTTP/1.1 302 Found
Date: Wed, 26 Oct 2005 03:00:15 GMT
Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7a PHP/4.3.11 mod_perl/1.29 FrontPage/
X-Powered-By: PHP/4.3.11
Keep-Alive: timeout=5, max=497
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

<a href=''>Click here if you are not automatically redirected</a>

I captured the resulting on-screen display in a video (WindowsMedia format, view in Full Screen mode). I also preserved a full packet log of these findings.

The resulting on-screen display was as shown below. Notice the main site visible at right, with the affiliate link popunder below and behind, at left.

My testing and video clearly show ahugedeal invoking CJ affiliate links without an affirmative end-user request for such links -- classic "forced clicks" or "cookie-stuffing." Brian Livingston recently reported Commission Junction hiring Cyveillance to find such behaviors. That's a commendable project (although to my mind considerably less urgent than tracking down rogue affiliates using spyware, a problem for which I recently built a special-purpose crawler). But it's hard to endorse Cyveillance's efforts or CJ's own compliance team if, 11+ months after I previously reported this behavior by this same affiliate, that exact same behavior continues unabated.

In my testing, this is but one of many CJ affiliates still using cookie-stuffing methods. Indeed, of the affiliates I previously reported using cookie-stuffing, Ahugedeal is not the only one still using these methods.