| ▲ | Honey's Dieselgate: Detecting and tricking testers(vptdigital.com) |
| 210 points by AkshatJ27 11 hours ago | 64 comments |
| |
|
| ▲ | bryan_w 8 hours ago | parent | next [-] |
| I used to work for an ad tech company (which I know already makes me the devil to some around here), and even I think that they crossed a line with this. A lot of industry terms are coded in corporate speak to make them sound better (think "revealed preferences" or "enabling personalization"), but I would genuinely like to know what the engineers thought when doing design reviews for a "selective stand down" feature. There doesn't seem to be a legit way to spin it. Making a product to explicitly skirt agreements while working for a corporation is ... a choice |
| |
| ▲ | Waterluvian 7 hours ago | parent [-] | | > what the engineers thought when doing design reviews for a "selective stand down" feature. Possibly a version of, “I lack the freedom to operate with a moral code at work because I’m probably replaceable, the job market makes me anxious, my family’s well-being and healthcare are tied to having a job, and I don’t believe the government has my back.” | | |
| ▲ | Aurornis 6 hours ago | parent | next [-] | | From my experience, it’s more likely that the engineers who got far enough in the company to be working on this code believed that their willingness to work on nefarious tasks that others might refuse or whistle-blow made them a trusted asset within the company. In industries like this there’s also a mindset of “Who cares, it’s all going to corporations anyway, why not send some of that money to the corporation that writes my paychecks?” | | |
| ▲ | petterroea 4 hours ago | parent | next [-] | | I suspect you are right. It reminds me of the whole "at the government you can hack legally" argument used by government intelligence agencies to recruit hackers. I think a lot of skilled engineers want interesting challenges where they break boundaries, and being in an environment that wants you to break those boundaries allows them to legitimize why they are doing it. That is, "someone else is taking moral responsibility, so I can do my technical challenge in peace" | |
| ▲ | zaphirplane 4 hours ago | parent | prev [-] | | Do you know of anyone declining to work on a project
For ethical in their view ( non military non killing) ? I’ve led a sheltered life and never met one, people have told me they wouldn’t apply for a role with a company for ethical reasons maybe they even believed they would get the job | | |
| ▲ | neilv 3 hours ago | parent | next [-] | | I know a lot of people who won't work for some companies for ethical reasons. Though, sometimes the exact reason is muddied, since companies that are perceived as unethical in how they behave externally are often also perceived as unethical in how they behave towards employees. So you might object on pragmatic grounds of how you'd be treated, before you ever get to, say, altruistic grounds. Also, sometimes fashion is involved. For example, many people wouldn't work for company X, because of popular ethical objections to what they do being in the news, but some of those people would probably work for an unknown company doing the same things, without thinking much about it. But often it's just "I don't like what company Y is doing to people, and I wouldn't work on that, even if they treated employees really well, and it was really fashionable to work there". (See, for example, the people who refused to work for Google after the end of Don't Be Evil honeymoon phase, even though they generally treated employees pretty well, and it was still fashionable to work there.) | |
| ▲ | Marsymars an hour ago | parent | prev | next [-] | | Well kinda trivially, asides from secular ethics, you'll find that typical Muslims decline a number of jobs/projects for ethical reasons. | |
| ▲ | itsdesmond 29 minutes ago | parent | prev | next [-] | | This is a real long look in the mirror moment. | |
| ▲ | mattclarkdotnet 2 hours ago | parent | prev [-] | | I know lots of people who had the offer to work in gambling but chose not to take it for moral reasons | | |
| ▲ | yetihehe 2 hours ago | parent [-] | | I had an offer to work in gambling as a young inexperienced student, fortunately they didn't hire me because I was too inexperienced. I can imagine how my career would move if my first working experience was in such company. Some people might be like that. |
|
|
| |
