Redirecting web traffic transparently

[nihil]

Hi oofki,

I guess I still dont understand then.

There isn't very much to understand mate, it is a classic MITM (man in the middle attack).

It won't work though. Whilst I have absolute confidence in human stupidity, I have even more confidence in their greed

In answer to your questions:

1. The ads/site links are on websites run by "affiliates"
2. The vendor is doing the advertising.
3. The vendor gets paid for the goods and the advertiser for the contact.

So, there is no need for a parasite in the middle?

If you set up a website with details of "affiliate" schemes, people will simply visit, write down the details and then deal directly with the vendor. Thus cutting out the MITM and maximising their revenues?

Furthermore, security software will start to pick up that the initial contact is not what it should be, and will identify it as a potential MITM attack. This will get the vendors and affiliates on RTBLs, which they certainly don't want

These things are either based on trust or on providing a secure vendor billing service. The only way you can be reasonably sure that a transaction has taken place is by monitoring customer confidential information, with all the security implications that such activity entails.

[shakeshuck]

Hi Nihil, we meet again!

So, there is no need for a parasite in the middle?

What do you think shopkeepers are? Why don't the public all contact the distributors direct, and miss out the MITM? Because they like to wander into a shop and see what is on display. They then buy the goods from the shopkeeper because he's provided them with a service, and shown them what there is available. Once they know an item is available, they COULD go hunting for the distributor and buy one direct, but most of them don't because either a) they're too stupid or b) they're too lazy. Most people fit into the latter category.
Personally, I don't mind paying a little extra if I save a few hours of my life to do what I want with. Our time on this planet is limited!

Furthermore, security software will start to pick up that the initial contact is not what it should be, and will identify it as a potential MITM attack. This will get the vendors and affiliates on RTBLs, which they certainly don't want.

This does interest me. You are from the UK, you know MutualPoints and the like. They pass a customer on to another's web site in the same manner, by a simple redirect. Why do they not get tagged as evil baddies?

[nihil]

I think that you are confusing your business models here?

What do you think shopkeepers are? Why don't the public all contact the distributors direct, and miss out the MITM? Because they like to wander into a shop and see what is on display. They then buy the goods from the shopkeeper because he's provided them with a service, and shown them what there is available. Once they know an item is available, they COULD go hunting for the distributor and buy one direct, but most of them don't because either a) they're too stupid or b) they're too lazy. Most people fit into the latter category.

The shopkeeper is a retailer just like web vendors are. Customers find an advert on an affiliated website and follow it through to the vendor. Please remember that a lot of this business is "pay per click" rather than transaction based.

That is why most of these providers also offer a complete web retailing service, even including the shopping cart.

From your original post, you appear to be proposing a service for affiliates and vendors, not for customers? As these people are actually in business in some fashion or other I think it reasonable to expect them to spend the 30 minutes or so it would take to steal the information from your website.

Even Google searching for an hour or two would provide the information, as we are talking small sites that cannot host very many adverts.

If I click on an advert on most sites I get a simple redirect. That is it simply passes me on to the genuine site, which will work provided the site is not blacklisted. If that didn't happen there wouldn't be any third party advertising.

You don't have to be a math genius to figure out that paying commission to someone who is doing absolutely nothing for you (which is what you are proposing) is a total waste of space. You are not dealing with the public here, but with webmasters and web vendors, who are not the same.........the last two are out to generate revenue

Also remember that the big boys in Web transaction management are well known and established, so they and their methods are recognised, and their sites trusted. Unless you were a subsidiary of something pretty well known then I would say that a new start in this field is virtually impossible.

The "baddie bit" comes when you try to sit in the middle and intercept customer confidential information. Obviously, that is exactly what scammers try to do? They can even spoof secure links

[shakeshuck]

I think that you are confusing your business models here?

OK, so I changed the example to try to prove a point

The fact is that ClickBank have been using a business model similar to my original proposition for about nine years, and have some 100,000 affiliates working with them. Maybe I'm missing something in the logistics at the moment, but the basic theory obviously works for them.

Also remember that the big boys in Web transaction management are well known and established

This is definitely a valid point as far as competition is concerned, but there's usually a niche or alternative way of offering the same concept to make it attractive.

[nihil]

Hi, an earlier point:

You want me to get all the world's online shops with affiliate programs to change their sites to read a cookie I set?

Something like that. If you look at how these guys work, they give each affiliate (advert holder) a unique URL to locate the vendor and product. The vendor also has to make amendments to allow tracking of transactions.

The fact is that ClickBank have been using a business model similar to my original proposition for about nine years, and have some 100,000 affiliates working with them. Maybe I'm missing something in the logistics at the moment, but the basic theory obviously works for them.

Not really, they all seem to offer something along the lines of:

1. A total e-commerce solution. Customer deals with Service Provider.
2. Payments processing. Customer deals with vendor and SP for payment.
3. Affiliate programmes. Customer deals with either vendor or SP or both.

The affiliates just select individual products from their catalogue to promote. They are typically bloggers out to make a few bucks.

Please remember that ClickBank are a trading unit of a much larger corporation. They started off with technical staff and venture capital.

This is definitely a valid point as far as competition is concerned, but there's usually a niche or alternative way of offering the same concept to make it attractive.

It is not so much the competition I was concerned about as getting a start in the first place. The big boys have been around since before internet fraud really caught on, so they are well known and on whitelists. You are not.

As an analogy I would say it is a bit like asking a first time jobber for experience............ without it they won't get a job, and without a job they won't get experience?

Your idea of niche markets seems sound, as they tend to be specialists and enthusiasts, and the items they deal in tend to be of a higher value which makes up for lower volumes. Also, dealing with vendor sites rather than individual products may be more attractive to smaller websites as there are more sales opportunities.

Obvious things to steer clear of are: pharmaceuticals, adult content, get rich quick, loans & finance, and gaming.................you know you will get ripped off.