Image Appendix - How Affliate Programs Fund Spyware
Ben Edelman

All screenshots were captured in September 2005.

[ Gateway / Commission Junction | Dell / Commission Junction | eLuxury / LinkShare | MyGeek / J&R / LinkShare | Wholesalingonline / Hickory Farms / LinkShare ]

 

Gateway / Commission Junction / Direct Revenue

A popunder promoting Gateway, purchased from Direct Revenue by a rogue affiliate. If a user ultimately makes a purchase from Gateway, the popunder causes Gateway to pay commissions to the affiliate, via Commission Junction. Gateway pays these commissions even though it did not know of or approve the affiliate's decision to place advertising with Direct Revenue.

Notice Gateway popunder (upper left corner, within a window labeled "Aurora" -- a Direct Revenue product name).

 

Dell / Commission Junction / Direct Revenue

A popunder of Dell, purchased by a rogue affiliate and delivered via Direct Revenue as a user browses Dell.com. If a user ultimately makes a purchase from Dell, the popunder causes Dell to pay commission to the affiliate, via Commission Junction, . So Dell ends up paying affiliate commissions even when users have requested its site specifically and by name -- a situation that would not otherwise entail paying affiliate commission.

Notice Dell popunder (upper left corner, within a window labeled "Aurora" -- a Direct Revenue product name). Notice also a Bfast (Commission Junction) tracking cookie newly created, visible in the cookies folder at bottom-left.

 

eLuxury / LinkShare / 180solutions

A 'double' popup of eLuxury.com, purchased by a rogue affiliate and delivered via 180solutions as a user browses eLuxury. The popup claims commissions from eLuxury, via LinkShare, if a user ultimately makes a purchase from eLuxury. So eLuxury ends up paying affiliate commissions even when users have requested its site specifically and by name -- a situation that would not otherwise entail paying affiliate commission.

Notice the resulting duplicate entries in the status bar (bottom center and bottom right), the creation of LinkShare cookies (left), and the second window just barely visible behind the new popup (extra grey window border at top center). The usual 180solutions branding (in the browser title bar) was erased in the course of the LinkShare redirect. See also a video of this popup, which presents the duplicate window particularly clearly.

 

MyGeek / J&R / LinkShare / Direct Revenue

A popunder of J&R, purchased by MyGeek and delivered via Direct Revenue as a user browses jr.com. If a user ultimately makes a purchase from J&R, the popunder causes J&R to pay commission to the affiliate, via LinkShare. So J&R ends up paying affiliate commissions even when users have requested its site specifically and by name -- a situation that would not otherwise entail paying affiliate commission.

Notice popunder (upper left corner) and cookies folder showing creation of LinkShare tracking cookies (bottom left corner).

 

Wholesalingonline / Hickory Farms / LinkShare

A popunder of Wholesalingonline.com, delivered by eXact Advertising's BullsEye as a user browses hickoryfarms.com. The Wholesalingonline popunder uses tricky cookie-stuffing methods to set Hickoryfarms cookies automatically. So if a user ultimately makes a purchase from Hickory Farms, the popunder causes Hickory Farms to pay commission to Wholesalingonline, via LinkShare. So Hickory Farms ends up paying affiliate commissions even when users have requested its site specifically and by name -- a situation that would not otherwise entail paying affiliate commission.