| ▲ | steve_adams_86 23 minutes ago | parent | prev | next [-] | | In my experience, sometimes your employer blatantly lies to you about what you're making and how it'll be used. I was once recruited to work on a software installer which could build and sign dynamic collections of software which was meant to be used to conveniently install several packages at once. Like, here's a set of handy tools for X task, here are the default apps we install on machines for QA people, here is our suite of apps for whatever. It seemed to have genuine utility because it could pull data in real time to ensure it was all patched and current and so on. That could be great for getting new machines up and running quickly. Several options exist for this use case today, but didn't then as far as I recall. This was on Windows. Ultimately it was only used to install malware in the form of browser extensions, typically disguised as an installer for some useful piece of software like Adobe Acrobat. It would guide you through installing some 500 year old version of Acrobat and sneakily unload the rest of the garbage for which we would be paid, I don't know, 25 cents to a couple dollars per install. Sneaking Chrome onto people's machines was great money for a while. At one point we were running numbers of around $150k CAD per day just dumping trash into unsuspecting people's computers. At no point in the development of that technology were we told it was going to ruin countless thousands of people's browsers or internet experiences in general. For quite a while the CEO played a game with me where I'd find bad actors on the network and report them to him. He'd thank me and assure me they were on top of figuring out who was behind it. Eventually I figured out that the accounts were in fact his. They let me go shortly after that with generous severance. I don't miss anything about ad tech. It was such a disheartening introduction to the software world. It's really the armpit and asshole of tech, all at once. | |
| ▲ | dbtc 6 hours ago | parent | prev | next [-] | | Also likely, some version of "get dat money" | |
| ▲ | autoexec 4 hours ago | parent | prev | next [-] | | I think you can only get away with that excuse so long as you're actively looking for a new job while also collecting data to turn whistleblower (anonymously if need be) once you have one. Ultimately it falls on the employee to do the right thing or get out because they risk being held accountable for what they do. A replaceable employee (which is pretty much all of them) will be especially vulnerable since they can be thrown under the bus with minimal inconvenience to the company. | |
| ▲ | cowpig 5 hours ago | parent | prev [-] | | Ah yes let's be sure not to judge anyone for anything they do | | |
| ▲ | asimovfan 5 hours ago | parent | next [-] | | People do not make choices in a vacuum. | | |
| ▲ | autoexec 4 hours ago | parent [-] | | But they still make their choices and should face the consequences of them. | | |
| |
| ▲ | Spivak 4 hours ago | parent | prev [-] | | You can still judge them evil even if the parent was accurate as to the motivations for their actions. Villains are more interesting when they're sympathetic. You're in the planning meeting discussing this feature, you ask "Hey, are we allowed to do this? I thought stand downs were contractural." and your PM says yes, they got the okay from legal. Now what do you do? | | |
| ▲ | bryan_w 4 hours ago | parent | next [-] | | > they got the okay from legal. Now that I could definitely see happening. I would also want that in writing somewhere. I guess discovery for the impending lawsuits should be very interesting | |
| ▲ | rectang 4 hours ago | parent | prev [-] | | It’s easy, looking at the current state of affairs, to conclude that ethical behavior is incompatible with capitalist ambition. One might still choose to be ethical nonetheless, but with the understanding that you will be overtaken by those who have made a different choice. |
|
|
|
|
|
| ▲ | the_snooze 10 hours ago | parent | prev | next [-] |
| Original MegaLag video: https://www.youtube.com/watch?v=qCGT_CKGgFE You'd think that if you were an engineer building and maintaing a system like this, you'd have an "are we the baddies?" moment, but guess not. |
| |
| ▲ | ZoneZealot 10 hours ago | parent | next [-] | | For context, Ben Edelman the author of the blog post was in the video at https://youtu.be/qCGT_CKGgFE?t=1980 Their personal site is also linked in the video description https://www.benedelman.org/honey-detecting-testers/ | | | |
| ▲ | fragmede 5 hours ago | parent | prev | next [-] | | Capitalism is great at washing its hands of evil. I don't know how much slavery went into making the smart phone that I'm posting this from, but I'm sure it's not zero. I'm ethically complicit in the whole scheme. The C in ACAB stands for Capitalists. Which unfortunately, is all of us. | | |
