PayPal's Honey extension should be pulled by Google for doing the exact same thing. There is no difference and Honey shouldn't get special treatment just because it's owned by PayPal.
---
UPDATE: It's criminal wire fraud.
Brian Dunning sentenced to 18 months jail for cookie stuffing: https://www.businessinsider.com/brian-dunning-ebay-and-affil...
“Cookie Stuffing" internet fraud schemer Jefferson Bruce McKittrick pleads guilty: https://www.justice.gov/usao-sdal/pr/cookie-stuffing-interne...
Obtaining money by means of false or fraudulent pretenses is wire fraud.
Honey's extension stuffs a ton of different affiliate cookies via its extension for sales it did not generate. They are representing themselves as the one who made the referral, and receiving commissions for doing so, when they did not.
Which definition/source for cookie stuffing are you looking at?
Remember Kazaa, BonziBuddy, Gator (The OG adware), etc.? They were demonized for collecting data on all the web traffic you were doing it. They got sued by the FTC and were forced to change their business models and/or close down.
Then Facebook, Google came along and did the same thing in the early 2010's except via cookies and Javascript, but somehow that's ok. Even worse, it's considered a normal business practice.
It amazes me that Honey has been able to become so popular given it's business model has always been more of a hack than an actual product. How did commission programs not sue them for fraud?
Probably because they had good ole Silicon Valley VC money to scare them off.
The ethical standards of everyone involved with Honey/Pie are deplorable and they should be outcast from the software industry.
For context, this all started about 2 weeks ago with one of the best pieces of investigative journalism I've seen on youtube: https://www.youtube.com/watch?v=vc4yL3YTwWk
And it's spiraling from there into lawsuits etc. I'm kinda glad PayPal bought them as they can't just shut down and file bankruptcy. Hopefully some of these creators will get paid out for lost revenue.
Sadly, Ryan Hudson knows how to play the game and Pie (with its charming .org domain) is on a roll --- already hit 1M downloads just 9 months after its launch and grown to 10+ Engineers/20+ employees.
Shameless.
On the bright side, LegalEagle also called out Pie in the video. Hopefully that'll help shine a light on them.
I don't care if they do two ads per video (a normal ad and one for their firm), they more than deserve to shout themselves out.
Online advertising is a cesspool that makes things more expensive not less.
Honey isnt a problem it's a symptom.
The money that "the creators" and Honey are in disagreement over to whom it belongs, should have never left the consumers' pockets to begin with.
Because they have absolutely no idea.
Where would they ever run across that information?
If you believe information should be free to share and remix, you would believe that copyright infringement is not theft and that not releasing code is wrong.
The fact that the proprietary code is based on GPL code just shows that the ex-Honey folks are hypocrites: they're trying to use copyright to control their code, but breaking the same rules in the way they reuse others' code.
> If you believe information should be free to share and remix, you would believe that copyright infringement is not theft
No, this is absolutely incorrect. GPL requires copyright (or similar mechanism) to function. Without copyright, anyone could take the GPL'd code and release a compiled binary without releasing source. Releasing the source is the "payment" for being granted a license to copy the original code; without releasing the source, you are in violation of the author's copyright. No one who wants to use the GPL to protect their and their users' rights would advocate for eliminating copyright, because the GPL's goals cannot be achieved without copyright.
The fact that those terms are not for money is the implimentation detail.
The fact that there are terms that you are required to agree and adhere to, OR live without the goods, that is not.
Just like the normal terms for money, your choice is you can take it according to the terms, or leave it. Not just take it and ignore the terms.
It's definitely a special level of low to steal something that's already free.
I'm mixed, because it's an entire spectrum and there's no clear sand in the ground. It's a very nuanced topic.
But fundamentally, if people want to make sure they can benefit most from their creations, they need some way to protect themselves. Otherwise the biggest wallet will grab the idea, out-advertise you, and out support you.
