My understanding of Brian Dunning’s cookie-stuffing scheme is fairly thorough at this point. I’ve read the articles in major news organizations about Dunning and Shawn Hogan’s scheme, and I happen to understand to a very high degree of fidelity the workings of the World Wide Web and cookies. So when I read the statement that he wouldn’t allow copying-and-pasting on, I balked. Not only at the lies, misdirection and obvious con-man level sophistry going on in the post, but that anyone who claims to have pulled off such a job might think that what they claim to have done is actually plausible.
Rebecca Watson has done a thorough job at deconstructing the statement for what it is: a great ball of chaff thrown up to confuse the radars of so-called skeptics who are evidently unable to recognize such tactics. But there’s some nuance I’d like to add, specifically because there are parts that appear to directly reference something I blogged about recently, which has bubbled up to very near the top of search results on the terms “Skeptoid” or “Brian Dunning”.
First, I’ll explain the lay of the land as I understand it from public news articles on this topic (such as this one from April 2013).
Shawn Hogan, eBay’s top affiliate, and Brian Dunning had each joined the eBay affiliate program in 2000 and 1999, respectively. They met in 2003 and became friends. In 2006, they evidently hatched a scheme while playing World of Warcraft to make a large number of referrals and thus generate a siginificant payout from eBay by using a technique called “cookie stuffing”. They would disseminate the stuffed cookies using website widgets, little gadgets a webmaster could install on their site intended to show something interesting like who in the world was loading that specific page in realtime.
This cookie-stuffing technique involves placing the user’s affiliate cookie — a tiny piece of data that is stored in a user’s browser and can be used to track pieces of information — on systems that happened to visit any website that had a chunk of code that Hogan or Dunning controlled; specifically, the widgets they’d offered for free acted as something of a trojan horse to spread their cookies far and wide. This cookie would report to eBay any time a web surfer thereafter visited eBay and purchased something, so that to eBay it would register as having been generated through Hogan’s affiliate link.
Under normal use, legitimate cookie setup allows for small businesses to link to things on eBay and, if the web user legitimately clicked through on that link and purchased an item, the small business would get a percentage commission or some other prearranged compensation. In Hogan and Dunning’s cases, people were not actually clicking through links to eBay’s site — they weren’t ever visiting eBay, they were only receiving the cookie. The stuffed cookie caused eBay later to believe that some percentage of web users’ purchases should be credited to Hogan’s or Dunning’s affiliate program. This functionality was clearly not the intended design of the program; those users did not actually go to eBay directly from their sites intending to buy something. They didn’t even touch eBay at all, save for being made to obtain the cookie.
Dunning had formed a company with his brother, Todd Dunning, in 2003, called “Kessler’s Flying Circus”. They were evidently the sole owners of the company, and not, as Brian suggests, “employees”. They went into affiliate marketing and made a very meager paycheck in referring people back to eBay — certainly no get-rich-quick model. In early 2006, near the beginning of the stuffing scheme, Todd attempted to rat out Shawn Hogan to eBay, but initial investigations chalked that up to rivalry between the two companies competing in the same space.
When Hogan ended up making huge amounts more than Dunning, because Hogan had figured out how to use an invisible single pixel link to jam a whole web request over to eBay without a user actually clicking anything, Dunning turned on Hogan. Dunning actively blackmailed Hogan to help him improve his own game, because Dunning couldn’t figure out how to reverse-engineer what Hogan had used in his own widgets.
In 2008, eBay was fed up with the deflection and lack of justification for the huge numbers he was driving; every time they’d asked Dunning or Hogan for more information on how they were driving so much traffic, they weren’t given satisfactory answers. They sued Dunning, Dunning and Hogan; discovery dragged out and two years later, they still hadn’t reached trial.
By 2010, investigators had finally figured out that 99% of the traffic that they were receiving from Dunning and Hogan’s scheme was illegitimate, ultimately only discovering this by correlating whether or not someone actually visited their webpage when they received a cookie with the suspected stuffers’ IDs. Why they didn’t do this previously, I could not fathom, except that from their standpoint, they saw hits rolling in and thought they were making a ton of cash from it, and so were blinded by the “success” of the program.
Knowing all of this, let’s highlight the lies in Dunning’s “statement”.
In about 2003 my company partnered with another to form “Kessler’s Flying Circus”
By “my company” you mean yourself; by “another” you mean your brother Todd. You had affiliate “companies” previously, which you disbanded (easy to do when you’re the owner and only employee!), and formed the new umbrella megacorp. Of two people. Holding all the same assets you held previously.
Affiliate marketing is where you place ads on the web, and if anyone clicks those ads and subsequently makes a purchase, you would get a sales commission of some kind.
Yes, that’s what affiliate marketing is SUPPOSED to be. You did an end run around the service, faking the whole part where you provide eBay with any actual service in exchange for their commission.
For our first few years we had very little success, making perhaps a few hundred dollars per month.
Probably because you were playing by the rules at first.
