How eBay Worked With The FBI To Put Its Top Affiliate Marketers In Prison(businessinsider.com) |
How eBay Worked With The FBI To Put Its Top Affiliate Marketers In Prison(businessinsider.com) |
Found this blog post with court documents and background: http://www.skepticalabyss.com/?p=291
EDIT: Found this old blog post by Brian Dunning: http://skeptoid.com/blog/2011/10/05/a-partial-explanation/
"Cookie stuffing refers to a web site writing a cookie to your browser without your knowledge or permission. ... It’s a scary-sounding term, but it’s fundamental to the way Internet advertising works. ... Cookie stuffing is more than just a standard practice; it’s an essential component of the mechanics of serving ads effectively."
As I understand it, they would do something like this: on every 1 of 10,000 page views (to Digital Point's forums, or other sites), they would embed a page from eBay (as the source of an image), which had their affiliate code in it. The visitor was none the wiser.
Keep in mind digital point gets a ton of traffic. Though only a small percentage had a cookie dropped, it added up to many.
Purely through coincidence, some of these people would later buy something on eBay in the next 30 days, earning them a commission. Its hard to argue they earned the commission, TOS or otherwise.
The articles mentions the guy who made the cooking stuffing software. He was pretty active on a private part of a forum I'm still part of.
Anyway eBay went after the forum as well, and promptly deleted his account and all the threads mentioning eBay. They also moved their servers offshore and deleted pretty much every thread that mentioned eBay in it.
I do remember he wrote a massive long thread about how the FBI raided his house and seized all his computers. He said the FBI agents weren't even told why they were conducting a raid on him and actually felt kind of sorry for him. He charged a pretty hefty price for the software ($500/month for the basic plan), but it was pretty advanced. They figured out that they could spoof referrers in flash, so rather then have a 1x1px image file, it was a tiny .swf file.
People were banking on that though, eBay first, then Amazon. You could buy shitty porn traffic and parked domain traffic for literally $1-2/1000 uniques visitors and stuff them all with cookies.
It was also round the same time Craigslist cracked down on affiliate marketers. People were literally getting hundreds of conversions a day on rebill offers like credit ratings and dating verification offers. One guy fled to South America so Craiglist and the FBI couldn't find him as he was literally making 6 figures a day.
I probably have said too much, but now everyone is pretty smart now. Facebook were the last ones to smarten their act up since their whole system/backend had so many loopholes in there it wasn't funny. Plus their security team only worked Monday-Friday, so if you noticed up until 2012, there would be a bunch of spam on your feed during the weekends.
Very interesting stuff. That must have been a fun forum at the time, when easy money was to be made like this. Thanks for the insight.
Cookie-stuffing results in a significant cost to eBay and no additional revenue. No sane company would sanction it (beyond maybe turning a blind eye to someone doing the odd bit of cookie-stuffing if they earned most of their commission on driving real sales). Of course, plenty of sane companies that have departments that don't talk to each other about ongoing investigations and sales guys focused on next month's commission...
The program managers' role was to encourage an apparently very effective affiliate marketer to drive more real traffic to eBay, whether that was because they believed most of his referrals were genuine, thought they could persuade him to switch strategy to actually doing real marketing for eBay or simply adopting a business-as-usual approach whilst waiting for the fraud investigation to conclude. Either way, by his own admission Hogan wasn't remotely interested in investing in actually driving traffic to eBay even if they provided additional cash to support it...
Why? It provided absolutely no value to them. Actually worse, it cost them affiliate fees on sales that rightfully would have been affiliate fee free.
There is no scenario where it makes sense that eBay (edit: wow originally wrote Amazon) would endorse this.
they invite one of the guys to a private dinner where he is the only non-eBay employee in attendance, and treat him like a king.
Have you considered that maybe his sense of truth is a little skewed?
That must have been some very advanced and dangerous looking screens and keyboards.
Why do we still accept this kind of confiscation of unrelated goods, while throwing big objections if the police had confiscated jewelery, clothes, or anything other non-connected but expensive items? By now, for all the tons of electronic items confiscated during raids, has any single screen or keyboard ever been part of the evidence provided to a court?
(And yeah, I'm totally ok with it)
A better statement would be: "The problem with the eBay affiliate program is that there isn't much money in it."
This is not a problem with affiliate marketing in general.
Should the Airbnb founders be sent to prison for spoofing interest in Craigslist ads and breaking their TOS? If the consensus shifts to yes, then our industry will become a very scary place to invest time and energy.