That's why I always vied for minimizing copyright periods, not abolishing the idea. Creators should benefit: creators have almost zero need to benefit almost a century after they die. the original 14 + 14 made enough sense and can still work: something that was basically an average lifetime back then and is now most of a working career. Those rights can transfer to whoever they want, and it would be transferred to a beneficiary posthumously. But when 28 is up, it's up.
GPL was created in part, and allows the author of some covered work, to control the terms of how that work is used and distributed; so that both the creator and the user may benefit from that work.
The GPL and copyright are both about controlling what other people do with something you made. The MIT, or BSD license, or some other very permissive license that doesn't set down restrictions are arguably different from copyright. But the GPL isn't the opposite of copyright. It's just has different terms of use.
No, public domain is the opposite of copyright. The GPL absolutely does give the author rights to dictate how people copy the software -- in fact -- even more so than many other open source licenses.
The goal of the GPL and viral licensing is to undo copyright as such.
I don't agree with this maximalist approach because many forms of knowledge wouldn't be created without a financial incentive. But there's many niches in the economy where free software creates greater economic benefit than a proprietary solution.
1. Movie copyright is compared, by its owners and the law, to physical theft. This type of theft does not remove the physical use or any use from the owners.
2. GPL copyright only requires sharing changed code. Failing to disclose the changes actually does affect the owners in the way claimed.
They’re two different social contracts and we need different words for them. Honestly many social problems are like this.
The "copyright infringement (is / isn't) theft" argument is drivel on the same intellectual level as "corporations are people."
I wasn't aware there was this community standard. I explicitly disagree with it and I presume many others here would as well. The contradiction exists only in your one sided assertion.
I think the position is more nuanced. Once I've paid for the movie then breaking it's "copyright circumvention measures" so I may copy it or display it for my own purposes and reasons is neither immoral or illegal regardless of what hollywood or the law they paid for says.
I also think that Copyright terms being the life of the author are explicitly in violation of the Constitution, let alone, life plus some arbitrary term. These laws have fallen out of the service of the many and into the hands of the few.
There's a habit to "point out the contradiction" in these forums. I think it's almost always misguided.
GPL: "The code must be shared" Downloading/Pirating movies. "The movies should be shared"
I don't think people that people who believe in the GPL and pirate movies often do so because "pirating is the right thing to do", but one can certainly make the case that they share the same basic idea.
Copyright infringement, while it may be wrong, truely isn't akin to car theft. It is however akin to a stolen idea. A car theft deprives the rightful owner of the car, but they don't otherwise care that the thief now has a car. An idea theft doesn't deprive the thinker of the idea, but they care that the thief is benefiting from the idea without compensation. Yet they don't care if someone becomes aware of the idea, but keeps it to themself.
I don't care about the movie industry, and don't care if they lose money. I don't care about the software industry or if they lose money.
I do care about information being freely available whether its in the form of movies or source code - it's in no way contradictory for me to want people locking up source code to be stopped from doing so while also wanting to see more torrenting. Copyright law is a tool - much like fire. I don't want my house to burn down, but I also don't want the fire in the furnace to go out... is it contradictory that i want to use fire to keep warm but not have all my possessions destroyed?
The people in this community that says “copyright infringement isn’t theft” do not refer to copyright infringement where people exploit the work for-profit and put it out as their own (feel free to find a single occurrence to prove me wrong). The word plagiarism comes to mind, which is morally and (depending on country and circumstance) legally a bigger crime than copyright infringement. The legal system usually also recognize that exploitation done for-profit and large scale should be considered worse and punished harder.
It's about the idea that software (and, for many, all digital media) should be free. The GPL is designed to "infect" other projects, by forcing them to be free if the GPL code is included. It's using IP/copyright laws to combat profiteering in software (and, in the case of movies, Blender releases a GPL'd movie every few years).
It's the activists' FOSS license, unlike the MIT/BSD/Apache licenses, which are just the literal definition of Free and Open Source, no strings attached.
