PayPal does not want you seeing this video. A few hours ago, PayPal's lawyer sent me a cease and desist letter and requested Patreon take down my video under a copyright infringement claim. I consider this a direct attack against my fundamental rights as an independent journalist. PayPal has specifically taken issue with the fact that an anonymous source discovered Honey had left their source code exposed within their iOS app, which if you know where to look, is publicly accessible. This anonymous source found the code and sent it to me. I reviewed the code for security research purposes, which is a protected act, and I only published relevant sections of the code that provide important context to the story, which I consider within the realm of public interest. Nevertheless, I have removed sections of the video containing said code, not because I believe PayPal are correct, but because I know they will have YouTube take this video down. It was only a small segment of the video. Therefore, I have made this decision quickly under duress and to proceed with this publication as quickly as possible. If PayPal thought this would stop me, they were sorely mistaken. Enjoy the video. >> I don't trust Honey, I don't know what it is. I don't trust it. They push so much advertising. They push so much advertising and then people are getting money out of it and then people are are saving money out of it and that makes sense, but the other part doesn't make sense. And then something's going on here. Who where's all this money coming from? I have a feeling there's going to in like a couple years there's going to be the Great Honey Conspiracy. PayPal's Honey Money Saving browser extension is accused of scamming customers and YouTube creators. >> The biggest YouTube scam has just been revealed. The greatest scam in the history of the creator economy. >> People have been getting influenced and scammed, and I've been a part of it. >> It involves almost every high-profile creator that I can think of, including myself. Honey paid a lot of influencers up front while taking money out of their back pockets. >> Wa, that's a little shady, mind you. No way. That signs you up for their affiliate link. No way. >> What? Brother. Brother. >> I'm the biggest Honey fan in the world. Lwig. No. They've also been lying to consumers. >> They are clearly not giving the best coupon codes and discounts to users. If you have downloaded Honey, I do recommend removing it from your browser. I do think that this investigation for Mega Lag will lead to a huge class action lawsuit against Honey. >> So, on behalf of Creators Everywhere, I have filed a class action lawsuit. >> We're suing PayPal and Honey, Gamers Nexus is the lead plaintiff in a class action complaint filed against PayPal and its property Honey. Well, it's safe to say PayPal's lawyers love my last video. But don't worry, PayPal. You know what they say, all press is good press, right? Let's see. Since releasing part one of my investigation, Honey has lost over 6 million users. Google has changed their policies for browser extensions, blocking Honey from claiming undeserved commissions, and most significantly, PayPal has been slammed with over 20 class action lawsuits, accusing them of wiretapping, computer hacking, unfair competition, consumer fraud, tortious interference, and unjust enrichment. Yikes. Maybe not them. And unfortunately for PayPal, I suspect more lawsuits will be filed following the release of this video. Why? Well, you see, besides lying to consumers and stealing from influencers, Honey was also causing serious harm to small businesses. So much so that I believe brands have likely suffered millions of dollars in damages. But that's not all. In this video, you're also going to learn how Honey was collecting and sharing your data and how they, in my opinion, illegally targeted miners through influencers such as Mr. Beast. Strong accusations, I know, but I have the receipts. I've reviewed internal data, Honey source code, their pitch deck to investors, disturbing emails between Honey and small businesses. I've reviewed interviews, and much, much more. You're about to get insights into one of the most scummy, predatory business models I have ever seen. You'll also find out why my investigation has triggered multiple class action lawsuits against other corporate giants such as Microsoft, Capital 1, Cler, Rakutin, and Retail Me Not. Per usual, the views, allegations, and conclusions expressed in this series are my opinions based on evidence I have gathered, which will be shared throughout. Ladies and gentlemen, welcome to part two of the honey trap. There were many moments throughout this investigation where I thought I'd reached the end of the rabbit hole. I thought I understood everything there was to know about Honey's dirty business model. They were claiming the credit for sales they hadn't earned, poaching the affiliate commissions from content creators, and they were intentionally withholding discounts from users for their own financial gain, rendering the entire value behind their core product a lie. Kind of hard to believe it could get much worse than that, but unfortunately, it does. And I realized this after noticing a strange but reoccurring anomaly. You see, in most cases, when Honey popped up at checkout and I clicked apply coupons, a discrete tab would open in the top left corner of my browser. That's Honey injecting a simulated referral click, attempting to claim the credit for a sale. But here's where things got weird. Every once in a while, I'd come across a store where after clicking apply coupons, Honey wouldn't load their affiliate link. So, why not? At first, I thought it might be a bug, but quickly ruled that out after noticing the same anomaly on multiple websites. Even stranger, when this would happen, I was generally finding better deals. So, what gives? Well, for the longest time, I was under the assumption that Honey would only pop up on websites that had agreed to partner with them. But I couldn't have been more wrong. And I realized this after stumbling across a post on Shopify's community forum where a store owner complained that Honey was leaking their coupon codes without their permission. And as I read through the replies, I could see other stores had the same issue. Now, this was a pivotal moment in my investigation because it turned my entire understanding of Honey's business model upside down. Until now, I was so focused on the impact Honey had on consumers and influencers that I didn't even think to consider the potential impact to businesses. Though in my defense, Honey consistently