Category: affiliate marketing

Affiliate marketing, cost-per-action, and other performance-based payments.

Posted on

Edge Shopping Stand-Down Violations

Affiliate network requirements require shopping plugins to “stand-down”—not present their affiliate links, not even highlight their buttons—when another publisher has already referred a user to a given merchant.  Inexplicably, Microsoft Shopping often does no such thing.

The basic bargain of affiliate marketing is that a publisher presents a link to a user, who (the publisher hopes) clicks, browses, and buys.  But if a publisher can put reminder software on a user’s computer or otherwise present messages within a user’s browser, it gets an extraordinary opportunity for its link to be clicked last, even if another publisher actually referred the user.  To preserve balance and give regular publishers a fair shot, affiliate networks imposed a stand-down rule: If another publisher already referred the user, a publisher with software must not show its notification.  This isn’t just an industry norm; it is embodied in contracts between publishers, networks, and merchants.  (Terms and links below.)

In 2021, Microsoft added shopping features to its Edge web browser.  If a user browses an ecommerce site participating in Microsoft Cashback, Edge Shopping open a notification, encouraging a user to click.  Under affiliate network stand-down rules, this notification must not be shown if another publisher already referred that user to that merchant.  Inexplicably, in dozens of tests over two months, I found the stand-down logic just isn’t working.  Edge Shopping systematically ignores stand-down.  It pops open.  Time.  After.  Time.

This is a blatant violation of affiliate network rules.  From a $3 trillion company, with ample developers, product managers, and lawyers to get it right.  As to a product users didn’t even ask for.  (Edge Shopping is preinstalled in Edge which is of course preinstalled in Windows.)  Edge Shopping used to stand down when required, and that’s what I saw in testing several years ago.  But later, something went terribly wrong.  At best, a dev changed a setting and no one noticed.  Even then, where are the testers?  As a sometimes-fanboy (my first long-distance call was reporting a bug to Microsoft tech support!) and from 2018 to 2024 an employee (details below), I want better.  The publishers whose commissions were taken—their earnings hang in the balance, and not only do they want better, they are suing to try to get it.  (Again, more below.)

Contract provisions require stand-down

Above, I mentioned that stand-down rules are embodied in contract.  I wrote up some of these contract terms in January (there, remarking on Honey violations from a much-watched video by MegaLag).  Restating with a focus on what’s most relevant here (with emphasis added):

Commission Junction Publisher Service Agreement: “Software-based activity must honor the CJ Affiliate Software Publishers Policy requirements… including … (iv) requirements prohibiting usurpation of a Transaction that might otherwise result in a Payout to another Publisher… and (v) non-interference with competing advertiser/ publisher referrals.”

Rakuten Advertising Policies: “Software Publishers must recognize and Stand-down on publisher-driven traffic… ‘Stand-down’ means the software may not activate and redirect the end user to the advertiser site with their Supplier Affiliate link for the duration of the browser session.  … The [software] must stand-down and not display any forms of sliders or pop-ups to prompt activation if another publisher has already referred an end user.”  Stand down must be complete: In a stand-down situation, the publisher’s software “may not operate.”

Impact “Stand-Down Policy Explained”: Prohibits publishers “using browser extensions, toolbars, or in-cart solutions … from interfering with the shopping experience if another click has already been recorded from another partner.”  These rules appear within an advertiser’s “Contracts” “General Terms”, affirming that they are contractual in nature.  Impact’s Master Program Agreement is also on point, prohibiting any effort to “interfere with referrals of End Users by another Partner.”

Awin Publisher Code of Conduct: “Publishers only utilise browser extensions, adware and toolbars that meet applicable standards and must follow “stand-down” rules. … must recognise instances of activities by other Awin Publishers and “stand-down” if the user was referred to the Advertiser site by another Awin Publisher. By standing-down, the Publisher agrees that the browser extension, adware or toolbar will not display any form of overlays or pop-ups or attempt to overwrite the original affiliate tracking while on the Advertiser website.”

Edge does not stand-down

In test after test, I found that Edge Shopping does not stand-down.

In a representative video, from testing on November 28, 2025, I requested the VPN and security site surfshark.com via a standard CJ affiliate link.

Address bar showing affiliate link as start of navigation
From video at 0:01

CJ redirected me to Surfshark with a URL referencing cjdata, cjevent, aff_click_id, utm_source=cj, and sf+cs=cj.  Each of those parameters indicated that this was, yes, an affiliate redirect from CJ to Surfshark .

Arriving at surfshark.com
From video at 0:04

Then Microsoft Shopping popped up its large notification box with a blue button that, when clicked, invokes an affiliate link and sets affiliate cookies.

Edge Shopping pops open its window
From video at 0:08

Notice the sequence: Begin at another publisher’s CJ affiliate link, merchant’s site loads, and Edge Shopping does not stand-down.  This is squarely within the prohibition of CJ’s rules.