Copyright should not even exist to begin with. GPL is just there to try to use the system against itself by essentially forcing everything it touches to be public domain. GPL is barely above the copyright industry from a moral standpoint. That usually causes people to treat violations of it far more charitably. Nobody feels sorry for the trillion dollar copyright industry.
We live in a world where the same trillion dollar corporations who compare us all to high seas pirates who rape and burn will also engage in AI washing of copyrighted material at industrial scales. That's a far more interesting contradiction than what you're presenting and far more deserving of the people's indignation.
GPL violation: less people than intended can see the code.
In short: until society changes you play by its rules.
Copyright infringement may be criminal. But compared with theft there’s, rightly, a higher standard of proof required.
FSF address this issue directly. GPL is basically fighting fire with fire.
infringing on copyleft is like stealing from the poor
its the difference between robin hood and government corruption
If copyright infringement isn't theft (our goal), then it doesn't matter.
Hope that makes some sense.
People are willing to let behavior slide when it aligns with their interests, but will call it out when the "other team" does it.
- Copyright abuse of games, movies, commercial software vs open source software
- Censorship of conservative speech vs censorship of liberal speech
- Genocide of one geopolitical entity vs another geopolitical entity
- Separation of church/state with mandated removal of religious symbols from students and government places vs freedom of religion with removal of LGBT symbols from students and government places
- Use of executive branch authority for [liberal goal] vs [conservative goal]
It's the same behavior on both sides, just different groups of people doing it.
>It's the same behavior on both sides, just different groups of people doing it.
I'm actually curious to understand how you came to the conclusion that non-standard sexual and gender identities are equivalent to a religion to you.
I don't mean to start an argument here, but do you actually believe that endorsing a specific religion is the same as endorsing gay rights?
If I use Photoshop's 1's and 0's and don't follow Photoshop's rules, I could be bankrupt and thrown onto the streets, dramatically decreasing my life expectancy, or locked up and legally enslaved by Tyson Foods.
If PayPal, an 85 billion dollar market cap figure that has monopolized a large amount of digital commerce, uses our 1's and 0's and don't follow our rules, we're laughed at, because we are not an 85 billion dollar market cap figure.
I expect you understand this on some level.
> - Censorship of conservative speech vs censorship of liberal speech
How so? There are many left aligned websites that remove conservative content, and many conservative websites that remove lefty content, many sites that allow both and many sites that remove both. Perhaps I misunderstood, apologies if so.
> MegaLag also says Honey will hijack affiliate revenue from influencers. According to MegaLag, if you click on an affiliate link from an influencer, Honey will then swap in its own tracking link when you interact with its deal pop-up at check-out. That’s regardless of whether Honey found you a coupon or not, and it results in Honey getting the credit for the sale, rather than the YouTuber or website whose link led you there.
https://www.theverge.com/2024/12/23/24328268/honey-coupon-co...
The racket is that they f*k with your campaigns by stealing codes typed by users of the extension, so even users who don't think they're sharing them end up sharing them with Honey. Imagine the fun when someone creates a valuable code for someone trusted and doesn't limit its usage sufficiently, and someone uses it on a Honey-infected machine. Now the whole Internet is getting a possibly loss-making discount!
Honey then contacts the business and says "Gee, wouldn't you like us to stop doing that? Just pay us 3% on every sale any of our tens of millions of users buy and we'll let you blacklist any codes you like!"
There are cases here where companies used GPL code without releasing their changes.
How do licenses of a source code check if the people using their code is complying with the license it uses?
https://www.reddit.com/r/embedded/comments/18gie6l/how_do_li...
The fastest way is often to just run the "Strings" program on the software. Often it will dump out a bunch of strings that match those in the Open Source project: Error Messages, Logging messages, etc. Sometimes if they're really sloppy it'll spit out the name of the GPL program/library directly and a version number.
I often add magic arrays to my code. So.. if I find them in a binary blob...
Have there been any lawsuits involving breach of open source licences?
https://opensource.stackexchange.com/questions/11452/have-th...
