I used to work for an ad tech company (which I know already makes me the devil to some around here), and even I think that they crossed a line with this. A lot of industry terms are coded in corporate speak to make them sound better (think "revealed preferences" or "enabling personalization"), but I would genuinely like to know what the engineers thought when doing design reviews for a "selective stand down" feature. There doesn't seem to be a legit way to spin it.
Making a product to explicitly skirt agreements while working for a corporation is ... a choice
> what the engineers thought when doing design reviews for a "selective stand down" feature.
Possibly a version of, “I lack the freedom to operate with a moral code at work because I’m probably replaceable, the job market makes me anxious, my family’s well-being and healthcare are tied to having a job, and I don’t believe the government has my back.”
From my experience, it’s more likely that the engineers who got far enough in the company to be working on this code believed that their willingness to work on nefarious tasks that others might refuse or whistle-blow made them a trusted asset within the company.
In industries like this there’s also a mindset of “Who cares, it’s all going to corporations anyway, why not send some of that money to the corporation that writes my paychecks?”
I have noticed that in addition to this perspective there are scores of developers who espouse the idea that “we just create, what people do with our work isn’t our business.”
I understand the utilitarian qualities of the argument, but I submit that there’s a reason that capital-E-Engineering credentials typically require some kind of education in ethics-in-design.
I agree that we're responsible for what we create. I would also submit that corporate culture has been under intense selective pressure over the past 10 years to get good at creating compliance with ethically problematic software projects. I'm curious how many people left Google because they dropped the "don't be evil" motto.
There's lots of carrots (compensation, high quality desk jobs) and sticks (promotion structures, threat of offshoring). The really annoying and egregious aspects of corporate speak are easy targets for ire and take the heat, while the subtle euphemisms make the actual questionable projects easier to live with day to day.
capital E engineers have numerous other laws that protect their position.
Civil/mechanical/electrical have countless codes that must be followed with the force of law.
When we say we want engineering standards for software developers we are also asking for standards and codes to be applied to software and all that entails.
I'm not saying this is good or bad, just to consider the ramifications of this at all levels.
This has been 'being considered' my entire career, so since the 90s at least. I have finally determined all the libertarian style 'thinking' over action is just stalling. They have stalled to the point that tech now smells bad to the majority of people, I wonder what comes when OUTSIDE influences decide enough. I feel like tech's 'self determinism' runways is running out and I'm kinda happy for it. Couldn't happen to a more deserving industry.
I suspect you are right. It reminds me of the whole "at the government you can hack legally" argument used by government intelligence agencies to recruit hackers.
I think a lot of skilled engineers want interesting challenges where they break boundaries, and being in an environment that wants you to break those boundaries allows them to legitimize why they are doing it. That is, "someone else is taking moral responsibility, so I can do my technical challenge in peace"
Do you know of anyone declining to work on a project
For ethical in their view ( non military non killing) ?
I’ve led a sheltered life and never met one, people have told me they wouldn’t apply for a role with a company for ethical reasons maybe they even believed they would get the job
Sure: A couple of years ago I joined a company doing outsourced system administration. Then it was suggested I should take care of a new client: a manufacturer of weapons with a quite shady reputation.
There were already other issues I had noticed. But this was the red flag for me and I left after four weeks.
My then team lead was pissed and complained I should have told beforehand that I don’t want to go down that route. But it never occured to me before that to compile a blacklist of things I won’t do. And I had been in business for more than 20 years when that happened.
I know a lot of people who won't work for some companies for ethical reasons.
Though, sometimes the exact reason is muddied, since companies that are perceived as unethical in how they behave externally are often also perceived as unethical in how they behave towards employees. So you might object on pragmatic grounds of how you'd be treated, before you ever get to, say, altruistic grounds.
Also, sometimes fashion is involved. For example, many people wouldn't work for company X, because of popular ethical objections to what they do being in the news, but some of those people would probably work for an unknown company doing the same things, without thinking much about it.
But often it's just "I don't like what company Y is doing to people, and I wouldn't work on that, even if they treated employees really well, and it was really fashionable to work there".
(See, for example, the people who refused to work for Google after the end of Don't Be Evil honeymoon phase, even though they generally treated employees pretty well, and it was still fashionable to work there.)
I worked at LivingSocial back in 2012. I was 21 and didn’t know anything about marketing. The pitch was that daily deals helped small businesses get new customers who would then become recurring, which was good. I liked helping small businesses.
Over time I realized that the company knew this wasn’t really true. Daily deal customers weren’t likely to return. They went where the deals were. The influx of cash from daily deals was a marketing expense, almost always at a loss (most deals were 50%+ off and half of the remaining revenue went to LivingSocial), and buyers rarely returned so SMBs would never recoup their loses.
Once I figured this out, I decided to leave even though I would miss my equity cliff by a month. I ended up joining ZenPayroll (now Gusto) early on because they were helping SMBs with a real problem (payroll was a fking nightmare back then.)
Beyond that, I now accept that many employers screen candidates with questions like, "Have you ever been fired?". Answering the why with, "I refuse to do things I consider to be unethical" is typically enough to screen you out.
While this can be irritating, I have come to see it as a good thing. It helps me screen out candidate employers. It is taxing to work in an environment that constantly challenges your ethics. Imagine having access to all your customers' supposedly private emails and being tasked with mining them without your customers' knowledge. Imagine being tasked with adding an obscurely worded line item to the monthly bill of all customers that your logging indicates haven't accessed their billing statement in the last 12 months.
Now imagine working at a job where you are tasked to find all customers who haven't used an optional paid feature in the last 12 months and notifying them that there might be an opportunity to reduce the amount you bill them. Imagine working for an insurance coop that actively scours for ways to charge members less money without compromising their protection and without taking advantage of somebody else.
Imagine that your personal life choices automatically disqualify you from exploitative employers and lead you to more fulfilling employment. This is a real thing that many people don't have to imagine. They live it.
The issue of course is what if your personal life choices automatically disqualify you from (defacto) all employers and you end up not even being able to afford a van down by the River?
Hello. I have. The first time, I was offered a job working on missile guidance systems. I told them I would not work on weapons, so they offered me a job working on something else instead. Then they asked me to move to another project that would require getting government security clearance. I said I wouldn't do that either because I was not willing to make the required promises to my government, so they gave me other projects that didn't require it. It's really not that hard to have a penny's worth of a moral compass if your skill has any kind of value. I think maybe the problem is people who only have value to companies that only hire people without any morals.