referred to the 30,000 stores on its platform as participating stores. So, one would assume that every store on Honey's platform joined willingly and with consent. Yet, clearly, that wasn't the case. So, I reached out to several business owners to learn more. Honey takes the codes that people use on our website, the discount codes, and makes them public to everybody who's using Honey. We started having problems where customers would get in touch via our support website saying, "Oh, hey, I just tried to use this discount, this 60% off coupon, and it doesn't work." And I'd be like, "We can look into it." Like, "Dude, that is that is not your discount. Like, how did you get that?" And they'd be like, "Oh, it it just showed up through the Honey extension." I hadn't heard about Honey before and I was just hanging out on the couch with my girlfriend and she made some comment about oh this app Honey that basically gives you all these coupon codes and I think she asked if we were on it. I said no and then she checked out our website and said oh you actually are on it and it's giving this 15 or 20% discount code. And so that's when I found out about it and I was pretty I was pretty shocked because I didn't know how long it had been going on for. Um, yeah, it cost us thousands and I haven't even looked into how far back it went, but I know we just ended the code right away. Now, if you think that sounds bad, well, trust me, it gets a whole lot worse. But first, it's important we understand the scale of this issue. As you just heard, these store owners clearly never consented to being on Honey. So, they can't possibly be among the so-called 30,000 participating stores, right? So, why was Honey lying to consumers about the true number of stores supported by its platform? And just how many stores did Honey add to its platform without consent? Was it hundreds, thousands, tens of thousands? Well, that's where things get interesting. You see, when I started combing through the business side of Honey's website, I noticed that Honey claims to only be partnered with 10,000 brands. That's 20,000 less than what they advertise to consumers. So, I figured, okay, I guess 10,000 stores intentionally partnered with Honey, and the remaining 20,000 never signed up. Now, that would already be incredibly concerning and deeply misleading. But, as it turns out, the deception is far worse than that. You see, as I continued digging, I stumbled across this file from Honey's extension called supported domains, which gets loaded onto your computer when you install Honey. And this file contains a list of over 180,000 online stores. That's a massive discrepancy from what's advertised anywhere on Honey's website. Now, of course, we could start making assumptions based on those numbers alone, but we don't have to because it just so happens that Honey also keeps detailed information for each of the online stores in this list. And it's relatively easy to access that data. For example, on Chrome, if we click manage extensions, turn on developer mode, click on the service worker for Honey, and click on the network tab, we can now monitor what Honey does behind the scenes a little closer. So, if we say visitapple.com, we can see that Honey is now accessing information from their database related to Apple. Looking at this one in particular, we can see that 2.9 million Honey users visited Apple's website in the past 30 days. We can also see that none of those users saved any money from coupons because, well, Honey has no coupon codes for Apple's website. We can even see internal support and monetization notes that were left by Honey's employees. Interesting. Most importantly, however, we can also see that Honey has an affiliate link for Apple's website, confirming that Apple does have an affiliate partnership with Honey. But if we look at the same data for say Abocrombian Fitch, we can see that Honey doesn't have an affiliate link. Yet, Honey is still offering coupon codes for that store. And sure enough, if we click apply coupons on Abocrombian Fitch, Honey doesn't load an affiliate link through that infamous sneaky tab. Aha, things are starting to make more sense. So, all I had to do now was collect this data for every store in Honey's database. The only problem is collecting this data for one store is easy, but doing it for 180,000, that would literally take years. Unless, of course, you created a little program that automated the entire process, crawling through that massive list, scraping Honey's data store by store, and neatly organizing the most relevant data points into a nice, easy to read spreadsheet. Well, that's exactly what we have here. But I can't take any credit for the spreadsheet because this was all the work of someone much better at this stuff than I am. And he goes by the name of Yelta. He's a developer from the Netherlands. awesome guy and I cannot thank him enough because holy [ __ ] there is a treasure trove of data in this spreadsheet. We now have all the details for every store, every coupon code, every developer note, all curated into one lovely spreadsheet. It's glorious. PayPal will not like me having this data, but too bad. And Yela will be releasing this data publicly on Twitter shortly following the release of this video. Link to his Twitter is below, so make sure you give him a follow if you want to catch that drop. All right, so now that we have the spreadsheet, we can finally confirm that at the time this data was collected, Honey supported 35,000 stores with affiliate links and an additional 146,000 stores without affiliate links. So yes, there was some truth to their claim of supporting 30,000 participating stores. They just conveniently left out the anyweeny fact that they dragged an additional 146,000 stores onto their platform, presumably without consent. Now, consider this. If you're Honey and your platform supports 180,000 stores, surely you'd be screaming that from the rooftops, right? 