The Effect of 180solutions on Affiliate Commissions and Merchants
Benjamin Edelman - Spyware Research, Legislation, and Suits

[ Overview - Background - Methodology - 180's Actions & Effects - Discussion - Response - Disclosures ]

Software from 180solutions (also known as MetricsDirect) redirects many affiliate commissions to 180. As a result, merchants pay commissions to 180 (and its advertiser partners) even when no commissions are payable under the terms and conditions of merchants' affiliate programs, and even when commissions are properly payable to other affiliates. 180 causes these commissions to be paid via at least 84 different affiliate accounts, using multiple intermediary domain names that redirect affiliate tracking HTTP traffic, making 180's activities particularly difficult to track and to prevent.

 

Related Projects

WhenU Violates Own Privacy Policy (NEW)

WhenU Advertisers (NEW)

WhenU Spams Google, Breaks Google "No Cloaking" Rules

Documentation of Gator Advertisements and Targeting

"Spyware": Research, Testing, Legislation, Suits

Other Research by Ben Edelman

Overview & Summary

Some web sites ("merchants") pay commissions to independent third-party web publishers ("affiliates") who recommend and link to merchants' products. Proper tabulation of affiliate commissions relies on a multi-step process, requiring coordination by merchants, affiliates, and (often) affiliate networks who help track the transactions. (Details about affiliate programs.) Software from 180solutions (also known as MetricsDirect) interferes with this tracking process, seizing affiliate commissions for 180's benefit and for 180's advertiser partners.

In my testing, 180 software specifically and systematically causes merchants' tracking systems to conclude that users reached merchants' sites thanks to 180's efforts, even when users actually reached merchants on their own or through other affiliates. As a result, merchants pay commissions to 180 even when no commission is properly payable (under affiliate program rules), i.e. when users reach merchants' sites without receiving bona fide recommendations from independent affiliate web sites. In addition, 180 causes merchants to pay commissions to 180 even when commission is properly payable to other affiliates -- who actually recommended, encouraged, and facilitated users' purchases from the merchants.

To seize affiliate commissions, software from 180 must first become installed on users' PCs. See discussion in 180solutions Installation Methods and License Agreement.

Once installed on users' PCs, 180 software performs four main functions:

  1. 180 transmits to its servers information about the web sites that users visit. Each transmission bears a domain name (or other trigger condition), as well as a unique user ID that lets 180 build profiles of users' online activities. (details)
  2. 180 shows popup ads, which generally cover substantially all of the targeted web sites. In my testing, 180 typically covers web sites with the sites of their competitors. (details)
  3. 180 shows duplicate copies of merchants' sites, where the second copy has been reached via an affiliate link. As a result, merchants pay commissions to 180 (and its advertisers) on the resulting purchases. (details)
  4. 180 opens hidden windows with invisible copies of merchants' sites, where the invisible sites are reached via affiliate links. As a result, merchants pay commissions to 180 (and its advertisers) on the purchases of affected users. Since 180's activities are silent and (to a user watching the computer's screen) invisible, this behavior is particularly difficult to detect. (details)

180's activities have attracted attention from some targeted merchants, leading some merchants to remove 180 from their affiliate programs (details). (Nonetheless, at least 300 major online merchants remain affected. (details)) 180's activities have also attracted attention from affiliates who are upset to lose commissions when 180 overwrites their tracking codes. (details)

To date the two largest affiliate networks (LinkShare and Commission Junction) have failed to remove from their networks all affiliates using 180solutions, despite behavior that seems to violate the networks' rules. (details) In the short run, the affiliate networks benefit financially from 180's activities -- even as merchants, other affiliates, and users suffer. (details) Meanwhile, the next-largest affiliate network (Shareasale) has removed 180 from its network. (details)

 

Return to top

Background

Computer users have recently come to face a growing array of programs that get installed on their computers (often without their knowledge, consent, and/or informed consent), and perform functions users dislike (often including tracking or transmitting personal information, or displaying targeted advertisements). Some programs redirect requests for particular web sites to other web sites; some cover advertisements with other advertisements; still others, including programs from Claria and WhenU, monitor and transmit sensitive user information and show targeted advertisements.

Programs from 180solutions monitor users' activities and show targeted advertisements, but 180 programs also overwrite affiliate commissions to cause 180 to receive payments from merchants when users make online purchases. Such behavior is not unknown. In September 2002, the New York Times published "New Software Quietly Diverts Sales Commissions," using the term "stealware" to describe software that "divert[s] sales commissions" by causing "all future purchases [to] look as if they were made through the software maker's site, even if they were not."

Indeed, my research is not the first to report such practices by 180solutions. In November 2003, MSNBC reported that during September 2003, 180 had earned more than $100,000 in commissions from more than $4 million of purchases at Dell through this practice. Since December 2003, forum participants at ABestWeb (and elsewhere) have documented large-scale affiliate code overwriting by 180solutions software. (1, 2, 3, 4, 5, 6, 7, 8, 9, 10).

Notwithstanding this prior research as to stealware generally and even as to 180solutions specifically, I intend my research to make the following contributions: 1) To be more comprehensive in the scope of testing, checking 180 targeting of more than 166,000 trigger conditions. 2) To clearly report major online merchants targeted by 180, and to report major affiliate networks that facilitate 180's activities. 3) To be particularly rigorous in methodology, documentation, and proof, and to propose a methodology for further testing and reporting. In the sections that follow, I present a methodology for rigorously examining the activities of 180's Zango software, and I show the results of my examination, including a list of affected merchants.

My research should be of particular interest to those advertisers and merchants who, intentionally or not, contributed to 180's $19 million of 2003 revenue, as well as the investors at Spectrum Equity who recently provided 180 with $40 million of financing. My research may also be of special interest to the 20 million users who reportedly currently run 180 software.