Edge sends detailed telemetry from browser to server reporting what it did, and to a large extent why.  Here, Edge simultaneously reports the Surfshark URL (with cjdata=, cjevent=, aff_click_id=, utm_source=cj, and sf_cs=cj parameters each indicating a referral from CJ) (yellow) and also shouldStandDown set to 0 (denoting false/no, i.e. Edge deciding not to stand down) (green).

POST https://www.bing.com/api/shopping/v1/savings/clientRequests/handleRequest HTTP/1.1 
...
{"anid":"","request_body":"{\"serviceName\":\"NotificationTriggering\",\"methodName\":\"SelectNotification\",\"requestBody\":\"{\\\"autoOpenData\\\":{\\\"extractedData\\\":{\\\"paneState\\\":{\\\"copilotVisible\\\":false,\\\"shoppingVisible\\\":false}},\\\"localData\\\":{\\\"isRebatesEnabled\\\":true,\\\"isEdgeProfileRebatesUser\\\":true,\\\"shouldStandDown\\\":0,\\\"lastShownData\\\":null,\\\"domainLevelCooldownData\\\":[],\\\"currentUrl\\\":\\\"https://surfshark.com/?cjdata=MXxOfDB8WXww&cjevent=cb8b45c0cc8e11f0814803900a1eba24&PID=101264606&aff_click_id=cb8b45c0cc8e11f0814803900a1eba24&utm_source=cj&utm_medium=6831850&sf_cs=cj&sf_cm=6831850\\\" ...

With a standard CJ affiliate link, and with multiple references to “cj” right in the URL, I struggle to see why Edge failed to realize this is another affiliate’s referral. If I were writing stand-down code, I would first watch for affiliate links (as in the first screenshot above), but surely I’d also check the landing page URL for significant strings such as source=cj.  Both methods would have called for standing down.

Another notable detail in Edge’s telemetry is that by collecting the exact Surfshark landing page URL, including the PID= parameter (blue), Microsoft receives information about which other publisher’s commission it is taking. Were litigation to require Microsoft to pay damages to the publishers whose commissions it took, these records would give direct evidence about who and how much, without needing to consult affiliate network logs.  This method doesn’t always work—some advertisers track affiliates only through cookies, not URL parameters; others redirect away the URL parameters in a fraction of a second.  But when it works, more than half the time in my experience, it’s delightfully straightforward.

Additional observations

If I observed this problem only once, I might ignore it as an outlier.  But no.  Over the past three weeks, I tested a dozen-plus mainstream merchants from CJ, Rakuten Advertising,  Impact, and Awin, in 25+ test sessions, all with screen recording.  In each test, I began by pasting another publisher’s affiliate link into the Edge address bar.  Time after time, Edge Shopping did not stand-down, and presented its offer despite the other affiliate link.  Usually Edge Shopping’s offer appeared in a popup as shown above.  The main variation was whether this popup appeared immediately upon my arrival at the merchant’s home page (as in the Surfshark example above), versus when I reached the shopping cart (as in the Newegg example below)s.

In a minority of instances, Edge Shopping presented its icon in Edge’s Address Bar rather than opening a popup.  While this is less intrusive than a popup, it still violates the contract provisions (“non-interference”, “may not activate”, “may not operate”, may not “interfere”, all as quoted above).  Turning blue to attract a user’s attention—this invites a user to open Edge Shopping and click its link, causing Microsoft to claim commission that would otherwise flow to another publisher.  That’s exactly what “non-interference” rules out.  “May not operate” means do nothing, not even change appear in the Address Bar. Sidenote: At Awin, uniquely, this seems to be allowed. See Publisher Code of Conduct, Rule 4, guidance 4.2. For Awin merchants, I count a violation only if Edge Shopping auto-opened its popup, not if it merely appeared in the Address Bar.

Historically, some stand-down violations were attributed to tricky redirects.  A publisher might create a redirect link like https://www.nytimes.com/wirecutter/out/link/53437/186063/4/153497/?merchant=Lego which redirects (directly or via additional steps) to an affiliate link and on to the merchant (in this case, Lego).  Historically, some shopping plugins had trouble recognizing an affiliate link when it occurred in the middle of a redirect chain.  This was a genuine concern when first raised twenty-plus years ago (!), when Internet Explorer 6’s API limited how shopping plugins could monitor browser navigation.  Two decades of improvements in browser and plugin architecture, this problem is in the past.  (Plus, for better or worse, the contracts require shopping plugins to get it right—no matter the supposed difficulty.)  Nonetheless, I didn’t want redirects to complicate interpretation of my findings.  So all my tests used the simplest possible approach: Navigate directly to an affiliate link, as shown above.  With redirects ruled out, the conclusion is straightforward: Edge Shopping ignores stand-down even in the most basic conditions.

