[HN Gopher] Reverse engineering Ticketmaster's rotating barcodes
___________________________________________________________________
Reverse engineering Ticketmaster's rotating barcodes
Author : miki123211
Score : 2224 points
Date : 2024-07-08 15:14 UTC (3 days ago)
(HTM) web link (conduition.io)
(TXT) w3m dump (conduition.io)
| haburka wrote:
| Isn't this a bit like irresponsible disclosure? Since this may be
| considered a security vulnerability. Although it's all client
| side, I'm sure there's some basis for a lawsuit here.
| bangaladore wrote:
| It is my opinion that you do not need to responsibly disclose
| "security by obscurity"
|
| Additionally, what is irresponsible here? Its not like this
| gives you the capability to clone tickets without first having
| a ticket in the first place.
| AlotOfReading wrote:
| How is this a security vulnerability? It's displaying the exact
| bits Ticketmaster uses and explaining what those bits are.
| They're not circumventing security systems, just the
| requirement to use the app.
| efitz wrote:
| The app-based barcodes don't seem to be solving a security
| problem for customers - they seem to be for the purpose of
| ensuring that traditional scalping doesn't work, forcing ticket
| resale into a market that TicketMaster can profit from.
|
| I would consider it unethical to publish details of an
| unpatched vulnerability that allowed ticket forgery, but I
| don't think it's unethical to bypass DRM-like controls for
| personal convenience rather than commercial purposes.
|
| Of course opinions may differ on this.
| willcipriano wrote:
| Responsible disclosure is something you pay for, not something
| you are entitled to.
| jjcm wrote:
| It requires sniffing your own session credentials first, which
| I don't see as a security vulnerability.
|
| The only thing it allows you to do is sell your ticket, which
| is legal to do.
| Thaxll wrote:
| Everyone want Ticketmaster to die.
| criddell wrote:
| Except for a lot of performers and venue operators.
| Ticketmaster is paid well to be the bad guy. They often share
| the fees with both the performer and the venue.
| magnetowasright wrote:
| I'm sorry to be that guy but do you have literally any
| source for this?
|
| Might just be the musicians I like, or the fact that
| negativity is better for clicks, but I've never seen an
| artist saying they get any benefit from ticketmaster's fees
| and other such shenanigans; I've only seen artists and
| venues saying that they don't get any money or benefits at
| all from ticketmaster's racketeering.
| criddell wrote:
| From the Ticketmaster website:
|
| > ticket fees (which can include a service fee, order
| processing fee, and the occasional delivery fee) are
| determined by and shared between the parties who have a
| hand in making live events happen including venues,
| Ticketmaster, sports teams, leagues and promoters
|
| When the artist doesn't want their fans to be charged big
| fees - they have some say in it. Robert Smith of The Cure
| made a stand on this last year and got Ticketmaster to
| refund a bunch of money.
| rty32 wrote:
| > they have some say in it
|
| That's a very carefully crafted sentence. How much,
| exactly, do artists have a say? Do artists equally have
| the same amount of "say"?
|
| And why are we even discussing all these nonsense in the
| first place?
| 12_throw_away wrote:
| "Responsible disclosure" is poorly defined corporate
| wishcasting, and certainly not any sort of best practice or
| legal shield.
| Aachen wrote:
| The public prosecutor does not pursue cases where responsible
| aka coordinated vulnerability disclosure was applied. I'd say
| that's a legal shield of some kind at least, and it is
| generally also considered best practice in the industry.
| There's exceptions to everything but, in the general case,
| I'm not sure where you're getting these viewpoints from
| blincoln wrote:
| "The public prosecutor does not pursue cases where
| responsible aka coordinated vulnerability disclosure was
| applied."
|
| That seems like a pretty substantial claim to make without
| any sort of "in [country/state/province/etc.]"
| qualification, let alone a reference.
| Aachen wrote:
| https://www.om.nl/onderwerpen/cybercrime/coordinated-
| vulnera...
| coldpie wrote:
| Nah. Ticketmaster is unethical enough that spreading
| information that harms them or helps them go out of business is
| ethical.
| speed_spread wrote:
| If it runs on my CPU and shows up on my screen after I paid for
| it, it's mine and I can do whatever I want. Anybody who thinks
| otherwise can fuck off outright.
| warkdarrior wrote:
| That's exactly the same policy I apply to AGPL software. I
| paid for it ($0, as mandated by the developer) and it runs on
| my CPU.
| jcranmer wrote:
| I'm struggling to come up with a good basis for a lawsuit. CFAA
| abuse is the first thing that comes to mind, but this is a real
| stretch for that, and SCOTUS shut that stretching down a while
| ago. DMCA doesn't come into play, since this isn't
| circumventing any copyright protection schemes. So this kind of
| leaves you with some form of contract violation, but even that
| seems like a stretch here. Tortious interference or
| interference with prospective business? I mean, I don't see any
| events complaining about this (hell, Ticketmaster itself
| arguably has some contract liability issues with the fact that
| their technology relies on cell service which tends to be
| spotty in dense crowds). So you're kind of left with some
| individual contract liability issue, which is literally not
| worth the cost of litigation.
| cortesoft wrote:
| > There's no risk that your ticket won't get you in
|
| Isn't this not true? The risk with printable tickets is that a
| seller could sell it to multiple people, who all print it out,
| but then only the first person who uses it can get in?
|
| Even if the venue doesn't check to see if a ticket has already
| been used, only one person can sit in the actual seat.
| gruez wrote:
| >is that a seller could sell it to multiple people, who all
| print it out
|
| They can't "print it out" because it's a rotating code.
| SamBam wrote:
| > "The risk with printable tickets is..."
| 8organicbits wrote:
| Previous sentence:
|
| > If you bought the ticket off the event's official ticketing
| agency (not a sketchy reseller)
| TrackerFF wrote:
| Ticketmaster has a system for transferring tickets, if you want
| to buy or sell tickets.
|
| There could very well be a reason for someone to only sell a
| physical ticket, or not transfer it through ticketmaster, but I
| have yet to find anyone but scammers that want to do that.
|
| The reason is, just as you mention, that scammers will try to
| sell multiple tickets. Then one (or many) sucker turns up to
| the avenue, only to discover that the ticket has already been
| validated.
| Mehvix wrote:
| >Ticketmaster has a system for transferring tickets, if you
| want to buy or sell tickets
|
| Sure, and it is terrible.
|
| They can block you from transferring the ticket you bought,
| and can set a minimum resale price (effectively ensuring you
| cannot recoup anything)
|
| You should to own what you purchase, simple as.
| deathanatos wrote:
| > _The risk with printable tickets is that a seller could sell
| it to multiple people, who all print it out, but then only the
| first person who uses it can get in?_
|
| Note that the portion of that you're quoting that you didn't
| quote is "If you bought the ticket off the event's official
| ticketing agency (not a sketchy reseller)"
|
| I.e., we're specifically talking about someone holding a ticket
| that they purchased _from Ticketmaster_. If there are multiple
| copies floating about, presumably at some point the artist (
| /the actual event) is going to be unhappy that Ticketmaster is
| screwing their fans/attendees over.
| mschuster91 wrote:
| > This is a contradiction in TicketMaster's marketing. They can't
| have robust DRM on their tickets if those tickets can still be
| viewed offline.
|
| The "robust DRM" is called "ID cards". Here in Europe, it's
| become commonplace to tie soccer tickets to ID cards that are
| verified at the gates to keep hooligans (or those suspected of
| being hooligans, which is a status that is way WAY easier
| obtainable than one might reasonably assume) out, and high-class
| events that attract scalpers like a pile of dungs attracts flies
| have been doing that for even longer.
| gruez wrote:
| >They can't have robust DRM on their tickets if those tickets
| can still be viewed offline.
|
| https://en.wikipedia.org/wiki/Trusted_Computing
| 12_throw_away wrote:
| Huh, weird, a turns out an old, low-tech solution is much more
| secure than Ticketmaster's roll-your-own weird TOT-QR
| "security" (even considering the magic animation that that
| makes it "in a sense, alive")
|
| (Not that requiring ID doesn't raise the same and also other
| consumer rights issues)
| mschuster91 wrote:
| The thing is, unlike most of Europe, the US doesn't have a
| legal mandate for anyone to possess an ID card, and so in
| practice you got 50 states worth of driver's licenses,
| library cards, military or government employment IDs that can
| be used (or faked)... so you can't really use these for
| legitimately verifying anything unless you want to spend a
| lot of time and money to train your staff to spot fakes.
| Banks can do that but no one wants to do that for the goons
| that run security at venues for minimum wage.
| IncreasePosts wrote:
| Sure, but realistically no one is going to get a fake ID
| with a certain name on it so they can go to a concert with
| that person's tickets.
| ssl-3 wrote:
| The problem isn't scams.
|
| The problem is that Americans _are not required to have
| an ID_ -- at all. No federal law requires it, and there
| is none issued by default.
|
| (This is not the same as saying "Americans don't have to
| carry an ID" even though that is also true.)
| IncreasePosts wrote:
| Americans aren't required to have an ID, but that is only
| relevant to government related services. Private
| businesses like concert venues are within their rights to
| card you in some manner, and refuse admittance if you
| don't provide ID.
| ssl-3 wrote:
| Yes, that's all true.
|
| But none of that somehow makes this side of the pond the
| same as the other side of the pond.
|
| An idea that works in one place doesn't necessarily work
| in the other.
| BobaFloutist wrote:
| How hard is it to get access to a database to confirm that
| a scanned ID is valid, and corresponds to the name written
| on it?
| its_ethan wrote:
| Hopefully pretty hard.
| BobaFloutist wrote:
| Not a database you can trawl for your own uses, just
| something that if you scan an ID pops up
| validating(/rejecting) it and lists the associated name.
|
| I guess you could abuse that to turn partial IDs into
| more realistic ones? But that feels like a stretch. I
| can't see it being that useful for much more than
| confirming that an ID isn't a fake, which seems hard to
| abuse.
| mschuster91 wrote:
| Easy if you're government (every random cop on a traffic
| stop must be able to do that after all) but really REALLY
| hard for private entities.
|
| The exception is anything that is accepted by airports
| for international travel aka, for you Americans, only a
| passport - ICAO 9303 is _very_ detailed on how you can
| access the data stored on them. The specs and a basic
| understanding on how to communicate with smartcards are
| decent enough to get you to a readout in maybe a weekend
| worth of work. The authentication is either via a code
| derived from the MRZ or a dedicated access code printed
| on the document.
| londons_explore wrote:
| v2 of this will require an Android/iOS app which will make use of
| the platforms secure storage abilities for the key.
|
| On non-rooted devices, those are pretty much impervious to the
| user trying to inspect their contents.
| Aachen wrote:
| And this is why those companies love DRM'd (non-rooted) devices
| and try to detect when you broke this form of DRM: you can't
| get at your data, not even to make a backup of it; they're in
| full control. Also for security (can't grant root to malware if
| you don't have the permission to grant that), but also for
| everything else
| dmurray wrote:
| You could extract the barcode at all times in the future by
| setting the system clock (you can do this on non-rooted phones,
| and keep it that way at least if you do it in airplane mode).
|
| The Android docs mention a "secure timer" in the hardware
| security module, but I'm not sure that it can be used to
| prevent this.
|
| https://developer.android.com/reference/android/security/key...
| jszymborski wrote:
| Truly a noble cause.
| ikesau wrote:
| Really good post! I also found this quote which distilled their
| position in the 404media coverage of the situation.
|
| > "What I can say for sure is that TicketMaster and AXS have had
| every opportunity to support scam-free third party ticket resale
| and delivery platforms if they wished: By documenting their
| ticket QR code cryptography, and by exposing apps and APIs which
| would allow verification and rotation of ticket secrets,"
| Conduition told me in an email. "But they intentionally choose
| not to do so, and then they act all surprised-pikachu when 3rd
| party resale scams proliferate. They're opting to play legal
| whack-a-mole with scammers instead of fixing the problem directly
| with better technology, because they make more money as a resale
| monopoly than as an open and secure ecosystem."
|
| from https://www.404media.co/scalpers-are-working-with-hackers-
| to...
| cypherpunks01 wrote:
| I dug up the court docs referenced in that article, it's pretty
| interesting-
|
| _AXS Group LLC v. Internet Referral Services LLC
| (2:24-cv-00377) District Court, C.D. California_
|
| Amended complaint:
| https://storage.courtlistener.com/recap/gov.uscourts.cacd.91...
|
| Docket: https://www.courtlistener.com/docket/68163191/axs-
| group-llc-...
|
| One item of the complaint is regarding the "secure.tickets"
| site, which I wrote about in an earlier comment below
| (https://news.ycombinator.com/item?id=40906148#40910690).
|
| Basically, brokers are using the "secure.tickets" and similar
| websites to proxy ticket barcodes to buyers, without going
| through the actual ticket transfer mechanisms on the primary
| ticketer AXS/TM, (similar to how this blogger does). Then
| resellers are delivering these ticket URLs, hosted on random
| websites, to Seatgeek and Stubhub customers, and those
| platforms are supporting their delivery by telling their
| customers that the tickets are legit. Sounds like AXS is
| fighting back against this practice.
| snotrockets wrote:
| The underlying issue is that those tickets have a "no resale"
| provision that doesn't apply when the original seller acts as
| a broker.
|
| Do other brokers, when they go and work around that
| limitation break the sales contact? Maybe. The legal system
| would churn an answer in a few years.
|
| Do AXS et al with their "only we are allowed to engage in a
| secondary policy" are abusing their monopoly on original
| sales? The legal system would churn an answer about the
| legality of this in few years, but I think it's obvious they
| at least break rules in the spirit.
| silexia wrote:
| Monopoly is the keyword here. Ticketmaster and Boeing and all
| the other nefarious companies here use PATENTS to prevent
| competitors from eating their lunch. Patents need to be done
| away with to allow free competition, don't believe the
| propaganda about patents helping creators
| Steven420 wrote:
| If you don't have a patent on an invention then how do you
| protect it from people who will just steal what you have
| spent time/money creating?
| TrinaryWorksToo wrote:
| Patents no longer go to individual people. They go to
| corporations. Perhaps we should ban corporations from
| getting patents on behalf of people.
| OJFord wrote:
| That would be.. _interesting_ from a compensation &
| retention (& poaching!) perspective!
| fallingknife wrote:
| So the work of 1000 people at a company may have gone
| into developing the tech that is to be patented, but we
| must restrict the patent to being owned by one single
| individual?
| rundev wrote:
| 1. If you are first to market and still can't make money
| off your amazing invention, that might be a skill issue. 2.
| Patents wouldn't be as forceful if they didn't last that
| long. A decade or more is basically forever in a fast-
| moving field like tech.
| itsoktocry wrote:
| > _If you are first to market and still can 't make money
| off your amazing invention, that might be a skill issue._
|
| Sounds like something a VC would say.
|
| Have you considered that inventing things and selling
| them are two different skill sets?
|
| The patent system needs reform, not elimination.
| financltravsty wrote:
| Why would you artificially encumber a significant
| invention from benefitting the world just because you
| don't have the wherewithal to sell it?
|
| Seems awfully self-centered.
| brewdad wrote:
| I mean the patent is public information. If you want to
| have a go at selling it, buy it or license it from me and
| have at it. Otherwise, invent your own idea or wait for
| mine to expire.
| financltravsty wrote:
| Or I could lobby for patent reform so one person doesn't
| hold up the progress of everyone else via selfishness.
| mkatx wrote:
| The patent system certainly needs reform, but I think
| more along the lines of what gets accepted as a patent.
| Discovering what I would describe as a 'natural law'
| should not be patentable (but I think happens everyday),
| and those ideas should not be kept from human progress,
| imho. There's a line between research paper and patent,
| that I believe is blurred for profit.
|
| But a true invention, a novel use of those laws, should
| be patentable. Are you saying that if you discover a
| novel use of natural laws, a product that could be
| capitalized, your own unique idea, that you should not be
| able to capitalize on it? Maybe this would work in a trek
| economy, but not with capitalism.
|
| If your worried about innovation, how innovative could we
| be if discoveries/inventions were squandered because
| there are no protections if you happen to even mention
| your idea to someone?
| treyd wrote:
| This is what patents _used_ to do, but the economic and
| technological circumstances under which they did have
| changed dramatically over the last couple hundred years.
| All they really do now is entrench the power of the massive
| corporations with the capital to buy them up and sue anyone
| that they think encroach. It 's not promoting innovation
| anymore, it's stifling it.
| fallingknife wrote:
| Patents can be filed for around $2000
| mattmaroon wrote:
| I love it when a system has been working for hundreds of
| years through by far the most prosperous time in human
| history but people on the internet are sure it is wrong. No
| proof, no evidence, not even logic, just certainty.
|
| Also, I don't think any of the issues with Ticketmaster have
| anything to do with patents.
| giovannibonetti wrote:
| Maybe we could just reduce the patent's duration to
| compensate for the acceleration of information diffusion
| caused by the internet in the last few decades. Does that
| seem reasonable to you?
| mattmaroon wrote:
| What problem are we trying to solve? Why do we think
| there is a problem? If the idea behind the system was to
| give people a financial incentive to innovate, and since
| the system has been put in place humans have been
| exponentially more innovative than they were before, why
| do we think it needs fixing?
|
| Nothing seems reasonable to me on the topic unless it
| comes with evidence as to how it would improve a system
| that would appear by any objective measure to be doing
| incredibly well.
|
| And what does any of it have to do with ticket master?
| They're awful in a lot of ways, but I'm not aware of
| patent trolling to be one of them. If they even have and
| enforce patents, I've not heard of them, and I work in
| live events so I'm fairly well-informed on that company.