Yes! I once met a highly paid contract tech lead who had walked out of a lucrative contract with a supermarket after he became aware the new credit card product he was working on was to be exclusively targeted at customers in poor areas.
The moral fortitude on that man!
I applaud his actions, but genuinely do not know if I would have the stones to leave my job if I was in a similar position!
>Do you know of anyone declining to work on a project For ethical in their view ( non military non killing) ?
o/
i was offered a high paying job, with relocation to a 1st world country (at the time, i was living in a 3rd world country with high murder rates), to a industry that i consider quite shady (and it's not military and not around killing -- i have no issues with both of those). i politely refused.
most of my friends, at the time, told me that they would've have accepted without even thinking, but for me, it's just not worth it.
I had an offer to work in gambling as a young inexperienced student, fortunately they didn't hire me because I was too inexperienced. I can imagine how my career would move if my first working experience was in such company. Some people might be like that.
I've dodged multiple work opportunities on ethical grounds, although I can only think of one time where it was a big deal (I think we had to turn down a client because I declined to work on it).
I've often been contacted by recruiters for companies in the gambling (in India it's called "skill-based web gaming") or the crypto/web3 space, and I've always denied those for ethical reasons.
I think most people avoid this situation one step earlier by choosing the company they work for.
I.e. do you accept a job in adtech, military, adult industry, etc.
I think pretty much everyone has an internal red line, of course they will vary a lot and may even move over time.
I was asked to help with creating what seemed like a human trafficking app to Christian me, but that to the Muslim founder was 'just an app to get the best payment for an arranged marriage' and just improving something that he said already happened all the time in his culture (he was from Pakistan I don't know if that is actually a thing there or he was just trying to justify his messed up app).
Yes, absolutely. To elaborate a bit though, if you live in the West, Muslim ethics are more likely to stick out when applied to our regular practices. e.g. I know a Muslim programmer who declined to participate in a project involving billing interest to customers. (Which is decidedly non military and non killing, as posed by the post I was replying to.)
Sure, it happens all the time. Speaking personally, for example, I walked out of an interview when I realised it was for The Sun's betting site (Sun Bet)
I quit a job on contract with a major insurance provider because they asked me to perform a truncate instead of a rounding operation in a formula without any mathematically sound reason for choosing the truncate over the rounding. I figured out they wanted truncating because it would lead to more people being denied flood coverage than rounding would.
And they are right. It's not like anyone outside of the affiliate marketing "industry" was hurt by this - noting that some of your parasocials are likely to be in that "industry" and so you feel hurt on their behalf.
I like the idea that what makes someone a 'professional' instead of just an employee is the wherewithal, agency, and expectation to say no to a particular task or assignment.
An architect or engineer is expected to signal and object to an unsafe design, and is expected by their profession (peers, clients, future employers) to refuse said work even if it costs them their job. This applies even to professions without a formalized license board.
If you don't have the guts and ability to act ethically (and your field will let you get away with it), you're just a code monkey and not a professional software developer.
Maybe when the government and the shareholders start setting an example and hold the bosses and capital owners accountable, and reward instead of punish the whistleblowers, and when their are enough jobs so that losing the one you have is not a problem, moral behavior further down the hierarchy will improve.
In my experience, sometimes your employer blatantly lies to you about what you're making and how it'll be used. I was once recruited to work on a software installer which could build and sign dynamic collections of software which was meant to be used to conveniently install several packages at once. Like, here's a set of handy tools for X task, here are the default apps we install on machines for QA people, here is our suite of apps for whatever. It seemed to have genuine utility because it could pull data in real time to ensure it was all patched and current and so on. That could be great for getting new machines up and running quickly. Several options exist for this use case today, but didn't then as far as I recall. This was on Windows.
Ultimately it was only used to install malware in the form of browser extensions, typically disguised as an installer for some useful piece of software like Adobe Acrobat. It would guide you through installing some 500 year old version of Acrobat and sneakily unload the rest of the garbage for which we would be paid, I don't know, 25 cents to a couple dollars per install. Sneaking Chrome onto people's machines was great money for a while. At one point we were running numbers of around $150k CAD per day just dumping trash into unsuspecting people's computers.
At no point in the development of that technology were we told it was going to ruin countless thousands of people's browsers or internet experiences in general. For quite a while the CEO played a game with me where I'd find bad actors on the network and report them to him. He'd thank me and assure me they were on top of figuring out who was behind it. Eventually I figured out that the accounts were in fact his. They let me go shortly after that with generous severance.
I don't miss anything about ad tech. It was such a disheartening introduction to the software world. It's really the armpit and asshole of tech, all at once.
> Ultimately it was only used to install malware in the form of browser extensions, ...
Like any other MDM software.[0] Everyone who has been long enough in the infosec industry knows that MDM is fundamentally nothing more than a corporate-blessed malware and spyware package.
In the past 2-3 years the criminal gangs have realised that too. The modern form of socially engineered phishing quite often entices victims to install a legit MDM software package (eg. MS InTune) and hand over their device control for remote management. Why bother writing malware that has to fiddle with hooks to syscalls and screenshot capabilities when you have a vendor approved way of doing the same?
I think you can only get away with that excuse so long as you're actively looking for a new job while also collecting data to turn whistleblower (anonymously if need be) once you have one. Ultimately it falls on the employee to do the right thing or get out because they risk being held accountable for what they do. A replaceable employee (which is pretty much all of them) will be especially vulnerable since they can be thrown under the bus with minimal inconvenience to the company.
This is why we need Professional Engineer licenses for software.
There are times when a product design needs to be reviewed and approved by someone who cares more about his license than about his job. It doesn't happen as often with software as it does with civil engineering, but often enough that it needs to become a thing.
And what happens when the licensing board gets politically compromised? You cant fix broken incentives by papering over another layer of administration. If the underlying incentives are opposed, the administration layer will be adapted to fit.
Civil engineering licensing works because underneath it all the incentive structure is aligned with the goals of the license. Its not about imposing morals, its about ensuring that buildings and devices are constructed to not fail, and to not fail catastrophically. The motivations of the ones who hire engineers are mostly aligned, they don't want the devices to fail either, and expose them to liability.
Medical doctor licensing also works because the incentives are mostly for patients not to be dying. But in the pharmaceuticals industry the incentive structure is different, where some rate of fatality is considered an acceptable cost of doing business, we see examples of subversion.
