The large e-commerce affiliate network known as Commission Junction (CJ) is gearing up a campaign that uses automated searches of the Web to catch dishonest participants.
The network has contracted with Cyveillance, a firm that monitors the online use of trademarked terms, to “spider” the Internet seeking affiliates that generate commissions without legitimately earning them.
I wrote last week that CJ and its subsidiary, BFAST, had permanently banned one of the largest “loyalty” programs on the Web, Shop At Home Select. CJ officials state that the program promised rebates to consumers who used the company’s software to shop, but that the software was too often installed without users’ knowledge. Shop At Home said in a statement that this was a misunderstanding.
With Shop At Home out of the picture, many other CJ affiliates may now be fingered by their own software practices if Cyveillance’s spidering technology is successful.
Searching For Banned Practices
In a telephone interview, Terance Kinsky, director of network quality for CJ, described three kinds of prohibited behaviors that Cyveillance is being paid to look for:
• Cookie stuffing. Many e-commerce merchants in CJ’s network pay a commission for every buying customer whose PC bears a “cookie” from an affiliate’s site. The cookie, a small text file, shows that the customer first visited the affiliate and then clicked a link that took him or her to a merchant’s Web page.
Some dishonest affiliates write not just one cookie to visitors’ PCs, but several. Each cookie is specific to a different merchant. Say a shopper visits, for example, Bob’s Golf Clubs. At a later time, the person buys something from Jo’s Golfing. Thanks to cookie stuffing, commissions could wrongly be paid to Bob even though his site had done nothing to send buyers to Jo’s site.
• Forced clicks. According to Kinsky, “the definition of a forced click is that the end user is not taking the action himself.” An example would be a pop-up window that an affiliate site displays, which should not have been displayed unless the user had clicked a link to request it.
Kinsky acknowledges that pop-up windows and other techniques used by adware and spyware will not presently be caught by Cyveillance. That’s because these memory-resident programs exist on users’ PCs. Cyveillance searches for data only on Web servers. But some techniques that Web servers use to trick customers into clicking links can be detected by spidering, Kinsky says.
• Security exploits. Many crooked Web operators install software onto visitors’ PCs using known security flaws in Microsoft’s Internet Explorer (IE) browser. For example, ActiveX modules, which work only on IE, can install software without any meaningful notice being displayed to the PC user.
Kinsky says Cyveillance is not yet spidering the Web looking for ActiveX exploits, but that it will start doing so as soon as CJ delivers a list of techniques to look for. That shouldn’t pose much of a problem. There are only a handful of ActiveX commands that can remotely install software, and they’re easy to spot in the lines of a Web site’s code.
A New Sheriff Comes To The Wild West
Since spidering isn’t that expensive — and CJ doesn’t have to search every page on the Web, only those sites that claim its affiliate commissions — one wonders why the major e-commerce networks haven’t automated the outing of the bad guys before this.
Part of the answer is that Internet monitoring raises many fears, both rational and irrational. Even Cyveillance’s name, a combination of “cyber” and “surveillance,” suggests a spy-vs.-spy operation.
A query in any search engine on the name cyveillance reveals blog after blog that claims nefarious acts. The company is said to (1) consume vast amounts of bandwidth in its searches, (2) ignore a file named Robots.txt, which can tell search engines not to index certain parts of a site, and (3) consort with the recording industry to persecute individuals who share copyrighted music.
In response, Eric Olson, the VP of solution assurance at Cyveillance, says, “We try to maintain a light footprint, and we try not to overburden a server” during searches. He acknowledges that the company’s spider does look at pages that a site’s Robots.txt file labels as excluded. But, he adds, “We couldn’t do our jobs if we listened to every Web site saying, don’t look at these pages.”
In fairness to Cyveillance, Robots.txt is an Internet practice that’s supposed to save search engines the trouble of indexing large unreadable files, such as relational databases. It was never intended to render totally invisible anything that a site owner wishes to hide.
As far as catching music-sharing individuals, Olson says Cyveillance is deliberately avoiding entanglements in the music business. “We’re very much not working with the RIAA [the Recording Industry Association of America],” which has filed numerous lawsuits against file sharers, he states.
Time To Throw Out The Bath Water
Hopefully, spidering the Web will result in dishonest affiliates getting the boot from CJ — and possibly other such networks that also face scam problems. Legitimate affiliates and merchants alike constantly grumble about shady Web site owners that take money out of the system without earning it.
At the same time as CJ’s detection mechanism becomes automated, though, Kinsky emphasizes that the human approach is still the best. People who see questionable practices should report them so CJ can investigate, he says. “Someone will buy a misspelling of a site” to get accidental traffic, he explains. A robotic spider might not know the difference, but it’s against CJ’s terms of service and affiliates can be banned for it.
Now looks like a good time for rogue e-commerce affiliates to clean up their acts and try to make money in an above-board way, for a change.