| Everyone in the industry hates them, it's unlikely
| they're doing anything awful that isn't routinely
| mentioned.
| Sesse__ wrote:
| > If the idea behind the system was to give people a
| financial incentive to innovate
|
| No, it wasn't. The idea behind the system was to give
| people a financial incentive to be _open_. Patents are a
| trade with the commons; you would give up your secrets
| for a limited time period of exclusivity. People would
| innovate with or without patents, but they would keep
| that innovation to themselves.
|
| With software, both sides of that bargain have changed.
| Secrets are harder to keep, and since everything moves so
| much faster, any given time period is much more damaging
| to the commons (e.g., 20 years is forever in software).
|
| (I also don't think Ticketmaster affairs have anything to
| do with patents, FWIW)
| massysett wrote:
| U.S. Constitution at least seems to side with innovation,
| not openness. Constitution article 1 section 8 says
| Congress shall have power
|
| "To promote the Progress of Science and useful Arts, by
| securing for limited Times to Authors and Inventors the
| exclusive Right to their respective Writings and
| Discoveries"
|
| This says nothing about publication, only about progress
| and exclusivity.
| nativeit wrote:
| It doesn't say anything about selling patents to third
| parties to abuse either. It specifies authors and
| inventors, and rights to their writings and discoveries.
| At what point does it extend those rights to a random
| unaffiliated attorney or corporation that engages in zero
| productive innovation or authorship? I agree that the
| argument your replying to is flawed, none of this applies
| to Ticketmaster here specifically, but the contemporary
| system absolutely is broken in several ways that were
| seemingly never intended by its original codification.
| drewmcarthur wrote:
| I would support patents that could only ever belong to
| the actual inventor.
| mattmaroon wrote:
| That is an ahistorical view of the history of patents.
| Openness had never even occurred to anybody when patents
| were originally invented. Back then, it didn't matter.
| Humanity hadn't come up with much that you couldn't
| figure out how it worked if you had one in your hands. It
| may have taken millennia to invent movable type, for
| example, but somebody who saw it could have copied it
| immediately. Its relatively recent that that has not been
| the case for almost anything.
|
| It was developed to spur innovation, and that is still
| its main function.
| Teever wrote:
| That's an absurdly reductionist take on ancient
| innovation.
|
| What about chemistry that mad everything from baking
| recipes, optics for physics, paint for art, forging
| techniques... The list goes on and on.
|
| There are so many subtle ways of doing things that were
| silo'd in small communities or regions.
| some_random wrote:
| Yeah seriously, what patents are we talking about here? My
| understanding is that reason Ticketmaster is a monopoly is
| through deals with venues
| some_random wrote:
| What patents does Ticketmaster have that stop competitors
| from selling tickets?
| chazeon wrote:
| Another case of abusing ToTK, an excellent technology that
| promised convenience, security, and offline access. Similarly,
| Duo builds their stuff off ToTK and then fending off (or makes it
| very, very hard) you from using a third-party ToTK authenticator
| with their sites. This company just jettisons the fine promise of
| available offline that was made by ToTK.
| Arch-TK wrote:
| TOTP?
| xnx wrote:
| Tears of the Kingdom?
| frizlab wrote:
| How about the "Add to Apple Wallet" option? He did not talk about
| that _at all_ , but AFAIK the ticket would be fully available
| offline and not in Ticketmaster app, no? It's actually an elegant
| solution IMHO.
| abofh wrote:
| They mentioned avoiding google wallet, so we can assume
| android, and that apple wallet wasn't considered for not being
| an option for them.
| tkems wrote:
| I just added a ticket to my Google Wallet for a concert last
| night and it was very similar to the Ticketmaster/LiveNation
| app. The PDF417 barcode changed and had an animation around it.
| My guess is that it is the same or very similar on Apple
| devices.
| rareitem wrote:
| So items inside google/apple wallet don't need to be
| 'static'?
| padthai wrote:
| No, I have flight tickets autoupdate when there is a delay.
| reddalo wrote:
| I've only seen the flight data change, not the code
| itself.
| xp84 wrote:
| The barcode is just another field in there, so it can be
| updated the same as anything. Passkit is very simple. For
| the barcode part you just tell it type of code (from the
| available types) and value to encode.
| lotsoweiners wrote:
| Even that isn't updated correctly very often. There is
| always at least a gate change that doesn't update the
| tickets in my Apple wallet.
| 8n4vidtmkvmk wrote:
| I like playing the game of which app has the most correct
| flight information. Sometimes it isn't the official
| airline app.
| tkems wrote:
| With Google Wallet (the only one I have at the moment), it
| is not static for the ticket. It has a NFC and barcode
| option. The barcode changes every 15 seconds for me.
| divbzero wrote:
| Yes, it is available offline if you "Add to Apple Wallet".
|
| The ticket in Apple Wallet is still revocable if you transfer
| the ticket to someone else using Ticketmaster's website,
| probably through an update that Ticketmaster pushes to the
| wallet [1].
|
| [1]:
| https://developer.apple.com/library/archive/documentation/Us...
| jyrkesh wrote:
| Just recently dealt with this for a big Ticketmaster event.
| The Apple ID has to match the email address on the
| Ticketmaster account, or the ticket will show as Void in the
| Apple Wallet.
|
| But it does solve the offline issue that the blog author was
| experiencing.
| nedt wrote:
| This sucks because obviously I'd give them a different
| email address - just like everyone else. For example with
| the ,,login with apple"
| OvbiousError wrote:
| OP explicitly states he doesn't want to add the ticket to a
| google account. Fair to assume they wouldn't want apple
| either.
| notpushkin wrote:
| If it's a standard .pkpass, they could use it with an
| offline third-party app that can view those, e. g.
| PassAndroid [1]. Given Ticketmaster verifies Apple ID
| though, as mentioned in this thread, I'm not really sure
| it would work.
|
| [1]: https://f-droid.org/packages/org.ligi.passandroid/
| TeeWEE wrote:
| The barcode in apple wallet also auto-updates.
| arscan wrote:
| I recently purchased tickets via SeatGeek and was provided a link
| to one of these barcodes, which accepted as a querystring
| parameter an access token that seemingly had a long expiration
| attached to it. It was hosted on "downloadmytickets.com", which
| doesn't look legitimate and caused me to do this same type of
| analysis to see how it all worked. Whether or not this was a way
| to bypass the "security" to enable sale via third parties, or
| just a very untrustworthy-looking official domain, I don't know.
| But in the end it worked fine at the venue. Definitely more
| stress involved than I would have liked though.
| cypherpunks01 wrote:
| Yes, these systems are getting more popular recently, I believe
| they are typically being run by large ticket broker platforms.
|
| I don't know about the specific site you mentioned, however the
| large broker platform Automatiq runs a number of domains like
| this, where they effectively proxy the original ticket token,
| recreate it with TOTP just as in this article, and display it
| to any user who has the right link in a similar format to how
| TM displays it. They advertise this service as "Transferless
| Delivery" to their ticket reseller customers. The main
| Automatiq one is called "secure.tickets".
|
| It reduces work for sellers, because they never even have to
| transfer the tickets out of their Ticketmaster account anymore.
| Of course, it's horrible for buyers because they have no idea
| whether the random website link they were sent is actually
| going to serve them a barcode corresponding to a real ticket or
| not, or whether the site will be up, and they have no rights to
| the ticket as far as the primary ticket issuer (TM) is
| concerned, buyers don't even know the name on their own
| tickets.
|
| Seatgeek and StubHub seem to be aware of these systems because
| of how closely they work with ticket brokers, and just coach
| customers to accept them if they are from any of the domains
| known to them. See https://support.seatgeek.com/hc/en-
| us/articles/2074030716443... the Automatiq site is called out
| specifically on that page.
| noodlesUK wrote:
| This sort of ticketing thing is a trivially solvable problem. It
| is solved at every airport in the entire world millions of times
| per day. You provide the name of each concertgoer when you buy a
| ticket, and they show up with their ticket and ID. You often need
| to show your ID at these kinds of venues to prove you're old
| enough to drink beer anyway.
| cogman10 wrote:
| Yup.
|
| I have to believe the reason the likes of ticket master isn't
| fixing this is because they are selling/auctioning/reserving
| some percentage of tickets to scalpers or "3rd party sellers".
|
| Requiring ID is such an obvious solution that I have to believe
| these convoluted approaches are only there so the secondary
| market can exist and so ticket master can wash their hands when
| prices get out of control on that market.
| oehpr wrote:
| I have to presume that the driving impetus of all of this is
| that they're trying to avoid the actual requirement of
| checking the ID. Like, they want to improve the flow of
| traffic through admissions.
|
| But I mean, obviously, any kind of system like this strikes
| me as the same sort of thing as DRM. That you can somehow
| protect the message from the person you're sharing the
| message to. How can you avoid reselling if you don't verify
| the original purchaser? It just seemes ridiculous on its
| face.
| jrockway wrote:
| Yup exactly. Some events are pretty bad at opening the
| doors early. The Brooklyn Nets seem to open 30 minutes
| before the game, so they need to get 20,000 people through
| 20 metal detectors in 30 minutes. Every second extra they
| add to the process is a second you don't have to buy a $25
| drink, and that's how they make their money.
|
| We check IDs for flights because airline yield management
| demands that there be no resale, or business travelers
| would be traveling on leisure fares.
| BobaFloutist wrote:
| >We check IDs for flights because airline yield
| management demands that there be no resale, or business
| travelers would be traveling on leisure fares.
|
| Sorry, what? Surely business travelers pay more just by
| virtue of traveling by business class? Or, if travel
| through business portals was consistently significantly
| more expensive than just buying the ticket directly on
| the airline's website, businesses would just start buying
| tickets directly from the airline's website?
|
| Is there something about how ticket fares are calculated
| and paid that I don't understand?
| qazxcvbnmlp wrote:
| Business travelers != travelers in business class.
|
| Airlines use a fair number of techniques to price
| discriminate between leisure and business passengers.
| drewg123 wrote:
| Last minute / next day fares have traditionally been far
| more expensive than 3 week advance, and that was intended
| to impact business travel more than leisure. If there was
| a 3rd party marketplace for airline tickets, last minute
| tickets would not be nearly as expensive and the airlines
| would make far less money.
|
| Consider an example where we have a business traveler
| "Bob" and a leisure traveler "Larry". Bob needs to get to
| LAX tomorrow to put out a fire at a client site. Larry
| has a trip booked to LAX tomorrow, but can't go because
| he's sick. Larry has paid $500 for the trip 3 weeks ago.
|
| Today: Larry cancels his trip, and maybe, if he's lucky,
| gets an airline credit for the original price of the trip
| that expires in a year and which may be hard to use for
| his next trip. When he cancels, a seat opens up on the
| plane, and the airline sells it to Bob for $1200.
|
| If resale was permitted: Larry auctions off his ticket at
| an airline ticket reseller. He gets $700 from Bob. So if
| resale was permitted, Bob's business saves $500, and
| Larry makes $200, and the airline looses $1200-$1700. You
| can see why they hate resale.
| yellowapple wrote:
| Okay, but how many business flights are actually last-
| minute like that? Whenever I've flown for work reasons
| the tickets were bought at least a week in advance, and
| usually 3+ weeks in advance.
|
| Likewise, there are plenty of non-business flights booked
| last-minute like that, too - like, as a personal example,
| needing to book a same-night flight to help a family
| member drive cross-country with her kids and personal
| belongings so she could get out of a dangerous personal
| situation.
|
| All this being to say: if price differentiation between
| in-advance v. last-minute bookings is actually intended
| to make business travel cost more than leisure travel,
| I'm thoroughly skeptical of that intent being fulfilled
| in practice. Seems more likely that it's simply a matter
| of things costing more when they're more scarce (as seats
| on an airplane would become as it gets closer and closer
| to the departure time), and that just so happens to
| impact business travelers more than leisure travelers.
| jirf_dev wrote:
| I would guess most of your exposure to business travel is
| within tech or consulting, which rarely require last-
| minute booking. I would imagine most last-minute bookings
| for business travel come from people in sales. I've seen
| many sales people find out a prospective client is open
| to meet and immediately hop on a flight just to
| potentially make a sale. The opportunity cost is worth it
| even for small businesses. My exposure to this was for
| wholesale and retail distribution of consumer electronics
| but I'd imagine that this would apply to any business
| with a sales team.
| wildzzz wrote:
| About half of the work trips I've been on, the tickets
| were booked at most a couple days in advance. The most
| expensive ticket I've ever bought was an economy United
| cross country flight to LAX for $1500 (booked about 14
| hours in advance) and I've done a lot of vacations to
| Europe. We booked it last minute because we didn't know
| when the project would be ready to deliver and once it
| was, we had to deliver ASAP. I was on the ground in LA
| for about 12 hours before flying home. Awful trip.
| Largest ratio of dollars spent to enjoyment received I've
| ever experienced.
| darkwater wrote:
| Or physical world engineering: my brother had to hop on a
| plane last minute to go fix in place a machine having
| issues plenty of times.
| dfadsadsf wrote:
| I almost always book tickets for business travel 1-3 day
| before the trip. I am completely price insensitive (I do
| not care if my employer pays $100 or $400 for the
| ticket), my schedule is hard to predict ahead of time (if
| there are no important meetings on Monday, I will fly on
| Monday. If something important pops up I may fly on
| Sunday or on Tuesday). Downside is smaller seat selection
| (I mitigate by always checking if aisle seat available
| before booking) and sometimes convenient flights sell
| out.
| 8n4vidtmkvmk wrote:
| My employer does some kind of credit system so we get
| cash credits for future trips which we can use for nicer
| hotels next time. Something like that. I don't fly
| often/ever. I should clarify the credit is the difference
| of the expected price vs what we paid. So if flight is
| normally 300 and we pay 200 we get 100 towards future
| travel. And then there are upper limits to what we can
| expense and the credits offset that.
| withinboredom wrote:
| That sounds pretty easy to game. But I think in these
| cases, they take what they can get and can't really game
| it.
| dfadsadsf wrote:
| I think Google does it now. One problem is see is that
| people may optimize for price tickets and not business
| goals to get bigger credit. Business need is 2 day trip
| but people may extend it by 2 days to get cheaper air
| tickets but on balance it will be more for the company
| due to additional hotel cost.
| lesuorac wrote:
| Yeah, I don't think that's right either. They don't check
| your ID at the gate, it's just TSA that checks your id
| (if you have one).
| donalhunt wrote:
| Depends on the departure and arrival city. It is common
| for ID to be checked at the gate for international
| flights because airlines are held responsible for
| transporting passengers that don't have the correct
| paperwork / visitor permits for the destination country.
| IncreasePosts wrote:
| Yes, and the airlines don't (generally) let you change
| the name on a ticket.
| devilbunny wrote:
| And they require a boarding pass. Which can't be changed
| without the airline's permission.
|
| Back in the old days, sales like this were common. No ID
| checks, non-passengers allowed through security, and the
| classified ads in newspapers would say "round-trip coach
| ticket May 8-12 JFK to SFO, male name, call
| 212-555-1234". So you met them, got your paper ticket,
| got a boarding pass at the counter or the gate, and flew.
| yellowapple wrote:
| > or business travelers would be traveling on leisure
| fares.
|
| Don't they already do that anyway? Every time I've gotten
| on a plane for work purposes, there was no
| differentiation between "business traveler" v. "leisure
| traveler" as far as the ticket purchasing process was
| concerned. Hell, in the most recent case it was even with
| my own credit card (for which I submitted an expense
| report to be reimbursed) - so for all the airline knew, I
| was just taking a week-long vacation to Colorado Springs
| (in that case) instead of being there for work.
| jrockway wrote:
| The rates are typically different if you stay a Saturday
| night. Business travelers go home on Friday night. (SFO-
| NYC on Friday night was always a tough flight to book. I
| usually stayed the extra night so I could fly 1st or
| Business for less money.)
|
| If you could buy someone else's ticket on the secondary
| market, then you could do a split ticket thing where you
| both stay Saturday night but neither of you actually do.
|
| Everyone should change their name to Pat Smith and end
| this scam once and for all.
| vdqtp3 wrote:
| > The rates are typically different if you stay a
| Saturday night.
|
| I recently flew from the US to Europe and returning on
| Thursday or Friday was twice the price of flying home on
| Saturday or Sunday - the weekend return options actually
| showed up as free during booking.
| cogman10 wrote:
| So even if you don't want to do the ID thing, there are
| alternatives that you see all over the place (like venmo)
| Have a rotating QR code seeded with a unique to the user
| id. Then with ticket master, require a login to buy
| tickets. Register the tickets to the ID and then do the
| lookup with a combination of the ticket id, rotating qr
| code, and the user id.
|
| That requires the admitter device to send the challenge
| back to HQ, but that shouldn't really be much of a
| challenge. Tickets then become linked to the user's account
| (perhaps you allow transfer).
|
| This is effectively what Disney does with their ticketing
| system, along with at the gate them taking a picture of you
| so they can confirm "Yes, so and so looks like the photo".
|
| But yeah, all of this is ridiculous on its face as the
| cheaper and easier solution is ticket plus ID. If you are
| worried about flow have signs up before check in that say
| "be sure to have your ID ready before you get to the
| counter".
|
| The ticketmaster solutions are just bad/half assed.
|
| That is to say, if ticketmater had just done TOPS like the
| article points out, you'd not need the headache they've
| created with needing a live internet connection to load
| your ticket.
| KennyBlanken wrote:
| You don't understand how people at their companies
| evaluate stuff like this.
