Honey's Dieselgate: Detecting and Tricking Testers
Key topics
A bizarre phenomenon unfolded when a blog post about "Honey's Dieselgate" went viral, causing the original site to crash under the sudden traffic surge, prompting users to turn to an archived link that, ironically, was plagued by its own issues - it kept reloading and twitching, rendering it unreadable. Commenters quickly banded together to troubleshoot the problem, discovering that disabling JavaScript was the key to taming the erratic archived page. As the discussion unfolded, the original site's author revealed that they had anticipated the traffic spike but hadn't quite been prepared, validating users' "hug of death" diagnosis. The exchange highlights the unpredictable nature of viral traffic and the importance of being prepared for it.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
20m
Peak period
50
12-18h
Avg / period
26.7
Based on 160 loaded comments
Key moments
- 01Story posted
Dec 30, 2025 at 4:59 PM EST
9 days ago
Step 01 - 02First comment
Dec 30, 2025 at 5:19 PM EST
20m after posting
Step 02 - 03Peak activity
50 comments in 12-18h
Hottest window of the conversation
Step 03 - 04Latest activity
Jan 2, 2026 at 8:59 AM EST
5d ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
Is it the archive at fault or is the original webpage this way?
It seems to be loading fine now.
Don’t recall precisely how it was dead, but I assumed via traffic.
You'd think that if you were an engineer building and maintaing a system like this, you'd have an "are we the baddies?" moment, but guess not.
Their personal site is also linked in the video description https://www.benedelman.org/honey-detecting-testers/
If you had used Honey, would you join a civil or class action suit against them?
When you can't escape an evil system you just have to do your best within it, while either working to get out of it or working to improve it however you can. What more can anyone ask of you? Capitalism is pretty much inescapable, but thankfully I'm not convinced that capitalism is an evil system inherently, it just needs strong constraints and regulations to keep it from being used to do evil things.
At the same cost? Sure.
At different costs? We see that is not the case.
People don't. A few do, but most don't. There are many who would still prefer the more popular phone and an ethical cost is something they only mention when asked but is given only minor weight when it comes to decision making. Some might try to justify it by saying you can't be sure a phone claiming to be ethically made actually is, but how many even considered that much when making the decision?
>While it's fine to feel guilty for your involvement in the scheme don't let that get in the way of placing the blame for it squarely on the people who set things up this way and put you in this position.
Who is really at fault on a systematic level if the population decides lower costs is what they really wants regardless of what sacrifices have to be made. If we look at a less morally challenging area, say air travel, and see how many people claim to want a nicer experience, yet airlines are always focused on cutting costs. Is that the fault of the airlines? Or is it the fault of the consumers who, despite what they say, show extreme preference for lower costing tickets? We can blame any seller at the moment, but we can't ignore the market pressures that picked the sellers who stayed and the ones who went out of business.
It's always the people who are actually forcing slaves to work for them. Always. Consumers will always want lower prices but that doesn't justify slavery. It's not as if a company like Apple is being forced to abuse workers because they'd be bankrupt otherwise. These companies are pulling in massive amounts of profits year after year. It's not "market pressures" that force them to abuse their workers it's just greed.
> see how many people claim to want a nicer experience, yet airlines are always focused on cutting costs. Is that the fault of the airlines? Or is it the fault of the consumers who, despite what they say, show extreme preference for lower costing tickets?
Every customer wants low cost tickets. Of course they do. There's a lot that goes into that though. Almost nobody wants to fly in the first place. It's annoying, expensive, stressful and uncomfortable. What people actually want is to get to their destination. Consumers are basically forced to deal with airlines since it's the fastest, and often the only, way they can get to where they want to go when they need to. It's just a necessary evil that must endured.
That's not the airlines fault, but it does put airlines in a position where they know they can take advantage of travelers at every opportunity and so they do. They overbook their flights, they charge endless bullshit fees, they cram as many people into the plane as they can, their ticket prices change by the minute and airlines aggressively charge people as much as they think they can get away with.
Mergers and the high cost of entry into the airline industry have greatly hurt competition and often most people have only one choice in airline when flying to certain destinations. Airlines have consumers bent over a barrel and they pound away at them relentlessly. That's all on the airlines, not the consumers.
The only real thing consumers have any control over is the price of their ticket, and because airlines play so many games with ticket pricing they enable a certain amount of gaming the system to "get a better deal" so many flyers do work hard to limit what they pay for what will inevitably be a shitty service.
There's also a question of how much consumers can even afford. Many consumers would love to pay more to get a less shitty air travel experience but they can't if it means they'd no longer be able to afford their trip. ULCCs are often the only viable options travelers have and even then many people go into debt to travel. Others may figure that going with a cheap airline or putting in the effort to get a cheap ticket will be worth it because while the flights will be a miserable 6-8 hours it means they'll be able to afford a nice dinner or have a little bit more spending money when they reach their destination. Those kinds of choices can be put squarely on the consumer.