180,000 sounds a whole lot more impressive than 30,000. Honey knows that. So, why hide the real number? Clearly, Honey decided that keeping this little secret to themselves outweighed the benefits of advertising it. Now, as a consumer, you might be thinking, "Ah, so what if Honey leaks a few coupon codes? Even if a business never gave consent, surely that would just drive more sales for the business, right?" Well, it's not that simple. Why? Well, you see, coupon codes are more than just discounts for consumers. They're also a vital marketing tool for businesses. Virtually all coupon codes have a strategic purpose behind them. For example, many online stores will offer a 10% discount as an incentive for signing up to their newsletter. The consumer gets a 10% discount and the business gets your email address for marketing. It's a simple tit fortat exchange. But if Honey snatches up that coupon and makes it available to everyone, well, now the business is losing 10% while gaining nothing in return. The entire purpose behind that coupon code gets destroyed, stripping away any incentive for the business to continue offering it. But it's not just newsletter coupons. Stores will also offer discounts to reward and maintain loyalty, like offering exclusive VIP codes to repeat high-v valueue customers. Many businesses will even offer specialty discounts to military veterans or first responders just to show their appreciation. But also, some businesses have private discount codes like 50 or 80% off that are strictly intended for use by employees or friends and family. So, when Honey comes along, finds all of these codes, and hands them out like candy to its millions of users, not only does it cause a negative strategic impact, but it also causes significant financial harm. In fact, this has become such a significant problem for online stores that there are now multiple paid services to help e-commerce stores block extensions like Honey. Even well-known retailers are paying to prevent these issues. Now, you might be wondering, how on earth does Honey get access to private coupon codes like employee discounts if they're not available to the public? Well, I came across this marketing podcast where they discussed the issue. What happens is if I'm if I have Honey, for example, and I'm one of your best customers at your e-commerce store and you decide you're going to do a promotion for your VIP customers, maybe it's a flash sale, and you send me a special code. I go to your website, I legitimately have that code from you. I type it into the promo code field at checkout. Because I have Honey in my browser, it is able to scrape that code then and give it to everybody who uses it. We've seen codes like military hero 30 clearly intended for a veteran. And then in another case, >> Wow. >> Even worse, in another case, my CEO found a men's apparel brand where they had a $75 off coupon code, but they didn't set a minimum order value. And so people were able to get unlimited merchandise for free as long as they kept their order value at $75 or under. >> Okay, that's insane. But I have to admit, at first I was a little skeptical of the claim that Honey was snatching codes from users without their consent because whenever I entered in a coupon code Honey didn't recognize, the extension would always ask for my permission before taking it. Or so I thought. But as it turns out, the moment you type in a coupon code, Honey immediately sends that code directly to their servers and then they ask for your consent. How do I know? Well, you see, a developer who would like to remain anonymous noticed that Honey leaked their source code inside of their iOS app. Whoops. So, this developer extracted the code and sent it to me. We can actually further verify this with a live example. Watch what Honey does in the background as I enter in this coupon. Honey realizes that it doesn't have this code yet and asks for my consent to share it. But look at this. Before I've clicked anything, Honey has already sent that coupon code to their server, including the details of how much money that coupon saved me, all without my consent. Now, Honey might argue that if you click don't share, they never actually use those coupons. And maybe they don't. Maybe those codes just sit in their database doing nothing. We can't say for certain. However, if you read Honey's privacy policy, it explicitly states that they collect data such as coupons, promo codes, and deals you found. So, while they ask for a user's consent, their privacy policy clearly allows them to take that data without it. So, why does this matter? Well, it matters because when private codes get leaked, businesses don't just lose money, they're often left in the dark, unable to trace how those codes were exposed in the first place. I've personally found several coupon codes through Honey that were clearly intended for private use. This one coupon I found worked like a $35 gift voucher, meaning I can make unlimited free orders, provided my cart value was $35 or under. When I alerted the business, they appeared to have no idea how the code had been leaked. Now, believe it or not, this nightmare for online stores only gets worse. So, we usually use discount codes as a way to track when influencers or partners are sending traffic to us so that we can identify the sale was attributed to that influencer and pay them a commission. So, I think we saw one code started to get used like way more and we were like, "Wow, we're paying this influencer so much. They're doing so well." And I was like a little bit suspicious. A lot of times discount codes um are the only way for you to understand if a YouTuber that you love and would love to partner with is actually driving incremental value to your business. Those codes would immediately get picked up by Honey and then they'd be used hundreds of thousands of times and you'd be like, "All right, like not only does that negatively impact our business, it was for that audience, but um we have no idea which podcaster we should continue to support." Now, if you're someone who listens to podcasts, you probably know exactly what Chip is talking about here. When brands advertise on podcasts, affiliate links aren't always practical. Listeners could be running, driving, or doing the laundry without easy access to a computer. So, instead, brands will provide podcasters with a unique coupon code. And each time the listener uses that coupon code at checkout, the podcaster earns a commission just like an affiliate link. So, these are not your typical coupon codes. behind them. You have an influencer that's trying to earn a living. You have a business paying to promote their product. And there's usually a contract binding the two together. Regardless, Honey will step in, leak the codes to users, disrupting that business relationship. The result, not only do brands end up losing money from the leaked discounts, on top of that, they're now forced to pay undeserved commissions to the influencers whose codes got leaked. It's easy to imagine how quickly something like this could spiral out of control. In fact, one business owner on Twitter reported losing $100,000 from this exact issue, and he only realized it happening several months later. It's no laughing matter. And if you think this is a huge win for