|
| Any solution that increases capital or operating
| expenditures for them or the venues (half of whom they
| own, if I remember correctly?) is a non-starter if it
| doesn't generate some increase in revenue.
|
| They will not do anything they don't _have_ to do if it
| means _any_ impact to their bottom line _whatsoever_.
|
| We see it as "pennies per transaction."
|
| They see it as "we sell 500M tickets per year so five
| cents per transaction is $25M/year in lost net."
| cogman10 wrote:
| Well that's where I'd argue they are negatively impacting
| their bottom line.
|
| > These rotating barcodes on the other hand are far from
| perfect. I experienced this first-hand last year when I
| attended another very popular concert where they used a
| similar rotating-QR-code-ticket system. Numerous people
| including myself and my friends were floundering at the
| entry gate citing a bevy of broken barcode problems. ...
|
| > The venue was so crowded that cell-towers and WiFi were
| overloaded. Internet access was spottier than a Dalmatian
| with chickenpox.
|
| That is impact to their bottom line. They have admittees
| waiting at the gate blocking other people from getting in
| cutting into their concession sales.
|
| If they'd used a bog standard TOPS system (like the op
| suggests) that would not be an issue at all. But instead
| because they have the dumb system where you reach out to
| the ticket master servers to get your code, they've
| created their own nightmare.
| lmz wrote:
| > I experienced this first-hand last year when I attended
| another very popular concert where they used a similar
| rotating-QR-code-ticket system. Numerous people including
| myself and my friends were floundering at the entry gate
| citing a bevy of broken barcode problems.
|
| That's a _different_ system. The article makes it clear
| that the Ticketmaster system works offline if you have
| opened it on the mobile app. Which they don 't want to
| install.
| TylerE wrote:
| You don't even have to use the app. You can just visit
| the ticketmaster website and add it to apple wallet
| straight from there. Can do it months in advance, too.
| mixmastamyk wrote:
| The website comes up in Safari, and is scannable from
| there. Don't need to add to wallet. I used box office
| wifi to get text and follow url.
|
| I never asked for this BTW, would rather have a paper
| ticket.
| TylerE wrote:
| The advantage to using wallet is that you don't need
| working WiFi at the event. Everything you need to get in
| is stored locally.
| mixmastamyk wrote:
| I bought it at the box office and did need wifi to
| complete the download. I didn't need wifi or the wallet
| at the gate.
| 8n4vidtmkvmk wrote:
| Webpages _can_ work offline. Not sure if Apple has
| allowed this yet.
| monksy wrote:
| Disney is collecting pictures of everyone faces. That's
| pretty creepy.
| 8n4vidtmkvmk wrote:
| They only collected my fingerprint last time I went.
| hiatus wrote:
| Are there no cameras in the fingerprint collection area?
| 8n4vidtmkvmk wrote:
| I don't recall. There's probably cameras everywhere.
| Disney is hardcore.
| carlosjobim wrote:
| > How can you avoid reselling if you don't verify the
| original purchaser?
|
| A ticket scalper cannot know the names of the people that
| will later purchase his tickets. So connecting each ticket
| to a name prevents scalpers.
| crote wrote:
| > Like, they want to improve the flow of traffic through
| admissions.
|
| But they in turn greatly _degraded_ the flow of traffic by
| forcing the use of a proprietary always-online app which
| fails to load when your cellular connection is less-than-
| ideal. Verifying a photo ID would probably be faster.
| oehpr wrote:
| True, but when you point out practical realities like
| this to monopolistic institutions, they don't have to
| care.
|
| They will instead ask "well why isn't the connection good
| at the concert? What can we do to fix that?" (ie. "we
| don't have to change when we can make you change")
|
| It _IS_ true that if you don 't have to verify the ID of
| the ticket holder then admissions will go much faster. So
| long as they can make that plausible sales pitch, they
| can use it as justification for whatever byzantine DRM
| system they can dream up.
| makestuff wrote:
| Yeah I agree, they are not incentivized to fix scaling/bots
| because they get a fee every time a ticket is sold. It is in
| their best interest for the ticket to be sold as many times
| as possible.
| wombat-man wrote:
| Hell, you just scan your ID at TSA nowadays. They don't need
| your ticket.
| dawnerd wrote:
| Or just scan your face with the new Digital ID rolling out.
| It's actually quite nice.
| lotsoweiners wrote:
| I flew about 3 days ago and they only asked for my minor
| children's boarding passes.
| storyinmemo wrote:
| But also, the hell with this. I'm still sour enough about the
| TSA without the concept of, "I'll buy tickets for me and three
| of my friends then see who wants to go," becoming impossible or
| gated by ticket transfer fees.
| swores wrote:
| Even allowing that but requiring your valid ID must be taken
| into the venue by yourself (or by your friends eg if you get
| sick and can't go) would be a big improvement, meaning ticket
| scalps would have to actually go or have someone on their
| team go along with every ticket they resell.
| toomuchtodo wrote:
| Airlines are preventing a secondary market. Unfavorable for
| your use case, but also prevents scalping airline tickets
| (while allowing airlines to attempt to maximize revenue).
| There are always tradeoffs and compromise.
|
| To hack around this, I've used Southwest Airlines; I can buy
| tickets for folks and if they can't travel, we cancel the
| ticket(s) and keep the travel funds banked for another time.
| I hope this is potentially helpful information.
|
| https://simpleflying.com/why-airlines-dont-allow-name-
| change...
| pxx wrote:
| except Southwest is easily the most expensive carrier these
| days and other carriers have also adopted flexibility
|
| hopefully their new changes such as allowing their fares to
| be indexed will make them close to being competitive at
| some point. but today you really only get near-
| competitiveness (it's still bad) if you're going to check
| both pieces of luggage and have no way of getting free
| luggage on any other carrier.
|
| even buying and throwing away tickets, depending on your
| probability of travel, might pay for itself in one trip.
| toomuchtodo wrote:
| People who compare Southwest to Frontier and Spirit are
| not serious people. Southwest is a premium offering, if
| folks want to ride cattle car a la carte, I encourage
| them to, just don't ruin the established brand of SWA. I
| would rather fly dead on Southwest than alive on another
| domestic carrier.
| BenjiWiebe wrote:
| First I've heard of southwest being a premium option.
| Even Wikipedia lists it as a budget airline.
| toomuchtodo wrote:
| Value is subjective. I'm going to pay for business or
| first when the whole plane gets there at the same time?
| Nah, I'm paying for a great experience if something goes
| wrong, bags included, and reliable air travel between two
| points. It's low key white glove service in a world of
| race to the bottom customer service and trying to remove
| every touchpoint possible between the business and the
| customer to save pennies.
|
| https://community.southwest.com/t5/Blog/Southwest-
| Airlines-R...
|
| https://www.nerdwallet.com/article/travel/is-southwest-
| airli...
| vel0city wrote:
| Flying on Southwest is generally a more pleasant
| experience than flying economy on United, American, or
| any of the other major carriers IMO. It won't beat flying
| business class or whatever though, but I'm not that rich.
|
| The seats are more comfortable. Every plane has pretty
| good in-flight WiFi (paid) and free movies/TV you can
| watch on your own device. Drinks and snacks included. Two
| checked bags free. About the only thing I miss from the
| big carriers is charging/power outlets at the seats, but
| I hear that's coming.
| vel0city wrote:
| I booked a flight a couple of weeks ago. Southwest was
| still cheaper than American and Delta for the flight I
| was looking for, even before thinking about two free
| checked bags. Adding in the fact their seats are bigger
| and free checked bags, it is definitely a better value to
| me.
| tqi wrote:
| People often buy tickets without knowing exactly which of their
| friends are going to attend with them. This is not true of
| airplane tickets.
| actionfromafar wrote:
| Would be awesome if it were true for airplane tickets
| mattmaroon wrote:
| One ID for the entire order would be fine. You can buy 4
| tickets, and go into the concert with your 3 friends. It
| often works this way even with no ID involved, I buy two
| tickets, add them both to my wallet, scan them both when my
| GF and I go to the show.
|
| You COULD still scalp tickets if the person who bought them
| from you is going to walk in with you. But the scalper would
| have to eat the cost of one ticket to do it, and it's
| probably onerous enough to severly reduce the impact of
| scalping.
| miki123211 wrote:
| That's how trains work (here).
|
| Every ticket must have one name and surname on it, no
| matter how many passengers it covers. That person must be
| traveling on the ticket.
|
| You're usually asked for some kind of photo anyway because
| of discounts, which a very significant percentage of train
| riders are entitled to.
|
| I think this is because tickets must be both printable and
| verifiable offline in case the train gets into a spot with
| no connectivity when the inspector is inspecting tickets.
| CuriousIndian wrote:
| Thats interesting to learn.
|
| Here, train tickets need to list every passenger along
| with their age and gender. This also enables you to
| cancel for just one person on the ticket without
| affecting the rest.
|
| The ticketing system basically assumes no network
| connectivity. Ticket inspectors usually only ask you for
| your name and match it to their records. And only ask for
| and id in rare situations (you absolutely need to have
| yout id with you irrespective of infrequently you
| actually need to show it).
| 0cf8612b2e1e wrote:
| What if you need to arrive separately? Especially for a big
| event with tens of thousands of people, can be easier to
| meet up inside the venue on everyone's timeline.
| mattmaroon wrote:
| Then you should have thought of that when you bought the
| tickets I guess. Any change to the system to fight
| scalping is going to inconvenience regular users too.
|
| As a frequent concert goer, I'd happily have to arrive
| with my group if it meant no Ticketmaster.
| lotsoweiners wrote:
| So that makes it a shitty system that is really solving
| nothing. If I hypothetically have a group of 14-15 year
| olds that I buy Taylor Swift tickets for, does that mean
| I have to accompany them up through the line? Just dumb.
| mattmaroon wrote:
| There are really two options. Tickets are non-
| transferable, which means you need the name of the person
| and to check ID, and there's no scalping, like airlines.
| Or tickets are transferable, and you don't need names or
| IDS or whatever else but scalping occurs.
|
| If you think scalping isn't enough of a problem to
| balance out the inconvenience of having to plan the
| ticket purchases better, well, uh, that's just like, your
| opinion, man. We'll agree to disagree. But it does
| mitigate a problem, scalpers inflating prices.
| 8n4vidtmkvmk wrote:
| Then assign names to the tickets after purchase. Should
| be allowed up to 24 hours before the event or something.
| carlosjobim wrote:
| That beats the entire purpose of having names on tickets,
| which is to stop scalers.
| 8n4vidtmkvmk wrote:
| No, because at least 1 name has to be assigned on
| purchase. So the scalper is still out 1 ticket.
| dbbk wrote:
| Yes this exists, it's called lead booker tickets
| __MatrixMan__ wrote:
| That requires a single source of truth for which names go with
| which tickets. Which is going to be a problem if tickets need
| to be transferred in contexts where users don't have internet
| access (but they do have local connectivity between devices) or
| in contexts where the venue doesn't have internet access. Or in
| cases where the single source of truth might be vulnerable to
| attack or doesn't have the resources to handle the load at
| certain times.
|
| I don't have the solution explicitly, but it seems like it
| ought to be possible to do this such that PII need not be
| collected. Tickets could be cryptographic proofs that a chain
| of custody exists and meets certain criteria. The proofs could
| be constructed at transfer time and verified at admission, no
| servers in the loop anywhere. Yeah, we'll come up against the
| CAP theorem eventually, but we might find that the imposed
| constraints are workable.
| immibis wrote:
| > Which is going to be a problem if tickets need to be
| transferred in contexts where users don't have internet
| access (but they do have local connectivity between devices)
| or in contexts where the venue doesn't have internet access.
|
| You know as well as I do that TicketMaster won't allow any of
| that, because it means they miss out on selling another
| ticket.
| __MatrixMan__ wrote:
| I was operating under the assumption that the goal was to
| replace TicketMaster with an open protocol.
| lilyball wrote:
| Flying requires an ID. Attending a concert should not. Any
| solution that is solved by "simple, just require an ID" is not
| a solution.
| itishappy wrote:
| > Flying requires an ID. Attending a concert should not.
|
| Why though? Not disagreeing per say because I'd have thought
| so too, but upon reflection...
|
| I assume the main reason airlines require an ID is safety and
| security. We maintain a denied parties list and use identity
| verification to make it as difficult as possible to fly a
| plane into a crowded venue. Border control is another issue,
| but there's plenty of intra-country or intra-state flights
| where this isn't an issue.
|
| Ticketmaster sells unverified access to crowded venues.
| jmb99 wrote:
| Is your argument that people should be unable to attend
| concerts/etc without presenting ID? I for one am not a fan
| of that idea
| itishappy wrote:
| I'm not a fan of it either. Just sayin' that concerts and
| events are where the densest crowds are. Are we
| protecting people from doing things to events more than
| the events themselves? I'd hope this is an argument for
| more granular control. I'd love to fly short-hops without
| ID, but maybe TSwift concerts should require something?
| (Edit: Do they? Events/venues do start to have their own
| security at some point. Flights also have different
| controls for national vs international.)
|
| I'm also probably overly discounting border control.
| Traceability in particular. I'm not a fan of this either.
| fnfjfk wrote:
| You need to show one to get a drinking wristband anyways
| (and avoid the hand Xs), or into any 16+, 18+, or 21+
| show.
| prmoustache wrote:
| This is not universal.
| jasomill wrote:
| I assume the main reason airlines require ID (for domestic
| flights) is to prevent ticket resale, and that "security"
| is just a convenient scapegoat. And I'm not alone[1].
|
| [1] https://www.schneier.com/crypto-
| gram/archives/2003/0815.html...
| rangestransform wrote:
| Because we ought to do everything in our power to stop the
| aggressive onslaught of the surveillance state. We already
| know TSA is security theatre at best, and the time they've
| wasted already justifies more lives lost to terrorism
| instead.
|
| Practically, I don't want Ticketmaster having access to the
| information on my ID, they already leaked lot of my other
| PII.
| 627467 wrote:
| that's really just an opinion. and I'd argue that if people
| really care about a fair and sustainable concert going, given
| how ridiculous the live event situation is, you'd support
| pretty common and standard requirements like ID to be shown.
| as others said: ID is already required to validate age in
| many events/venues
| mixmastamyk wrote:
| Recent changes are anything but fair and sustainable. Front
| section tickets have gone from $120 to auction at $400+ at
| our local venue.
|
| Can no longer pay cash, have a paper ticket, be anonymous.
| Those are much more important to me than preventing
| scalping.
|
| Scalpers out front have provided a valuable service to me a
| dozen times over the years, when I didn't plan well.
|
| Any solution (I didn't ask for) that turns concerts in an
| international flight experience means they are dead to me.
|
| Age was traditionally checked separately and manually. Not
| put into a database to be bought and sold and breached.
| fnfjfk wrote:
| How are you getting into shows without presenting ID for age?
| Every (well, every legal...) venue I've been to in NYC cards
| to see if you are 21.
| plorkyeran wrote:
| I have never had to show ID to get into a concert other
| than tiny shows at bars. Every larger venue around here
| (SF) I've been to checks IDs to get a wrist band which lets
| you buy drinks, but you can just skip that if you aren't
| drinking.
| ssl-3 wrote:
| I've been to many [big, small] well-known, legit shows in
| the US as a kid who was not yet an adult.
|
| I did not have an ID, and none was required to get in.
|
| All-ages shows are definitely things that exist.
| noirscape wrote:
| Depends a lot on the country you live in. In most European
| countries "carrying an ID" is legally required if the police
| stops you anyway (they do need a reason to see it though), so
| "show an ID at the entrance" is no big deal.
|
| It's to my understanding mainly the US where ID requirements
| are often side eyed because many people don't have them and
| there's no national standard (and due to a variety of
| political reasons there probably won't ever be any.)
| rangestransform wrote:
| What the hell kind of draconian country forces you to
| always have an id on you? What if I go running with only my
| watch on (I've regularly done this with no malicious
| intent)
| tl90 wrote:
| In my home country (Hungary) it is mandatory if you leave
| your home more than 500 meters and as far as I know, most
| European countries have similar rules.
| martijnarts wrote:
| Lots of nations require carrying some form of ID: https:/
| /en.wikipedia.org/wiki/List_of_national_identity_card...
|
| In the US, permanent residents are required to carry
| their green card at all times.
|
| Here's a description of the law for the Netherlands,
| where I live:
| https://www.government.nl/topics/identification-
| documents/co...
| garaetjjte wrote:
| There's difference between mandatory possession of ID,
| and requirement to carry it all the time. This list
| doesn't distinguish between that.
| slackfan wrote:
| Papieren Bitte!
|
| https://en.wikipedia.org/wiki/List_of_national_identity_c
| ard...
| llsf wrote:
| The issue is most likely about throughput. You want to let fans
| enter the venue as quick as possible. Most venues have lots of
| gates, but still the latency at each gate has to be a handful
| of seconds per ticket. Having to validate both ticket and ID
| would easily double or triple that time.
| crftr wrote:
| Today's digital entry experience is far from frictionless.
| Might as well add a scan of the PDF417 barcode on the back of
| the latest state ID cards.
|
| I just went to a MLB game yesterday, and the digital process
| was: - Open ticket app - scan
| ticket 1 - scan ticket 2
|
| I imagine this could have been: - Open
| ticket app - scan PDF417 - scan ticket 1
| - scan ticket 2
| llsf wrote:
| Hopefully in the near future (https://nfc-
| forum.org/news/2024-07-nfc-forum-defines-next-ge...) you
| would just need to tap you phone once, and get your ID
| passed to the scanner, along all the tickets for that venue
| & time.
|
| No more opening app, and showing different tickets and IDs.