Before examining 180's effects, it is first important to understand how 180 software gets installed on users' PCs. For details, see 180solutions Installation Methods and License Agreement, which details installations through drive-by downloads, distribution partners, and security holes, as well as installations without license agreements or with only minimally visible license agreements.

 

Return to top

Methodology & Transmission Format

Consistent with the methodology explained in my prior articles about advertisement-display software (e.g. Documentation of Gator Advertisements and Targeting, WhenU Violates Own Privacy Policy), I installed 180solutions Zango software on a dedicated computer in my lab. Using a network monitor, I watched 180 Zango's transmissions over my own Internet connection. The design of my network is shown in the diagram at right. Capable as network monitoring may be, note that it's not properly called "snooping" or "wiretapping" (despite occasional allegations to the contrary): I can only monitor the transmissions made to and from my own computers.

Although I have tested software from 180 for roughly the past year, this article describes only behaviors that I observed in June-July 2004.

On my computer with Zango installed, I observed a file cryptically named kyf.dat. Opening this file in an ordinary text editor, I found that it listed 166,246 words and phrases, including the domain names of most major web merchants with affiliate programs, as well as other major e-commerce sites. Comparing these words to 180's subsequent behavior, I observed that when a user browses to a web page that includes these words (in the page's URL and/or in some portion of its page text), 180's software sends a message to the tv.180solutions.com web server, of the form shown below. Note inclusion of a trigger condition (yellow) and unique user ID (green). This transmission is reported below precisely as viewed by my network monitor, except that I have replaced my unique user ID with another similar value.

keyword trigger
GET /showme.aspx?keyword=delta.com&did=762&ver=5.9
&duid=531byhiprtvdgvadrfmfcgtxxyrjmg&partner_id=195252523
user id
&product_id=762&browser_ok=y&rnd=21&basename=zango
&tzbias=5&MT=8C5F0B5F1538C31DC2F456CC736BC33B268398A0
&DMT=8C5F0B5F1538C31DC2F456CC736BC33B268398A0&bid=0&SID=ANCVAXYV
&OS=5.1.2600.2&SLID=1033&ULID=1033&TLOC=1033&ACP=1252&OCP=437
&DB=iexplore.exe&IEV=6.0.2800.1&TPM=200785920&APM=41066496
&TVM=2147352576&AVM=2006102016&FDS=1834094592&LAD=1601:1:1:0:0:0&WE=5

180's tv.180solutions.com web server then responds with instructions of the following form, often referencing an ad to be shown (pink) in a window with particular characteristics (orange). 180's Zango software, on users' PCs, reads and follows these instructions.

HTTP/1.1 200 OK
  ...

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body>
ad to be shown
ncase_ad_url: <input id=ncase_ad_url name=ncase_ad_url value=http://view.atdmt.com/AVE/view/www18haw002deltaXcom00001ave/direct;wi.800;hi.600/01/><br>
ad characteristics
ncase_ad_width: <input id=ncase_ad_width name=ncase_ad_width value=800><br>
ncase_ad_height: <input id=ncase_ad_height name=ncase_ad_height value=ad_height value=600><br>
ncase_ad_takefocus: <input id=ncase_ad_takefocus name=ncase_ad_takefocus value=y><br>
ncase_ad_activationdelay: <input id=ncase_ad_activationdelay name=ncase_ad_activationdelay value=0><br>
ncase_ad_resizable: <input id=ncase_ad_resizable name=ncase_ad_resizable value=y><br>
ncase_ad_scrollbars: <input id=ncase_ad_scrollbars name=ncase_ad_scrollbars value=y><br>
ncase_ad_menubar: <input id=ncase_ad_menubar name=ncase_ad_menubar value=y><br>
ncase_ad_statusbar: <input id=ncase_ad_statusbar name=ncase_ad_statusbar value=y><br>
ncase_ad_toolbar: <input id=ncase_ad_toolbar name=ncase_ad_toolbar value=y><br>
ncase_ad_addressbar: <input id=ncase_ad_addressbar name=ncase_ad_addressbar value=y><br>
ncase_ad_fullscreen: <input id=ncase_ad_fullscreen name=ncase_ad_fullscreen value=n><br>
ncase_ad_statustext: <input id=ncase_ad_statustext name=ncase_ad_statustext value=><br>
ncase_ad_theatermode: <input id=ncase_ad_theatermode name=ncase_ad_theatermode value=n><br>
ncase_ad_id: <input id=ncase_ad_id name=ncase_ad_id value=335681><BR>
ncase_keyword_id: <input id=ncase_keyword_id name=ncase_keyword_id value=160802><BR>
ncase_ad_windowtitle: <input id=ncase_ad_windowtitle name=ncase_ad_windowtitle value="Brought to you by the Zango Search Assistant"><br>
...
<INPUT ID=ad_shown TYPE=text VALUE="y" style="VISIBILITY: hidden;"><br>

<SPAN class="957085619-06032003"><FONT face="Arial" color="#ff0000" size="5">Thank you
for your patience.&nbsp; You will be redirected to your destination site in a
few seconds.</FONT></SPAN>
</body>
</HTML>

Notice that the instructions above reference an ad ("www18haw002...") to be shown when I browsed to delta.com. Indeed, these instructions caused 180's Zango software to show an ad for Hawaiian Airlines that covered substantially all of my delta.com browser window. (Screenshot.)

Like ordinary "adware" popup ads served by Claria and WhenU, the Hawaiian Airlines ad (as served by 180solutions) covers competitors' sites. But whereas Claria and WhenU popups generally cover only a portion of a site, this 180solutions popup for Hawaiian covers substantially all of delta.com.

