A Bot Too Far
It’s been over a year since I left the adidas app & hype teams, since then much has changed, both in terms of how the systems I helped build work underneath, and from what I can observe from the outside and in my final moments there: there’s way more folks inside that have adopted a genuine and serious approach towards the “bot problem” and many other issues.
With that in mind, I would like to share some personal perspective that might help both sides of the “cat and mouse” game and specially younger folks not fall into the same mistakes other young folks did about 1-2 years ago.
Let’s start with the basics, that anyone that has been a part of the community since around 2015, and before that, will tell you:
Shut the f#ck up
I see tons of new folks falling for this one, at times even from both sides of the game.
If you are into Security, almost all videos you might want to watch on youtube about Operations Security (OPSEC) (one example, and another example) will have one thing in common, they will all explicitly tell you that, when running a particular kind of operations, it’s better to keep your mouth shut and information flow on a need-to-know basis, versus doing what all typical script kiddies or clout-chasing hackers might do, diving into boasting and drawing a lot of attention for clout.
Continuously chasing after clout and boasting brought the demise of many groups and bots in the past. For multiple reasons, but the one thing in common was, at one point, someone from within the groups/bot dev team would draw too much attention, becoming a target later on of drama, and many other issues. This is one common story arc, but it’s not in my opinion the key towards adopting a “radio silence” stance.
The key, and the other story arc that folks don’t think about or underestimate is: you wouldn’t imagine what is possible to do with any bits of information that you share out to the world. All bits help the other side paint pictures. Take for example success screenshots.
You’d think that success screenshots are a great marketing strategy, and that there’s no harm in them. So you go ahead and post screenshots of:
- payment providers statements(e.g. Revolut, N26, …),
- email headlines of order confirmation,
- order summary screens,
And you think to yourself…
“there’s not much the other side can do with this information, I even erased some of the private parts”
In the meantime the other side has an idea of which payment provider (and country tax/fiscal entity) to filter for, which shoe sizes/skus to filter, what are some characters that were not properly greyed out of emails, names, order ids, … All of these bits of information stop looking innocent if you assume three simple principles from the other side:
- they are constantly putting those puzzle pieces together,
- they have access to all the data,
- they actively study the data.
“But I need to market my bot/cook-group/brand, or defend it, someone is calling it out saying we are not legit or don’t cop!”
Well, then here’s a safe rule of thumb: Assume everything is a bait (immediately or eventually).
Clipping is a false friend
Hitting pairs doesn’t mean you did good or better than other competitors. It doesn’t mean brands are sleeping or not even clipping.
Folks are quick to draw conclusions that if they hit, the setup was great, they’re better than others, if they don’t, they’re either getting clipped (and then folks start drawing theories of why they are getting clipped, maybe getting depressed, or maybe getting paranoid), or they did the setup wrong.
The problem with the stance of “ABC shouldn’t do XYZ, because they’re clipping the game for everyone else” is that folks forget there’s more to the whole story, and that the ultimate goal of the other side in any sale is to sell all available stock so that someone internally can tell their boss they sold everything and get a promotion/pat-on-the-back.
Realistic and violent clipping has been happening for years without the community knowing, and it’s not being advertised on Twitter. For every 100 cookgroups and latest task/raffle based bots, theres a tiny handful of folks based in China, Russia, US, UK, France, Poland, Spain, … that will attack different drop systems at scales 10x to 100x bigger than the most common attacks (if we can call these “attacks”). They are destructive, they’re the ones that would cause most pagers after midnight, and they are the hardest to track “who is who”, due to a simple trick: they are not visible anywhere, they shut the f$%k up. Easy to clip due to scale of attack, hard to identify or label due to a lack public clout chasing.
Bots drive the lion’s slice of demand
The joke that “Bulk is not hitting less than 10 pairs of the same SKU” has a real meaning for brands. Brands needed to sell those pairs either way.
Folks need to realize that in moments of affliction, and yes, those exist, if underselling is going to be in the way of someone’s political stance and influence within a brand’s organization, or a promotion, you can bet your ass there will be weird cases of folks hitting multiple pairs… all for the sake of sell-through and metrics on someone’s spreadsheet.
