Weaponising shopping carts

You know about Denial of Service attacks—malicious actors flooding websites, emails or apps belonging to businesses or institutions using massive volumes of fake visits. Real customers and users are denied service as a result.   DoS attacks, and their scarier cousin, Distributed DoS attacks are threats most large digital businesses have to learn to withstand and survive.   But did you know about Denial of Inventory attacks? I didn’t.
Denial of Inventory is most commonly thought of as taking e-commerce items out of circulation by adding many of them to a cart/basket; the attacker never actually proceeds to checkout to buy them but contributes to a possible stock-out condition. A variation of this automated threat event is making reservations (e.g. hotel rooms, restaurant tables, holiday bookings, flight seats), and/or click-and-collect without payment. But this exhaustion of inventory availability also occurs in other types of web application such as in the assignment of non-goods like service allocations, product rations, availability slots, queue positions, and budget apportionments.
There have been multiple stories about how TikTok users and K-Pop fans used DoI attacks against US President Donald Trump’s campaign rally in Tulsa, Oklahoma. Legitimate buyers weren’t able to buy tickets.
Others went beyond rally tickets, adding MAGA hats, baseballs, and “Baby Lives Matter” onesies to their shopping carts. And then forgetting about them. It’s not clear yet if that led to store stockouts, though.   Here’s where it gets interesting.   Modern e-commerce stores are wired with digital advertising solutions from the likes of Google and Facebook. Shoppers who abandon items in their carts are automatically “retargeted” across the web with ads and offers on those products. Surely, you’ve noticed that happening to you when, for instance, you’ve searched for an airline ticket or a dress?   You can guess what happens next. The systems start targeting users with ads every opportunity they get. Ads that cost real money.
“If you’ve ever abandoned a cart online, you might recall having seen more ads or emails from that brand, oftentimes with discounts,” he added.   Ergo, by acting like interested potential buyers and then abandoning their carts, these users cost related ad campaigns more money as the brand continues to reach out.   Clayton McLaughlin, senior vice president of media investments at digital marketing agency iCrossing, agreed the concept “could potentially wreak havoc with a digital campaign.”
“Whether it’s an intended retargeting campaign or a positive signal to an optimization algorithm, those users will likely be targeted again,” McLaughlin said. “Plus, other users that share similar traits will start to see the ads as well based on lookalike modeling. Overall, it creates a potentially expensive situation for an advertiser.”
It’s amazing how protestors can weaponise the infrastructure of modern e-commerce and digital advertising. Call it “culture jamming.”
Sometimes, quite inconveniently though, the jammer might turn out to be… a Google bot.
For more than a year, online merchants selling items ranging from kayaks to keychains have puzzled over the mystery shopper with the generic name behind thousands of abandoned carts. Each cart has only one item.
It is more than a nuisance. John Smith’s activity skews analytics that online merchants use to advertise and make other critical business decisions. The shopper also uses a bunch of bogus email addresses, and sellers get warned by their internet service providers for sending follow-up pitches to phantom customers. Some worried the aborted sprees were the work of a competitor or hacker.
Why you can’t leave it be   Seetharaman   Covid-19 has created a problem of plenty. Of unused leave days.   As the lockdown has restricted our movement, there have been few reasons for us to take some time off. Simply because there is nowhere to go.     This is great for companies, right? Think again.
After several challenging months on the job during the coronavirus pandemic, businesses want workers to use their paid time off to stave off burnout and avoid a year-end vacation crunch.   […]   Unused vacation time is logged as an accounting liability on corporate balance sheets, so companies notice when it adds up, says Peter Cappelli, a professor of management at the University of Pennsylvania’s Wharton School. No, really, your boss wants you to take vacation—now, The Wall Street Journal
It’s very likely that once the spread of the virus is under control, there will be a rush to use up leave days. Companies will then have to say no to some of its employees.   And, as a consultant told the UAE’s The National, there is another reason organisations want to avoid this.
“The risk is that staff all want to use their holiday just as we start to come out of this crisis and the economy is picking up. This would lead to workforce pressures and business disruption. Businesses need to take a proactive stance on how to manage their leave.”
Closer home, there have been reports of companies forcing employees to exhaust their leave allotment during the lockdown.   Some organisations do not allow for paid leave days to be carried over from one year to another, or place a limit on the number of days that can be added to the following year’s quota. The UK government in March announced that workers would be able to transfer up to four weeks of leave unused because of the coronavirus to the next two years.   If the lockdown and working from home persist, a lot of us are bound to end the year with fewer days off than usual.
You can check in, but you can never leave   Kay
“Starved of the travel experience during the coronavirus lockdown? One Taiwanese airport has the solution – a fake itinerary where you check in, go through passport control and security and even board the aircraft. You just never leave.” Check in but never leave: Taiwan offers fake flights for travel-starved tourists, Reuters
(Source: Taipei Songshan Airport’s Facebook page)   While this might appear funny to some, the desperation to travel is real. About 7,000 people applied to participate in the fake flight experience; 60 were randomly selected in the first round. The bigger agenda is, of course, for the Taipei Songshan Airport to showcase its newly-refurbished interiors.   Will airports across the world follow suit? It’s not like the grounded aircraft are going anywhere anyway.
The enemy of my enemy…
Savio   Sameer Nigam, founder and CEO of digital payment app PhonePe, made some interesting comments about his rivals and the industry in an interview with ET Now.
ET: How are people going to comply when there is no data protection law?
