This page shows specific network transmissions that implement 180's double-popup
cookie-stuffing, targeting a request for fogdog.com made at approximately 10pm
(Eastern) on July 23, 2004. See also a video (WMV
format, view in full-screen mode) confirming what took place, including
showing my Cookies folder before and after receiving the 180solutions popup.
The thumbnail at right shows the final on-screen display -- the fogdog.com site,
covered in part by the double popup that reached fogdog.com through an affiliate
link.
Other Targeted
Merchants: Double and Silent
Popups
In this example, I sought to document how 180 (and its advertisers) can overwrite
cookies set by other affiliates. My testing proceeded in the following way:
I cleared my cookies, such that any cookies set on my PC were set in the
course of the testing shown in my video.
I browsed to cash-us.com, an ordinary affiliate site that links to fogdog.com
via an affiliate link. I clicked through that affiliate link, yielding the
sequence of HTTP communications shown in HTTP Transaction 1
(with original affiliate link shown in red highlighting, and resulting cookies
in blue highlighting).
I briefly browsed the fogdog.com site. (Network logs omitted for brevity.)
In HTTP Transaction 2, Zango (installed on my PC) asked
180solutions' web servers for an ad to be shown -- sending the fogdog.com
trigger (as shown in yellow highlighting), and receiving a URL to dealsavings.com
in response (purple highlighting).
In HTTP Transaction 3, Zango loaded the specified dealsavings.com
page in a new window. Via a META REFRESH tag (orange highlighting), the page
redirected the new window to a CJ affiliate link which in turn sets a CJ tracking
cookie (HTTP Transaction 4) (cookie in blue highlighting).
Observing my cookies (cookie listing), I see that at the
end of the events described above, my CJ cookie for FogDog (merchant number
223938; cookie section UCT_223938) includes only the affiliate cookie set
by the redirect link from the dealsavings page (blue highlighting). In FogDog's
223938 section of my CJ cookies, I see no surviving reference to the merchant
223938 affiliate cookie section set by the original cash-us.com affiliate
link.
Consistent with the rest of my site, the network logs below omit my DUID (my
unique 180solutions user ID number) and omit the merchant IDs used by 180 and
its advertisers.
In my testing of July 23, 2004, valuemags.com is but one of many merchants
that remain targeted by 180solutions double popups. Some targeted merchants
use Commission Junction (including this one); others use LinkShare or in-house
affiliate programs. Some double popups (including this one) reach affiliate
links through redirect servers, while others entail 180solutions sending users
directly to an affiliate link via no other intermediaries.
HTTP/1.1 302 Found
Date: Sat, 24 Jul 2004 02:14:17 GMT
Server: Apache/1.3.27 (Unix)
P3P: PolicyRef="http://service.bfast.com/w3c/p3p.xml", CP="NOI
DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV
Set-Cookie: UID=2|0|20240724; expires=Saturday, 24-Jul-2024 02:14:17 GMT; domain=.bfast.com;
path=/
Referer: http://www.cash-us.com/getcode.php3?cid=875
Cache-Control: no-cache
Location: http://service.bfast.com/bfast/click?bfmid=223938&siteid=30353237&bfpage=bf_advanced
&bfurl=http%3A%2F%2Fwww.fogdog.com%2Fproduct%2Findex.jsp%3FproductId%3D945373&bfcookietest=Y
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
1be
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://service.bfast.com/bfast/click?bfmid=223938&siteid=30353237
&bfpage=bf_advanced&bfurl=http%3A%2F%2Fwww.fogdog.com%2Fproduct%2Findex.jsp%3FproductId%3D945373
&bfcookietest=Y">here</A>.<P> <HR>
<ADDRESS>Apache/1.3.27 Server at service.bfast.com Port 80</ADDRESS>
</BODY></HTML>
186
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://service.bfast.com/redirect?source=BF_10:qIq2QQHF5DgtAc8nVSHx
&bfurl=http://www.fogdog.com/product/index.jsp%3fproductId=945373">here</A>.<P>
<HR>
<ADDRESS>Apache/1.3.27 Server at service.bfast.com Port 80</ADDRESS>
</BODY></HTML>
GET /showme.aspx?keyword=fogdog.com+fogdog&did=762&ver=5.11&duid=531byhiprtvdgvadrfmfcgtxxyrjmg
&partner_id=195252523&product_id=762&browser_ok=y&rnd=22&basename=zango
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body>
<SPAN class="957085619-06032003"><FONT face="Arial"
color="#ff0000" size="5">Thank you
for your patience. You will be redirected to your destination site
in a
few seconds.</FONT></SPAN>
</body>
</HTML>
14e
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://www.fogdog.com/entry.point?target=z&source=BF_10:qIpmQQHFzEW-AmT8oZyU">here</A>.<P>
<HR>
<ADDRESS>Apache/1.3.27 Server at service.bfast.com Port 80</ADDRESS>
</BODY></HTML>
As
discussed in Affiliate Code Replacement via Popup "Double"
Windows within The Effect of 180solutions on Affiliate Commissions
and Merchants, 180 has implemented a system that can set affiliate tracking
codes by showing a user a duplicate copy of a merchant's site. These popups
set affiliate codes that, in the ordinary course of events, cause 180 to be
paid commissions otherwise payable to other affiliates, and cause 180 to be
paid commissions even if no commissions would otherwise be paid. For a listing
of affected merchants (as of tests of June 2004), see merchants
targeted with double windows. See also merchants
I previously found to be targeted with silent cookie-stuffing.