TLDW: MegaLag found code and rules in the Honey extension that modifies behaviour specifically to make discovery of non-compliance with affiliate programs and affiliate poaching harder for testers. This behaviour has been in place since 2017 at least.
Crazy that companies will do this shady stuff with client side code. At least it was slightly obfuscated at first, but that’s just incompetent fraud to leave it so obvious that a self professed non-software engineer (though clearly a smart guy) can read it and deduce what’s happening. Throw a tiny bit of random noise to the stepdown logic and it becomes much harder to find and reproduce as proof.
Things like this happen in client side extension and it can take so long to get to what was happening but some people get defensive when people claim tiktok, facebook, google, microsoft are all listening in on your data.
There are so many ways to obfuscate data we’ll probably never know the extent of the data being collected.