According to research released on December 22, 2024, PayPal's browser extension Honey has been systematically diverting affiliate commissions from content creators while manipulating which coupon codes users could access. The findings emerged from a multi-year investigation conducted by tech journalist MegaLag, who analyzed hundreds of documents, advertisements, and communications between Honey and merchants.
The investigation demonstrated that when users clicked on a content creator's affiliate link and subsequently activated Honey at checkout, the extension would remove the creator's tracking cookie and replace it with PayPal's own affiliate code. This practice occurred even in cases where Honey found no working discount codes for the purchase.
According to email communications reviewed in the investigation, when one of Honey's largest promotional partners, Linus Media Group (LMG), discovered this practice and requested changes, Honey declined to modify the behavior. LMG subsequently terminated their partnership with Honey after approximately 160 sponsored segments that garnered 194 million views.
The investigation revealed that Honey's impact on affiliate marketing extended beyond commission diversion. Princess Polly, an Australian clothing retailer, disclosed in a company podcast that partner merchants retained control over which coupon codes appeared through the Honey platform. This meant that even if more valuable discount codes existed, users would only see merchant-approved codes through the extension.
In one documented test case, the investigator made two identical purchases on NordVPN. When Honey was activated, it diverted a $35 commission and provided the user with 89 cents worth of "Honey Gold" rewards points. The extension executed this diversion through a concealed browser tab that simulated a new referral click.
The Better Business Bureau had previously launched an inquiry into Honey's advertising claims. According to the investigation, Honey discontinued certain claims for "business reasons" when questioned by the BBB.
The scope of Honey's promotional reach was substantial. Data analysis showed sponsorship of approximately 5,000 videos across 1,000 YouTube channels, accumulating 7.8 billion views. PayPal acquired Honey for $4 billion prior to these practices coming to light.
The investigation documented three distinct commission diversion mechanisms:
- Direct replacement of affiliate tracking cookies
- Incentivized diversion through the "Honey Gold" rewards program
- Commission capture through interface elements like the "Got it" button
The technical analysis revealed that Honey utilized a last-click attribution model in affiliate marketing systems. This meant that Honey's intervention at the checkout stage could override previous affiliate referrals, regardless of which content creator initially directed the consumer to the product.
Matt Mullenweg, founder of WordPress, characterized the findings as "particularly egregious behavior" by PayPal. Multiple e-commerce security experts cited in the investigation noted that the practices raised concerns about transparency in affiliate marketing systems.
This is a great look into how scammy the affiliate link ecosystem is in general, but particularly egregious behavior by @PayPal . I love how accessible and understandable @megalag has made cookies and tracking links. https://t.co/jaPYD3GVXj
— Matt Mullenweg (@photomatt) December 24, 2024
The investigation's documentation included technical analysis of cookie manipulation, merchant communications, and extensive data on promotional reach. According to the materials, many content creators remained unaware of the commission diversion until the investigation's publication.
These findings have implications for affiliate marketing practices, e-commerce transparency, and the relationship between promotional platforms and content creators. The investigation has prompted discussions about oversight of browser extensions that interact with e-commerce systems.