I mentioned above that I have dozens of examples.  Posting many feels excessive.  But here’s a second, as to Newegg, from testing on December 5, 2025.

Litigation ongoing

Edge’s stand-down violations are particularly important because publishers have pending litigation about Edge claiming commissions that should have flowed to them.  After MegaLag’s famous December 2024 video, publishers filed class action litigation against Honey, Capital One, and Microsoft.  (Links open the respective dockets.)

I have no role in the case against Microsoft and haven’t been in touch with plaintiffs or their lawyers.  If I had been involved, I might have written the complaint and Opposition to Motion to Dismiss differently.  I would certainly have used the term “stand-down” and would have emphasized the governing contracts—facts for some reason missing from plaintiffs’ complaint.

Microsoft’s Motion to Dismiss was fully briefed as of September 2, and the court is likely to issue its decision soon.

Microsoft’s briefing emphasizes that it was the last click in each scenario plaintiffs describe, and claims that last click makes it “entitled to the purchase attribution under last-click attribution.”  Microsoft ignores the stand-down requirements laid out above.  Had Microsoft honored stand-down, it would have opened no popup and presented no affiliate link—so the corresponding publisher would have been the last click, and commission would have flowed as plaintiffs say it should have.

Microsoft then remarks on plaintiffs not showing a “causal chain” from Microsoft Shopping to plaintiffs losing commission, and criticizes plaintiffs’ causal analysis as “too weak.”  Microsoft emphasizes the many uncertainties: customers might not purchase, other shopping plug-ins might take credit, networks might reallocate commission for some other reason.  Here too, Microsoft misses the mark.  Of course the world is complicated, and nothing is guaranteed.  But Microsoft needed only to do what the contracts require: stand-down when another publisher already referred that user in that shopping session.

Later, Microsoft argues that its conduct cannot be tortious interference because plaintiffs did not identify what makes Microsoft’s conduct “improper.”  Let me leave no doubt.  As a publisher participating in affiliate networks, Microsoft was bound by networks’ contracts including the stand-down terms quoted above.  Microsoft dishonored those contracts to its benefit and to publishers’ detriment, contrary to the exact purpose of those provisions and contrary to their plain language.  That is the “improper” behavior which plaintiffs complain about.  In a puzzling twist, Microsoft then argues that it couldn’t “reasonably know[]” about the contracts of affiliate marketing.  But Microsoft didn’t need to know anything difficult or obscure; it just needed to do what it had, through contract, already promised.

Microsoft continues: “In each of Plaintiffs’ examples, a consumer must affirmatively activate Microsoft Shopping and complete a purchase for Microsoft to receive a commission, making Microsoft the rightful commission recipient if it is the last click in that consumer’s purchase journey.”  It is as if Microsoft’s lawyers have never heard of stand-down.  There is nothing “rightful” about Microsoft collecting a commission by presenting its affiliate link in situations prohibited by the governing contracts.

Microsoft might or might not be right that its conduct is acceptable in the abstract.  But the governing contracts plainly rule out Microsoft’s tactics.  In due course maybe plaintiffs will file an amended complaint, and perhaps that will take an approach closer to what I envision.  In any event, whatever the complaint, Microsoft’s motion to dismiss arguments seem to me plainly wrong because Microsoft was required by contract to stand-down—and it provably did not.

***

In June 2025, news coverage remarked on Microsoft removing the coupons feature from Edge (a different shopping feature that recommended discount codes to use at checkout) and hypothesized that this removal was a response to ongoing litigation.  But if Microsoft wanted to reduce its litigation exposure, removing the coupons feature wasn’t the answer.  The basis of litigation isn’t that Microsoft Shopping offers (offered) coupons to users.  The problem is that Microsoft Shopping presents its affiliate link when applicable contracts say it must not.

Catching affiliate abuse

I’ve been testing affiliate abuse since 2004.  From 2004 to 2018, I ran an affiliate fraud consultancy, which caught all manner of abuse—including shopping plugins (what that page calls “loyalty programs”), adware, and cookie-stuffing.  My work in that period included detecting the activity that led to the 2008 litigation civil and criminal charges against Brian Dunning and Shawn Hogan (a fact I can only reveal because an FBI agent’s declaration credited me).  I paused this work from 2018 to 2024, but resumed it this year as Chief Scientist of Visible Performance Technologies, which provides automation to detect stand-down violations, adware, low-intention traffic, and related abuses.  As you’d expect, VPT has long been reporting Edge stand-down violations to clients that contract for monitoring of shopping plugins.

