Cookie Stuffing - marykae/public GitHub Wiki

Cookie Stuffing

• Placing an affiliate tracking cookie on a website visitor’s computer without their knowledge, which will then generate revenue for the person doing the cookie stuffing
• Used to generate illegitimate affiliate sales
• Websites that run an affiliate program, pay a commission to affiliates for introducing visitors who then complete one or more qualifying transactions
• The problem occurs when a cookie stuffing site stuffs all its visitors with a batch of cookies in a scattergun approach
• Operators that allow user-generated content, such as forums that allow users to post content, should be aware of the various cookie stuffing techniques, and how to combat them, in order to protect their visitors from this type of activity
• Pop-ups are actually a method of cookie stuffing accepted by most affiliate networks
• Iframes are a way of embedding a page within a page
• The “IMG” HTML tag forces a browser to attempt to retrieve an image at a URL
• Javascript can be used to force a user to visit any URL where the end result is visiting the affiliate url
• Cascading Style Sheets define how a web page will be displayed. They are retrieved just like an image would be - the browser is instructed to visit a URL. The affiliate could put the direct affiliate URL into the style sheet as an image and have it loaded this way. This is one of the harder methods to detect.
• Adobe Flash is commonly used to create interactive media on the web, and contains functionality which allows developers to force a website user to visit an affiliate link while removing or spoofing referrer information so that the affiliate network won’t know where the traffic came from. A common tactic is to have the spoofed referring site be a legitimate or white hat affiliate site to mask the fact that the cookie stuffing is being carried out.