Left a comment there, but may as well copy-paste here:
A few years ago I was working on a competition with a grand prize of several new SUVs (part of a product launch for the vehicle). We did a very basic version of the “riddler.com” model (remember them about 12-15 years ago?) where our partner websites would put ‘badges’ for gamers to click on. Each badge was worth some number of points.
Some smart souls figured out that the badge numbers were somewhat sequenced (we had allocated up to 10 badges per partner, so we would start at ‘10′ for instance and work our way up). Scripts were written that would hit our server each day and collect the maximum number of points available.
The scripts weren’t that smart though, and there were gaps in the rewarding badges. Our ‘fix’ for this was to create new badges in the gaps that were worth massively negative numbers of points. In one day, the most problematic players vanished.
Anyone remember CDNow? They rewarded referral purchases with $5 gift certificates. But they awarded the gift certificates before the referral purchase cleared. At the time, you could also trivially acquire a "valid" unique Mastercard number using $0-balance "Web Certificates". Long story short, you could write a script that would generate an unbounded credit for yourself at CDNow. People raped them with it.
Problems like this were really common in the late '90s. They persist today, but are more subtle. We always test for $-1.00 input flaws, and they aren't frequent.
The people who are actively exploiting these can give you any number of rationalizations for how legal their actions are, but at the end of the day what's protecting them is that they're staying below the noise floor for civil and criminal attention. It's still just fraud.
At this point you might be wondering how iWin ever expected to make money off of their originally business model. I wondered that for a long time too.
Here’s what I think: ... Most people probably quit long before they ever earned enough to get anything.
This is perfectly true from my knowledge of a sms quizzes where less than 1% of the people actually play the game (although 100% of them pay the subscriptions).
I did, and I got a Rio 500 out of it. I didn't hack it though, basically my method was this: during lunch my friends and I would go into the school computer lab when no one was there and turn on every computer. Then we'd open up as many instances of IE as I could, clicking on an ad and keeping the browser open for the requisite amount of time. After about 8 instances of IE were open the computer would crash, so we'd power cycle the computer and move onto the next one. By the time this computer was rebooted we'd have already gone through all the other computers, so there wouldn't be any loss of time.
The funny thing is that IIRC this wasn't even against the TOS until a few weeks before they went bankrupt. I was also fourteen at the time, same as the submitter. I don't really consider it unethical, or at least were weren't hurting Point Click, because they were basically in the business of scamming advertisers. And the advertisers didn't care because they were getting $800 million valuations because of all their hits. And the investors were happy to invest at these prices even though they knew what was happening, because they thought that the economics of business had changed forever and in just another two years they'd be insanely rich. And all of my friends and I, being fourteen, thought the investors were right.
So even now it's hard for me to feel bad about it. At the time it wasn't even clear that Point Click would go bankrupt or that there was a larger economic bubble, we all just thought the free stuff was somehow because of Moore's law. And because we did legitimately work pretty hard for those points, we just sort of assumed that whatever we were doing was somehow creating value.
Haha, all the fourteen year olds doing silly things unite! Indeed, I was 14 too when I was going after them. It was one of the first bots that I wrote in VB. Making the mouse move to simulate a real click automatically was tonnes of fun:)
I also wrote a NetZero ad remover. Of course, every other kid on the block was writing one too. Then there was allAdvantage. And the list goes on.
A few years ago I was working on a competition with a grand prize of several new SUVs (part of a product launch for the vehicle). We did a very basic version of the “riddler.com” model (remember them about 12-15 years ago?) where our partner websites would put ‘badges’ for gamers to click on. Each badge was worth some number of points.
Some smart souls figured out that the badge numbers were somewhat sequenced (we had allocated up to 10 badges per partner, so we would start at ‘10′ for instance and work our way up). Scripts were written that would hit our server each day and collect the maximum number of points available.
The scripts weren’t that smart though, and there were gaps in the rewarding badges. Our ‘fix’ for this was to create new badges in the gaps that were worth massively negative numbers of points. In one day, the most problematic players vanished.