In my initial testing of the 166,246 trigger words and phrases in 180's trigger database, I have found at least 8,000 triggers that are currently associated with pop-up advertisements. However, since the focus of this article is 180's effect on affiliate commissions, I omit a listing of all targeted triggers and their corresponding advertisements. Such data is available on request. I also have on hand videos, screen-shots, and network transmission logs showing the Hawaiian Airlines ad covering delta.com, as well as showing a large number of similar occurrences as to other advertisements and other targeted sites.

According to recent statements by 180 staff -- offers made in unsolicited emails (1, 2, 3, 4, 5, 6) -- 180 advertisers pay 180 as little as $0.015 (one and a half cents) per display of their ads using 180's software.

Some domains are ineligible for targeting by 180, because they have been placed in 180's "domain exclusion list." See my analysis of 180's exclusion list.

 

Return to top

180's Actions and Their Effects on Affiliate Commissions   Affiliate data replacement via "double" windows  |  Silent replacement without the use of popups  ]

My testing identifies two distinct 180 practices that cause 180 to receive affiliate commissions. First, 180 causes users' computers to open "double" windows of the merchants users visit, where the duplicate window is reached through affiliate links (details). Second, 180 opens hidden windows of merchants' sites reached through affiliate links (details). This section presents these two methods in turn, after first briefly reviewing the theory of affiliate programs.

Review of Affiliate Programs Generally

The preceding section shows 180 displaying a near-full-screen web page of a competitor, targeting and covering the site a user had requested. But not all 180 ads are for competitors. Some 180 ads paradoxically promote the same merchant a user had initially requested. For example, when a user browses to hsn.com (the Home Shopping Network), 180 might cause the user's screen to show two browsers, both open to hsn.com -- the first browser (which the user had been using) along with an extra window (which 180 had opened).

To understand 180's decision to open a duplicate window to a given merchant, it is first necessary to review the general operation of online affiliate commission programs. These affiliate programs are designed to provide small payments to affiliate web sites who refer users -- ultimately, purchasers -- to online merchants. Affiliates offer users the ability to reach merchants' sites via special tracking links, and if users ultimately make purchases after clicking through these links, affiliates receive commission payments. Thus the usual affiliate process is as follows:

  1. Affiliate web site creates pages that link to merchant via special tracking links.
  2. User clicks on affiliate link to merchant.
  3. User makes purchase.
  4. Merchant tracks purchase and attributes it to the corresponding affiliate.
  5. Affiliate receives payment from merchant according to merchant's contract with affiliate.

Affiliate code replacement via popup "double" windows

180 software intercedes in the affiliate commission process by changing users' tracking codes at certain online merchants. 180 software often makes this change by opening a second merchant window, using a 180 (or 180 advertiser) affiliate link to the merchant's web site, so as to replace the user's initial tracking data (if any) with 180's tracking codes. Via this "cookie-stuffing" technique, when a merchant attempts to determine which affiliate (if any) deserves credit for a user's purchase, the merchant sees the 180 affiliate codes. The merchant ultimately pays commission to 180 (or a 180 advertiser), rather than paying commission to the actual originating affiliate (if any) and rather than retaining commission fees (if the user arrived at the merchant's site without clicking through any affiliate).

The resulting on-screen display is as shown at right (screenshot). Shown below are the associated communications between 180's server and 180 software installed on my test PC.

keyword trigger
GET /showme.aspx?keyword=.hsn.com+hsn.com&did= ...
...

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body>
ad to be shown
ncase_ad_url: <input id=ncase_ad_url name=ncase_ad_url value=http://service.bfast.com/bfast/click?bfmid=37919329&amp;siteid=...&amp;bfpage=hsncom_ts>
...

The service.bfast.com URL tracks the fact that a user was sent from 180 to the merchant at issue. After recording this referral, the bfast.com server quickly redirects the user to the hsn.com site. (Note that I have removed the siteid= parameter which gives one of 180's affiliate codes for affiliate links via the Commission Junction affiliate network.)

Whether the user ultimately makes a purchase from the original web browser or from the 180 popup, 180 receives affiliate commission for the sale. This result occurs due to the "last-set-cookie-wins" effect, whereby one affiliate's cookie overwrites any prior affiliate's cookie. Cookies are shared by all active browser windows, so even a cookie set by the 180 popup browser nonetheless affects the original browser.

hsn.com is one of many merchants targeted with these double popup windows. In my testing (mimicking the transmissions made by 180 client software and observing the responses of 180's targeting server), at least 183 merchants are targeted with affiliate link popups that display in "double" windows like the hsn.com display shown above.

Merchants targeted with own affiliate links, displaying in "double" popup windows
   (212 trigger conditions)

Available on request, I have videos, screen-shots, and network transmission logs showing 180's interference with the HSN site as shown above. I have similar records as to a large number of similar occurrences affecting other targeted sites.

NEW - Added by request (July 23 to October 17), ten examples of the behavior described above:

  1. Extended packet log and video showing 180 communications and targeting substantially similar to those shown above, but targeting Gateway (a Commission Junction merchant) on July 23.
  2. Extended packet log and video showing 180 communications and targeting of store.apple.com (a LinkShare merchant) on July 22.
  3. Extended packet log and video showing 180 targeting The Golf Warehouse (tgw.com, a LinkShare merchant), when reached through an affiliate link on July 24.
  4. Video and screenshots showing 180 targeting The Golf Warehouse on August 2.
  5. Extended packet log and video showing 180 targeting FogDog (a Commission Junction BFAST merchant), when reached through an affiliate link on July 24.
  6. Extended packet log and video showing 180 targeting Freshpair (a Commission Junction qksrv merchant), when reached through an affiliate link on July 27.
  7. Extended packet log and video showing 180 targeting ValueMags (a Performics merchant), when reached through an affiliate link on July 24.
  8. Extended packet log and video showing 180 targeting LillianVernon (a LinkShare merchant) on October 7.
  9. Extended packet log and video showing 180 targeting MotherWear (a Commission Junction qksrv merchant) on October 7.
  10. Extended packet log and video showing 180 targeting Crucial.com (a Commission Junction qksrv merchant) via a "obfuscated decoy" affiliate frameset on October 17.