|
| That would clear that argument.
| eqvinox wrote:
| For one, this is a problem world wide, but OK, you can try
| to solve it for the US.
|
| But for another, not everyone has a state ID card. In
| particular the 7.1% of the population that does not have
| U.S. citizenship will have varying amounts of US
| documentation, depending on how long they're in the US for
| and whether they're there legally.
|
| And you really want to be able to sell tickets to tourists.
| 627467 wrote:
| I keep reading about this argument but Olympics and World Cup
| matches are arguably as large events (if not larger) and they
| place name on ticket and check ID at entrance.
|
| people complain at ticketmaster yet seem to bend over
| backwards to justify the state of affairs
| mixmastamyk wrote:
| You can rely on TM to do whatever makes the most money, and
| they probably know better than us. Also those you list are
| typically higher security events.
| llsf wrote:
| Yes, some events are different, like the Super Bowl for
| instance, where everyone is screened, and a simple
| concert, where you just need a ticket that scans.
| llsf wrote:
| Not sure how they do it for Olympics and World Cup, they
| probably compensate with more gates/scanners than a typical
| venue. I am not advocating either way, which is either keep
| a ticket anonymous, or tie a ticket to an ID. I guess
| Ticketmaster would love to tie tickets to ID, so they would
| know the customers better.
|
| If/when https://nfc-forum.org/news/2024-07-nfc-forum-
| defines-next-ge... gets implemented by Apple/Google then we
| could one phone tap, get the ID, the ticket and verify that
| they match.
|
| But I have no idea when Apple or Google would implement
| those ?
| reddalo wrote:
| Italy solved this. Five years ago, a new law enforced ID-
| checking when you enter any big events (like concerts with an
| audience larger than 5000 people).
|
| Tickets have your name on it, and you can only change the name
| or resell them through the official seller (so, third party
| resellers are out of the game). Also, every reselling
| transaction is registered and can be inspected by the Italian
| Rightsholder Agency (SIAE).
| rangestransform wrote:
| I'd rather not solve it than let the state have more
| information about my transactions
| cyberbolt23 wrote:
| Because this, and more very strange rules it is very hard for
| ticketing systems to get into the Italian market. Some
| examples:
|
| - not allowed to change to time or name of the event after
| the 1st ticket is sold
|
| - only allowed section names in halls from a know list
|
| - free tickets on events... can only do this under strange
| conditions
|
| - smart card application, for encryption, must run on a
| physical server in Italy. You should not be able to log into
| the ticketing box office if that smart card application is
| not running.
| reddalo wrote:
| You know many details about Italian ticketing systems, are
| you working in the industry?
| bagels wrote:
| This improves the security over airline tickets.
|
| There was a recent story of someone taking pictures of other
| people's boarding passes, and using that to board the plane.
|
| With this ticketmaster scheme, unless the person has access to
| the secret keys, the pass would only be valid for a few
| seconds, likely defeating this attack against boarding passes.
|
| https://www.nbcdfw.com/news/local/texas-news/texas-man-board...
| Zopieux wrote:
| How often has this been a problem though? How about not
| keeping your boarding pass, or ticket, or credit card for
| that matter, visible for the world? Just put it in your
| wallet, I don't know.
|
| This is security FUD. Stop solving problems that do not exist
| to the point where it makes the news when they do happen,
| once a century.
|
| This DRM scheme concretely creates millions of small
| annoyances to millions of people and wasting our time as a
| society.
| bagels wrote:
| It also happens that pranksters can cancel your travel if
| your boarding passes make it on to Twitter or other social
| media. It's not a non-problem like you make it out to be.
|
| Sure, it won't happen to you or me, because we know it is a
| risk to expose these documents, but that is not true of
| most people.
|
| Maybe the DRM is not worth it. I actually think it's
| obnoxious for concert tickets (I recently had to deal with
| this system, and I was not thrilled about installing an app
| from a company that I think is using unfair business
| practices).
| lmm wrote:
| > It also happens that pranksters can cancel your travel
| if your boarding passes make it on to Twitter or other
| social media.
|
| The security theater of checking ID does nothing to stop
| this. What's your point?
| bagels wrote:
| My point is that rotating expiring barcodes actually can
| provide some security value.
| devilbunny wrote:
| I'd call that a feature, not a bug, since you can't get a
| boarding pass until 24 hours before the first leg of a
| trip. Expensive education, but education nonetheless.
|
| I only use paper boarding passes if they insist on giving
| them to me when I check my bags or if I'm flying
| internationally and am worried about connectivity in one
| of the transfer airports. They go straight into my travel
| wallet (full-length, large enough for letter or A4 paper
| folded, with enough space for two passports, several
| credit cards, a pen, and plenty of cash or other
| documents). The company that made mine is unfortunately
| out of business, but https://www.leatherology.com/zip-
| around-travel-wallet is similar.
| dawnerd wrote:
| Airlines are starting to use rotating barcodes as well. Heck
| some are even switching to purely facial recognition.
| johnflan wrote:
| I'm not sure that would fly in Europe. And I personally don't
| want to hand over my id to use a ticket
| m0dest wrote:
| Exactly. The privacy characteristics of government ID cards
| are worse than any other solution. When sharing such an ID, a
| person is providing several global, stable identifiers (e.g.
| ID number, full legal name). For adtech and data brokers,
| this is the ultimate fingerprint for tracking and matching.
|
| In a perfect world, the digitization of these IDs would come
| with modern digital privacy and security. Scanning your ID
| number would only provide a recipient-specific ID that
| couldn't be matched with other vendors. Age eligibility and
| driver's licensing status would be presented as separate
| signed attestations that share no other data.
|
| We aren't even heading in that direction yet.
| nedt wrote:
| I wouldn't bring my ID to a concert. I don't have my wallet
| with me and even if I would they wouldn't like me to have a
| backpack. I'm coming as light and minimal as possible and also
| would hate to lose my ID jumping around at a concert.
| 627467 wrote:
| ...yet you have a phone (for the moving barcode and whatnot)
| which is heavier and bulkier than a card?
| nedt wrote:
| True. I feel it, it's locked without my face and I can
| track it.
| carlosjobim wrote:
| Have a picture of your ID on your phone, like every other
| person has. Or bring a photocopy of your ID that you can
| throw away after entering.
| hnuser435 wrote:
| I don't.
| nedt wrote:
| That's not valid. And almost no one would except it. The
| real digital version is still in the making.
| carlosjobim wrote:
| I knew this comment would come. But you're wrong. A photo
| of your ID is accepted almost everywhere, and especially
| at a ticketed event where the only purpose is to match
| your face to the name on the ticket. They're not the
| police, they just want to check that you're the person
| who should have the ticket.
| MattGrommes wrote:
| Some venues do this already and the scalpers buy an additional
| ticket to burn on themselves so they can get their customer in
| the gate. It just goes into the cost of doing business. I agree
| this is probably one of the best ways to stop scalpers but it's
| not foolproof.
| muppetman wrote:
| No, it's not. At my work here we'll all go online to try and
| get tickets to a big gig. One of us might get in, so that
| person will get ~8 tickets or whatever the maximum is. And then
| we split them between us, transfering over cash etc. If we have
| a few left over we'll sell them to friends for the ticket
| value.
|
| But none of us have any intention of lining up with the others
| to get in. We want to go with our partners, our own friends
| etc.
|
| I want Bob, Terry or Bazzy to by able to buy tickets for me (or
| me for Bob, Terry or Bazza) but I do not want to have to meet
| up with Bob, Terry and Bazza and stand in line with them all to
| get in.
|
| So yea, it's not trivial. I wish it was, I farkin' hate
| scalpers.
| 627467 wrote:
| how is this not the same as 8 people trying to find airline
| tickets for everyone? you can buy tickets for different
| passengers. some airlines/travel agencies even allow for name
| change for a fee.
| condiment wrote:
| This is trivial and solutions exist in the wild already. If
| you buy tix for the Paris Olympics, you can transfer them to
| your friends or you can assign their names to the tickets
| directly.
|
| The interesting mechanism there is that you can buy a lot of
| seats at once, but you don't get to choose where they are
| exactly, only the section. So in every case you're going to
| have people buying big lots of tickets and distributing them
| to friends and family after the fact.
| cbsmith wrote:
| Yeah, except NO.
|
| A lot of people think live event ticketing is the same problem
| as airplane tickets, but they really aren't. As an example,
| there are rules about requiring identification for commercial
| flight. There are rules _against_ requiring identification for
| live events.
| mixmastamyk wrote:
| Where has rules prohibiting it? Maybe will move. :D
| 627467 wrote:
| +1 to this. also doesn't Olympics and World Cup class events
| also face similar issue as concerts, and they allow for
| fair'ish purchase and resale by private people, but only
| through their platform?
| dclowd9901 wrote:
| I've heard the argument that forcing people to have an ID is
| anti folks with disabilities and anti-poor since it requires
| someone to go to an issuing agency to obtain and pay for one,
| which could be putting someone out who has a mobility
| disability or doesn't have a lot of money.
|
| I'm not making the argument but it's an argument I've heard.
| shiroiushi wrote:
| If the government needs people to have IDs, then maybe the
| government should provide those IDs for free...
| dclowd9901 wrote:
| I happen to agree, but it isn't only the government that
| requires IDs if private companies are asking for them as
| well.
| throwaway2037 wrote:
| I agree, mostly. What do you do for people without an ID (and
| without a parent)? Think of the number of people at a Taylor
| Swift concert who are under 18 -- a lot. Also, checking the
| name between ticket and ID will slow down entrance by 2-5
| times, I guess.
| otherme123 wrote:
| I was recently at a Festival that requires ticket + ID
| (https://www.resurrectionfest.es). The key to success was to
| put a little more personal at the gates, maybe 15 people
| instead of 10. But it is also true that we have the ID
| document issued in our early teens it not before. Each ticket
| verification takes 3 more seconds extra to verify the ID
| matches, no big deal.
|
| Said festival does their own ticket re-sale to avoid scalping
| but mainly to avoid shady sites that are known to allow the
| selling of counterfeits. You can only cede your ticket, not
| sell it. It is not perfect (e.g. if you don't find a buyer
| for the same price, you can't sell it at a lost to recoup
| some money. You get your ticket back) but at least is not as
| bad as the one from Ticketmaster.
| jcul wrote:
| This has its own problems. It makes it difficult to swap
| tickets.
|
| A music festival I went to recently charged 30 euro to change
| the name on a ticket.
| gorbachev wrote:
| Ticketmaster says: NIH
| breakfastduck wrote:
| This is a horrible horrible idea.
|
| It'd then be impossible to buy a few tickets to an event with
| the intention of finding people to come after the fact.
| londons_explore wrote:
| Isn't this vulnerable to ticket 'selling' by simply sharing the
| username and password of the ticketmaster account?
|
| it's not like a ticketmaster account is 'worth' anything, so the
| seller can simply set up a new one for their next purchase.
| pxx wrote:
| actually, aged ticketmaster accounts are worth something!
| people will buy them for a few dozen dollars, as they get
| priority in ticket queues.
| blincoln wrote:
| Setting up separate accounts for every ticket purchase seems
| like a LOT of overhead (especially scalpers buying many tickets
| at once and piecemealing them out), and is easy to defeat, e.g.
| require out of band auth via the phone number associated with
| the account before logging in for the first time on a new
| device.
| rty32 wrote:
| Based on the highly questionable PS/Xbox accounts sold on
| eBay, I think that's just what scalpers could do as part of
| their everyday job.
| Closi wrote:
| Well you can transfer the ticket to someone else for free
| anyway, so not really an issue.
|
| Or you can transfer it to another name and print it out - just
| the name on Ticketmaster's system has to match some ID you have
| in the print scenario.
| phoronixrly wrote:
| With regards to the end of the article.
|
| > Can I work for a bad company and still be a good person?
|
| > No.
|
| https://apenwarr.ca/log/20201121
| probably_wrong wrote:
| I'm glad we cleared that up. Now all that remains is a good,
| measurable definition of what a bad company is.
| munk-a wrote:
| You're trying to get quantitative about a qualitative
| problem.
| blowski wrote:
| So if you think a company is bad you shouldn't work for
| them. Perhaps many of the people working for TicketMaster
| don't think they're a bad company.
| its_ethan wrote:
| That's their point. They're poking fun at how the OP is
| speaking in absolutes about something subjective/ opinion
| based.
| Dylan16807 wrote:
| Speaking in absolutes about an opinion is just fine.
|
| OP wasn't the one trying to define it.
| probably_wrong wrote:
| The problem is that "bad company" is such a nebulous
| concept as to be useless, as the JSON license showed with
| their "shall not use this software for evil" clause.
|
| No matter which company you choose, someone somewhere will
| find a justification for why they are actually not bad.
| Weapons dealer? Protecting your nation. Destroying local
| businesses? "They are just adding efficiency to the
| market". Kill someone with bad practices? "Still safer than
| the alternative". Ticketmaster? "The scalpers are giving a
| subvention for those who cannot afford the real price".
|
| Setting up a straw "bad company" and knocking it down
| doesn't help anyone on the real problem of people working
| for unethical companies.
| __MatrixMan__ wrote:
| It's like porn. You know it when you see it and also there's
| quite a lot of it.
| rozap wrote:
| It's not hard if you remove the self delusion. Removing the
| self delusion is maybe tricky for the individual, but it's
| easy for people around the individual to see. Societal tools
| like shame are generally used to encourage people in the
| right direction, but we don't do a great job of this in
| America, because money tends to override everything else and
| I don't think we have good structures around expressing non-
| monetary values like honor.
|
| Especially on the west coast, we're so passive in our shaming
| of people that it probably doesn't translate to action. There
| are people who work at Evil companies like Facebook, etc, who
| are otherwise nice, but I find myself not including them or
| turned off to them as friends because this sort of
| contradiction is hard to square in my brain. Of course I
| wouldn't communicate to this, being a passive PNW raised
| wimp, and it's not even super explicit in my mind, it's
| really more of a bad vibe than anything else. I imagine over
| time if enough people act like I do, it doesn't actually
| translate to different decisions from the individual in
| question, but instead translates to them waking up one day
| feeling distant and unfulfilled, which is probably the worst
| of all outcomes. They still work for Bad Company, but are
| _also_ sad about it, and there 's a general sense of malaise
| pervading life that's hard to pinpoint.
|
| *Obviously this all ignores the people who don't have a
| choice of employment. But here I'm generally referring to
| software people who have high pay and career mobility. Things
| get murkier when the conversation is opened up to people who
| are just trying to survive.
| ilrwbwrkhv wrote:
| Yup. I was just discussing this in another comment that
| Facebook's emotional manipulation of users without consent
| is ethical wrong. Some people are replying with eh,
| everybody does it and for 20,000 dollars people will jump
| to Facebook.
|
| I think the Leetcode grinding, TC optimizing crowd with no
| real moral judgment which is the majority in tech right now
| is another reason why things are falling apart. They will
| happily work for the KKK if they get a larger RSU package.
|
| Your point about them being at least "sad" about it, is a
| start I guess.
| phoronixrly wrote:
| Wait, is the KKK bad? What is your good measurable
| definition for it being bad? /s
| joquarky wrote:
| Postmodernism has stripped away fulfillment with the
| promise of higher pay if you just grind harder.
|
| If you no longer feel pride in your work, then money
| takes over. In my search, no employer cares about this
| anymore because the newer generations are only here to
| grind for gold.
| __MatrixMan__ wrote:
| I won't try to define postmodernism, but I'm pretty sure
| a significant part of it has to do with abandoning
| traditional modes of operation and freestyling a bit with
| your worldview.
|
| I don't question that the problems you're describing are
| problematic, but what do they have to do with
| postmodernism? It seems like in the cases you're
| describing, the postmodern approach would be to call into
| question whether the abstractions in use ("value" in this
| case) are applicable, and to instead march to the beat of
| your own drum in some way.
| TremendousJudge wrote:
| If you're asking the above question, it means you already
| think the company is bad according to your own morals.
| __MatrixMan__ wrote:
| I ask myself if my company is bad all the time. They don't
| get a perfect score, but I feel better about this one than
| any of the previous ones (that's why I'm here and not
| there). If the answer is ever a resounding yes, I'll leave
| this one too.
|
| When most of the relevant work around you is in some way
| related to ICBM's, you either sell your soul early, or you
| end up with habits like this. By my reckoning, about 80% of
| technology companies are bad.
| joquarky wrote:
| As one grows older, they may find that not everything in
| reality can be quantified or put into words.
|
| And trying to objectify value judgements is another whole
| area of contention that inevitably leads to itself.
| deathanatos wrote:
| I realize that.
|
| But the point of reading a blog post would be to learn
| something insightful, to see the reasoning or argument by
| which the poster came to this particular conclusion.
| Hopefully with some consideration that I'd not thought of
| before.
|
| This boils a complicated question with nuance and problems
| and facets of debate into a rather vapid "I _like_ this
| answer. " of a post. It's not worth anything: I come away
| from it no richer than when I came.
|
| Like, trivially, someone could write the opposite answer on
| another blog. And whose answer is right? (They of course
| need not even bother actually writing it out. A "right"
| answer is created by argument, not spilled ink.)
| pompino wrote:
| > Now all that remains is a good, measurable definition of
| what a bad company is.
|
| Lets re-invent religion.
| digging wrote:
| And pretty much every company is bad. But this is a wrong
| answer because the question is actually nonsense.
|
| The answer to "What happens when you move faster than light" is
| not "nothing", it is undefined because the question is invalid.
| Asking if a person or a company is good or bad isn't a question
| that can ever have a well-defined answer: the answers we give
| are rounded according to our own values. To get more specific,
| not all of us have a huge amount of choice in who we work for.