Obviously Internet affiliate marketing schemes are built on mutual exploitation of asymmetric data collection. This cannot possibly surprise anyone.
[0] https://en.wikipedia.org/wiki/Cookie_stuffing
Re the third point, the algorithm would skip stand down for users who weren't likely to be testers (based on account history and lack of cookies for affiliate marketing admin panels).
"Who gets a kickback on this toothbrush" is a much MUCH less important question than "do you pollute the air we are all breathing".
It's not about the severity of the impact, its the fact that they were breaking the rules and explicitly coding to actively avoid being caught by testers.
Of course I agree that health is more important than affiliate commissions. So the comparison only goes so far.
I think the very interesting wrinkle here is that, for the most part, their victims are corporations - meaning, sadly, that it's much more likely they will be prosecuted, either in civil or criminal court.
Many affiliate browser extensions do indeed do this, as an extra revenue stream. In fact, I'd recommend never installing a coupon browser extension. But replacing one number with another does not meet the above definition of spyware.
"Programs designed to monitor users' web browsing, display unsolicited advertisements, *or redirect affiliate marketing revenues* are called spyware."
> Spyware is a form of malware that hides on your device, monitors your activity, and steals sensitive information like bank details and passwords [0]
> Spyware is loosely defined as malicious software designed to enter your computer device, gather data about you, and forward it to a third-party without your consent. [1]
> Spyware is malicious software that secretly monitors your activity and collects sensitive information, like passwords, location data, or browsing habits, without your consent. [2][3]
0: https://www.malwarebytes.com/spyware
1: https://usa.kaspersky.com/resource-center/threats/spyware
2: https://us.norton.com/blog/malware/spyware
3: https://www.fortinet.com/resources/cyberglossary/spyware
I already thought Honey was scummy so I never used it in the first place, but I honestly don't get the particular outrage over these specific practices. You're already using the extension to effectively scam online stores, by using coupons the company gave to somebody else, not you. I see it as barely more ethical than doing that old trick of generating your own manufacturer coupons. Probably it's a lot more legal, but ethically it's in the same ballpark.
I don't know what the ratio is, but I do know it doesn't matter in this context, it's still malware.
Making a product to explicitly skirt agreements while working for a corporation is ... a choice
Possibly a version of, “I lack the freedom to operate with a moral code at work because I’m probably replaceable, the job market makes me anxious, my family’s well-being and healthcare are tied to having a job, and I don’t believe the government has my back.”
In industries like this there’s also a mindset of “Who cares, it’s all going to corporations anyway, why not send some of that money to the corporation that writes my paychecks?”
I was asked to help with creating what seemed like a human trafficking app to Christian me, but that to the Muslim founder was 'just an app to get the best payment for an arranged marriage' and just improving something that already happened all the time in his culture.
Yes, absolutely. To elaborate a bit though, if you live in the West, Muslim ethics are more likely to stick out when applied to our regular practices. e.g. I know a Muslim programmer who declined to participate in a project involving billing interest to customers. (Which is decidedly non military and non killing, as posed by the post I was replying to.)
The moral fortitude on that man!
I applaud his actions, but genuinely do not know if I would have the stones to leave my job if I was in a similar position!
Over time I realized that the company knew this wasn’t really true. Daily deal customers weren’t likely to return. They went where the deals were. The influx of cash from daily deals was a marketing expense, almost always at a loss (most deals were 50%+ off and half of the remaining revenue went to LivingSocial), and buyers rarely returned so SMBs would never recoup their loses.
Once I figured this out, I decided to leave even though I would miss my equity cliff by a month. I ended up joining ZenPayroll (now Gusto) early on because they were helping SMBs with a real problem (payroll was a fking nightmare back then.)
While this can be irritating, I have come to see it as a good thing. It helps me screen out candidate employers. It is taxing to work in an environment that constantly challenges your ethics. Imagine having access to all your customers' supposedly private emails and being tasked with mining them without your customers' knowledge. Imagine being tasked with adding an obscurely worded line item to the monthly bill of all cutomers that your logging indicates haven't accessed their billing statement in the last 12 months.
Now imagine working at a job where you are tasked to find all customers who haven't used an optional paid feature in the last 12 months and notifying them that there might be an opportunity to reduce the amount you bill them. Imagine working for an insurance coop that actively scours for ways to charge members less money without compromising their protection and without taking advantage of somebody else.
Imagine that your personal life choices automatically disqualify you from exploitative employers and lead you to more fulfilling employment. This is a real thing that many people don't have to imagine. They live it.
