Hide and seek with testers: YouTuber and digital forensics expert uncover new honey scandal

At the end of 2024, YouTuber MegaLag released a video exposing a system that goes far beyond simple commission tricks. Honey has seen a precipitous decline in its user base since then. From once around 17 to 20 million Chrome extension users, only 12 million remained, according to current Chrome Web Store figures. In a new video, the YouTuber makes serious allegations against the company. To secure his technical findings, MegaLag brought renowned security researcher Ben Edelman on board, who verified the discoveries firsthand.

Together, they exposed a system said to resemble the Dieselgate scandal in its proportions. The so-called SSD system (Selective Standdown) is reportedly a hidden logic in the source code that Honey uses like a digital cloak. The principle is allegedly as simple as it is perfidious: the browser extension is claimed to recognize specific characteristics to determine whether it is being used by a tester or a regular user. According to the analyses, four central criteria are reportedly checked to identify potential testers: the age of the account, the point balance, a server-side blacklist, and the presence of cookies from professional affiliate networks like CJ or Awin. If Honey suspects an industry insider is watching, the extension is said to behave in full compliance and refrains from overwriting third-party tracking links. However, as soon as the software identifies a normal shopper—such as someone with many loyalty points and no professional cookies—it reportedly switches to attack mode and injects its own codes to grab commissions that would actually belong to influencers.

Edelman compares this behavior to Volkswagen's Dieselgate scandal, as the software was reportedly specifically programmed to recognize and manipulate test situations. The evidence is said to be heavy, as it is not based on guesswork but was extracted directly from the extension's configuration files and JavaScript code. This manipulative logic has reportedly been refined over the years; for example, the point threshold required to trigger the manipulation has risen from around 501 points in 2022 to over 65,000 points currently, making discovery by casual testers nearly impossible. For the investigators, the targeted concealment from testers proves above all that Honey knew exactly that its own behavior violated current network rules and went to great lengths not to get caught. Reportedly, evidence of the Selective Standdown protocol dates back to 2017. This goes all the way back to before PayPal owned a portion of the business.

Another point of criticism in the video is the deliberate deception of users through an artificially inflated coupon database. MegaLag points out that Honey often disguises expired or even non-functional codes as exclusive, just to keep the user in the extension. While the automated check process is running, Honey reportedly places its own affiliate cookie in the background and often overwrites links from influencers or content creators, even if no working discount was found. This procedure is said to ensure that the commission ends up with PayPal in the end, while the original intermediary comes away empty-handed. In another video, MegaLag also showed that Honey reportedly grabs coupons from user input and distributes them to other users. If shop operators try to take action against this, they are reportedly bullied into entering a partnership with Honey. Honey's behavior is overall questionable. From the user's perspective, the privacy invasions are primarily unpleasant. The most unpleasant consequence for retailers is probably the systematic destruction of their marketing strategies. The unauthorized publication of private coupon codes reportedly triggers massive revenue losses. To regain control over their own discount system, retailers are then lured into a partnership with Honey. Companies and content creators who rely on affiliate marketing income are systematically deprived of their earnings, as Honey reportedly secures the commission for sales already thought to be safe only at the moment of payment.