Genius Affiliate Link Masking

I was reading a Infosec blog about phising/spam recently(it just interests me), where they presented a very clever way of masking links that i thought i'd adapt for my own uses.

You can make links look like they are totally innocent in the address bar in the bottom of a user's browser, but change the location the link is pointing to it once they click on the link

You can check out a live demo here: http://test.helgesverre.com/affmask/

Here is how its done:

<a href="http://google.com" onclick="this.href='https://www.yahoo.com/'">Hover your mouse here.</a>

HTML:

by adding onclick="this.href='https://www.yahoo.com/'" to the anchor tag you can change where the link is pointing to once it is clicked.

I use this technique to mask affiliate links on this page.

 

Which doesn't work when users are blocking javascript (see the "noscript" browser extension), has no graceful degradation, and is not only being a dick towards users AND who you are linking to, and probably violates terms of service as well... There is NO legitimate reason to be pulling this type of asshat stunt other than trying to mislead users (bad) or screw over whoever you are linking to... It's crap like this that made browser makers DROP being able to change the contents of the title bar from javaScript in the first place.

This is EXACTLY the type of 'scripting for nothing" asshattery I've come to expect from the SCAM known as affiliate marketing; since concepts like graceful degradation, accessible design, semantic markup, and not being a sleazeball seem to fly right out the window the moment words like "affiliate" is even MENTIONED in regards to the web.

Just another of those things that developers are DUMBER for even trying to do.

The only legitimate reason I could think of is adding more information on where it's going to, and that's TITLE's job!

-- edit -- BTW, saying https as the href and then script-tarding to a http domain? That's just scummy. Also, god forbid the user see's "/~affiliat/cgi-bin/affiliates/clickthru.cgi?id=HelgeSverre" before clicking on the link... WHISKEY TANGO FOXTROT is your major malfunction soldier?

 

even if they don't have javascript enabled(only people who do this are paranoid fuckbags that i don't wanna have on my site anyways), they will be redirected to the site anyways, no functionality is lost.

It seems you've had bad experiences, go cry elsewhere..

Grow up Jason.

 

To avoid the problem with javascript disabled you can do a php redirect.

 

You are avoiding the most important points. This technique is:

1. Against Google's Webmaster guidelines (see https://support.google.com/webmasters/answer/2721217?hl=en). In case it's still escaping you - it's a "sneaky redirect".
2. Violating the ToS of affiliate programs (at least for any credible one).
3. Very importantly - misleading visitors. Why in hell's name would you want to do that?

I am sure Googlebot would be able to detect this kind of technique easily. I'm not saying Google does check for it, but it's technically possible; Google have confirmed that they do execute some JavaScript and, let's face it, this is a very simple piece to detect and execute.

 

Great attitude there; so people who are sick of megabytes of scripting for nothing sucking mobile batteries dry are "paranoid ****bags"? Those who have it blocked at work thanks to proper corporate security (usually thanks to in-house crapplets saddling them with old versions of IE and no upgrade path) are "paranoid ****bags" too?

Progressive enhancement leading to graceful degradation exists for a reason, you may want to study it. You've got the same type of thinking there that led to things like 1997'ish "it works in Netscape and Mosaic", 2003'ish "it works on IE6, who cares about anything else", and the lame excuses I've heard for a decade and a half to explain away all sorts of lazy, sleazy, broken or just plain nonsensical practices.

Really? Not seeing any redirects on how you implemented it on your site... Pretty sure this doesn't function the same or have "redirects" involved:

<a href="https://www.namecheap.com/" onClick="this.href='https://www.namecheap.com/?aff=46575'">Visit Website</a>

Code (markup):

Unless of course you own namecheap, which I highly doubt. (My favorite registrar BTW)

Seriously, WHAT LEGITIMATE PURPOSE does this bloated nonsensical pointless garbage actually SERVE? Which blog did you pull this nonsense from? Sounds like they were talking out their backside. I may be wrong on that, but what's your source?

Though honestly, this type of nonsenes is EXACTLY what I expect from someone with a site that uses tags like CENTER that have no business on any page written after 1997, no THEAD, TBODY or SCOPE on the tables, inital TR>TD that should probably also be TH with SCOPE, endless pointless META nothing practical gives a flying purple fish about, overstuffed keywords with zero relevance to the content, no media target on the style LINK, or even the sillyness of saying it is "copyright copyright" (use the symbol, don't use the word -- you want the word, don't use the symbol!); pretty much the outdated outmoded ignorant HTML 3.2 mated to piecemeal incomplete coding practices I've come to expect the moment I see a HTML 5 doctype.

That said it's refreshing to see someone who understands we have tab and enter keys for a reason... Even if it's bad code, it's at least legible code! -- still, about a third of it belongs in the trash bin as pointless bloat.

Just to show you what I mean... It should probably go something more like this:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html
	xmlns="http://www.w3.org/1999/xhtml"
	lang="en"
	xml:lang="en"
><head>

<meta
	http-equiv="Content-Type"
	content="text/html; charset=utf-8"
/>

<meta
	http-equiv="Content-Language"
	content="en"
/>

<meta
	name="viewport"
	content="width=device-width; height=device-height; initial-scale=1.0"
/>

<meta
	name="description"
	content="My list of recommended and reputable domain registrars that you can use for registering your awesome new domain name."
/>

<meta
	name="keywords"
	content="domain, registrar, pricing, recommended, choosing"
/>

<link
	type="text/css"
	rel="stylesheet"
	href="screen.css"
	media="screen,projection,tv"
/>

<link
	rel="shortcut icon"
	href="http://helgesdomaingenerator.com/favicon.ico"
/>

