The Central Scrutinizer
Penultimate Amazing
- Joined
- Dec 17, 2001
- Messages
- 53,097
His co-conspirator was supposed to have been sentenced on Feb 11, after a guilty plea, but I can't find anything about it.
Last edited:
Brian Dunning lawsuit
- Thread starter Reivax
- Start date
icerat
Philosopher
Lots of info here for those interested. Dunning's FBI interview makes it very clear he knew what he was doing.
It gets worse - he was apparently paying 10% to a Commission Junction employee as a kickback for showing him how to exploit the system.
It gets worse - he was apparently paying 10% to a Commission Junction employee as a kickback for showing him how to exploit the system.
AdMan
Penultimate Amazing
- Joined
- Feb 10, 2010
- Messages
- 10,293
Yes, that FBI interview is pretty damning. Seems a plea bargain was probably his only option.
The Central Scrutinizer
Penultimate Amazing
- Joined
- Dec 17, 2001
- Messages
- 53,097
Link?
icerat
Philosopher
included in the link I gave above. Direct link here.
AdMan
Penultimate Amazing
- Joined
- Feb 10, 2010
- Messages
- 10,293
eBay's complaint is also interesting reading. It goes into more detail on how the cookie stuffing schemes apparently worked:
http://www.benedelman.org/affiliate...gan-kessler-thunderwood-dunning-complaint.pdf
http://www.benedelman.org/affiliate...gan-kessler-thunderwood-dunning-complaint.pdf
Last edited:
The Central Scrutinizer
Penultimate Amazing
- Joined
- Dec 17, 2001
- Messages
- 53,097
Yep. He gamed the system, and knew he was gaming the system. He claims eBay was OK with it. I suspect eBay won't remember that conversation.
Not sure how long he'll be in the clink, but I wish him well.
Morrigan
Crone of War
- Joined
- Feb 3, 2006
- Messages
- 8,262
I read it, and yes, his claims of innocence seem more and more bogus. I'd paste some snippets from the interview, but the copy/paste is all warped, so I'll just paraphrase: he didn't think he was doing anything illegal, and yet he admitted he was exploiting weaknesses of a "stupid" program? He was warned by a Commission Junction employee that he was violating their terms of service, so what he did was to temporarily stop, and then resume the activity by better masking what he was doing? Jesus christ, if he sincerely thought he was not doing anything illegal he's... well, pretty stupid.
"No officer, I'm innocent! My neighbour was dumb enough to leave his door open, so I just went in and took his TV and sold it... what do you mean, that's illegal?"
His claims that eBay knew, and was OK with it, ring completely false to me. Why would eBay be OK with it? They're effectively paying millions (!!) of dollars to a guy who is bringing no revenue to him whatsoever and who is simply, in Dunning's own words, exploiting the stupidity of their program. It makes absolutely zero sense that eBay would agree. He also admitted having been warned by CJ that he was violating their terms of service so obviously they were not ok with it.
The only thing I'm confused about, is how he got away with it for so long. Maybe in the mid-2000's eBay and CJ's stats and tracking systems weren't that good, but if he ended up being their #2 affiliate in terms of revenue, they would have analyzed the source of his traffic and caught him really quickly. Hell, I'm a very minor and modest eBay affiliate myself, and even I raised a flag at CJ, as I got an email from CJ within one month of signing up asking me where my traffic comes from (I don't know if it's routine and they ask that to everyone or not, though). By comparison to Dunning's company, my eBay affiliate revenues are pitifully meagre, so I don't know why it took years for them to suddenly wake up. Maybe they wanted to really be thorough in gathering evidence for the indictment, or again, maybe the CJ tracking wasn't so good back in the day (I signed up in late 2007 myself)...
davefoc
Philosopher
I read through a bit of the Ebay lawsuit against Dunning and that seems to make a pretty strong case against him also. After I read Dunning's defense it seemed like there was some gray area behavior that maybe went a little too far here. It's pretty hard to gibe that interpretation with the other information available now.