Suspecting users can try the software to see if it has the exact same functionality or bugs as the copied GPL library. This is of course not a definite proof, but some amount of rare enough coincidences can be considered as a very strong sign for copying. Legal measures can be taken on account of these evidences.
And of course there is always the option of a whistleblower.
Granted that means the 'smart' infringers are likely to slip through the sieve, but at that point they'll have to essentially be re-writing the code anyway, and lose most of the benefit that they'd get stealing the GPL code (they'd have to hand-roll any bug or security fixes back into their stolen-but-obscured GPL code)
Also I don't think it's that easy to conceal and not sure any serious company would risk the liability.
First, if you are distributing modified code or code compiled from GPL sources, in any way, you must advertise that fact clearly, and extend an offer to the original sources plus your compilation methods to anyone who recieves this from you. This is true regardless of whether your work constitutes a combined work.
Then, if you are distributing a work that includes GPL parts and parts that you don't want to release under the GPL, you have to check specifically how the GPL parts are used. The relatively safe boundary is calling GPL binaries as separate processes, especially over a network - if this is the only way you are using the GPL code, it's probably OK to keep your other parts under an incompatible license.
If you are using the GPL parts any more closely, such as calling functions from a GPL library directly through an FFI, or worse, linking to that library, then you are almost certainly building a combined work and all of your own code has to be released under the GPL if you wish to distribute the GPL parts.
Even if you are calling the code only as a separate process, the amount and type of communication you use matters - if you are exchanging extremely complex and specific data structures with the GPL process, rather than just a few command line switches and parsing some yes/no answer, then your work may still constitute a combined work and have to be entirely distributed under the GPL.
GPL is called a viral license. Any project that you add GPL code to must be licensed under GPL (and made available to others under the GPL guidelines). That's why many commercial companies don't include GPL code - see Apple.
LGPL is typically meant for code packaged as a standalone library called from other, possibly non-GPL, code. You can distribute and call LGPL code from your code but your code does not have to be GPL/LGPL-licensed.
I believe the intent of LGPL was to have free LGPL versions of libraries where only popular non-LGPL libraries existed before. Any changes made to LGPL source code must be released under the usual LGPL/GPL guidelines, i.e. you can't make changes to LGPL code, release it in your project, yet keep the changes to yourself.
This is wrong in a couple ways. First, Apple ships plenty of GPL code. https://github.com/apple-oss-distributions/bash/blob/bash-13... as an example.
What Apple does not ship is GPLv3 code. GPLv3 had two major changes around patents and "tivoization". The tivoization clause in particular forces changes that break Apple's security model for their hardware, and is probably the core reason they do not ship GPLv3 software.
>5. Conveying Modified Source Versions.
>You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions:
>[...]
>c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it.
It seems to be the case here since, as the top comment by RraaLL says, they've included GPL-licensed JavaScript from uBO in their extension.
I’m not an expert in this sort of thing, so a more knowledgeable person may chime in.
Update: It looks like they're also using code from uBO without attribution or authorization. That's most likely illegal.
@readers: Obligatory notice: Don't base your business decision on random internet comments.
I thought it was interesting that YouTube, in the midst of trying to crack down on ad blockers, allows ads promoting an ad blocker that is specifically claiming to evade that crackdown.
One thief sold to another , it is like credit card lists or botnets are sold on the dark web .
PayPal is hardly innocent here , they knew what they were getting into , this is the core business model of not just honey but all of the coupon sites.
They are simply codes provided by partnered businesses and may be beaten by codes you can get by searching yourself.
If true, then this is them outright lying to the user.
And you know, if they don't find a coupon code for you, one might still be at least a little annoyed that the original 'salesman' didn't get their affiliate commission; it instead being pinched by another.
