TheFLY

Here's something that I have been thinking about -- and Boneprone and I got to talking about this...

Let's all talk about IBill's cookies... shall we? Then we should move on to the behavior of cookie tracking of other billing systems!

First I should mention that I know how to write cgi to set and read cookies so I'm not pulling this shit out of my ass.

Here's how it started for me...

I'm linking a movie off a friend's paysite (he uses IBill) and in the movie there is the URL of his site... I said to him, "Hell no -- why should I show the movie to my surfers and not get the credit for the signup when you get the type-ins?"

What he said to me was VERY interesting -- and this is where we must start asking questions. He said, "No No... You can use this IBill link with any URL, even this movie -- this cgi sets the cookie in the surfer's browser... then you get credit even for a type-in!"...

I'm thinking "Shit! That's cool..." -- then I think, "Damn! That could be dangerous!"

What if -- hypothetically -- I set ALL OF THE PAYSITE IBILL COOKIES when a surfer comes in to my site... That surfer would have no idea!

Now supposedly I don't even need to use any IBill codes -- if I set all the IBill cookies -- I can just link any paysite kindof like this:

(a href=www.amateurpages.com) -- and I still get the credit because the IBill cookie is *already* set...

While that seems neat -- that's no big deal...

What IF I set ALL of the IBill cookies for a surfer -- then he leaves my site and then goes to YOUR site -- he clicks an ad...

Now it's up to the IBill cgi to make a DETERMINATION...

a) Does the original reseller get credit for the sale?

or

b) Does the old cookie get reset?

If a) is TRUE, then we have some very DANGEROUS possibilities... What if portal sites set all the IBill cookies!?

Holy shit!

Well I'm not accusing anyone of setting IBill cookies -- I haven't done any tests yet -- I'm just asking questions so I can figure out how IBill cookies work... Also I don't want anyone to abuse this possibility! How many of you webmasters have any idea how cookies work!? Harldy any of you! You could all be fooled and have no fucking idea...

You can see why I am concerned and how any portal site could just decide to set all of the cookies -- the surfer would have no idea -- meanwhile everyone down the traffic chain is getting fucked in the ass!

We need to know some things...

a) How long does it take for an IBill cookie to expire?

b) Does IBill give precedence to the *first* site that sets the cookie *or* the last?

The possible implications of b) seem catastrophic... Yahoo or TheHun could just be setting all the cookies for all the paysites -- any nobody would have a damn clue... Meanwhile everyone else down the traffic chain is totally clueless -- and not getting paid for all the real promotional advertising work...

How hard is it to set a cookie? It's easy!

------------------
<A HREF="http://www.thefly.net/topfly.html" TARGET=_blank>
</A>Oh Baby! TheFLY.net

[This message has been edited by TheFLY (edited 12-06-2001).]

boneprone

counters??

hmm.

TheFLY

I should mention that only IBill can set IBill cookies -- that's how cookies work... That's what keeps your user information secure and safe... There's no way for site B to read a cookie that was set by site A... And only IBill can read IBill's own cookies.

At first I was thinking that a counter program like for instance Sextracker could set all the IBill cookies -- but I don't think this would be possible...

Even still it would be a trivial task to set all the IBill cookies of a surfer upon entering a site...

[This message has been edited by TheFLY (edited 12-06-2001).]

Amputate Your Head

Depends on the code used, and what the reset is set for. It is not easy to reset a cookie short of deleting it physically from the users machine (which the user would hafta do) or some more lengthy code. Once the cookie is set.. it's pretty much set, unless you got something in place to override it. BUT.... as we go into cookies here, (and I'm sure this thread will involve a lengthy debate)... you can set more than one cookie as well. So.... you would also need to know which specific cookie they're looking for in a given circumstance.

It's not a black & white type of thing.

Techie Media

This is Very interesting indeed ??
Mike Burns (Lensmans lead programmer) may be a good person to comment on this. He is 1 very shapr guy??..Mike if you read this, then whats your thoughts on the matter?

------------------
Smile and Be Happy

Lightning Free Hosting
Gay Free Hosting
Girls Host

[This message has been edited by Lightning (edited 12-06-2001).]

TheFLY

AMP you are so right -- but I thought of this already...

Even if IBill sets multiple cookies for the same paysite with multiple resellers (which it has the option of doing) -- this does not change anything.

IBill can't split the sale three ways among three sites -- somebody is going to get the sale -- either the first or the last...

In essence it doesn't matter if there's more than one cookie set for the same paysite -- or if IBill resets an old cookie w/ a new reseller's cookie...

Somebody gets credit... Who is it?



[This message has been edited by TheFLY (edited 12-06-2001).]

TheFLY

This is exactly why we need answers...

TheFLY

Well there's an easy way to figure this all out but I'm too lazy...

- You can clear all your cookies.
- Hit an IBill link off a freesite.
- Go into your browser and see when that cookie will expire.
- Go to another site with the same ad.
- Click that IBill link
- Sign up
- Somehow figure out if the first site got the sale or if it was the second site...

boneprone

I also would like to know. This is an intresting post.

TheFLY

...if the first site got the sale, then a lot of us are in deep doodoo...