influencers because they get paid a bunch of undeserved commissions, well, think again. >> I mean, we basically pulled all out of the podcast realm because there is really no way to figure out how to how to attribute any successes or failures. We basically can't do that anymore because as soon as a code becomes used by one person, it's suddenly used by everybody. This is a nightmare situation for everyone involved. But not all businesses are affected equally. Honey's actions are especially devastating for small businesses that lack the resources of larger brands. The big retailers can push back. They have dedicated marketing teams, advanced analytic tools, and the legal muscle to respond. Smaller businesses, on the other hand, don't have that luxury. So, when a multi-billion dollar company like PayPal piles on more obstacles, it's not just frustrating, it's downright predatory. In fact, Maiden Cookware CEO Chip perfectly summed up the devastating impact Honey's actions can have on a small business. >> When you're in the early stages of building a business, you're in the stage of will this company work? is their product market fit. How do I scale this thing? Can the economics work? Right? And so all the things we talked about these discount codes and the kind of removal of attribution and killing margin like those really affect the early stages of a company. Um from everything from where do I put the next dollar in to make sure I can survive down to um you know you're taking 10 15 20% of my sales without me wanting it. And we have digital marketing costs, we have shipping costs, we have all these stacks of costs that not only are getting more inflated over time, like FedEx has been raising their rates over time. Um, warehousing costs have gone up, cogs have gone up, as you know, through inflation for the last four or five years, right? Like all the cost structures have been going up and to have someone just stealing and compressing the actual revenue you want like puts small businesses in a real squeeze and it's just really disappointing. And like I it doesn't even work because at the end of the day like you need to make the numbers work. And if Honey is going to steal 10% of your revenue all the time, you're going to have to raise prices at the end of the day to make up for that, right? And so it's not only not effective, but it makes it worse for the consumer, it compresses for the small business owner any margin. And it's it's just like a really awful business model. Like we've been so mad at them for so long. >> Really sad. And Chip's point about the impact to consumers is especially important. If honey's eroding profit margins from retailers and they're forced to increase prices, well, that ultimately affects consumers. Now, as you'd expect, these businesses don't just let these issues slide. Naturally, they reach out to Honey to complain, asking to be removed from the platform, and that unfortunately is where the story takes a much darker turn. You see, Honey is well aware of the inconvenience it creates for these online stores. And so when they inevitably reach out to Honey asking to be removed, does Honey oblige? Of course not. Instead, Honey goes, "How about this? We'll give you full control over which coupons go live on our platform, but only if you partner with us. I kid you not. In fact, Chip was kind enough to share his email exchanges with Honey from 2020. And you need to see it because holy [ __ ] it's bad." Now, it is a long email chain, so I'm not going to read the entire thing, but you're welcome to pause to read the bits I skim over. Hi, I am the CEO of Med and Cookware. Please remove us from your app. You've scraped a private friends and family code from our checkout and put it on the platform for others to use. We've lost a bunch of revenue. 4 days later, Honey responds with, "Hi, Chip. Thanks for reaching out. Honey supports over 40,000 stores online, and we always prioritize protecting the Honey experience for users by supporting available stores and displaying available codes. We can absolutely remove the code in question. In order to protect the Honey experience for our users, we typically do not remove codes unless we have a working relationship. I mean, right off the bat, they're basically saying, "We won't compromise the experience for our users unless you pay us." Classy. We'd love to discuss how we can work more closely and partner with your brand. Chip replies the same day. We don't offer affiliate deals to coupon sites. We'd like to be removed from your site an extension completely. With the sales pitch not going to plan, Honey brings in their global partnerships manager, Kelly Roodec, who explains to Chip that his leak code was added through Honey's user generated coupon functionality. No surprises there. She completely ignores his request to be removed from the platform, only offering to remove the leaked employee discount. Chip replies the same day, "A friends and family code was listed on your site. That was an internal code meant for a small group of people that was never published anywhere. A whole site can't be removed from your app. Honey only responds a week later, confirming they removed the employee discount, but again completely ignores Chip's request to be removed from Honey. Chip responds immediately pushing for an answer, but they ignore his email completely. A month later and Honey leaks another private discount code. Hi, please remove from your app. That is a private code behind a private employee perk login. This should never be public. I don't understand how you feel taking a private employee perk and making that public to the world is helping our business. Honey responds confirming they removed the code, but instead of taking responsibility, they try shifting the blame onto Chip, suggesting his employees might be responsible for sharing the code with Honey. But given what we know about their system, I'm willing to bet Honey were responsible for the leak, not Chip's employees. Honey then suggests that Chip creates single-use codes for each and every employee, essentially making it his responsibility to fix a problem they created in the first place. I would be fuming if this were my business. 