
How eBay Worked With The FBI To Put Its Top Affiliate Marketers In Prison - bocalogic
http://www.businessinsider.com/ebay-the-fbi-shawn-hogan-and-brian-dunning-2013-4
======
celticjames
Shocked to learn that Brian Dunning has done this. I've been listening to his
Skeptoid podcast for years. I always pictured someone of modest or middle
class means because he solicits donations to help keep the podcast going. I
didn't think he was also making millions from fraud. Ironically, 'consumer
frauds' is one of things he has listed on his website as a target of his
skeptical inquiry.

Found this blog post with court documents and background:
<http://www.skepticalabyss.com/?p=291>

EDIT: Found this old blog post by Brian Dunning:
<http://skeptoid.com/blog/2011/10/05/a-partial-explanation/>

"Cookie stuffing refers to a web site writing a cookie to your browser without
your knowledge or permission. ... It’s a scary-sounding term, but it’s
fundamental to the way Internet advertising works. ... Cookie stuffing is more
than just a standard practice; it’s an essential component of the mechanics of
serving ads effectively."

~~~
qeorge
Wow, that's a whopper. (the bit about cookie stuffing being normal)

As I understand it, they would do something like this: on every 1 of 10,000
page views (to Digital Point's forums, or other sites), they would embed a
page from eBay (as the source of an image), which had their affiliate code in
it. The visitor was none the wiser.

Keep in mind digital point gets a _ton_ of traffic. Though only a small
percentage had a cookie dropped, it added up to many.

Purely through coincidence, some of these people would later buy something on
eBay in the next 30 days, earning them a commission. Its hard to argue they
earned the commission, TOS or otherwise.

------
Matsta
Ahh this brings back some memories.

The articles mentions the guy who made the cooking stuffing software. He was
pretty active on a private part of a forum I'm still part of.

Anyway eBay went after the forum as well, and promptly deleted his account and
all the threads mentioning eBay. They also moved their servers offshore and
deleted pretty much every thread that mentioned eBay in it.

I do remember he wrote a massive long thread about how the FBI raided his
house and seized all his computers. He said the FBI agents weren't even told
why they were conducting a raid on him and actually felt kind of sorry for
him. He charged a pretty hefty price for the software ($500/month for the
basic plan), but it was pretty advanced. They figured out that they could
spoof referrers in flash, so rather then have a 1x1px image file, it was a
tiny .swf file.

People were banking on that though, eBay first, then Amazon. You could buy
shitty porn traffic and parked domain traffic for literally $1-2/1000 uniques
visitors and stuff them all with cookies.

It was also round the same time Craigslist cracked down on affiliate
marketers. People were literally getting hundreds of conversions a day on
rebill offers like credit ratings and dating verification offers. One guy fled
to South America so Craiglist and the FBI couldn't find him as he was
literally making 6 figures a day.

I probably have said too much, but now everyone is pretty smart now. Facebook
were the last ones to smarten their act up since their whole system/backend
had so many loopholes in there it wasn't funny. Plus their security team only
worked Monday-Friday, so if you noticed up until 2012, there would be a bunch
of spam on your feed during the weekends.

~~~
unreal37
I also tend to believe that these companies sanctioned this activity until
they were against it. A year after they claim to have started investigating
it, they invite one of the guys to a private dinner where he is the only non-
eBay employee in attendance, and treat him like a king. Its a contradiction.

Very interesting stuff. That must have been a fun forum at the time, when easy
money was to be made like this. Thanks for the insight.

~~~
corresation
_I also tend to believe that these companies sanctioned this activity until
they were against it._

Why? It provided absolutely no value to them. Actually worse, it cost them
affiliate fees on sales that rightfully would have been affiliate fee free.

There is no scenario where it makes sense that eBay (edit: wow originally
wrote Amazon) would endorse this.

 _they invite one of the guys to a private dinner where he is the only non-
eBay employee in attendance, and treat him like a king._

Have you considered that maybe his sense of truth is a little skewed?

