After our initial findings last Friday, we uncovered some more interesting behavior in the Yahoo toolbar.
We found an example where the toolbar was deceiving users by presenting a competitor's coupon disguised as a merchant's own coupon. Here's the sequence of events that we recorded.
- User loads the homepage for Ticketmaster.com
- A small coupon box hovers over the page promoting what appears to be a Ticketmaster coupon
- User clicks "Get Coupon"
- User is passed through an affiliate link and then sent to TickCo.com
- After landing on TickCo.com, the user is once again presented with the coupon—just placed beside the TickCo logo instead of the Ticketmaster logo
Instead of reloading Ticketmaster's website after clicking "Get Coupon," the user is actually sent over to tickco.com. Notice from the screenshot below how we simultaneously see the Ticketmaster logo, the offered code, and "Waiting for www.tickco.com..." in the browser.
What This Sequence Looks Like
Here is video evidence of exactly what we saw. We followed up by using the same sequence of clicks, but added some investigative tools to the mix.
What's Going on Here?
After looking into this more closely, here are the basic facts we identified:
- Ticketmaster and TickCo have no business relationship with each other, and compete with each other
- "ORDR10TC" and "ORDR20TC," the two codes displayed in the box, work just fine at TickCo's site, but DO NOT on ticketmaster.com
Ticketmaster doesn't pay commissions to coupon affiliates—so the affiliate engaging in this behavior would have nothing to gain by linking to Ticketmaster. But if the affiliate is successful in tricking the user, then they would likely get a commission from any sale on the TickCo website.
By laundering HTTP referers as we noted last time, TickCo remains unaware that the traffic originated on ticketmaster.com.
Manipulation of Web Visitors
More frustratingly, the affiliate has done this by tricking users. The users believe they are receiving a Ticketmaster coupon code, and have no idea that the code is invalid or that their session will be diverted to another website.
Such unrequested in-browser manipulations are almost certainly a violation of user trust. While the hovering coupon box itself may simply have ranged from being a mild distraction to a cautiously welcomed source of information, this practice is based on outright deception.
Is This Intentional?
There are a number of parties involved in this transaction. We have the Yahoo Toolbar, the Coupon Camp app provided by Visicom media (installed in the Yahoo toolbar), and finally the affiliate itself. In this particular instance, it certainly looks like the affiliate is at least aware of the abuse—and quite possibly originating the abuse. Here are some notable details from the page load sequence:
- Before the user clicks anywhere, the Ticketmaster logo is served from the affiliate's website: http://www.couponwinner.com/images/merchantimages/3909_Coupon.jpg
- Once the user clicks on the coupon, the toolbar again makes a request to the affiliate's website: http://dynamictoolbar.couponwinner.com/r.aspx?CCID=172562&aid=100
- The affiliate then redirects users to their affiliate link, including sub-id tracking that indicates the source of the click was likely a Ticketmaster misdirection: http://www.anrdoezrs.net/click-3775473-10506573?sid=DYNACCT-100-10Ticketmaster
- As shown above, the link is actually a tickco.com affiliate link
Together, these indicate that the affiliate is certainly aware of what's happening on the Ticketmaster site and likely tracking the performance of the deception. In our view, that may not condemn this affiliate in every single program—but it would be plenty of reason to keep a careful watch on the affiliate.
Who Else Is Involved?
While Yahoo doesn't look like the source of the deception, it is their software and their brand being presented to users. They ultimately bear some responsibility for the user deception. After all, the Yahoo toolbar can be downloaded from Yahoo directly, and is aggressively bundled with plenty of popular software promoted in Yahoo search and made available through download.yahoo.com. Clearly the toolbar already has a weak reputation, as it sports a 2-star rating on the Firefox add-ons catalog.
However, Yahoo is not the only brand with responsibility here. Yahoo's toolbar was built using the Dynamic Toolbar framework from Visicom Media. Visicom Media also provides a toolbar plugin (Coupon Camp) to third parties that develop on their platform. Plenty of other organizations use the same framework for their toolbars, and a subset of those organizations have the Coupon Camp app activated. For example, we've seen the same experience using the Panda Security Toolbar and the Verizon toolbar among others.
Cleaning This Up
This practice most likely predates Marissa Mayer's tenure at Yahoo. So we see this as an opportunity for Yahoo to take the lead in decommissioning it.
Looking ahead, we'll be keeping a close eye on how this resolves. Hopefully change comes swiftly. If you notice any new developments or any similarly suspicious behavior, we'd be very interested to hear from you.
It appears that further incidents of this kind are unlikely, but we would still welcome any new information you may be able to provide.