The ability to alter the tracking is an exploit, not a feature. Don’t get me wrong, I’m glad it’s possible, but it seems more a result of a lazy implementation rather than a generous choice.
Not any more than any other tracking method.
This isn’t true. There are more opaque ways to track this like cookies, redirects (triggering an api call), and scripts. These could also be exploited depending on how they’re done, but it would be way less obvious than just changing the URI.
It just seems like they chose the simplest method, thus hampering the effectiveness of their greed.
All the solution you proposed have big tradeoffs. Most would require to run some code on the site where the URL is, which is often not an option. And they would not work if the link is shared between people. For a lot of cases the solution they used seems to be the best one.
Wait, you’re complaining that end users can change it?
Yes, there are ways the website could prevent that. I’m not sure why that goal serves any purpose, though. Defaults are going to get them the vast majority of the commissions they earn, and being simple and easy for users who really want to reward the creators more to do so is worth the negligible cost.
Getting commission on sales you make isn’t greed.