What is cookie stuffing? No, it is not something that makes a cookie even more delicious and fattening.  But it can fatten the wallets of blackhat affiliate marketers and steal the commission that rightfully belongs to another affiliate in the process.  Cookie stuffing is a blackhat technique whereby a browser cookie is secretly deposited on a user’s computer without the user having clicked on any affiliate hoplink.

One popular way of doing this is via invisible iframes embedded in popular, high-traffic websites such as gambling sites, forums and shopping sites.  An individual or company joins an affiliate program and then proceeds to acquire multiple hoplinks which are then placed in a webpage. This webpage is then secretly loaded into other webpages within a website via an inconspicuous or invisible iframe.  This allows for all the affiliate cookies to be deposited on your computer without your knowledge. Should you decide at a later point to purchase a product from one of the corresponding merchants, the cookie-depositing perpetrator gets credit for the sale.  And since it’s not uncommon for affiliate cookies to last 120 days or more before expiring, this leaves ample time for the cookies to do their dirtywork.

Unfortunately, there’s not a lot that can be done to safeguard against cookie stuffing.  The ultimate solution is one that must be implemented by the merchants themselves by issuing cookies that are not re-writable.  This way, once a visitor has received a cookie from a legitimate affiliate, it cannot be overwritten at a later point should this same visitor land on a page that has been stuffed with illegitimate cookies.