Silent affiliate code replacement without the use of popup windows

Not all 180 "cookie-stuffing" requires showing a duplicate window of the merchant's site. Some 180 cookie-stuffing uses hidden windows -- opened off-screen via IFRAMEs and similar methods -- to create or replace users' affiliate tracking codes without causing an extra window to be opened on the user's screen. Such an approach is implemented via instructions -- from 180's servers to 180 software on users' PCs -- of form shown below:

keyword trigger
GET /showme.aspx?keyword=.rei.com+rei.com&did=...
...

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body>
embedded reference to ad to be
rendered off-screen, not shown to user
<iframe src="http://click.linksynergy.com/fs-bin/click?id=...&offerid=20594.10000191&type=4&subid=0"></iframe>
ncase_ad_id: <input id=ncase_ad_id name=ncase_ad_id value=266410><BR>
ncase_keyword_id: <input id=ncase_keyword_id name=ncase_keyword_id value=172482><BR>
ncase_ad_windowtitle: <input id=ncase_ad_windowtitle name=ncase_ad_windowtitle value="Brought to you by the Zango Search Assistant"><br>
<INPUT ID=kw_exclude TYPE=text style="VISIBILITY: hidden;" VALUE="%3dwsi+empty+keyword+mailbox"><br>
<INPUT ID=ad_shown TYPE=text VALUE="y" style="VISIBILITY: hidden;"><br>
<SPAN class="957085619-06032003"><FONT face="Arial" color="#ff0000" size="5">Thank you
for your patience.&nbsp; You will be redirected to your destination site in a
few seconds.</FONT></SPAN>
</body>
</HTML>

The click.linksynergy.com URL tracks the fact that a user was sent from 180 to the merchant at issue. After recording this referral, the linksynergy.com server quickly redirects the user to the rei.com site. (Note that I have removed the id= parameter which gives one of 180's affiliate codes for affiliate links via Linkshare.)

In the course of events described in this section, there exists no notable on-screen image to be captured in a screenshot, and I therefore can provide no screenshot of this finding. Notwithstanding the lack of on-screen confirmation, my network monitoring confirms that the IFRAME at issue (definition) is rendered off-screen. My testing further confirms that the IFRAME overwrites users' cookies via the specified HTTP request to linksynergy (or, for some trigger conditions, other affiliate tracking services): I have confirmed such overwriting by observing that the IFRAME URL is requested by the user's PC, and that the user's cookies are altered accord to instructions in the corresponding HTTP response. As a result, commission flows to 180solutions without users ever receiving any on-screen indication that any commission transfer is taking place.

NEW - Added by request (July 20): Video of the web browsing that led to the transaction above (WMV format; view in Full Screen mode for best quality). Extended packet log of 180 communications in the transaction above.

Beyond IFRAMEs, 180 also uses certain JavaScript code to accomplish substantially the same result -- loading affiliate tracking pages in hidden windows so as to set or replace affiliate codes, again without alerting the user to what is taking place.

rei.com is one of many merchants targeted with silent affiliate code replacements. In my testing, at least 170 merchants are targeted with silent affiliate link replacement.

Merchants targeted with silent affiliate code replacement
   (170 trigger conditions)

As to at least two merchants -- Dell and eBay -- 180's silent affiliate code replacement is particularly pronounced. For these merchants, 180's affiliate code replacement not only operates silently, but the replacement also proceeds only after a randomized delay. As a result, observing 180's affiliate code replacement for these merchants requires particularly careful network monitoring. Nonetheless, on multiple occasions I have observed and confirmed 180's activities as to these merchants, using the network monitoring method described above. I do not know why 180 made efforts to include a randomized delay, but one reasonable inference is that such a delay was thought to hinder detection by the merchants.

I have tested requests for targeted merchant sites after first browsing to affiliate sites and, from these affiliates, clicking through to the merchants at issue. I have observed that 180's behavior is unaffected by the presence of existing affiliate codes. Notwithstanding the fact that users may have recently viewed other affiliate sites which set affiliate tracking codes of their own, 180 proceeds with the double windows, IFRAMEs and other hidden windows as described above, overwriting other affiliates' tracking codes in the process. In addition, in at least some instances, 180 software specifically targets its pop-ups at affiliates' origination pages (the pages from which affiliates link to merchants) -- further interfering with tabulation of affiliate commissions.

The above results primarily come from testing of June 25-28, 2004. 180 is fully capable of modifying its behavior at any time. In fact, in early July, most hidden 180 targeting seems to have been suspended, at least temporarily. 180's decision to scale back its silent targeting may result from a recent announcement from LinkShare that LinkShare is investigating 180's activities. Alternatively, the suspension may be in response to my recent posting generally describing this forthcoming research, or in response to concerns from affiliate merchants, affiliates, or others. Nonetheless, in my testing, 180's "double" popups continue to target multiple merchants, including merchants using both LinkShare and Commission Junction. In addition, at least 20 merchants remain targeted by 180's silent affiliate code replacement -- including merchants using both LinkShare and Commission Junction. In my most recent testing, some affiliate links are hidden behind multiple layers of sequential redirects as well as complex JavaScript obfuscation and encoding.

Notwithstanding 180's recent changes, I have preserved ample documentary evidence of my findings. Available on request, I have network transmission logs showing 180's interference with many of the merchants discussed in this section, and a large number of other sites.