~~~
unreal37
So eBay is cutting him a check for $1 million to $2 million per MONTH. This
equates to $2 million to $4 million a month in profits for eBay that they
share 50% with the affiliate.

When his traffic drops, the affiliate manager calls him and asks to do
whatever it takes to get his numbers back up. It looks bad on her. "Why is
affiliate revenue down 20% this month?" her boss asks.

She doesn't even CARE that it's crappy traffic. She needs affiliate revenue to
rise and rise every month no matter what.

Every person at eBay doesn't have to act in the best interests of eBay, just
in the best interests of their job at eBay. I'll believe that there were
dozens of people at eBay who were encouraging him to do whatever he could to
get his numbers up, no matter if it was white hat, grey hat or black hat. They
didn't care.

And then suddenly one day someone cared.

I'm not saying its right to defraud them. I'm saying I can believe they
condoned it at one point.

~~~
corresation
Saying "one rogue account rep sanctioned this" (which even that I deeply
doubt) is quite a world removed from saying that the company sanctioned it,
which was your original statement.

~~~
unreal37
I'm not saying the rep was "rogue". I'm saying eBay set up their affiliate
program to encourage affiliate sales "no matter what" and then in 2008 they
started caring for quality of affiliate links when they didn't care before.
Let me try this another way.

There are companies out there that pay salespeople a percentage of total
revenue they get customers to buy, regardless if the order is profitable for
the company. So salespeople offer 50%-75% discounts for their products to
customers in order to get customers to buy, the salesperson makes the
commission off the full retail price before discount, and the company loses on
every sale with -75% gross margin. It's a fast-track to bankruptcy. No sane
company would do this right? That company was called Ecomom. It happens that
companies do things against their interest without knowing it as long as top
line sales go up.

Companies give people license to do things in their own interest that are NOT
in the companies interest all the time.

~~~
craigching
Right, I agree with you. It's easy to imagine an affiliate rep who is
incentivised by affiliates doing well, i.e. they get paid based on affiliate
sales. You can even imagine some ebay affiliate reps being "ok" with a
description of how they're generating their hits because they're incentivised
by the affiliates doing well. Until someone upstairs figures out what's going
on. Then, of coure, the affiliate rep is completey clueless about what happend
and is _shocked_ that someone would do this!

What a scam both ways.

------
belorn
> Much of Hogan's apartment was a clutter of screens, hard drives and
> keyboards — which the FBI confiscated.

That must have been some very advanced and dangerous looking screens and
keyboards.

Why do we still accept this kind of confiscation of unrelated goods, while
throwing big objections if the police had confiscated jewelery, clothes, or
anything other non-connected but expensive items? By now, for all the tons of
electronic items confiscated during raids, has any single screen or keyboard
ever been part of the evidence provided to a court?

~~~
mikeash
I'm sure a lot of laptop computers containing screens and keyboards have been
used as evidence. It may be a little too much to ask FBI agents to only take
that which contains data, when it's not necessarily always completely
apparent.

~~~
readme
Indeed. Newer computers can look like a plain old monitor and have an entire
system onboard. This is typically obvious when it's a mac, but would an FBI
agent pick out this System76 computer as not being "just a monitor"? Who knows

(<https://www.system76.com/desktops/model/sabc1>)

------
kposehn
"The problem with affiliate marketing is that there isn't much money in it."

A better statement would be: "The problem with the eBay affiliate program is
that there isn't much money in it."

This is not a problem with affiliate marketing in general.

~~~
AznHisoka
Actually there's a bit of truth in it.

The dirty secret is that 90% of affiliate revenue is generated by coupon
sites. For the most part retailers are giving away money that they probably
would've generated any way w/o the affiliate.

~~~
AJ007
The dirty secret is that 90% of _e-commerce_ affiliate revenue is generated by
coupon toolbars. Its like what Shawn Hogan did, except it involves every
single e-commerce affiliate program instead of just one.