My time from 2018 to 2024, as an employee of Microsoft, is relevant context.  I proposed Bing Cashback and led its product management and business development through launch.  Bing Cashback put affiliate links into Bing search results, letting users earn rebates without resorting to shopping plugins or reminders, and avoiding the policy complexities and contractual restrictions on affiliate software.  Meanwhile, Bing Cashback provided a genuine reason for users to choose Bing over Google.  Several years later, others added cashback to Edge, but I wasn’t involved in that.  Later I helped improve the coupons feature in Edge Shopping.  In this period, I never saw Edge Shopping violate stand-down rules.

I ended work with Bing and Edge in 2022, after which I pursued AI projects until I resigned in 2024.  I don’t have inside knowledge about Edge Shopping stand-down or other aspects of Microsoft Cashback in Edge.  If I had such information, I would not be able to share it.  Fortunately the testing above requires no special information, and anyone with Edge and a screen-recorder can reproduce what I report.

Posted on

Advertising Fraud Detection at VPT Digital

Today I announced joining the security startup VPT Digital as Chief Scientist.  VPT operates in a space I feel I pioneered: Automated testing to find misconduct in affiliate marketing.  As early as summer 2004 (not a typo!), I was catching affiliates using adware to claim commission they hadn’t earned.  I later built automation to scale up my efforts.

Think affiliate fraud is no big deal?  I was proud to recover large amounts for my clients.  For one large client, I once proved that nine of its top ten biggest affiliates were breaking its rules – which might sound like a disaster, and in some sense it was, but ejecting the rule-breakers yielded ample funds to pay more to those who genuinely drove incremental value.  Affiliate marketing experts may also remember Shawn Hogan and Brian Dunning, who faced both criminal and civil litigation for affiliate fraud – allegations that the FBI said stemmed from reports from me.  Litigation reported that defendants collected more than $20 million in 18 months.  “No big deal,” indeed.

The web is a lot messier than when I started down this path, and tricksters use a remarkable range of methods.  Reviewing VPT’s automation, I’ve been suitably impressed.  They test a range of adware, but also cookie-stuffing, typosquatting, and more.  Of course they test Windows adware and browser plug-ins, but they and have Mac and mobile capabilities too.  They test from multiple geographies, at all times of day.  Their testing is fully automated, yielding spiffy reports in a modern dashboard – plus email alerts and API integration.  It’s all the features I used to dream of building, and then some.

I’ll be working with VPT part-time in the coming months and years to continue to hone their offerings, including making their reports even more accessible to those who don’t want to be experts at affiliate fraud.  I’ll also blog about highlights from their findings.

Posted on

Honey’s Contractual Breaches and Value (or Lack of It) to Merchants

On December 21, YouTuber MegaLag dropped a 23 minute video eviscerating Honey.  Calling Honey a “scam”, he made two core allegations.

  1. Honey announcing
    Honey claims affiliate commission if a user presses “Got it” to acknowledge no deal found

    Honey takes payments that would otherwise go to influencers who recommended products users buy. (video at 2:50) MegaLag shows Honey claiming payments in four scenarios: i) if a user activates a function to search for coupons (even if none are found), ii) if a user activates a function to claim Honey Gold (no matter how meager the rebate), iii) if the user gets the message “We searched for you but didn’t find any deals” and merely presses the button “Got it”, and iv) If Honey shows the message “Get Rewarded with PayPal” “Shop eligible items to earn cash off future purchases” and the user presses “checkout”.

  2. Honey doesn’t actually get the best deals for users. If a merchant joins Honey (and begins to pay Honey affiliate commissions), Honey allows the merchant to limit which coupons Honey shows to users. MegaLag points out that letting merchants remove discounts from Honey is squarely contrary to Honey’s promise to users that it will find “the Internet’s best discount codes” and “find every working promo code on the Internet.” (video at 16:20)

16 million views and growing, MegaLag’s video has prompted a class action lawsuit and millions of users uninstalling Honey.

I’m a big fan of MegaLag.  I watched most of his other videos, and they’re both informative and useful—for example, testing Apple AirTags by intentionally leaving items to be taken; exploring false claims by DHL about both package status and their supposed investigations.  Meanwhile, nothing in MegaLag’s online profile indicates prior experience in affiliate marketing.  But for a first investigation on this subject, he gets most things right, and he uses many appropriate methods including browser dev tools and screen-capture video.  Based on its size and its practice, Honey absolutely deserves the scrutiny it’s now getting.  Kudos to MegaLag.

Nonetheless there’s a lot MegaLag doesn’t say.  Most notably, he doesn’t mention contracts—the legal infrastructure that both authorizes Honey to get paid and sets constraints on when and how it may operate.  Furthermore, he doesn’t even consider whether merchants get good value for the fees they pay Honey.  In this piece, I explore where I see Honey most vulnerable—both under contract and for merchants looking to spend their marketing funds optimally.

