Estimated reading time: 11 minutes
Key Takeaways
- Phia, the AI shopping startup co-founded by Phoebe Gates and Sophia Kianni, is accused of “cookie stuffing” – secretly claiming affiliate commissions on purchases it did not actually influence.
- Independent researcher Ben Edelman found a feature called
enable_coupon_auto_dropthat allegedly triggered affiliate links without genuine user action. - The alleged behaviour reportedly ran for approximately seven months, including the entire 2025 holiday shopping season.
- Phia has been suspended from Impact.com, a major affiliate marketing platform, following the allegations.
- Phia says the issue was a bug from a recent code release; critics argue the naming, server-side controls, and targeting pattern suggest intentional design.
- The real victims, if allegations hold, are merchants and legitimate affiliates – not necessarily shoppers paying more at checkout.
Table of contents
- What Is Phia – and Why Does Anyone Care?
- The Allegation: What Is “Cookie Stuffing” and What Did Phia Allegedly Do?
- The Technical Setting That Has Everyone Talking
- Phia’s Response: A Bug, Not a Feature
- Who Actually Gets Hurt?
- This Has Happened Before
- A Quick Timeline of the Phia Story
- The Key Questions That Remain Unanswered
- Why This Story Is Bigger Than One Startup
- Frequently Asked Questions
Imagine clicking through to your favourite online store, adding something to your cart, and completing a purchase – all on your own, without any help from a shopping app. Now imagine that a browser extension quietly slipped in behind the scenes during your checkout and claimed the commission for your sale, even though it had nothing to do with your decision to buy.
That is exactly what Phia, the buzzy AI shopping startup co-founded by Phoebe Gates and Sophia Kianni, stands accused of doing. And the story is sending shockwaves through the startup, affiliate marketing, and tech worlds all at once.
The allegations against Phia – a practice known as “cookie stuffing” – have triggered a suspension from a major affiliate platform, sparked an in-depth Bloomberg investigation, drawn the attention of independent researchers and consumer law experts, and landed the company in headlines across tech, entertainment, and business media. With more than $43 million in funding and a star-studded investor list, Phia had everything going for it. Now it is fighting to protect its reputation – and the questions being asked are hard ones.
Here is everything you need to know.
What Is Phia – and Why Does Anyone Care?
Before diving into the scandal itself, it helps to understand what Phia is and why its story has captured so much attention.
Phia is an AI-powered shopping assistant, available as a mobile app and browser extension, that pitches itself as a smarter way to shop. It compares prices, surfaces discount codes, and finds secondhand or resale alternatives so that shoppers can get the best deal possible. TechCrunch previously described it as something like “Google Flights for fashion” – a tool that brings transparency and comparison to the messy world of online clothing retail.
The company was founded by Phoebe Gates – yes, the daughter of Bill Gates – and Sophia Kianni, who were former Stanford roommates. That celebrity connection alone gave Phia a kind of gravitational pull that most startups simply do not have. And the company did not stop there when it came to star power.
In September 2025, TechCrunch reported that Phia had raised an $8 million seed round led by Kleiner Perkins, with celebrity investors including Kris Jenner and Hailey Bieber. At the time, the company had around 500,000 users and searched across more than 300 million fashion items.
Then, in January 2026, the momentum accelerated even further. TechCrunch reported that Phia closed a $35 million round led by Notable Capital, with Khosla Ventures and returning investor Kleiner Perkins participating. Other investors named in TechCrunch coverage include Sara Blakely and Sheryl Sandberg. By that point, Phia had reported 11x revenue growth since launch and 6,200 retail partners – an astonishing trajectory for a young startup.
With roughly $43 million in total reported funding and hundreds of thousands of monthly active users, Phia looked like one of the most exciting young companies in the consumer tech space. That makes what happened next all the more stunning.
The Allegation: What Is “Cookie Stuffing” and What Did Phia Allegedly Do?
To understand the accusation, you first need to understand how affiliate marketing works – because this whole story lives inside that ecosystem.
When a blogger, influencer, review site, or publisher links to a product and one of their readers clicks that link and buys something, the publisher earns a commission. The whole system is tracked by cookies – small pieces of data placed in your browser that record who referred you to a particular store. Most of the time, the rule is simple: whoever genuinely sent you to the store gets the credit.
