Recommenders give personalised recommendations to users about that to watch, read, listen or buy.
Recommenders are usually provided as part of the service it provides recommendations for (like YouTube):
This gives the following advantages:
| Revenue Model | Benefit |
|---|---|
| Sales Model | More sales |
| Advertising Model | More ad views |
| Subscription Model | Higher customer value perception. |
A software agent that assists a user.
We will generally have to make the following decisions concerning bots:
We may see the following different types:
When making a customer support bot we should keep the following in mind:
You should weigh whether the bot is really better than a FAQ or human customer support. If so you should still provide it alongside the alternatives.
Creating API documentation encourages users to use the correct endpoint for their data.
This is a file, generally aimed at search engines, that discourages bots from reading certain pages or following links on pages.
A bot doesn’t have to comply with robots.txt or robots meta tags.
This may create false positives but this can be acceptable anyway.
We can use CAPTCHA checks, like reCAPTCHA, to ensure any users are human:
The GDPR also gives specific rights to individuals:
The rights are:
Requests can be made in any form:
Generally without fee:
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks. - Art.12 UDHR
There are several reasons to want privacy:
A bag search at a nightclub is reasonable but a cavity search is not.
Children have greatly reduced privacy rights with their parents.
Check the official guide to data protection at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/.
GDPR is complemented in the UK by the data protection act 2018 (DPA)
This provides specific legislations required by the GDPR.
There is also the ePrivacy Regulation in the EU that regulates cookies and mailing lists.
The GDPR applies to any person or organisation that processes personal data.
Only full anonymisation can make something not personal data.
Information is still personal if it can be combined with public domain information to identify a person.
Processing data means doing any of the following:
Controlling data means deciding how and to what purpose it will be processed. This is where the main responsibility lies, they must pay the data protection fee to the ICO.
The GDPR is organised around seven principles:
One of the following bases must be chosen before collecting data and may not be chosen later. There are six possible bases:
Consent is a great basis if you can get it.
This is the easiest basis to use in e-commerce.
Cannot be used if the data subject is capable of consent. Alternatives must be considered if the subject is not the same person as the individual at risk.
This is a good last resort if the others don’t fit.
In each case, the lawful basis only applies to data processing that is necessary. If a reasonable, less invasive alternative exists, that is not too difficult or expensive, then it should be used instead.
Necessity doesn’t include commercial gains: “You must consent to using your data for advertising or we can’t provide the service.”
The following two data categories require more protection:
Purpose and basis won’t suffice in these cases.
The following are classed as special category data:
To process any data of this type, in addition to purpose and lawful basis, you need one of the following conditions:
Not recommended.
The last 5 cases require reference to local law (DPA 2018 in the UK).
In all cases, consider whether pseudo-anonymisation is possible.
This includes data about:
Processing criminal offence data is only allowed:
For an official authority.
Only party allowed to hold a comprehensive register of criminal offence data.
One of the following conditions from special category data applies:
The simplest network is a direct connection between two peers that wish to communicate.
This doesn’t scale well and is costly. For $x$ nodes there will be:
\[\frac{x(x-1)}{2}\]connections.
They are useful if you require:
graph TD
1 --- n
2 --- n
3 --- n
4 --- n
5 --- n
6 --- n
7 --- n
8 --- n
9 --- n
All nodes connect to a central hub that distributes communications. This scales better but can be easily overwhelmed due to the single point of failure.
This is a collection of sub-networks that are joined by a central hub. This helps for communicating between neighbours quicker.
This is a messy topology that has a number of connections between leaves. Generally the number of connections required is:
\[x-1\]For a more stable network, the following number of connections is suggested:
\[x\log(x)\]There are a number of tiers with progressively reduced nodes. There are links between nodes in the same tiers and their children.
This is bad from a security standpoint as your message may have to travel through several third parties.
Refer to:
COMP211for the protocol layer structure.
For HTTPS over TCP over IP, the following is leaked:
Only the body of an encrypted, with PGP, from the email server. In flight the email is encrypted using TLS. Thus, the following are leaked:
Sender and receiver could be hidden by using a service such as TOR.