 

Return to top

Discussion    [ Affected groups | Affiliate network response and delay | Merchant / affiliate response | Hindering detection | Fraud detection ]

The five groups affected by 180 "cookie-stuffing"

180's cookie-stuffing affects five distinct groups, in the following ways:

  1. Users suffer from 180solutions' activities. Users' affiliate commissions do not reach the affiliate (if any) that 180 users selected intentionally (e.g. to support a particular web site) or implicitly (e.g. by using that site and clicking through its links to recommended merchants). This redirection harms users -- especially when they are thwarted in their explicit goal of directing commissions to particular affiliates. To the extent that 180's activities take money from merchants, and merchants ultimately increase their prices to cover their costs, users -- even users without 180 software -- indirectly fund 180.
  2. Legitimate affiliates suffer from 180solutions' activities. Legitimate affiliates lose commissions on purchases by users with 180 software installed. These losses are particularly serious to the extent that affiliates rely on these commissions -- e.g. to support their web hosting and development costs, or to make web publishing a job rather than a hobby.
  3. Merchants suffer from 180solutions' activities. Merchants suffer in at least two distinct ways from 180's activities.
    1. 180 cookie-stuffing causes merchants to pay commissions to 180 even when users reached a merchant's site directly or through some source other than an affiliate link. If a user typed in a domain name after (for example) seeing an ad on TV or in print, the merchant has already "paid for" acquisition of that user via the offline advertising. If a user arrived at a site via a sponsored link from a search engine, the merchant incurs a cost for that user's visit via payment to the search engine. Nonetheless, 180's affiliate cookie-stuffing causes the merchant to pay again -- to pay twice for a single user and a single purchase. 180 cookie-stuffing therefore increases the cost of acquiring new customers, reducing the returns to merchants' advertising both online and offline.
    2. 180 cookie-stuffing causes merchants to pay commissions to 180 even when commission is properly payable to another affiliate. By reducing the earnings of other affiliates, 180's activities cause merchants to lose affiliates or to recruit worse or fewer affiliates. This in turn reduces the effectiveness of the merchant's overall affiliate program.
  4. 180solutions benefits from 180solutions' activities. Cookie-stuffing earns income for 180solutions. Indeed, in November 2003, MSNBC reported that during September 2003, 180 had earned more than $100,000 in commissions from more than $4 million of purchases at Dell. Now that 180 reports an installed base roughly twice as large, 180's earnings could be twice as large -- from Dell alone. At Dell's maximum commission rate of 4%, 180 makes a $40 commission on a $1000 PC -- meaning 180 stands to make a large amount of money if only a few thousand 180 users buy new computers each year. Furthermore, since 180 participates in several hundred affiliate programs, as described above, 180's actual affiliate earnings could be two orders of magnitude larger.
  5. Affiliate networks benefit, at least initially, from 180solutions' activities. Affiliate merchants ordinarily pay their affiliate networks a percentage of all affiliate revenues passing through the network. So, the more money passes through the network -- including to 180solutions -- the more money affiliate networks make. Details below: Possible responses by affiliate networks, Delays in response by affiliate networks..

Possible responses by affiliate networks

When affiliate networks find evidence than an affiliate is violating network policies, affiliate networks can exclude that affiliate from future participation in the entire network (and all its merchants). Such exclusion is not unprecedented: For example, LinkShare excluded WhenU in March 2003. WhenU has subsequently remained absent from the LinkShare network.

In the two sections below, I present the relevant network policies for LinkShare and Commission Junction, the two largest affiliate networks.

Linkshare

The LinkShare Shopping Technologies Addendum (PDF) describes permissible behavior for LinkShare affiliates. The Addendum requires, in relevant part, that:

"(i) No Affiliate Application will replace, intercept, interfere, hinder, disrupt or otherwise alter in any manner the Web user's access, view or usage of, or other aspect of the Web user's experience at, any Network Affiliate Webpage or in relation to any Destination Webpage (both as defined below) in a manner that causes or otherwise results in a different experience from what was otherwise intended by such third party Network Affiliate;" and

"(ii) No Affiliate Application will block, alter, direct or redirect, or substitute, insert or append itself to, or otherwise intercept or interfere in any manner with, any click through or other traffic-based transaction that originated from a Network Affiliate Webpage in relation to a Destination Webpage as intended by the Network Affiliate (including without limitation any return visit to the Network Merchant to which such click through or other traffic reached or intended to reach) with the result of reducing any compensation or other payment earned by or owing to a third party."

In my inspection of 180 software, 180 violates provision (i) with its popup ads that cover affiliate networks and merchants, as shown above (consistent with the Hawaiian Airlines example). In my inspection of 180 software, 180 violates provision (ii) with its "double" popups and with its silent popups -- both of which alter, direct, redirect, substitute, and insert 180 affiliate codes where other affiliates' codes were present.

Accordingly, I believe LinkShare could terminate 180's participation in the LinkShare network for violation of the rules set forth above.

However, at present, 180 remains in LinkShare's network. I have spoken with multiple LinkShare merchants who tell me (on condition of anonymity) that their contacts at LinkShare insist 180 is in compliance with LinkShare's requirements. Furthermore, 180 staff have stated "Our Linkshare account is in compliance with the manners in which they allow affiliates to do business."

Commission Junction

The Commission Junction Publisher Service Agreement describes permissible behavior for Commission Junction affiliates. The Agreement requires, in relevant part, that:

"You shall not cause any Transactions to be made that are not in good faith, including, but not limited to, using any device, program, robot, Iframes, hidden frames, redirects ..."

As shown in my network monitoring analysis above, 180 uses IFRAMEs, which Commission Junction's Agreement specifically defines to be in bad faith, and which the Agreement therefore prohibits. In addition, 180's "double" popups are caused by software installed on users' PCs, which I believe fits the definition of "device, program, robot" within the meaning of the Agreement. Finally, a strong case can be made of bad faith (again, prohibited by Commission Junction's Agreement) as to the totality of 180's system of causing merchant traffic to appear to originate through 180 affiliate links, when in fact it did not so originate.