Sure software engineering licenses could be a great addition. But alone it will fail unless the incentive structure for those employing software engineers is aligned with the licensing goals.
The firmware for a diesel engine goes into a diesel engine. The company can be required to get a PE's signify for putting the firmware in. After that, if it's copied elsewhere, that's not their problem.
My experience with the people around me who are in this situation is rather either:
- They just don't care. Society and others are not on their radar.
- They don't think it's that bad.
- They think it's not great, but the benefit is too good so they ignore the voice at the back of their head. Or they have a lifestyle and that takes priority.
- They think it's bad, but the friction to live according to their own moral view of the world is higher than their desire to adhere to such a moral view.
When I was 20, I declined interview offers from Facebook and Google. Huge opportunity cost. My friends looked at me like I was dumb.
I have friends regularly coming to me with ideas that are about spamming, selling personal data or basically fraud. They don't see a problem with it.
When you talk to people and say "advertising is basically normalized lying at the scale of the entire society", people just give you a blank stare.
There is no need to look for coercion every time you see something bad to explain it. The human population is diverse and they all draw the line of what's acceptable in different places.
You can still judge them evil even if the parent was accurate as to the motivations for their actions. Villains are more interesting when they're sympathetic.
You're in the planning meeting discussing this feature, you ask "Hey, are we allowed to do this? I thought stand downs were contractural." and your PM says yes, they got the okay from legal. Now what do you do?
It’s easy, looking at the current state of affairs, to conclude that ethical behavior is incompatible with capitalist ambition. One might still choose to be ethical nonetheless, but with the understanding that you will be overtaken by those who have made a different choice.
This is no different, and frankly far less alarming to me, than Uber's project greyball from 2017, which should have tanked a company in a just world. I suppose some companies just promulgate a culture where its acceptable or even lauded to evade law and contracts: https://www.nytimes.com/2017/03/03/technology/uber-greyball-...
This comment was replying to someone asking "how could engineers possibly write such malicious code" so a more glaring example from a more mainstream company seemed quite appropriate.
A nice set of examples can be found in Guido Palazzo's Dark Pattern.
“The Dark Pattern by Guido Palazzo and Ulrich Hoffrage teaches us about the power of context, which is stronger than reason, values, morals, and best intentions. It is an uncomfortable and painful lesson about the root causes of 'corporate infernos.' "
The context matters.
Think of the banality of evil in WW2 Germany.
We are capable of doing almost anything, good or bad, as long as the shoal around does it and pretends it normal.
>I used to work for an ad tech company (which I know already makes me the devil to some around here)
everyone sets the bar below what they do
>even I think that they crossed a line with this
everyone sets the bar below what they do
>I would genuinely like to know what the engineers thought when doing design reviews for a "selective stand down" feature. There doesn't seem to be a legit way to spin it.
Possibly "marketing is all bullshit and hopefully this destroys it faster"
It's not like any crime was committed, and civil liability falls squarely on the business here, not its employees. And the whole dispute is only about which marketing company receives marketing revenue - something where the world would improve if they all disappeared overnight. Doesn't really seem that evil to me. Underhanded, yes.
I think the only reason there's any outrage at all, outside the affiliate marketing "industry", is that some of these marketing companies are YouTube personalities with whom many people have parasocial relationships. Guess what, they just got to learn the hard way why capitalism sucks. What Honey did is a valid move in the game of business. Businesses throughout history have gained success by doing way worse things than this. Amazon's MFN clause is way worse. Uber's Greyball is way worse.
Yeah I'm not seeing any ethical issue with what Honey did/does. They reduced transaction costs (part of what went to middlemen now goes to the buyer) and helped block some level of surveillance. Sounds good to me. Far more ethical than the people running the tracking/ad programs in the first place.
So when a review channel goes and does lengthy and honest reviews of multiple brands of hardware, a consumer uses this resources to figure out what exactly they want to buy, clicks on the reviewers affiliate link to purchase, oh, thank goodness Honey is there to make sure the customer gets back 89 cents while it keeps the entire commission.
That is absolutely not ethical. And if it is legal, it shouldn't be.
Correct, the whole affiliate system is ethically dubious, and the idea that someone can be trusted to produce honest, complete information about a topic when their message is paid for is unrealistic. Meanwhile, paid shills crowd out every space, making it more difficult to find actual honest information. They reduce signal and increase costs for everyone. It also relies on pervasive non-consensual tracking.
Simple consideration: how likely is a shill to tell you that you could save that extra $.89 by buying it from a store through which they get no commission? By using Honey? If they know those things, only telling you about their worse deal is not honest. Someone who's job it is to sell you things can never be a reliable source of information.
I already block or avoid affiliate tracking when possible (so the seller can avoid a commission). I'm not going to install something like Honey, but I'm not seeing the problem with those who do. Affiliate marketers are basically arbitragers collecting on buyers who don't know that the seller is willing to take a smaller price (at best. They also work to convince people to buy things they don't need). Honey is an arbitrager that takes less of the spread. That's good for the market.
If the commission system was completely transparent, it could be part of a trust system.
A reviewer that said "I stand to receive $2.76 kickback if you buy the Magnavox TV, and $3.04 if you buy the Zenith, and I still recommend the Magnavox" would be a strong recommendation.
I'd also love to see the CPC/CPA price next to lead-generation ads. For example, that whole Medicate Advantage media blitz you see every year. I wouldn't be surprised if they generate triple-digit commissions per referral, and if customers knew there was that much money being thrown at the process, what impact would that have on their credibility?
I just love it - what's the chance that some internet stranger cites some site (pub intended) of another strange on some random forum, and that site/blog's owner immediately chimes in (as a member of that forum, no less) to take up the discussion, and to answer questions and share some (insider/off-the-beaten-track) insights. It is wonderful to see such positive interactions and knowledge sharing of humanity.
In your interview with MegaLag posted in the video, you say something along the lines that civil courts are probably the most likely place any lawsuits would be held (I forget the exact wording used).
If you had used Honey, would you join a civil or class action suit against them?
I believe in class actions as the most efficient way for large groups (of consumers or small businesses) to resolve disputes. Have to think about the specific claim. Yesterday's write-up covers a scheme harming other affiliates (creators, influencers, reviewers, etc.) and also harming merchants and networks. I don't know if users are direct victims of the stand-down violations and concealment.