...and a select few will BANK $$$$



[This message has been edited by TheFLY (edited 12-06-2001).]

Kimmykim

Now you have totally lost me -- what do you mean if the first site or the second site got the sale?

You only make a sale to one site at a time, unless I am missing something from this last post.

Amputate Your Head

Well, I guess it would come down to finding out what the reset time is for their cookies then...

I have some affiliates for my design stuff, and I have my cookies set for a specific period. Then give the affiliates their individual ref codes. When they whore it out, and someone clicks their ref code, it sets the cookies. (Two of them actually)... But I only check for one of them. (One is just a dummy cookie for other purposes) Once it's set... the only way someone could override it is if they told that user to go in and delete their cookies and then click a different ref code to set a new cookie.

What this means is.... let's say, someone clicked on a ref code you had whored out for me. They checked it out and looked good.... blah blah blah.... wanted to spend some money, but realized that someone was making a commission off it. "Hmmm.... well, I got a friend that promotes these guys too...." He talks to the friend, friend tells him to delete the cookie... and you get the idea.

I can set those cookies to last for whatever length of time that I want. 30 seconds or 30 days... or whatever...

So... if IBill has there cookies set to only track for a minute or two.... then someone from another site could easily get the sale. But if, like some good sponsors do, set their cookie for an average of three days or so.... then only the original click will get the sale.

I've found that alot of sponsors set their cookies to track for around 3 days. No other ref codes will override that initial cookie for those three days unless the user deletes his temps & cookies from the disk.

I'm rambling.... must have more beer.

TheFLY

KimmyKim, here is a hypothetical scenario to illustrate.

Let's say the first site is "TheHun"

and the second site is

"Joe Blow's gallery pushing Amateur Pages..."

TheHun could set all the IBill cookies ahead of time (including Amateur Pages)... The surfers and the gallery posters would have no idea... and all the little schmucks posting galleries using IBill links to Amateur Pages would not get credit for any of their traffic -- because TheHun had already set the cookies...!

See how easy this is to do?

Phil21

pete, ICQ me and I'll give you an answer on how this works. (pretty simple to figure out..)

-Phil

TheFLY

True... I've heard this 3-Day number also... Which would make it very easy for a TGP to set all the cookies -- as long as the surfer is not jacking off to the gallery for 3 days (hahaha) then there's no way the gallery poster will get any credit...

TheFLY

Hey Hun! If this is all true then you owe me big time! Hahaha...

Early reports are coming in saying that CCBill does not set any cookies...

???

What about globill and epoch...?

Theo

great! i'll be the 1st guy in my neighbourhood next year driving a lamborghini!

time for some phonecalls!!

Theo

Wizzo! Delete this topic now and let's keep it for the family!

TheFLY

Now we can make the determination that *ANY* site that is setting cookies w/o actually advertising the paysite... is stealing!

Yet while this is theft... how can you stop it? Even if TheHun is noble enough not to do this -- every little prick site on the internet will be setting all the IBill cookies! You can guarantee this.

WE MUST PUT AN END TO COOKIE TRACKING FOR PAYSITES!!! THE OPPORTUNITY FOR CHEATING WITH COOKIES EXISTS AND THIS IS A GREAT DANGER!!!

Amputate Your Head

Not good Soul... I'm an outsider remember? You hafta kill me to finish the evidence scrubbing... and I don't wanna get kilt yet!

Theo

ok ok enough said! you know i want a share of Labret's signups

Theo

ops! AMP is here too

Brad Mitchell

If I'm not mistaken in my admin area for my paysites with CCBill I was able to set the length of the cookie. Their default is 3 days... Someone correct me if I'm wrong.

Brad



------------------

Amputate Your Head

Well, the idea behind it is to extend the time period for which webmasters can get credit for a click... still getting credit for the sale, because some surfers take a few days to decide to bust out the credit card. So it's all done in good faith... but sure... I can see abuse with cookies... it's certainly happened in the past.

Roberto

duh, that's why i get more sales on top gallery listings, no matter the traffic or clicks, the strange ratios mystery is solved?

Roberto

globill sets a cookie too

Amputate Your Head

It's certainly not new. Look in your cookies folder. There's shitloads of cookies in there. Everyone sets cookies.

Diamond Jim

Most larger and reliable programs (read : the ones you actually send traffic to) do not use cookies to identify their signups through ibill (or any processor for that matter). ARS, PornMegaBucks, SicCash etc...you guys can't lose signups through people playing with cookies.



------------------
The Largest Recurring Sponsor On The Net

Roberto

amp>yea but a cookie to store a ref code sounds pretty new to me, i bet amazon doesn't set ref code storing cookies for their referrals?

Amputate Your Head

I see what you're geting at Fly, but here's the deal....

unless these guys are using absolutely the most basic of code for setting their cookies... tracking cannot be falsely planted. Mine can't be. Not by simply hrefing the domain like your example. This is why I use the coding that I use... (and no, I'm not giving it out here.) But basically... if someone typed in my address raw... one cookie is set. If someone clicks "Joe Snuffy's ref code", then that cookie is set. And on down the line. Regardless of which cookie was initially set, no other ref code cookie can override it. Not even (especially not) the raw cookie. The first ref code in gets the credit. Trust in the code... no one is getting fucked unless the programmer was an idiot.