The money he made pre-scheme is important. I’ll come back to this.
But then, working in close association with eBay and with Commission Junction (the company that managed eBay’s affiliate program) we developed a pair of useful widgets: ProfileMaps, that showed a map of visitors to your MySpace page; and WhoLinked, a WordPress plugin that showed who has linked to your blog.
You actually did not vet the functionality of the code with eBay, as evidenced by their investigations, subsequent lawsuit, and your subsequent criminal indictment, and so your “working closely” involves, actually, all the little ways you tried to make it harder for them to detect what you were doing that I mentioned earlier.
You were making effectively no money doing things legitimately, as you’d just said; then you built a widget that overtly did absolutely nothing eBay-related, and that went viral. But it was doing something covertly: stuffing cookies onto the target computers. You admitted that your efforts prior to cookie-stuffing were not making you the sort of cash you were expecting. Then you were making gobs of money, suddenly and like through magic. All without actually delivering users to eBay the way any affiliate marketer might do legitimately — the service that eBay THOUGHT it was paying you for.
I was the second highest paid employee, and I did earn over a million dollars personally over 2006 and 2007 before taxes.
Then the first-highest paid employee must have been Todd Dunning, your brother. Since you were the one doing all the illegal stuff with cookies, what exactly was Todd doing to merit more pay, other than being in the know and trying to blow the whistle on Hogan? How MUCH more did he make, considering you were being sued for having made $5.3 million? That “over a million” represents AT LEAST 18% of all the earnings of Kessler’s Flying Circus from the entirety of the eBay cookie-stuffing scheme. How much more than a million was it, exactly? Could it have been 2 million? Two and a half?? That’s closer to what I’d expect, given all the operating costs and overhead of running a two-person company that builds web widgets and delivers ads on websites from inside your own home.
And the “clarifications” Dunning makes are priceless. To wit:
That I “stole millions of dollars”. Completely false. The vast majority of KFC’s earnings, over 90%, were never in dispute. My share of the unearned commissions was about a third of the $200-400K, on which I paid taxes. That doesn’t make it any less of a crime, but absurd exaggerations serve nobody.
Kessler’s Flying Circus made $5.3 million from eBay, in total. The government, in their wiretapping charges, stipulated that because they couldn’t actually determine what amount of money came directly from eBay from users that didn’t intend to get to eBay through another affiliate, and what amount was actually stolen from other legitimate affiliates (by having their cookie override it), they by all appearances lowballed to ensure a conviction. So, all parties agreed that at least $400,000 of the money Brian Dunning made from that program was stolen from eBay. It’s not that the rest of the money isn’t in dispute — it rightly is disputable. The problem is that doing the math on how much is actually “unearned” by the definition used here, specifically the users who counted as commissions were just people who happened to go to eBay and purchase something at some point after having visited a website that had one of Dunning’s widgets on it.
It beggars belief to suggest that 90% of the $5.3 million that Kessler’s made off of eBay actually came from either people legitimately clicking on an ad on one of Dunning’s sites, considering what Dunning admitted to making prior to the scheme, or resulted from people actually clicking on someone else’s affiliate ad but getting credited to Dunning instead. In the former case, that’s totally legitimate, but cap that at “a few hundred dollars a month” times twelve. In the latter case, I would count that as absolutely illegitimate, and totally disputable.
And further, “Operation Tripwire”, wherein eBay included a 1×1 pixel image of their own on the legit site in order to correlate stuffed cookies with actual pageviews, discovered 99% of the traffic sent with Dunning’s ID was illegitimate. The problem comes in cross-referencing whether people getting the stuffed cookie actually ever went on to buy something; whether they went on to buy something from someone else’s ad; or whether they actually bought something without ever clicking on someone’s ad at all. Because all of those numbers were fuzzy, the government lowballed. And that’s fine. There are some numbers that, without deep forensics and very careful logging that eBay obviously didn’t have in place, are impossible to suss out after the fact.
It DOES mean that the 15 month conviction is also a lowball, considering someone mugging a person and stealing a hundred bucks might get them five to ten years. White collar crime should absolutely get stiffer penalties than blue collar crime, in my estimation. Only in cases of violence should the latter be treated more sternly.
That any individuals were affected. Completely false. The only victim was eBay, and the nature of their loss was a reduced profit (due to paying unearned sales commissions) on new paying customers who had viewed one of our ads.
No, individual end-users who purchased from eBay were not impacted. It would not increase the amount they paid to eBay at all. However, individual rival affiliate marketers were almost certainly impacted by having their cookies overridden with your own. You stole some indeterminate amount of money from other affiliates, and some other indeterminate amount of money directly from eBay, and because those numbers are hard to suss out of the total $5.3 mil, the government just went with $400,000 and you and your lawyers agreed.
It’s all in the court records, Brian. Maybe you should read them. Given that you pled guilty to this, it might have been a good idea to know and understand exactly what you were pleading guilty TO.