|
| If apenwarr believes I want to be a good person they should
| hire me at Tailscale. What's that, they won't? They don't have
| openings, or I'm not qualified? I guess _they 're_ the bad
| person because now I have to work for a bad company or lose my
| income. And if I lose my income, my co-habitants lose their
| housing, and my donations to good causes dry up. Do I just not
| do _enough_ good for apenwarr? They must be a paragon of
| virtue. Surely they don 't eat meat, or even associate with
| meat-eaters. Surely they don't fly in airplanes.
| immibis wrote:
| > Asking if a person or a company is good or bad isn't a
| question that can ever have a well-defined answer: the
| answers we give are rounded according to our own values.
|
| Counterexample:
|
| Was Hitler bad?
| joquarky wrote:
| Due to chaotic effects of causality, most of us would not
| exist if any significant event from that long ago had
| happened differently.
| master-lincoln wrote:
| How is that related? Other people would exist then. So
| what?
| IncreasePosts wrote:
| That really depends if you ask a neo nazi or not.
| digging wrote:
| If the answer is yes, does that mean a junior web dev who
| implements user tracking on a shopping portal is equivalent
| to Hitler? Or is every who does less evil than Hitler "not
| a bad person"?
|
| I don't think it's _useful_ to say "Hitler was bad."
| Hitler did a lot of specific evil acts that are more useful
| to analyze. If anything, it's counterproductive to say
| "Hitler was bad," because lots of people do bad things and
| then say "well, at least I'm not Hitler."
| pompino wrote:
| Good/Bad are consensus votes. Its hard to escape their use
| just because of how deeply ingrained the programming is. We
| just think it makes "sense" and is "obvious" because its a
| meme that is already in our head. There is nothing
| inherently evil or good about any past/present/future
| animal on this planet.
| citruscomputing wrote:
| I hate this website.
| pompino wrote:
| Lots of people do.
| immibis wrote:
| So, was Hitler evil?
| pompino wrote:
| Yes, most people and most countries are evil. In todays
| age I'd say the US has the largest concentration of evil.
| __MatrixMan__ wrote:
| It doesn't need a well defined evaluation scheme. You're the
| one asking the question, you can provide your own scheme, and
| come up with your own answer. Whether you're honest with
| yourself in this process is up to you.
|
| It's still useful to point out that IF you think your company
| is bad THEN you should do something about that. It
| establishes that "I was just following orders that I know are
| wrong" isn't a valid excuse (e.g. like if you end up in court
| for something you did on the job).
| digging wrote:
| > You're the one asking the question, you can provide your
| own scheme
|
| Well, I'm responding to someone else providing _their_
| scheme for everyone else to use.
| Dylan16807 wrote:
| > the answers we give are rounded according to our own values
|
| I agree with this entirely.
|
| And _rounding_ does not change the answer in most situations.
|
| Something that isn't well-defined can still be mostly-
| defined.
|
| I have no idea what the point of that strawman is in your
| last paragraph. It doesn't make sense with or without
| rounding. Maybe if you round every single value to infinity,
| but that's not what "rounding" normally means...
| digging wrote:
| I honestly don't know how to respond to this, it's too
| vague.
| Dylan16807 wrote:
| I can try to word it better?
|
| You said when people look at moral situations, they use
| their own values to _round_ their measurement. And I
| thought that was a good way to describe things.
|
| Then for some reason you acted like "rounding" turns
| things into strawman-level black and white. The slightest
| blemish (not hiring a specific good person) qualifying as
| evil.
|
| Let's say a scale of 0 to 10. If people disagree whether
| some issue is a 3 or 4, and a few people say 5, and
| that's 95% of responses, then that disagreement isn't a
| big deal. It doesn't matter that it's not well-defined,
| it's sufficiently-defined.
|
| That would be rounding. Showing that the question is not
| nonsense.
|
| If they disagree whether it's a 0 or a 10 that's a
| totally different thing that is not rounding.
| digging wrote:
| Appreciate the explanation.
|
| > Then for some reason you acted like "rounding" turns
| things into strawman-level black and white. The slightest
| blemish (not hiring a specific good person) qualifying as
| evil.
|
| This was in direct response to the top-level comment
| _making that very assertion_ (via a blog post). If I 'm
| understanding you correctly, I think we're actually
| agreeing that it's absurd. The CEO of a "good" company
| indirectly, but unambiguously, called me a bad person for
| not leaving my job. I say, if it's so cut-and-dry, and I
| _want_ to be a "good" person, why aren't they helping me
| get a better job? Of course, it's an absurd ask.
|
| Somebody isn't only allowed to be "good" if they do every
| good thing possible to them. And I am sure said CEO does
| many acts others would consider "bad", such as eating
| industrial meat or flying, both of which participate in
| the generation of immeasurable harm.
|
| ---
|
| Also, with regard to your scale - you've given the
| question too much credit. The question doesn't ask "how
| _much_ are you good or bad? ", it asks and receives a
| binary answer. And the vast, vast majority of people
| can't be assigned one of those binary categories of
| "good" and "bad".
| Dylan16807 wrote:
| I'm saying that your argument is absurd, but the one in
| the blog post is not absurd. You made a strawman.
|
| "A good person is obligated to quit a bad company." is a
| far more reasonable statement than "A good company is
| obligated to hire every good person."
|
| > Also, with regard to your scale - you've given the
| question too much credit. The question doesn't ask "how
| much are you good or bad?", it asks and receives a binary
| answer. And the vast, vast majority of people can't be
| assigned one of those binary categories of "good" and
| "bad".
|
| You can pick a threshold. Your strawman would categorize
| 99.9% of things as bad, which is obviously the wrong
| threshold, and _very obviously not what the OP meant_.
| The failure of that method doesn 't make the entire idea
| of judging companies invalid.
|
| I'm not giving it "too much credit" to take a sane and
| quite obvious interpretation.
| digging wrote:
| Alright. I just don't agree with you then. "A good person
| is obligated to quit a bad company" is a bullshit
| statement, unless the bar for "bad company" is a lot
| _higher_ than I see it. I already asserted at the very
| beginning of the comment chain, almost every company is
| bad. That went unchallenged, so if that 's the context,
| almost every person is bad, no matter how much they do
| good in the world. _That_ is absurd.
| Dylan16807 wrote:
| > unless the bar for "bad company" is a lot higher than I
| see it.
|
| Yes, the bar is higher (higher means it's harder to
| qualify as bad, right?) when talking about needing to
| quit.
|
| > I already asserted at the very beginning of the comment
| chain, almost every company is bad. That went
| unchallenged
|
| Because you went on to say it didn't matter anyway, so I
| focused on the latter part of your post.
|
| Though I'm confused. You showed an argument that sorting
| companies into good and bad results in absurdity, but it
| only results in absurdity when the bar is super low. Why
| is your conclusion that sorting is impossible, rather
| than "the bar is too low", _if you were already seriously
| considering that the bar needs to be higher_?
| digging wrote:
| I don't think the bar should be higher for bad deeds! I
| prefer a lower bar. I see a lot of stuff happen in the
| world that I really don't want to happen (on topic:
| privacy invasions for profit), and it's not publicly
| called bad nearly enough.
|
| I also thinks it's misleading and not very useful to call
| _people_ good or bad, in general. I 'm _more_ comfortable
| with calling capitalist corporations "bad" as a blanket
| statements; resource-hoarding is their utmost priority,
| and I consider that an evil motivation.
|
| My conclusion isn't that _sorting is impossible_ , it's
| that people are too complex to be sorted into "good" and
| "bad", in general... and that it's shitty and incorrect
| to call ordinary people bad if they aren't willing to
| risk everything to work for a slightly less evil company
| in a world made of evil companies.
| Dylan16807 wrote:
| Well this just sounds like more reason to use a point
| scale rather than calling the entire idea a waste of
| time.
|
| In particular 'slightly less evil' is not the goal.
| digging wrote:
| > Well this just sounds like more reason to use a point
| scale rather than calling the entire idea a waste of
| time.
|
| Again, I think we're kind of on the same page, but our
| solutions are different. The original question refused
| any kind of nuance, and we both seem to agree it's not a
| question that should ignore nuance. You choose to answer
| a binary question with a grading system, I choose to
| substitute a different question.
| Dylan16807 wrote:
| Well, I think the binary version still works, even if I
| see possible improvement. While you think the binary
| version doesn't work. So sort of the same page, sort of
| not. Shrug.
| __MatrixMan__ wrote:
| I think we should make an exception for saboteurs.
| hinkley wrote:
| And whistle blowers. And double agents.
| sethammons wrote:
| Does this extend to where you live and pay taxes?
| ahaferburg wrote:
| Yes.
| sethammons wrote:
| So, too poor to move means you are evil. Capitalism wins
| yet again.
| gitgud wrote:
| All company's are _" bad"_ in some way... does that mean all
| employees are bad?
|
| > No.
| irjustin wrote:
| I agree with the bad implement but the opening complaining that
| "old way of printable tickets was great why change it" have so
| many problems.
|
| Scalpers are the problem that you have to accept. At the time of
| purchase, there's no way to tell the difference between a legit
| purchaser and a scalper or even someone who bought it and simply
| can't go and needs to resell.
|
| IDs, ticket limiters, CCs, etc, etc. All methods can be
| circumvented by someone dedicated enough. You can only make it
| "not scalable" but the tickets still need to be transferable,
| securely.
|
| Unless we're willing to go ID checking at the gate, there's not
| going to be a true solution.
| Y_Y wrote:
| That's because there isn't a difference between a "legit
| purchaser" and a scalper except their intentions, which you
| can't get from amy kind of barcode.
| jjmarr wrote:
| Buying something at a low price and selling it at a high price
| is arbitrage 101 and is free money.
|
| The "true solution" is to sell tickets at their actual market
| price instead of pretending that the face value of concert
| tickets isn't increasing due to a larger population and greater
| demand.
| coldpie wrote:
| > The "true solution" is to sell tickets at their actual
| market price
|
| That is *a* solution but it isn't *the* solution. The fact
| that many smart people are not choosing that solution is an
| indicator that there are some factors to the problem that you
| aren't considering.
| danudey wrote:
| IOW the true solution to scamming is to raise prices so high
| that only the extremely wealthy can afford them, regardless
| of how accessible the actual concert/act/group/promoter wants
| the show to be.
|
| The "real" solution here would be for Ticketmaster (or
| whoever) to actually make a ticket non-transferrable somehow,
| and then allow for tickets to be transferred directly through
| the original website for _at most_ the original ticket price,
| and refund me the money.
|
| For example, if I have a $200 ticket and I can't make it and
| want to sell it, I can post up a link to the original ticket
| seller's website (in this case Ticketmaster) where someone
| else can go buy it, and, if they do, I get a refund of the
| amount they paid. I can say how much I'm willing to accept
| (full price, $150, whatever) and someone can go buy "my"
| ticket, potentially at a loss if I'm willing to accept it.
| Ticketmaster can make money on these tickets by charging a
| non-refundable processing fee or whatever to everyone (the
| original buyer and any subsequent re-buyers). They make a
| tidy profit, everyone gets what they want.
|
| The only complications are
|
| 1. making the tickets non-transferrable but also work offline
| is a difficult technology problem 2. Ticketmaster is an
| unregulated monopoly and thus has no incentive to behave in
| the best interests of the market or its customers when they
| could rake in millions more by screwing everyone except the
| scalpers
| xp84 wrote:
| Can't someone hack your system by selling access to the
| link you mentioned for $500? Thus getting you the refund
| Ticketmaster knows about, and the private payment from the
| desperate buyer. Also, credit card processing fees used to
| be refunded when you refunded a transaction, but now I
| think some processors have now decided to start keeping the
| fees, because why not. Another 3% margin to apply at each
| sale (though that can be included in the transfer fee you
| suggest)
| BobaFloutist wrote:
| >Can't someone hack your system by selling access to the
| link you mentioned for $500?
|
| Not if they index the resales on their website and make
| them searchable.
|
| People could still perform arbitrage by snapping up any
| resales significantly under the original price and
| reselling them at the original price, but at that point
| they're not making that much money and people are paying
| less than the original price, so the impact is just that
| you can't get a discounted resale. Which still sucks, but
| it sucks a lot less.
| its_ethan wrote:
| > Buying something at a low price and selling it at a high
| price is arbitrage 101 and is free money.
|
| A bit of a nit pick, but this isn't "free money" unless you
| have a guarantee that someone will actually buy at the higher
| price. You could buy low, be unable to sell, and end up
| eating the "buy low" cost.
|
| > sell tickets at their actual market price
|
| How do you know what their actual market price is? You have
| to open it up to a market, where supply/demand get to play
| out.
|
| IIRC some ticketing company tried doing something to this
| effect by scaling prices in realtime based on how many people
| were also trying to buy. I believe it was widely criticized
| as unfair/exploitive.
|
| So you're back to square one then, where you have to set some
| price.
| fluoridation wrote:
| I mean, it may very well have been criticized, but how is
| it any less fair than the alternative? As for being
| exploitative, that's kind of the point. The company figures
| for most shows it's leaving money on the table for scalpers
| to take. The other side of it is that if a show bombs the
| ticket prices can be reduced to encourage people to come.
|
| To be honest, it seems overall a better solution.
| tptacek wrote:
| It's only free money if there's no risk, and if there's no
| transaction cost to acquiring at the lower price. If there's
| no risk in buying something low and attempting to sell it
| high, then that thing is mispriced.
| xp84 wrote:
| People will scream (including in this thread) that it's
| "unfair" that 'only the wealthy can afford them then' but
| their beef is with scarcity and thus with reality. It's
| always "unfair" to the 10,001st person who wants to attend
| the concert with 10,000 capacity. Today it's a weird lottery
| with 6 different fan and credit-cardmember presales, which
| each sell out immediately, and the "backstop" at the end
| which is the ability to buy expensive scalped tickets.
|
| There are finite tickets but unbounded demand. A lottery
| means you can slightly adjust the distribution of poor vs
| rich, but in practice today it still advantages those
| comfortable enough to sit around refreshing their computers
| at the right moment, instead of working. And lots of
| opportunists will snap up those tickets you are hoping poor
| people will get, to sell them to the wealthy.
|
| In my opinion for in-demand shows it should just be a Dutch
| auction (all of the highest 10,000 bids win, awarded at some
| fixed cutoff date before the event). If not enough bids are
| received, the concert isn't sold out, so then the rest go on
| sale for the lowest bid.
| miki123211 wrote:
| A dutch auction is really hard because different tickets
| have different prices, different people have different
| requirements about where they want to sit (a committed
| disabled fan may be willing to pay any price, but they
| can't do standing only) and there are many different price
| tiers.
|
| A better idea is an airline-style dynamic pricing system
| that considers different variables, current demand,
| projected demand, type of seat etc. If it looks like the
| show is about to begin and there are still lots of tickets
| left unsold, be like Ryanair and sell them at a massive
| discount. If there are more people on your page than there
| are seats available, make the price go up until that
| changes.
| jjmarr wrote:
| The simplest way of implementing dynamic pricing is a
| resale market, where the price of tickets changes based
| on supply and demand.
| xp84 wrote:
| Sure, it perfectly sets the market clearing price at all
| times, but it has the inefficiency that the performer can
| end up with only a fraction of the total amount the
| attendees are willing to pay. All those middlemen add
| value not in a way that feels fair, like collecting a
| percentage fee. Rather, they get _all_ the upside
| whenever popular shows sell out. I can see why artists
| don 't like that.
| bubblethink wrote:
| The reason they don't do that is to have an organic fan base
| of poor people who drive up the prices for the rich people.
| If you eliminate the poor people, the rich people aren't
| going to take the band forward. They'll move on to whatever
| the next shiny thing is. You need a hardcore fan base of poor
| people to support and grow your valuation.
| compiler-guy wrote:
| Buying a single-use item at any price and then selling it on
| at any price to multiple people is fraud.
|
| Fiddling with the prices does absolutely nothing to fix that
| problem, because it isn't a problem with price, but a problem
| with developing an unduplicatable token.
|
| Ticketmaster is evil, and most resellers are fine, but some
| are evil and that's a problem this at least attempts to
| solve.
| kristjansson wrote:
| The market sets a clearing price for the ticket as commodity
| (i.e. for a single event). However, the iterated game that is
| the spectator-performer relationship, the seller may
| _strongly_ prefer yielding some of their benefit to the buyer
| in exchange for long term EV, positive PR, or just plain old
| goodwill.
|
| The problem is maintaining a mutually-beneficial but
| economically suboptimal equilibria.
| miki123211 wrote:
| As far as I understand, this can't be done due to PR.
|
| "evil scalpers are exploiting this poor artist by charging
| outrageous prices and preventing many fans from going" is a
| far better look than "evil artist is exploiting their poor
| fans by charging outrageous prices and preventing many fans
| from going."
|
| To prevent scalping, you'd need a _massive_ price increase,
| and very few artists are willing to be the first to do this.
| ihumanable wrote:
| It's interesting how the real problem here is that our
| economic system has no way to sell a product at what the
| seller will bear, only what the buyer will bear.
|
| I think this is a fascinating feature, a lot of artists would
| be more than happy to make $X for a show so that their fans
| can come see them. The problem ends up that a free market has
| no mechanism for that, the artist can sell the tickets such
| that they end up with $X but then you get things like
| scalpers who don't want to see the show but do want money and
| act like artificial demand. They know that regardless of what
| the seller wants there are buyers that will pay $X+N and want
| to capture that $N.