2 months later and another private code gets leaked and once again, Chip asks to be completely removed from the platform and this time Honey finally addresses the question. We proudly host a consistent shopping experience for all Honey shoppers who rely on our shopping tools. Therefore, we cannot disable Honey for individual stores and never have. Never have, huh? Well, that's interesting because it just so happens that Andrew from Truget Texture Supply also shared his email exchange with Honey. And would you believe it, he was dealing with the exact same Honey employee as Chip. And while Honey attempted the same sales pitch with Andrew, they did eventually remove his store from the platform. So, yes, it is possible. And yes, they have done it before. Once again, we've caught Honey in yet another calculated and deliberate light. And make no mistake, it was deliberate because this employee, Kelly, confirmed the removal of Andrew store just one month before assuring Chip that Honey had never removed a store before. Honey clearly has the capability to remove stores. They just choose to enforce that decision selectively. Keep in mind, Honey knows exactly how many of their users are visiting a given store and how much they are spending. So, I'd speculate that this selective enforcement comes entirely down to which stores Honey believes will make them the most money. Now, for the record, I didn't even get through that entire email chain between Chip and Honey. It goes on and on. And this behavior is not an isolated incident. It's a pattern. When merchants discover their codes have leaked and then they want to clamp down on that, they go to these coupon extensions and plea and request to have their codes removed. And nine times out of 10, the response is join our affiliate program and you'll have more granular control over that. And so I think merchants tend to feel a little bit as though they're being blackmailed or extorted, you know, because you join the affiliate program and then you have to pay that coupon extension company every time somebody uses a code >> in and you're doing that in order to have them not share your code. >> I mean, this has got to be one of the most [ __ ] up business models I have ever seen. And let's be real about what's going on here. In my opinion, it's economic extortion. Just think about it. Imagine one day deciding to start your own business. You've saved up all this money and invested it all into this one big idea. You're taking on a huge risk. And as you navigate the daily struggles of running a business, a bad actor sneaks into your store without you ever noticing. They quietly start collecting coupons from your customers and start handing them out at your checkout counter. Then one day, you notice a customer with a voucher that was clearly never intended for them, and you have absolutely no idea how they got it. But when you eventually catch the culprit and demand that they leave your store, they refuse and there's nothing you can do about it. Knowing this, the bad actor leverages the harm they manufactured by strongarmming you into signing a partnership deal where the only way to stop the damage they created is by paying them. Honey's business model starts to make a lot more sense now, doesn't it? It makes sense why they dragged 146,000 stores onto their platform and kept quiet about it. because by doing so, they wedge themselves between those stores and their customers, disrupting, interfering, and ultimately taking control over their coupon strategies. And the only way for those stores to regain some of that control is by paying Honey. I mean, why else would any of these stores partner with and pay Honey if they're already on the platform for free? The answer is simple. The stores don't pay for inclusion, they pay for exclusion, for damage control. It makes sense. Now, to be clear, I'm not suggesting that all of Honey's 35,000 partnered stores were coerced into joining their platform. I'm sure many signed up willingly. After all, Honey does offer a cashback program, which some stores genuinely like to offer users. And just look at the glowing case studies on Honey's website. Some of the numbers they throw around make partnering with Honey look like an absolute no-brainer. Increased average order value, reduced card abandonment. That's music to the ears of any e-commerce store owner. But of course, if the benefits were truly as good as they say, you'd expect that brands who partnered with Honey never look back, right? Well, here's a little statistic Honey doesn't want brands to see. And it's from their own data. This right here is a list of stores that at some point tried a partnership with Honey, then decided, "Yeah, no thanks." and ended the partnership. There's 15,000 of them. That's 15,000 brands that at some point were partnered with Honey but no longer are. And this is based on the limited data I have access to. The actual number is potentially a lot higher. I think that says a lot more about the value Honey can bring to businesses than any of their case studies. Given everything we've uncovered about Honey so far, it really makes you wonder why on earth would a Fortune 500 company like PayPal sink $4 billion into buying this company. Sure, Honey was making some sweet affiliate revenue. But still, that's a lot of money. To put that price tag into perspective, the platform you're watching this on, YouTube, was acquired for just $1.6 billion. Combine that with the acquisitions of Instagram and Twitch, and it still equates to less than what PayPal paid for Honey, a coupon browser extension. Well, Honey brought more to the table for PayPal than its ability to churn out mountains of cash. They also had 17 million users worth of data. And as it turns out, lots of it. Remember in the last episode how I said, "If a product's free, it's likely you're the product." Well, we're at that part of the story now. You see, while Honey was handing out bottom of the barrel coupon codes, they were also tracking your shopping habits and collecting a ton of data along the way. In fact, Amazon of all companies began warning users that Honey was a security risk, stating, "Honey tracks your private shopping behavior, collects data like your order history and items saved, and can read and change any of your data on any website you visit." They even recommended uninstalling the extension. That was somewhat surprising to me given how much Honey played into the whole you can trust us with your data narrative. actually free, not like selling all your personal data free. >> Does Honey sell user data? >> No. True. >> This prompted me to investigate Honey's data collection practices. And what I found was, unsurprisingly, at this point, pretty darn concerning. Hilariously, the first thing I noticed when auditing Honey's website was that they explicitly assured users that, hey, what we don't do is sell or share your data. But the moment you click the link to their privacy policy, the first thing you see is how we share your data. Uh, excuse me, red flag