The affiliate networks (CJ, Impact, etc) are the ones who determine what attribution method to use, shopping extensions just comply. The vast majority of shopping sessions don't have any prior attribution and merchants fund all of these commissions (nothing is taken from a creator or a user). Yeah, it does seem like the codes Honey has have gotten worse in recent years, probably just a consequence of PayPal acquiring them and not giving it any attention (and layoffs). But the example MegaLag points out of finding a better code on a coupon website DOES THE SAME THING AS HONEY (overides the attribution).
So are there some problems with the affiliate industry? Probably. But calling Honey a "scam" seems completely unfair and lacks critical thinking. It's saved me thousands of dollars over the years.
It is not the industry is shady that made honey standout, it is the fact that they were paying the people to pick from their own pockets is what got YT creators railed up.
It is being singled out, because without that heavy creator promotion they wouldn’t have grown anywhere close to the size they were last month. They have already last 3+ millions on Chrome web store in December .
No other coupon company has been valued or sold at 4 billion honey was, it is by far the largest and most successful. It is not uncommon for largest player to get the most scrutiny even though others do the same
Nobody cares that other companies and extensions do the same thing, they're bad too.
Would it make a difference if this garbage was GPL licensed?
and not just cut it off once, but cut it off forever
and as a bonus: cut it off for all other influencers too
Honey _does not_ scour the web for discount codes. Honey instead partners with webpages to provide you a discount code (or not) with the advantage for the webpage being that less people will use a 30% discount code and instead use Honey's 10%.
Of course the really funny part was that basically none of the influencers did due diligence on their counter-party and Honey also took all of the influencer's affiliate money as well.
> Pie Adblock: Block Ads, Get Paid
Really? Do people not understand how the economy works or something? Education failed so bad :(
> Browse ad-free with Pie Adblock and earn cash rewards for the ads you choose to see.
Sounds like they replace the ads with their own, paying you (and surely taking their cut). Sounds a lot like Brave Rewards, similar thing...
What they did was out themselves as garbage humans, with laziness, antisocial grifting, disrespect for the law, and general unpleasantness at every possible level. It'd be difficult to be worse people without adding murder or violence to the mix.
It's free so I'm suspecting they're doing more affiliate marketing stealing or something similar to Honey.
> Get Paid to See Ads — Opt-in to see a limited number of partner ads and earn rewards.
"UBlockOrigin GPL code stolen by Pie Adblock Extension and Honey team"
Of course Pie is scummy, it is brought to you by the people behind Honey. In addition to stealing GPL Source the new over-hyped Adblocker that probably also steals (silently rewrites in the background) affiliate links, just like the old "coupon finder". No surprises!
Basically every dollar the company has made is basically illegal.
> For Zeidenberg's argument, the circuit court assumed that a database collecting the contents of one or more telephone directories was equally a collection of facts that could not be copyrighted. Thus, Zeidenberg's copyright argument was valid.[1] However, this did not lead to a victory for Zeidenberg, because the circuit court held that copyright law does not preempt contract law. Since ProCD had made the investments in its business and its specific SelectPhone product, it could require customers to agree to its terms on how to use the product, including a prohibition on copying the information therein regardless of copyright protections.
A similar example would be using a GPLv3 licensed JavaScript library in a website. What it implies to other HTML/JS/CSS code is controversial [0]. The FSF actually believed that they should not be "infected" [1], and the legal implications may need to be tested in court.
I don't think chrome extensions can be modified by the user; there's probably some integrity check. So to be GPL compliant they need to publish source files to rebuild the extension?
Not only is the original GPLd code still there, the owner of that code didn't have the money in their pocket, so nothing was actually 'stolen'.
It's why I support using GPLd code in proprietary applications. This team just got sloppy and copy/pasted. They should have hired me and I would have made it virtually untracable.
I'm sure they can be profitable.
This deceptive behaviour actually makes the business loose customers in the long term.
A system that tolerates bad actors like this will in time only have bad actors. It’s tolerated because it makes a large amount of money for a small number of people.
We need to resist that call to apathy, stop acquiescing, and start demanding better of others. That, incidentally, often starts at demanding better of ourselves.
