Results 1 to 9 of 9
  1. #1
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,086
    To battle a problem like parasiteware, we really need to measure it.

    Some parasite stategies show up in the form of cookie swapping. They cause cookie a to become cookie b. It seems to me that you could measure this phenomena by measuring the number of times that cookie b overwrites other cookies. This would be a very simple thing to measure. You could add code that measured cookies like:


    If currentCookie != newCookie Then
    INSERT INTO Cookie_Track VALUES (time, currentCookie, newCookie, http_refferer)
    End Then
    setNewCookie

    (http_referrer is part of the http header that holds the name of the referring page, this lets you go back and see the pitch made by the cookie overrider)

    By simply recording the value of the old cookie and new cookie, you would have a very valuable database showing the patterns of cookies overwrites. If you are recording the times that different cookies get written, then you would be able to spot programatic parasites, because cookie b overwrites cookie a within seconds.

    Let's say a merchant finds out that half of ebates cookies are replacement cookies, then they know for certain that ebates is the horrible ugly blood sucking leach that really isn't making sales...like we all suspect.

    The other strategy for parasites involves cookie forgery. You could catch and stop these thieves by putting a unique id with each cookie. Lets say the same unique id keeps showing again and again and again...you've caught yourself a cookie forger.

    This leaves us only with the parasitic strategy of parasites that intercept a URL and change the affiliate tag on the URL before sending it to the merchant. Contracts need to be written as to clearly prohibit this activity. When we find a program that includes this type of activity, we should sue them for fraud. I doubt there is a court in the land, or jury, that would accept changing the destination of a browser as a legitimate business practice.

    In any case, I believe that, in order to make good informed decisions about what is and what is not parasitic activity, we need to form ways of measuring the problem.

    A program that records all cookie changes would be easy to write, and provide some valuable info on how different sales stategies work. Merchants may find that a lot of people come into the site. Find an item to buy, the run out and look for deals and coupons, then come back into complete the sale. Hence the coupon sites are not the ones making the presale...although they capture the commission.

    Missoula - Short Stories

  2. #2
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    If merchants and networks wanted to be honest in assigning commissions to the referring partner then they'd refuse to pay commissions to any affiliate who didn't have and Impression -click -sale associated with a transaction. At the very least all commissionable sales have to have a click -valid unaltered cookie placed and a legit sale.

    Behavior modification through an "Ethics" statement is an ideal best left for a later discussion. We need a short contractual amendment added to the existing networks TOS that restricts commission payments to a specific requirement. This requirement should not single out any particular affiliate group. It has to apply equally to all affiliates in order for them to get paid ccommissions. After all this whole thing is about money so it should attack commission payment as it's core element.

    Keep it short so lawyers don't wrangle over every word for month's on end.

    Make it apply to ALL affiliates so the lawyers for the parasites can't argue they are being singled out for exclusion. No discussion needs to take place on parasitic methodology -interuption techniques or triggering devices.

    We all know, if given a choice, NO MERCHANT is willing to pay ANYONE for monitizing traffic streams except for approved affiliate partner network generated links. Cut out the parasites ripping off the merchants when they're cleaned will get merchants to sign and support the clause.

    In no way should any ABW sponsored attorney be allowed to submit a seperate document into the mix. All attornies have to work off of one document/clause representing ALL parties -affiliates Dupers -parasites-networks -merchants. A roomful of biased attornies will guarantee no agreement gets reached.

    The networks have to get something that only requires all parties, affiliates & merchants, to click on a "I agree" box to implement compliance. No lengthly reprogramming of the tracking/reporting software which is different and expensive for all of them.

    The refusal of the simple clause by any party involved within the negotiating team has to be something that portrays them as not willing to abide by any rules agreeable to the others. They'd be portrayed immediately as just using the whole meeting as a stalling tactic or a forum on devising loopholes. Hopefully it will be the parasite/duper group who might piss off the networks so much that they unplug them all from the money pool.

    I go back to my simple clause which was the foundation for pay per performance marketing. If it is unfair to the dupers and parasites let them devise their own merchant networks and feed off of the SE's and portals and all content sites equally. They then will be run out on a rail, tarred and feathered, by the big money lawyers.