That's all I'm giving out here.

Keev

This is some deep shit..... I would like to find out as much as possible on this one and i am sure IBILL will be hearing from many of us if they havent already...

TheFLY

There are only two answers to this problem...

1) Delete this thread right now -- and we can all bank!

or

2) We need to demand that all credit processors stop using cookies!

What else can we do?!

Theo

i agree
let's delete it

SleazyDream

this is some scarry shit and makes a lot of sense.

Theo

Sorry, but you are not authorized to perform this function. Use your Back button.


damn !

Theo

wanna some extra scare?
what about programs like napster that are used 10 times the amount of the tgp visitors. Should i remind you that napster loads web pages for the daily news?

TheFLY

Thanks for posting Jim. I have always heard really great things about PornMegaBucks and I used it myself a long time ago... I take your word for it that PornMegaBucks does not count the cookies... but I think we need a list of the *safe* sponsors -- and also maybe some type of watchdog agency to keep an eye on this list -- and red flag the paysites that are using cookies.

Roberto

soulrebel> if you want to get paranoic then aol/msn, etc. have nice start pages

Theo

can anyone suggest me a good cookie book?

what about making cookies read-only
this way the new site won't be able to change the info of it.

Amputate Your Head

Why does this seem scary to you guys? It's not rocket science. It's just code. Like I said, unless IBill's programmers were morons, there's no way anyone is going to get fucked. The first ref code in is the one that gets the credit. From there, it all depends on the duration of the cookie. After that, it's fair game. And a raw domain cookie will never override a ref code cookie if coded right. Someone trying to cheat the process would have to know the exact moment of cookie placement, which one it is, how long it lasts, and which one is being read on playback. And that ain't an easy task to come by.

[This message has been edited by Amputate Your Head (edited 12-06-2001).]

TheFLY

I will explain how it might be done...

First I need to determine:

a) Will IBill let me set a cookie of a paysite calling ANY URL...? I think the answer to this is YES. I can probably use the IBill code to call a 1x1 image on my own site to place the cookie for any IBill paysite that is using cookies to credit webmasters for signups.

b) IF IBill only allows cookies to be set *if* the "redirected" URL (ie: the stuff after the "?") is substring searched for the domain of the paysite... THEN I would find a very small image on that paysite (like a little bullet or visa.gif) and use that image to set the cookie...

Take all these little tiny images -- place them at the top of your page -- *BAM* -- you are the master referrer of all of these paysites!

Roberto

amp> do you think it's fair? say someone is at my site, clicks on a sponsor link and quickly changes his mind and come back to follow some more links, then gets to YOUR site, and YOU get him horny enough to click+sign up, and i get the credit...
is that fair?
worse yet, let's say he clicked my ref sponsor link 2 days ago?

BradShaw

May I suggest DMR as a billing solution?

Amputate Your Head

I'm sorry... have I been unclear?

Roberto... you got a ref code to my site. Someone clicks on the banner with that ref code. BAM! You got the credit until that cookie's duration runs out. Whether that's three days or ten seconds.

Mr. Surfer decides tomorrow that he does indeed want to buy a membership. But has a buddy named The FLY who he knows has a ref code for the same site... so he goes and clicks on The FLY's ref code and signs up....

Who gets the credit for that sale? Roberto.

The only way FLY would get credit for that, is if Mr. Surfer waited until the cookie expired... or went into his hard drive and deleted his cookies and THEN clicked on FLY's ref code.

What is so unfair about that? How else are you going to track a surfer for any length of time? Or do we just NOT track them at all? Is that MORE fair? Bullshit..... first ref code in gets the sale. Provided... it's within the set time period.

I see nothing unfair about it.

the real magoo

The answer is no.

------------------
$60 / Free Signup!

Get a $50 "welcome bonus" credit to your account just for signing up + $60 / Free Signup!

Roberto

i do, at least if it's for 3 days, a couple hours is ok, otherwise using a sponsor that sets a cookie seems like selling totally at random.
whatever

Amputate Your Head

Well can you explain your position? Help me to see why it's unfair? I'm actually not trying to be a smart ass on this one.... if there's a hole in the theory of cookie use... I would like to know, because I use them myself. If someone can show me why I shouldn't, I will either cease use of them or fix the code so it can't be cheated.



[This message has been edited by Amputate Your Head (edited 12-06-2001).]

Theo

don't be so sure real mangoo because out there some programmers can do real magics.

TheFLY

Even a couple of hours allows a TGP to cheat.

Roberto

amp> i pretty much explained my point, not trying to be a smartass myself neither, but i don't understand why should i get credit for someone else's sale, or someone else getting credit for my sale (most important ) i just can't see the logic.
let's say we are telemarketers, we both sell the same product and have the same prospective clients database, i call first, i suck at telemarketing and this potential customer doesn't buy to me.
now 2 days later you phone the same person, actually manage him/her to buy the same shit i couldn't, and I (that previously failed to sell) get paid the commision? what's the logic?!?