number one. Now, this privacy policy was packed with vague language when it came to what data they were collecting and how they were sharing it. So, I dug deeper and came across this incredible investigation by a German nonprofit called Data Request, who advocate for data privacy online. and they dug into Honey's data collection practices by submitting what's known as a GDPR right of access request. For those unfamiliar, under European law, anyone living in Europe, can ask a company, no matter where it's located, for a copy of all the personal data that company has collected on them. So, two of their members, Benny and Malta, both Honey users, each submitted a GDPR request. Their data revealed that Honey was systematically tracking their browsing activity across every website it considered to be an online store. They also collected timestamps, unique user IDs, device IDs, operating system info, geoloccation details, and the full URL of the page visited. Now, data requests showed that from these logs alone, Honey could infer some incredibly personal insights about a user. Here are just a few examples from Benny's data that was collected in 2020. Honey could see that on February 13th at 2:57 p.m. Benny viewed an Iix guide on how to swap the DVD lens on a Nintendo Wii. They could see that Benny checked an AliExpress order 13 times, his order ID fully visible, including the fact he opened a dispute for the order. They could see he had a Microsoft family plan and that he added a new family member to his Office 365 account. Honey also knew that Benny looked for an Airbnb in Berlin for two adults from the 4th to the 5th of March. And apparently Benny had issues with his iPhone because he viewed an Apple support page on how to reset his passcode. On March 23rd at around 5:00 p.m., Benny watched a documentary called Scanning the Pyramids on Curiosity Stream, a service he subscribed to just an hour earlier through YouTuber Tom Scott's affiliate link. And apparently Benny's a gamer because he redeemed a game on Steam with the serial code 5HGP6. You get the point. All that information could be inferred from just 27 page views. But in total, Honey collected over 2 1/2,000 pages of web activity between just February and May of 2020. Meaning what I just read to you represents only 1% of the total data Honey collected within a 3month window. That is insane. Now, while Benny willingly registered an account with Honey, Malta, on the other hand, didn't. Yet, Honey collected the same data from him as well, suggesting whether you formally register an account with Honey or simply installed the extension. Honey was harvesting the same data regardless. Huge shout out to Data Request for their work. I'll link their full investigation below. They also have a great tool where eligible consumers can easily request a copy of their data from companies like Honey and also request to have that data deleted. definitely check that out and consider supporting their nonprofit. So, as you can see, it starts to make a lot more sense why a company like PayPal would fork out so much money for this platform. Honey was sitting on a treasure trove of data that provided detailed insights into its users shopping habits. Honey could see what users were buying, how they shopped, what they searched for, the decisions they made before checkout, and even the services they considered but didn't purchase. That information is invaluable to a payments platform like PayPal. But don't just take my word for it. Here's Honey's former senior manager of partnerships, Daniel Pilington, discussing the benefits of Honey Stata for their partnered merchants. You know, one of the metrics that we assess very frequently for merchants that work with Honey is uh, you know, cross shopping. So, you know, how many other stores is a user visiting as well as the store in question? You know, are they going to six stores? Are they going to seven stores? Are they going to 10 stores uh before they make a decision on where to purchase? >> And here's another former senior partnerships manager. So, like one of the things we have insight into at Honey because we're a browser extension and we can see our shoppers and and how they shop is that shoppers love to cross-sight comparison shop. You know, we're we're really kind of following the shopper where they go and we're with them every step of the way. We have all sorts of tools to make those consumers stickier to those direct to consumer brands. >> And here's a former PayPal executive discussing how beneficial the data is for their goals. We've got a full suite of solutions across our consumer platforms that help drive new customers that help drive loyalty, that help drive conversion, um, and ultimately sales lift and and we have a lot of analytics and a lot of data, uh, a lot of shopper data obviously, and that's something that we can unlock on behalf of our partners. >> You've got to hand it to Honey. They've truly mastered the art of selling [ __ ] narratives to users. They promised privacy, insisting, "Hey, we never sell or share your data." But to their merchants, they literally bragged about how much of your data they had and how it could be leveraged to provide them with valuable insights into your shopping habits. It's genuinely astounding. Now, for clarity, those interviews were all recorded after PayPal's acquisition of Honey. So, is this simply a case of a corporate giant turning a once well-intentioned startup into a data harvesting machine? Nope. In fact, data collection was part of Honey's game plan well before they were acquired by PayPal. This right here is Honey's pitch deck to investors from back in 2015. On the business model slide, Honey clearly labels personalized offers to consumers based on cross-sight comparison shopping data as a core component of their business strategy. And on the very next slide, proudly entitled our unfair advantage, it explicitly states, "Honey's unique data allows us to predict what each user is about to buy, when they intend to purchase, and how much they are willing to pay." They even itemized the data collected as user behavioral data, stores visited, products viewed, and of course, your purchase history. So, not only was data collection top of mind from the very beginning, but they were already actively collecting it and pitching that data to investors as a valuable asset. For years, Honey framed data collection as minimal and purely in service of saving users money. Well, it appears they were full of [ __ ] And to be clear, I'm not suggesting that Honey was selling your data to third parties for cash. Well, at least I found no evidence