|
| The scalper provides no value to the market, but they get $N,
| which seems like a market failure to me. The fans lose $N,
| the artist still only gets $X and they also get reputation
| damage because fans are upset that things cost $X+N.
|
| And that's just the end of it. The artist literally can not
| perform for their fans at a venue for $X even if that's what
| they want, there's just no mechanism in the free market to
| make that function correctly. I find market failures like
| this fascinating because it really shows the limits of how
| "free" markets operate. The only person that isn't free to do
| what they'd like is the producer of the good being sold, they
| literally can't sell it for less than the market will bear.
|
| And I suppose this plays out for every part of the market, if
| I can produce apples and make a profit for $1 a bushel and
| that's plenty of money for me, I don't want any more, tough
| shit. Arbitrage will make sure that people pay more for those
| apples. If people are willing to pay $5 a bushel then someone
| will snap up my cheap apples, mark them up and make a bunch
| of money for doing nothing. Even if I were willing to do all
| the distribution myself, if the person conducting arbitrage
| adds no value to the system (the common argument being that
| they deserve the money for finding cheap apples and
| connecting people that demand apples with a supply of
| apples), it just can't happen. The incentive to make that
| free money means everyone loses, I don't get to give people
| cheap apples, people don't get to enjoy cheap apples,
| everyone is worse off except for the person doing arbitrage.
| orangecat wrote:
| _The scalper provides no value to the market_
|
| The scalper allows the devoted fan who is gladly willing to
| pay $X+N to actually get a ticket rather than having to
| wake up at 6am and repeatedly refresh the site and probably
| still not get one.
|
| _I find market failures like this fascinating because it
| really shows the limits of how "free" markets operate._
|
| How would central planning handle this better? There are
| more people who want to buy a ticket at $X than there are
| seats available; lots of people are going to be unhappy
| regardless of how they get distributed.
| varnaud wrote:
| A devoted fan will have no issue to wake up a 6am and try
| to buy a ticket. They'll have more chance to get one if
| they don't have to compete with scalpers. Half the
| tickets could be sold as first arrived, first served, and
| half as a lottery system. The ratio might be adjusted.
|
| If we agree that scalpers are a problem, we can make it
| illegal to resell ticket over the original price.
| Enforcement is always a problem, so to help with that it
| could be required to have an ID matching the ticket name
| and resell can only be performed on official platform.
|
| To grantee having a ticket with this system, a wealthy or
| connected devoted fan can have private arrangement with
| the artist manager or event organizer to get tickets.
| jjmarr wrote:
| > To grantee having a ticket with this system, a wealthy
| or connected devoted fan can have private arrangement
| with the artist manager or event organizer to get
| tickets.
|
| This is the system we have right now. Ticketmaster _is_
| the event organizer.
| krupan wrote:
| "A devoted fan will have no issue to wake up a 6am and
| try to buy a ticket."
|
| Oh really? What if they are at work at 6am? So take a day
| off work? You just greatly increased the dollar cost of
| the ticket, which is exactly the thing you are trying not
| to do. And even if they take the day off to click at 6am
| they aren't guaranteed to get a ticket because of
| everyone else clicking at 6am. There's always a cost
| ihumanable wrote:
| Well just to be clear, I didn't say central planning
| would solve this problem. A careful reading of my post
| would show a distinct lack of the term "central planning"
|
| You can be interested in market failures without
| proposing an alternative. Complex systems are fascinating
| and their boundaries and failure conditions are
| fascinating. That's all I'm talking about.
| orangecat wrote:
| Fair enough!
| ihumanable wrote:
| I also wanted to say that I appreciate your original
| reply and your civility. Sadly a rare thing these days.
| jjmarr wrote:
| If you have 10,000 people willing to pay $X to see a
| concert, but you only have 5000 seats to sell at $X, not
| everyone is going to get a ticket.
|
| Our economic system (arbitrage!) increases the price of the
| apple by $N until only one person is willing to buy that
| apple at $X+N.
|
| If you make arbitrage illegal and implement a price ceiling
| at $X, one of two things will happen. If $N is greater than
| the cost of breaking the rules, people will start a black
| market to sell at $X+N (like in many communist countries).
| As mentioned in the article, this is _already_ occurring
| with Ticketmaster because they take such a large tax on
| tickets; arbitrageurs are realizing they can avoid
| Ticketmaster 's system by just sending around PDFs.
|
| If $N is less than the cost of breaking the rules
| (Ticketmaster benefits from $N>$X), there will be shortages
| of seats because not everyone willing to pay $X for a seat
| can get one.
|
| The market system works great when people who derive the
| most value from tickets are the ones who pay the most
| money. This works even better with arbitrage because people
| can just pay what they value the ticket at.
|
| The market failure here is caused by wealth inequality,
| because there are people with unfathomable amounts of money
| who will pay tens of thousands of dollars to see a musician
| they sort of like.
|
| Personally, I like how box seats deal with the problem.
| They have a high level of luxury that costs little to
| implement compared to price + is very scalable (you can
| stack boxes directly on top of each other and you're paying
| more to sit farther away!), and that's helping soak up a
| lot of demand.
| ihumanable wrote:
| Thanks for the thoughts they are also interesting.
|
| Sorry I saw your comment after I wrote this reply to
| someone else, I'd be interested to hear your take on this
| hypothetical situation too if you don't mind.
| https://news.ycombinator.com/item?id=40911779
|
| I agree with you though about the idea that the market
| works well when those that receive the most value spend
| the most money. While we have very high rates of wealth
| inequality, which also seems to be something of an
| emergent property of this system, once you have even
| medium amounts of inequality the system becomes
| interesting. I think expanding on your thoughts it comes
| down to the relative value of money being different for
| different people. If I have $100 then $10 is a LOT of
| money, it's 10% of all my money. If I have $1000 then $10
| is probably not a lot of money to me, not trivial but
| it's only 1%.
|
| Now this is an order of magnitude but if you asked
| someone if a system where the wealthy had 10x as much
| money as the poor they'd probably say that the inequality
| wasn't so bad. But even in that case the guy with $1000
| would probably be willing to spend $11 on some good that
| the other guy wants maybe infinitely more, just because
| that guy can't really afford it.
|
| It's a fascinating way of looking at things I hadn't
| quite ever thought about in terms of relative value of
| money itself. I don't have any real point I'm making
| here, just thanks for contributing I found your reply
| interesting and it made me think.
| krupan wrote:
| People don't understand that the free market system is
| essentially a law of physics. You saying that a
| producer/seller of a limited good (in this case, space in a
| concert venue) cannot choose their own price is true, like
| it's also true that a person can't decide whether gravity
| pulls them down or not. You explained it pretty well
| yourself, the effect of supply and demand is unavoidable
| ihumanable wrote:
| I wonder though does it have to be limited. Like imagine
| I could make enough apples to fully satisfy the market
| demand for apples and I'm also willing to sell to anyone.
|
| I want to sell those apples for $1 each. There's plenty
| of apples to satisfy the demand. But let's say that the
| market would bear a higher price, people would love to
| buy apples for $1 but due to a love of apples would be
| willing to pay up to $5.
|
| In that scenario, the arbitrage opportunity still exists.
| Apple scalpers knowing that people would be willing to
| pay up to $5 would want to buy up lots of cheap apples
| and make the $4 profit that I'm leaving on the table for
| themselves.
|
| And there's just nothing we can do about it. I think we'd
| say that when the equilibrium price of $5 is met that the
| market is efficient but it's a market where the producer
| of the good can fully satisfy the demand of the market
| for $X and yet the consumers have to pay $5X and this
| arbitragers get $4X.
|
| It's just interesting is all.
| Symbiote wrote:
| > Scalpers are the problem that you have to accept.
|
| Several European countries ban reselling tickets for more than
| the original cost.
| 999900000999 wrote:
| >Software developers are the wizards and shamans of the modern
| age. We ought to use our powers with the austerity and integrity
| such power implies. You're using them to exclude people from
| entertainment events.
|
| I can definitely think of worse things programmers are doing
| aside from making it mildly difficult to see Taylor Swift .
|
| I have personal qualms with working in certain industries because
| of this, but Ticketmaster ultimately provides a luxury. You don't
| need to see a concert, and if you have such an issue with their
| business practices you can do something else with your Friday
| night .
|
| I've actually never had an issue with Ticketmaster. At a point a
| certain other ticket provider just blocked me without any
| explanation, and I had to go down to the box office to buy
| tickets. That sucked, but compare to airlines who do weird things
| like print off tickets without the actual seat number,
| Ticketmaster doesn't bother me too much.
| digging wrote:
| > Ticketmaster ultimately provides a luxury. You don't need to
| see a concert
|
| I don't agree. Entertainment/recreation is a need. Music is an
| important part of the human experience, and seeing it live,
| with other fans, is really valuable to some people. And the
| fact is, the value a person places on the experience is totally
| orthogonal to their ability to use/afford Ticketmaster. And
| it's not just about Taylor Swift - even local shows can be
| difficult to access without quarrelsome online portals. (But
| also, someone being obsessed with Taylor Swift isn't a
| personality flaw.)
| 999900000999 wrote:
| You can find a bar with a band playing. I suggest Kingston
| Mines if you're in the Chicago area.
|
| Ticketmaster doesn't own have a monopoly on music. You can
| vote with your wallet.
| ssl-3 wrote:
| "Fed up with high prices and long lines and ticketing
| SNAFUs for big shows with your favorite artists?"
|
| "Clearly, the best answer to this is to forget about all of
| the music you think you like. Just forget all about it."
|
| "Instead, go to the bar and see a band. It doesn't matter
| if you like the music or not; after all, we know that every
| live music performance is exactly the same as any other!"
| 999900000999 wrote:
| Honestly you might even have a better time vs paying for
| seats where you can't even see the act.
|
| https://help.ticketmaster.com/hc/en-
| us/articles/978498452737....
|
| I go to a lot of concerts. Ticketmaster covers half of
| the shows I go to. They're not that much worse than
| others who also tack on fees amounting to 20% of the
| purchase price.
|
| I'm not opposed to basic regulation, but let's not act
| like Ticketmaster is some uniquely evil company.
| ssl-3 wrote:
| Nope.
|
| I'm going to keep going to see Big Rock Shows because
| that's what I enjoy the most. And I'm going to keep
| getting GA tickets (what seats?), because I am nowhere
| near old enough to stay out of the pit once my pant legs
| start flapping from a grotesquely overbuilt PA.
|
| And in my neck of the woods, bands at bars can't scratch
| that itch.
|
| So that means paying (and complaining about)
| Ticketmaster.
| digging wrote:
| > even local shows can be difficult to access without
| quarrelsome online portals
|
| Not all of them, but online ticket is a convenience and
| then a trap. It isn't going to be outcompeted by me "voting
| with my wallet." That just betrays an ignorance of
| situation.
| mightyham wrote:
| I agree that experiencing music is a fundamental part of
| human life, but experiencing specific musicians at specific
| venues is not. It is very easy to find free live music
| without Ticketmaster or online portals.
| digging wrote:
| > It is very easy to find free live music without
| Ticketmaster or online portals.
|
| Oh okay, nevermind then. Heck, I just found some under my
| couch. How does Ticketmaster even make any money?!
| HillRat wrote:
| You're not considering the stagehands and artists who have to
| live under Live Nation's vertical monopoly. I was chatting with
| a former tour guy the other day, someone who's been a tech for
| major touring bands since the '80s, and he mentioned that he
| had to quit the business because Live Nation had driven wages
| down below poverty level while bringing in random unskilled
| labor to do highly-technical stage setups. (He quit after
| almost losing a hand to a large piece of unsecured stage
| equipment.) The enshittification of modern life is an
| inconvenience to most of us, but life and livelihood to many
| others.
| RScholar wrote:
| > Software developers are the wizards and shamans of the modern
| age. We ought to use our powers with the austerity and integrity
| such power implies.
|
| This is one of the most powerful truths underlying the world we
| currently inhabit. The sooner we can agree to behave accordingly,
| the better our prospects for ripping the reigns of society from
| the hands of those whose only animating principles are avarice
| and exploitation.
| mym1990 wrote:
| This is not only a truth of the world we currently inhabit, it
| has always been a truth, of all the worlds we have inhabited.
| Power and greed go hand in hand for a reason and the struggle
| to find the balance is, and will always be present.
| joelfried wrote:
| It was not true of this world 150 years ago that any person
| with sufficient learning could tap buttons to create an
| experience to be found in the hand of the majority of living
| humans.
|
| I agree power and greed go hand in hand - absolute power
| corrupts, absolutely - but this bit? This is new.
| toomuchtodo wrote:
| https://www.amazon.com/New-Kingmakers-Developers-Conquered-W...
| ("The New Kingmakers: How Developers Conquered the World")
|
| https://web.archive.org/web/20200915000000*/https://try.newr...
| [pdf]
| dylan604 wrote:
| The fact we have had less than benevolent wizards and shamans,
| why would we expect to have modern day equivalent of only
| benevolent coders? It's such a fairy tale level of expectation
| that it seems childish. Spending any energy in trying to make
| real world a fairy tale is just wasted.
| GenerocUsername wrote:
| It's okay to shame bad actors.
|
| In fact, society would likely be better off if e brought back
| more public shaming
| sudobash1 wrote:
| I think that this is predicated upon a reasonably well
| informed and educated public. And my estimation is that the
| general populous is not informed enough on cryptography to
| be in a position to shame Ticketmaster engineers.
|
| Also, my impression is that there is already copious
| amounts of public shaming. Some social media sites seem
| largely devoted to that. And unfortunately, I don't think
| most people fully deserve the verdict that they get in the
| court of public opinion.
| ants_everywhere wrote:
| This is certainly not true. Can you name an existing or
| historical shame-based society that you would actually want
| to live in?
| mattmaroon wrote:
| We wouldn't. You might expect that on an indivudual level.
| But at a society level, I would expect any company that's
| doing things that are specifically allowed by our goverment
| (who did approve the Ticketmaster Live Nation Merger) to get
| their jobs filled just like any other. I think Ticketmaster
| is evil, another developer might not. That's fine, they're
| not killing people or dumping toxic chemicals into
| reservoirs, we can agree to disagree.
|
| My outrage is directed entirely at the government agencies
| whose job it was to stop this, not the developers making a
| ticketing app.
| ryandrake wrote:
| Ultimately developers type the code in and hit "deploy."
| They have to share at least a fraction of the blame and
| accept at least a fraction of the outrage. Without them,
| the product wouldn't exist.
|
| There's a lot of blame to be spread around though. The
| developers themselves, their management chain all the way
| up to the decision makers, shareholders that demand ever
| increasing profits, governments who provide the legal
| framework and allow these huge, destructive companies.
| Everyone should get their share of the blame.
| dylan604 wrote:
| It's nice to think that might be true, but there are
| always plenty more devs willing to work on anything for a
| paycheck than there are devs with strict morals. There's
| a lot of egos, but at the end of the day, no matter who
| you are, you are _not_ irreplaceable.
| mattmaroon wrote:
| I still don't blame the developers, I blame government. It's
| not the job of rank and file workers to police companies. I
| wouldn't work for LN, but I'm not going to blame someone else
| for doing so. We've all gotta feed our families. (I realize
| there's a line somewhere, you wouldn't excuse a prison guard at
| Auschwitz the same way, but I can't get too worked up about a
| developer making a ticketing app even if I hate the ticketing
| company.)
|
| Developed countries long ago came to the conclusion that
| companies should not be allowed to have monopolies because it
| is bad for society as a whole, and it's hard to think of a
| current monopoly as egregious as this one. There is absolutely
| no reason one company should have exclusive rights to 85% of
| large venues, also be an evebt promoter, and also be the ticket
| seller.
|
| Anything their developers do is not the real issue, a society
| that allows this to happen in the first place is.
| ilrwbwrkhv wrote:
| I mean would you say that developers who work for Facebook
| have crossed that line?
| photonbeam wrote:
| Depends on when they joined
| mattmaroon wrote:
| No. Not even close.
| NavinF wrote:
| ...by doing what? FB is one of the largest employers of
| people on this site. If you ran a poll, I'd expect the
| majority to answer "no" to your question. Of the people who
| answered "yes", I bet the majority would still accept an
| offer from FB if it was just 20k more than the next best
| offer.
| ilrwbwrkhv wrote:
| One small example: In 2012 Facebook emotionally
| manipulated people in the name of science without
| anybody's consent by controlling positive / negative
| posts on their news feed.
|
| Right? Wrong? Discuss.
| NavinF wrote:
| https://xkcd.com/1390/
|
| I don't see the issue. Every social media site does this,
| FB was just naive enough to share their research
| ilrwbwrkhv wrote:
| And this just proved my point. During the Nazi regime,
| everyone was hating the jews. And everyone was doing
| fascism.
|
| Now to bring this to a close, people like you, who will
| jump companies for 20_000 and have lost the ability to
| see a clear ethical violation will be holding the guns
| and guarding the gas chambers when the next Hitler comes
| along. Meditate on this.
|
| Also this XKCD is dumb. Previously the feed was
| chronological post of friends which was definitely more
| ethical. But of course that didn't make people addicted
| enough.
| mattmaroon wrote:
| If that proved your point, you didn't have a point. If
| you can't see the difference between genocide and lack of
| informed consent on a social network algorithm experiment
| you can't be helped.
|
| I'm all for moral relativism, but there's no future in
| which Facebook's current actions aren't at least
| reasonably debatable, and no past in which Auschwitz was.
|
| If you wanted an example of where the line gets blurry
| (it does sometimes, just not in either of these) I'd go
| with pharmaceuticals.
| immibis wrote:
| One thing I have learned from the internet is that if you
| mention the Nazis or the Jews, you lose, good day sir,
| even if you are right.