The Commission Junction Publisher Code of Conduct specifies further requirements for Commission Junction affiliates. The Code requires, in relevant part, that:

"No Web publisher ... or software download technology provider ... may interfere with or seek to influence improperly the referral of a potential customer or visitor ... to the Web site of an online advertiser ... No Publisher or Technology Provider will automatically replace or alter any component of a Service Provider's technology that results in a reduction of any compensation earned by another Publisher."

"Altering another Publisher's site. Publishers may not alter, change, substitute or modify the content of or appearance to an End-User of another Publisher's Web pages, use that Publisher's content to obtain an End-User referral, or obstruct access to another Publisher's Web pages (regardless of receiving permission from the End-User)."

In my inspection of 180 software, 180 interferes with the referral of customers to web sites by automatically overwriting tracking cookies, reducing the compensation earned by other affiliates. As such, 180 software violates the first provision above.

In my inspection of 180 software, 180 alters the appearance of web pages (including CJ publisher pages) as viewed by end users, because 180 shows popups that cover such pages, as shown above (consistent with the Hawaiian Airlines example).

Accordingly, I believe Commission Junction could terminate 180's participation in the Commission Junction network for violation of the rules set forth above -- in both the Publisher Service Agreement and the Code of Conduct.

However, at present, 180 remains in the Commission Junction network. See also a report stating that CJ gives 180 its highest ranking, and a message from CJ staff stating that 180 is in compliance with CJ rules.

This article is not the first to suggest that 180 violates CJ's rules. See prior discussion: 1, 2, 3.

Other affiliate networks

Certain other affiliate networks have already addressed 180's participation in their networks. In January 2004, Shareasale reported that not only had it previously removed 180 from its affiliate network, but it had also taken steps to stop 180 advertisers from receiving Shareasale commissions.

British affiliate networks have seemingly been particularly inclined to remove 180. 180 has been removed from the affiliate networks of Affiliate Future (November 2003), Paid On Results (November 2003), Affiliate Window (February 2004), Buy.at (February 2004), dealgroupmedia (April 2004) and the UK subsidiary of Commission Junction (May 2004).

In response to my research and to others' subsequent testing, affiliate network kowabunga.com sent its merchants an email that concluded, with regards to 180's activities, that: "these practices not only cheat your other affiliates, they cheat you [merchants] directly."

Delays in response by certain affiliate networks

Affiliate merchants ordinarily pay their affiliate networks a percentage of all affiliate revenues passing through the network. For example, Commission Junction's public pricing list reports that CJ charges a merchant 30% of all amounts to be paid to affiliates. (In other words, if a merchant sells $1,000,000 of merchandise and pays a 5% affiliate commission, then it must pay $50,000 of commission to its affiliates. It must further pay 30% of $50,000, or $15,000, to Commission Junction.)

As a result, in the first instance, affiliate networks benefit from cookie-stuffing of the sort that 180 performs. Such cookie-stuffing increases the total volume of sales flowing through affiliate networks (effect 3.a. above), and increases the affiliate commissions on which, for example, CJ can charge a 30% fee. Set against this short-run incentive is the long-term problem that if affiliate networks fall greatly in value to merchants, or if affiliate networks are perceived to facilitate fraud, then merchants may no longer be willing to pay affiliate commissions and affiliate network fees. But in the short run, affiliate networks benefit from more money flowing through their networks.

In this context, it is worthwhile to investigate the diligence with which affiliate networks have investigated 180's activities. 180's affiliate replacement behavior has been publicly known since at least MSNBC's November 20, 2003 report (based on interviews with 180 staff) of 180 receiving a share of purchases at Dell. Furthermore, allegations of fraud by 180 have been prevalent on online discussion boards frequented by affiliate network staff. See, for example, ABestWeb's 180solutions forum, where merchants were beginning to learn of 180's affiliate replacement activities in December 2003 or earlier. During spring and early summer 2004, I personally notified staff at Commission Junction and LinkShare of 180's violations as determined by my first-hand research. Nonetheless, as of the publication of this article in July 2004, 180 remains in the affiliate programs of both Commission Junction and LinkShare.

Some affiliates have suggested that affiliate networks allow 180solutions to stay in their networks because ejecting 180 would cause the networks to lose revenue. (1, 2, 3, 4, 5, 6)

Some affiliates, affiliate merchants, and other discussants have reported that affiliate network staff (including staff from Commission Junction and LinkShare) have recommended 180solutions (and similar programs) as a valuable addition to their affiliate programs. See e.g. a report of CJ giving 180 its highest ranking, a message from CJ staff stating that 180 is in compliance with CJ rules, and a message reporting CJ staff promoting browser helpers to merchants. A further message explicitly points out networks' conflict of interest between increasing their own revenue and serving their merchants. Two further messages (1, 2) complain that CJ "made no attempts to explain" and "never [provided] any information about" the practices of programs installed on users' PCs that tamper with affiliate tracking systems. On condition of anonymity, multiple Linkshare merchants have told me that their contacts at LinkShare also speak highly of 180. So far as I know, LinkShare staff issued no public response to 180's claim that "our Linkshare account is in compliance with the manners in which they allow affiliates to do business."

LinkShare recently posted an announcement stating that it is reviewing 180's participation in the LinkShare network. However, pending completion of LinkShare's evaluation, LinkShare staff state that LinkShare is allowing 180 to remain in its program.

Merchants are damaged significantly and irreversibly by networks' delays in responding to 180's affiliate code replacements. Even if 180's transactions are subsequently reversed, merchants will have issued checks to 180 for prior months' commissions. Merchants may have difficulty retrieving these amounts from 180 retroactively.

