Cookie-Stuffing Targeting folica.com
Cookie-Stuffing Targeting Major Affiliate Merchants - Ben Edelman

More than eleven months ago, I specifically reported cookie-stuffing by ahugedeal.us, targeting folica.com. Despite that report, substantially the same targeting remains in effect today -- ahugedeal.com still using the same Commission Junction publisher ID (PID) to target Folica in the same way.

As of October 25, 2005, the page http://www.ahugedeal.com/Folica_Beauty_Supply-coupons.php page was #44 in Google results for "folica coupon" (without quotes). The specified URL included the following JavaScript code, which opened a new window giving the Folica site as reached through an affiliate link:

<script language="JavaScript">
<!--
window.focus();
setTimeout("window.focus()",950);
//-->
</script>
<script language="javascript">
<!--
hs=window.open('http://www.ahugedeal.com/merchants/s4623.php?afsrc=1','hs');hs.blur();
//-->
</script>

My packet sniffer confirmed that http://www.ahugedeal.com/merchants/s4623.php?afsrc=1 entails a redirect to a CJ affiliate link to Folica:

GET /merchants/s4623.php?afsrc=1 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: www.ahugedeal.com
Connection: Keep-Alive

HTTP/1.1 302 Found
Date: Wed, 26 Oct 2005 03:00:15 GMT
Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7a PHP/4.3.11 mod_perl/1.29 FrontPage/5.0.2.2510
X-Powered-By: PHP/4.3.11
Location: http://www.jdoqocy.com/click-568228-10356333
Keep-Alive: timeout=5, max=497
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

<a href='http://www.jdoqocy.com/click-568228-10356333'>Click here if you are not automatically redirected</a>

I captured the resulting on-screen display in a video (WindowsMedia format, view in Full Screen mode). I also preserved a full packet log of these findings.

The resulting on-screen display was as shown below. Notice the main ahugedeal.com site visible at right, with the affiliate link popunder below and behind, at left.

My testing and video clearly show ahugedeal invoking CJ affiliate links without an affirmative end-user request for such links -- classic "forced clicks" or "cookie-stuffing." Brian Livingston recently reported Commission Junction hiring Cyveillance to find such behaviors. That's a commendable project (although to my mind considerably less urgent than tracking down rogue affiliates using spyware, a problem for which I recently built a special-purpose crawler). But it's hard to endorse Cyveillance's efforts or CJ's own compliance team if, 11+ months after I previously reported this behavior by this same affiliate, that exact same behavior continues unabated.

In my testing, this is but one of many CJ affiliates still using cookie-stuffing methods. Indeed, of the affiliates I previously reported using cookie-stuffing, Ahugedeal is not the only one still using these methods.