Support my channel on Patreon: https://patreon.com/MegaLagCheck out:Jelte for Honey Data Drop: https://x.com/j3lteDataRequest's full investigation: https://w...
Follow up video from MegaLag on the Honey scandal.
If you (a business) want to give out coupons only “internally” (usually only to employees), allowing ANYONE to redeem them is just stupid. That system is designed to be exploited. IMO, this is either a bug or very bad application planning.
And I have an idea for a “honey trap trap”… Whenever someone tries to redeem an “internal” coupon code in your shop, do this: If the person is employee, let them redeem it. If not, display “Attention! You have a dangerous spyware called Honey on your PC. Please uninstall it as soon as possible” with a link to this video…
To elaborate on this, since watching this video I’ve paid attention to how sponsorships provide discounts to viewers of creators, and it’s often via URLs. eg. service.com/creator_name, not with a discount code. That way, a website can track how many people went to the URL, not how many used whatever code is associated with that URL.
As an additional blocking measure, maybe a website could simply create a different listing for the same product instead of relying on discount codes, this different listing only being accessible via the creator links. I’m not sure if Honey would figure out how to navigate that as well or not, swapping the item in the cart or whatever.
I’d totally be interested to hear more on how companies deal with this, and if there are better ideas than the one I came up with as I typed this comment.
I agree with most of it, but…
If you (a business) want to give out coupons only “internally” (usually only to employees), allowing ANYONE to redeem them is just stupid. That system is designed to be exploited. IMO, this is either a bug or very bad application planning.
And I have an idea for a “honey trap trap”… Whenever someone tries to redeem an “internal” coupon code in your shop, do this: If the person is employee, let them redeem it. If not, display “Attention! You have a dangerous spyware called Honey on your PC. Please uninstall it as soon as possible” with a link to this video…
To elaborate on this, since watching this video I’ve paid attention to how sponsorships provide discounts to viewers of creators, and it’s often via URLs. eg. service.com/creator_name, not with a discount code. That way, a website can track how many people went to the URL, not how many used whatever code is associated with that URL.
As an additional blocking measure, maybe a website could simply create a different listing for the same product instead of relying on discount codes, this different listing only being accessible via the creator links. I’m not sure if Honey would figure out how to navigate that as well or not, swapping the item in the cart or whatever.
I’d totally be interested to hear more on how companies deal with this, and if there are better ideas than the one I came up with as I typed this comment.