Exposing the Honey Influencer Scam [video]
youtube.comThis was really wild to watch. Honey is so masterfully crafted to be deceiving. I had it installed years ago, and it intuitively felt like something was scammy, so I uninstalled it. Really incredible work by MegaLag. It seems to be a wholesome trend among creators like Coffeezilla, etc. I hope more of this rot will surface.
I am more impressed by the thoroughness of this IJ report than Honey’s browser extension which just re-writes affiliate cookies.
Honey is a parasite stealing from other parasites.
They're trying to position themselves as Yelp of coupons. They snatch coupons that people use (for example 90% off special coupons meant for specific people, that just happened to have the extension installed), then they have a partner program for companies that allows the partners to control what coupons honey can apply on their site.
You don't need to join it, but then your customers get automagically the high value coupons applied, but if you pay them $XX per month, you can limit what gets applied.
Proper old school investigative journalism, and he didn't hold back. Terrific scam, but, y'know, PayPal – I'm an old timer and remember the early days of that outfit. They're still blocked at the firewall from events 25 years ago.
Remember kids: Marketing is a psychopathy.
I love how the only historical discussion on the topic he found was a HN discussion from 2019 where at least one person was confidently claiming they don’t steal affiliate commissions: https://news.ycombinator.com/item?id=21589273
That's not the only one, Linus website had the same discussion an the confirmation that it did happen and lead to an end of their partnership
Yes, true, I should have said the HN thread was “one of the few discussions” not “the only discussion.” HN discussion was much earlier than the LTT one though.
haha yeah, I went back in time and found that same comment from gamblor956 and was thinking "comments that don't age well"
As someone who has used Honey in the past, while I knew it was taking affiliate commissions in some form or another I had no idea just how insanely deceptive it was.
I was completely unaware that it sneakily overrides any existing affiliate codes, AND does this even if it hasn't found any discount whatsoever.
It's hard to see this as anything other than fraudulent.
... and also lets stores ensure the end user doesn't get a deal the store doesn't want them to get!
As an ex-employee, the overriding affiliate links and setting fix discount rates with merchants is sad to see. The original mission was always to help customers make more informed purchases and save money. Seems like a lot of that was lost post-acquisition, and instead of innovating on the core mission of saving money, they just doubled down on exploiting first click affiliate monetization. They should only make money if customers save money and partner with affiliates but instead they hopped on the gravy train.
What was the original business model that Honey had? I only know of the current Honey approach, inserting themselves into the checkout page, did Honey work differently before? More like a coupon search engine? That’s the only way I can imagine “first click” makes sense.
I feel like this should be up to the affiliate networks to kick Honey out of their programs for TOS violations right? Or Google removing it from the Chrome store?
Most of the merchants seem to be somewhere between indifferent and complicit in what Honey is doing, so there is no problem there (the teaser for part two seems to elude to what happens to the merchants who don't play along).
The Chrome team seems like the one that would be most pissed about this. While some aspects of their management of the extension ecosystem are problematic, they make an effort regarding trust and security. The reason Honey has to be so aggressive in getting you to click a button in that popup window is the browser won't allow it to interact with the page (to swap out the cookies) until the user has affirmatively interacted with the extension on that page. That is intended to prevent extensions from maliciously manipulating third-party sites without user consent.
I feel like if I did this, I would be charged under the CFAA with at least 5 years prison time.
"Cookie Stuffing" Internet Fraud Schemer Pleads Guilty
https://www.justice.gov/usao-sdal/pr/cookie-stuffing-interne...
Thank you, this is incredibly relevant!
Yes well people get upset when antifa does anything
Agreed, this feels like fraud
I would imagine that it’s hard to remove content like that. Is it breaking any T&Cs? Is it illegal? Is it harmful to users? If not it’s hard to draw a line and apply it correctly in such a way that you don’t get sued for things like this.
Alternatively, Manifest v3 is supposed to make things like this a lot harder. Users would need to activate the plugin rather than the plugin popping up all the time if I understand it correctly. Manifest v3 was designed to enforce better privacy practices in the Wild West of browser extensions.
I was thinking the same about why don't they just remove it from the Chrome store, but I'm not sure of the relationship Google and PayPal have.
PayPal is one of the payment methods offered by Google for all kinds of things such as the Play Store, YouTube subscriptions etc. I use it myself for those purposes.
It might sour things between them?
This is absolutely wild. In a just society this would be illegal. Why are we just hearing about this now? this is the most rot economy, rent-seeking behaviour imaginable.