Also, the US legal system takes very seriously it role in setting precedents and has a strong commitment to following precedents -- specifically to make the law more predictable to folks like us. There're probably a lot of preceding criminal cases around affiliate-marketing fraud, and none for the kind of shenanigans attributed in these comments to AirBnB.
A lot of things fall under wire fraud rules. A lot of very common and routine business practices qualify as wire fraud. The fact that that is the only charge is very telling.
Finding out how many IP's were legit vs bogus was then a simple matter of going through the http logs making sure all gets of the cookie had matching gets of the gif. Cookie gets without gif gets were fraud.
So say eBay notices they are serving 1 million cookies a month to users, but only have 50,000 visitors relating to those people on their homepage. That's how they know this was cookie stuffing and not legitimate traffic.
Lets imagine I publish an eBay widget (I don't) to promote products I think people should buy. Lets say the widget just renders products in my sidebar. Lets say thousands of blogs then install this. Would I be then bound for prison?
I'm struggling to understand this murky situation based on how you described it.
Around that time I worked on finding ways to do untraceable cookie stuffing. Bouncing people through SSL to kill the referer, using Flash, etc. I even found a security hole in IE that gave me access to cross domain iframes. That was killer because you could load another site in an iframe then use JS to click an affiliate link or manipulate the page, making it appear completely legit.
Luckily it never went past research. I registered a domain and planned on creating a cookie stuffing service but never finished it and never did any actual cookie stuffing.
In verticals like e-commerce, it is indeed dominated by about 100-200 players. These guys range from RetailMeNot which is owned by Whale Shark Media to companies like FatWallet and Ebates. There is actually a big variety of major players in the space, but still most commissions are concentrated with them.
If you get into CPA, there's many, many more players out there. I know a few personally that make ~$100k+/month and one that does $500k. However, the commissions aren't concentrated with them. There are thousands of players making $5k-$15k/month with campaign churn. They tend to be 1-person shops working on the latest hot offer.
CPA is very crowded but is easy (sort of) to break into. There's a lot of money to be made, but you also deal with a huge amount of fraud and competition.
I was able to make a very comfortable living as an affiliate in high-end lead generation and B2B, both places where it was extremely difficult to compete with me. There are many segments like this where time and being willing to pick up the phone are often all the competitive advantage you need.
However, what happens is you can build a business or a site or do the campaign churn. People that build sites make some money for a while but are often crushed by more dedicated competitors. People doing the campaign churn (they don't own sites, just advertise stuff and make money off the difference) can keep going for a while, but have to constantly seek out new advantages.
Last, the ones that build businesses make the big bucks. And they often become more than affiliates, seeking to sell the products themselves or vertically integrating in their chosen space. One I know was dealing with travel and eventually became the booking agency for his vertical. No one can compete because he has exclusive direct relationships - the same advantage I sought in my own verticals.
There is a ton of money to be made, but it is a field fraught with risk, fraud, deception and hyper-competitive people with far fewer scruples than you.
I chose to leave the field after making my pile and build the tools I always wanted when I was in it - a much better business overall.
The dirty secret is that 90% of affiliate revenue is generated by coupon sites. For the most part retailers are giving away money that they probably would've generated any way w/o the affiliate.
I am more interested, for example, at making the clients I talk to on a day to day basis happy with my work than I am on the exact profit margin my company makes every time I bill an hour of my time to that account. I see my job as making my clients happy, not making my company's stockholders richer. Hopefully one leads to the other.
If anything, this just shows how clueless big companies are about online marketing "techniques".
He was essentially a script kiddie who paid for the script. He wasn't as successful. I think Amazon devotes more resources to tracking this kind of fraud.
Search any merchant + coupons and they are there. It's like printing money.
How effect, really, are any of these affiliate programs? Are online retailers actually able to measure how much new business the affiliates are really bringing in?
The crime was their attempts to obfuscate and hide the activity so that eBay could not legitimately tell if they were doing so against the ToS. Fraud includes intentionally deceiving someone in the context of an agreement, statement or contract (iirc). They got caught because they made a long-running habit of hiding their illicit activity to a degree which made them guilty.
Your hypothetical scenario is actually showing products.
According to the article, it seems eBay's gripe was that once the cookie was placed, the transparent .gif on their homepage was never triggered, so these affiliates were not sending traffic to eBay, but randomly waiting for these eBay users to purchase something from eBay.
This method was actually used by several successful affiliate marketers, now considered "industry veterans", in the early 2000s for Amazon.com and other big affiliate marketing programs.
It would eventually get one kicked out of the affiliate program and the violator would not receive any of their commissions, but this is the first I have heard of the FBI federally prosecuting affiliates for cookie stuffing.
