|
1
|
- Benjamin Edelman
www.benedelman.org
|
|
2
|
- Installation methods of unwanted programs
- Basic functions & business models
- Effect on affiliate merchants and affiliate programs
- Related research
- Q&A
|
|
3
|
- student
- researcher
- consultant
- expert in litigation
- details: www.benedelman.org
|
|
4
|
- Security holes
- Bundles
- Drive-by downloads
- Request
|
|
5
|
|
|
6
|
|
|
7
|
|
|
8
|
|
|
9
|
|
|
10
|
- Show advertising
- At merchant’s specific request
|
|
11
|
|
|
12
|
- Show advertising
- At merchant’s specific request
- Via affiliate program
|
|
13
|
|
|
14
|
- Show advertising
- At merchant’s specific request
- Via affiliate program
- Set/replace affiliate codes, get commissions
|
|
15
|
- Show advertising
- At merchant’s specific request
- Via affiliate program
- Set/replace affiliate codes, get commissions
|
|
16
|
|
|
17
|
|
|
18
|
|
|
19
|
|
|
20
|
- Show advertising
- At merchant’s specific request
- Via affiliate program
- Set/replace affiliate codes, get commissions
- Grab traffic and “eyeballs”
- Not-found pages
- Default search engines
- Desktop icons
|
|
21
|
- Sneaking onto users’ computers
- Claiming commissions where need not be paid
- Other issues
- Interrupting users with extra ads
- Slowing users’ computers; unreliability
- Hard to remove
- Deleting competitors’ programs
|
|
22
|
- Sneaking onto users’ computers
- Claiming commissions where need not be paid
- Other issues
- Interrupting users with extra ads
- Slowing users’ computers; unreliability
- Hard to remove
- Deleting competitors’ programs
|
|
23
|
- Want to be associated with this mess?
- Affiliates might place ads with Claria, 180, etc. without merchant’s
authorization
- Dell didn’t notice for 4+ months
|
|
24
|
- Want to be associated with this mess?
- Affiliates might place ads with Claria, 180, etc. without merchant’s
authorization
- Dell didn’t notice for 4+ months
- Lawsuits – LL Bean v. JC Penney, Nordstrom, others
|
|
25
|
- Underlying promise of affiliate marketing – getting customers
- Compare: Paying for users you already have – type-ins, print
advertising, etc.
- Bad actors who intercede and claim commissions without adding real value
- All they did is sneak onto users’ PCs.
- 180, some TopMoxies, many more
|
|
26
|
- Want to encourage bona fide, rule-following affiliates.
- Attract and retain better affiliates, encourage their best efforts.
- Spyware takes money from rule-following affiliates.
|
|
27
|
- Nothing.
- Hope for network to take action.
- Hope you’re not a target.
|
|
28
|
- Nothing.
- Hope for network to take action.
- Hope you’re not a target.
- Research
- Talk to other affiliate managers. Read industry discussion forums. → Identify known or suspected
wrongdoers.
- Browse affiliate lists, look for suspects.
|
|
29
|
- Hands-on testing
- Install spyware on a test PC
- Browse own web site, see what happens.
- Beware of invisible interference.
- Browse competitors’ web site, check for own ads.
- Investigate outsourced testing services.
|
|
30
|
- Don’t believe everything you’re told.
- Networks say they’re on top of this problem.
- 180 says “no hiding, no spying” and “our programs are only downloaded
with user consent and opt-in.”
- Ebates says they’re installed only with notice and consent. My video showing otherwise.
|
|
31
|
- Spyware installed through security holes
- http://www.benedelman.org/news/11804-1.html
- Ebates installed through security holes
- http://www.benedelman.org/news/121504-1.html
- 180solutions analysis in detail
- http://www.benedelman.org/spyware/180-affiliates
- Dell affiliate links running on Claria
- http://www.benedelman.org/news/060404-1.html
- Other programs; anti-spyware legislation; etc.
- http://www.benedelman.org
|
|
32
|
|
|
33
|
- Robert Grosshandler asks: You mention CJ tells you they found a problem
before you did. What can they, and other networks, do to be more
responsive to issues like these?
- Networks can establish testing procedures to be proactive in looking for
rule-breakers. Every month, I test every single ad being displayed by
180solutions -- so if there's anyone new running an affiliate ad on
180solutions, I know about it. With smart system design, it's possible
to catch 180 ads that stuff cookies -- that ask a merchant to pay
commissions for visitors the merchant had already received. That's the
kind of thing smart networks can do and, I think, probably ought to be
doing. Of course, it's an effort that needs to extend well beyond 180 --
there are all too many programs using similar methods.
- This isn't easy work -- it requires folks with an odd combination of
programming skills plus an inclination to take on forensic
investigations. And it's not in networks' short-term financial interest
-- in the short run, this will only cost networks money, via foregone
(albeit ill-gotten) commissions they other would have received. But it's
the only way I've found to rigorously detect fraud.
|
|
34
|
- Karen Casey asks: You showed a screen shot of igive.com. Do they load
unwanted or questionable software?
