Soto is a German-based boutique store in Berlin which is part of the Caliroots group. They typically hold online raffles with worldwide shipping, what is interesting about Soto is they don’t have a bespoke system they use Typeform a third party utility for collecting all sorts of data from customers.
In this article, I am going to investigate the of use Typeform and the pro’s and con’s of this third-party system and what some people are trying to do to game the system.
Soto present their raffles in a very simple and easy to digest fashion. Current raffles are clearly visible on their homepage and the raffle pages themselves are not product listing instead a dedicated page to show all the details for opening and closing times, sizes and when winners will be notified. What I also like is that for shoes with multiple colours all the variants are visible and easy to go to from this one page.
Additionally, if they offer an online and in-store raffle it is clear which raffles you are entering.
Once you click on a raffle you get taken directly to the third party system ‘Typeform’ which is a very popular data collection tool and it really is a buttery smooth system not quite as quick as END’s system where you can have your details saved but simple things such as pressing ‘enter’ and automatically be taken to the next field is one of those small details that make the experience that little bit smoother.
For a small store you can tell they have thought about getting the details users want to them effectively. Some stores will only give you the closing dates, collection dates and other details once you have entered which is really not helpful (Looking at you FootDistrict).
First things first it’s another Worldwide raffle which with all European stores seems to be incredibly common which is interesting when a lot of US-based retailers don’t. Now where the odd’s get interesting is that during my research I found that Typeform is very easy to script and enter 1,000’s of times.
This is due in part to the fact Typeform have no tools or features built into it that prevents duplicate entries there are a few tacked on workarounds to try to detect users with the same network ID but this could throw double negatives with users entering on the same internet connection (think Starbucks or wifi at work).
So what Soto do to try and levy this requires an account linked to the email you entered with but scripts exist to generate on mass 100’s of accounts at a time. This can be done by using a simple google mail feature known as creating ‘sibling accounts’. This is done by adding a ‘+’ and digits so for example if your address is firstname.lastname@example.org you would do email@example.com, this counts as a new email address but google will send all emails to the primary ID.
In terms of addresses as a lot of these stores use UPS simply putting random digits are the start of an address can make it look like a brand new address, but with a service called ‘My UPS’ you are able to change the address once the shipping label has been created to then remove the random characters in the address signed up with.
I was not able to find out how successful these current methods were as some of them seem to be fairly new but depending on at what scale these are run at the sheer number of entries would make you think a few would get through as we don’t know how strictly Soto vet each winner.
In the defence of Soto you can tell they have taken measures to try and mitigate the use of form bots. Being a relatively independent store (even though they are part of the Caliroots group) you can’t really expect them to invest huge amounts of money into bot prevention. Services exist by companies known as ‘Distill’ who offer bot form protection and detection but for a store of this size I’m not sure if I’d expect that.
They also don’t appear to have any public views on re-selling either.
Knowing how easy it currently is to script and bot the type form system is a glaring red flag but we don’t know what additional systems Soto employ to further prevent these types of entries. Overall the attention to the raffle details is very well done, the typeform system is very quick and easy to use despite some of the vulnerabilities.
I think this score is a 3 but tittering on a 2 depending on how successful the current bots are, it is still a raffle I think people should always enter but I think with a little more development into bot prevention such as Instagram account requirements could easily have this being a great raffle system.