Did these two people featured in the story do anything that was against US Federal law? Did they violate the eBay affiliates agreement (and that can't result in criminal charges anyhow)?
I've read through all three pages of the story twice, and all I'm seeing is eBay wanted to have their cake and eat it too. They even conspired with these two to help generate more affiliate revenue which eBay admits to.
Sounds a lot like another Aaron Schwartz-type pile of bullshit to me. eBay is going to enjoy their exodus of affiliate salesmen.
I take 1000 of the cards and put random people's names and addresses on them and send them in, once a week every week.
Fraud.
- If the iframe is invisible = fraud
What lands you there is defrauding eBay of $20 million.
Or did they use another method to place the cookie I don't know about?
I don't know if that works anymore because my "affiliate" time is well long over but I guess this loophole has been fixed long since.
IIRC iframe was a little problematic with some websites as they had frame break out scripts [1] - so you had to be creative.
The golden wild west times ... I somehow miss them. Money was lying on the information super highway - you just had to pick it up ;)
[1] something like http://www.thesitewizard.com/archive/framebreak.shtml
It will be interesting to see how this goes in court since you cannot prove that any given single user was NOT a "real" user. But on the whole, the traffic smells wrong.
I don't understand why eBay didn't just ban the users when they suspected foul play. Trying to prove this criminally beyond a reasonable doubt would have been hard.
If I were presiding over this specific case, and had a breadth of understanding that confirmed they were cookie-stuffing beyond a doubt, I would move to convict them.
I do think the line that separates a civil matter and a criminal matter is unclear at times.
Further edit: Oh, were you asking if I thought the Airbnb behavior an example of fraud? Well, now I guess I do... based on what I read today. I still think its a civil issue, but it doesn't matter what I think. Prosecutors be prosecutin'.
Also, legally it's only fraud if the victim doesn't know you're lying. I'm not at all convinced that was the case here.
When his traffic drops, the affiliate manager calls him and asks to do whatever it takes to get his numbers back up. It looks bad on her. "Why is affiliate revenue down 20% this month?" her boss asks.
She doesn't even CARE that it's crappy traffic. She needs affiliate revenue to rise and rise every month no matter what.
Every person at eBay doesn't have to act in the best interests of eBay, just in the best interests of their job at eBay. I'll believe that there were dozens of people at eBay who were encouraging him to do whatever he could to get his numbers up, no matter if it was white hat, grey hat or black hat. They didn't care.
And then suddenly one day someone cared.
I'm not saying its right to defraud them. I'm saying I can believe they condoned it at one point.
I agree with the rest of your analysis. Someone who was incented according to affiliate activity likely did encourage this, even if they suspected or had knowledge that it wasn't above board.
There are companies out there that pay salespeople a percentage of total revenue they get customers to buy, regardless if the order is profitable for the company. So salespeople offer 50%-75% discounts for their products to customers in order to get customers to buy, the salesperson makes the commission off the full retail price before discount, and the company loses on every sale with -75% gross margin. It's a fast-track to bankruptcy. No sane company would do this right? That company was called Ecomom. It happens that companies do things against their interest without knowing it as long as top line sales go up.
Companies give people license to do things in their own interest that are NOT in the companies interest all the time.
Well, it provided value to ebay's affiliate manager who could boast about how much revenue his affiliate program drives in. In a big corporation there are many factions. :)
This would make 90% of all applications/websites fraud. Most free(gratis) Windows software tricks you into installing spyware & toolbars. Almost every app on your phone tricks you into giving away personal data. Almost every website tricks you into being tracked across multiple websites.
Yes, tricking people for profit IS fraud. Tracking you across the web like Adsense does is NOT fraud. The act of stealing someone's contact list like Path does is NOT fraud either (but may be a different crime).
And very very little of web sites or applications engage in fraud. The world does a pretty good job of blocking these things, the way Chrome won't even let you go to a web site that has been known to deliver viruses. And yes the FBI should arrest these people.
http://blumenthals.com/blog/2012/01/31/is-google-intentional...
But going beyond that, even when differences are not subtle as in that blog post you still have a large swath of people who won't be able to distinguish ads from non-ads. Just go in the heart of a large city and observe the web-surfing habits of some regular Joe Shmoe and you'll be pretty astounded with his ad-detection heuristics. Large internet companies know and understand this very well, and indeed design their products as such. Heck, when I'm designing webapps I do this too, I guess I'm just cognizant about what actually I'm doing.
In other words, "tricking people for profit" is fraud. The Internet did not obsolete the crime of fraud.
I guess I'm just concerned with the trend. Things we think of as clever today may land people in prison. Its interesting and scary that we might not see it coming.
What a scam both ways.