|
| People are illogical.
| mattmaroon wrote:
| Yeah I was only trying to give an extreme example of
| someone being unethical working an immoral job,
| contrasting that with, say, working for Ticketmaster,
| which, as much as I despise them, is hard to equate with
| the Holocaust, given that one killed millions of
| civilians and one just costs me a little money. I should
| have known better.
|
| They seem very different to me and anymore, I almost
| think that's a valid test of the reasonable person
| standard.
| gowld wrote:
| Did you get informed consent from me regarding the
| methods by which you constructed your comment? Or are you
| manipulating my emotions unethically?
| NavinF wrote:
| > people like you, who will jump companies for 20_000
|
| ???
|
| I said I don't find A/B tests unethical. Literally every
| tech company runs A/B tests just like that one. Why would
| I ask for 20k more?
|
| > Previously the feed was chronological post of friends
|
| Yeah, before they measured the impact of a good
| recommendation algorithm.
| mattmaroon wrote:
| And back when you could log into Facebook and see a feed
| of all of your friends' posts quickly. Facebook
| eventually got to the point where for most people the
| feed would have been much longer than the time they
| wanted to spend on site, and so showing them just the
| most recent few is somewhat random. Much better for
| engagement to show them posts they like.
| pfisherman wrote:
| The issue is the lack of informed consent. This is pretty
| basic ethical conduct of research stuff.
| Jensson wrote:
| I have never seen a social media site ask for consent for
| A/B testing their new things. Everyone does this, I am
| pretty sure even the big news sites that wrote those
| headlines also does this without asking. The only thing
| facebook did differently was calling it research rather
| than A/B testing.
| sethammons wrote:
| I can't put any facebook developer in the same bucket as
| a guard at a concentration camp.
| gowld wrote:
| Because a concentration camp guard would be jailed or
| killed for refusing service, but a FB dev would lose a
| few $thousand in opportunity?
| toolz wrote:
| Working at a faang level company is associated with a
| large enough increase in income that it could support a
| handful of families in developing countries. I don't know
| what purpose it serves to downplay just how substantial
| that amount of money is.
| pfisherman wrote:
| Textbook case of unethical conduct of research. The key
| here is lack of informed consent by the study
| participants.
|
| The APA put out a press release about this study violated
| their code of ethics.
|
| https://www.apa.org/news/press/releases/2014/06/informed-
| con...
| bentcorner wrote:
| I think that was wrong. At the same time, drawing lines
| of good/bad at the boundaries of the people working at
| facebook is, imo, not useful.
| reddalo wrote:
| > I still don't blame the developers, I blame government.
|
| Yes, but I think they still have some responsibility, even if
| they say "I was just following orders!" [1]
|
| [1] https://en.wikipedia.org/wiki/Superior_orders
| toolz wrote:
| Everyone bears some responsibility if you've ever
| interacted with any entity that profits off of TM or helps
| TM make profit. I don't find it's particularly useful to
| spend any thought on what people with minuscule
| responsibility should do differently. It's just bike-
| shedding when there are important problems to solve.
| vjerancrnjak wrote:
| Even government software has issues (Vienna). I paid a
| EUR100+ fine for not having a ticket, even though I spent
| time going through the purchase flow. I have 100s of tickets
| purchased. Live agent and support agent just shrugged and
| told me I don't know how to use the app, washed their hands
| of any responsibility or need for understanding.
|
| It's like there's no way to make the software human and
| humans in the loop have a crutch to lean on to not behave as
| a human. When I contacted the dev team directly, they
| shrugged too. No refund.
|
| To me it feels like software is the place where society can
| just exercise its cruelty and indifference, or maybe it is a
| reflection of society, it's probably just like humans are.
| What we think software should behave like is not human.
|
| I had more pleasant experiences with London/UK train ticket
| edge cases and felt like the system is built to deal with
| user/server errors.
| dzhiurgis wrote:
| That's just reflection of your culture. I.e. I come from
| Eastern Europe where cheating is so engrained and "i made
| an oopsie" would never fly. Beurocracy is face to face and
| takes ages
|
| Now living in NZ I get tons of slack for something like
| "verify youre local for free museum entry" or "get your
| passport by post". Life is so much easier when societal
| trust is high.
| lmm wrote:
| Societal trust is extremely valuable. Policy decisions
| that weaken it should be scrutinised extremely strictly.
| ryandrake wrote:
| "Developers are blameless" is a uniquely HN take, for obvious
| site demographic reasons.
|
| I see a worthwhile product as a stool with at least three
| legs: Technical feasibility, business viability, and ethical
| acceptability. Take one leg away and the stool should fail.
| Yet, HN commenters endlessly discuss/debate the first two and
| largely ignore the third. I think we all have a duty to work
| on projects that are ethically sound (defining that is a
| whole other discussion). There are plenty of companies out
| there and plenty of products to work on--it's not like we
| have to pick an evil one in order to survive and "feed our
| families."
| jgeada wrote:
| Yeah, but only one of those legs controls the money. At
| least in the US, no money means no food, no shelter, no
| healthcare, etc, so it is not a viable choice for most. So
| rightfully most of the blame should be assigned to those
| that control the money: management and executives. Rarely
| hear of required ethics guidelines and handwringing about
| ethics from the MBA types.
|
| I'll accept a share of developer blame in places with
| strong unions and the ability for workers to strike.
| mattmaroon wrote:
| And the developer job market has changed. We can act like
| everyone can just go get a job that pays well somewhere
| else, but I've got friends who are very senior developers
| who've been laid off and had a hard time finding a good
| job in recent years.
|
| The market isn't what it once was and while overall still
| good, we do all have bills to pay.
| ryandrake wrote:
| I guess I'd turn it around and ask those developers: Are
| there any projects you _wouldn 't_ do, no matter how much
| you needed the money, because you found them ethically
| unacceptable? If the answer is yes, then they actually
| agree with me, and we're maybe just discussing where the
| evilness threshold line should be drawn. I don't know
| many actual people who would say "No, I would willingly
| work on absolutely any project, no matter how harmful or
| depraved it is, as long as I get paid," but then again
| maybe I don't know enough truly desperate people.
| mattmaroon wrote:
| Sure, but the issue is, someone might not think ticket
| master is evil. And I'd argue the things they do that
| should at least be illegal (in my view) have nothing to do
| with developers.
|
| Take away their exclusive rights (on both sides of the
| business) to 80+% of large live music venues and they're
| just another ticket platform.
| efitz wrote:
| There should be more choices rather than "find another
| company". The problem is that it is an economically valid
| argument to say "if I don't, someone else will".
|
| I believe that professions should have codes of ethics, and
| people should be expected to adhere to those codes of
| ethics. Right now there is no licensing or apprenticeship
| or registration associated with the profession of "software
| developer". There are some organizations that issue
| professional certifications in adjacent areas (MCSE, CISSP,
| etc.) that have codes of ethics associated with them, but I
| rarely see disciplinary action associated with them, and in
| any case employability is not linked to these
| certifications.
|
| Conversely, lawyers have bar associations that evaluate
| complaints and can withdraw permission to practice.
|
| Doctors have the Hippocratic Oath, but I'm not sure that
| it's enforced for medical licensure. However doctors do
| have medical licensing boards and licenses can be revoked.
|
| Pilots have revocable licenses but I'm not sure they have a
| code of ethics.
|
| Civil engineers have codes of ethics and licensure, but
| licensure revocation appears associated with legal
| malpractice, not ethical malpractice.
|
| In any case, there are societal mechanisms that could be
| used to associate codes of ethics with software developers,
| if we as a profession and a society chose to, which I'm not
| optimistic will happen.
| PUSH_AX wrote:
| It's interesting, the more we agree and hold strong, the higher
| the demand grows for engineers who would help some companies
| create their hellscape. The incentive will grow higher and
| higher until people break rank. And you start over.
| fmbb wrote:
| I dont think it's a truth.
|
| Shamans and wizards (never heard this used to describe anyone
| in history but let's assume it's just any kind of supposed
| magic user) were people at the top tier of their societies in
| terms of political power. Not kings or chieftains, but above
| everyone else.
|
| Programmers are just making a living selling their labor power
| like every other office drone in the world. We're one of the
| most common lines of work out there.
|
| If you want the mysticism angle, we are like those kids they
| used to catch "witches".
| namaria wrote:
| Are there any documented examples of societies where
| "magics", "shamans" or "wizards" were at the top of the
| hierarchy? I gotta say, I'm an avid reader of Ancient History
| and Anthropology and the closest I can think of is the
| Priest-Kings of Sumeria and your garden variety theocracy and
| the latter is much more of a priestly bureeacracy than
| anything else...
| dgb23 wrote:
| Perhaps not at the top in terms of day to day decision
| making and wealth, but the first that came to mind would be
| celtic druids and bards.
| namaria wrote:
| I'd love to know more, can you point me to some sources?
| dgb23 wrote:
| I'm sorry it's just a vague intuition from watching a lot
| of documentaries about the Celts and very light internet
| research.
|
| But generally speaking Druids had an oral tradition of
| maintaining knowledge in Celtic society. They had inter-
| tribe gatherings and went through long and difficult
| training.
|
| Specifically also law. So they had at least the power of
| judges and to some degree law makers.
|
| Perhaps you can find out more with some of these
| keywords.
| pseudo0 wrote:
| Yeah, we are more like masons. We have useful skills that
| enable building impressive things, but at the end of the day
| we are building someone else's cathedral.
| sethammons wrote:
| I think you don't know what you think you know. My mom is a
| shaman type. These types often live at the outskirts of
| society where no well-to-do person would like to be seen.
| Zero political power but enough utility to keep at an arm's
| distance -- further if possible while not needed.
| rangerelf wrote:
| > Shamans and wizards (never heard this used to describe
| anyone in history but let's assume it's just any kind of
| supposed magic user) were people at the top tier of their
| societies in terms of political power. Not kings or
| chieftains, but above everyone else.
|
| I don't know where you came by such a notion; Shamans,
| "Wizards", witches, "wise women/men", are usually shunned
| from society such that they tend to live near the outskirts
| of towns or cities, nobody really wants to live close to
| them; and when "bad things happen" tend to be the first ones
| to get blamed for it; then they also are commonly used as
| scapegoats for whatever political, economic or religious
| effort some corrupt officials try to push.
|
| That doesn't sound very societal top-tier to me.
|
| We're definitely not witches or wizards, at most we are
| scholars or [specialized] craftsmen. "Knowledge workers" if
| you will. Not as unlikable as the wise folk that live towards
| the edge of town, and not as at risk of getting tied to a
| post and lit on fire because the bishop believes we commune
| with unclean spirits.
| TeMPOraL wrote:
| > _and not as at risk of getting tied to a post and lit on
| fire because the bishop believes we commune with unclean
| spirits_
|
| We're on our way to get there, though, with that "can't
| solve social problems with technology" infectious meme, and
| the other one that makes the public blame programmers for
| socially-problematic tech, while ignoring or praising the
| business people who imagined, commissioned, and decided to
| deploy those technologies.
| butlike wrote:
| Perhaps they were referring to a time when nomadic people
| started settling into "villages," before organize religion
| solidified?
| ballenf wrote:
| Agreed. We're the blacksmiths making armor and swords and
| horseshoes.
| lowdownbutter wrote:
| "In effect, we conjure the spirits of the computer with our
| spells"
|
| t. Introduction of SICP
| yread wrote:
| I personally think we are more like "plumbers but with JSON". I
| have principles and apply them but I don't expect the others to
| do that
| gowld wrote:
| architect+builder+plumber.
|
| The suits at TM couldn't build the app+backend, even if they
| could hire someone to maintain and replace parts of it.
| TheCraiggers wrote:
| Programmers being analogous to wizards or martial artists made
| more sense back when one used to need to train years or decades
| to become one.
|
| With age comes wisdom.
|
| There has been a lot of good that came from making coding more
| accessible; I'm not trying to gatekeep. But I do think that
| this is one instance where the outcome is worse. The martial
| arts masters still unquestionably exist among us. It's just
| that they're now surrounded by younger, less-wise people with
| guns. Both types can fight an army, but only one has the wisdom
| to know when it's better not to.
| ilrwbwrkhv wrote:
| Yes I think there is truth to this. Something I have seen
| lately with Rust for example, is because the language is
| harder to learn, the discourse, tutorials, libraries are all
| much higher quality.
| leptons wrote:
| >Programmers being analogous to wizards or martial artists
| made more sense back when one used to need to train years or
| decades to become one.
|
| You can be a shitty wizard with only one year of training,
| same goes for programmers.
| amar1729 wrote:
| that's kind of exactly OP's point. you can get hired and
| call yourself a "programmer" after a year of training today
| ... that was not true in quite the same way 30/40 years
| ago. and we're in agreement that someone with a year of
| training is probably not all that good.
| leptons wrote:
| >you can get hired and call yourself a "programmer" after
| a year of training today
|
| That might be true 3 or 4 years ago, but I find that
| difficult to believe in the current job market. All the
| programming jobs that have come across my screen lately
| require a 4-year CS degree. Companies aren't hiring noobs
| lately. They're laying off more than hiring.
| akira2501 wrote:
| > The sooner we can agree to behave accordingly
|
| People don't code out of a sense of duty, they do so to earn
| money, so there is no mechanism to enforce "behavior."
|
| > our prospects for ripping the reigns of society
|
| There are too many industries that take the mantle of improving
| society on their back. This is a mistake. There is no natural
| representative mechanism that ensures your actions are aligned
| to required outcomes.
|
| This should probably be left to congress. If you're concerned
| that they won't do it then that should immediately suggest the
| appropriate course of action to you.
|
| > of those whose only animating principles are avarice and
| exploitation.
|
| Short term thinking cannot lead to long term rewards without
| abject manipulation of the marketplace.
| survirtual wrote:
| Congress is useless, along with the rest of the planetary
| corporate-fascist oligarch facsimiles of democracy.
|
| If software engineers united behind true ideals of freedom,
| we could automate the entire stack of "leadership" and raise
| the floor of society.
|
| Open source implementations of:
|
| Universal cryptographic identification
|
| Decentralized voluntary anonymous voting, verifiable by every
| voter
|
| Sovereign algorithmic monetary policy
|
| Liquid representation
|
| Complete digitization of all necessary information to audit
| any authorities, at any time
|
| Full release of privacy for any "public official" -- service
| to society should be a burden, not a privilege
|
| This, and much, much more can ALL be done with software. An
| entirely new paradigm of society, with freedom unalienably
| encoded into the fabric of the social machine.
|
| Our rights digitized, our privacy, speech, and pursuit of
| happiness made into software.
|
| I would say software may have an impact, and the thinking of
| this impact extends far beyond the next quarter of profits.
| This mindset can extend into a multi-planetary society and
| beyond. A continuously evolving, open source mechanism of
| human governance.
| akira2501 wrote:
| > If software engineers united behind true ideals of
| freedom
|
| You'd have better luck trying to remove jealousy from the
| human heart. If you can suggest a mechanism for actually
| making this happen, enforcing it in the face of economic
| incentives, and measuring it's actual impact then I'll take
| the ride with you. Until then it is an absolute fools
| errand.
|
| > we could automate the entire stack of "leadership" and
| raise the floor of society.
|
| Autonomous societies have been tried before. They have no
| mechanism to correctly align their long term objectives so
| none of them have ever lasted. Planning to build another
| one based on nothing other than assumption is flawed.
|
| > with freedom unalienably encoded into the fabric of the
| social machine.
|
| Guns exist. The social machine is secondary to force. You
| have no plan for this.
|
| > This mindset can extend into a multi-planetary society
| and beyond.
|
| Older people sell younger people pure unadulterated
| fantasies in order to extract cheap labor from them.
| survirtual wrote:
| > If you can suggest a mechanism for actually making this
| happen, enforcing it in the face of economic incentives,
| and measuring it's actual impact then I'll take the ride
| with you.
|
| :)
| koromak wrote:
| This is a wild take. Software developers do the dirty work.
| We're one step below wall street.
| anamax wrote:
| Ah yes, The Roads Must Roll.
|
| It's worth remembering that folks who can be bought, can be
| bought off and spend a lot of time enjoying their riches while
| true believers are somewhat more difficult to convince and
| don't take any time off.
|
| That's important because all of the big evils have been
| perpetrated by true believers in pursuit of their "one true
| way." (Yes, some large evils have been perpetrated by folks
| chasing money. I'm talking about things like wholesale
| slaughter of as many people as they could lay their hands on.)
| kccqzy wrote:
| I cannot agree more. And this is exactly why the old Google
| motto of "don't be evil" was so important. And the decline of
| Google is highly correlated with the removal of this motto from
| its culture.
|
| I sincerely hope all tech companies can take a page from old
| Google and truly instill an innate rejection of evil among all
| software engineers.
| imchillyb wrote:
| Except it's not truth.
|
| You want truth?
|
| The Golden Rule: "He who has the gold, makes the rules."
|
| Truth is that money is all that matters. Nothing else in the
| world of business matters not relationships, not customers, not
| Boards of Directors or CEOs. Money.
|
| Until a person realizes this, they will be forever caught in a
| cycle of thought that is not truth.
|
| "Follow the money!" is the best way to see how society works,
| and is why every government wants their hands in our money.
| Meaningful change in this world requires money. No amount of
| idealism or 'using our powers' can change that.
|
| Do the wizards have 'F-Off' money? No. Will they ever? No.
| cryptoegorophy wrote:
| The worst are the programmers of the mobile games for kids.
| marcodiego wrote:
| > I now know everything I would need to duplicate TicketMaster's
| barcodes
|
| Until they change their encoding.