~~~
a5seo
Not toolbars. 3 words: Retail Me Not. They are going public this year w/ a
whisper valuation of $2 Billion.

Search any merchant + coupons and they are there. It's like printing money.

~~~
ansible
I know someone who occasionally uses that site, but only searches it for
things like a free shipping code _after_ deciding to purchase a particular
item from a particular online vendor.

How effect, really, are any of these affiliate programs? Are online retailers
actually able to measure how much _new_ business the affiliates are really
bringing in?

------
rwmj
More accurate to say to "put two fraudsters in prison". Hopefully they'll keep
on putting fraudsters in prison.

~~~
thetrumanshow
I agree, but the line that defines fraud is scarily unclear, IMO.

Should the Airbnb founders be sent to prison for spoofing interest in
Craigslist ads and breaking their TOS? If the consensus shifts to yes, then
our industry will become a very scary place to invest time and energy.

~~~
rayiner
Tricking people for profit is the definition of fraud. It says a sad thing
about the industry that shady practices like that are considered important
enough that it would be "scary" to have to abstain from them.

~~~
Proleps
> _Tricking people for profit is the definition of fraud._

This would make 90% of all applications/websites fraud. Most free(gratis)
Windows software tricks you into installing spyware & toolbars. Almost every
app on your phone tricks you into giving away personal data. Almost every
website tricks you into being tracked across multiple websites.

~~~
unreal37
90%? Are you sure you're not exaggerating that a little bit?

Yes, tricking people for profit IS fraud. Tracking you across the web like
Adsense does is NOT fraud. The act of stealing someone's contact list like
Path does is NOT fraud either (but may be a different crime).

And very very little of web sites or applications engage in fraud. The world
does a pretty good job of blocking these things, the way Chrome won't even let
you go to a web site that has been known to deliver viruses. And yes the FBI
should arrest these people.

~~~
clicks
I don't think that's an outrageous exaggeration.

[http://blumenthals.com/blog/2012/01/31/is-google-
intentional...](http://blumenthals.com/blog/2012/01/31/is-google-
intentionally-trying-to-minimize-the-fact-that-these-are-ads/)

But going beyond that, even when differences are not subtle as in that blog
post you still have a large swath of people who won't be able to distinguish
ads from non-ads. Just go in the heart of a large city and observe the web-
surfing habits of some regular Joe Shmoe and you'll be pretty astounded with
his ad-detection heuristics. Large internet companies know and understand this
very well, and indeed design their products as such. Heck, when I'm designing
webapps I do this too, I guess I'm just cognizant about what actually I'm
doing.

------
curiousdannii
"So eBay installed a tiny “gif” file on its homepage. A gif is simply an image
file. This one was so tiny no one could see it. It sat there invisibly."

~~~
Sujan
Does anyone get what the author actually means in the "invisible gif"
paragraph? Makes no sense to me how this could actually have helped to decide
if the traffic was real or malicious :/

~~~
noonespecial
For the hack to work, the victim's computer had to get a cookie from ebay. The
widget caused this cookie to get downloaded to the victims computer, but only
this cookie. Normal visits from legitimate users get everything on the page.
Adding a small invisible file meant that a normal user would get this file as
well as the cookie but the malicious widget would only grab the cookie.

Finding out how many IP's were legit vs bogus was then a simple matter of
going through the http logs making sure all gets of the cookie had matching
gets of the gif. Cookie gets without gif gets were fraud.

~~~
Sujan
With cookie-stuffing the cookie is normally "generated" by loading a page in
an invisible iframe. The loaded page is actually the same you would land on if
you clicked normal advertising, with "everything on the page" - including an
invisible gif. Visibility or Invisibility of the iframe doesn't change
anything to the loading of this file. That's why it doesn't make sense to me.

Or did they use another method to place the cookie I don't know about?

