Take the Bot DataDome

April 10, 2023

Music: Supertramp - Take the Long Way Home (1979)

This week we take a look at recent funding for DataDome, related bot management solutions, and the road ahead.

Getting Informed

In the hemisphere where I write Fudge Sunday newsletter, the Spring showers have arrived and warmer weather is on the way. Summer is coming and with it — outdoor concerts!

Many decades ago, a wall calendar was often marked with key dates for when tickets went on sale for an artist or band that was going on tour. When the big day arrived people would head to their local record store to camp out to get in line for tickets going on sale… or drop by that day for lawn seats — and shows could be sold out in a few days or a week or two.

Now, the entire ticketing experience can be done online. Tickets are an e-commerce click or two away from being printed locally, will call, or by postal mail.

However, there is a downside to such modern conveniences. Through this same modern ticketing experience and modern automation technology, it is now possible for tickets to sell out in a few minutes online to buyers (aka scalpers) that seek to profit on a secondary market for a monstrously large number of tickets never intended for personal use.

So, how are tickets selling out so fast online? In a word: Bots.

Perhaps you read recently about artists taking a different route to selling tickets. The reason why is artists are increasingly aware that the bots (for supplying secondary markets / resellers / aka scalpers) and the convenience fees are ruining the fun for their concert going fans.

https://www.vulture.com/2023/04/maggie-rogers-tour-tickets-in-person.html

To be clear, this issue of Fudge Sunday is not going to weigh in on the merits of free markets / convenience fees / the music industry / captured venue regulations / political lobbying / online sales exclusivity / unregulated monopolies / counterfeiting / etc… but I will weigh in on anti-bot technology… and the bot technology escalations of recent years.

In fact, for any scarce items sold online from sneakers to limited edition collectibles to concerts to auction style events in general, this bot vs. anti-bot escalation is playing out as funding rounds for anti-bot startups, increasingly sophisticated bad actor automation technology, as well as the brave new world of machine learning — and eventually AI models being applied by both sides.

Why should you care if you’re feeling good? 🎶

Think back a few years and you might recall funding of companies that protect e-commerce storefronts from bots.

https://www.techmeme.com/210526/p14#a210526p14

Then a few months later the scraping (scalping?) community would respond in kind…

https://incolumitas.com/2021/11/03/so-you-want-to-scrape-like-the-big-boys/

Correlation? Causation? Maybe?

Frustration? Absolutely.

https://www.hola.com/us/celebrities/20211210307325/olivia-rodrigo-debut-tour-sells-out-in-minutes/

Then a year later, the scraping / reseller (scalping?) community would become burnished as a side hustle culture…

https://www.complex.com/sneakers/how-to-use-sneaker-bots

Then a year later, the funding arrives once more for startups that seeks to protect retailers from the bad actors that have evolved and escalated their anti-anti-bot tools…

https://www.techmeme.com/230330/p17#a230330p17

Here is a short list of the players in this space: (alphabetically)

• Akamai
• Arkose Labs
• AWS
• Azure
• Cequence
• Cloudflare
• DataDome
• F5
• Fastly
• Google
• hCAPTCHA
• IBM
• Imperva (Acquired Distil Networks in 2019)
• Kasada
• Netacea
• PerimeterX (Merged with Human in 2022)
• Radware(Acquired ShieldSquare in 2019)
• Reblaze
• ThreatX

Huge list, right? Clearly, there is more than just repackaged OWASP in this list and there are distinct references to AI/ML.

So what is so interesting about DataDome? In a word: Accessibility.

https://docs.datadome.co/docs

In fact, as far back as 2021, DataDome made the following claims:

_A digital business can activate DataDome protection in less than 1 hour_

Source: DataDome

Who’s to blame if you’re not around? 🎶

In 2023, there are new realities like “bypass” guides that call out Data Dome by name and myriad references on sub reddit and deep web sites that cater to the anti-anti-bot community.

https://www.zenrows.com/blog/datadome-bypass#how-does-datadome-detect-bots

All signs point to this back and forth continuously iterating and increasingly leveraging AI/ML infused escalation as well as proliferation. As such, it’s not shocking that analysts from Forrester Research are weighing in to educate, inform, and provide guidance.

https://www.forrester.com/blogs/avoid-a-bot-waterloo/?ref\_search=0\_1681082722372

So, what will be the next big thing in anti-bot solutions and anti-anti-bot technologies?

Until then… Place your bets!

Disclosure

I am linking to my disclosure.

🤓

View this page on GitHub.