That does not work for corporations, because most people who are customers of these corporations are unaware of the corporation's bad behavior, are unable to avoid the corporation's products, or are stuck with a choice between bad options.
The main solution is regulation, oversight, and legal action, but the first two of these are unlikely to be enacted in the US in the current political climate. The Biden administration made some steps towards stronger regulation (e.g. by putting Lina Khan in control of the FTC), but received little to no political benefit from it and probably harmed fundraising for the Democrats.
Legal action is often prevented by arbitration clauses or disparate funding, where it is financially untenable to restrain bad actors using legal action.
Protects and does not bind vs bind but does not protect. Same as always.
Their product is supposedly: install a FREE extension and you get discount codes applied for you at retailers when you check out.
It turns out they were able to be profitable by making themselves the affiliate every time you purchase something, but that's scammy because it's stealing from others who actually generated the referral.
But what other non-scammy business model could they have? There's basically no business model for what they're trying to offer that makes sense other than end-users paying for it.
In the rare case there is a prior referral, yes last click attribution comes into play. But that's the same for every shopping extension (Rakuten, Capital One, etc). The extensions have to comply with the affiliate network's "stand down" policies, which means they can't just automatically pop-up and actively try to poach the commission if it's within the same shopping session. And they all comply. MegaLag focuses on a very niche case of going back to the merchant in the same month.
Source: I worked in the affiliate industry for a few years
1 - Because investors are now the customer. There is no incentive to solve a problem or provide a product for end-users, only to funnel money to investors. That is the business model. 2 - The attention economy is run entirely on deception. Without solving someone's problem, the best option is to keep their attention and prevent them realizing they don't need a subscription. Literally addicting people to notifications and scrolling.
Some aren’t and never will be without the deception and those companies just shouldn’t exist.
https://fee.org/resources/the-road-to-serfdom-chapter-10-why...
But can you be as profitable as your indecent, deceptive, scamming competitor?
If not, it won't matter how much of a goody-two-shoes you are. If the market sets the bar low, you either limbo or leave.
I'm deeply pessimistic about the future of open source. A lot of people are going to give up on it as it becomes clear that it's just free labor for SaaS companies and hustlers. That and I expect far more supply chain attacks in the future. I'm quite surprised there haven't been a lot more like the attempted XZ poisoning... yet. Or maybe there have been and we haven't caught them.
Edit: I forgot free training data for code writing AI. It's that too.
OSS is one of the Internet's last remaining high trust spaces. It'll be dead soon like all the others. The Internet is a dark forest.
I get linux for free, an entire OS. Tons of giant companies contribute to it. I get llvm and clang mostly paid for by giant companies. I get python, go, node paid for by giant companies. I get free hosting for open source projects and free CI (github) paid for by giant companies. I get free frameworks (React, Flutter). Free languages, free libraries, etc...
My open source is just part of that. Contributing back to all the free stuff I get, much of it from giant companies.
Legally and morally they should ask the permission for each content they crawl / ingest, but they do not.
You're right though, centimillionaires feel entitled to become billionaires, and billionaires feel entitled to become centibillionaires. However, I have noticed that the decimillionaires I know are aware that they still aren't in the right lane to even think that way and are largely content.
(wow, you're getting downvoted, the little boys on the site sure are a jealous bunch.)
I don’t see any incentives for decency.
Decency is as desired by society as “made locally.” Very few people are willing to pay for it and behaving that way he tremendous opportunity costs.
Are the liars of our society shunned and condemned to penury? Nope.
Jeff Skilling (Mr Enron) got out of jail and raised money for a new company. Pull off the fraud synonymous with corporate fraud and get investors.
Former convicted Enron corporate officers enjoy fat speaking fees and cushy consulting gigs.
You can pull off the fraud everyone knows and pay no social price for it.
You can defraud investors by the billions and get a movie about you (Wolf of Wall Street).
You can cook up the disaster that was WeWork and raise hundreds of millions from the most powerful VCs right after.