The contracts that bind Honey

Affiliate marketing comprises a web of contracts.  Most affiliate merchants hire a network to track which affiliate sent which traffic, to provide reports to both merchant and publishers, and to handle payments.  For a single affiliate-merchant relationship, an affiliate ends up subject to at least two separate contracts: the network’s standard rules, and any merchant-specific rules.  Of course there are tens of thousands of affiliate merchants, and multiple big networks.  So it’s impossible to make a blanket statement about how all contracts treat Honey’s conduct.  Nonetheless, we can look at some big ones.  Numbering added for subsequent reference.

Commission Junction Publisher Service Agreement

C1 “You must promote Advertisers such that You do not mislead the Visitor”

C2 “the Links deliver bona fide Transactions by the Visitor to Advertiser from the Link”

C3 “You must accurately, clearly and completely describe all promotional methods by selecting the appropriate descriptions and providing additional information when necessary.”

C4 “You agree to: (i) use ethical and legal business practices”

C5 “Software-based activity must honor the CJ Affiliate Software Publishers Policy requirements (as such requirements may be modified from time to time), including but not limited to: (i) installation requirements, (ii) enduser agreement requirements, (iii) afsrc=1 requirements, (iv) requirements prohibiting usurpation of a Transaction that might otherwise result in a Payout to another Publisher (e.g. by purposefully detecting and forcing a subsequent click-through on a link of the same Advertiser) and (v) non-interference with competing advertiser/ publisher referrals.”

Rakuten Advertising Downloadable Software Applications (DSAs) Overview, Testing Process, Policies

R1 “Your DSA should become inactive on the sites of any advertisers who opt-out or stand down on those that do not want you to redirect their traffic.  Publishers who fail to comply with this rule will jeopardize their relationship with advertisers as well as with Rakuten Advertising.”

R2 “[W]e expect your DSA to: Stand down when it recognizes any publisher links”

R3 “[A]ll software must recognize Supplier domains and the linksynergy tracking links. When a Supplier domain or the linksynergy code is detected, the software may not operate or redirect the consumer to the advertiser site using the Software Publisher tracking ID (also known as Supplier Affiliate ID or Encrypted ID). We do not allow any DSA software that interferes with or deters from any Publisher or Advertiser website.”

R4 “The DSA must stand-down and not display any forms of sliders or pop-ups to prompt activation if another publisher has already referred an end user.”

R5 “The DSA must not force clicks or “cookie stuff”. The DSA must not insert a cookie onto the user’s computer without the user knowingly taking an action that results in the cookie being placed.”

R6 “The end user must click through the offer that is presented. Placing the mouse over an offer, only viewing it or viewing all offers is not a click through.”

R7 “The DSA must not automatically drop a cookie when the end user is only viewing offers. The cookie should only be dropped once the end user clicks on a specific offer.”

Awin including ShareASale – Code of Conduct, Awin US Publisher Terms, SAS US Publisher Agreement

A1 “’Click’ means the intentional and voluntary following of a Link by a Visitor as part of marketing services as reported by the Tracking Code only;”

A2 “Publishers only initiate tracking via a tracking link used for click tracking if the user voluntarily and intentionally interacted with the Ad Media or Tracking link.”

A3 Publishers only initiate tracking for a specific advertiser if the consumer interacted directly with ad media for this advertiser.”

A4 ”do not mislead consumers”

A5 “transparency about traffic sources and the environment that ads are displayed in”

In addition, all networks indicate that publishers must disclose their practices to both networks and merchants.  Awin Code of Conduct is representative: “Publishers proactively disclose all promotional activities and obtain advertiser approval for their activities.”  Rakuten’s Testing Process is even more prescriptive, requiring an affiliate both to submit a first version and to notify Rakuten about any changes so it can retest; plus requiring publishers to answer 16 questions about their software including technical details such as DOM ID and Xpath of key functions.

Honey violates network policies

MegaLag’s video show violations of these network policies.  I see three clusters of violations.

(1) Honey invokes its affiliate links although users did not fairly request any such thing.  Consider “We searched for you but didn’t find any deals” with button labeled “Got it” (MegaLag scenario iii above). “Got it” doesn’t indicate that the user wants, expects, or agrees that Honey will invoke its affiliate link.  That’s certainly misleading (contrary to rule C1).  Nor can Honey claim that a user who clicks “Got it” is “knowingly taking an action that results in the cookie being placed” (R5) because clicking “Got it” isn’t the kind of action that rule contemplates.  Rakuten rules R6 and R7 are equally on point, disallowing invoking an affiliate link based on an activity that doesn’t indicate intent (such as a mouseover), and requiring that an affiliate link only be invoked “once the end user clicks on a specific offer.”  “Got it” isn’t an offer, so under R7, that’s not grounds for invoking a Rakuten link.  So too for Awin, where A1 defines “click” to include only links that are “part of marketing services” (but “Got it” is not marketing service).  See also A2 and A3 (allowing links only as part of “ad media”, but “Got it” is not ad media); and of course A4 (“do not mislead consumers”).

