Everything you need to know about preventing sneaker bots

Sneaker bots plague releases. But what can be done? How did we get here? Will legislation fix things? How do sneaker raffles remove bots from the equation? Are there other options? These are the questions we’ll deal with in this blog.

Published:
Nike sneaker in purple hand on beige background

If you’re a sneaker retailer, you know bots are a huge problem in the $42 billion sneaker business.

According to Imperva’s 2019 Bad Bot report, 18% of traffic to ecommerce sites is from bad bots. But sneakerheads know that in their world, bots have come to dominate the game. On hyped releases, close to 100% of traffic comes from bots, according to Akamai’s director of threat research.

Limited-edition releases and high-profile collaborations generate so much demand that an entire resale industry has sprung up. These sneakers become assets akin to stocks or artwork. You could be forgiven for visiting StockX, a streetwear resale site, and thinking you were looking at a stock market analysis page, what the New York Times called “A Nasdaq for Sneakerheads”. Where the money and hype are, bots follow.

Jordan 1 Retro on StockX sneaker resale site
An example from StockX with terms like "ask", "bid", "ticker" and "volatility"

And bad bots are bad for business. They erode the trust and connection between consumer and retailer, and can create overwhelming traffic that crashes your site, losing sales on products across the board.

But what can be done? How did we get here? Will legislation fix things? How do sneaker raffles remove bots from the equation? Are there other options? These are the questions we’ll deal with in this blog.

 

The evolution of sneaker bots

According to Lauren Schwartzberg at WIRED, sneaker bots really started out back in 2012 with the release of the Air Jordan Doernbecher 9. Nike chose to release the shoe via Twitter, and users could reserve the shoe by being one of the first to direct message (DM) the company. Very quickly, people created bots to scour Twitter’s API and DM Nike after any tweets with terms like “reserve now” or “Doernbecher”. With these bots “you could send hundreds of DMs in a tenth of a second,” says one botmaker. Humans didn’t stand a chance.

At the same time, ecommerce platforms like Shopify came around that made it vastly easier to sell products online without technical expertise. With the Nike Twitter releases and increased online sneaker sales, botmakers began developing more advanced bots.

Originally, botmakers would sell their bots (which are just scripted computer programs) to sneakerheads who would pay the extra money to secure their sneakers. Whole sub-Reddit threads like /sneakerbots and /shoebots are dedicated to sharing knowledge on how to use bots to score a pair of kicks.

But then the botmakers realized: why sell a one-time product if they can charge a fee for every sneaker release and run the bot themselves? Thus, the Add to Cart services were born. Sneakerheads go to a botmaker’s website, enter their order and payment information, and wait for the bot to snag them their sneakers. If successful, the sneakerhead pays a fee to the Add to Cart service in exchange for the bot-purchased sneakers.

Between the Add to Cart Services and individually-run bots, the sneaker industry is currently at the point where close to 100% of traffic comes from bots during sneaker drops.

Sneakers bought with bots
A Twitter user poses next to all his pairs after the Yeezy 350 v2 "Zebra" release in July 2017 (via Medium).

How do sneaker bots impact your business?

Using bots to purchase and resell sneakers is a perfect example of rent-seeking behavior, or economist talk for profit-seeking leeching without social value—in a word, leeching. When online retailers sell a £140 pair of Travis Scott Air Jordans that middlemen then resell for 10-20 times that, retailers lose out in several ways.

First, many true sneakerheads don’t have access to shoes at those price points, so brands miss the opportunity to connect with a real human customer and establish a strong, ongoing relationship. Bots don’t care about relationships.

Second, when fans do use middlemen like Add to Cart services, it prevents retailers from interacting directly with the customer, limiting the collection of consumer data, and further weakens the customer’s relationship with the brand.

Finally, there’s the fundamental unfairness of it all. Without using bots, people buying sneakers to actually wear them stand little to no chance of doing so. When customers feel this way, it hurts brand reputation. As Yoav Cohen, senior VP of Product Development at Imperva, says, “Retailers aren’t technically losing profits by unintentionally selling products to malicious bots, but they are losing consumer trust.” Just look at how Shopify is belittled as “Botify” on social media channels.

Shopify is known as Botify among sneakerheads
Shopify is known as Botify among sneakerheads

Bots and the increased traffic they bring can also bring down websites all together, making it impossible for online retailers to sell products. For an example of scope, realize that a Supreme launch saw 986,335,133 pageviews and 1,935,195,305 purchase attempts to their server in ONE DAY alone. Queue-it customer SNIPES frequently attracts 100,000 sneakerheads on release days. When your website goes down, it means lost sales from other products on the website, too.