Capitalism is great at washing its hands of evil. I don't know how much slavery went into making the smart phone that I'm posting this from, but I'm sure it's not zero. I'm ethically complicit in the whole scheme. The C in ACAB stands for Capitalists. Which unfortunately, is all of us.
Culpability is not a binary thing, it’s a scale. A small number of people are far and away the most culpable for much of the evil in the world, and they know it (and don’t care).
We're not fully complicit all of the time. You don't know how many slaves made your phone, but somebody does. If you had a choice between a phone you knew was made by slaves and a phone that wasn't I assume you'd pick the slave free version every time. While it's fine to feel guilty for your involvement in the scheme don't let that get in the way of placing the blame for it squarely on the people who set things up this way and put you in this position.
When you can't escape an evil system you just have to do your best within it, while either working to get out of it or working to improve it however you can. What more can anyone ask of you? Capitalism is pretty much inescapable, but thankfully I'm not convinced that capitalism is an evil system inherently, it just needs strong constraints and regulations to keep it from being used to do evil things.
>If you had a choice between a phone you knew was made by slaves and a phone that wasn't I assume you'd pick the slave free version every time.
At the same cost? Sure.
At different costs? We see that is not the case.
People don't. A few do, but most don't. There are many who would still prefer the more popular phone and an ethical cost is something they only mention when asked but is given only minor weight when it comes to decision making. Some might try to justify it by saying you can't be sure a phone claiming to be ethically made actually is, but how many even considered that much when making the decision?
>While it's fine to feel guilty for your involvement in the scheme don't let that get in the way of placing the blame for it squarely on the people who set things up this way and put you in this position.
Who is really at fault on a systematic level if the population decides lower costs is what they really wants regardless of what sacrifices have to be made. If we look at a less morally challenging area, say air travel, and see how many people claim to want a nicer experience, yet airlines are always focused on cutting costs. Is that the fault of the airlines? Or is it the fault of the consumers who, despite what they say, show extreme preference for lower costing tickets? We can blame any seller at the moment, but we can't ignore the market pressures that picked the sellers who stayed and the ones who went out of business.
> Who is really at fault on a systematic level if the population decides lower costs is what they really wants regardless of what sacrifices have to be made.
It's always the people who are actually forcing slaves to work for them. Always. Consumers will always want lower prices but that doesn't justify slavery. It's not as if a company like Apple is being forced to abuse workers because they'd be bankrupt otherwise. These companies are pulling in massive amounts of profits year after year. It's not "market pressures" that force them to abuse their workers it's just greed.
> see how many people claim to want a nicer experience, yet airlines are always focused on cutting costs. Is that the fault of the airlines? Or is it the fault of the consumers who, despite what they say, show extreme preference for lower costing tickets?
Every customer wants low cost tickets. Of course they do. There's a lot that goes into that though. Almost nobody wants to fly in the first place. It's annoying, expensive, stressful and uncomfortable. What people actually want is to get to their destination. Consumers are basically forced to deal with airlines since it's the fastest, and often the only, way they can get to where they want to go when they need to. It's just a necessary evil that must endured.
That's not the airlines fault, but it does put airlines in a position where they know they can take advantage of travelers at every opportunity and so they do. They overbook their flights, they charge endless bullshit fees, they cram as many people into the plane as they can, their ticket prices change by the minute and airlines aggressively charge people as much as they think they can get away with.
Mergers and the high cost of entry into the airline industry have greatly hurt competition and often most people have only one choice in airline when flying to certain destinations. Airlines have consumers bent over a barrel and they pound away at them relentlessly. That's all on the airlines, not the consumers.
The only real thing consumers have any control over is the price of their ticket, and because airlines play so many games with ticket pricing they enable a certain amount of gaming the system to "get a better deal" so many flyers do work hard to limit what they pay for what will inevitably be a shitty service.
There's also a question of how much consumers can even afford. Many consumers would love to pay more to get a less shitty air travel experience but they can't if it means they'd no longer be able to afford their trip. ULCCs are often the only viable options travelers have and even then many people go into debt to travel. Others may figure that going with a cheap airline or putting in the effort to get a cheap ticket will be worth it because while the flights will be a miserable 6-8 hours it means they'll be able to afford a nice dinner or have a little bit more spending money when they reach their destination. Those kinds of choices can be put squarely on the consumer.
The original site is down for me, so going based on the app I was thinking it was about the actual edible Honey product, not Honey the discount coupon thing.
Over 15 years ago I worked with a telco that had similar affiliate issues. We decided to stop paying any affiliate commission at all and evaluate sales after some time to decide to continue the experiment or not. There was a little decrease in traffic to the site but no measurable decrease in sales of new plans. There were several check moments and data validation after that, but sales numbers remained as they were.
The conclusion was that affiliate marketing claimed a lot of sales in their reporting, but the brand was strong enough (this company was #2 by market share in the country and #1 on most brand metrics) to get those customers without affiliate links.
It's not malware. Marketing companies stealing commission from each other isn't malware. Giving the user less than the best possible deal isn't malware. It doesn't even upload your cookies to see if you're a tester - it does that on the client.
If I click on an affiliate link that I want to use and the extension changes that without me knowing, that’s malware for me. The intent of the user may be to use a specific affiliate link.
What's the ratio of people deliberately clicking affiliate links, to people who just click links and have no clue what an affiliate link even is?
I already thought Honey was scummy so I never used it in the first place, but I honestly don't get the particular outrage over these specific practices. You're already using the extension to effectively scam online stores, by using coupons the company gave to somebody else, not you. I see it as barely more ethical than doing that old trick of generating your own manufacturer coupons. Probably it's a lot more legal, but ethically it's in the same ballpark.
That's not how malware is defined - Windows ain't malware just because they occasionally make Edge open instead of what you thought were your default browser. The malware definition is way more specific than simply software that doesn't always follow user intent.
It actually does fall under the definition malware. Specifically, Honey hijacks affiliate marketing tags and replaces them with their own. This falls under the definition of the “spyware” category of malware.
Spyware is software that sends information about the user (browsing history, etc) to a 3rd party.
Many affiliate browser extensions do indeed do this, as an extra revenue stream. In fact, I'd recommend never installing a coupon browser extension. But replacing one number with another does not meet the above definition of spyware.
Well, that's clearly incorrect: software displaying unsolicited advertisements is called adware, and requires no spying at all.