That is what anxiety based thinking produces.
Though, sometimes the exact reason is muddied, since companies that are perceived as unethical in how they behave externally are also perceived as unethical in how they behave towards employees.
Also, sometimes fashion is involved. For example, many people wouldn't work for company X, because of popular ethical objections to what they do being in the news, but some of those people would probably work for an unknown company doing the same things without thinking much about it.
But often it's just "I don't like what company Y is doing to people, and I wouldn't work on that, even if they treated employees really well, and it was really fashionable".
(See, for example, the people who refused to work for Google after the end of Don't Be Evil honeymoon phase, even though they generally treated employees pretty well, and it was still fashionable to work there.)
I think pretty much everyone has an internal red line, of course they will vary a lot and may even move over time.
I went to school for aerospace. When I got out, it was all military related jobs. So I switched fields to software development even though starting from the bottom I got paid less than half what the defense contractor jobs paid.
o/
i was offered a high paying job, with relocation to a 1st world country (at the time, i was living in a 3rd world country with high murder rates), to a industry that i consider quite shady (and it's not military and not around killing -- i have no issues with both of those). i politely refused.
most of my friends, at the time, told me that they would've have accepted without even thinking, but for me, it's just not worth it.
I understand the utilitarian qualities of the argument, but I submit that there’s a reason that capital-E-Engineering credentials typically require some kind of education in ethics-in-design.
Civil/mechanical/electrical have countless codes that must be followed with the force of law.
When we say we want engineering standards for software developers we are also asking for standards and codes to be applied to software and all that entails.
I'm not saying this is good or bad, just to consider the ramifications of this at all levels.
Or said differently: there’s a reason why software engineering jobs pay so well; no mandatory ethics training required!
There's lots of carrots (compensation, high quality desk jobs) and sticks (promotion structures, threat of offshoring). The really annoying and egregious aspects of corporate speak are easy targets for ire and take the heat, while the subtle euphemisms make the actual questionable projects easier to live with day to day.
I think a lot of skilled engineers want interesting challenges where they break boundaries, and being in an environment that wants you to break those boundaries allows them to legitimize why they are doing it. That is, "someone else is taking moral responsibility, so I can do my technical challenge in peace"
You're in the planning meeting discussing this feature, you ask "Hey, are we allowed to do this? I thought stand downs were contractural." and your PM says yes, they got the okay from legal. Now what do you do?
Now that I could definitely see happening. I would also want that in writing somewhere.
I guess discovery for the impending lawsuits should be very interesting
Ultimately it was only used to install malware in the form of browser extensions, typically disguised as an installer for some useful piece of software like Adobe Acrobat. It would guide you through installing some 500 year old version of Acrobat and sneakily unload the rest of the garbage which we would be paid, I don't know, 25 cents to a couple dollars per install. Sneaking Chrome onto people's machines was great money for a while.
At no point in the development of that technology were we told it was going to ruin countless thousands of people's browsers or internet experiences in general.
Like any other MDM software.[0] Everyone who has been long enough in the infosec industry knows that MDM is fundamentally nothing more than a corporate-blessed malware and spyware package.
In the past 2-3 years the criminal gangs have realised that too. The modern form of socially engineered phishing quite often entices victims to install a legit MDM software package (eg. MS InTune) and hand over their device control for remote management. Why bother writing malware that has to fiddle with hooks to syscalls and screenshot capabilities when you have a vendor approved way of doing the same?
0: https://en.wikipedia.org/wiki/Mobile_device_management
An architect or engineer is expected to signal and object to an unsafe design, and is expected by their profession (peers, clients, future employers) to refuse said work even if it costs them their job. This applies even to professions without a formalized license board.
If you don't have the guts and ability to act ethically (and your field will let you get away with it), you're just a code monkey and not a professional software developer.
There are times when a product design needs to be reviewed and approved by someone who cares more about his license than about his job. It doesn't happen as often with software as it does with civil engineering, but often enough that it needs to become a thing.
How does is work for a fungible product that can be written anywhere and shipped at the speed of light?
We can't have it both ways: be essential digital infrastructure, AND move at "the speed of light".
Civil engineering licensing works because underneath it all the incentive structure is aligned with the goals of the license. Its not about imposing morals, its about ensuring that buildings and devices are constructed to not fail, and to not fail catastrophically. The motivations of the ones who hire engineers are mostly aligned, they don't want the devices to fail either, and expose them to liability.
Medical doctor licensing also works because the incentives are mostly for patients not to be dying. But in the pharmaceuticals industry the incentive structure is different, where some rate of fatality is considered an acceptable cost of doing business, we see examples of subversion.
