Popular browser extension Honey, owned by PayPal, reportedly saw millions of uninstalls following a YouTube video exposing the extension’s shady tactics.

YouTuber MegaLag published a video in late December detailing how Honey allegedly scams users and influencers it works with by taking advantage of affiliate programs and referral links. For those unfamiliar with Honey, it’s a free browser extension that promises savings to users by checking for and applying coupon codes when shopping online. In the video, MegaLag details various ways that Honey hijacks affiliate links from creators and influencers it partners with and how it works with retailers to give them control over the discounts that show up for users.

Since the video dropped, 9to5Google reports that Honey’s install base has fallen by about 3 million. Honey’s extension page on the Chrome web store currently lists the extension as having 17 million users, which is down from over 20 million prior to the video. A class-action lawsuit was also filed against PayPal over Honey.

Hijacking affiliate links

MegaLag found that when users searched for discount codes with Honey, the extension quietly applied its own affiliate referral cookie, enabling it to claim any kickback for referring customers to a product. Affiliate marketing is extremely common online, especially among influencers. It works by providing influencers with a special affiliate link they can use when promoting a product to their audience. Then, when people use the link to buy a product, the influencer gets paid, sort of like how a commission-based salesperson makes more money when they close a sale. Currently, this system is based on the ‘last click’ referral — the last person to refer a customer gets the commission for the sale. It’s not a perfect system, and what’s going on with Honey is a great example of the flaws.

According to MegaLag, Honey wasn’t just applying its own referral code when people shopped with it, it was also replacing referral cookies from influencers, including ones that promoted Honey. However, Honey doesn’t just do this when it finds a discount for users, it also does this when users interact with the extension at all. For example, during checkout, Honey will pop up and say it couldn’t find any codes, and when users click the ‘Okay’ button, it refreshes the page to apply its referral code. Honey also uses its points system to apply referral codes.

Giving retailers control over discounts

Worse, Honey allows retailers it partners with to control available discount codes, effectively hiding better discounts from users. MegaLag was able to find working discount codes online that weren’t showing up in Honey when the extension claimed it couldn’t find any. And even when it did find codes, MegaLag was able to find better discounts by searching online.

So, to sum things up, Honey claims to save customers money by finding them discounts, but mostly serves up discounts approved by retailers. At the same time, it makes money by hijacking affiliate links to ensure it gets a commission for any sales. MegaLag also hinted at another part to the scam that would be covered in a future video.