Nike SNKRS app problems caused by high demand

To take an example, bot activity was behind website issues that led Strangelove Skateboards and Nike to cancel their recent Valentine’s Day collaboration. On the day of the launch, the company said via Instagram that “raging botbarians at the gate broke in the back door and created a monumental mess for us this evening” and that “circumstances spun way, way out of control in the span of just two short minutes.”

Strangelove sneaker release cancellation

Are sneaker bots illegal?

At least in the U.S., the answer is no. While using automated bots to buy goods online often violates the retailer’s terms and conditions, there are no laws against it at the current time for sneakers.

The U.S. BOTS Act of 2016 made it illegal to buy tickets with bots by evading security measures and breaking purchasing rules set up by the ticket issuer. U.S. politicians introduced the Stopping Grinch Bots Act of 2018, which would broaden the scope to all products or services sold on the internet, shoes included. But at the time of writing the bill hasn’t been enacted and stands less than a 1% chance of doing so, according to GovTrack.

And even if it did pass, the BOTS Act has shown that legislation and enforcement are two very different things. Just because a law is on the books doesn’t mean it’s followed. Strong enforcement is necessary to curb illegal behavior. The Federal Trade Commission—the agency tasked with enforcing the law—couldn’t comment on any instances of enforcement in the year after the BOTS Act’s passage.

Sneaker retailers could sue botmakers for damages, but a 2017 Wired article claimed no sneaker or clothing company had until that point. Given the game of whack-a-mole that would likely ensue when going after shady, often international, bot companies, you can’t really blame retailers. Retailers who care about maintaining fairness have no choice but to step up their sneaker bot prevention game.

Are sneaker raffles the solution to sneaker bots?

Faced with the hordes of raging botbarians, several sneaker retailers decided to take the process offline by holding sneaker raffles.

What is a sneaker raffle?

A sneaker raffle is a way of selling sneakers where shoppers enter a contest to win the right to buy a pair of sneakers. The retailer will collect all entries, either in-person or electronically, and then choose one or several entries at random to determine who gets the chance to purchase the sneakers within a given timeframe. Most raffles require pickup at an in-person location, though some will ship shoes to the winners without in-person verification. Sneaker raffles operate differently from a fundraising raffle, where people pay to enter the contest and, if someone’s entry is chosen, he or she wins the prize for free.

What are the benefits of a sneaker raffle?

Bots only operate online, so taking the raffle offline is effective in removing them from the sneaker equation.

In recent years, several large retailers like Nike and Foot Locker have moved the raffle entry system online to their apps, which does open the chance for bots to manipulate the entry process.

Sneaker raffles are primarily effective because they tie the purchase in the end to something in the physical world. The raffle winners need to show up in person and show a form of ID, like a credit card or driver’s license. This puts up a huge barrier for resellers who operate on getting as much inventory as possible.

Finally, sneaker raffles helped to avoid the heated tensions that came with the long lines at stores. There are many documented cases of sneaker releases getting violent and requiring police intervention, which a raffle can help prevent.

What are the drawbacks of a sneaker raffle?

Sneaker raffles take the process fully or partially offline in an attempt to beat sneaker bots, but not without consequences.

  • Eliminates first-come, first-served process

First-come, first-served is the gold standard for a fair purchase process. For the sneakerhead community, where being on top of the latest trends, drops, and collaborations is a point of pride, it can be immensely frustrating to feel that everything is left up to chance. Sneakerheads have no control over whether or not they get the shoe, and the amount of L’s (coming up empty handed) among raffle entrants can be staggering.

Also, raffles can benefit resellers who aren’t interested in wearing the shoes themselves. They can easily enter every raffle possible to stack the odds in their favor of getting any kicks to flip for a profit.

Sneakerheads taking L's on sneaker raffles
Sneaker release taking an L reaction
  • Open to multiple entries

Raffles are also prone to allowing multiple entries, decreasing their fairness. For in-person raffles, sneakerheads often bring several friends or family members to enter the drawing, increasing their chances. For online raffles, YouTube videos show how bots let shoppers create multiple accounts across many countries to improve their odds.

  • Removes marketing hype

Because raffles involve a delay between entering and winning (or more likely losing), they end up deflating the hype that can be built around a popular online launch.