Honey’s invocation of affiliate links upon a “Get rewarded with PayPal” message (MegaLag scenario iv above) is on similarly shaky ground.  For example, responding to a PayPal offer is not “knowingly taking an action that results in the cookie being placed” (R5) – the user knows only that he’s closing the message, not that he’s requesting an affiliate referral back to the merchant.  Similarly, a PayPal offer is not “marketing services” or “ad media” for an Awin merchant (rules A1-A3).

The rule to invoke affiliate links only when a user so requests is no mere technicality.  In affiliate marketing, an affiliate may be paid if 1) the user sees a link, 2) the user clicks the link, and 3) the user buys from the specified merchant.  Skipping step 2 sharply increases the circumstances in which a merchant has to pay commission—not a term a merchant would agree to.  When an affiliate skips step 2, it’s cookie-stuffing.  Publishers have gone to jail for this (and had to pay back commissions received).  Honey didn’t quite stuff cookies as that term is usually used—the user did click something.  But when nothing on the button (not its label, not the surrounding message, not any principle of logic or engineering) indicates or even suggests the button will activate an affiliate link—that’s terrible value for the merchant.

(2) Honey presents its affiliate links although a user recently clicked through another publisher’s offer.  (MegaLag at 2:50)  But networks’ rules require Honey to stand down if another publisher has made a referral.  See rule C5.v (“non-interference with competing advertiser/ publisher referrals”) and R2 (“Stand down when it recognizes any publisher links”).  Rakuten even makes explicit that the stand-down obligation applies not just to automatic clicks (which, uh, aren’t permitted in any event) but also to sliders and popups: “The DSA must stand-down and not display any forms of sliders or pop-ups to prompt activation if another publisher has already referred an end user.” (R4)

Here too, this is no technical violation.  Other publishers need “stand down” rules so they have a fair chance to earn commission for their work promoting a given merchant.  Standing down from another affiliate’s click is the most fundamental affiliate network rule for downloadable software and browser plug-ins.

(3) Honey falls short of disclosure obligations.  “You must accurately, clearly and completely describe all promotional methods by selecting the appropriate descriptions and providing additional information when necessary” (C3).  Publishers must provide “transparency about traffic sources and the environment that ads are displayed in” (A5).  I’m open to being convinced that Honey told networks and merchants it would invoke affiliate links with buttons as weakly labeled as “Got it.”  I don’t buy it.  Merchants have a clear contractual basis to expect complete and forthright disclosures—it is literally their money being paid out.  And merchants authorized networks to collect and evaluate these disclosures for them.  No shortcuts.

One might object that networks can waive rules or create exceptions for key partners.  Not so fast!  Merchants and publishers rely on networks to enforce their published rules exactly as promised.  In fact, in 2007, both merchants and publishers sued ValueClick to allege that it had been less than diligent in enforcing its rules.  ValueClick’s Motion to Dismiss argued that it could do what it wanted, that it had disclaimed all warranties, and that it made no promises that merchants or publishers were entitled to rely on.  But the court denied ValueClick’s motion, eventually yielding a settlement requiring both improved efforts to detect affiliate fraud as well as certain refunds to merchants and payments to publishers.  There’s room to disagree about how much benefit the settlement delivered.  (Maybe the settlement promised changes that ValueClick was going to do anyway.  Maybe the monetary payments were a small fraction of the amount lost by merchants and publishers.)  But the fundamental principle was clear: Networks must follow their contractual representations including policies about prohibited behaviors.  And while networks may try to disavow quality responsibilities, for example via disclaimers in contracts, courts are skeptical of the unfettered discretion these provisions purport to create.  A network that promises to track affiliate transactions ultimately ought to do so accurately, and should neither grant arbitrary waivers nor look the other way about serious misconduct.

How did we get here?

Honey’s one-sentence response to MegaLag was “Honey follows industry rules and practices, including last-click attribution.”  It’s no surprise that Honey claims compliance.  But I was surprised to see affiliate thought-leaders agree.  For example, long-time affiliate expert Brook Schaaf remarked “Honey appears to be in compliance with network standards.”  Awin CEO Adam Ross says MegaLag’s video “portray[s] performance marketing attribution as a form of theft or scam”—suggesting that he too thinks Honey did nothing wrong.

I’ll update this piece with when others dig into the contracts and compare Honey’s practices with the governing requirements.  But after more than 20 years working on affiliate fraud—my first piece on this subject was, wow, 2004—let me offer four observations.