The age of leechy middlemen has made me completely cynical about any new app (and most times tech in general).
It's wild how quickly online businesses went from exciting to shady and scammy.
Feels like 2003-2013 was a golden age for internet services.
It's becoming difficult to trust anything on the internet. It's quite sad.
It arguably is illegal, although I'm sure they have a high-powered legal department that will argue it isn't.
PayPal has deep pockets, making it an ideal civil suit target. There are also 50 state AGs who might be interested in pursuing due to this potentially fraudulent activity.
Great investigative research (wish there was more of this in the news).
Kind of insane how they intentionally override existing affiliate codes at checkout even if it doesn't save you money.
I switched to Rakuten for cashback and PriceLasso and Keepa for price tracking.
How do you reckon Rakuten makes money to afford those cashback dollars?
A very timely news for something I've been working on lately.
It goes without saying that there's conflict of interest, but the interesting bit is such conflict arises because of crude thinking from the execs about what makes discount code works.
Discounts is a form of marketing, simple as that. If your company sells products at a discount, it means that you're spending extra marketing cost to sell higher volumes. Anyone in the middle distributing this discount information will charge extra for their service.
Anyone competing to charge companies for marketing can only meaningfully compete on cost and reach. In terms of cost, most discount code websites tend to only give small discounts to consumers as the 'sales' cost is internalised in other forms, e.g. commission, so only a fraction gets passed on to them.
At the end of the day, these kinds of businesses will fight to find any margins possible, however small, to keep the company afloat because competition will erode these margins away through price reductions to these companies.
This is why Honey is the way it is now, because the incentives forces them to do so. It is harmful to end consumers as they have no $$ on the table to influence this large incentives.
Honey doesn't have to do this, but they think they do probably because most companies around them are doing the same, so why not? But there's examples (like x.com) to show that you CAN charge consumers directly, and they'll pay handsomely if your product is good enough.
That's why I'm starting Pence (https://pence.so), where I charge consumers directly for giving them better deals. I don't charge merchants because of long-term incentive alignment for end consumers. The supply of deals comes from marketing emails that you and I receive, and these companies are sending them for almost nothing as email is a free protocol.
Feel free to challenge me, as there's obvious concerns I've anticipated for my product, but I think it's one valid way to think about this issue differently.
Concerns about Honey were raised four years ago by Wladimir Palant: https://palant.info/2020/10/28/what-would-you-risk-for-free-...
These are pretty serious privacy concerns, and underscores why the Honey extension is bad for users. However, I'd say these concerns are almost orthogonal from those raised in the original article, which listed concerns mostly to the other side of the transaction (the retailers, marketers, and YouTube influencers). So basically, it's just garbage from every direction.
The premise of “trust me; I’ll find you the best coupon codes for that product; don’t look yourself” always rubbed me the wrong way. Sad to hear what they’ve done to the people who trusted them.
I mean, some rando's hobby project on github would pre pretty trustworthy in this space because the incentives are aligned. The dev and the contributors have no financial stake except as users who want to pay less for stuff. The moment it becomes a business that needs to make money it (predictably) falls apart. uBO vs ABP.
I'd say a better example of an extension where the dev and users' interest are aligned is SponsorBlock: people can contribute by sending sponsor segments, and the extension then skips those parts of the video for everyone. You can upvote or downvote others' segments, and that's it. Replace "video" by "ecommerce site", and "sponsor segment" by "coupon" and that's what an extension like Honey should be.
That's wild. So they just take the affiliate commission for everything when installed?
A lot of people purchase things through affiliate links to knowingly support the affiliate.. But if they have Honey installed it just "steals" the referral..
I don't work in this space but how is this not literally bright line can be proven by anyone with the extension affiliate fraud?
not sure if that's correct - i think the user has to click on something in the honey popup for them to overwrite the affiliate cookie. outright stealing everything would be too brazen and would probably get noticed by competing programs like rakuten.
however they insert themselves in the checkout page and offer measly honey points in the form of cash back as a cut of the commission they'd get.
there are stand down rules in the affiliate marketing space where you're not supposed to show your popup if someone has already claimed attribution of a purchase but i've heard many extensions don't follow these well.
In 1996, IBM's AIX with the web browser packages installed (NCSA Mosaic or Netscape, I can't recall which) silently sent telemetry back to their mothership without any clear notice or opt-out mechanism. They just sent data back home every few hours without telling their customers what they were up to. I discovered this because it was constantly keeping an ISDN router dialing at all hours, racking up telco bills for a dial-on-demand connection. Fixed by deny listing that particular IP to be un-routable.