We kill people based on metadata. - Michael Hayden (CIA, NSA Former Director)
There are two general classifications of attacks:
Passive attacks require only observation from attackers:
Active attacks require an attacker to do something:
Different types of attacker have different goals, methods and resources:
| Attacker | Goal | CIA Target | Methods | Resources | Attack Types |
|---|---|---|---|---|---|
| Bored Teenager | lulz | C, I & A | Unintended use of public facing components. | None | Message interception, DOS. |
| Malicious Customer | Steal/Fraud | - | Misuse of procedures. | None | - |
| Corporate Espionage | Stealing secrets | C | Quiet gaining of login details or recruiting an insider. | Considerable financial & technological. | Interception |
| Criminals | Make money from you. | C & A | Social engineering or known bugs to gain data or threaten with downtime. | Varies | Message modification, DOS. |
| Intelligence Service | Learn about your customers or the products you are selling. | C & I | Supply chain attacks, side channel attacks, physical surveillance. | All of them. | Interception, modification and masquerade. |
| Insider | May be a combination of other types. | - | - | Internal resources. | - |
| Mistakes | Accidental impacts that should be mitigated. | - | - | - | - |
The severity of an attack is based on three factors:
Therefore we can calculate total severity by:
\[(f\times p)\times d\]When determining damage, consider the following:
After identifying an attack and determining its severity, choose a response:
Security measures come at a price:
If security measures are perceived as excessive, it greatly increases the risk of noncompliance.
We can take the following measures to enhance our security:
There are also some more rules for high security systems. They are often too onerous for typical systems:
We can use the following factors to authenticate a user by:
In low security settings, one factor is often considered enough. However for:
multiple factors should be mandatory.
This type of cryptography allows a person to prove that they can do, or know, something without revealing the method or secret.
They typically follow a challenge response system:
Cryptographic signing functions can be used with the challenge being the message to sign.
Direct attacks on cryptographic algorithms are pretty much pointless. Hence, indirect attacks are usually more effective.
We can use data leaked into other channels to attack a system:
We can also manipulate people to give us the keys:
Use the following flowchart in an e-commerce situation:
graph TD
si[Should I create my own cryptography implementation?] --> no[No, never ever in a million years.]
We can use public key encryption to share a secret, such as a symmetric key.
We can also use a pre-agreed key if we have a previous secure connection.
This is based on the assumption that logarithm modulo $n$ is not feasible to compute (like RSA).
The protocol to share a secret between Alice and Bob:
$s$ is now known to Alice and bob because $(x^a)^b=(x^b)^a$.
Hashing is a non-reversable function to make a key from a binary blob. Usual conditions on a hashing function $h:X\rightarrow Y$:
We don’t require correctness as we don’t want to recover $x$.
Non-cryptographic hashes don’t require secrecy or collision.
For a hash function, there is no requirement that the output is at least as long as the input:
Hashing is mainly used for:
To store passwords for comparison purposes, it is most secure to:
Salting requires that passwords can only be attacked one at a time. You can’t find what a password is from other leaked tables or by matching to other users.
Hashing must be completed server-side as the server must receive a password. If not an attacker could steal the database and it is no more secure than just storing plan-text passwords.
We can double hash to mitigate this and never have the plan-text password in flight.
You can use hashes to show presidency. You could say:
I know what the outcome of tomorrows football match. I won’t spoil it but this is the hash of my prediction.
You can also accomplish this with signing.
With a hash function, it is hard to find $x$ such that $h(x)=y$.
Finding an approximation that:
\[h(x)\approx 0\]is used as proof of work. This is also a difficult task to do.
We have the public key comprised of $e$ and the modulus $n$ and the private key $k$:
To sign faster we can compute a hash of the message. We can then sign this hash.
By verifying the signature you can verify that the person who signed the message was in ownership of that private key.
You can also say that no-one has tampered with the document provided that they’re not in ownership of the private key.
You can prove your identity by signing a random message:
We take the following method:
Some operations are possible on the cipher-text without knowing the plain-text:
RSA allows multiplication modulo $n$:
Given cipher-text of $x,y$ we can compute $x\times y$ without knowing $x,y,k$.
This is why we need to hash the hashes of $a$ and $b$ for identity.
AES has the following pros:
Due to it’s speed, AES is used under TLS for HTTPS.
Public key encryption is often used for key sharing in symmetric encryption systems (DH for TLS). This is due to the fact that symmetric keys can’t be shared in plaintext.
With quantum computing, solving asymmetric (public key) will become feasible. This includes RSA and elliptic curve encryption.
Existing symmetric encryption is believed to be as secure as with classical computers.
This is an issue as symmetric encryption often uses public key for sharing keys. Therefore existing communications could be decrypted.
Take $p=7, q=11$.