Ideally, yes, the stock would always be distributed fairly, and this is one of the main goals of a lot of brand developers: achieving any “decent” fairness through different drop mechanics. The problem with fairness is that it’s not something that can be void of its context, and it’s really, I mean, REALLY, hard problem to solve.
For instance, and an understandable example: What if I told you that, for almost all drops you can think of, there isn’t enough demand by genuine users that would guarantee 100% of stock could be exclusively sold to genuine users? (Genuine as in - only 1 person trying to hit only 1 pair, manually).
Put yourself on the brand’s shoes (pun intended): would you rather sell say, 70% of your stock and not let bots hit, or try and sell all 100%, cover your eyes, and hope that bots won’t ruin it for a lot genuine users?
Back-doors are an eventual “go-straight-to-jail” card
We all know the stories and legends of the kid whose mother was big at a brand and used her connections to sell impossible shoes, or the kid that had stolen code from a brand and incorporated that code into their bot, or the dozens of kids that had all sorts of access tokens or private keys to brands backoffices and payment providers, or the hundreds of kids that know someone who knows someone at a local footlocker or warehouse or retail shop, etc.
All of the bigger and most hardcore shortcuts and back-doors caught up with every single person eventually.
The problem with shortcuts is not that they work until someone is caught and they stop working. The rather real problem is that there is always someone who knows that someone else is using a shortcut, and is patiently building a case against that person. Sometimes for years. Waiting for the right moment to strike, or for the “tree” to grow tall, and then cut it at it’s root.
Avoid back-doors if you don’t like jail.
Don’t sh#t where you eat
This last point is not particular to coping exclusive shoes or fashion items, but something I also would like to discuss a bit, starting with a story. If you kept up with the community or maybe are a member in one of the more OG groups for a while, you probably remember some other (sh#tty) groups, some of which have since closed doors, decided to take a break for their health, didn’t refund and exit-scammed customers into oblivion, coming up with a “brilliant” idea at the start of the pandemic:
“let’s take stock of “basic needs” stuff” so we can resell it
This involved folks trying to take stock of instant noodles and soups and other cheap food products, toilet paper, overall hygiene products, …
Promptly, a lot of genuine folks called this out as a shitty behavior: it involved cannibalizing on stuff that wasn’t exclusive or “hype”, but common stuff that a lot of folks in desperate conditions needed the most at that time of crisis. Everything requires balance, and empathy. “All is fair game” until it isn’t.
This is why I recommend folks to thread safely and wisely when deciding which ventures to explore. It’s one thing to try and take all the stock of a new YEEZY 500 BRICK, it’s another to go after stuff that wasn’t intended for that kind of game. This is where audiences split. Everyone with a heart might agree that it’s shit to take a crisis situation and go after basic needs items, but not everyone might agree it’s fair game for folks to go after a mainstream videogame console or a graphics card. Consoles and graphics cards are not basic needs items, but there’s likely more hate at any stage for folks that cop these, than folks that limit themselves to cop actual scarce and exclusive stuff.
I’d be lying if I didn’t admit that when I see photos with a lot of PS5s stacked I get frustrated. And the frustration is two-way:
- I get overly frustrated with SIE (* PlayStation), Nvidia, … for not properly setting up anti-bot measures themselves and enforcing ALL retail sellers to adopt hardcore anti-bot measures to try and make getting these items fairer for common folk. A lot of work needs to be done on this front, and the brands and retailers are not innocent, and are being overly incompetent with the matter.
- I get slightly frustrated with all these kids posting trucks filled with PS5 boxes. I admire the fact they try and make a living, and from a “hacker” perspective, I admire the wits and creativity some folks have to circumvent rules, but I can’t stay impartial like I did with $300 shoes. Mostly because I know that a lot of desperate folks will be willing to pay double the price to get a console off a reseller, and genuine folks that wanted a console, and who knows, maybe don’t have a lot of disposable cash, are the ones getting clipped in this market. What do edgy kids say these days? “We live in a society, gamers are being oppressed by scalpers/resellers!”
Such is life.
If you read this far, thank you. Feel free to reach out to me with comments, ideas, grammar errors, and suggestions via any of my social media. Until next time, stay safe, take care! If you are up for it, you can also buy me a coffee ☕