This has me wondering if this could be cause for a class action lawsuit by influencers affiliated with Honey or by Consumers who installed the extension.
This is a messy legal situation…
For the most part, it looks like consumers weren't directly harmed aside from the false promises about "finding the best deal," but consumers weren't paying anything to Honey for that promise.
The harmed parties, the referring affiliates whose links were overwritten, would have to argue that Honey, as a third party, tortiously interfered with them and the merchants paying the affiliate commissions. Third-party claims are challenging, especially when the merchants seem complicit.
I would argue that the consumer was deceived as well. People may click the links intentionally to also support the creators. They expect the affiliate money to go to that creator. Saying the consumer was not deceived would be similar to arguing that stealing money donated to charity doesn't hurt the ones who donated since they didn't gain anything directly either way.
Honey by withholding and hiding better coupon codes submitted by users, was betraying the service they marketed for users and were harming them with higher prices.
Shouldn't affiliates sue the merchants for allowing the steal? The merchants surely must notice how often Honey steals the referrals and they benefit likely by laying less in referral fees. So this is collusion by merchant and Honey against the affiliate.
It seems that the merchants were strong-armed into a mafia-style deal with Honey, in that if they didn't partner with them then Honey would suggest the better coupon codes that not everyone was able to have. If they did partner with them then they would be allowed to suppress those particular coupons. Seems like a damned if you do, damned if you don't situation. If I were a merchant I'd definitely prefer to have the original affiliates rewarded as they are the ones actually driving the visits rather than Honey stealing the commission after the user is already there intending to buy.
My guess any person who shared affiliate links have good grounds for being part in a lawsuit. Not only they did not receive any money from PayPal for promoting Honey they had their affiliates stolen.
Honey will likely try to cop out by claiming the affiliate only changes if the user clicks the button and thats intent.
I feel like they could maybe argue that when Honey is used and actually applies a coupon and saves the user money. But when they click the “OK” button to dismiss the pop-up that says “sorry, we didn’t find any coupons for you”, there’s absolutely no excuse for stealing the affiliate cookie.
Looking forward to it.
Is there a plugin I can use to remove affiliate links altogether for privacy purposes?
Insane. This is just regular old theft. No different than an extension that mines bitcoin.
This is basically the same scam the Brave does
I am a heavy user of Brave and I would love for you to expand on what you mean.
For those curious, here is the open-code repo of all Chromium changes Brave applies. I have not read every commit myself, so any flagging would be appreciated: https://github.com/brave/brave-core
Brave used to insert their affiliate parameters by default when visiting websites.
https://news.ycombinator.com/item?id=23442027
You may also be interested in these topics:
https://news.ycombinator.com/item?id=18734999
https://davidgerard.co.uk/blockchain/2019/01/13/brave-web-br...
They've made good changes after community backlash but their core business model is mostly middle-man stuff with a splash of crypto on top. Firefox's is the Google search engine deal. Pick your poison, I guess.
Would love to see someone make a video about Brave if Brave is doing the same thing.
What does Brave do?
It's called cookie stuffing, and it constitutes wire fraud.
These browser extensions/add-ons with shady monetization tactics have been around since the 90s. The fact that honey in particular has been around for so long and promoted by popular influencers just proves that there are behind the scenes negotiations taking place that is preventing them from being criminally prosecuted much less immediately banned from these affiliate programs.
How would you even build a better version of this geared towards consumers? I don’t see the incentives lining up unless you start charging for the service.
The same way that uBlock Origin was built. Scams being the only way to make your product "profitable" doesn't validate the scams. That's like saying "I made a business offering to clean people's houses for free. Of course I'm gonna steal their stuff while doing it, how else do you expect me to make money?!"
The consumer never gets the affiliate cut either way. If there are coupon codes, the consumer wins. If there aren't, the customer only loses a bit of privacy about what they're buying, which most people don't care about anyway.
If the consumer intentionally uses the affiliate links to support the creator, then they are deceived if someone else steals that cut. This would be similar to charity money being stolen by some third party - the donator would not be getting that money anyway, yet they might feel hurt if it turns out their money didn't go where they wanted it to go.
If there's a better coupon code, but the retailer pays Honey to not show it to you, the consumer loses.
how do you think rakuten cash back works
I have no idea. I'm entirely unfamiliar with that.
cash back to the user is a cut of the affiliate revenue/commission they get for the sale. this is commonly how all third party ecommerce cash back programs work (honey, klarna, etc.)
the video explains how honey has the same thing but the cut they give you seems to be tiny - like less than a dollar to users for a $30 commission for them as one example.
i dont know if this is common practice or not but i'm not a user of these extensions personally.
a simple database of coupon codes for each retailer. That’s it. Basically a “Retailmenot” copy.
