Cookie-Stuffing Targeting Overstock.com
Cookie-Stuffing Targeting Major Affiliate
Merchants - Ben Edelman
This page reports cookie-stuffing by dailyedeals.com, targeting Overstock.com. In my testing, this is but one of many affiilate web sites targeting this and other merchants.
As of November 5, the http://www.dailyedeals.com/free_online_coupons/overstock.htm page was #5 in Google results for "overstock coupon" (without quotes). The specified URL included the following JavaScript code, which opened a LinkShare tracking link in a new window:
<SCRIPT LANGUAGE="JavaScript"><!--
// Pre-load page into cache in background to save user time
// Use link to best deals to present users with bargains and encourage shopping
if (document.cookie == null || document.cookie == "") {
document.cookie = "y";
wh = window.open('http://click.linksynergy.com/fs-bin/click?id=FZOkC4w7rNM&offerid=38611.10000005&type=3&subid=0','nwin');
wh.blur();
window.f
ac
ocus();
setTimeout("window.focus()",1000);
}
...
//--></SCRIPT>
Notwithstanding the "pre-load page ... to save user time," JavaScript comment, the best understanding of this code's intention is to claim affiliate commissions not otherwise payable to dailyedeals. If dailyedeals merely wanted to pre-load merchant content, dailyedeals could do so via an ordinary popunder without affiliate tracking codes. The presence of tracking codes serves only to cause dailyedeals to be paid commission, not to save user time.
I captured the resulting on-screen display in a video (WindowsMedia format, view in Full Screen mode). I also preserved a full packet log of these findings.