- In my testing, most users have iGive software because they (or at least
someone using their computer) requested it. In my testing, iGive
software doesn't install itself aggressively -- installation through
security holes or poorly-disclosed bundles. So far so good.
- But there are problems. Affiliate networks have rules about the way
software programs can claim commissions. For example, in general
software programs can't claim commissions that would otherwise have gone
to other affiliates. I've recently read reports, and done testing for
myself, indicating that iGive sometimes breaks these rules.
- Then there's the big-picture question for merchants: What business
benefit accrues from having iGive in a merchant's program? Some iGive
members surely choose to direct their business to iGive-affiliated
merchants -- so merchants might lose some business if they dropped iGive
. On the other hand, if users are really so determined to shop at iGive
merchants, maybe those users should have to demonstrate their commitment
by browsing to the igive.com site in order to cause commissions to
accrue. If users forget to go to igive.com, and merely rely on iGive
software installed on their PCs, it's less clear that iGive truly
deserves credit for the purchase. Maybe the user would have made that
purchase from that merchant anyway, even if the merchant didn't participate
in iGive.
- For many merchants that I talk to, the desired result is to stay listed
on the igive.com site, but to opt out of the iGive software download.
That seems pretty sensible to me.
- These same thoughts hold true for Ebates and other software downloads
(BargainBuddy, Shop At Home, etc.). Though note that many of these other
programs use aggressive installation methods, so that it's not always
true (or for some programs, it's not even often true) that users have
this software because they actually want it. Sometimes they got it
through trickery, making it all the less clear why the programs deserve
to be paid affiliate commissions.
|
|
35
|
- Deborah Carney asks: Do you recommend a parasite detection script that
can be posted on our websites?
- www.doxdesk.com/parasite does have a parasite detection script. It's not
perfect, but it does do a good job of telling end users about at least
certain infections. (Unfortunately, some cannot be detected by the
script.)
- That said, there are some problems. At least some users may blame
affiliate sites (thinking the infection is somehow your fault -- classic
"blame the messenger"). And will the "you're
infected" notice distract a user from going on to click through a
link and make a purchase? Finally, what about users who somehow damage
their computer / OS in the course of trying to remove unwanted software?
Will they blame you?
- I don't think any of these problems are show-stoppers, but they're
issues to think about. Be sure you're comfortable with these concerns
before adding a detection script to your site.
|
|
36
|
- Ronald Dobbins asks: Is there a software program to block these?
- I'm not completely clear on what specific problems you have in mind. End
users can block and/or remove many unwanted programs using a spyware
remover. I used to recommend Lavasoft's Ad-Aware, though some of
Lavasoft's recent decisions give me pause. In hands-on tests,
Microsoft's new tool (now in beta) has proven itself the most capable --
succeeding in removing the highest proportion of pests of all programs
tested.
|
|
37
|
- Sandra Roussel asks: The affiliates who participate in affiliate
communities such as AffilaiteBoards are aware of this these issues and
are working diligently to find ways to remedy the ongoing battle. Are
there steps taking place for the other 90% of affiliates not informed?
- There are some web sites about these problems, and there's occasional
media coverage (including a couple New York Times articles over the
years). I don't know of any good way to reach other affiliates -- it's
just hard to know how to reach those who don't read discussion boards,
don't go to conferences, don't search the web with search terms
pertaining to these issues, etc.
|
|
38
|
- Robert Grosshandler asks: In other venue, there has been discussion of
the appropriateness of asking affiliates to append afsrc=1 to their
"hidden / masked" links. What's your opinion on that
requirement?
- In a perfect world, software downloads would automatically recognize all
affiliate links, without an afsrc=1 requirement. But the practical
reality is, affiliates do need to add this suffix to their links if
they're using server-side redirects. Adding this suffix will offer some
degree of protection -- some programs respect the afsrc=1 tag, at least
most of the time, though to be sure there have been some much discussed
examples in which even big programs (Ebates etc.) turned out not to
respect the afsrc appendage.
|
|
39
|
- Tony DeLorenzo asks: Is there anything a site owner can do to protect
his site?
- Those with server-side redirects can and should use afsrc=1 tags, as
discussed in the prior question and answer.
- Beyond that, in a very short-run sense, there's not much an affiliate
can do. Framing a merchant's page (rather than merely linking to it)
offers some benefits as against some rule-breaking software programs.
But it doesn't protect against all rule-breakers, and some merchants
don't like framing. (Be sure to check!)
- If you have reason to believe that there's a problem affecting a
merchant you work with -- discussion on an industry discussion forum
saying they have a bad actor in their program; your hands-on testing
shows such a problem; etc. -- then it's always good to get in touch with
the responsible affiliate manager. Some will be prompt in taking action
-- though, to be sure, some do tend to be dismissive of these problems.
|
Notes