If I click on an affiliate link that I want to use and the extension changes that without me knowing, that’s malware for me. The intent of the user may be to use a specific affiliate link.

What's the ratio of people deliberately clicking affiliate links, to people who just click links and have no clue what an affiliate link even is?

I already thought Honey was scummy so I never used it in the first place, but I honestly don't get the particular outrage over these specific practices. You're already using the extension to effectively scam online stores, by using coupons the company gave to somebody else, not you. I see it as barely more ethical than doing that old trick of generating your own manufacturer coupons. Probably it's a lot more legal, but ethically it's in the same ballpark.

> What's the ratio of people deliberately clicking affiliate links, to people who just click links and have no clue what an affiliate link even is?

I don't know what the ratio is, but I do know it doesn't matter in this context, it's still malware.

People may well want to deliberately support a creator (influencer) they like.

That's not how malware is defined - Windows ain't malware just because they occasionally make Edge open instead of what you thought were your default browser. The malware definition is way more specific than simply software that doesn't always follow user intent.

It actually does fall under the definition malware. Specifically, Honey hijacks affiliate marketing tags and replaces them with their own. This falls under the definition of the “spyware” category of malware.

Spyware is software that sends information about the user (browsing history, etc) to a 3rd party.

Many affiliate browser extensions do indeed do this, as an extra revenue stream. In fact, I'd recommend never installing a coupon browser extension. But replacing one number with another does not meet the above definition of spyware.

See Spyware: https://en.wikipedia.org/wiki/Malware

"Programs designed to monitor users' web browsing, display unsolicited advertisements, *or redirect affiliate marketing revenues* are called spyware."

Well, that's clearly incorrect: software displaying unsolicited advertisements is called adware, and requires no spying at all.

> Spyware is a form of malware that hides on your device, monitors your activity, and steals sensitive information like bank details and passwords [0]

> Spyware is loosely defined as malicious software designed to enter your computer device, gather data about you, and forward it to a third-party without your consent. [1]

> Spyware is malicious software that secretly monitors your activity and collects sensitive information, like passwords, location data, or browsing habits, without your consent. [2][3]

0: https://www.malwarebytes.com/spyware

1: https://usa.kaspersky.com/resource-center/threats/spyware

2: https://us.norton.com/blog/malware/spyware

3: https://www.fortinet.com/resources/cyberglossary/spyware

it is textbook definition of malware. what's the argument for sending a users coupon code to a server regardless of sharing setting?