Sure software engineering licenses could be a great addition. But alone it will fail unless the incentive structure for those employing software engineers is aligned with the licensing goals.
My experience with the people around me who are in this situation is rather either:
- They just don't care. Society and others are not on their radar.
- They don't think it's that bad.
- They think it's not great, but the benefit is too good so they ignore the voice at the back of their head. Or they have a lifestyle and that takes priority.
- They think it's bad, but the friction to live according to their own moral view of the world is higher than their desire to adhere to such a moral view.
When I was 20, I declined interview offers from Facebook and Google. Huge opportunity cost. My friends looked at me like I was dumb.
I have friends regularly coming to me with ideas that are about spamming, selling personal data or basically fraud. They don't see a problem with it.
When you talk to people and say "advertising is basically normalized lying at the scale of the entire society", people just give you a blank stare.
There is no need to look for coercion every time you see something bad to explain it. The human population is diverse and they all draw the line of what's acceptable in different places.
It's not rocket science.
It's not like any crime was committed, and civil liability falls squarely on the business here, not its employees. And the whole dispute is only about which marketing company receives marketing revenue - something where the world would improve if they all disappeared overnight. Doesn't really seem that evil to me. Underhanded, yes.
I suspect the only reason there's any outrage at all is that some of these marketing companies are YouTube personalities with which you, the reader, have a parasocial relationship.
That is absolutely not ethical. And if it is legal, it shouldn't be.
A reviewer that said "I stand to receive $2.76 kickback if you buy the Magnavox TV, and $3.04 if you buy the Zenith, and I still recommend the Magnavox" would be a strong recommendation.
I'd also love to see the CPC/CPA price next to lead-generation ads. For example, that whole Medicate Advantage media blitz you see every year. I wouldn't be surprised if they generate triple-digit commissions per referral, and if customers knew there was that much money being thrown at the process, what impact would that have on their credibility?
First comes a full stomach, then comes ethics.
Uber developed a software tool called "Greyball" to avoid giving rides to known law enforcement officers in areas where its service was illegal such as in Portland, Oregon, Australia, South Korea, and China. The tool identified government officials using geofencing, mining credit card databases, identifying devices, and searches of social media. Uber stated that it only used the tool to identify riders that violated its terms of service, after investigations by the United States Department of Justice, Uber admitted to using the tool to violate local regulations and obstruct law enforcement investigations of their illegal operations.
There were no consequences for Uber. So Honey may have decided the risk level was acceptable.
0: https://archive.is/DzQha ( https://www.theguardian.com/technology/2017/mar/03/uber-secr... )
1: https://archive.is/tqk3W ( https://www.nytimes.com/2017/03/03/technology/uber-greyball-... )
“The Dark Pattern by Guido Palazzo and Ulrich Hoffrage teaches us about the power of context, which is stronger than reason, values, morals, and best intentions. It is an uncomfortable and painful lesson about the root causes of 'corporate infernos.' "
The context matters.
Think of the banality of evil in WW2 Germany.
We are capable of doing almost anything, good or bad, as long as the shoal around does it and pretends it normal.
everyone sets the bar below what they do
>even I think that they crossed a line with this
everyone sets the bar below what they do
>I would genuinely like to know what the engineers thought when doing design reviews for a "selective stand down" feature. There doesn't seem to be a legit way to spin it.
everyone sets the bar below what they do
Yes, thank you for making the web objectively worse for everyone. Yo should feel bad.
Recently, he released 2 more parts with more new information that paints Honey in a pretty bad light: https://youtu.be/qCGT_CKGgFE https://youtu.be/wwB3FmbcC88
I mean, fraud in online advertising? Say it ain't so!
The same could be said about yt-dlp. They know what they are doing youtube doesn't like. But yt-dlp itself is legal.
https://news.ycombinator.com/item?id=45898407
This also makes me think that the whole campaign is astroturfed. The only "victims" of Honey are influencers and storefronts, who of course will do their part in trying to get their customers to stop using the product, but for the consumer there really are only benefits with using the extension.
The only arguments against Honey is that they are supposedly breaking some internal rules of the advertising industry (and who cares about those? Certainly not me) and that they are offering deals better than the store wants to offer to you, which makes an extremely compelling case for using that extension.
I always considered extensions like Honey to be quite scammy and believed that they offered little benefit, but apparently I was wrong.
The conclusion was that affiliate marketing claimed a lot of sales in their reporting, but the brand was strong enough (this company was #2 by market share in the country and #1 on most brand metrics) to get those customers without affiliate links.
I hear there is lots of fraud where bees honey is mixed with sugars and sold off as “honey”.
I’m disappointed this is about a browser plugin that no body in their right mind should be using at all.
3 more comments available on Hacker News