Honey’s Tester Detection Exposed
Technical analysis shows Honey’s extension deliberately honors stand‑down for suspected testers and dishonors it for typical users, using deterministic rules drawn from server config, telemetry, and client code.
A shopping plugin that behaves one way for testers and another for regular users. What Honey hides from industry insiders changes who gets paid — and why it matters.
Technical analysis shows Honey’s extension deliberately honors stand‑down for suspected testers and dishonors it for typical users, using deterministic rules drawn from server config, telemetry, and client code.
Source: VPT (Visible Performance Technologies) — Source link
Highlights
| Metric | Value | Notes |
|---|---|---|
| Tester‑detection criteria | New accounts (<30 days); low points balance; server‑side blacklist; affiliate‑console cookies (CJ, Rakuten/LinkShare, Awin) | |
| Base points threshold (ssd.json, Oct 22, 2025) | 65,000 points required to disable stand‑down (1,000 points = $10 → 65,000 points ≈ $650) | From ssd.json retrieved and shown in the article |
| LinkShare / Rakuten override | LinkShare merchants use a lower uP threshold of 5,001 points in current ssd.json | Explains different behavior for Rakuten network merchants |
| Historic config (June 2022) | June 2022 ssd.json had no points requirement for most networks and a LinkShare uP of 501 points | Preserved by VPT; shows a large change over time |
| Multi‑vector evidence | Findings supported by hands‑on tests (recorded videos), packet sniffing/config files, telemetry, and source‑code analysis | |
| eBay special treatment | Hard‑coded eBay stand‑down backstop and 86,400s (24‑hour) TTL in config/code | Code forces stand‑down for eBay regardless of other ssd criteria |
Key points
- Honey applies deterministic logic: if any detection factor flags a user as high‑risk it fully honors stand‑down; if none do, it fully dishonors stand‑down (presents affiliate links).
- Four detection signals block testers: account age, points balance, server blacklist (IDs/IPs/cookies), and affiliate‑console cookies.
- Telemetry strings (e.g., "suspend", "uP:5001", "gca", "ssd") map directly to ssd.json rules and hand‑run tests, validating the config→behavior link.
- Source code and config files reveal a killswitch and blacklist logic (bl) that can toggle stand‑down behavior from the server.
- Config changes show a sharp rise in points thresholds since 2022 (e.g., LinkShare: 501 → 5,001; base: no points → 65,000), narrowing what qualifies as a tester.
- Special eBay exceptions (24‑hour TTL and hard‑coded stand‑down) highlight preferential handling for specific merchants.
- Implications: concealed behavior strengthens plaintiffs’ litigation claims, risks Chrome/Apple policy violations, and undermines affiliate and merchant trust.
Timeline
- 2002 — Stand‑down rules for affiliate software were first established.
- June 2022 — VPT preserved a historic ssd.json showing no base points requirement and a LinkShare uP of 501 points.
- April 14, 2023 — Archive.org preserved ssd.json (same settings as June 2022 snapshot).
- December 2024 — MegaLag published a video raising public questions about Honey’s behavior.
- October 22, 2025 — ssd.json snapshot shown in the article reflects a base uP of 65,000 points and the affiliates/GA cookie checks.
- November 14–16, 2025 — Author produced hands‑on test videos demonstrating stand‑down when low points or affiliate cookies present, and no stand‑down when points are high.
- December 30, 2025 — Article published on VPT documenting the findings and analysis.
Why this matters
Honey’s concealment changes attribution, diverts publisher commissions, and undermines merchant trust. The config, telemetry, and code evidence signals intentional hiding from industry testers — strengthening litigation claims, exposing platform‑policy risk with Chrome/Apple, and raising security/privacy concerns for users and partners.