of that. But were they quietly monetizing your data behind the scenes, sharing insights with partnered merchants while conveniently leaving that detail out of their privacy policy? Well, it sure looks that way to me. One thing is for certain, however, and that's that Honey sold your data to PayPal, one of the largest online payment platforms in the world. PayPal didn't spend billions of dollars for a simple coupon extension. They were buying a window into your life as a consumer. And here's why that should worry you. PayPal launches an ad network. PayPal has official that it will be launching an ad network that will sell ads, leveraging, oh no. Leveraging the data it collects on the purchase history and spending of its 400 million users. This change would also likely affect users of PayPal subsidiaries like Venmo and Honey. And I believe there's more as well, but I'm not surprised Honey's in there. >> This is like terrible. Couldn't have said it better myself. Now, to make this whole data collection issue a 100 times worse, something else caught my eye while reading through Honey's privacy policy. Right at the very bottom, Honey states that quote, "We created Honey for the exclusive use of adults 18 and older, and we don't knowingly collect or solicit personal information from children." Yeah. You see, now there's just one problem with that. I have a challenge for all of you. Go to every computer in your house, your mom's, your dad's, your sister, your brother's computer, and install Honey. That's right. Not only did Honey and PayPal knowingly collect data from miners, but they intentionally targeted them in their advertising. That's not just unethical, it's potentially illegal in numerous jurisdictions. Many countries have very strict regulations when it comes to the collection of personal data from minor and for good reason. Therefore, if you intend on having miners use your product, many jurisdictions require that you obtain parental consent first. But this adds all kinds of technical and legal complexities, which is why many platforms simply limit the use of their service to adults only in their privacy policy, which was Honey's approach. But if Honey were genuinely trying to avoid having kids on their platform, they probably shouldn't have sponsored one of the most popular influencers in the world whose key demographic of followers is, well, THIS. But Honey did sponsor Mr. Beast and those videos garnered a whopping 3 billion views, making him Honey's number one sponsor. In fact, according to my data, Mr. Beast sponsorships represent over onethird of Honey's totaled sponsor views on YouTube. But it wasn't just Mr. Beast. Honey sponsored many channels whose content was, in my opinion, clearly targeted at miners. They sponsored Minecraft channels, Roblox channels, cartoon channels. I mean, just watch this video and tell me it's not targeted at children. >> This video is sponsored by Honey. >> If Honey wanted to target miners so badly, they should have just sponsored one. Oh, wait a minute. That's exactly what they did. This, ladies and gentlemen, is a Desiree Machado, who at the time was just 14 years old. >> Guys, I'm only 14. Hilariously, one of her videos that Honey sponsored is appropriately titled Back to School. Honey even ran her sponsored segment as a paid advert on YouTube. Now, speaking of paid adverts, let's quickly circle back to that Mr. Beast ad because of all the evidence, this has got to be the single worst example of Honey intentionally targeting miners. Let me play it again. I have a challenge for all of you. Go to every computer in your house, your mom's, your dad's, your sister, your brother's computer, and install Honey. >> They are literally encouraging kids to install a browser extension that tracks and collects data onto every computer in their household, including those belonging to their siblings. That is [ __ ] insane. And the emojis, I mean, come on. And look, this is not a good look for Mr. Beast either. Influencers have a duty of care to ensure that any advertising they engage in is compliant with relevant advertising laws, especially when your audience skews young. Of course, I did reach out to Mr. Beast and his team for comment, but never heard back from them. Now, in case you're still not convinced that this was intentional, because I don't know, perhaps Honey had a rogue marketing team that was poorly aligned with upper management. Well, here's a few words from Honey's former president, Joanne Bradford, talking about the benefits of working with Mr. Beast. We launched it with gamers playing YouTube on their desktop and a little gamer called Mr. Beast. So, we were his first advertiser and we did a deal with him. His collective ads, I think, have been seen. You know, I'm going to say billions, three plus close to four billion times. Every kid in America knows what honey is. Every kid in America was telling their moms and their dads they needed to download, you know, Honey in order to save money. >> They weren't just telling their moms and dads to install Honey, they were installing it themselves. My 5-year-old brother installed Honey on his computer. Wow, kids start saving money earlier and earlier these days. And here's Honey's co-founder, Ryan Hudson, discussing how Honey leveraged the credibility that influencers have with their audience. Um, we learned how to work with influencers in particular on YouTube to lean into the credibility that they have with their audiences, the ability to speak the language of their audience. And it's been incredible for us. And so we've done if you if you watch YouTube or you have kids that watch YouTube, um, you they have seen they have seen if you watch Mr. Beast, um, >> it's a lot of honey. >> A lot of honey. >> This was no accident. Honey's leadership knew what they were doing and they knew it worked well. That Mr. Beast ad alone has 118 million paid ad views, the highest of any Honey ad on YouTube, which strongly suggests it was also their best performer. Honey likely invested millions into this ad alone. Honestly, it's genuinely shocking they've gotten away with it for so long. Now, given everything we've uncovered so far, you might be wondering how on earth there could be more to this investigation. Well, while Honey was the first extension of its kind, unfortunately, they certainly weren't the last. There are now hundreds of coupon and cashback extensions. And while I haven't investigated all of them to the same extent that I have with Honey, many of them engage in similar behavior, especially when it comes to poaching affiliate commissions. And that's why there are now