    _______________________
    "No commissions will be deemed payable unless they originate from an approved affiliate domain site by a network generated link code or from similar links in a OPT-IN email identifying the approved affiliate domain."
    _________________________

    No party is singled out as an abuser in the above clause!!! No party receives money where they didn't add value to the transaction process.

    This eliminates or makes for a level playing field the group called parasites -Incent Interlopers -spammers from getting monitized by the networks. All ABWers will therefore have to eliminate SE PPC keyword links that go directly to a merchant site and instead have them go to their domain page first.

    WebMaster Mike

  3. #3
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,086
    Software to track cookie swapping behavior would not be difficult to write or implement.

    If you want to make an actual effective program that gets rid of the parasites, your best tact is to have a good solid set of metrics in place before you start with the legal definitions.

    Before companies can make a strategy, they need to have metrics that show what is occurring and how often. The whole basis of western science says measure first. Cookie swapping is measurable.

    BTW: Not all cookie changes are bad. I might have a misleading ad that leads someone to click on TD. A few days later, the same user sees your well written presale for something on TD. The click, see that the incredible offer is true, and buy. You deserve the sale. This would be a legitimate cookie change.

    Missoula - Short Stories

  4. #4
    Newbie
    Join Date
    January 18th, 2005
    Posts
    41
    Would encrypted cookies solve the problem entirely?

    I'm talking about a system similatr to pgp where a "key" would be assigned to each affiliate.
    Each cookie would be encoded so that the sale would not work with any other key.

  5. #5
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,419
    I'm not sure that the your theory is correct. You assume the cookie is just being swapped or that the affiliate id is just exchanged.

    A client side application could in fact start a new browser session "hidden" (with their own affiliate link internal in the program) and then close the window (which is why I'm concerned over popup blocker programs as well). The user would have no idea this is going on, the status of "session info" for the orginal referer gives no clue to the cookie being overwritten but, a new cookie would have been written. When a sale is made and the cookie info is read, the commission is diverted.

    Hence, even a security key using this method has no impact on detecting or stopping the diversion.

    The only way I see to detect legitimately all cookie changes is for cookie information to be sent and "recorded" as part of a click on a link.

    With this information, results of clicks could be reported and sorted on machineid, merchant, date_time and affiliate_id and exact patterns could be seen what is happening at a cookie level on individual machines. Something like this could be used to clearly show abuse as illustrated below:

    mach_id merchant date time affil id
    11111 1 11/01/01 12:54:06 1
    11111 1 11/01/01 12:54:07 2


    While this approach may "enable" detection of foul play, I'm not so sure that users want their shopping habits stored on an external server.

    The storage of machine identifiable cookie information on an external server would likely be termed spyware itself.

    Funny paradox huh [img]/infopop/emoticons/icon_wink.gif[/img]

    The best case scenario I've seen is the one that was proposed by Michael of BaseNecessities (I believe he proposed it anyway). It simply disallows updates of cookies to be written within certain time frames. Of course, date time information can be changed programtically so it's a little more complex than that and some of the affiliate information is stored in the http session as well.

    I've never assumed that the issue was as simple as a parasite simply changing "a basically static cookie" that they just replace or change with file related functions after a link is clicked on. This method (using file functions to change information) is clearly "more fraudulent" than the approach I suggest which uses valid processing enabled by networks and merchants (with gaping holes) to accomplish the diversion within acceptable procedures.

    Merchants and the networks need to wake up on this issue and incorporate standards that prevent this and other types of fraud. The parasites have elevated the stakes so that they turn free traffic from bookmarks or even direct typing of urls into commissionable orders (which also verifies they aren't just replacing an id inside an existing cookie).

    It won't be long before we have programs just blantently copying cookies to a users machines to get credit for all sales that don't go through affiliate links (that aren't already hijacked by other parasites).

    Also, the real spyware programs who watch unsuspecting users already know a users habits and could just as well be using the users browsing habits agains't merchants by copying cookies to their machines as well.

    Some people may call me paranoid but lets face it, these people are unethical and performing criminal behavior (maybe not in the legal sense yet but it is criminal in intent - to take something away that rightfully belongs to someone else). Some people (networks and merchants) are openly embracing this too.