“Cookie stuffing” is a term for when someone sneaks their own tracking cookie into your browser without genuinely sending you anywhere. The result is that they collect the commission for a sale they had nothing to do with. It is, in the bluntest terms, taking money that belongs to someone else.
That is what Phia stands accused of. According to TechCrunch’s summary of Bloomberg’s investigation, Phia’s browser extension allegedly opened a background tab during checkout and inserted its own referral code – sometimes even overriding another affiliate’s tracking code that was already in place. That means a shopper could have arrived at a store entirely on their own, or through a trusted reviewer’s recommendation, and Phia could have quietly swooped in at the last moment to claim the commission.
Independent researcher Ben Edelman, who has a long history of investigating browser extensions and affiliate marketing practices, published a detailed technical analysis on July 9, 2026. His writeup found that Phia’s iOS app and Chrome plugin included a setting called enable_coupon_auto_drop that, when active, automatically triggered affiliate links without any real action from the user. This was typically happening when the user was on a merchant’s cart or checkout page – arguably the most valuable moment in the entire shopping journey.
Edelman’s analysis also alleges what he calls “stand-down violations.” In the affiliate marketing world, there is an understood norm that a shopping extension should back off when it detects that the user already arrived via another affiliate’s referral. In one of his tests, Edelman says he clicked a Savings.com affiliate link to Polaroid, which meant an existing affiliate cookie was already present – but Phia still did not stand down. According to Edelman, it recognised a competitor affiliate cookie but proceeded to insert its own tracking anyway.
This alleged behaviour was not just observed by Edelman. Inc. reported that independent testing by Bloomberg, Capital One Shopping, and Edelman all found that Phia generated affiliate clicks without meaningful user interaction. It is worth noting that Capital One Shopping is a competitor to Phia, which is relevant context – but Inc. reported that Capital One said it disclosed its technical concerns to partners as a platform-integrity matter rather than a competitive one.
The Technical Setting That Has Everyone Talking
One of the most damning details in Edelman’s report is not just what the alleged behaviour was – it is how it was apparently built. Edelman says the feature was specifically named enable_coupon_auto_drop and that it could be toggled via a server-side feature flag. He also found that the behaviour appeared to activate for iOS user agents but not Chrome users, suggesting a deliberate targeting choice rather than an accidental oversight.
Edelman told Inc. he did not believe the behaviour was accidental, and that the code’s naming and control mechanism point toward intentional design. As Edelman’s analysis argues, forced clicks cause merchants to pay for traffic they already had organically or had already paid for through a different marketing channel.
That is not a glitch. That is, if the allegations hold, a monetisation strategy.
Edelman also estimates that the code could have allowed Phia to claim credit for as many as ten times the number of purchases it actually influenced. That is a striking claim, and one that has not been publicly audited or confirmed – but it gives a sense of the potential scale of what critics are alleging.
Phia’s Response: A Bug, Not a Feature
Phia has pushed back. As reported by Engadget, the company said that a recent code release caused “misattributions” for a subset of users, and that the company worked quickly to identify, mitigate, and resolve the issue. Phia also said it is regularly audited by affiliate partners and has maintained compliance with their requirements.
Bloomberg reportedly contacted Phia on July 7, 2026. After Phia made changes, Bloomberg retested and found that the automatic referral-claiming behaviour had stopped in the cases where it had previously appeared. Affiverse reported that this is an important data point: the behaviour appears to have been fixed, at least in the tested scenarios.
But “fixed” does not resolve the deeper dispute. Critics – especially Edelman – argue that if this were truly an accidental bug, you would not expect it to have a descriptive name like auto_drop, a server-side toggle, and a pattern of activating in high-value checkout moments. Phia’s characterisation of the issue as a “recent release” problem is also being challenged. Edelman’s writeup says the relevant feature first shipped in app version 1.9.33 on December 13, 2025 – meaning it may have been active for approximately seven months, including the entire 2025 holiday shopping season. That is a long time for a “recent” bug to go unnoticed.
