High-Frequency Trading Developer Open-Sources Own Bot to Help Combat Scalpers

[linuxChips2600]

Original Source: https://github.com/EricJMarti/inventory-hunter  

Since I feel that the README does a pretty good job at explaining what the bot does/how it works, how to use it, and his motivations for making it, I won't go into a lot of detail on such things here, but here's a highlight on some of the most important things from that README plus some additional relevant info I found from other sources.

 

1. The primary developer (a.k.a. Eric) really seems to know what he is doing, especially as this WordPress news article from his alma mater states that the developer now works at Susquehanna International Group, a privately held global trading and technology firm.  Furthermore, if this 2019 report is anything to go by, then "high-frequency trading [a.k.a. HFT] represents about 50% of trading in US equity markets [today]," and very often (if not all of the time) HFT is software-automated.

2. Note that Eric (the primary developer) recommends but does not require that the bot be installed on a Pi, since the bot if deployed will be running 24/7.

3. As Eric states in the README, "it is [ultimately] up to online retailers to combat [scalpers]," and if this Tom's Guide news article is anything to go by, then open-source bots like this is likely our best bet at the moment.  Also note that this bot does not automate the checkout process as well, and since scalpers tend to be lazy, scalpers will continue to much more likely use "premium paid-for" solutions such as the infamous Carnage Bot.

 

4. As a huge fan of the open-source model, I love it any time when open-source software truly gets put to good use.

P.S. I didn't put this in "Tech News" since Tom's Hardware already reported about this at the beginning of last month, and I felt that it was also appropriate to put this in a separate thread as the original thread discussing ways to combat scalpers is rather old.

[Mark Kaine]

I can't afford any more 3070's though!?

 

Still a good idea I guess!

 

[linuxChips2600]

2 minutes ago, Mark Kaine said:

I can't afford any more 3070's though!?

"bUt I nEeD TaH pAy MAh BiLLs" - every scalper, ever

[RAM555789]

Honestly I don't see this helping too much considering the fact we still have to deal with things like the carnage bot. Even though it will be a pain we need tougher verification AND limitation on the amount of GPUs a single customer can purchase. Miners have been buying up huge stock too on these products (one rig consists of 87 3090s and makes $100k+ per year). Honestly the only way I see if to try to make it as annoying as possible to purchase the products and add more verification steps to make it harder to bots. Multi-step verification like 2-factor, using things like email + phone verification, checking if same address is used multiple times, ect. are the only real way I see to combat these bots and mass buyer. I normally wouldn't have a huge problem with miner mass purchasing but its too much between them and scaplers to have a fair market.

[linuxChips2600]

12 minutes ago, RAM555789 said:

Honestly the only way I see if to try to make it as annoying as possible to purchase the products and add more verification steps to make it harder to bots.

TBF I don't think a reliable solution involves also "punishing" the average consumer (i.e. one who wants hardware for actually putting it to good use instead of just selling it for a profit) for things which are clearly not their fault (e.g. the high demand for latest-gen hardware thanks to in part to the pandemic).  And also even though I definitely agree that cryptominers shouldn't be hogging up the limited current GPU stocks, unlike straight-up scalpers at least they are actually using the hardware.

Edit - also given what animosity has done to U.S. politics, the absolute last thing I want is even more animosity in online communities (i.e. first it was the average consumer disliking or even hating scalpers and now the same animosity is also directed towards cryptominers), not that animosity is exactly a good thing to begin with.

[RAM555789]

Just now, linuxChips2600 said:

TBF I don't think a reliable solution involves also "punishing" the average consumer (i.e. one who wants hardware for actually putting it to good use instead of just selling it for a profit) for things which are clearly not their fault (e.g. the high demand for latest-gen hardware thanks to in part to the pandemic).  And also even though I definitely agree that cryptominers shouldn't be hogging up the limited current GPU stocks, unlike straight-up scalpers at least they are actually using the hardware.

I think the problem is we view it as a punishment when we should view it as protection. It might be annoying to lock and unlock your car, house, ect. but the benefits out way the risk. If companies are transparent about why they add verification you might be able to change the normal customers outlook on these extra steps from "punishment" to security. Even more casual gamers on consoles or other hobbies like airsoft, and cars have noticed and increased in scaplers (and know the term) so I think most online shoppers would be accepting of these changes, (also in part due the pandemic) especially if it insured they could actually get the product rather than waiting months for it. The other gray area I guess would be how to handle business's and that would also in part extend to cryptominers who run it as a company/LLC.

[linuxChips2600]

18 minutes ago, RAM555789 said:

Honestly I don't see this helping too much considering the fact we still have to deal with things like the carnage bot.

Also (mainly because I didn't feel like editing a comment more than once) I tend to see things in a more positive light and now consumers aren't simply left waiting helplessly if they genuinely want to purchase hardware right now at relatively reasonable prices.

[linuxChips2600]

3 minutes ago, RAM555789 said:

I think the problem is we view it as a punishment when we should view it as protection. It might be annoying to lock and unlock your car, house, ect. but the benefits out way the risk. If companies are transparent about why they add verification you might be able to change the normal customers outlook on these extra steps from "punishment" to security.

I don't disagree with your point the slightest; however especially for those who have studies psychology they would know that it is ultimately not up to anyone to tell another person how they "should" feel.  Furthermore, some of your suggestions involving the storage of very sensitive personal info (e.g. phone numbers and addresses), and the last thing any of us want is yet another massive data breach headlining major news outlets everywhere.  Any person who is at least somewhat familiar with infosec knows that it isn't necessarily a matter of "if a security break may happen" but a matter of "when a security breach may happen."

[RAM555789]

One other big hope I do have is governments have picked up on ticket resales which have been scapled for a fairly long time and theres is the possibility of legislation that might penalize these scaplers and or make it illegal. 

[RAM555789]

4 minutes ago, linuxChips2600 said:

phone numbers and addresses

A lot of this information is already stored online when you make the purchase and ship it to you. Weather its paypal, facebook, google, ect. good chance one or both of that sensitive information is online. The only compromise could be storing the data for a set period of time, like 2 weeks or a month, ect. I know somehow evike shipped to my old army address that I had already deleted off my account which means that for some reason paypal had stored my old address despite me deleting it off my account.

[linuxChips2600]

6 minutes ago, RAM555789 said:

I know somehow evike shipped to my old army address that I had already deleted off my account which means that for some reason paypal had stored my old address despite me deleting it off my account.

I know that either Instagram or Yahoo had a disclaimer which said that it could "take up to 90 days to permanently delete [all of your personal data]" when I deleted those accounts respectively; so yea you can see where even if such information is already stored online it doesn't necessarily entirely invalidate what I was trying to say about the security of such stored info.  Even then depending on how it gets "deleted" such information could still be hanging around in some HDD in some server far away...