| ▲ | autoexec 3 hours ago | parent [-] | | We're not fully complicit all of the time. You don't know how many slaves made your phone, but somebody does. If you had a choice between a phone you knew was made by slaves and a phone that wasn't I assume you'd pick the slave free version every time. While it's fine to feel guilty for your involvement in the scheme don't let that get in the way of placing the blame for it squarely on the people who set things up this way and put you in this position. When you can't escape an evil system you just have to do your best within it, while either working to get out of it or working to improve it however you can. What more can anyone ask of you? Capitalism is pretty much inescapable, but thankfully I'm not convinced that capitalism is an evil system inherently, it just needs strong constraints and regulations to keep it from being used to do evil things. |
| |
| ▲ | paranoidrobot 10 hours ago | parent | prev [-] | | The original site is down for me, so going based on the app I was thinking it was about the actual edible Honey product, not Honey the discount coupon thing. |
|
|
| ▲ | charcircuit 15 minutes ago | parent | prev | next [-] |
| >And the effort Honey expended, to conceal its behavior from industry insiders, makes it particularly clear that Honey knew it would be in trouble if it was caught. The same could be said about yt-dlp. They know what they are doing youtube doesn't like. But yt-dlp itself is legal. |
|
| ▲ | t0mas88 10 hours ago | parent | prev | next [-] |
| Over 15 years ago I worked with a telco that had similar affiliate issues. We decided to stop paying any affiliate commission at all and evaluate sales after some time to decide to continue the experiment or not. There was a little decrease in traffic to the site but no measurable decrease in sales of new plans. There were several check moments and data validation after that, but sales numbers remained as they were. The conclusion was that affiliate marketing claimed a lot of sales in their reporting, but the brand was strong enough (this company was #2 by market share in the country and #1 on most brand metrics) to get those customers without affiliate links. |
|
| ▲ | gonesilent 9 hours ago | parent | prev | next [-] |
| It started as a clone of the camelcamelcamel Amazon price history site and got kicked out by Amazon for abusing the system. It pivoted to a coupon site and started sucking down user data with the plugin when PayPal paid $4Bil CASH. Honey cost me affiliate marketing commissions. |
|
| ▲ | throwaway81523 9 hours ago | parent | prev | next [-] |
| Apparently this thing got approved for the chrome store, which confirms that "store" approvals are near worthless for malware filtering. |
| |
| ▲ | doctorpangloss 4 hours ago | parent [-] | | one point of view is why bother with any of this, google knows exactly what honey is doing, they could remove honey from chrome with the stroke of a pen, and that would be that. |
|
|
| ▲ | flkiwi 7 hours ago | parent | prev | next [-] |
| Didn't this Honey fraud thing break like a year ago (or longer)? This is the second story I've seen about it in the last couple of days and I guess I'm surprised it's even still around. |
| |
|
| ▲ | rfrey 2 hours ago | parent | prev | next [-] |
| No honour among thieves, I guess. |
|
| ▲ | cwal37 11 hours ago | parent | prev | next [-] |
| Archived link: https://web.archive.org/web/20251230214339/https://vptdigita... |
| |
| ▲ | arionmiles 10 hours ago | parent | next [-] | | there's something seriously wrong with this archived link. It's not staying still for one moment. It's constantly twitching and the text scrolls to weird positions. It's unreadable because of this. Is it the archive at fault or is the original webpage this way? | | |
| ▲ | kencausey 10 hours ago | parent | next [-] | | It constantly reloads for me (Firefox.) Just hit X which replaces the reload button while the page is loading and it will stop. | |
| ▲ | quesera 10 hours ago | parent | prev [-] | | Disable JavaScript, reason #99e99. Works for me here, and in 90% of the cases where someone complains of annoying page behaviour (cookie banners, revenue optimizations, subscription solicitations, "click here to ...", paywalls, ads, et alii ad nauseam). Seriously, just disable JavaScript on unknown/untrusted/undeserving sites. It makes the web tolerable. | | |
| ▲ | golem14 4 hours ago | parent | next [-] | | Is there actually a whitelist of sites where it's OK/necessary to enable JS ? I'd love to use that (although, I don't know how to load that list into safari or chrome.) | |
| ▲ | arionmiles 8 hours ago | parent | prev [-] | | ah well... this is a first for me where I need to disable JS. Thanks! |
|
| |