SN: I think there is an IT Act. The government has said we need FDI, FII money and here I am giving a rare shoutout to Paytm. To say they are a Chinese app because of their shareholding is absurd. They are headquartered in India, have thousands of employees here, people have celebrated the company’s achievements for the last five years and now suddenly they are saying Paytm is not Indian because it has investment from Alibaba, that attitude is not right and inconsistent.
ET: You’re speaking up for Paytm, a few days after you spoke up for Google Pay. Both are your rivals, why this sudden change of heart?
SN: I think there are many areas where we disagree but it’s time for the industry to start fending for itself as it’s too easy to get victimised.
“The industry has to start fending for itself?” Against whom?
“It’s too easy to get victimised?” By who?
The digital payments industry in India is dominated by a few: Walmart-owned PhonePe, Google Pay, BHIM, and Paytm*. The quartet controls most of the market and has comfortably settled into rankings.
So much so that the digital payments regulator, the National Payments Corporation of India (NPCI), which owns BHIM, recently had to step in and stem rumours that Google Pay was an unauthorised app. So who, then, does Nigam see the industry fending off?
ET: So you are saying that there needs to be a distinction. That one can’t say Paytm must be targeted because Alipay has a stake in it and Alibaba has a stake in Paytm Mall because there is concern about what kind of control these investors exercise?
SN: If we are going to celebrate as a country that Jio has raised over Rs 1 lakh crore, then we should be able to celebrate capital coming in too. Do we know if Paytm is giving out data? Did you know that Facebook is giving your data? These can’t be used as reasons to say that Paytm’s Vijay Shekhar Sharma or any other employee of that organisation is working against India. These are two completely different topics.
Let’s take that one by one:
Jio happens to be India’s top telecom player, owned by conglomerate Reliance Industries, the country’s top company by market value that also happens to have started an e-commerce venture called Jiomart.
Facebook happens to have invested Rs 43,574 crore ($5.8 billion) for a 9.99% stake in Reliance’s Jio Platforms. Oh and Facebook also owns WhatApp, whose ambitions to start payments in India has been stymied time and again.
Experts have also said the arrangement among Reliance Retail, Jio Platforms and Facebook-owned WhatsApp to offer consumers the ability to access the nearest kiranas, or grocery stores, which can provide products and services to their homes by transacting with JioMart using WhatsApp has come at a very opportune time.
WhatsApp boasts of 400 million users in India. Further, using WhatsApp’s base also allows Reliance Retail to promote its services to users of Jio’s rival telecom players.
The deal, now approved by CCI, also marks Facebook’s entry among elite investors in India’s technology space, joining the likes of SoftBank, Amazon and Google that have together poured in billions of dollars in Indian tech startups and their own ventures over the years. CCI approves Facebook’s 9.99% stake buy in Jio Platforms, The Indian Express
It’s quite possible that Nigam is arguing for a fair, rules-based approach for every player. Or maybe this is a preemptive ‘First they came…‘, and his call to arms now will be reciprocated by the enemies of his enemies later.
Last lesson standing
Olina   On Wednesday night, about 175 parents and school children joined an online protest over the blanket ban on online classes in Karnataka. Bengaluru, the capital of this southern Indian state, is the colloquial “Silicon Valley” of India, an irony that wasn’t lost on many of the protesters. In case you can’t see it, the first picture shows each screen with a lit candle in it, which was soon replaced by a common message—to lift the “arbitrary ban” on online schooling.
(Source: Olina Banerji; #righttolearn campaign)   Now India’s education system is just as balkanised as its federal structure. Schools come in various shapes, sizes, and levels of quality. Most private schools, shut due to the pandemic, are trying to reach out to their students digitally, while government schools are wholly reliant on government or civil society actors.   The makeshift arrangements aren’t ideal, especially with schools running out of money to pay teacher salaries. They have to resort to cuts, or worse still, pay by the hour.
“One principal of a school in Bengaluru said that this will come into effect from July. “We have decided to pay teachers based on their salary from the previous academic year. This amount will be divided by the number of working days, and then multiplying it by the number of hours they are teaching. So by this formula, a teacher whose monthly salary is ₹30,000, will get ₹250 per hour. If they take online classes for two hours per day, they will be paid ₹500 per day,” the principal added.” Private schools to pay teachers by the hour, The Hindu
The big Byju’s break-in   Clearly, things are a mess. But where schools lose out on monetising online classes, Byju’s and a plethora of edtech apps can find a way in. So far, they’ve been largely locked out of the school network, partly because there was no need to replace the offline school structure. Neither was it desired.   Parallels between telecom and edtech are hard to miss here. Just like Jio gained an unparalleled advantage—as its rivals bleed by a thousand regulatory cuts—it’s also Byju’s moment to capture a share of the education wallet.   That is, through the decimation of all other online classes except its own. And it’s all going down in Byju’s hometown—Bengaluru. Multi-billion dollar edtechs can create better content, hire good teachers, and massively subsidise the outreach. But they still can’t replace the real thing. Yet.   Education has an outsized share of 18.4% in what an urban household spends. In a tough job market, though, how much are parents willing to shell out for two different types of online classes?   The point wasn’t lost on parents either. This is a transcript of the chat window.
(Source: Olina Banerji; #righttolearn campaign)
Going back to school is… fun?
Olina   Schools across the world are trying to crawl back to normal. But with major tweaks. Like fever guns at entrances. Social distancing norms on the basketball court. Hospital like-cafeterias.   The biggest casualty, though? Passing furtive notes in class.   The picture below is part of an amazing Reuters slideshow on the new look at schools across the world.

Leave a Comment