<title>
	Helge's Domain Name Generator - Domain Registrars
</title>

</head><body>

<div id="top">

	<h1>
		<a href="index.php">
			Helge's Domain<br />
			Name Generator
			<span><!-- image replacement --></span>
		</a>
	</h1>

	<ul id="mainMenu">
		<li><a href="index.php">Domain Name Generator</a></li>
		<li><a href="domain-registrars.php">Domain Registrars</a></li>
		<li><a href="domain-tips.php">Domain Tips</a></li>
		<li><a href="web-hosting.php">Web Hosting</a></li>
	</ul>

	<div id="content">

		<table class="domainTable">
			<caption>
				Recommended Domain Registrars and Pricing Information
			</caption>
			<thead>
				<tr>
					<th scope="col">Registrar</th>
					<th scope="col">Website</th>
					<th scope="col">.com price</th>
					<th scope="col">.net price</th>
					<th scope="col">.org price</th>
				</tr>
			</thead><tbody>
				<tr>
					<th scope="row">NameSilo</th>
					<td><a href="https://www.namesilo.com/?rid=c6ccd18us">Visit Website</a></td>
					<td>$8.99 / Year</td>
					<td>$8.59 / Year</td>
					<td>$9.19 / Year</td>
				</tr><tr>
					<th scope="row">NameCheap</th>
					<td><a href="https://www.namecheap.com/?aff=46575">Visit Website</a></td>
					<td>$10.69 / Year</td>
					<td>$11.98 / Year</td>
					<td>$11.48 / Year</td>
				</tr><tr>
					<th scope="row">Enom</td>
					<td><a href="https://www.enom.com/">Visit Website</a></td>
					<td>$13.95 / Year</td>
					<td>$13.95 / Year</td>
					<td>$13.95 / Year</td>
				</tr>
			</tbody>
		</table>

		<p>
			Choosing a good domain registrar for your website is important, as they will maintain and support your domain name, which is the name that people will remember your website by, if your domain name becomes unavailable, visitors won't find your content anymore, therefore it is always important to choose a stable, trustworthy and dependable domain registrar for your domains.
		</p>

	<!-- #content --></div>

	<hr /><!-- since the footer has no header -->

	<div class="footer">
		<div>
			Copyright 2014
			<a href="http://helgesverre.com">Helge Sverre</a> and
			<a href="http://helgetech.net">HelgeTech</a>.
		</div>
		<a href="affiliate-info.php" rel="nofollow">Affiliate Notice</a>
	<!-- #footer --></div>

<!-- #top --></div>

</body></html>

Code (markup):

Putting the H1 where it belongs (since EVERYTHING on the page is a subsection of the H1), axing the unneccessary h1/h3 pairing, moving it in as a CAPTION for the table where it belongs -- applying all the PROPER semantics to the table and completing it's structure, and swinging an axe at all the pointless "JS for nothing".

Yeah, it's called 36 years of programming and hardware construction, running my own custom BBS and tying into fidoNet mated to eight to ten years of connecting to online services like Compuserve and Genie before HTML was a twinkle in TBL's eye, and most importantly surviving and even predicting the first dotcom bust most likely at a time when you were still in diapers. (and being ridiculed for it the same way Peter Schiff was about the Real Estate bubble -- and trust me, the storm is on the horizon again!)

Cry? No... ready to bash in some skulls? Damned straight skippy, just because it's so frustrating to see the entire rules of html, css, good programming and accessibility thown out the window -- or worse seeing the same nonsense scam repeated generation after generation. Give it another ten to twenty years you'll probably come around to my view on this.

Always fun when a 19 year old says that to a 45 year old... Take a tip from someone over twice your age and gray at the temples -- you're most likely being led astray either out of inexperience or ignorance by things like this.

Also, pay attention to @ryan_uk's post. That's pretty much what I was saying.

Also true -- seems to also be broken on middle-click, which of course is how you are SUPPOSED to choose to open in new windows (so the user has a choice, instead of the idiotic shoving it down the user's throat with TARGET)

OH, BTW, an excellent example of why I think the various onevent attributes should be deprecated or even obsoleted in the HTML specification. Good scripting should hook existing markup since it has no business even being loaded scripting off. It's just as bad in my mind as TARGET or STYLE; encouraging doing things in the markup that really don't belong there.

 

First off, as several others have pointed out, this is just retarded, and goes against any reputable affiliate EULA there is out there. Second, if I right-click, and "open in new tab" it opens Google.com. If I Ctrl+click (which I almost always do, since I want to keep the original site in a tab, normally), it opens Google.com. And if I turn off javascript, it goes, of course, to Google.com. Hence it's "rarely working", and it adds obfuscation and trickery to something that should be easy - I'm guessing that a quick fix to one of the "reveal shortlink urls" scripts for Chrome or Firefox would also reveal this kind of trickery.

The idea is nothing but stupid, sorry to say. If you want to hide affiliate links, you're breaching most EULAs, and you're probably doing some sort of click-baiting I, personally, would never be a part of. Just don't. Simple as that.

 

Why get the keyboard involved? Middle button (on most mice you can depress the wheel) -- I mean, unless you're stuck on a crippled/incomplete useless trackpad (which I won't even use on laptops) or a crApple mouse or something. (which first thing I'd do is go buy a real mouse; well... Logitech Trackman Marble actually...).

 

Because I normally sit on a laptop, and I can't be arsed using an external mouse - I hardly ever use a mouse anyway, except for clicking on links or similar. I'm too lazy going into the office to sit at the desktop, I normally just prop down on the sofa with the laptop in my lap