January 22, 2011 at 06:21Semi-legal theft of cookies
Part of the habrahlyudy are honest and disinterested and all sorts of technical things attract them. But some people here and there are sometimes not so disinterested. She doesn’t want to live honestly. I will tell you about how you can essentially steal, but at the same time without going beyond the criminal code. Commercials with $ 15,000,000.
Immediately: we will talk about cookie stuffing. If you know all this, then you can not read further. The description is designed and not very technical savvy user. What would people from the business also understand. A savvy text may seem drawn out. Jump straight to Technical Implementation.
Here, many are aware of how the regular affiliate program works. There is a store site. There is a product in it. Then the owner discovers that it would be nice to see visitors in this store. In addition to the obviousness of the type of search engines, he has a good idea: what if for a small fraction of the revenue to ask people to bring customers to the store? Here, Vasya brought the buyer to the store, left the buyer at the cash register 100 dollars - 10 of them Vasya for marketing. Satisfied with his idea, the owner prints a pack of pink cards, they put some kind of Vasya’s code and at the checkout, punching the goods to the client, the cashier is interested in the presence of the card with the buyer. If there is - the sale is recorded by Vasya in the asset. Later, he is paid the appropriate commission.
At first glance, the owner does not risk anything. Indeed, he pays only from the previously received money. However, Vasya is not fed up with running in the cold, catching people by the sleeve and persuading anyone to go into an unnecessary store for thousands of years. He realizes that they are paying him, in fact, not for attracting a client, but for the triggering of the trigger mechanism - the presence of a pink card at the buyer. There is an obvious idea: what if you leave the cold, go to the store itself and start distributing cards right in line at the cash register? And do not even give out, but quietly shove them in the breast pocket of people, all in a row. After all, some people go into the store themselves, without any persuasion. And even buy something. Here they pop cards. In this case, Vasya’s earnings will increase sharply, and even warmer indoors. True, offline, of course, the owner will immediately notice Vasya and expel him in three letters.
The role of pink cards is served by cookies. The store’s website generates links of the form shop.com/?affID=12, where 12 is Vasya’s ID. shop.com/?affID=12 shows visitors the same thing as just site.com. Only now the store’s script also puts a cookie on the visitor, say asdf, and writes in his database: at 12:12:12 12/12/12 Vasya sent us a visitor and we put him asdf cookie. In parallel, the flow of already made orders goes through shop.com/thankyou, which says that thank you, dear buyer, your order number 123 for $ 100 has been placed and will be delivered soon. At this time, the store script under the table checks: does the buyer have any of the previously set cookies? And oh, it turns out that at 12:22:12 12/12/12 on the payment confirmation page appeared the same asdf cookie carrier, that is, the client sent by Vasya, freshly paid $ 100. After that, the time is checked: 10 minutes passed between the appearance of the then future buyer and the actual purchase. This is less than the previously agreed period, and therefore the purchase is counted for Vasya.NB usually this period is calculated in weeks. 30 days is almost standard .
It would seem that everything is fine and the shop.com owner does not risk anything. After all, he pays only for visitors, whom Vasya actually sent to the store’s website. And only for those who have turned into a buyer. In his presentation, Vasya posted on vasya.com a link like " The best store!"
And he does his best to run on the frosty Internet, persuading people to familiarize himself with his recommendation. At this time, Vasya begins to experiment. To begin with, he doesn’t put a link on his website, but deep in the basement the following code:
Now, the browser of the visitor to Vasya’s website sees a command to display a 1 * 1 image somewhere in the basement, and take the image file itself at shop.com/?affID=12 He obediently runs to this link, takes content from there, but this turns out to be not a picture at all. The browser of the visitor to your Vasiny site displays a message “picture youk” - in the space allotted for this, one pixel in size. In short, the visitor does not even suspect the existence of some shop.com there, but the browser exchanged messages with the shop.com server. The page shop.com/addID=12 uploaded. Consequently, I got my cookie from shop.com. Thus, Vasya, as you see, solved the issue of imperceptibly stuffing those same pink cards into the pockets of passers-by. If it happens that this same visitor to the site vasya.com during the agreed period does buy something at the shop. com - Vasya will get his share. And all this despite the fact that in fact he did not do any advertising for shop.com at all. And he didn’t donate a single click of traffic. Of course, the wedge did not converge on img. Here you can use javascripts or something else. But for now let’s leave it out of scope.