One, it’s easy to get complacent.  Much of what Honey does is distressingly normal among browser extensions.  Test the Rakuten Cashback app and you’ll find much the same thing.  Above, I linked to litigation against Honey, but there’s also now similar litigation against Capital One, alleging that its Capital One Shopping browser extension is out of line the same way as Honey.  Brook and Adam are right that Honey’s tactics aren’t a surprise to anyone who’s been in the industry for decades.  Many people have come to accept behaviors that don’t follow the literal meaning of stated policies.  Some would say the policy is out of date.  I’d say, instead, that key decision-makers have been asleep at the switch.

Two, networks’ incentives are mixed.  On one hand, networks want affiliate marketing to be seen as trusted and trustworthy, which requires eliminating practices widely seen as unfair.  At the same time, affiliate networks typically charge a commission on every dollar of commission paid.  As a result, networks directly benefit from anything that increases the number of dollars of commission paid—such as allowing browser plug-ins to change non-commissionable traffic into commissionable traffic.  Merchants should be skeptical of networks too quickly declaring traffic compliant when networks literally get paid for that finding.  With Rakuten operating both a cashback service (with browser plugin) and an affiliate network, their incentives are particularly muddy: If Rakuten Advertising declares a given browser plugin tactic to be permitted, Rakuten Cashback can then use that tactic, increasing both Cashback fees (the Cashback margin on each dollar of rebate) and Advertising fees (the network margin on each dollar of affiliate activity).  I like and respect Rakuten and its leaders, but their complicated incentives mean serious people should give their pronouncements a second look.

Three, most people read the governing contracts hastily if at all.  I’m proud to have pulled out the 17 rules above, and I encourage readers to follow my links to see these and other rules in the larger policy documents.  Fact is, there’s lots of material to digest.  I’ve found that networks’ compliance teams often build rules of thumb that diverge from what the rules actually say, and ignore rules that are in some way seen as inconvenient or overly restrictive.  That’s a mistake.  The rules may not be holy, but they have the force of contract, and there’s real money at issue.  Importantly, networks are spending other people’s money­­­—making sure normal publishers get every dollar they fairly earned; and making sure merchants pay the correct amount, but not a penny more.  This calls for a high level of care.  We’re two weeks into the response to MegaLag.  How many people posted video-responses, blogs, or other remarks without finding, reading, and applying the governing policies?

Four, personalities and work styles invite even merchant staff to accept what Honey is doing.  Representative short-hand: “Go along to get along.”  Most marketers chose this line of work to make connections, not to play policeman.  Attend an affiliate marketing conference and you’re a lot more likely to see DJs and beer (party!) than network sniffers and virtual machines (forensic tools).  Meanwhile, it’s awfully easy for an affiliate manager to tell a boss “we’re working with Honey, the billion-dollar product from PayPal”—then head to the Honey gala at an industry conference.  Conversely, consider the affiliate manager who has to explain “we wasted $50k on Honey last month.”  People have been fired for less.  Ultimately, online marketing plays a procurement function—trying to spend an employer or client’s money as skillfully as possible, to get as much benefit as possible for as little expense as possible.  That’s hard work, and I don’t fault those who want an easier path.  I also don’t fault those who prefer the networking and gala side of marketing over the software forensics.  Nonetheless, collective focus on the fun stuff goes a long way towards explaining how problems can linger (and grow).

Is Honey profitable for merchants?

For a merchant evaluating Honey, the fundamental question is pretty simple: Does Honey bring the merchant incremental sales and positive ROI?  Clearly Honey’s browser extension positions it to claim credit on purchases users were already going to make, but incremental sales are what matter to merchants—purchases made only thanks to Honey.

My hypothesis is that Honey is ROI negative for most merchants.  If a user goes to (say) dell.com, the user is already interested in Dell.  Why should Dell let Honey’s browser plug-in jump in and claim a commission on that user’s purchase?  Maybe Honey will increase the user’s conversion rate from 5% to 5.1% (by proclaiming what a good deal the user has found, or by touting a Honey Gold sweetener).  But with payment to Honey, Dell’s margin will drop from (say) 7% to 5%.  Would Dell prefer 7% profit on 500 sales, or 5% profit on 510?  That math is pretty easy.

Of course the numbers in the preceding paragraph are just hypotheticals.  If users sufficiently trust Honey (whether correctly or otherwise), their conversion rate might increase enough to justify Honey’s fees to merchants.  If Honey could somehow persuade users to spend more—“add one more item to your cart, and you can get this $10 coupon”—that could increase value to merchants too (though I’ve never seen Honey deliver such a message).  Some merchant advisors think this is plausible.  I have my doubts.

Alarmingly, many merchants decide to work with Honey (and other “loyalty” software) without rigorously measuring incrementality (or even trying).  Most merchants take some steps to measure the ROI of search and display ads.  For years, affiliate ROI has been more challenging.  But I recently devised a rigorous method that’s doable for most merchants.  I’d enjoy discussing with anyone interested.  When I have findings from a few merchants, with their permission I’ll share aggregate results.

