Cookie-Stuffing Targeting globat.com

Cookie-Stuffing Targeting globat.com
Cookie-Stuffing Targeting Major Affiliate Merchants - Ben Edelman

This page reports cookie-stuffing by coupon-monkey.com, targeting globat.com.

As of November 8, the http://www.coupon-monkey.com/coupon-categories/web-hosting-coupons.php page included an IMG (image) tags that, in its SRC ("source") tag, referenced a Commission Junction tracking link. See the following IMG code, taken directly from the page's HTML code.

As my ordinary Internet Explorer browser loaded this page (i.e. without me clicking on the image or on any other part of the coupon-monkey web page), my browser requested the /click-... link from Commission Junction. The CJ /click link returns a series of redirects that ultimately take the user to a globat.com landing page. Internet Explorer requests these redirects notwithstanding that the /click link originates in an IMG tag -- a HTML construct capable only of showing an image, and incapable of showing a full web page of the sort ultimately returned by /click links. Furthermore, Internet Explorer sets cookies as instructed by the Set-Cookie headers in the various CJ redirects. As a result, notwithstanding that the CJ tracking link has been placed in an IMG tag rather than, e.g., in an IFRAME, the IMG tag is nonetheless successful at cookie-stuffing, and at setting tracking codes such that a user's ultimate signup with globat.com will cause commission to be paid to asmartcoupon.com.

No other link, IMG tag, or other HTML element on this page includes any CJ /click link.

I captured the resulting on-screen display in a video (WindowsMedia format, view in Full Screen mode). I also preserved a full packet log of these findings and a full listing of the resulting cookies files.

Update (March 2005): Staff from Coupon-monkey.com recently wrote to me to represent that their reference to a CJ /CLICK link within an IMG tag was an error. Coupon-monkey staff say they intend to follow all applicable CJ rules, and they say this error was corrected when brought to their attention. Reviewing other pages on the Coupon-monkey site, I see no other pages currently using the IMG-based cookie-stuffing method, nor any other cookie-stuffing method, and Coupon-monkey's statement of the sequence events leading to the error (a copy-and-paste into the wrong field) seems credible and believable under the circumstances. I therefore tend to credit Coupon-monkey's claim that the cookie-stuffing at issue was unintentional.

In my testing, this is but one of many affiilate web sites targeting this and other merchants. For example, the #1 Google result for "globat coupon" is www.consumernow.com/Globat_coupon , which uses cookie stuffing precisely along the lines of that shown as to consumernow's targeting of Toshiba, Netzero, JCWhitney, and DentalPlans.