Affiliates are also damaged significantly and irreversibly by networks' delays in responding to 180's affiliate code replacements. Once affiliate codes are overwritten with 180's codes, they cannot readily be restored. (I have drafted some initial methods to restore some affiliate commissions using affiliate networks' web server log file data, but my methods are difficult and only work under certain circumstances.) As a result, delays in addressing 180's behavior mean irreversible (or substantially irreversible) loss of commissions to affiliates who comply with networks' rules.

Possible responses by affiliate merchants and ordinary affiliates

Affiliate merchants can exclude an affiliate from their respective programs. Online discussions report that some merchants have already excluded 180. Such merchants include Alibris, British Airways, Overstock.com, Western Union, GSICommerce (on behalf of multiple merchants including Kmart, Modell's, Reebok, Sports Authority, and Tweeter), Coldwater Creek, and Surplus Computers.

Although affiliate merchants are harmed when 180 seizes affiliate commissions, in certain circumstances merchants' affiliate manages may nonetheless have an incentive to let the harm continue. Consider a merchant affiliate program manager whose salary, prestige, or other compensation turns on the size of the merchant's affiliate program. If the merchant affiliate program manager excludes 180 from the merchant's affiliate program, then the program will seem to shrink -- reflecting that no affiliate commission will be paid on sales not originating at bona fide affiliates. This change is in the merchant's best interest, since it saves the merchant money on commissions that need not be paid. However, the change is (by hypothesis) contrary to the affiliate manager's self-interest. This factor is likely to be particularly pronounced as to merchants who outsource the management of their affiliate programs. (Details in affiliatemanager.net forums - registration required.)

Ordinary affiliates have no direct ability to affect 180 or to protect their commissions from being seized by 180 software. An affiliate's direct responsibility ends with providing a web page that correctly links to an affiliate tracking network, and affiliates have no direct way to tell what happens subsequently. Affiliates have no ability to directly observe whether merchants correctly credit affiliates for all clicks, whether merchants correctly credit affiliates for all purchases resulting from those clicks, or whether software such as 180 intercedes in such transactions and overwrites the first affiliate's cookies. As such, in important respects, affiliates must rely on -- must hope for -- the good faith, correct design, and rigorous policy enforcement of affiliate networks and affiliate merchants.

180 practices that hinder detection exclusion from affiliate programs

180 designs its software and systems in multiple ways that make it difficult or impossible to fully study 180's activities, and to track all affiliate accounts used by 180 and its advertiser partners. These practices include the following:

  1. Redirecting affiliate commissions without any on-screen display whatsoever. If 180's software showed even a small temporary message on screen (a one-second alert that "commission for your purchase will go to 180solutions"), affiliate merchants and interested users would far more easily be able to identify 180's behavior.
  2. Using multiple affiliate accounts under different names, and allowing 180 advertisers to add their own affiliate codes to 180's system. In my examination of 180 configuration files, I can see that 180 currently causes users' computers to invoke at least 13 distinct LinkShare accounts and at least 71 distinct Commission Junction accounts (25 for bfast and 46 for qksrv). I gather that some of these affiliate accounts are held by 180 advertisers, rather than by 180 itself; but in as much as all the codes are served through 180 software, via methods including those described above, they all pose the same problem for merchants: Because 180 software uses so many affiliate codes, not all labeled with 180's corporate name, merchants have no easy way to block all affiliate traffic coming from or through 180. (Complaints about multiple 180 accounts: 1, 2, 3, 4)
  3. Redirecting affiliate traffic through multiple domains. The examples shown above include direct bfast and linksynergy links in 180 server instructions to 180 software as installed on users' PCs. But my testing shows that 180 affiliate code traffic often passes through one or more redirect servers. One particularly prevalent such server is shoptoday.us, though I have found traffic passing through dozens of other servers. (Details available on request.) Again, 180 advertisers (rather than 180 itself) may be responsible for some or many of the redirections, but from the perspective of merchants, the problem is identical whether initiated by 180 itself or by 180 advertisers.
  4. Using "private registrations" (such as Network Solutions Private Registrations) to shield Whois data, to avoid disclosing the true registrant of the redirect domains described in #3. See screenshot.

As a result, even if affiliate merchants learn what 180 is doing and even if merchants seek to remove 180 from their affiliate programs, it is particularly difficult for merchants to find the many affiliate IDs used in 180 advertisements, and to exclude all such affiliate IDs.

All this said, network monitoring generally allows me to find all affiliate ID numbers used in 180 advertisements, no matter how many affiliate IDs 180 obtains and no matter how many levels of redirects hide each affiliate's ID number.

Approaches to fraud detection

To date, detection of affiliate fraud has taken place in ways that are best described as uncoordinated:

If affiliate networks operate fraud detection programs, they seem to be understaffed or ill-equipped to deal with the fraud currently taking place. I draw this conclusion from slow or nonexistent responses to date, even as to large commission redirection systems such as 180's.

Some merchants attempt to detect fraud against their affiliate programs, independent of any fraud control efforts at affiliate networks. But merchant-by-merchant investigation creates widespread duplication of effort: Scores of merchants have to investigate each alleged case of fraud, without any effective way to share their findings or coordinate their efforts. Furthermore, since detecting sophisticated affiliate fraud requires specialized skills and, to some extent, specialized hardware and software, most merchants are unlikely to have the necessary resources on hand.

Discussions among affiliates, e.g. in ABestWeb Forums, often consider the problems of affiliate fraud -- and the negative effects on the affiliates who make up the bulk of ABW participants. But even when ABW participants find evidence of fraud, it is difficult to get this information to the right decision-makers at merchants and networks -- again, for lack of any centralized or official information dissemination apparatus.

Having reviewed this state of affairs, I believe it to be a recipe for bad outcomes -- for widespread fraud with few meaningful attempts at prevention, with merchants and legitimate affiliates suffering the consequences.