Given that the public keys are $n=77,e=7$ and the private key is $k=43$, we wish to encrypt $x=3$:
We can reduce the number of multiplications in the exponent by halving the power:
\[\begin{aligned} c&=3^7\mod n\\ &=3^3\times3^3\times^1\mod 77 \end{aligned}\]This method of encryption provides perfect secrecy provided that the following are met:
Encryption and decryption is completed by:
It is ideal in a scenario where you have:
This method is too inconvenient to use in e-commerce.
RSA relies on the following functions:
keygen: $K \rightarrow L$enc: $X\times L\rightarrow Y$dec: $Y\times K\rightarrow X$It also requires that the following are true:
dec(end(x, keygen(k)), k)=x for every $x\in X$ and $k\in K$.keygen(k), enc(x, keygen(k)) and dec(enc(x, keygen(k)), k).l = keygen(k) and multiple encoded messages using that public key, it is not feasible to compute any of the messages.In algebra a group is a pair $(G, \cdot)$ where $G$ is a set and $\cdot:G\times G\rightarrow G$ is an operator with the following properties:
Additionally, a group is finite if the set $G$ is finite.
Consider the following finite group that is used in RSA:
\[((\mathbb Z/n\mathbb Z)^*,\times)\]This is the group of integers modulo $n$ (except those $x$ where $\text{gcd}(n,x)>1$).
The identity and associative properties for this group are equal to multiplication, however the inverse is calculated differently:
Take any $x\in(\mathbb Z/n\mathbb Z)^*$, we will show that $x$ has an inverse:
We want to show that there is some $z\in (\mathbb Z/n\mathbb Z)^*$ such that $xz=1$.
$z$ is the inverse.
We can test the inverse if the following holds:
\[xz=1\mod n\]Computing $x^{-1}\mod n$ take logarithmic time with respect to $x$ and $n$. This makes it quite feasible for large numbers on modern hardware.
Let $(G,\cdot)$ be a finite group, and $x\in G$. The order of $x$, denoted by $\text{ord}(x)$, is the lowest number $i$ such that $x^i=\mathbf 1$.
This power is at most $m$ where $m=\left\vert G\right\vert$.
Let $(G,\cdot)$ be a finite group. Take any $x\in G$ and let $m=\mid G\mid$. Then $\text{ord}(x)$ divides $\mid G\mid$.#
This is to prove that:
If we know $\mid G\mid$, we can easily compute $k=e^{-1}$ and therefore $e\times k=1\mod\mid G\mid$.
Therefore $(x^e)^k=x^{e\times k}=x$.
However, for this to be the case we need to know $\mid G\mid$ (we can use this as a key to encrypt $x$).
The group used in RSA, $(\mathbb Z /n\mathbb Z)^*$, where $n$ is the product of two large primes $p,q$. To calculate the group size:
Key Generation:
Encryption:
Decryption:
Issues that encryption aims to solve:
This is the hiding of messages in non-secret messages.
Hiding the message is just security through obscurity:
Historical encryption schemes usually fall into two categories:
Transposition - change the order and location of symbols.
This technique is not used in modern methods as it often has significant redundant data and involves moving the letters physically.
Substitution - replace symbols by other symbols.
Similar to Scytale:
This has the following weaknesses:
Even if you can’t decrypt it you can still see the following:
This method replaces every letter with some other letter.
The benefit over Caesar cipher is that:
It is not nearly as easy to brute force:
\[\text{keys}=26!\]This is still very easy to brute force with a computer.
They encrypt groups of symbols like so:
th is is th em es sa ge
Each grouping of two letter maps onto:
The key size for a cipher with group size $n$ is:
\[26^n\]as opposed to 26 for mono-alphabetic.
Compared to the previous ciphers:
Many current encryption schemes can be classed as polygraphic ciphers. With RSA $n>512$.
Replace one symbol by one other symbol, but not always the same one (like multiple mono-alphabetic ciphers at the same time).
You can create a password by using 26 preset alphabets (schema). The password of length 26 then indicates where to start on each line.
Vignère cipher is an example of this where 26 Caesar ciphers are used in order.
Compared to previous ciphers:
To be secure we need to change the password often otherwise the scheme is only as secure as the key-length of the password.
This is hard to do automatically, but often useful for relatively high value items.
Set prices the way you want. Some analysis of price elasticity and competition will be needed.
Some times you have to accept others setting the price for you.
You can use bots to automatically set your prices to increase or decrease depending on:
Reverse auctions are the same as standard auctions however the sellers bid down against each-other.
Think about companies bidding to complete a government contract for the cheapest.
These auctions are often used for energy markets and therefore often trade in high value.
There is only one generally accepted method for a double auction:
You bid for a number of items and a price per item to be bought or sold.
Suppose you decided on a price of £0. Then lots of buyers would be willing to pay but no seller would be willing to sell.
We should aim between these prices and aim for maximum units sold.
There is no double auction that satisfies:
Some alternatives to double auctions are:
This is often more understandable and is used in consumer facing applications.
This has the side-effect of being truthful and maximising social welfare for the buyers/sellers if you choose the appropriate model:
Several people may want to cheat in an acution:
Sometimes the seller is also the auctioneer.
Consider the following cheats:
Additionally anyone could bribe anyone else to complete these actions.
With this types of auction, neither the auctioneer nor seller can drive up the price.
This method is overall more resistant to cheating.
People may change the way they bid based on the following factors:
and more:
Some autions require all participants to be present at the same time:
Synchronous:
Asynchronous:
In e-commerce, asynchronous auctions are easier to implement.
Some auctions take longer than others:
| Type | Time |
|---|---|
| Dutch | Famously quick. |
| Japanese | Can be quick. |
| English | Rather slow. |
| Sealed Bid | Variable but tend to be longer. |
Auctions work better if the auctioneer is trusted:
The implementation should not hide too much from the bidders.
For example the auctioneer could read all the prices in a sealed bid auction, instead of just saying who won.
During the auction, you may learn more about the item’s value:
Some auctions types can promote the following:
English auctions are good at making people overbid due to:
All-pay auctions also promote overbidding.
Second-price sealed bid:
Inexperienced buyers tend to bid lower than their value.
The importance of each factor depends on what is being sold and to whom:
Commerce is about distributing resources in such a way where everyone is better off after each transaction.
The goal is to maximise social welfare. This is controversial as no-one wants to have less money (rich or poor).
It may be the case that the item is not sold as the seller values it more than any buyer.
It is unfortunate that if someone pays more for an item, this maximises social welfare. This leads to poor people unable to get what they need if a rich person can pay more.
We can respond in several ways:
To find the value of an item, we ask the bidders their valuation:
The bidder may lie to optimise their profits.
A truthful auction is one where a bidder is forced to bid their valuation of the item in an optimal strategy.
In this case it is easy to optimise social welfare.
A bid is truthful:
An auction is truthful:
| Auction Type | Max Social Welfare | Truthful |
|---|---|---|
| English (with minimum) | 0 | 0 |
| English (without minimum) | ~ | ~ |
| Japanese | 1 | 1 |
| Dutch | 0 | 0 |
| First-price Sealed | 0 | 0 |
| Second-price Sealed | 1 | 1 |
| Deterministic All-pay | 0 | 0 |
| Non-deterministic All-pay | 0 | 0 |
It should be common knowledge that all participants are rational for this to be true.
English without minimum increase is generally not truthful or maximising social welfare. However, you can derive the participants valuation from their strategy.
You should bid:
$v$ - your value of the item.
In this case you will make zero profit.
You can also play mind games to make your opponents think you have a lower value of the item. This way they will bid lower in response.
You should:
In this case you will pay the next valuation lower ($t$) than $v$ and you will make at least zero profit.
You should always drop out when the auction hits your value $v$.
With rational bidders the seller can expect to receive the value of the item in payouts, despite all paying:
The dollar auction is the best known example of this type:
Assume a minimum increase of 40¢:
It is rationalisable to bid infinitely, provided that the bid improves the marginal.
The marginal is the difference in profit from the last bid.
Rationality doesn’t guarantee a good outcome. You can gain arbitrarily high losses in an auction of this type.
The expected outcome in a lottery for all players, including the seller, is zero.
Generally this is not the case as the seller takes a profit by giving prizes worth less than the sum of the tickets.
In practice, some money can be made from irrationality.
A strategy is a description of how the bidder will behave in every possible situation.
Suppose there are $n$ bidders using strategies $s_1,\ldots, s_n$ where you are bidder 1:
This model doesn’t account for people who change their strategies.
If $sj_1$ is the best response to $s_2,\ldots, s_n$, then other might play different strategies $s’_2, \ldots, s’_n$ if you use $s_1$.
A strategy $s_1$ is rationalisable if:
Therefore, everyone is playing the best response at least one other person’s strategy, given that everyone is playing a rationalisable strategy.
Not every rationalisable strategy is optimal.
A strategy $s_1$ is optimal if it is the best response to every choice of strategies $s_2, \ldots, s_n$ of other bidders:
Every optimal strategy is rationalisable.
Consider we are in an English auction with the following assumptions:
The item is worth $v_1$ to you.
You should not bid more than $v_1$ otherwise you will be disappointed.
Raise with the following inequality:
\[b_2<b_1<v_1\]where $b_1$ is your new bid.
You can never be certain what your opponent will do. Therefore you must follow these rules as you can’t be sure whether you will be outbid or not.
You can make use of the minimum raise to increase your profit:
Before we would have only gained a profit of £40. By getting the bid right we can increase profit by up to twice the minimum raise.
If your information is false then you can end up making a reduced profit by raising too quickly.
We can derive how much an item is worth in commerce by using the following methods:
| One Buyer | Multiple Buyers | |
|---|---|---|
| One Seller | Negotiation | Auction |
| Multiple Sellers | Reverse Auction | Market/Double Auction |
There are several types of auction that are available:
Each bidder may increase the standing bid by calling out a higher price.
Usually there is a minimum increase.
Similar to Japanese auctions, except the price decreases over time.
Bids are made in secret:
The is the same as first price except:
This type is rarely used in practice.
This is also known as a lottery.
There are also other types of auction for selling multiple copies of an item:
e.g. selling 500 tickets to the 500 highest bidders.
Sell multiple copes of an item with bids made as:
I bid for $n$ items at price $p$.
Orders are fulfilled from highest to lowest price per item.
These are in the following hierarchy:
They apply to the following analogy:
graph LR
Strategy <--> bm[Business Model]
Operations <--> td[Technology Decisions]
Tactics <--> Programming
This is to say that technology and programming both serve the business model.
When deciding whether to make any technology for e-commerce consider the following flowchart:
flowchart TD
subgraph Should I design my own e-commerce software?
hb[How big is your company] -->|huge| yc[Your choice]
hb -->|large| uf[Do you need usual features]
uf -->|yes| ue[Try to use existing solutions as far<br>as possible, but modify as needed.]
uf -->|no| tm
hb -->|small| tm[No. At most, make some tiny<br>modifications to an existing solution.]
end
Designing your own e-commerce is generally a bad idea.
What do you deliver that is perceived to be of value to your customers?
You may choose something that provides no value in order to scam people.
There are two considerations to be aware in an e-commerce value proposition:
There are several types of revenue model:
| Type | Description |
|---|---|
| Sales Model | You get money for selling stuff. |
| Transaction Fee Model | You get paid for selling other people’s stuff. |
| Subscription Model | Customers pay a fixed fee for your service. |
| Freemium Model | Basic service is provided for free. Higher tiers use other service models. |
| Advertising Model | Sell advertisements that are shown to your customers. |
| Data Broker Model | You sell access to information about your customers - dangerous. |
| Affiliate Model | You get paid for sending customers to someone else. |
| Donation Model | Get paid by voluntary donations from customers - risky. |
Some services use a combination, or other, models such as:
What competition do you have?
Includes both direct competition for the same service, and indirect for substitutes. Uber has direct competition from Lyft, indirect from black cabs and public transport.
What value does Uber offer?
Immediate rides through your phone.
Where does Uber derive its revenue from?
What competition does Uber face?
How does Uber’s company structure work?
The drivers are not employees.
Does Uber face any regulatory threats?
Treatment of workforce. Employees or contractors?
Have the answer to any of these questions changed over time?
Yes, subscription is added. Competition has increased in addition to regulation.
Some businesses may use a combination of the following (such as eBay):
In B2B e-commerce, seller and buyer are both businesses. Take the following examples:
This is by far the largest market segment.
Business sells to customer:
Customer sells to customer, often with a business as an intermediary:
Customer sells to a business such as:
This is by far the smallest segment.
The following grid may help in determining e-commerce:
| eBay | GrubHub | App | Kiosk | Card | |
|---|---|---|---|---|---|
| Negotate | 1 | 0 | 0 | 0 | 0 |
| Store Customer Info | 1 | 1 | ? | 0 | 0 |
| Process Orders | 1 | 1 | 1 | 1 | 0 |
| Process Payments | 1 | 1 | 1 | 1 | 1 |
Laudon and Traver say that:
E-buisness is within one organisation, while e-commerce is between different organisations.
For each example: consider whether they need to negotiate, store customer information, process orders and process payments.