It’s fraud. They publicly claimed, point-blank, to do a certain thing for years, and were instead doing the opposite, in the interest of making more money. The affiliate link thing is only one of several points that they’re suing over. The far more egregious one is that they don’t actually “scour the internet to find you the best coupons” They will actively hide better coupons that they know about, if marketplaces pay them to, and still tell you in the browser “this is the best coupon.”
It’s more than that, at least from a EU perspective. Don’t know what is legal in the US, but manipulating URLs in an obviously malicious way and without the user’s explicit knowledge and consent would be highly illegal here.
As far as I know they steal cookies but don’t change the URL.
Also, I think the bizarre market practice of “last click takes attribution” seems to be also common in EU.
Unfortunately just because it’s shady doesn’t make it immediately illegal even here in EU.
And the response from PayPal Honey shows they want to fight it in court. Which don’t think they would do if they thought it would have been considered highly illegal.
They found a loophole and abused it to steal creators (and users).
I just checked the original video. It works a little bit differently than plain URL replacement. They open another tab in the background and then send a manipulated URL to get the affiliate cookie set to their own. Guess it’s for the courts to decide if that is a legal practice or not. But to me it seems that the malicious extension sends a manipulated URL to the server pretending to do that on user’s behalf, without his knowledge. That is classic malware behavior.
Realistically most extensions open many links in the background. Even a simple adblocker will “open links” or URLs in the background to perform updates of lists etc.
The difference here is the malware was installed by the user after accepting a user agreement that probably covers network use…
Also they hijack the affiliation when the users interact with the extension and not with the website where the link for the product is.
I doubt honestly this will be a good angle to attack Honey.
IMO the fact that users are told that the best coupon will be used even though it’s demonstrably not true is a much more provable issue.
Especially since the extension opens a tab for an instant makes me think they didn’t really try to be super super sneaky.
Based on the MegaLag video, it looked like they’re opening a new tab with their own affiliate link, preserving cookies to ensure checkout can complete, then closing the original affiliate link tab.
Among other accusations, MegaLag said that if a YouTuber or other creator promotes a product through an affiliate link, if the viewer has installed Honey, the extension will surreptitiously substitute its own link when the viewer makes a purchase — even if Honey didn’t provide any discounts. That means Honey, not the creator, receives the affiliate revenue for the transaction.<<
That’s not what his video showed though. They don’t change the URL, they open another tab, which then overrides the cookie/session variable that is used to determine who the referrer is. It’s still scummy, but it doesn’t seem to be swapping links outright.
The YouTubers can only sue for actual damages THEY realized.
As the class is for content creators that partnered with Honey, it can only be for the affiliate links.
Users will need to sue separately, either individually or as a different class. My money is on them having a forced arbitration clause, so direct lawsuit will most likely be out of the question.
It’s not just youtubers. It’s anyone who uses affiliate links. Online ads use affiliate links.Things like Amazon Smile used affiliate linking for charity fundraising.
And since Honey was jacking links class action is the only way for them to really do it. No individual affiliate can point out their individual loss through Honey because Honey erased their links.
That means the class action needs to go after all affiliate revenue Honey has ever made.
After reviewing the actual legal filing, you’re correct. I somehow missed that.
All persons (corporate or individual) in the United States who
participated in an Affiliate Program with a United States online
merchant and had affiliate attribution redirected to Paypal as a
result of the Honey browser extension.
It’s fraud. They publicly claimed, point-blank, to do a certain thing for years, and were instead doing the opposite, in the interest of making more money. The affiliate link thing is only one of several points that they’re suing over. The far more egregious one is that they don’t actually “scour the internet to find you the best coupons” They will actively hide better coupons that they know about, if marketplaces pay them to, and still tell you in the browser “this is the best coupon.”
It’s more than that, at least from a EU perspective. Don’t know what is legal in the US, but manipulating URLs in an obviously malicious way and without the user’s explicit knowledge and consent would be highly illegal here.
Are they modifying URLs?
As far as I know they steal cookies but don’t change the URL.
Also, I think the bizarre market practice of “last click takes attribution” seems to be also common in EU.
Unfortunately just because it’s shady doesn’t make it immediately illegal even here in EU.
And the response from PayPal Honey shows they want to fight it in court. Which don’t think they would do if they thought it would have been considered highly illegal.
They found a loophole and abused it to steal creators (and users).
I just checked the original video. It works a little bit differently than plain URL replacement. They open another tab in the background and then send a manipulated URL to get the affiliate cookie set to their own. Guess it’s for the courts to decide if that is a legal practice or not. But to me it seems that the malicious extension sends a manipulated URL to the server pretending to do that on user’s behalf, without his knowledge. That is classic malware behavior.
https://youtu.be/vc4yL3YTwWk?t=281
Realistically most extensions open many links in the background. Even a simple adblocker will “open links” or URLs in the background to perform updates of lists etc.
The difference here is the malware was installed by the user after accepting a user agreement that probably covers network use…
Also they hijack the affiliation when the users interact with the extension and not with the website where the link for the product is.
I doubt honestly this will be a good angle to attack Honey.
IMO the fact that users are told that the best coupon will be used even though it’s demonstrably not true is a much more provable issue.
Especially since the extension opens a tab for an instant makes me think they didn’t really try to be super super sneaky.
Based on the MegaLag video, it looked like they’re opening a new tab with their own affiliate link, preserving cookies to ensure checkout can complete, then closing the original affiliate link tab.
That’s not what his video showed though. They don’t change the URL, they open another tab, which then overrides the cookie/session variable that is used to determine who the referrer is. It’s still scummy, but it doesn’t seem to be swapping links outright.
The YouTubers can only sue for actual damages THEY realized.
As the class is for content creators that partnered with Honey, it can only be for the affiliate links.
Users will need to sue separately, either individually or as a different class. My money is on them having a forced arbitration clause, so direct lawsuit will most likely be out of the question.
It’s not just youtubers. It’s anyone who uses affiliate links. Online ads use affiliate links.Things like Amazon Smile used affiliate linking for charity fundraising.
And since Honey was jacking links class action is the only way for them to really do it. No individual affiliate can point out their individual loss through Honey because Honey erased their links.
That means the class action needs to go after all affiliate revenue Honey has ever made.
After reviewing the actual legal filing, you’re correct. I somehow missed that.
Thanks for the clarification.