Looking ahead

It’s easy to watch MegaLag’s piece and come out sour on affiliate marketing.  (“What a mess!”)  For that matter, the affiliate marketing section of my site has 28 articles over 20+ years, almost all about some violation or abuse.

Yet I am fundamentally a fan of affiliate marketing.  Incentives aren’t perfectly aligned between affiliate, network, and merchant, but they’re a whole lot closer than in other kinds of online advertising.  One twist in affiliate is that when a rogue affiliate finds a loophole, they can often exploit it at scale—by some indications, even more so than in other kinds of online advertising.  Hence the special importance of networks and merchants both providing fairness and being perceived as providing fairness.  MegaLag’s critique of Honey shows there’s no shortage of work to do.

Posted on

The Design of Online Advertising Markets

Edelman, Benjamin. “The Design of Online Advertising Markets.” Chap. 15 in The Handbook of Market Design, edited by Nir Vulkan, Alvin E. Roth, and Zvika Neeman. Oxford University Press, 2013.

Because the market for online advertising is both new and fast-changing, participants experiment with all manner of variations. Should an advertiser’s payment reflect the number of times an ad was shown, the number of times it was clicked, the number of sales that resulted, or the dollar value of those sales? Should ads be text, images, video, or something else entirely? Should measurement be performed by an ad network, an advertiser, or some intermediary? Market participants have chosen all these options at various points, and prevailing views have changed repeatedly. Online advertising therefore presents a natural environment in which to evaluate alternatives for these and other design choices. In this piece, I review the basics of online advertising, then turn to design decisions as to ad pricing, measurement, incentives, and fraud.

Posted on

The Online Ad Scams Every Marketer Should Watch Out For

The Online Ad Scams Every Marketer Should Watch Out For. HBR Online. October 13, 2015.

Imagine you run a retail store and hire a leafleteer to distribute handbills to attract new customers. You might assess her effectiveness by counting the number of customers who arrived carrying her handbill and, perhaps, presenting it for a discount. But suppose you realized the leafleteer was standing just outside your store’s front door, giving handbills to everyone on their way in. The measured “effectiveness” would be a ruse, merely counting customers who would have come in anyway. You’d be furious and would fire her in an instant. Fortunately, that wouldn’t actually be needed: anticipating being found out, few leafleteers would attempt such a scheme.

In online advertising, a variety of equally brazen ruses drain advertisers’ budgets — but usually it’s more difficult for advertisers to notice them. I’ve been writing about this problem since 2004, and doing my best to help advertisers avoid it.

In this piece for HBR Online, I survey these problems in a variety of types of online advertising — then try to offer solutions.

Posted on

Accountable? The Problems and Solutions of Online Ad Optimization

Edelman, Benjamin. “Accountable? The Problems and Solutions of Online Ad Optimization.” IEEE Security & Privacy 12, no. 6 (November-December 2014): 102-107.

Online advertising might seem to be the most measurable form of marketing ever invented. Comprehensive records can track who clicked what ad–and often who saw what ad–to compare those clicks with users’ subsequent purchases. Ever-cheaper IT makes this tracking cost-effective and routine. In addition, a web of interlocking ad networks trades inventory and offers to show the right ad to the right person at the right time. It could be a marketer’s dream. However, these benefits are at most partially realized. The same institutions and practices that facilitate efficient ad placement can also facilitate fraud. The networks that should be serving advertisers have decidedly mixed incentives, such as cost savings from cutting corners, constrained in part by long-run reputation concerns, but only if advertisers ultimately figure out when they’re getting a bad deal. Legal, administrative, and logistical factors make it difficult to sue even the worst offenders. And sometimes an advertiser’s own staff members prefer to look the other way. The result is an advertising system in which a certain amount of waste and fraud has become the norm, despite the system’s fundamental capability to offer unprecedented accountability.

Posted on

Pitfalls and Fraud in Online Advertising Metrics: What Makes Advertisers Vulnerable to Cheaters, and How They Can Protect Themselves

Edelman, Benjamin. “Pitfalls and Fraud in Online Advertising Metrics: What Makes Advertisers Vulnerable to Cheaters, and How They Can Protect Themselves.” Journal of Advertising Research 54, no. 2 (June 2014): 127-132.

How does online advertising become less effective than advertisers expect and less effective than measurements indicate? The current research explores problems that result, in part, from malfeasance by outside perpetrators who overstate their efforts to increase their measured performance. In parallel, similar vulnerabilities result from mistaken analysis of cause and effect–errors that have become more fundamental as advertisers target their advertisements with greater precision. In the paper that follows, the author attempts to identify the circumstances that make advertisers most vulnerable, notes adjusted contract structures that offer some protections, and explores the origins of the problems in participants’ incentives and in legal rules.