~~~
kybernetyk
You could trigger cookie setting with the img tag. <img src=[http://affiliate-
link-to-ebay.com>](http://affiliate-link-to-ebay.com>); would set the cookie
on most browsers.

I don't know if that works anymore because my "affiliate" time is well long
over but I guess this loophole has been fixed long since.

IIRC iframe was a little problematic with some websites as they had frame
break out scripts [1] - so you had to be creative.

The golden wild west times ... I somehow miss them. Money was lying on the
information super highway - you just had to pick it up ;)

[1] something like <http://www.thesitewizard.com/archive/framebreak.shtml>

~~~
Sujan
Ebay didn't use frame breakers, so much I know ;)

------
mmanfrin
'Top Affiliate Marketers' is linkbait. He committed fraud. Cookie stuffing is
illegal from any angle.

------
robk
Excellent. Fraudsters deserve jail time. Cookie stuffing is clearly
fraudulent.

------
xSwag
domainx.tld cannot set a cookie on ebay.com. Did they just iframe ebay (with
affiliate ID) and get caught? Or did they use some other method?

~~~
ianhawes
Iframe of the affiliate link. eBay sets the required cookies.

~~~
thetrumanshow
Wait, so they just rendered an iframe of a random product on ebay that
contained their affiliate information on a bunch of widgets they hosted ...
and this lands you in prison?

Lets imagine I publish an eBay widget (I don't) to promote products I think
people should buy. Lets say the widget just renders products in my sidebar.
Lets say thousands of blogs then install this. Would I be then bound for
prison?

I'm struggling to understand this murky situation based on how you described
it.

~~~
DiabloD3
Yes, this entire story makes no sense. They just attacked their own affiliate
base and tried to paint it as a good thing.

Did these two people featured in the story do anything that was against US
Federal law? Did they violate the eBay affiliates agreement (and that can't
result in criminal charges anyhow)?

I've read through all three pages of the story twice, and all I'm seeing is
eBay wanted to have their cake and eat it too. They even conspired with these
two to help generate more affiliate revenue which eBay admits to.

Sounds a lot like another Aaron Schwartz-type pile of bullshit to me. eBay is
going to enjoy their exodus of affiliate salesmen.

~~~
danielweber
You pay me $100 for every 10 people I get to fill out a card with their
mailing address asking for a catalogue from your company.

I take 1000 of the cards and put random people's names and addresses on them
and send them in, once a week every week.

Fraud.

~~~
DiabloD3
But thats not what the article claimed they did, and thats extremely hard to
do with eBay's affiliate program.

------
alanlewis
My takeaway from this is: stay the hell away from affiliate marketing.

~~~
hackerboos
No just don't commit fraud.

~~~
kposehn
Best answer I've seen yet.

------
driverdan
I came really close to getting into cookie stuffing back in its heyday. I'm
really glad I didn't. No one gave a second thought to it 5 years ago. I never
once saw the words "fraud" and "cookie stuffing" on the same page.

Around that time I worked on finding ways to do untraceable cookie stuffing.
Bouncing people through SSL to kill the referer, using Flash, etc. I even
found a security hole in IE that gave me access to cross domain iframes. That
was killer because you could load another site in an iframe then use JS to
click an affiliate link or manipulate the page, making it appear completely
legit.

Luckily it never went past research. I registered a domain and planned on
creating a cookie stuffing service but never finished it and never did any
actual cookie stuffing.

------
magikbum
Their whole story reads as an elaborate squeeze page. "Earn $10 Million a Year
on Ebay now!"

------
ChrisNorstrom
Real Quick: Just wondering, what if you made a browser extension that replaced
all the links a user saw on every page they visited to affiliates links from
Amazon and Ebay? Would that work?

------
dude3
And the bankers.... O yah nothing happens to them. 28 million wasn't enough
apparently

------
cpncrunch
It just sounds like ebay's affiliate scheme is/was wide open to abuse.

