Phia Under Fire: AI Shopping App Co-Founded by Phoebe Gates Accused of “Cookie Stuffing”

The burgeoning intersection of artificial intelligence and retail commerce has faced a significant credibility crisis this week. Phia, the AI-powered shopping platform co-founded by Phoebe Gates—the daughter of Microsoft co-founder Bill Gates—and climate activist Sophia Kianni, has found itself at the center of a burgeoning controversy regarding its affiliate marketing practices.
Multiple independent investigations, including a rigorous technical breakdown by researcher Ben Edelman and reporting from Bloomberg, have alleged that the browser extension utilized a controversial technique known as "cookie stuffing" to artificially inflate its affiliate commissions. By allegedly triggering invisible clicks and hijacking referral pathways, the app is accused of claiming credit for retail sales it did not generate, effectively diverting commissions from other legitimate publishers and retailers.
The Mechanics of the Allegation: What is “Cookie Stuffing”?
At the heart of the controversy is the practice of "cookie stuffing" (or "forced clicking"). In the world of affiliate marketing, a company earns a commission when a user clicks a tracking link that places a "cookie" on their browser, signaling to the merchant that a specific partner drove the traffic.
According to the evidence presented by Ben Edelman, Phia’s browser extension allegedly bypassed the user’s intent by loading affiliate links in the background without the user’s knowledge or interaction. Edelman’s research, which includes video evidence, demonstrates that when a user visited certain merchant websites, Phia’s code would invisibly load a second tab or execute a script on iOS devices to inject the app’s affiliate tag into the user’s session.
This means that even if a user arrived at a store through a different affiliate, a social media influencer’s link, or a direct search, Phia’s software would "stuff" its own cookie into the browser at the last possible second. Consequently, the merchant’s system would attribute the transaction to Phia rather than the actual source of the traffic.
A Chronology of the Controversy
The timeline of Phia’s rapid rise and subsequent scrutiny provides a lens into how quickly high-profile tech startups can find themselves in ethical crosshairs.
- Spring 2025: Phia officially launches, marketed as an AI-powered assistant designed to streamline the shopping experience by helping users find products and deals. With the high-profile backing of Phoebe Gates and Sophia Kianni, the app quickly gains traction in the competitive "shopping companion" market.
- December 2025: According to investigative reports, this is the month when the problematic code—the feature enabling the alleged forced clicks—was pushed into the live product environment.
- Early 2026: Observers and affiliate networks begin noticing irregularities in traffic attribution. Discrepancies between expected referral sources and actual commission payouts trigger internal audits at various major retail platforms.
- July 2026: The controversy reaches a fever pitch as Ben Edelman publishes his comprehensive breakdown of the "forced clicks." Bloomberg and Capital One Shopping release their own investigative reports, corroborating the findings and quantifying the extent of the misattribution.
- Present Day: Phia faces immediate backlash from the affiliate marketing community, while the company attempts to contain the reputational damage through technical fixes and public statements.
Supporting Data and Technical Breakdown
The documentation provided by Edelman is particularly damning because it removes the ambiguity of "accidental" behavior. By capturing the network traffic on iOS devices, the investigation demonstrated that the Phia extension was proactively making network requests to affiliate networks in the background.
In a standard affiliate model, the commission is a reward for influencing a purchasing decision. By automating the placement of these tracking cookies, Phia effectively turned its extension into a "commission vampire," feeding off the traffic generated by other websites without providing the value-add of discovery or recommendation.
Retailers rely on accurate attribution to determine which marketing channels are effective. When a service like Phia hijacks these attributions, it distorts the retailer’s marketing budget. Retailers pay out commissions for sales they would have made regardless of the app’s involvement, leading to a direct financial loss for both the merchant and the legitimate publishers who earned the referral.

Official Responses: A Bug or a Feature?
In response to the mounting pressure, Phia has adopted a stance of contrition, framing the entire incident as an unintended technical error rather than a deliberate business strategy.
In a statement provided to Bloomberg, a spokesperson for Phia stated: "Within the last 24 hours, we were made aware that in a recent release our codebase was causing misattributions from a subset of users. As soon as we were notified, our team worked overnight to identify, mitigate, and has since resolved the issue."
The company maintains that the behavior was the result of a bug introduced in a recent update. However, industry experts remain skeptical. Critics point out that "cookie stuffing" is a complex, deliberate piece of engineering. To implement such a feature requires specific code that interacts with tracking pixels and browser session states. Questions remain as to how such a significant "bug" could pass internal quality assurance and compliance reviews, especially in an app that relies entirely on affiliate revenue as its primary business model.
The Broader Implications for the Tech Industry
The Phia incident raises profound questions about the oversight of AI-powered browser extensions and the ethical boundaries of the affiliate marketing industry.
The Erosion of Consumer Trust
For users, the discovery that their browser extensions are secretly manipulating their shopping sessions is a breach of privacy. If an app is willing to load hidden tabs to steal a commission, what other data is it harvesting? This incident highlights the "black box" nature of many modern browser plugins, where users have little visibility into the background processes running on their devices.
Accountability for "Celebrity" Startups
The involvement of Phoebe Gates brought significant venture capital and public attention to Phia. While high-profile founders can help a startup scale rapidly, they also invite a higher level of public scrutiny. This case serves as a warning that the tech industry, particularly the affiliate space, is a highly regulated and deeply competitive ecosystem where technical shortcuts are rarely tolerated by the platforms and merchants that power the industry.
The Future of Affiliate Marketing Regulation
The affiliate marketing industry has long struggled with "bad actors" who use deceptive practices to claim commissions. Major affiliate networks have developed sophisticated fraud detection algorithms to catch cookie stuffers. The fact that Phia was caught suggests that these detection systems are becoming increasingly effective. However, it also suggests that as long as the commission model remains, companies will be tempted to use "gray hat" tactics to boost their bottom line.
Conclusion: A Turning Point for Phia
As Phia moves forward, its primary challenge will be restoring the trust of the retail partners it allegedly undermined. Affiliate networks are notoriously unforgiving when it comes to fraud; many publishers and extensions have been permanently banned from platforms like Amazon Associates or Rakuten for similar, even less egregious, violations.
Whether the "bug" narrative is accepted by the industry remains to be seen. For now, the reputation of the platform, and by extension its founders, remains under a dark cloud. The incident serves as a stark reminder that in the age of AI, transparency must be the foundation of any consumer-facing technology. As the digital economy continues to evolve, the distinction between "smart shopping" and "deceptive automation" will likely become the central battleground for regulators, developers, and consumers alike.
