Friday, August 25, 2017

SIGCOMM'17 , Session 9 (Realities), Paper 2: Who is Fiddling with Prices?

Authors: Costas Iordanou (Universidad Carlos III de Madrid, Telefonica Research), Claudio Soriente
(Telefonica Research), Michael Sirivianos (Cyprus University of Technology), Nikolaos Laoutaris (Data Transparency Lab)

Presenter:

[Link to the paper]


Costas  Iordanou et al.  build and deploy the Price $heriff for preventing price discrimination in e-commerce.
What does $heriff do?
$heriff is a highly distributed system for detecting various types of online.
A first-of-its-kind transparency software that allows one to see the prices as seen by others.  

How does $heriff do it?
The seven main components of $hariff, and the flow of messages during a single price check request.

Why is $heriff interesting?
Had to solve some difficult technical challenges:
  • Build P2P proxy network
  • Prevent user profile pollution (browser and server side)
  • Protect user privacy
  • Perform universal price extraction
  • Automate currency detection
Technical challenges
Why hybrid network of proxies?
Infrastructure proxy clients
+ Diverse predefined geo-locations
+ Easy to setup and control
+ No real users involved
- No price variation based on personal data can be observed
Peer proxy browsers
+ Diverse real user profiles
+ Price variations based on personal data
-Unpredictable availability and geo-location
-Browser side profile pollution
-Server side profile pollution

Finding
  1. Price variation across countries
  • 76 domains out of 1994
  • Price variation up to 600%
  1. Price variation within the same country
  • 7 out 76 domains (3 repeatable)
  • Price variation up to 7%
  1. No price discrimination based on personal data detected yet

There was a discussion after the talk.


Q1: Many companies have concerns about distributed denial of service attack as we developing application. I'm curious to know what you do to mitigate to potential for damaging sites significantly as you attempt to deploy it (unless you are catching intensely)?
A1: Actually we don’t need to allow a lot of requests at the same time. We just need small amount to be able to capture the differences. The system is minimizing the number of requests that we send to a specific domain. 

Q2: Did you find a way to gain the system to get the cheapest price in the web?
A2: We didn’t studied the system for this purpose. We mostly focused on research aspect of this tool.


Q3: The largest retails in China like Alibaba, JD.com, … display the price in images and captures to prevent the competitor websites get the price. Do you have any solution for that?  
A3: There are some websites that they put prices in images instead of text and it is not hard to use image detection techniques to get the actual price. It is trivial.


Q4: Airlines are doing this for years and based on your browsing history when you stay longer to optimize your flight, at some point they raise the price to scare you to buy the ticket immediately. However, if you clear your cookies before buying the ticket, the price will return to the normal price. I’m wondering if your system is prepared for changing the browser history when you are running the experiments?    
A4: We didn’t think of it but the way that we protect the users now is by using double carriers.
We can pre-train some profiles towards the end and then allow the users to switch the profile to get the better price.

Q4: how about clearing cookies?
A4: You don't need to clear the cookies because you have the browsers' APIs, you can switch the cookies.