The defense that Ebay knew what was going on was a big part of the that Shawn Hogan put forth in a public statement about the case. It seemed like he was suggesting either amazing incompetence on Ebay's part or some kind of internal corruption. I don't know exactly why he'd put forth that defense when it seems like it wouldn't be a useful defense unless it was true because Ebay and the investigating authorities are likely to be able to quickly disprove it if it weren't true. Still, it seems like if that was part of Shawn Hogan's defense or Dunning's defense arguments it doesn't look like the court believed it.
The fact that they got away with it so long for so much money suggests that Hogan's insinuation of incompetence or corruption might be true. Of course if it was incompetence on the part of Ebay, it doesn't seem like that is going to help Dunning.
Sherman Bay
Master Poster
It's a complicated situation. But, if I understand it right, eBay is claiming that some users didn't actually visit an affiliate's site even though cookies on their computer said they did.
I wonder how eBay can be so sure that the affiliate site visit didn't happen? Wouldn't they have to examine the user's computer's internal browser logs to find out? Or match the logs on the site with every user's computer data?
In other words, how would eBay know what sites I visited (for sure) unless they can dig deep inside my own computer for logs, something which I hope they don't and can't do without permission.
I wonder how eBay can be so sure that the affiliate site visit didn't happen? Wouldn't they have to examine the user's computer's internal browser logs to find out? Or match the logs on the site with every user's computer data?
In other words, how would eBay know what sites I visited (for sure) unless they can dig deep inside my own computer for logs, something which I hope they don't and can't do without permission.
Morrigan
Crone of War
- Joined
- Feb 3, 2006
- Messages
- 8,262
It's actually not that complicated if you understand the technology (which I do, I use it for a living
I also used to work as a programmer for a company that specialized in affiliation marketing). It's fairly easy to prove cookie stuffing, especially considering cookies are timestamped. If you have an eBay cookie on your computer dated, say, Feb 1st 2013, but the eBay server logs show you didn't actually visit eBay and bought something until Feb 3rd, that means you never visited eBay, and this cookie placed beforehand was done without you visiting the site. Then you buy something, and the sale is credited to Dunning as if he had driven traffic to eBay; but he placed an eBay cookie on your computer without driving you there (using a hidden script) and without your knowledge, which is explicitly against eBay's ToS and obviously fraud.The way affiliation is intended to work, is by placing an explicit link to eBay on your site, so that the visitor clicks that link, buys something or registers or performs whatever eBay considers a "Revenue Action" and credits the sale to you, and gives you a percentage. An example from my site here: http://www.metal-archives.com/albums/Iron_Maiden/Somewhere_in_Time/79 -- look at the right side-bar, with "Search on eBay", "Buy on Amazon", etc. In this case, a user clicking on the eBay link would have a cookie placed on his computer. If this user ends up performing a "Revenue Action" (winning a buy, doing a Buy it now, etc) on eBay within a specific time frame (IIRC it's 7 days), I get credited for the sale. This is because I really did direct traffic to eBay and helped them generate a sale.
However, if instead I had an invisible iframe or pixel that loaded a script that surreptitiously placed this tracking cookie on your computer, and then two days later you decided to visit eBay and buy something, I'd get credited for the sale even though I didn't drive you there. This is what Dunning did. Worse, Dunning placed this hidden script in widgets that were frequently used on Myspace and the likes, which means they surreptitiously placed eBay cookies on thousands and thousands of computers without ever really driving these users to eBay. That he thought what he was doing was okay and that he could get away with it kind of boggles my mind, especially since he made so much money.
Last edited:
Puppycow
Penultimate Amazing
That may be one of the most ingenious eBay schemes I've seen in awhile
Bravo
Not really, considering the eventual result.
Regarding the plea bargain, there is some debate about how the system works in legal circles, although I don't know if it would matter in this case:
Federal Guilty Pleas Soar As Bargains Trump Trials
It's possible that a defendant would plead guilty to one charge to avoid the risk of being convicted on multiple charges and receiving a much longer sentence. I haven't examined the evidence here as closely as others, but I don't think a person could do something like this by accident. You have to be pretty computer savvy to find an exploit like this and exploit it. Code has to be written. Clearly he intended to do what he did.
As an aside, I really hate people (and I'm not talking about Dunning, I have nothing personal against him) who write malware, viruses, spam, fraudulent websites, hijack people's computers for botnets and the like. I think that they ruining the Internet for the rest of us. I would like to see law enforcement crack down on such people as a general principle. So it seems to me like justice is being done here.
