Are TikTok activists actually shutting down Trump’s online merch stores? An investigation

Some critics of President Donald Trump have spent the last few days trying to lock up Trump-branded merchandise by leaving thousands of products from his online stores in shopping carts. But while the attack has become a kind of resistance meme, reminiscent of recent pranks on the president’s Tulsa rally, it’s far less clear whether the hoax actually prevented Trump’s stores from selling merchandise.

Earlier this week, TikTok and Twitter users started posting videos and messages claiming they were “buying” the entire supply of items like Trump baseballs and “Baby Lives Matter” onesies, then leaving them in the cart indefinitely, making them unavailable to other visitors. The attacks apparently involved at least two sites: Trump’s official campaign store and his nonpolitically themed Trump gift shop.

This is a version of a real exploit called a “denial of inventory” attack — basically, buying up huge amounts of limited-stock items (or things like restaurant reservations and hotel rooms) but never completing the transaction. It works if a shop actually reserves an item when a user puts it in a cart, and it’s most effective if there are no limits on how many items people can buy at a time, if cart contents don’t expire after a fixed period or if the attacker is using bots to constantly refresh the fake purchases.

There’s not much evidence items were falsely shown as sold out as a result of the reservations, though — and some evidence shows that would-be store-jammers were wrong to claim victory.

One popular tweet claims, for instance, to have bought out the entire supply of baseballs from the non-campaign TrumpStore.com. There’s no screenshot displaying the results, but replies include shots of “sold out” errors on other items from the store, including water bottles and hats.

But The Verge replicated that error message, and it doesn’t mean the inventory is locked up. The message appears if one person fills their cart with all the available stock of an item, goes back to the item, and tries to add more. (It’s easy to get the error because the stock seems low — in my case, 13 navy/red baseballs.) But other site visitors can still put the items in a different cart. The message seemingly just makes sure one person can’t place a single order the store is unable to fulfill. It’s possible the store tweaked that in the past 12 hours, but there’s no visible sign of a change.

Trump’s campaign site works differently. Until very recently, users could change the quantity of a cart item to any number, and videos show people ordering tens of thousands of items costing hundreds of thousands of dollars, proceeding to the payment page, and simply not entering a card. In theory, this could have made the campaign site more vulnerable, and the site has since removed the ability to add multiple items at a time, suggesting the webmasters may have been rattled by the looming threat.

Trump spokespeople haven’t exactly cleared the issue up. On Twitter, campaign manager Brad Parscale acknowledged a taunt from one of the first accounts that posted about the attack, who’d told the campaign that “any programmer worth their salt would account for this … but not all do.” Unfortunately, his response was simply “I guess you owe me some salt,” which says little about Trump’s actual web development best practices.

Barring a statement from Trump’s campaign, which didn’t immediately respond to an email from The Verge, there’s no proof Trump supporters were being prevented from buying items. We’ve found videos that show large orders, but not ones that show sold-out items afterward. (While the baby onesie is currently sold out, there’s a 21-hour time gap and no firm link to the prank order.) Shopify, which powers Trump’s campaign store, also hasn’t responded to questions about whether the attack seems feasible.

In a final attempt to prove the claims, we decided to test one possible exploit that wouldn’t be fixed by removing the multiple orders option: depleting the entire inventory of a single item by sheer brute force. A small group of Verge staffers simultaneously filled carts with pairs of $70 Trump / Pence gold cuff links — an item with plausibly lower demand and higher production costs than a sign or T-shirt — one click at a time…Read more>>

Source:-theverge

About rajtechnews