> Spyware is a form of malware that hides on your device, monitors your activity, and steals sensitive information like bank details and passwords [0]
> Spyware is loosely defined as malicious software designed to enter your computer device, gather data about you, and forward it to a third-party without your consent. [1]
> Spyware is malicious software that secretly monitors your activity and collects sensitive information, like passwords, location data, or browsing habits, without your consent. [2][3]
one point of view is why bother with any of this, google knows exactly what honey is doing, they could remove honey from chrome with the stroke of a pen, and that would be that.
It started as a clone of the camelcamelcamel Amazon price history site and got kicked out by Amazon for abusing the system. It pivoted to a coupon site and started sucking down user data with the plugin when PayPal paid $4Bil CASH. Honey cost me affiliate marketing commissions.
there's something seriously wrong with this archived link. It's not staying still for one moment. It's constantly twitching and the text scrolls to weird positions. It's unreadable because of this.
Is it the archive at fault or is the original webpage this way?
Works for me here, and in 90% of the cases where someone complains of annoying page behaviour (cookie banners, revenue optimizations, subscription solicitations, "click here to ...", paywalls, ads, et alii ad nauseam).
Seriously, just disable JavaScript on unknown/untrusted/undeserving sites. It makes the web tolerable.
Is there actually a whitelist of sites where it's OK/necessary to enable JS ? I'd love to use that (although, I don't know how to load that list into safari or chrome.)
Was the VPT site not working for you, so you had to resort to archive.org? Original link https://vptdigital.com/blog/honey-detecting-testers/ . Anyone having trouble -- contact Ben Edelman (easily found by web search) and I will genuinely value the opportunity to get to the bottom of what is wrong.
Your diagnosis is correct. VPT has been most focused on building our testing automation, then improving reports and dashboards. We knew this spike of traffic was coming, but we didn't finish sufficient WordPress optimizations. Apologies.
Didn't this Honey fraud thing break like a year ago (or longer)? This is the second story I've seen about it in the last couple of days and I guess I'm surprised it's even still around.
Thank you. I was confused about why this was suddenly bubbling up again. And ... paints Honey in a pretty bad light? LOL, they already looked like a fraudster scam to begin with! (But, again, thank you.)
I think affiliate links are the most fair/ethical advertisement can be. If i go on a random carpentry or painting blog, i'd rather have affiliate links to product they use rather than random google ads.
As consumer I would love to see lower prices directly. Or at least have available some official store affiliate discount code which would give me same discount which would be win win for everyone.
You cannot due to Amazon's stipulations that to list on Amazon.com, it must be the same as your advertised price on other retailers, including your own website. This raises overall costs, as Amazon.com sellers pay additional fees for placement, ads, etc. which get rolled into the price. As a workaround, you can have a MSRP on your website, with "coupons".
- The Honey browser extension inserted their own affiliate link at checkout, depriving others of affiliate revenue.
- Honey collected discount codes entered by users while shopping online, then shook down website owners to have the discount codes removed.
- Honey should have "stood down" if an affiliate link was detected, but their algorithm would decide to skip the stand down based on if the user could be the an affiliate representative testing for compliance.
Re the second point, it specifically collected valuable codes that shouldn't be widely shared, e.g. employee discounts.
Re the third point, the algorithm would skip stand down for users who weren't likely to be testers (based on account history and lack of cookies for affiliate marketing admin panels).
Same, and that topic would have been way more interesting (cf. EVOO).
Obviously Internet affiliate marketing schemes are built on mutual exploitation of asymmetric data collection. This cannot possibly surprise anyone.
With that said, this is a good article with excellent data collection and evidence presentation. It's great to have documentation of obviously corrupt practices, even if they are unsurprising.
the guy that wrote this blog post also recently wrote about AppLovin, a company who he alleges installs apps without user consent. his response to this was... to short their stock?
It's comparing Honey's behavior to a well-known and comprehended scandal. Simile is a tried and tested way (hah!) to explain otherwise potentially hard to understand or dry content.
It's not about the severity of the impact, its the fact that they were breaking the rules and explicitly coding to actively avoid being caught by testers.
Thanks for your contribution to this Ben - I was quite stunned by Megalag's finding, and I agree with you that it could definitely be characterized as wire fraud.
I think the very interesting wrinkle here is that, for the most part, their victims are corporations - meaning, sadly, that it's much more likely they will be prosecuted, either in civil or criminal court.
Refusing service (and showing a fake status screen) is in the same ballpark, but dieselgate is a much closer match. They couldn't avoid being put under test, so they had separate behavior based on whether heuristics said it was in a testing environment.
These are the same types who have poisoned the well of information that was the Internet you can actually find things on for the sake of the ad driven model. Far as I'm concerned, the moral injuries are the same even if the physical details are different.
To be honest, the Megalag video really made it clear what a great product Honey is. It is very explicit about the fact that you, as the consumer, can get extraordinary deals by using the extension.
This also makes me think that the whole campaign is astroturfed. The only "victims" of Honey are influencers and storefronts, who of course will do their part in trying to get their customers to stop using the product, but for the consumer there really are only benefits with using the extension.
The only arguments against Honey is that they are supposedly breaking some internal rules of the advertising industry (and who cares about those? Certainly not me) and that they are offering deals better than the store wants to offer to you, which makes an extremely compelling case for using that extension.
I always considered extensions like Honey to be quite scammy and believed that they offered little benefit, but apparently I was wrong.
Honey promises to businesses to let them control which coupons are available, and promises to customers to always show them the best coupons. At least one of those two promises is a lie.
Yeah I strongly feel that the best outcome of all of this would be the end of sponsorships and affiliate links, and a general reduction in price discrimination.
>And the effort Honey expended, to conceal its behavior from industry insiders, makes it particularly clear that Honey knew it would be in trouble if it was caught.
The same could be said about yt-dlp. They know what they are doing youtube doesn't like. But yt-dlp itself is legal.
Many people using yt-dlp have a YouTube account or even an adsence account. Yes, YouTube could ban their partner for breaking the rules. Youtube has issued 1 year temp bans from watching videos for accounts that have downloaded videos. Similarly Honey could be banned for breaking the rules.
I've had Youtube Premium since it was introduced and I still use yt-dlp because it's the most convenient way for me to make an mp3 from a video so I can listen to it offline. I don't think they care. They probably care about music industry getting worked up about it if it was more mainstream though. This is annoying because I don't even download music, just podcasts and interviews.
They care quite a bit, yt-dlp has had to undergo some drastic changes recently to make it faster for its devs to work around frequent changes to YouTube encryption.
Making a product to explicitly skirt agreements while working for a corporation is ... a choice
Possibly a version of, “I lack the freedom to operate with a moral code at work because I’m probably replaceable, the job market makes me anxious, my family’s well-being and healthcare are tied to having a job, and I don’t believe the government has my back.”
In industries like this there’s also a mindset of “Who cares, it’s all going to corporations anyway, why not send some of that money to the corporation that writes my paychecks?”
I understand the utilitarian qualities of the argument, but I submit that there’s a reason that capital-E-Engineering credentials typically require some kind of education in ethics-in-design.
Or said differently: there’s a reason why software engineering jobs pay so well; no mandatory ethics training required!
There's lots of carrots (compensation, high quality desk jobs) and sticks (promotion structures, threat of offshoring). The really annoying and egregious aspects of corporate speak are easy targets for ire and take the heat, while the subtle euphemisms make the actual questionable projects easier to live with day to day.
Civil/mechanical/electrical have countless codes that must be followed with the force of law.
When we say we want engineering standards for software developers we are also asking for standards and codes to be applied to software and all that entails.
I'm not saying this is good or bad, just to consider the ramifications of this at all levels.
I think a lot of skilled engineers want interesting challenges where they break boundaries, and being in an environment that wants you to break those boundaries allows them to legitimize why they are doing it. That is, "someone else is taking moral responsibility, so I can do my technical challenge in peace"
I’ve led a sheltered life and never met one, people have told me they wouldn’t apply for a role with a company for ethical reasons maybe they even believed they would get the job
Though, sometimes the exact reason is muddied, since companies that are perceived as unethical in how they behave externally are often also perceived as unethical in how they behave towards employees. So you might object on pragmatic grounds of how you'd be treated, before you ever get to, say, altruistic grounds.
Also, sometimes fashion is involved. For example, many people wouldn't work for company X, because of popular ethical objections to what they do being in the news, but some of those people would probably work for an unknown company doing the same things, without thinking much about it.
But often it's just "I don't like what company Y is doing to people, and I wouldn't work on that, even if they treated employees really well, and it was really fashionable to work there".
(See, for example, the people who refused to work for Google after the end of Don't Be Evil honeymoon phase, even though they generally treated employees pretty well, and it was still fashionable to work there.)
Over time I realized that the company knew this wasn’t really true. Daily deal customers weren’t likely to return. They went where the deals were. The influx of cash from daily deals was a marketing expense, almost always at a loss (most deals were 50%+ off and half of the remaining revenue went to LivingSocial), and buyers rarely returned so SMBs would never recoup their loses.
Once I figured this out, I decided to leave even though I would miss my equity cliff by a month. I ended up joining ZenPayroll (now Gusto) early on because they were helping SMBs with a real problem (payroll was a fking nightmare back then.)
While this can be irritating, I have come to see it as a good thing. It helps me screen out candidate employers. It is taxing to work in an environment that constantly challenges your ethics. Imagine having access to all your customers' supposedly private emails and being tasked with mining them without your customers' knowledge. Imagine being tasked with adding an obscurely worded line item to the monthly bill of all customers that your logging indicates haven't accessed their billing statement in the last 12 months.
Now imagine working at a job where you are tasked to find all customers who haven't used an optional paid feature in the last 12 months and notifying them that there might be an opportunity to reduce the amount you bill them. Imagine working for an insurance coop that actively scours for ways to charge members less money without compromising their protection and without taking advantage of somebody else.
Imagine that your personal life choices automatically disqualify you from exploitative employers and lead you to more fulfilling employment. This is a real thing that many people don't have to imagine. They live it.
That is what anxiety based thinking produces.
The moral fortitude on that man!
I applaud his actions, but genuinely do not know if I would have the stones to leave my job if I was in a similar position!
o/
i was offered a high paying job, with relocation to a 1st world country (at the time, i was living in a 3rd world country with high murder rates), to a industry that i consider quite shady (and it's not military and not around killing -- i have no issues with both of those). i politely refused.
most of my friends, at the time, told me that they would've have accepted without even thinking, but for me, it's just not worth it.
I think pretty much everyone has an internal red line, of course they will vary a lot and may even move over time.
I was asked to help with creating what seemed like a human trafficking app to Christian me, but that to the Muslim founder was 'just an app to get the best payment for an arranged marriage' and just improving something that he said already happened all the time in his culture (he was from Pakistan I don't know if that is actually a thing there or he was just trying to justify his messed up app).
Yes, absolutely. To elaborate a bit though, if you live in the West, Muslim ethics are more likely to stick out when applied to our regular practices. e.g. I know a Muslim programmer who declined to participate in a project involving billing interest to customers. (Which is decidedly non military and non killing, as posed by the post I was replying to.)
An architect or engineer is expected to signal and object to an unsafe design, and is expected by their profession (peers, clients, future employers) to refuse said work even if it costs them their job. This applies even to professions without a formalized license board.
If you don't have the guts and ability to act ethically (and your field will let you get away with it), you're just a code monkey and not a professional software developer.
Ultimately it was only used to install malware in the form of browser extensions, typically disguised as an installer for some useful piece of software like Adobe Acrobat. It would guide you through installing some 500 year old version of Acrobat and sneakily unload the rest of the garbage for which we would be paid, I don't know, 25 cents to a couple dollars per install. Sneaking Chrome onto people's machines was great money for a while. At one point we were running numbers of around $150k CAD per day just dumping trash into unsuspecting people's computers.
At no point in the development of that technology were we told it was going to ruin countless thousands of people's browsers or internet experiences in general. For quite a while the CEO played a game with me where I'd find bad actors on the network and report them to him. He'd thank me and assure me they were on top of figuring out who was behind it. Eventually I figured out that the accounts were in fact his. They let me go shortly after that with generous severance.
I don't miss anything about ad tech. It was such a disheartening introduction to the software world. It's really the armpit and asshole of tech, all at once.
Like any other MDM software.[0] Everyone who has been long enough in the infosec industry knows that MDM is fundamentally nothing more than a corporate-blessed malware and spyware package.
In the past 2-3 years the criminal gangs have realised that too. The modern form of socially engineered phishing quite often entices victims to install a legit MDM software package (eg. MS InTune) and hand over their device control for remote management. Why bother writing malware that has to fiddle with hooks to syscalls and screenshot capabilities when you have a vendor approved way of doing the same?
