Affiliate Fraud (cookie stuffing) is still rife

[DavidMarketing]

I'm new to the forum but have worked in online marketing for a long time now in various industries. I was surprised to see that cookie stuffing / cookie dropping is a practice that is still highly prevalent in the gambling affiliate industry, when in other industries I've worked in, this practice, and other affiliate fraud practices were eliminated a long time ago!

And, it's not just small affiliates doing this. It's some of the industry's largest affiliates.

My point though - you just cannot work with a brand who is allowing cookie stuffing. For every 1 honest click you send organically as an affiliate, the cookie stuffers are dropping 200 clicks and overriding most cookies you set honestly.

What's even worse, some operators are not even aware that this is fraud. They get hoodwinked by deals from the "big" media companies and told that the deal is that the affiliate can set a "post-impression attribution cookie". In other words, cookie stuff. And big companies allow this to happen.

Talk to your affiliate manager if you're getting stuffed on revenues by other affiliates rigging the system.

If you want to see it with your own eyes then go to adibet _.com, africanfootball _.com, both from a South Africa VPN. You'll see brands like Hollywoodbets and Betfred South African being blatantly cookie stuffed (a tracking cookie drop without any click through). Primarily the ads come from Clever Advertising, but test it for yourself

Go to businessday _.ng and you'll see Betking getting cookie stuffed (VPN Nigeria). Another large affiliate (Fresh8, owned by Sportradar) are stuffing on this site.

No matter how good your website or app is, if you're competing with cookie stuffers then you're losing money that should be tagged to you.

Just the tip of the iceberg. I've seen it on hundreds of other sites. These guys are destroying your revenue

[Sherlock]

10+ years ago I was developing the tool that was monitoring cookie stuffing. I had problems with rogue Bet365, Bwin and Bovada/Bodog affiliates and the **** in ads as you mention it.

I even bought a nice domain and I was thinking I will be able to monetize it.

I was very surprised when the reply was something between short "thank you" and no reply at all. I reported over 20 trackers to Bet365. I doubt they banned the affiliate.

So I abandoned the idea to do anything with it.

Shortly after I realized that Live odds banners from ladbrokes were stuffing browsers with my own cookies. I did not report it and used it for my advantage.

In this wild west where tracking is not normally working and affiliates are robbed nobody sees the bigger picture so I am afraid that all you can do is write those messages and that is it.

[universal4]

Thanks for exposing that, and while interesting it brings an important point to the forefront. (this issue was exposed and discussed here a whole lot of years ago and


Cookie Stuffing?

Ahh the memories of heated discussions from 2002.

Yes a ton of this was exposed and discussed back in 2002 and 2003

Here are a few of the earliest discussions.
https://www.gpwa.org/forum/how-shawn...os-145860.html
https://www.gpwa.org/forum/theft-145955.html
https://www.gpwa.org/forum/use-cookies-145929.html

Many of these early discussions here at the GPWA did in fact lead to some gambling affiliate programs making changes and of course many of us pushed for transparency publicly as well as behind the scenes.

I am not sure how many of the tools and examples may work still after 23 years, but will try and go through some of the posts to see.

Many of the links have been disabled or obfuscated, but clearly more should be done.

Rick
Universal4

[universal4]

Thanks for exposing that, and while interesting it brings an important point to the forefront. (this issue was exposed and discussed here a whole lot of years ago and affiliates should be aware of that.

Based on this issue, one of the highly important points to look at when considering an affiliate program is:
Cookie length
Cookie over-writing

If an affiliate cookie is over-writeable, at least the person that makes the sale, (affiliate link used when visitor arrives and decides to join) at least in those cases the affiliate has the best shot at getting the credit for the sale/join.

Yes cookie length is important too, but IMO whether it can be over-written is far more important.


Rick
Universal4

[Sherlock]

Almost all cookies are over-writeable (e.g. last cookie gets the credit; there is problem with bovada which they refuse to resolve, that sometimes last affiliate hit deletes the cookie and the visitor is lost for all affiliates).

The basic protection against cookie stuffing is disabling the iframes, which, thank god, is now easier than before.

[DavidMarketing]

10+ years ago I was developing the tool that was monitoring cookie stuffing. I had problems with rogue Bet365, Bwin and Bovada/Bodog affiliates and the **** in ads as you mention it.

I even bought a nice domain and I was thinking I will be able to monetize it.

I was very surprised when the reply was something between short "thank you" and no reply at all. I reported over 20 trackers to Bet365. I doubt they banned the affiliate.

So I abandoned the idea to do anything with it.

Shortly after I realized that Live odds banners from ladbrokes were stuffing browsers with my own cookies. I did not report it and used it for my advantage.

In this wild west where tracking is not normally working and affiliates are robbed nobody sees the bigger picture so I am afraid that all you can do is write those messages and that is it.

I think a lot of the big brands cleaned it up and stopped stuffing via content security policies and the various headers that stop a page being loaded via an external script or in an iframe. However, many brands can't do this for technical reasons, so it's still open. Plus, the smaller brands have no idea about security or fraud, so it just happens.

Surely though the brands should know if an affiliate is delivering millions of clicks and converting at 0.1%

[DavidMarketing]

Almost all cookies are over-writeable (e.g. last cookie gets the credit; there is problem with bovada which they refuse to resolve, that sometimes last affiliate hit deletes the cookie and the visitor is lost for all affiliates).

The basic protection against cookie stuffing is disabling the iframes, which, thank god, is now easier than before.

We disable our own websites being framed on other sites, purely because people were spamming. Many bookies don't though.

Are you implying that if an affiliate website can be framed then the person framing it can overwrite the links and hijack the referrals too?

[DavidMarketing]

Thanks for exposing that, and while interesting it brings an important point to the forefront. (this issue was exposed and discussed here a whole lot of years ago and


Cookie Stuffing?

Ahh the memories of heated discussions from 2002.

Yes a ton of this was exposed and discussed back in 2002 and 2003

Here are a few of the earliest discussions.

Many of these early discussions here at the GPWA did in fact lead to some gambling affiliate programs making changes and of course many of us pushed for transparency publicly as well as behind the scenes.

I am not sure how many of the tools and examples may work still after 23 years, but will try and go through some of the posts to see.

Many of the links have been disabled or obfuscated, but clearly more should be done.

Rick
Universal4

Many browsers inihibit privacy breaches like this, but one of the problems with the current cookie stuffers is they're sophisticated. They'll find brands that let them get away with it, they'll find browsers and versions that don't have the controls. They'll cookie stuff just once per 24 hours per IP address, or just cookie stuff at nighttime when affiliate managers won't be manually checking websites. All in all, people get away with it.

The most annoying thing is that the people doing it are regarded as some of the most powerful media companies in the industry. Whilst the small affiliates feed off the scraps, these big guys are cookie stuffing like no tomorrow.

The other annoying thing is that these big stuffers have done it for years, so for the operator there's no real way of telling whether referred players, paying lifetime revenue shares, were obtained through fraudulent means.

The operators see x thousands referrals on a big cookie stuffer's account, and can't bring themselves to question or close that account off, as they feel reliant on the number of players brought to them by the stuffer.

What operators don't realise, is that if they let go of the stuffers, they'd receive that traffic from other affiliates and from organic traffic. They're just paying cookie stuffers for chance referrals and no click activity at all.

[DavidMarketing]

I can only think that the best way to stop operators openly working with cookie stuffers, or allowing it to happen without knowing, is to name and shame the brands doing it and the websites doing it.

If it means other affiliates say "no" we're not advertising you any more because you're allowing fraud, then this might hurt some of the programs doing it.