  • Is not transparent

How raffle winners are selected is not at all transparent. It conjures up images of store managers picking the names of their friends out of a hat, or shoppers bribing store managers to pick their name. Customers don’t have insight into what is going on, or how the raffle is conducted. Because raffles lack transparency, they score low on perceived fairness.

  • Limits to physical locations

Bringing the sneaker retail online greatly equalized access to the market. The hottest releases were no longer limited to sneakerheads living in metropolitan areas like New York or Los Angeles. A kid in rural Nebraska had the same chance to buy a pair of limited-edition kicks as someone in Manhattan. With raffles that require in-store pickup, however, many sneakerheads in rural and suburban areas are unfairly left out.

Sneaker raffles exclude many rural shoppers
Sneaker raffle Twitter reaction

Strategies to beat sneaker bots & keep releases online

If done well, you can run transparent, first-come-first-served sneaker releases that let you leverage ecommerce to serve a wide audience of sneakerheads and benefit from the marketing hype. But beating sneaker bots isn’t easy.

There is plenty of money to be made in sneaker resale, so botmakers and operators will continue to plow money into the arms race against retailers. Retailers need to change the economics of bot attacks by targeting each bot attack vector and increasing the costs bot operators incur to overcome the protections. Particularly effective is tying the online purchase to something in the physical world, like a driver’s license or membership ID.

Here’s what you should investigate if you’re serious about preventing sneaker bots:

Detailed monitoring

Monitoring is key because behavior is what helps you tell real sneakerheads from bad bots. 

For example, if there is a high concentration of visitors using the same IP address, it is a red flag that bots are at play. At Queue-it, we’ve found over 50% of the bots blocked by our virtual waiting room’s abuse and bot protection emanate from the same IP address. The bots are trying to simulate real users on a massive scale but getting unique IP addresses is an additional step that not all bot operators take.

Preventing account creation & takeover

Bot operations that involve one person trying to purchase many pairs of sneakers need several accounts for the purchases.

On account creation, tools like Imperva validate biometric data like mouse movements, mobile swipe, and accelerometer data to distinguish bots from real users, and then feed that data into machine learning algorithms. You can also block or enforce Google’s reCAPTCHA on traffic from known bot hosting providers and outdated browsers typically used to run bots.

Managing traffic during the sale

Bots enjoy a speed and volume advantage. They use their speed advantage to blow by human users and their volume advantage to circumvent per-customer purchase limits. When the sneakers drop, you need to simultaneously target the speed and volume advantages.

A tool like a virtual waiting room can help neutralize both. Bots that arrive before the sale starts are placed in a pre-queue together with legitimate users. When the event launches, everyone in the pre-queue is randomized. This eliminates any advantage in arriving early or hitting the web page milliseconds after the start of the sale.

Retailers can require visitors to enter known data, such as a membership number, email address, or driver’s license ID to enter the virtual waiting room. Combining known data like this makes impersonating real users exceptionally expensive and complex and is thus a powerful way of combating bots’ volume advantage.

Virtual waiting rooms create a highly transparent online experience by giving detailed information on place in line and estimated waiting time.

And a virtual waiting room has the added benefit of giving you full control over traffic inflow so that your site doesn’t crash due to the demand. This can happen from human shoppers alone, but bot traffic only makes it worse. Placing visitors in a first-in, first-out online queue off of your infrastructure keeps your website performing its best when it matters most.

Stop the sneaker bots & bring back fairness to sneaker drops

Many sneakerheads relate to the below Twitter user when he wrote:

Sneakerhead shows nostalgia for in-person sneaker drops

Sneakerheads feel like they need a bot to have a shot at copping a pair of sneaks on the primary market—and they’re not wrong. Bots provide the fuel for the secondary market and their sky-high prices. All of this has understandably strained retailers’ and brands' relationships with their human customers.

At Queue-it, we believe it is possible to keep sneaker releases in the 21st century while ensuring shoes get in the hands of true sneakerheads. Online sneaker sales have many advantages compared with in-store or raffle sales, but only if bots are under control. Legislation isn’t likely to help any time soon, so to truly keep the bots at bay, you need a best-in-breed, combined bot mitigation solution. One that is tailored to the unique angles of attack before and during the sneaker drops gives the best chance of achieving successful, bot-free sneaker sales.  

Deliver the bot-free sneaker releases your customers deserve