0: https://en.wikipedia.org/wiki/Mobile_device_management
There are times when a product design needs to be reviewed and approved by someone who cares more about his license than about his job. It doesn't happen as often with software as it does with civil engineering, but often enough that it needs to become a thing.
Civil engineering licensing works because underneath it all the incentive structure is aligned with the goals of the license. Its not about imposing morals, its about ensuring that buildings and devices are constructed to not fail, and to not fail catastrophically. The motivations of the ones who hire engineers are mostly aligned, they don't want the devices to fail either, and expose them to liability.
Medical doctor licensing also works because the incentives are mostly for patients not to be dying. But in the pharmaceuticals industry the incentive structure is different, where some rate of fatality is considered an acceptable cost of doing business, we see examples of subversion.
Sure software engineering licenses could be a great addition. But alone it will fail unless the incentive structure for those employing software engineers is aligned with the licensing goals.
How does is work for a fungible product that can be written anywhere and shipped at the speed of light?
We can't have it both ways: be essential digital infrastructure, AND move at "the speed of light".
My experience with the people around me who are in this situation is rather either:
- They just don't care. Society and others are not on their radar.
- They don't think it's that bad.
- They think it's not great, but the benefit is too good so they ignore the voice at the back of their head. Or they have a lifestyle and that takes priority.
- They think it's bad, but the friction to live according to their own moral view of the world is higher than their desire to adhere to such a moral view.
When I was 20, I declined interview offers from Facebook and Google. Huge opportunity cost. My friends looked at me like I was dumb.
I have friends regularly coming to me with ideas that are about spamming, selling personal data or basically fraud. They don't see a problem with it.
When you talk to people and say "advertising is basically normalized lying at the scale of the entire society", people just give you a blank stare.
There is no need to look for coercion every time you see something bad to explain it. The human population is diverse and they all draw the line of what's acceptable in different places.
It's not rocket science.
You're in the planning meeting discussing this feature, you ask "Hey, are we allowed to do this? I thought stand downs were contractural." and your PM says yes, they got the okay from legal. Now what do you do?
Now that I could definitely see happening. I would also want that in writing somewhere.
I guess discovery for the impending lawsuits should be very interesting
“The Dark Pattern by Guido Palazzo and Ulrich Hoffrage teaches us about the power of context, which is stronger than reason, values, morals, and best intentions. It is an uncomfortable and painful lesson about the root causes of 'corporate infernos.' "
The context matters.
Think of the banality of evil in WW2 Germany.
We are capable of doing almost anything, good or bad, as long as the shoal around does it and pretends it normal.
everyone sets the bar below what they do
>even I think that they crossed a line with this
everyone sets the bar below what they do
>I would genuinely like to know what the engineers thought when doing design reviews for a "selective stand down" feature. There doesn't seem to be a legit way to spin it.
everyone sets the bar below what they do
First comes a full stomach, then comes ethics.
Yes, thank you for making the web objectively worse for everyone. Yo should feel bad.
It's not like any crime was committed, and civil liability falls squarely on the business here, not its employees. And the whole dispute is only about which marketing company receives marketing revenue - something where the world would improve if they all disappeared overnight. Doesn't really seem that evil to me. Underhanded, yes.
I think the only reason there's any outrage at all, outside the affiliate marketing "industry", is that some of these marketing companies are YouTube personalities with whom many people have parasocial relationships. Guess what, they just got to learn the hard way why capitalism sucks. What Honey did is a valid move in the game of business. Businesses throughout history have gained success by doing way worse things than this. Amazon's MFN clause is way worse. Uber's Greyball is way worse.
That is absolutely not ethical. And if it is legal, it shouldn't be.
Simple consideration: how likely is a shill to tell you that you could save that extra $.89 by buying it from a store through which they get no commission? By using Honey? If they know those things, only telling you about their worse deal is not honest. Someone who's job it is to sell you things can never be a reliable source of information.
I already block or avoid affiliate tracking when possible (so the seller can avoid a commission). I'm not going to install something like Honey, but I'm not seeing the problem with those who do. Affiliate marketers are basically arbitragers collecting on buyers who don't know that the seller is willing to take a smaller price (at best. They also work to convince people to buy things they don't need). Honey is an arbitrager that takes less of the spread. That's good for the market.
A reviewer that said "I stand to receive $2.76 kickback if you buy the Magnavox TV, and $3.04 if you buy the Zenith, and I still recommend the Magnavox" would be a strong recommendation.
I'd also love to see the CPC/CPA price next to lead-generation ads. For example, that whole Medicate Advantage media blitz you see every year. I wouldn't be surprised if they generate triple-digit commissions per referral, and if customers knew there was that much money being thrown at the process, what impact would that have on their credibility?
You'd think that if you were an engineer building and maintaing a system like this, you'd have an "are we the baddies?" moment, but guess not.
Their personal site is also linked in the video description https://www.benedelman.org/honey-detecting-testers/
If you had used Honey, would you join a civil or class action suit against them?
When you can't escape an evil system you just have to do your best within it, while either working to get out of it or working to improve it however you can. What more can anyone ask of you? Capitalism is pretty much inescapable, but thankfully I'm not convinced that capitalism is an evil system inherently, it just needs strong constraints and regulations to keep it from being used to do evil things.
At the same cost? Sure.
At different costs? We see that is not the case.
People don't. A few do, but most don't. There are many who would still prefer the more popular phone and an ethical cost is something they only mention when asked but is given only minor weight when it comes to decision making. Some might try to justify it by saying you can't be sure a phone claiming to be ethically made actually is, but how many even considered that much when making the decision?
>While it's fine to feel guilty for your involvement in the scheme don't let that get in the way of placing the blame for it squarely on the people who set things up this way and put you in this position.
Who is really at fault on a systematic level if the population decides lower costs is what they really wants regardless of what sacrifices have to be made. If we look at a less morally challenging area, say air travel, and see how many people claim to want a nicer experience, yet airlines are always focused on cutting costs. Is that the fault of the airlines? Or is it the fault of the consumers who, despite what they say, show extreme preference for lower costing tickets? We can blame any seller at the moment, but we can't ignore the market pressures that picked the sellers who stayed and the ones who went out of business.
It's always the people who are actually forcing slaves to work for them. Always. Consumers will always want lower prices but that doesn't justify slavery. It's not as if a company like Apple is being forced to abuse workers because they'd be bankrupt otherwise. These companies are pulling in massive amounts of profits year after year. It's not "market pressures" that force them to abuse their workers it's just greed.
> see how many people claim to want a nicer experience, yet airlines are always focused on cutting costs. Is that the fault of the airlines? Or is it the fault of the consumers who, despite what they say, show extreme preference for lower costing tickets?
Every customer wants low cost tickets. Of course they do. There's a lot that goes into that though. Almost nobody wants to fly in the first place. It's annoying, expensive, stressful and uncomfortable. What people actually want is to get to their destination. Consumers are basically forced to deal with airlines since it's the fastest, and often the only, way they can get to where they want to go when they need to. It's just a necessary evil that must endured.
That's not the airlines fault, but it does put airlines in a position where they know they can take advantage of travelers at every opportunity and so they do. They overbook their flights, they charge endless bullshit fees, they cram as many people into the plane as they can, their ticket prices change by the minute and airlines aggressively charge people as much as they think they can get away with.
Mergers and the high cost of entry into the airline industry have greatly hurt competition and often most people have only one choice in airline when flying to certain destinations. Airlines have consumers bent over a barrel and they pound away at them relentlessly. That's all on the airlines, not the consumers.
The only real thing consumers have any control over is the price of their ticket, and because airlines play so many games with ticket pricing they enable a certain amount of gaming the system to "get a better deal" so many flyers do work hard to limit what they pay for what will inevitably be a shitty service.
There's also a question of how much consumers can even afford. Many consumers would love to pay more to get a less shitty air travel experience but they can't if it means they'd no longer be able to afford their trip. ULCCs are often the only viable options travelers have and even then many people go into debt to travel. Others may figure that going with a cheap airline or putting in the effort to get a cheap ticket will be worth it because while the flights will be a miserable 6-8 hours it means they'll be able to afford a nice dinner or have a little bit more spending money when they reach their destination. Those kinds of choices can be put squarely on the consumer.
The conclusion was that affiliate marketing claimed a lot of sales in their reporting, but the brand was strong enough (this company was #2 by market share in the country and #1 on most brand metrics) to get those customers without affiliate links.
I already thought Honey was scummy so I never used it in the first place, but I honestly don't get the particular outrage over these specific practices. You're already using the extension to effectively scam online stores, by using coupons the company gave to somebody else, not you. I see it as barely more ethical than doing that old trick of generating your own manufacturer coupons. Probably it's a lot more legal, but ethically it's in the same ballpark.
I don't know what the ratio is, but I do know it doesn't matter in this context, it's still malware.
Many affiliate browser extensions do indeed do this, as an extra revenue stream. In fact, I'd recommend never installing a coupon browser extension. But replacing one number with another does not meet the above definition of spyware.
"Programs designed to monitor users' web browsing, display unsolicited advertisements, *or redirect affiliate marketing revenues* are called spyware."
> Spyware is a form of malware that hides on your device, monitors your activity, and steals sensitive information like bank details and passwords [0]
> Spyware is loosely defined as malicious software designed to enter your computer device, gather data about you, and forward it to a third-party without your consent. [1]
> Spyware is malicious software that secretly monitors your activity and collects sensitive information, like passwords, location data, or browsing habits, without your consent. [2][3]
0: https://www.malwarebytes.com/spyware
1: https://usa.kaspersky.com/resource-center/threats/spyware
2: https://us.norton.com/blog/malware/spyware
3: https://www.fortinet.com/resources/cyberglossary/spyware
Is it the archive at fault or is the original webpage this way?
Works for me here, and in 90% of the cases where someone complains of annoying page behaviour (cookie banners, revenue optimizations, subscription solicitations, "click here to ...", paywalls, ads, et alii ad nauseam).
Seriously, just disable JavaScript on unknown/untrusted/undeserving sites. It makes the web tolerable.
Don’t recall precisely how it was dead, but I assumed via traffic.
It seems to be loading fine now.
Recently, he released 2 more parts with more new information that paints Honey in a pretty bad light: https://youtu.be/qCGT_CKGgFE https://youtu.be/wwB3FmbcC88
- The Honey browser extension inserted their own affiliate link at checkout, depriving others of affiliate revenue.
- Honey collected discount codes entered by users while shopping online, then shook down website owners to have the discount codes removed.
- Honey should have "stood down" if an affiliate link was detected, but their algorithm would decide to skip the stand down based on if the user could be the an affiliate representative testing for compliance.
Allegedly.
Re the third point, the algorithm would skip stand down for users who weren't likely to be testers (based on account history and lack of cookies for affiliate marketing admin panels).
[0] https://en.wikipedia.org/wiki/Cookie_stuffing
Obviously Internet affiliate marketing schemes are built on mutual exploitation of asymmetric data collection. This cannot possibly surprise anyone.
With that said, this is a good article with excellent data collection and evidence presentation. It's great to have documentation of obviously corrupt practices, even if they are unsurprising.
https://www.benedelman.org/applovin-my-disclosures/
I hear there is lots of fraud where bees honey is mixed with sugars and sold off as “honey”.
I’m disappointed this is about a browser plugin that no body in their right mind should be using at all.
I mean, fraud in online advertising? Say it ain't so!
"Who gets a kickback on this toothbrush" is a much MUCH less important question than "do you pollute the air we are all breathing".
It's not about the severity of the impact, its the fact that they were breaking the rules and explicitly coding to actively avoid being caught by testers.
Of course I agree that health is more important than affiliate commissions. So the comparison only goes so far.
I think the very interesting wrinkle here is that, for the most part, their victims are corporations - meaning, sadly, that it's much more likely they will be prosecuted, either in civil or criminal court.
This also makes me think that the whole campaign is astroturfed. The only "victims" of Honey are influencers and storefronts, who of course will do their part in trying to get their customers to stop using the product, but for the consumer there really are only benefits with using the extension.
The only arguments against Honey is that they are supposedly breaking some internal rules of the advertising industry (and who cares about those? Certainly not me) and that they are offering deals better than the store wants to offer to you, which makes an extremely compelling case for using that extension.
I always considered extensions like Honey to be quite scammy and believed that they offered little benefit, but apparently I was wrong.
The same could be said about yt-dlp. They know what they are doing youtube doesn't like. But yt-dlp itself is legal.
https://news.ycombinator.com/item?id=45898407