Interestingly, RMN did sue over alleged IP infringement in 2018 [1]
[1] https://ia803106.us.archive.org/8/items/gov.uscourts.ded.656...
It seems like honey has their claws in almost everything. Correct me if I'm wrong, but would this make affiliate marketing a waste of time for the rest of us?
At this moment, Honey addon is still in Firefox and Chrome's catalog. Have reported them at both places and gave 1-star as well.
Wild. What an incredible investigation.
is there not an opensource alternative? i mean its webscraping which is very established surely it exists. anyways we should bring them traction if they too arent evil
I'm down to contributing to such a project. But there wouldn't even be a need for scraping, just crowdsourcing: people can submit coupons on checkout (perhaps try to detect if they are using one, at least on popular sites) and be offered to share them.
Once shared, they are presented to other users, who can try and validate them, or indicate they don't work (for single-use coupons or expired promotions). "Bad" coupons get removed, good coupons keep getting presented to users.
I don’t know what the (country) equivalent is, but the UK has HUKD - they need an extension.
There wouldn't be an extension because it wouldn't make money. This is the whole reason behind how Honey works. Honey is using its existence as an extension to steal commission, and partnering with retailers to suppress certain higher value coupons. HUKD has adverts on its website as one of its means of making money. Something which obviously you couldn't do via an extension or users wouldn't install it.
Owned by Paypal of course. Lol.
With more deregulation just beyond the horizon, I wonder how much latitude these companies are going to get with siphoning/stealing from people.
It’s amazing IJ from MegaLag, but what’s do we expect going forward?
Honey was essentially given a slap on the wrist by a pseudo-regulator, BBB [1]
Yet another slap on the wrist with a civil suit? Honey changes their T&C. Lawyers get their massive cut of the class action settlement while individual consumers, “influencers” get a pittance?
Nothing ever changes unless C-suite starts going to jail.
[1] https://bbbprograms.org/media-center/dd/nad-honey-science-co...
just goes to show again how LTT and LMG are scummy people
For me It was somehow obvious "they need to make money on something", and it doesn't surprise me at all that they are inserting own affiliate links. Would I call this scam? No, I wouldn't. Firstly I thought they started to genuinely deploy malware or some crypto-coin miner.
It is not the only claim in the video.
There are at least the following claims:
- Inserts its own affiliate link (even when no discount is found, uses strategies to push for interaction like adding a dismiss/pay with paypal link that adds the affiliate association)
- Adds a very small kickback from the affiliate payment they receive as a rewards program. (Which, while scraps, makes content creators "lose" in economic terms in the affiliate offerings)
- Promises to consumers to find the best discounts available
- Promises to vendors to allow control of the discounts offered and the offer rate of said discounts
- Previous both promises are contradictory yet simultaneously offered
- An extra/upcoming claim around forcing non-affiliated stores to affiliate.
I think that's surprising... why wouldn't you consider it a scam? Hell, even a malware?
Honey does the following:
- Stealing the commission from an affiliate link assigned to someone else
- Cutting itself a commission by inserting an affiliate link, when there was none, essentially profiting off you without your consent.
- Gives you the worst discount code possible, while saying it got you the best deal
- Cheating the companies doing the affiliate marketing by taking credit for purchases that happened without honey's involvement
It’s effectively malware
> it doesn't surprise me at all that they are inserting own affiliate links.
I bet it surprises everyone who had their affiliate links quietly swapped out.
> Would I call this scam? No, I wouldn't.
Then your definition of 'scam' needs work.
While we might expect PayPal's Honey to scam people like this, and be less than surprised that they would screw people over in this way, that doesn't mean this doesn't have every element of a scam - deception and trickery (and likely illegality).
Sure, it was a scam, but we weren't the victims. I won't shed a tear for the marketing departments they were defrauding. I do feel bad for the small YouTube channels who lost affiliate revenue, though.
You are also a victim if you assume they provide you the best coupons available.
Exactly. There's enough harm to go around for everyone in this case.
It’s not as big of a scam as deploying malware, but it’s still definitely a scam.
yeah I think they can argue that using honey (even if there's no discount) means it's the last thing you interacted with that influenced your decision. With wording like "There's no discounts so you can be confident you got the best price".