TechCrunch also noted that Phia did not respond to its own request for comment. As TechCrunch reported, the allegations also led to Phia’s suspension from Impact.com, a major affiliate and influencer marketing platform.
Who Actually Gets Hurt?
This is where the story gets more nuanced – and arguably more important. Shoppers are not necessarily paying more at the checkout counter. The more direct victims, if the allegations are accurate, are merchants and legitimate affiliates: the bloggers, review sites, influencers, and creators whose whole livelihood depends on affiliate commissions.
Loyola Law School professor Lauren Willis told Inc. that the alleged diversion of referral fees could harm both retailers and publishers by redirecting commissions away from the actual recommendation or referral source. Think about a product reviewer who spent hours testing items and writing up their honest verdict – they get nothing, while Phia quietly collects the commission for a sale the reviewer actually drove.
Truth in Advertising’s Bonnie Patten made a point about consumer transparency. She told Inc. that consumers should be clearly told how an extension makes money so they can decide which businesses, publishers, or creators their purchases end up supporting. That is a principle of fairness: users who install a shopping tool deserve to know if the tool is quietly rerouting commissions in the background.
There is also a privacy dimension that deserves attention. Phia’s App Store listing says contact info and identifiers may be used to track users across apps and websites. Phia’s own privacy policy says it may collect browsing behaviour, pages and URLs visited, links clicked, cart activity, mouse movements, keystrokes, and information from other shopping websites visited. That is an expansive data footprint for an app that presents itself primarily as a deal-finding tool.
And Google’s Chrome Web Store affiliate policy is clear: related user action is required before adding an affiliate code, link, or cookie. Google’s FAQ states that the policy prohibits inserting affiliate tracking when no real or direct user benefit is provided at that moment. Whether Phia violated that policy is another question that remains open.
This Has Happened Before
For anyone familiar with the browser extension space, the Phia allegations will feel uncomfortably familiar. The story draws direct comparisons to the PayPal Honey controversy. TechCrunch noted that Honey – which is owned by PayPal – remains the subject of ongoing class-action litigation, with allegations that its browser extension replaced affiliate links and redirected commissions using hidden tabs, iframes, and refreshes. Court-related documentation describes allegations strikingly similar to what Phia now faces.
Cookie stuffing also has criminal precedent. The DOJ reported that Brian Dunning pleaded guilty in 2013 to wire fraud connected to a cookie-stuffing scheme against eBay – a scheme described as causing affiliate cookies to be loaded so eBay would pay commissions for referrals that were never actually earned. The DOJ described cookie stuffing as creating forced clicks by unsuspecting shoppers so conspirators could receive commissions for sales they did not generate.
Nobody is currently alleging criminal behaviour against Phia, but the history makes clear that “cookie stuffing” is not a trivial technical curiosity – it has been treated as fraud by federal prosecutors.
A Quick Timeline of the Phia Story
Here is how events unfolded, from launch to scandal:
- April 2025 – Phia launched as a fashion and shopping app and browser extension.
- September 2025 – Phia raised an $8 million seed round led by Kleiner Perkins, with Kris Jenner and Hailey Bieber among the investors.
- December 13, 2025 – Edelman says Phia first shipped the
auto_dropfeature in app version 1.9.33. - January 27, 2026 – Phia closed a $35 million round led by Notable Capital, with Khosla Ventures and Kleiner Perkins participating.
- July 4, 2026 – Edelman’s testing documented Phia telemetry recognising a competitor affiliate cookie during a Savings.com to Polaroid test scenario.
- July 7, 2026 – Bloomberg reportedly contacted Phia. After changes, Bloomberg’s retest found the automatic referral behaviour had stopped.
- July 9, 2026 – Edelman published his technical analysis, “Forced Clicks and Stand-Down Violations by Shopping Plugin Phia.”
- July 10, 2026 – TechCrunch published its report: “Phia accused of ‘cookie stuffing,’ taking affiliate credit on purchases it didn’t earn.”
- July 11 – 14, 2026 – Engadget, Inc., Affiverse, and others covered the allegations and Phia’s response.
The Key Questions That Remain Unanswered
The story is far from over, and several critical questions are still hanging in the air.