    "Complience teams", "standards" and "code of ethics" statements will never stop diversions.
    The only way to stop it will be with the development of credit card like information and checksums being added in cookie information as well as steps to prevent overwriting of cookies within a browser session and or a certain period of time on a users machine.

    The amount of money being diverted from affiliates and merchants alike from online sales is very likely a stagering number that would boggle the mind.

    I'll once I again urge merchants and the networks to wake up in this matter and to stop undermining affiliate relationships that line your pockets with cash.

    Other forces are at work here and I'm not just taking about parasites.

  6. #6
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,419
    I was just doing some more investigation on BHO's and found this in the sdk documentation:

    quote:

    Being able to control Internet Explorer 4.0 is great, but if you can’t tell what Internet Explorer 4.0 is doing, you still don’t have full control. For this reason, Internet Explorer 4.0 exposes an event interface through which you can monitor its activity and perform certain actions.

    Let’s say you are creating an application for use on your corporate intranet. You may want to restrict your users from navigating to a URL outside of your corporate domain. By listening to events from Internet Explorer, your app can determine when a user is navigating to an external URL and then cancel this navigation completely.



    If I understand this right, affiliate links are not necessarily "overwritten" and ANY cookie re-write scheme would likely be non effective on "some" of the parasites.

    Why, the BHO's could recognize a link, cancel the navigation and then issue their own link as the url to process. The only thing that bothers me here is that for this to happen, the parasite program would likely need some kind of hook to tell it what merchant the encoded affiliate link was directed at............

    This could imply a much bigger involvement by the networks in assisting the parasites than previously thought or...... a much broader plan by the parasites to intentionally interfere with businesses via unfair trade practices.

    I'm going to digest some more info and think on this one for a bit.

  7. #7
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Happypoon ..they ebiz plan for parasitic BHO adware/spyware applications is simple. Use any and all means to get the crapolla installed on as many systems as you can. We're dealing with Theftwarez Cyber Terrorists who could care less if they used computer virus embeded installs or driveby installs to cut into someone elses revenue stream. Bad enough all the FREEBEEs are infected, now the greedy can't rely upon just those to get mass market penetration, they resort to raping site visitors with hidden installs. Very much like the Opt-out crowd who advertise Opt-in emailings. Lying wanks pervade the ranks of all online advertising agents. Hopefullu the management at the networks will finally listen and ban the word advertising from ever being used in their speachs or sales pitches.

    WebMaster Mike

  8. #8
    Newbie
    Join Date
    January 18th, 2005
    Posts
    23
    quote:
    Originally posted by yintercept:
    Let's say a merchant finds out that half of ebates cookies are replacement cookies, then they know for certain that ebates is the horrible ugly blood sucking leach that really isn't making sales...like we all suspect.



    ? Not according to the LS afftrack meeting last Thursday per LS . . .

  9. #9
    Newbie
    Join Date
    January 18th, 2005
    Posts
    2
    How about a simple third party program that identifies all the forms of thiefware on a persons computer and alerts them to it then asks them if they would like to upload a program to "Stop Thieves from Hijacking by Downloading this FREE Program", that way it is agreed to.

    So then what we would need is a protected program that resides on the persons computer that collects cookies and makes sure that no other cookie can replace that cookie until it is actually set to expire. And maybe it could even be set to delete cookies that attempt to overwrite other cookies by using a cookie verification system housed in a secure location on the users computer. Any programmers out there think this is a reality?

    How about even using the cooking to change the affiliate link back to the approved link everytime the hijacker tries to steal it. Steal it back in otherwords from a protected directory.

    http://www.worldmall.tv

  10. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. 5000 and Counting
    By Kevin in forum Virtual Family and Off-Topic
    Replies: 15
    Last Post: December 9th, 2009, 04:07 PM
  2. Anyone else counting the days?
    By flamingoworld in forum Midnight Cafe'
    Replies: 4
    Last Post: March 21st, 2007, 12:28 AM
  3. T Minus 7 and counting
    By popdawg in forum Midnight Cafe'
    Replies: 1
    Last Post: December 15th, 2002, 05:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •