Yes, the big blue guy and I have shared the same problem throughout the years – stuffing ourselves with too many cookies. Apparently though, my stomach isn’t the only recipient of cookie stuffing these days. As reported in ReveNews, eBay initiated a suit back in 2008 against an affiliate and alleging “numerous actions including fraud, racketeering activity under RICO (Racketeer Influenced and Corrupt Organizations), wire fraud and unauthorized access of eBay’s servers.” In June of this year, the FBI Cyber Crimes Department brought indictments against this same affiliate for wire fraud and criminal forfeiture. Their crime? Cookie stuffing.
If you are not familiar with cookies, they are small files placed on your computer by the websites you visit. Cookies are actually useful and usually quite harmless. For example, Session Cookies are kept in your computer’s temporary memory when you visit a site and are used by that site to store session identification. They don’t collect personal information and they don’t identify you in anyway. When you leave the site, they leave your computer.
A Persistent or Stored cookie stays on your hard drive for a select period of time or until you delete it. These cookies collect data about you in terms of your web surfing behavior or your user preferences at a specific web site.
A Malicious or Tracking cookie is one that stores your online activity, following you about trying to build a profile about your web surfing habits and interests. Though they are not holding personally identifiable information about your identity (we hope) they are trying to learn enough about the kind of person you are so that they can direct the right advertising message to you at the right time. Why is this site showing me so many sports ads. . .hmm. . . ?
However, many sites now use Flash cookies which aren’t controlled by the standard cookie and privacy controls located in the Tools section of your browser. In a study by UC Berkeley of the Internet’s top web sites, only four of these sites mentioned these cookies in their Privacy policies. These cookies are created using the Adobe Flash plug-in (the one that allows you to see a lot of cool videos and effects) and because they are relatively unknown, can be used to store information and track users around the web. Use the Adobe Flash interface to get rid of these (see the Wired article referenced below).
But, what about this cookie stuffing business? Cookie stuffing is a practice where the website you visit decides to place a lot of cookies on your computer. In affiliate marketing, where an independent website owner sells other people’s stuff, making sure they get credit for selling you the item is important. After all, if you are shopping around you may end up making a purchase somewhere else. Some unscrupulous affiliates will resort to stuffing your computer with cookies to ensure that if you go to other sites run by other affiliates their cookies will override the new sites cookies.
More typical though is the nefarious activity alleged in these indictments, where cookies placed on a user’s computer cause clicks to secretly be made on an affiliate link allowing the affiliate marketer to defraud a merchant with phony activity. As described in the ReveNews article: “Hidden forced clicks are when an affiliate link is invoked without a physical click by the end user. Various forms of technology and/or coding are used so that the merchant’s site is not actually seen by the end user.” One reason for doing this may be to build traffic to a site and boost rankings. In this case it was to increase the number of computers storing their eBay affiliate tracking cookie. Interestingly, the “wire fraud” aspect of this case doesn’t involve money transfers, but “transmission of the tracking cookie between states and internationally.”
Though the majority of Affiliate marketers are by far honest business people, in an unregulated world many will push the limits of technology to gain an advantage. Prior to this case, cookie stuffing was not technically considered illegal. But as the average users and authorities become more technically savvy the criminality and creation of unfair advantage behind such actions can be discerned more easily. In this case, both judge and grand jury members were able to understand the fraud being perpetrated and act upon it. Though I am not an advocate of increased Internet regulation, as I would rather see the industry police itself, there is a lesson here for all black hat wearers. The honest will eventually catch up with you and take your cookies away. They might also stuff you into a small room with bars on the windows and doors.
Tags: Adobe Flash interface, Adobe Flash plug-in, advertising, affiliate marketing, affiliate tracking, clicks, coding, Cookie stuffing, cookies, crime, Cyber Crimes Department, eBay, Flash cookies, Internet regulation, online shopping, ReveNews, Session Cookies, Stored cookie, Tracking cookie, web surfing, website, wire fraud