Was this a bug or a business model? Phia says code caused the issue. Edelman says the feature’s name, its server-side control mechanism, and the pattern of its activation all suggest intentional design. According to Affiverse, Edelman told Inc. he did not believe the behaviour was accidental.
How long did it really run? Phia used “recent release” language. Edelman disputes that framing and says the feature shipped on December 13, 2025 – potentially seven months of activity across tens of millions of shopping sessions.
How many purchases and commissions were affected? No confirmed public figure exists yet. Edelman’s estimate of up to ten times the influenced sales is striking, but has not been independently audited.
What will happen with Impact.com and retail partners? TechCrunch reported that Impact.com suspended Phia. Whether that suspension becomes permanent, whether merchants reverse commissions, or whether partnerships are cut – those answers are still coming.
Will there be a lawsuit? As of July 16, 2026, no major litigation against Phia specifically over these cookie-stuffing allegations has been publicly reported. But given the parallels to the Honey litigation, the question of legal action is very much on the table.
Inc.’s crisis-response experts noted that stakeholders – investors, retailers, publishers, and users – will expect a detailed, transparent postmortem from Phia: one that explains exactly what happened, which users and merchants were affected, how long the behaviour persisted, and what safeguards have been put in place to ensure it cannot happen again. That level of clarity has not yet been publicly provided.
Why This Story Is Bigger Than One Startup
The Phia cookie-stuffing allegations matter beyond just one company’s reputation. They expose a tension that sits at the heart of the browser extension economy: the very tools built to help consumers find better deals may have financial incentives to quietly capture value from the ecosystem around them – from creators who earned a referral, from merchants who are paying for traffic they already had, and from users who never knew their checkout was being watched.
For anyone building a startup, raising funding, or navigating the increasingly complex world of AI-driven consumer tools, this story is a reminder that trust is fragile. The affiliate marketing world runs on integrity – on the idea that credit goes to whoever actually earned it. When that system is gamed, the consequences ripple outward to publishers, creators, retailers, and ultimately to users who expect the tools they install to work for them, not around them.
The coming weeks will reveal a lot about how Phia handles the fallout and whether the startup world holds it accountable. One thing is already clear: the questions being asked about Phia are not going away quietly.
Frequently Asked Questions
What is Phia?
Phia is an AI-powered shopping assistant, available as a mobile app and browser extension, co-founded by Phoebe Gates and Sophia Kianni. It compares prices, surfaces discount codes, and finds secondhand alternatives for shoppers.
What is cookie stuffing?
Cookie stuffing is when a company or individual secretly inserts their own affiliate tracking cookie into a shopper’s browser without genuinely referring them, allowing them to claim a commission for a sale they did not actually influence.
What exactly is Phia accused of doing?
Phia is accused of opening a background tab during checkout and inserting its own referral code, sometimes overriding another affiliate’s tracking code that was already present, allowing it to claim commissions on purchases it did not influence.
Who is Ben Edelman?
Ben Edelman is an independent researcher with a long history of investigating browser extensions and affiliate marketing practices. He published a detailed technical analysis alleging Phia’s behaviour on July 9, 2026.
Has Phia responded to the allegations?
Yes. Phia says a recent code release caused “misattributions” for a subset of users and that it worked quickly to identify, mitigate, and resolve the issue. Critics dispute the “recent” framing, noting the feature reportedly shipped in December 2025.
Has Phia faced any consequences so far?
Yes. Phia was suspended from Impact.com, a major affiliate and influencer marketing platform, following the allegations.
Who is harmed by cookie stuffing?
The main victims are typically merchants and legitimate affiliates – bloggers, review sites, and creators who genuinely drove a sale but do not receive the commission because it was redirected elsewhere.
Is this similar to any past controversies?
Yes. The allegations closely resemble the ongoing PayPal Honey class-action litigation, and cookie stuffing has previously been prosecuted as criminal fraud, including the 2013 Brian Dunning case involving eBay.
Is Phia facing a lawsuit?
As of July 16, 2026, no major litigation against Phia specifically over these cookie-stuffing allegations has been publicly reported, though comparisons to the Honey litigation keep the possibility open.