A conspiracy theory that my nonprofit Skeptoid Media, Inc. was set up as some kind of shield to hide stolen millions. First, I never had millions in my possession; second, you cannot shield money from the feds. The federal government can seize anything at any time; there is no protection like there is in state cases (e.g., moving to a state that allows you to keep your primary residence). Skeptoid Media exists only for its stated reasons: producing free educational materials and STEM-focused informational and entertainment content, made available to educators and individuals worldwide, concentrating on critical thinking and scientific skepticism.
This is almost certainly referring to my earlier post on Dunning’s fraud, which to my knowledge is the first such post alleging that Skeptoid Media was converted into a non-profit during Dunning’s pre-jail eleventh hour, when he realized that it was all going to hell and he would face consequences for his fraud.
And it’s not what my post argued. My post argued that Skeptoid could not survive on its own with Dunning imprisoned, and so turning it into a non-profit was a good way to ensure it survived past him. And that, in and of itself, is a good way to do things; I’d rather skeptical outreach organizations actually have public accounting for their cash flow so we can scrutinize (some might say, skeptically!) what’s actually being done with our donations.
It further argued that because the civil suit was eventually dropped and eBay did not seize any funds from Hogan or Dunning, and because the FBI did not levy a fine against Dunning in sentencing, the $5.3 million that Dunning’s company made off of eBay comes with only one fine: fifteen months in white collar jail and three years supervised release. He’s effectively bought millions of dollars in exchange for a short stint in jail.
Regardless of how much of that money is actually usable by you or your (loving, beautiful, probably innocent, probably undeserving of this travesty) family, YOU are still getting off really goddamn easy here, Dunning. If the government had decided to seize $5,300,000, it would obviously bankrupt Dunning, because much of that money’s already been spent, either by him (paying mortgages, setting up college funds, paying off debt), or by Todd, or by Kessler’s Flying Circus in “overhead”. We also don’t know how much money Dunning directly contributed to Skeptoid. However much that was, I can virtually guarantee you that it’s touched tainted money. Unless Dunning did not use any of his own capital to seed Skeptoid, ever, and he’s taken very great care in maintaining his books, Skeptoid has almost certainly seen some of that money.
And it’s untouchable now. The money that Dunning has made, now that he’s convicted with no fine, and the civil suit is dropped, is untouchable. Some of it almost certainly went into Skeptoid. And we have no clue how much that is.
Unless the IRS decides to pay very, very close attention to Skeptoid, including a thorough accounting of all income prior to getting non-profit status, Dunning will have faced no monetary repercussions for his actions.
But given his status as a convicted felon, if you want to trust him with your money and donate to Skeptoid, you just feel free. That’s your lookout. We skeptics are only supposedly in this community in order to prevent fraudsters from taking your money under false pretenses; I don’t know what that might POSSIBLY have to do with THIS specific situation, do you??
That I’m a millionaire who has the gall to beg for donations. Please do not conflate the two. Donations that support the Skeptoid podcast go only to support Skeptoid Media, a good cause.
Welllllll… You DID just admit to making over a million dollars pre-tax during the one year your scam was running and you were still affiliated. That makes you a millionaire, even if you don’t have it in the bank. It’s language sophistry at its finest. We don’t have any way of knowing that you didn’t ever have a million useable dollars in the bank. You’d know better than I how high your bankroll actually ever climbed as a result of your misdeeds.
And you carefully and attentively pointed out that donations to Skeptoid only go to Skeptoid. That is secondary to the thrust of the complaint you’re rebutting here, being that we don’t know how much of your ill-gotten gains went to support Skeptoid too. People don’t like donating to people who are not in any sort of financial need. And even if there IS a financial need, people feel an odd sense of entitlement toward policing how that money gets spent, even if the plan is entirely laid out in advance and totally transparent. People especially don’t like donating to someone who claims to have a need, but turns out to have alternate means of funding that they hadn’t disclosed — like, oh, say, millions of dollars rolling in from defrauding a major corporation and everyone else in the same affiliate program as you. Beyond that, since your alternate means of funding was actually illegal, as evidenced by your going to jail for it, some people who’ve donated to your podcast might feel suddenly and understandably very put-out about having done so.
The piece de resistance of the piece, his sidebar about rescuing a Chinese family from a car rollover notwithstanding, is this throwaway in the “clarifications” bit:
Separately, I am not a millionaire and my family is under a huge amount of debt and has no savings at all, but working that out is our problem, not yours, and not Skeptoid Media’s.
You said earlier that you paid off your mortgages, and set up college funds, and were “just about to start saving”, implying your debts were paid off. So… pardon me if this seems a bit unsympathetic, but cry me a goddamn river.
Finally, I should note that while I once lamented the virtual radio silence the skeptical community has endured on the nature of Dunning’s fraud, I am heartened that Freethought Blogs and Skepchick are no longer the only blog networks who refuse to let this story get memory-holed. Hemant Mehta has some choice words for Brian Dunning as well.