Hey, you just browsed my site
And this is a crazy
Here’s a cookie you didn’t ask for
So make me some money maybe!
— Cookie Monster, Share It Maybe (sort of)
In the LowEnd hosting world, many providers run affiliate programs, which are a completely legitimate marketing method. The way it works is that ExampleHost provides an affiliate code to Joe Marketer. Joe Marketer then shares the link, asking uses to use that link or code when signing up with ExampleHost. If Rita Random signs up, she pays the normal price to ExampleHost and ExampleHost pays a small commission to Joe Marketer in thanks for his advertising assistance.
Many marketers run sites in which they provide reviews and advice, and all links use affiliate codes. There is sometimes a conflict of interest – the host that pays the fattest commission sometimes tends to get the biggest promotion. On many sites (such as LowEndTalk), using affiliate codes when posting links is either forbidden or must be explicitly stated as such, to prevent spamming.
While these are all “white hat” techniques, there are also less ethnical techniques for making money from affiliate marketing. Chief among them is cookie stuffing.
Cookie stuffing occurs when a user visits web site and receives a third party cookie, usually without the user being aware of it.
For example, imagine Rita Random visits SketchyHostingReviews.com, run by Bernie Blackhat. The site shotguns dozens (or hundreds, potentially thousands) of cookies to her computer, including one indicating that she’s following an ExampleHost affiliate link, even though she’s not. Of course, the web site doesn’t need to be a hosting review site – it could be have pottery class information, a parasailing directory, candle scent recipes, or anything. Later, when Rita browses to ExampleHost, the affiliate cookie is still on her system and Bernie gets the affiliate commission, even though he provided no link or other legitimate advertising in the cycle.
It’s worth noting that this form of fraud has been prosecuted in the past, and those involved have gone to prison and paid fines.
The easiest way to defeat cookie stuffers is to refuse third-party cookies. If you visit example.com then getting a cookie from example.com makes sense, but why do you need to receive a cookie from ExampleHost.com? You don’t. This policy can be turned on in your web browser, and virtually all privacy extensions implement this policy. Note that this will also eliminate many trackers from watching you on the Internet. Google Chrome disables third-party cookies in incognito mode and the company has stated that Chrome will disallow all third-party cookies in normal mode by default starting in 2023.
LowEndTalk administrator @FAT32 has recently started publishing a list of cookie-stuffers in the LowEndCommunity, which you can find in this thread.