Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

With cookie-stuffing the cookie is normally "generated" by loading a page in an invisible iframe. The loaded page is actually the same you would land on if you clicked normal advertising, with "everything on the page" - including an invisible gif. Visibility or Invisibility of the iframe doesn't change anything to the loading of this file. That's why it doesn't make sense to me.

Or did they use another method to place the cookie I don't know about?



You could trigger cookie setting with the img tag. <img src=http://affiliate-link-to-ebay.com>; would set the cookie on most browsers.

I don't know if that works anymore because my "affiliate" time is well long over but I guess this loophole has been fixed long since.

IIRC iframe was a little problematic with some websites as they had frame break out scripts [1] - so you had to be creative.

The golden wild west times ... I somehow miss them. Money was lying on the information super highway - you just had to pick it up ;)

[1] something like http://www.thesitewizard.com/archive/framebreak.shtml


Ebay didn't use frame breakers, so much I know ;)


The user might have received the one pixel "trap" cookie, but the article says they were watching to see users who only visited 1 page, since "normal" users click around and look at a few pages. If you only get the hidden pixel once, that's a sign you aren't normal.

It will be interesting to see how this goes in court since you cannot prove that any given single user was NOT a "real" user. But on the whole, the traffic smells wrong.

I don't understand why eBay didn't just ban the users when they suspected foul play. Trying to prove this criminally beyond a reasonable doubt would have been hard.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: