Honey co-founder Ryan Hudson defends extension amid fraud detection allegations

A security researcher exposed a sophisticated alleged fraud detection evasion system embedded in PayPal's Honey browser extension on December 30, 2025, revealing that the coupon-finding tool has allegedly been systematically hiding its affiliate commission diversion practices from industry compliance testers since October 2017.

The investigation by content creator MegaLag documented how Honey co-founders Ryan Hudson and George Ruan allegedly engineered what the researcher termed a "selective standdown" system that adjusts the extension's behavior based on user profiling to determine whether someone is a legitimate shopper or an affiliate industry insider testing for compliance violations.

Hudson no longer works at Honey or PayPal and has moved on to launch ZeroClick, an advertising network for AI chatbot products that raised $55 million in August 2025 from many of the same investors who backed Honey. "I no longer work at Honey or PayPal, can't speak for them, and have no current knowledge of the business," Hudson stated on Twitter. "We sold Honey in January 2020 and I left in early 2022."

According to the technical documentation, Honey's system analyzes multiple signals to identify compliance testers, including whether users are logged into affiliate network websites, specific cookies in browsers, email addresses containing the word "test," account age, cashback points accumulated, and login status. When the extension detects these high-risk indicators, it behaves compliantly by respecting affiliate tracking links. For users who pass all engagement thresholds, Honey allegedly ignores standdown protocols and diverts commissions.

The technical architecture reveals that Honey stores standdown rules on cloud servers accessible through a specific URL that refreshes every hour, allowing developers to modify behavior across 14 million Chrome users without requiring extension updates or providing transparency to users or affiliate networks. Archives from the Wayback Machine show these rules existed as early as October 2017, suggesting the system allegedly operated for eight years under both Honey's original leadership and PayPal's ownership following the $4 billion acquisition in 2020.

Security researcher Ben Adelman independently verified the findings and characterized the system's purpose in an interview included in the investigation. "Honey stands down, but only sometimes," Adelman stated. "They're not doing it randomly. They're doing it based on articulable factors that we can see in the code, we can see in the packet log, and we can even infer their intent based on what we see there."

Hudson responded to the allegations on Twitter, defending Honey's practices and characterizing the investigation as deceptive. "It wasn't until I recently went frame-by-frame that I realized just how much had been fabricated in pursuit of a viral narrative," Hudson stated. "Beyond what I've shown here, there are other sections where I found irregularities that make me question the authenticity of what is presented."

The co-founder attempted to rebut specific claims about coupon code management. "I tried to explain that isn't how it works," Hudson stated in response to allegations that companies could pay Honey to choose which coupons to display, according to the Twitter exchanges. "He bases this false claim on 1) an quote from a 3rd party edited to remove context, 2) using vanity code like HONEY10, and 3) submitting his own codes and them not being published."

However, the investigation documented that Honey's base engagement rules originally required zero cashback points, no minimum account age, and no login requirement according to 2023 archives. Network-specific rules for Rakuten LinkShare affiliate links and store-specific rules for companies including TTMX, Booking.com, Chaos Sports, The Udie, and Calming Blanket represented the only exceptions, likely indicating these entities raised compliance concerns.

PayPal modified the system's thresholds after lawsuits began in late 2024, implementing a 65,000 cashback point requirement under base rules that effectively limits how frequently Honey allegedly engages in commission diversion. However, developers inadvertently left a Rakuten-specific rule requiring only 5,000 points, creating an oversight that enabled the researcher to demonstrate the system's continued operation using PayPal's unmodified, publicly available extension.

The system incorporates what the researcher identified as a "master kill switch" controlled from Honey servers that can instantly disable the entire selective standdown architecture. This server-side control mechanism operates independently of the browser extension, meaning PayPal could deactivate the system globally without users or affiliate networks detecting the change through normal extension monitoring.

Hudson defended Honey's approach to affiliate commissions and cashback rewards. "Whenever possible Honey shared affiliate commissions with users as Honey Gold (cash back)," Hudson stated on Twitter. "We were very transparent about how our business worked, in part because people always wondered if we sold data (we didn't)."

He framed the controversy as a question of user choice versus creator compensation. "The video intentionally avoids a discussion of whether users should be allowed to earn cash back, even if they click on an affiliate link from a creator," Hudson stated according to the Twitter thread. "Personally, I think user choice should take priority any time you are tracking users."

Honey's cookie monitoring represents another invasive element of the architecture. The extension tracks cookies from affiliate networks including Commission Junction, AWIN, Rakuten LinkShare, ShareASale, and competitor Swagbucks. When any of these cookies appear in a user's browser, Honey immediately switches to compliant behavior regardless of other engagement thresholds.

Database analysis revealed that Honey claimed to scan "millions" of coupon codes in marketing materials but maintained only 85,000 codes at the time data was collected, with 12,000 marked as expired. The system displayed expired codes as "Honey exclusive" promotions on iOS and Firefox browsers, presenting users with non-functional coupons while censoring the actual code text.

Monetization notes left by Honey developers in spreadsheets documented the company's awareness of affiliate network coupon policies and alleged deliberate violations of those terms. Multiple entries stated variations of "Terms have the coupon clause. No data on enforcement yet" and "The terms have the coupon clause. We just added them. So unsure if this is enforced yet," indicating Honey allegedly joined affiliate programs, acknowledged coupon distribution restrictions, but intentionally disregarded policies until enforcement action occurred.

Major affiliate networks enforce standdown policies requiring browser extensions to respect existing affiliate tracking when users click referral links before reaching checkout pages. The IAB Australia Affiliate Program Compliance Guide released November 27, 2025, explicitly categorizes cookie stuffing and toolbar violations as technical compliance breaches requiring investigation and enforcement.

Most affiliate networks specify standdown duration requirements in their terms of service, but archives show Honey set arbitrary one-hour standdown windows in current rules, down from just six minutes in 2023. Neither timeframe aligns with standard affiliate network policies, which typically require respecting tracking cookies throughout the entire shopping session.

The investigation found that 27,000 of Honey's 85,000 coupon codes came from affiliate networks, 23,000 were manually added by employees including 9,000 Honey-branded codes, and 34,000 were user-submitted. Developer notes from 2016 revealed Honey scraped competitor sites Retail Me Not and Coupon Follow for additional codes, contradicting marketing claims of automated internet-wide coupon harvesting.

Honey's Shopify app, which remains documented on the company's website, allowed store owners to manage which coupons appeared in Honey's database without requiring equivalent-value replacements. The FAQ explicitly states stores could "choose which ones you'd like to make available to Honey members and which ones you'd like to remove from the Honey system" with only a requirement to maintain at least one active code.

This contradicts statements made by Hudson in a Reddit post attempting to rebut the initial investigation. Hudson claimed Honey required brands to replace removed public coupons with Honey-branded codes of equal value as "strict policy" during his tenure. The Shopify app launched in 2021 while Hudson remained at the company.

Hudson concluded his Twitter defense by asserting Honey's legitimacy. "Simply put, Honey was never a scam to defraud users or creators," Hudson stated.

Security researcher Vladimir Palant discovered in 2020 that Honey encrypted specific code sections to conceal them from outside analysis. Palant's published research included screenshots showing references to "SSD" and affiliate network cookies, providing the earliest public documentation of the selective standdown system's existence before PayPal's 2020 acquisition.

The researcher traced the system through nearly 300 archived extension versions dating to 2014, finding encrypted selective standdown code in version 10.5.2 released October 2017. This timing places the alleged system development under the original co-founders' leadership approximately three years before PayPal's acquisition.

Affiliate marketing operates on last-click attribution models where the final touchpoint before purchase receives commission credit. Browser extensions that insert themselves at checkout allegedly exploit this system by replacing earlier referral tracking, a practice multiple class action lawsuits have characterized as systematic commission theft affecting content creators who promoted products through affiliate links.

Linus Media Group terminated its partnership with Honey after approximately 160 sponsored segments garnering 194 million views when the company declined to modify alleged commission diversion behavior according to email communications reviewed in investigations.

Ben Adelman addressed potential criminal liability during the interview, drawing comparisons to wire fraud statutes. "Criminal charges for corporate misconduct are pretty unusual in the United States," Adelman stated. "But if I were in charge, this kind of misconduct where you intentionally falsify the results that professional testers get in order to advance your business benefits looks like a violation of wire fraud."

Adelman emphasized the seriousness of alleged detection evasion tactics specifically. "A program that detects testers and hides from testers is incredibly frustrating," Adelman stated according to the transcript. "It indicates bad faith in the testing process. The network should be angry based on the facts. Anyone who has an application under test that is hiding from the test, they should be angry about that."

The investigation documented 13,800 stores in Honey's database with no cashback offers and no active coupons, representing partnerships where Honey allegedly earned affiliate revenue purely from user visits without providing any functional benefit. All 13,800 stores were partnered with Honey through affiliate networks.

Over 2,000 brands disabled user-submitted coupons through a dedicated feature flag in Honey's system, virtually all of which maintained affiliate partnerships with the extension. This contradicts the service's marketed value proposition of finding every working code on the internet and applying the best available discount.

Honey declined from a peak exceeding 20 million Chrome users to 14 million as of July 2025 following the initial investigation published December 22, 2024. The extension lost another million users between the first investigation and the latest data collection, suggesting continued exodus as awareness of alleged commission diversion practices spreads.

Hudson expressed frustration with the delayed response timeline. "It has been frustrating to watch what I knew was a deceptive video spread unchecked by facts," Hudson stated on Twitter according to the document. He acknowledged the delay in his public response, stating "ya quite delayed. I hoped he would correct the record in video #2 but that stopped seeming likely. and it was naive of me to think would happen in the first place but I like to give people the benefit of the doubt."

When asked why PayPal and Honey did not issue an official response to the initial investigation, Hudson explained his limited knowledge. "I don't know - I sold Honey to PayPal over 5 years ago and left over 3 years ago," Hudson stated according to the Twitter document. "If I were to speculate based on the public statements the lawsuits shifted the response to legal instead of product teams working with comms. Could be an interesting case study some day."

PayPal acquired Honey in January 2020 for approximately $4 billion, representing one of the payment platform's largest acquisitions. The company has had five years to identify, investigate, and report the selective standdown system to authorities or affiliate network partners but allegedly instead made multiple modifications to the system's thresholds while allowing core functionality to continue operating.

Hudson has since pivoted to building ZeroClick, described as an advertising network for AI environments. "I'm on a mission to make the open internet work better for people," Hudson stated on his LinkedIn profile. "In 2012, I created Honey to help 30 million people save time and money shopping online."

According to an AdExchanger, ZeroClick launched after Hudson founded Pie Adblock in January 2024, a browser extension for ad-blocking solutions with approximately two million users. "At Pie we are rebuilding the economic engine of the internet with people in control of their advertising experience," Hudson stated on LinkedIn according to the profile document.

The ZeroClick business announced a $55 million investment in August 2025 from many of the same investors and funds that backed Honey. "I'm excited to announce that ZeroClick has acquired Sleek," Hudson stated on LinkedIn according to the document. "The future of AI is more than a chatbot. It's AI that comes to you. AI that understands what you're doing right now and helps you do it better. AI that lives in your browser where you actually work and make decisions."

Hudson told AdExchanger that ZeroClick works by allowing publishers, merchants, or developers to embed the product into their own AI-based solutions. "I strongly believe the native ad format for AI is going to be – and we're going to try to make it be – paid consideration at the reasoning time," Hudson stated according to the AdExchanger article.

The ZeroClick founder explained the pivot from contextual advertising to AI-based products. "When we realized what we'd built was highly applicable to AI environments," Hudson stated in the AdExchanger interview. He noted that the challenges of ad blocking and AI advertising are similar, with users wanting shopping ads for products they were interested in rather than all ads removed.

Hudson positioned ZeroClick as an alternative to potential monopolistic control by major AI platforms. "I think all of the AI players [OpenAI, Google, Microsoft, et al.] are going to have something like this, and my sense is they will want to own it," Hudson stated according to AdExchanger. "I'd prefer for it to exist outside the walls of any core incumbent."

The ZeroClick team consists of about 30 full-time employees, most of them formerly of Honey, working on integrations that allow AI tools, chatbots, or agents to access paid information resources contributed by clients. "We realized that no matter how big we made Pie," Hudson stated according to AdExchanger, "it was going to be subscale as an ad system."

Federal Trade Commission enforcement actions demonstrate regulatory attention to e-commerce fraud, with the agency securing over $20 million in judgments against Click Profit operators in August 2025 for systematic deception involving false earnings claims and business opportunity misrepresentations.

Similar advertising fraud cases have resulted in criminal charges, including the Near Intelligence scheme where executives faced wire fraud indictments for manipulating revenue through fictitious advertising transactions that misled investors and audit firms.

The marketing community faces implications for affiliate attribution accuracy and campaign measurement. Browser extensions with significant user bases can allegedly systematically disrupt last-click attribution models that remain standard across e-commerce platforms, making reliable performance evaluation challenging when tracking interference goes undetected.

Content creators and affiliate marketers who rely on commission revenue from referral traffic face direct financial impact when browser extensions allegedly replace their tracking cookies at checkout. Class action litigation seeking damages exceeding $5 million progressed after federal courts denied PayPal's motion to compel arbitration in November 2025, allowing plaintiffs to pursue collective remedies rather than individual arbitration proceedings.

Affiliate networks now confront evidence that one of their largest partners allegedly engineered sophisticated systems specifically designed to evade compliance testing while systematically violating standdown policies. The alleged detection evasion tactics—monitoring affiliate network cookies, scanning for test-related email addresses, and profiling user engagement—demonstrate alleged intentional efforts to conceal non-compliant behavior from oversight mechanisms.

Google implemented restrictions affecting affiliate content visibility across major publisher sites in September 2024, with Forbes Advisor, CNN Underscored, Wall Street Journal Buyside, and Marketwatch Guides experiencing substantial traffic declines as the search engine replaced affiliate sections with e-commerce results and AI-generated overviews.

Privacy implications extend beyond alleged affiliate marketing fraud to invasive browser monitoring practices. Honey scanned cookies entirely unrelated to coupon-finding functionality, tracking whether users visited affiliate network platforms or logged into industry accounts. This surveillance operates without user awareness or consent, potentially violating data protection regulations across multiple jurisdictions.

The researcher published comprehensive data files documenting Honey's store database, coupon inventory, and selective standdown rules for independent verification. Ben Adelman plans to release additional technical analysis on his blog examining packet logs and code structure that support the fraud allegations.

Ryan Hudson initially contacted the researcher on Twitter offering to discuss findings, then requested full legal name and address for certified mail delivery, which the researcher characterized as litigation threats. Hudson subsequently posted a lengthy response on Reddit attempting to rebut allegations but provided no documentation contradicting the technical evidence or database contents.

Hudson characterized the investigation as containing fabrications and distortions. "I get why people are angry after watching Jonathon's video – the story sounds damning," Hudson stated on Twitter according to the document. "But hopefully once you see through the distortions driving his narrative you'll have some questions for him. The accusations don't even hold up to evidence provided in the video itself."

PayPal has not disclosed who developed the selective standdown system or when executives became aware of its existence and functionality. The company's statement following the initial investigation claimed information was "factually incorrect" without specifying which findings were disputed or providing contrary evidence.

Affiliate networks including Rakuten LinkShare, AWIN, Commission Junction, ShareASale, and Impact.com enforce program terms requiring publishers to use only approved promotional codes distributed through official channels. These policies protect brands from unauthorized coupon distribution while maintaining control over discount strategies and margin management.

The investigation estimated potential wire fraud liability based on eight years of operation allegedly affecting thousands of content creators across millions of transactions. While criminal prosecution remains uncertain given law enforcement resource constraints and technical complexity, civil litigation has already advanced through federal court with class certification proceedings underway.

For digital marketers evaluating browser extension impact on campaign attribution, the Honey case demonstrates how intermediary tools can allegedly systematically distort performance data while concealing interference through sophisticated detection evasion. Marketing attribution becomes unreliable when last-click models are compromised by extensions that allegedly inject themselves between customer journey touchpoints and final conversion tracking.

Hudson's transition from Honey to ZeroClick represents a continuation of his work in browser-based commerce tools, though the alleged fraud revelations have cast a shadow over his previous venture. The co-founder maintains that Honey operated transparently and in users' interests, positioning cashback rewards as legitimate user choice rather than commission theft from content creators.

The controversy highlights fundamental tensions in affiliate marketing economics between user benefit, creator compensation, and platform monetization. Hudson's defense centers on user empowerment and choice, while critics point to alleged systematic evasion of industry compliance mechanisms designed to prevent exactly the commission diversion practices documented in the investigation.

As Hudson builds ZeroClick with former Honey employees and investors, the alleged selective standdown system raises questions about detection evasion practices potentially extending into new business ventures. The LinkedIn profile shows Hudson worked at Honey from October 2012 through March 2022, spanning the entire period when archives document the selective standdown system's development and operation.

Hudson's background includes an MBA from MIT Sloan School of Management and a BS in Operations Research and Computer Science from Cornell University. He previously worked as a Product Manager at OpenX from 2013 to 2015 on "Mobile and desktop products to prevent adtech fraud and abuse," according to his LinkedIn profile, suggesting expertise in the exact compliance mechanisms that Honey allegedly evaded.