We already know how to force cookies. Now the question is how to get to the checkout, which would put the cards just going to pay. This question will be discussed in more detail in the next series, but for now briefly, purely an idea. Suppose that Vasya is not just Vasya, but actually a direct competitor to the shop.com owner. They both sell crocodiles and are terribly jostling in search results. Potential buyers look at how much the crocodile is from Vasya, how much at the owner and somehow they decide who to take from. That is, the likelihood that the buyer shop.com was shortly before the purchase on vasya.com is relatively high. Here Vasya is registered in affiliates for a competitor. Now, if the buyer chose Vasya, then Vasya retains all the profit. If the buyer has chosen the owner, then Vasya gets at least a commission. Of course, the fact that Vasya has a bunch of thematic traffic is some assumption. But suppose that Vasya is a clever fellow, he simply went to the shop.com rivals and for a modest bribe he agreed to place such a code with them. In general, more about this in the next series, if the topic is interesting.
What is all this for? How much money is there then you can get on this small thing. Where did 15 million in the annotation come from, actually? On August 25, 2008, Ebay sued a certain gentleman named Shawn Hogan and his company Digital Point Solutions. According to Ibei, Sean punished them for $ 15.5 million between 2006 and mid-2007. And he is not the only one. Mr Dunning, the second mentioned in the lawsuit, excelled 5.3 million. Next on the list. There is something to delve into the details.
But they won't put me in prison? The question is correct. The answer to it, unfortunately, is incorrect. Despite the fact that such operations are essentially theft, however, this is a new topic and lawyers have not yet decided on the qualifications of this case. Ibei's civil lawsuit against Sean and his associates has not yet been resolved by anything. The attempt to prosecute these people, however, ended more successfully. On June 24th, 2010 they were finally put into circulation. But only because of a few formal clues. The very persecution of Sean and friends became possible only because they had completely lost all fear. Specifically, Sean organized an advertising network, where he openly invited people to whom he openly painted: “Let's steal from Ibey together!” And all this in the states. In other countries there are no problems at all.
Additional links:
1. For those who read English: Ibei's complaint about this whole fraternity . The source, and therefore written in a heavy legal language.
2. A bunch of examples of technical performance stuffing. Actually there is an English-language description .
3. There are still allegations of Dunning (millions are listed on the 3rd page) and Hogan (millions are also on the 3rd page, in the 7th paragraph).
PS Do not drop everything and run to steal millions. The scheme described above, that's exactly how it is, is caught in 30 seconds.
In principle, the above is enough, but if the people of hare are interested, I can tell you separately how this is caught, how to get around the catchers and how to scale the process to an indecently rich level. And how to catch already. If interested - say, I will continue.
Immediately: we will talk about cookie stuffing. If you know all this, then you can not read further. The description is designed and not very technical savvy user. What would people from the business also understand. A savvy text may seem drawn out. Jump straight to Technical Implementation.
Organizational aspect
Here, many are aware of how the regular affiliate program works. There is a store site. There is a product in it. Then the owner discovers that it would be nice to see visitors in this store. In addition to the obviousness of the type of search engines, he has a good idea: what if for a small fraction of the revenue to ask people to bring customers to the store? Here, Vasya brought the buyer to the store, left the buyer at the cash register 100 dollars - 10 of them Vasya for marketing. Satisfied with his idea, the owner prints a pack of pink cards, they put some kind of Vasya’s code and at the checkout, punching the goods to the client, the cashier is interested in the presence of the card with the buyer. If there is - the sale is recorded by Vasya in the asset. Later, he is paid the appropriate commission.
At first glance, the owner does not risk anything. Indeed, he pays only from the previously received money. However, Vasya is not fed up with running in the cold, catching people by the sleeve and persuading anyone to go into an unnecessary store for thousands of years. He realizes that they are paying him, in fact, not for attracting a client, but for the triggering of the trigger mechanism - the presence of a pink card at the buyer. There is an obvious idea: what if you leave the cold, go to the store itself and start distributing cards right in line at the cash register? And do not even give out, but quietly shove them in the breast pocket of people, all in a row. After all, some people go into the store themselves, without any persuasion. And even buy something. Here they pop cards. In this case, Vasya’s earnings will increase sharply, and even warmer indoors. True, offline, of course, the owner will immediately notice Vasya and expel him in three letters.
Technical implementation
The role of pink cards is served by cookies. The store’s website generates links of the form shop.com/?affID=12, where 12 is Vasya’s ID. shop.com/?affID=12 shows visitors the same thing as just site.com. Only now the store’s script also puts a cookie on the visitor, say asdf, and writes in his database: at 12:12:12 12/12/12 Vasya sent us a visitor and we put him asdf cookie. In parallel, the flow of already made orders goes through shop.com/thankyou, which says that thank you, dear buyer, your order number 123 for $ 100 has been placed and will be delivered soon. At this time, the store script under the table checks: does the buyer have any of the previously set cookies? And oh, it turns out that at 12:22:12 12/12/12 on the payment confirmation page appeared the same asdf cookie carrier, that is, the client sent by Vasya, freshly paid $ 100. After that, the time is checked: 10 minutes passed between the appearance of the then future buyer and the actual purchase. This is less than the previously agreed period, and therefore the purchase is counted for Vasya.NB usually this period is calculated in weeks. 30 days is almost standard .