KoihimeNakamura
Creativity Murderer
I agree. But, to be fair, I haven't seen an official amount stated.
Caper
Philosopher
- Joined
- Jun 18, 2007
- Messages
- 5,741
Say what you want about Scalia... but he is dead right about his decent.
Wolfman
Chief Solipsistic, Autosycophant
I've refrained from comment because I wanted to read all the information first, but I really can't see any reasonable conclusion other than Dunning engaged in illegal activity. He may have believed at the time that it wasn't illegal, but I can't see how he wouldn't have considered it unethical.
He signed up for an affiliate program with Ebay where he would be paid according to A) the number of people who visited Ebay through links on his websites, and B) subsequently made purchases on Ebay. The key here is that he was being paid specifically for driving traffic to Ebay.
But he then deliberately designed software that sought to take advantage of weaknesses he had identified in Ebay's system -- weaknesses that enabled him to make Ebay think that people had clicked on a link on his site, when in fact they had never visited his site, or clicked on any of his links.
So far as I can see, he has fully admitted to designing the software, and was fully aware of what he was doing. His only defense seems to be a combination of "Ebay's stupidity made it possible for me to do this" and "Ebay knew what was going on".
The former is hardly a justification, either moral or legal. The latter seems very highly questionable -- that Ebay knew he and other affiliates were being paid millions of dollars for visitors who had never visited their websites or clicked on their links. Why on Earth would Ebay willingly and knowingly pay millions of dollars to people who were not driving any traffic towards Ebay at all? The whole purpose of an affiliate program is that affiliates are being paid for driving additional traffic to the site in question. Dunning deliberately subverted that process.
Now, there is the other side of this. Of those millions of dollars, at least some portion did come from people who clicked on links on their websites (although everything I can see indicates that was the minority of the total revenue paid). And then money had to be used to pay costs, and was then split among various people...so Dunning saw only a small portion of that himself.
And, undoubtedly, he and his family have suffered significant stress and hardship as a result of this whole situation. On a human level, I feel far more sympathy for how this has impacted the lives of his family, than I do for any negative impact his actions had on Ebay.
And yes, he has made amazing contributions to skepticism, and the skeptic community. The fact that he made mistakes in one particular area of his life doesn't invalidate the many legitimate and valuable contributions that he's made.
But it is my feeling that, as someone who was so active in promoting skepticism, he needs to be held to a standard equal or higher than that to which he held others in evaluating their claims. And based on the evidence at hand -- which at this point is fairly extensive, including admissions from Brian himself, and information from FBI interviews with him -- I really can't reach any decision other than that he deliberately engaged in fraud. He may well have believed that it wasn't fraudulent, or that "because other people were doing it, he could do it too." But neither of those defenses hold legal water.
My sincerest sympathies to Brian Dunning, and even moreso to his family. I do hope that whatever the penalty is, it won't be too serious...and that he and his family will be able to move on from this.
It is disappointing...but like the rest of us, Brian Dunning is far from perfect. And I think that, in the balance, his positive contributions to the skeptic community will last much longer, and have much more effect, than will this legal transgression.
He signed up for an affiliate program with Ebay where he would be paid according to A) the number of people who visited Ebay through links on his websites, and B) subsequently made purchases on Ebay. The key here is that he was being paid specifically for driving traffic to Ebay.
But he then deliberately designed software that sought to take advantage of weaknesses he had identified in Ebay's system -- weaknesses that enabled him to make Ebay think that people had clicked on a link on his site, when in fact they had never visited his site, or clicked on any of his links.
So far as I can see, he has fully admitted to designing the software, and was fully aware of what he was doing. His only defense seems to be a combination of "Ebay's stupidity made it possible for me to do this" and "Ebay knew what was going on".
The former is hardly a justification, either moral or legal. The latter seems very highly questionable -- that Ebay knew he and other affiliates were being paid millions of dollars for visitors who had never visited their websites or clicked on their links. Why on Earth would Ebay willingly and knowingly pay millions of dollars to people who were not driving any traffic towards Ebay at all? The whole purpose of an affiliate program is that affiliates are being paid for driving additional traffic to the site in question. Dunning deliberately subverted that process.