| ▲ | bedelman 3 hours ago | parent | prev [-] | | Was the VPT site not working for you, so you had to resort to archive.org? Original link https://vptdigital.com/blog/honey-detecting-testers/ . Anyone having trouble -- contact Ben Edelman (easily found by web search) and I will genuinely value the opportunity to get to the bottom of what is wrong. | | |
| ▲ | arionmiles 3 hours ago | parent [-] | | I think I saw a 5xx error when I tried to see the original link. I assumed it might have been due to a hug of death. It seems to be loading fine now. | | |
| ▲ | bedelman 3 hours ago | parent [-] | | Your diagnosis is correct. VPT has been most focused on building our testing automation, then improving reports and dashboards. We knew this spike of traffic was coming, but we didn't finish sufficient WordPress optimizations. Apologies. | | |
|
|
|
|
| ▲ | a_paddy 9 hours ago | parent | prev | next [-] |
| TLDR; - The Honey browser extension inserted their own affiliate link at checkout, depriving others of affiliate revenue. - Honey collected discount codes entered by users while shopping online, then shook down website owners to have the discount codes removed. - Honey should have "stood down" if an affiliate link was detected, but their algorithm would decide to skip the stand down based on if the user could be the an affiliate representative testing for compliance. Allegedly. |
| |
|
| ▲ | xnx 3 hours ago | parent | prev | next [-] |
| The entire affiliate "ecosystem" is cancer. I'd love to see Amazon turn it off entirely. |
| |
| ▲ | Ekaros 2 hours ago | parent [-] | | As consumer I would love to see lower prices directly. Or at least have available some official store affiliate discount code which would give me same discount which would be win win for everyone. |
|
|
| ▲ | esafak 10 hours ago | parent | prev | next [-] |
| I thought this was going to be about honey adulteration, which is a major problem. |
| |
| ▲ | quesera 10 hours ago | parent [-] | | Same, and that topic would have been way more interesting (cf. EVOO). Obviously Internet affiliate marketing schemes are built on mutual exploitation of asymmetric data collection. This cannot possibly surprise anyone. With that said, this is a good article with excellent data collection and evidence presentation. It's great to have documentation of obviously corrupt practices, even if they are unsurprising. |
|
|
| ▲ | mindslight 10 hours ago | parent | prev | next [-] |
| No honor among thieves, eh? |
| |
| ▲ | fasouto 5 hours ago | parent [-] | | Not affiliate marketers are thieves | | |
| ▲ | mindslight 3 hours ago | parent [-] | | The whole industry is based upon on nonconsensual surveillance and other taking of personal information, so yes they are. |
|
|
|
| ▲ | SiempreViernes an hour ago | parent | prev | next [-] |
| Oh, this is about a shopping plugin and not actual honey, boring. I mean, fraud in online advertising? Say it ain't so! |
| |
|
| ▲ | delusional 9 hours ago | parent | prev [-] |
| Likening any of this to Volkswagen emissions compliance scandal does a huge disservice by treating "Affiliate Marketing" as far too important. "Who gets a kickback on this toothbrush" is a much MUCH less important question than "do you pollute the air we are all breathing". |
| |
| ▲ | choult 9 hours ago | parent | next [-] | | It's comparing Honey's behavior to a well-known and comprehended scandal. Simile is a tried and tested way (hah!) to explain otherwise potentially hard to understand or dry content. It's not about the severity of the impact, its the fact that they were breaking the rules and explicitly coding to actively avoid being caught by testers. | | |
| ▲ | bedelman 3 hours ago | parent | next [-] | | choult: The factors you mention are the factors that led me to propose the "Honey's Dieselgate" title and to compare Honey to VW. Of course I agree that health is more important than affiliate commissions. So the comparison only goes so far. | |
| ▲ | collingreen 8 hours ago | parent | prev [-] | | Probably better to compare to ubers grayball although that may be less well known. | | |
| ▲ | Dylan16807 6 hours ago | parent [-] | | Refusing service (and showing a fake status screen) is in the same ballpark, but dieselgate is a much closer match. They couldn't avoid being put under test, so they had separate behavior based on whether heuristics said it was in a testing environment. |
|
| |
| ▲ | salawat 5 hours ago | parent | prev [-] | | These are the same types who have poisoned the well of information that was the Internet you can actually find things on for the sake of the ad driven model. Far as I'm concerned, the moral injuries are the same even if the physical details are different. |
|