It would seem that everything is fine and the shop.com owner does not risk anything. After all, he pays only for visitors, whom Vasya actually sent to the store’s website. And only for those who have turned into a buyer. In his presentation, Vasya posted on vasya.com a link like " The best store!"
And he does his best to run on the frosty Internet, persuading people to familiarize himself with his recommendation. At this time, Vasya begins to experiment. To begin with, he doesn’t put a link on his website, but deep in the basement the following code:
Now, the browser of the visitor to Vasya’s website sees a command to display a 1 * 1 image somewhere in the basement, and take the image file itself at shop.com/?affID=12 He obediently runs to this link, takes content from there, but this turns out to be not a picture at all. The browser of the visitor to your Vasiny site displays a message “picture youk” - in the space allotted for this, one pixel in size. In short, the visitor does not even suspect the existence of some shop.com there, but the browser exchanged messages with the shop.com server. The page shop.com/addID=12 uploaded. Consequently, I got my cookie from shop.com. Thus, Vasya, as you see, solved the issue of imperceptibly stuffing those same pink cards into the pockets of passers-by. If it happens that this same visitor to the site vasya.com during the agreed period does buy something at the shop. com - Vasya will get his share. And all this despite the fact that in fact he did not do any advertising for shop.com at all. And he didn’t donate a single click of traffic. Of course, the wedge did not converge on img. Here you can use javascripts or something else. But for now let’s leave it out of scope.
We are getting to the checkout
We already know how to force cookies. Now the question is how to get to the checkout, which would put the cards just going to pay. This question will be discussed in more detail in the next series, but for now briefly, purely an idea. Suppose that Vasya is not just Vasya, but actually a direct competitor to the shop.com owner. They both sell crocodiles and are terribly jostling in search results. Potential buyers look at how much the crocodile is from Vasya, how much at the owner and somehow they decide who to take from. That is, the likelihood that the buyer shop.com was shortly before the purchase on vasya.com is relatively high. Here Vasya is registered in affiliates for a competitor. Now, if the buyer chose Vasya, then Vasya retains all the profit. If the buyer has chosen the owner, then Vasya gets at least a commission. Of course, the fact that Vasya has a bunch of thematic traffic is some assumption. But suppose that Vasya is a clever fellow, he simply went to the shop.com rivals and for a modest bribe he agreed to place such a code with them. In general, more about this in the next series, if the topic is interesting.
Financial side
What is all this for? How much money is there then you can get on this small thing. Where did 15 million in the annotation come from, actually? On August 25, 2008, Ebay sued a certain gentleman named Shawn Hogan and his company Digital Point Solutions. According to Ibei, Sean punished them for $ 15.5 million between 2006 and mid-2007. And he is not the only one. Mr Dunning, the second mentioned in the lawsuit, excelled 5.3 million. Next on the list. There is something to delve into the details.
Legal side
But they won't put me in prison? The question is correct. The answer to it, unfortunately, is incorrect. Despite the fact that such operations are essentially theft, however, this is a new topic and lawyers have not yet decided on the qualifications of this case. Ibei's civil lawsuit against Sean and his associates has not yet been resolved by anything. The attempt to prosecute these people, however, ended more successfully. On June 24th, 2010 they were finally put into circulation. But only because of a few formal clues. The very persecution of Sean and friends became possible only because they had completely lost all fear. Specifically, Sean organized an advertising network, where he openly invited people to whom he openly painted: “Let's steal from Ibey together!” And all this in the states. In other countries there are no problems at all.
Additional links:
1. For those who read English: Ibei's complaint about this whole fraternity . The source, and therefore written in a heavy legal language.
2. A bunch of examples of technical performance stuffing. Actually there is an English-language description .
3. There are still allegations of Dunning (millions are listed on the 3rd page) and Hogan (millions are also on the 3rd page, in the 7th paragraph).
PS Do not drop everything and run to steal millions. The scheme described above, that's exactly how it is, is caught in 30 seconds.
In principle, the above is enough, but if the people of hare are interested, I can tell you separately how this is caught, how to get around the catchers and how to scale the process to an indecently rich level. And how to catch already. If interested - say, I will continue.