multiple class action lawsuits targeting these other companies. Influencers haven't just been losing money to one sleazy salesman at checkout. They've been losing money to an army of them. In my opinion, these extensions are nothing but leeches. They are parasites in the world of e-commerce. In fact, I've encountered so much shady behavior with these extensions that I felt it was necessary to create my own browser extension to alert me anytime an affiliate cookie is loaded onto my browser. It's called Cookie Guard, and it's especially helpful because some of these extensions will load their affiliate link in ways that are completely invisible to the user. For example, if you click to copy a coupon on Honey, it looks like a harmless feature because you don't see that sneaky tab opening in the corner. But with Cookie Guard installed, you can see that behind the scenes, they are quietly stuffing their cookie through what's known as a hidden iframe. You can Google it. Even worse, I found that the extension Karma Now would stuff their cookie the moment you landed on a checkout page, completely automated. No interaction with their extension required. They also had a system that could detect when you used a competitor's extension like Honey, and they would wait for that extension's affiliate link to load, then immediately override it with their own. Again, no interaction with their app required. It's insane. And this sort of malicious behavior is not exclusive to browser extensions. Even Microsoft couldn't resist the temptation of easy affiliate money and decided to offer coupons directly from the Edge browser. Watch what happens when I visit my NordVPN affiliate link. Once I've clicked on one of their coupons, Microsoft immediately replaced my affiliate cookie with their own, poaching the sale. And when I tried to reload my affiliate link to reinstate my cookie, it comes back momentarily, but Microsoft quickly and automatically replaces it again with their own. I mean, damn, Microsoft, people hate your browser enough as it is. And how about Opera's browser? They recently stopped this, but for some time if you simply entered the URL of a store that they were partnered with and clicked their autocomplete suggestion, Opera considered that fair game to inject their affiliate link and claim the sale. Affiliate marketing has truly become a war of the cookies. I could go on and on with these examples. Now, this all begs the question, how the [ __ ] is all of this being allowed? Are there no rules in place to prevent this behavior? Well, as it turns out, yes, there are in fact plenty of rules in place that should have prevented much of what I have uncovered in this investigation. So, why hasn't it? Well, that's where greed and incentives comes into the equation. You see, so far we have only discussed two key players in affiliate marketing, merchants and affiliates. Merchants want to sell their products and services and affiliates want to promote those products and services for a commission. Pretty straightforward. But there's another crucial player that we haven't yet discussed and that is the affiliate networks. Affiliate networks are like dating apps for the industry. They allow merchants and affiliates to easily discover one another, connect and work together. These networks also take care of all the technical stuff like the affiliate tracking links, reporting and commission payments. But most importantly, these networks also set the rules. They are the gatekeepers. Some of the largest networks in this industry are Awin, Commission Junction, Impact, and Recruitin Advertising. Now, not only do these networks have their own strict policies, at least on paper. But on top of that, over a decade ago, most of these networks collectively agreed to enforce two codes of conduct. one for downloadable softwares like extensions and the other for all affiliates that promote coupon codes. And the rules set out in these codes prohibit many of the behaviors uncovered in this video. So why aren't these networks enforcing their own bloody rules? Well, for every sale made in affiliate marketing, these networks also get a slice of the pie. They generally charge between 20 and 30% of each and every commission paid. There are some variations, of course. Not all networks have the same rates and pricing structures, but the core principle is almost always the same. The more money that flows through these extensions, the more the networks get paid. So, when these networks enforce rules resulting in a loss of income for the extensions, they too take a hit. Enforcing their own rules basically means shooting themselves in the foot. That kind of incentive structure doesn't just fail to prevent fraud, it practically invites it. Part three is going to be huge. And that was supposed to be the next video in the series. But that's not the video you're going to see next. In the next video, I'm going to be exposing a secret system buried deep within Honey's code that was never meant to see the light of day. The system was engineered specifically to bypass one of the most important rules in affiliate marketing. A rule intended to protect influencers from the very commission theft demonstrated in my last video. And that rule is known in the industry as standown. Standown essentially means that extensions must detect if a user has already clicked on someone else's affiliate link. And if they have, the extension must deactivate itself and not interfere. Yet during my testing, Honey virtually never stood down. Suddenly, however, Honey began complying much more frequently. And this change in compliance didn't smell right to me. So, I started digging and that's one of the reasons why this video was delayed for so long. Because, as it turns out, Honey wasn't just ignoring standown rules. The system they created was designed explicitly to bypass it while hiding that behavior from compliance testers. And I have all the evidence to prove it. In fact, what I found was so shocking that I consulted with a respected security researcher who was able to independently verify and validate my discovery. The behavior I'm describing, in my opinion, likely constitutes criminal behavior. And in a few days, everyone will learn about the greatest heist in affiliate history. They're attempting to stand down as little as possible while avoiding getting caught. Uh those objectives are intention, of course. The more you don't stand down, the more you're likely to get caught for not standing down. So, they're trying to figure out in what circumstances can they avoid standing down. uh and not face a material risk of being caught.