Now, there is the other side of this. Of those millions of dollars, at least some portion did come from people who clicked on links on their websites (although everything I can see indicates that was the minority of the total revenue paid). And then money had to be used to pay costs, and was then split among various people...so Dunning saw only a small portion of that himself.
And, undoubtedly, he and his family have suffered significant stress and hardship as a result of this whole situation. On a human level, I feel far more sympathy for how this has impacted the lives of his family, than I do for any negative impact his actions had on Ebay.
And yes, he has made amazing contributions to skepticism, and the skeptic community. The fact that he made mistakes in one particular area of his life doesn't invalidate the many legitimate and valuable contributions that he's made.
But it is my feeling that, as someone who was so active in promoting skepticism, he needs to be held to a standard equal or higher than that to which he held others in evaluating their claims. And based on the evidence at hand -- which at this point is fairly extensive, including admissions from Brian himself, and information from FBI interviews with him -- I really can't reach any decision other than that he deliberately engaged in fraud. He may well have believed that it wasn't fraudulent, or that "because other people were doing it, he could do it too." But neither of those defenses hold legal water.
My sincerest sympathies to Brian Dunning, and even moreso to his family. I do hope that whatever the penalty is, it won't be too serious...and that he and his family will be able to move on from this.
It is disappointing...but like the rest of us, Brian Dunning is far from perfect. And I think that, in the balance, his positive contributions to the skeptic community will last much longer, and have much more effect, than will this legal transgression.
Alan
Illuminator
- Joined
- Oct 22, 2009
- Messages
- 3,714
I recall an episode of Skeptoid from 2006 on "Internet Paranoia", a large part of which is about cookies and a smaller part is about referrer codes.
http://skeptoid.com/episodes/4017
http://skeptoid.com/episodes/4017
icerat
Philosopher
How about the negative impact his actions had on the other affiliates he stole money from?
Why does he deserve sympathy? He stole millions from Ebay and untold numbers of other affiliates. Millions. Remember - he had well over half a million in cash in the bank accounts the Feds found.
BTMO
Overlord of the Underthings
- Joined
- May 1, 2009
- Messages
- 2,521
Like it or not, theft of this magnitude taints his message. I used to love listening to skeptoid (my wife still does I think...) - but I have trouble disassociating his admitted (he pleaded guilty to stealing millions) basic dishonesty from anything else he has to say.
While he was talking about the dishonest actions of others, he was quietly and surreptitiously stealing more money than most of us will see in a lifetime.
Hypocrisy doesn't sit well with me...
While he was talking about the dishonest actions of others, he was quietly and surreptitiously stealing more money than most of us will see in a lifetime.
Hypocrisy doesn't sit well with me...
Wolfman
Chief Solipsistic, Autosycophant
That's another aspect, yes. However, I cannot find any reliable information indicating that his code overwrote cookies from other sites. Lacking that, it is at best speculation that this is what happened. The only way that he 'stole money' from other affiliates is if his code deleted, overwrote, or in some other way usurped other sites' cookies. If you can provide evidence that this is the case, please show it to me, and I will share your indignation.
Lacking that, I will not condemn him for something that is, at best, conjecture and supposition.
I don't say that he "deserves" sympathy (although I'd say his family certainly deserves it, as they are not guilty, but must still suffer), but rather that I feel sympathy for him. I've made bad decisions in my past, some of which caused significant trouble for myself and for others. Maybe he doesn't deserve it...but I still feel sympathy for him.
And you sure as hell don't have any right to tell me who I should or should not feel sympathy for, or to suggest that it is wrong for me to feel sympathy for him, or for anyone else. He is someone who has done a great many good things, and made many valuable contributions -- and who has seen much of that good work undone or damaged because of his bad decisions. I don't sympathize with him for what he did wrong; but I sympathize with him for the many good things he could have done, that he won't be able to do now. And I sympathize with him for the many problems he's brought, unintended, on his family.
You don't wanna feel any sympathy -- that's fine. I understand. But if you think you have the right to declare who I can or cannot feel sympathy for, about all I can say is to get your head out of your nether regions.