I do not aspire to serve as a fraud detector as to all affiliate programs everywhere, or as to all affiliate fraud everywhere. However, I do intend to continue research in this field. Merchants seeking help with fraud detection may contact me or join my fraud detection mailing list for occasional announcements of new research in this area.

For those seeking to investigate affiliate fraud, my primary current recommendation is to go beyond watching what appears on screen on ordinary testing PCs. For "traditional" affiliate fraud schemes, ordinary PCs were sufficient -- for fraud would have telltale signs in on-screen displays or in HTML code readily viewed via View-Source or similar. But when affiliate code replacement is silent, as in the 180 efforts shown above, testing staff cannot know whether fraud has taken place merely by looking at the PC screen. Instead, full analysis requires network traffic analysis, of the sort described in my methodology section and shown above.

 

Return to top

Responses from 180solutions, Affiliate Networks, Affiliate Merchants, Affiliates

In this section, I will post or link to responses I receive from 180solutions, affiliate networks, affiliate merchants, and affiliates.

On June 29, LinkShare announced that it is reviewing 180's participation in the LinkShare network. However, pending completion of LinkShare's evaluation, LinkShare's announcement reports that LinkShare is allowing 180 to remain in its program.

On July 9, a reporter following this story told me that his contact at LinkShare stated that LinkShare has "revised" its contract with 180solutions "because of complaints from affiliates and merchants." Nonetheless, in my testing, "double" popups continue to target multiple LinkShare merchants.

On July 10, a 180 staff person posted a response to my research on ABestWeb forums. Among other claims, 180 suggests that its use of affiliate popups -- both "double" and "silent" was to "protecting our customer’s site from competing advertisers" and to "improve the shopper’s experience." I posted a lengthy point-by-point critique of 180's claims -- including pointing out that using affiliate codes other than "with the intention of deliving valid sales leads" is contrary to LinkShare terms and conditions; noting that 180 can better protect merchants and serve shoppers by showing no popups and by tampering with no affiliate codes; and observing out that 180 benefits financially from the affiliate code tampering I have documented.

On July 12, 180 issued a press release reporting that it "will retain one of the nation's top independent audit firms to review its affiliate marketing practices."

On July 13, a 180 staff person was quoted as claiming that "LinkShare has embraced 180Solutions' deployment of double and hidden pop-ups."

On July 14, I observed that 180 has modified the config.aspx file on its web server to specifically exclude 71 domains, including cooking.com, dell.com, ftd.com, sharperimage.com, register.com, walmart.com, and numerous others. These are major additions beyond 180's prior "exclude list" as I have previously observed it. Nonetheless, scores of other merchants (itemized on the lists linked above) remain targeted. See my subsequent analysis of 180's exclusion list.

On July 15, 180 staff was quoted in MediaDailyNews as claiming that it "does not incur any revenue from its deployment of double and hidden pop-ups." 180 further claimed that the hidden pop-ups are "devoid of any tags or codes that redirect to 180solutions or its advertisers." This claim is specifically contrary to my finding above, showing affiliate links within 180 IFRAMEs. 180 claims that "empty i-frames are the only way to avoid the automatic deployment of another company's ad," but my research has found multiple other methods by which 180 can and does avoid the deploment of other ads -- including "No Ad Available" responses from 180 servers to its software, and including hidden IFRAMEs that truly are blank. Finally, 180 claims that it only uses double pop-ups with Commission Junction's network, and hidden pop-ups with LinkShare's network -- but I have found instances of the hidden pop-ups targeting CJ merchants and double pop-ups targeting LinkShare. See also my point-by-point response to this article.

On July 27, Commission Junction staff reviewed my research and concluded that "another publisher ... is doing ... overwriting" -- referring to my demonstration of a 180 advertiser ("another publisher" other than 180 itself) overwriting another affiliate's cookies.

 

The above results primarily come from testing of June 25-28, 2004. 180 is fully capable of modifying its behavior at any time. In fact, in early July, most hidden 180 targeting seems to have been suspended, at least temporarily. 180's decision to scale back its silent targeting may result from LinkShare's announcement that it is investigating 180's activities. Alternatively, the suspension of hidden targeting may be in response to my recent posting generally describing this forthcoming research, or in response to concerns from affiliate merchants, affiliates, or others. Nonetheless, in my testing, 180's "double" popups continue to target multiple merchants, including merchants using both LinkShare and Commission Junction. In addition, at least 20 merchants remain targeted by 180's silent affiliate code replacement -- including merchants using both LinkShare and Commission Junction. In my most recent testing, some affiliate links are hidden behind multiple layers of sequential redirects as well as complex JavaScript obfuscation and encoding.

I am currently planning widespread testing of more programs that may be redirecting or tampering with affiliate commissions. Interested merchants, please fill out this form to join my affiliate fraud detection list, so I can keep you up to date with updates.

 

Return to top

Disclosures

My interest in spyware originally arose in part from a prior consulting engagement in which I served as an expert to parties adverse to Gator in litigation. See Washingtonpost.Newsweek Interactive Company, LLC, et al. v. the Gator Corporation.

More recently, I have served as an expert or consultant to other parties adverse to spyware companies, including parties generally contemplating litigation adverse to 180solutions. I have also attempted to assist several affiliate merchants as to affiliate fraud prevention. I continue to accept further engagements of this general form.

Finally, I have recently been in touch with staff of affiliate networks LinkShare and Commission Junction -- generally discussing the ways I might help these networks address, detect, and stop online affiliate fraud. However, to date I have accepted no relationship beyond phone calls with these or other affiliate networks.

This page is my own work - created on my own, without approval by any client, without payment from any client.

I gratefully acknowledge numerous helpful suggestions and assistance from Kellie Stevens, President of AffiliateFairPlay.


Last Updated: October 20, 2004 - Sign up for notification of major updates and related work.