Skip to main content

Honey extensions is a Giant Scam

 

Everyone enjoys saving money while shopping, especially with free apps that find the best online deals. However, no one likes discovering that a money-saving tool is secretly taking more than it saves. A popular YouTube creator claims PayPal's browser extension, Honey, has been doing just that.

Honey gained millions of users by offering free coupon codes and cashback rewards across 30,000 retailers, making it a favorite among influencers like Mr. Beast and MKBHD, who have promoted it under sponsorships. But New Zealand-based tech investigator MegaLag alleges that "Honey is a scam" and possibly the biggest influencer scam ever.



How Last-Click Attribution Works and Honey’s Problematic Approach

Affiliate marketing allows influencers and businesses to earn commissions when users purchase products through their affiliate links.When a user clicks such a link, a cookie tracks the referral and ensures the commission goes to the rightful source based on the last-click rule.

Mega Labs discovered that Honey interferes by deleting these affiliate cookies and replacing them with its own. As a result, influencers promoting the products lose their commissions, while Honey takes credit for the sale and keeps the earnings.

    Simulations revealed that Honey deletes and replaces affiliate cookies to claim last-click attribution and pocket commissions.
My Findings: Honey’s Cookie Manipulation & Disruptive Practices

Mega Labs provided strong evidence that Honey deletes and replaces ‘last click’ cookies, opens new tabs or pop-ups redirecting to its referral links, and disrupts influencer commissions.

In my independent investigation, I confirmed these findings: Honey alters cookies and overrides referral or affiliate links, especially during checkout simulations. Additionally, I uncovered other unethical practices by Honey that verge on fraudulent behavior.

Honey-offers-unvalid-codes-on-Amazon-pages.

Chaotic Interactions with Honey
Unlike the structured demonstration in Mega Labs’ video, my experience with Honey was disorganized and intrusive.

During testing, Honey frequently opened tabs, changed its icon colors, and sent constant notifications—behaving more like adware than a helpful extension. It repeatedly bombarded me with alerts about coupons, cash rewards, and "better deals," even when no such offers existed.

Honey also runs persistently in the background and often takes over during checkout. Clicking “Add to Cart” or “Complete Checkout” triggered an onslaught of pop-ups and full-page takeovers, claiming to secure rewards while dominating the entire browsing experience.


Cookies

Honey’s Stealthy Tab Redirects
I confirmed that Honey manipulates last-click attribution by opening new tabs with redirect links.

For example, while shopping on https://us-store.msi.com, Honey automatically opened a new tab containing a redirect link. The redirect lasted only a second and pointed to:

The link includes a unique identifier tied to an affiliate program. After the redirect, the shopping site reappeared, now with a new unique identifier in place. This process alters cookies and ensures Honey claims the referral.


 Honey-opens-new-tab-and-pushes-another-notification.

Honey’s Questionable Tactics
Opening unrequested tabs with redirect links is a tactic often linked to cybercriminal activity.

Honey clearly positions itself between influencers, businesses, and consumers, exploiting its role to manipulate last-click attribution. This behavior is so blatant that even non-tech-savvy users might sense something is wrong.

The extension’s lack of transparency and its deceptive manipulation of cookie data raise serious concerns about its ethical practices.

The Impact: Accountability and Ethics
PayPal’s $4 billion acquisition of Honey highlights its significant role in e-commerce, boasting over 17 million users across platforms like Windows, Mac, iOS, and Android. Honey operates seamlessly on browsers including Chrome, Safari, Firefox, Opera, and Edge, with a quick and accessible installation process.

However, allegations of cookie abuse, affiliate link manipulation, and stealing commissions from users and influencers pose serious concerns. These practices align with the definition of fraud as “wrongful or criminal deception for financial gain,” placing Honey and PayPal under scrutiny. This investigation raises critical questions about PayPal’s accountability in enabling such behavior.

My Take on This Research
As a cybersecurity researcher, I’ve encountered numerous instances of adware and browser-based malware. However, this is the first time I’ve found software from a major company like PayPal exhibiting behaviors eerily similar to malware.

Honey is intentionally coded to disrupt online shopping, particularly at checkout, by replacing original referral links with its own affiliate ID—behavior far from industry standards.

The core problem lies in its lack of transparency. If users were informed of its intent to redirect and earn commissions, they could make informed choices. From a technical standpoint, Honey’s actions—manipulating browser data and positioning itself as an intermediary—can be seen as a privacy invasion akin to hacking.


Popular posts from this blog

Unlock Your Potential with Google Gemini: Where Innovation Meets Intelligence.

  Google is launching a new artificial intelligence application named Gemini, which will offer users the ability to rely on technology for various tasks such as writing, interpreting text, and more, rather than solely relying on their own cognitive abilities. Gemini, named after a previously introduced AI project, is replacing Google's earlier brand, Bard. Bard, initially developed as a Chatbot to compete with Microsoft's ChatGPT-4, is now being rebranded as Gemini, signifying Google's most advanced family of AI models. The Gemini app will be available for smart phones running on Android as well as on the web, with immediate release. The introduction of Gemini intensifies the competition between Google and Microsoft in the realm of AI tools, which are promoted as offering innovative ways for users to enhance creativity, manage tasks like debugging code, and prepare for job interviews. While a basic version of Gemini is offered for free, Google is also introducing a ...
Read more

What is Sora ?

Similar to Dall-E, which utilizes text prompts to generate images, Sora employs text prompts to produce brief videos. Sora has the capacity to create videos lasting up to one minute, solely based on a straightforward prompt. According to the site's blog, "Sora can generate videos up to a minute long while preserving visual quality and adhering to the user’s prompt." The AI model is capable of animating a static image into a video presentation. "Its capability extends to transforming a still image into a video, bringing the image’s elements to life with precision and attention to minute details," it elaborated. Additionally, Sora can elongate existing videos or fill in gaps by generating missing frames. Here's a brief overview of how it functions: 1. Provide a written prompt outlining your requirements. 2. The AI model will craft a video (maximum duration: 1 minute). 3. For longer videos, you can supplement the prompts and synchronize them with frame counts. ...
Read more

Bianca Devins: A Tragic Tale of Online Deception and Violence

                      The digital world can be a double-edged sword, offering connections and friendships while hiding darker dangers beneath its surface. Seventeen-year-old Bianca Devins, a resident of New York, sought solace in online communities like 4chan and Discord, searching for companionship in a world where she felt like an outsider. However, her quest for friendship led her down a perilous path that ultimately ended in tragedy.   As one of the few women in these predominantly male spaces, Bianca quickly gained attention, earning a reputation as an 'e-girl,' a term referring to a specific electronic aesthetic. Yet, behind the allure of online popularity lurked a sinister reality. Bianca and her friend Claire shared experiences of encountering older abusive men on 4chan, highlighting the dangers that lurked within these seemingly innocuous online spaces.   One such individual was Brandon Andrew Clark, a 21-...
Read more