The AdExchanger article notes that despite ZeroClick's positioning as an ad network, it does not currently integrate with OpenRTB environments or function as a traditional programmatic advertising platform. "I think there's a world in the future where we do tap into a whole bunch of value-added providers bringing demand to the table, whether that's agencies or other networks bidding into the platform on behalf of advertisers," Hudson stated according to the article.

For now, ZeroClick focuses on letting merchants or AI developers integrate to subsidize their own products. Hudson expressed hope that the AI advertising ecosystem would avoid monopolistic control. "I'd prefer for it to exist outside the walls of any core incumbent," Hudson stated according to AdExchanger, echoing themes of decentralization and user control that characterized Honey's marketing positioning.

The controversy surrounding Honey's alleged detection evasion system continues to unfold through ongoing litigation and regulatory scrutiny, while Hudson builds his next venture in the rapidly developing AI advertising landscape.

Timeline

• October 2012: Ryan Hudson co-founds Honey with George Ruan
• 2013-2015: Hudson works as Product Manager at OpenX on fraud and abuse prevention
• October 2017: Honey version 10.5.2 released containing earliest documented selective standdown system code according to archive analysis
• January 2020: PayPal acquires Honey for approximately $4 billion
• October 2020: Security researcher Vladimir Palant publishes investigation revealing Honey encrypts code sections to conceal functionality from analysis
• 2021: Honey launches Shopify app allowing merchants to manage coupon availability without requiring equivalent-value replacements
• March 2022: Ryan Hudson departs PayPal/Honey after nine-and-a-half years with the company
• 2023: Archived standdown rules show six-minute compliance windows and minimal user engagement requirements for selective enforcement
• January 2024: Hudson founds Pie Adblock, browser extension for ad-blocking with user control features
• December 22, 2024: Initial investigation exposes alleged commission diversion practices affecting content creators
• April 2025: Hudson posts Twitter thread and Reddit AMA defending Honey's practices and characterizing investigation as fabricated
• July 2025: Honey declines to 14 million Chrome users from peak exceeding 20 million
• August 2025: ZeroClick announces $55 million investment from investors who previously backed Honey
• September 2025: AdExchanger profiles ZeroClick launch as AI advertising network with former Honey team
• November 7, 2025: Federal court denies PayPal arbitration motion, allowing class action to proceed in federal court
• November 27, 2025: IAB Australia releases compliance framework categorizing cookie stuffing and toolbar violations as technical compliance breaches
• December 2025: ZeroClick acquires Sleek to bring AI capabilities to browser-based applications
• December 30, 2025: Technical investigation exposes alleged selective standdown system engineering and detection evasion architecture

Summary

Who: Ryan Hudson, co-founder of Honey who left PayPal in March 2022 and now leads ZeroClick, an AI advertising network that raised $55 million in August 2025 from investors who previously backed Honey. Hudson defends his former company's practices while building a new venture with approximately 30 former Honey employees.

What: A sophisticated selective standdown system allegedly engineered during Hudson's tenure to hide affiliate commission diversion from compliance testers by profiling users through engagement metrics, affiliate network cookies, email addresses, and login status. Hudson characterizes the allegations as fabricated distortions while maintaining Honey operated transparently in users' interests through cashback rewards that prioritize user choice over creator affiliate commissions.

When: System development traced to October 2017 through archived extension versions, allegedly operating continuously during Hudson's nine-and-a-half years with Honey from October 2012 through March 2022, three years before the initial investigation published December 22, 2024. Hudson responded in April 2025 with Twitter and Reddit defenses while continuing to build ZeroClick.

Where: Detection evasion architecture operates through cloud-based rules stored on Honey servers affecting affiliate transactions across thousands of e-commerce platforms. Hudson now operates ZeroClick from Los Angeles with former Honey employees, positioning the AI advertising network as an alternative to monopolistic control by major platforms like OpenAI, Google, and Microsoft.

Why: The system allegedly enables systematic commission theft worth potentially millions of dollars by exploiting last-click attribution models while avoiding detection from compliance testing. Hudson defends the practices as prioritizing user choice and cashback benefits, framing the controversy as a question of user empowerment versus tracking-based monetization while building a new advertising venture targeting AI environments with similar browser-based integration approaches.