|
| Requiring the installation of a proprietary app to do anything
| should be forbidden.
| james2doyle wrote:
| Fantastic article. Really easy to understand.
|
| Side note: this is actually a great advertisement for server side
| rendering! If they didn't do all this client side rendering,
| exposing data in JSON APIs, then I doubt this reverse engineering
| would have been possible.
| shaftway wrote:
| Except then I'd need to have a good data connection at the
| venue, and the odds of that are infinitesimally small.
| james2doyle wrote:
| I see what you mean. The barcode wouldn't work offline.
|
| It seems like that didn't matter at the venue though? The
| spotty internet connection not allowing the code to load was
| the first part of the article wasn't it?
| superfrank wrote:
| > I remember a time when printable tickets were ubiquitous. One
| could print off tickets after buying them online or even (gasp)
| in-person, and bring these paper tickets to get entry into the
| event when you arrive
|
| I go to 1-2 concerts a month so I'm well aware of how scummy TM
| is, but the problem with PDF tickets is that people sell fakes or
| sell the same ticket multiple times. I know multiple people
| who've been scammed this way. I get not wanting to use your phone
| for everything, but the changing barcode isn't just technology
| for the sake of technology, it's actually there to solve a
| problem.
|
| > PDF tickets work even if your phone loses internet connection
|
| So do the digital barcodes if you add them to your phones wallet.
|
| TM even sends you an email before every event that says:
|
| >> If you haven't already, download the Ticketmaster app or sign
| into your Ticketmaster account via mobile web. From My Events,
| tap view then add tickets to your phone's wallet for easy access
| at entry.
|
| TM's help page for the Mobile Entry tickets also says
| (https://help.ticketmaster.com/hc/en-us/articles/978659778561...)
|
| >> We encourage you to download your tickets to your digital
| wallet before you leave for your event. This ensures that you can
| always access your tickets.
|
| > If you bought the ticket off the event's official ticketing
| agency (not a sketchy reseller), you know for sure that they're
| real.
|
| The problem is that that isn't how the real world works. Ignoring
| the massive scalping problem currently happening (that TM is
| complicit in) sometimes plans change or people learn about events
| after the initial sale. Personally, any time I have to buy or
| sell through a reseller, I use StubHub, but I know plenty of
| people who don't want to use them as they charge high fees and
| they aren't much better than TM from a moral stand point.
|
| Also, I get the impression that if TM locked all tickets so that
| they could only be resold on TM, the author of this article would
| have a problem with that.
| crazygringo wrote:
| Exactly all of this.
|
| I found the article really interesting from a tech perspective.
|
| And I have no love for TicketMaster, but the migration from
| paper/PDF tickets to scannable changing QR codes is inevitable,
| precisely to combat scammers.
|
| TicketMaster does a lot of bad things, but this doesn't seem to
| be one of them. And learning to download the digital tickets in
| advance -- either to the app or your Apple wallet -- is just a
| thing you learn to do, the same way you learn to download a
| bunch of podcasts before your airline flight that charges for
| (or doesn't have) WiFi. (And if your ticket was a PDF, you'd
| similarly be stuck if you couldn't get internet at the venue
| and hadn't downloaded it in advance.)
| somerandomqaguy wrote:
| >So do the digital barcodes if you add them to your phones
| wallet.
|
| ??? Last I heard the adding the barcode to the phone's wallet
| did not work, or at least not reliably. Some older folks I know
| struggled with it, and I specifically help setup the ticket
| master app and download the barcode. They mentioned that the
| app eventually logged them off when they got on site and had to
| struggle with poor wifi. Eventually got it to work but IIRC it
| took several minutes before they had a stable enough connection
| for it.
|
| Does it need an actually Google/Apple wallet or something
| setup?
| ssl-3 wrote:
| Yes, "phone's wallet" actually means Google Wallet or Apple
| Wallet.
|
| Stuff I add there works for me instantly every time, even
| with crowded venues and zero connectivity -- as long as I get
| it ready in advance.
|
| (Not that I am defending this. I'd rather carry a paper
| ticket, since paper is more durable and far less complex than
| a phone is.)
| 725686 wrote:
| A few months ago I went to Las Vegas to watch U2 at the Sphere.
| When I learned that I needed to open the app or website in order
| to get in I panicked in fear of the shitty internet that is
| common in massive events, so I opened my tickets since I left the
| hotel. Unless this stuff works completely offline, it is a
| terrible idea.
| dylan604 wrote:
| There's no way that I trust the developers of a company like
| Ticketmaster to install their app on my device.
| NavinF wrote:
| You don't trust your OS to sandbox it? With a threat model
| like that, I wouldn't use any apps other than the browser
| immibis wrote:
| Maybe you are using a fully open phone, but mine has an OS
| made by Google and almost every app tracks my location
| without my consent.
| nahikoa wrote:
| For the past 9 years, Android has allowed users to
| disable location permission per app. More recently, you
| can choose to share "noisy" location, which just provides
| an approximation of your location.
| pompino wrote:
| Google will never stop spying themselves but will give
| you the ability to stop their competitors from spying on
| you. Heh..
| NavinF wrote:
| I'm an app dev. How exactly would I track your location
| without your consent?
| immibis wrote:
| For example, based on my IP address, nearby wifi
| networks, and camera footage.
| ssl-3 wrote:
| > IP address
|
| Great. So an app can plug my IP address into a
| geolocation query, and might ultimately determine that
| I'm somewhere in $city. Or maybe the next city over. Or
| maybe half a continent away.
|
| But sure, this "works" without consent, since there is no
| extra step to enable networking for an app.
|
| > nearby wifi networks
|
| This doesn't work without consent.
|
| > camera footage
|
| This doesn't work without consent.
| NavinF wrote:
| Web apps also get your IP. Why aren't you using a VPN if
| you care about that?
|
| Web apps can also get the rest if you click accept when
| it asks for camera access. What exactly do you lose by
| installing an app?
| dylan604 wrote:
| From the AppStore:
|
| Data Linked To You:
|
| Purchases, Location, Search History, Usage Data, Financial
| Info, Contact Info, Identifiers, Sensitive Info.
|
| Nope Nope Nope.
| NavinF wrote:
| That explains nothing. I'm pretty sure it's talking about
| info that you type into form fields in the app. Same
| reason FB "links" your health info even though it has no
| access to the health info stored by your OS.
|
| The same applies if you use their website. It'll still
| ask for that info with a web form.
| dylan604 wrote:
| > Same reason FB
|
| ...is not installed on any of my devices
| jimbobthrowawy wrote:
| If anyone is in the situation that they need to put an
| untrustworthy app on their android device, the "work
| profile" feature can segment it off further.
|
| Insular is an app that lets you create and manage one of
| these profiles on the device itself:
| https://gitlab.com/secure-system/Insular
| notpushkin wrote:
| Work profile is really neat, yeah. I'm using Shelter for
| this, it's quite nice:
| https://f-droid.org/en/packages/net.typeblog.shelter/
| _puk wrote:
| I mean, that horse has already bolted..
|
| https://www.nytimes.com/2024/05/31/business/ticketmaster-
| hac...
| NavinF wrote:
| Yeah that has literally nothing to do with their app. If
| you submitted your data on their website, it'd be leaked
| just the same
| dylan604 wrote:
| You're implying that the data from the app is stored in a
| different more secure manner than the data from the
| website? That makes zero sense. The fact that they got
| hacked and is the only thing that matters, not which mode
| of input you provided the data they did not protect.
| NavinF wrote:
| No, I'm asserting that the app acquires as much data as
| the website (ie. whatever you typed into their forms) and
| it gets leaked all the same. Refusing to install the app
| makes no sense if you still use the website
| sbarre wrote:
| An app absolutely can track more data than a website. You
| don't have the website open/active on your phone at all
| times, but you have the app installed at all times, even
| when it's not running.
|
| You do know that apps can record data in the background,
| right?
|
| A website is also sandboxed by your browser in a much
| stricter manner than an app is on your phone, at least by
| default.
|
| I don't have specific information on the Ticketmaster app
| here, but to say that an app is the same as website from
| a tracking perspective on a phone is absurd.
| NavinF wrote:
| I'm an app dev. What can I record in the background? What
| can I track?
| sbarre wrote:
| If you're an app dev you're more qualified than me to
| answer that question.
|
| Perhaps you'd like to re-frame your comment or ask a
| different question?
| NavinF wrote:
| My point is that you and the other guy are just making
| stuff up and spreading misinformation. At the API level,
| an app that doesn't have the user's explicit permission
| to get location, camera, run in the background, etc is
| not that different from a web app. My question was
| obviously rhetorical.
| sbarre wrote:
| There you go, getting to the meat of it..
|
| So your position is that an app installed on my phone is
| not able to track or collect any more data, and does not
| have access to any other information, than a website that
| I load in my device browser (assuming I log into that
| website with the same credentials I use in the native
| app)?
|
| I agree that this _might_ be true in some cases. Note
| that I never said or implied that an app could do things
| without permission - but my fault if that wasn 't clear.
|
| Now, that said, would it perhaps be fair to say that the
| average user is much more likely to grant additional
| permissions to a native app on their phone than they
| would to a website?
|
| If a website asks for your location, or access to the
| camera or to your contacts or whatever, I think many
| people would refuse. There's still a sense that a website
| is "out there" on the Internet, and you shouldn't
| necessarily trust it.
|
| But when an app you've installed on your device asks for
| these things, in order to "operate properly" or provide
| functionality, then I think people are much more likely
| to grant it.
|
| After all they've installed the app on their device,
| they've already trusted the vendor that much, it's only
| an incremental step at this point.
|
| And once the device does have this elevated access, and
| access to more data, then there are absolutely more
| opportunities to collect data on users without their
| understanding.
|
| I say "understanding" here rather than "consent" because
| typically consent is given via some long and complicated
| T&Cs that no one reads. Which is of course on the user,
| but again if you don't grant permission in the first
| place (because you're on a website not an app), it's not
| a problem.
|
| And we have historically seen that some companies (not
| all companies of course) take advantage of this app
| access to collect data for themselves without your
| knowledge. I hope that part isn't up for debate here..
| jen20 wrote:
| What is the worst that can happen? I have it installed on my
| iPhone and deny whatever permissions it asks for.
|
| I have enough confidence in the sandbox that "installing an
| app" is basically never an issue (though I don't out of the
| principle that most things companies have apps for just
| shouldn't be apps).
| dylan604 wrote:
| > What is the worst that can happen?
|
| I don't know the worst, but juice is not worth the squeeze
| in my opinion. If you recall, Ticketmaster was just
| recently hacked, so the worst pretty much happened in that
| any data they had collected on their users is potentially
| been leaked. So if they can't protect that data, then I'm
| not participating in giving them data.
| xp84 wrote:
| Sure, but the data you give them is pretty much a
| condition of attending their shows, not whether you use
| their app, Chrome, or a PC in the library to buy the
| ticket. Regardless, they will get some contact and basic
| financial info for you unless you avoid all their
| concerts (which is certainly a principled and defensible
| choice!)
| dylan604 wrote:
| They do not need to know my address, my phone number,
| credit card number or any of the other BS that "they
| need" including my name. Their website has a ton of
| trackers uBlock blocks, so their website is trying to
| collect even more data than what their "forms" request.
| jen20 wrote:
| How would an iPhone app (I don't know about android)
| collect any of that?
| dylan604 wrote:
| I mean...they tell you they do in the listing in the
| AppStore. Like, how are you not realizing this?
| jen20 wrote:
| How though? My phone does not contain my address, or my
| credit card number.
| swozey wrote:
| I used to work or a mobile event app company that made a lot of
| the big festival/conference apps. Everything was built to
| function locally from a sqlite file on your phone that was
| constantly updated _when_ you did have coverage.
|
| It was 100% expected that you would have no cell signal the
| entire event and we built in as many mitigations as we could
| think of.
|
| This was 2013ish, I think there are a lot more mesh network
| devices that can relay signal nowadays but I'm not involved
| anymore in that stuff.
|
| It was the best on-call I've ever had because.. nobody had cell
| signal while the event was on to complain about something.
|
| This person complains that people didn't have network access on
| their phones when they were at the gate. I can only assume that
| they waited till they were at the gate to install/use the app
| so it never got its offline data.
|
| _Always_ open your event apps before getting to the event.
| Sometimes they 're completely bare bones and have to reach out
| and pull that apps specific database so its sure you have the
| latest. Most of the event apps are a template that is modified
| for each event and just has different assets/sqlite.
| rkagerer wrote:
| ...or just let us print g*d@mn paper tickets.
| tptacek wrote:
| As the article notes, this ticket system does in fact work
| offline.
| mattmaroon wrote:
| Well, as it also notes, it works offline if you remember to
| open the ticket before you get there, and they don't (or at
| least didn't used to) give you sufficient warning. I found
| out that's how it works the hard way when it was new by
| having to walk a half mile back from the venue to get service
| to load the tickets.
|
| There's also the chance the ticketmaster app won't work
| properly later even if you did do it. I've had other apps
| shit the bed for no apparent reason in offline mode before. I
| add them to my wallet now just in case.
| tptacek wrote:
| Sure, I'm just reacting because TOTP is like the textbook
| example of a system designed to work without interactive
| access to a networked resource. The whole as TM designed it
| has crappy affordances, but you could fix that without
| breaking the design.
| mattmaroon wrote:
| Ah, yeah. I'm just hoping the justice dept breaks them up
| and ticket sales move to something like the airline
| model.
| lotsoweiners wrote:
| Why though? Lord knows I hate Ticketmaster as much as
| everyone else but "airline model" sounds fucking
| terrible. I hope I never see the day where I'm removing
| belts and shoes to get into a concert.
|
| To be fair though I always get at least somewhat
| reasonable concert prices by doing presale. Sign up for
| the artist's "presale club" and/or get the credit cards
| that have presale as a perk. Get in queue ahead of time.
| You won't have to deal with the dynamic pricing/public
| sale shenanigans that we hear about. On Reddit I often
| see people complaining about paying at least 2x what I
| paid for similar tickets.
| notpushkin wrote:
| Belts and shoes doesn't have much to do with ticket
| sales, does it?
| mattmaroon wrote:
| I was just going to ignore it since they obviously missed
| the point entirely (and it's not a hard one to get) or
| were being disingenous.
| donalhunt wrote:
| Recent experience for a large stadiums event suggests they
| have fixed the notifications. I got a lot of notifications
| encouraging me to a) charge my phone and b) download the
| ticket before arrival.
| mattmaroon wrote:
| Yes, they have learned. As much as I hate them they are
| mostly a well-run company.
| 725686 wrote:
| Pleas notice the "completely" in my comment.
| mattmaroon wrote:
| Off topic (though the post does go into it a bit): Ticketmaster's
| current form is entirely due to a failure of government. Decades
| from now, case studies will be written on how one company managed
| to have a monopoly on an industry that is so not a natural
| monopoly.
| kls0e wrote:
| super entertaining read! many thanks.
| lakerz16 wrote:
| I hate TM and ridiculous fees as much as anyone, but this article
| is overly hyperbolic.
|
| There's a section named "Pirating Tickets", that just explains
| how to re-create a barcode that you already paid for. You're not
| using this to rob anyone of anything.
|
| And at the end, "Have fun refactoring your ticket verification
| system". Why? There are no vulnerabilities here. A rotating
| barcode (even if following a known pattern) is still more secure
| than a static barcode on a piece of paper.
| CYR1X wrote:
| It's piracy in a way that's analogous to ripping like Netflix
| content. You are breaking away from DRM which is piracy. They
| also cite the potential to have multiple tokens valid per one
| ticket which would let multiple people get in with the same
| ticket.
| lakerz16 wrote:
| I'd argue that a few extra people sneaking in on the same
| ticket (assuming this is even possible) is more like sharing
| your Netflix credentials than ripping Netflix content and
| having it be shareable with the entire world.
|
| You're also walking into a stadium/concert in plain view of
| security cameras, so the stakes and deniability are different
| as well.
| giaour wrote:
| Not a lawyer, but "subverting DRM" (even if it's trivial or
| really stupidly designed) can be a crime in and of itself
| in the US under the DMCA. There are a bunch of exceptions
| to this, so I have no idea if OP's work is actually
| illegal.
| joquarky wrote:
| Security researchers are an exception, but the title of
| "security researcher" is undefined
| greenish_shores wrote:
| Now this is f*cked up, isn't it?
| Closi wrote:
| I doubt the second bit is true - they will still be marking
| the ticket as used in their backend.
|
| They are just trying to prevent scalpers printing off tickets
| 10 times and selling them outside the venues as a scam, which
| happened at every large concert I have ever been to until
| recently (so I assume this is working!).
| orbillius wrote:
| > they will still be marking the ticket as used in their
| backend.
|
| I assume that's true, but it makes me wonder how their
| scanners are connected to the server.
|
| I mean, if 10,000 people showing up to an event with
| smartphones overwhelms wireless networks, wont that also
| kick their scanners off the network?
|
| They'd probably like to have a system where, if a scanner
| loses its connection, it can still validate tickets. It
| could store a copy of validated tickets locally, and upload
| it when the network connection is restored - that would
| mean a copied ticket would have to make sure they go to a
| different door/scanner. But it would allow copying.
| hunter2_ wrote:
| I have no idea what connectivity options are available in
| current scanners, but it sounds like a viable solution
| could be to use an RF band that customers don't
| overwhelm, similar to wireless microphones perhaps, with
| a little hub situated nearby that consolidates the list
| of already-scanned tickets, possibly standalone or
| possibly on a wired network that includes other far-away
| entrances.
| 8n4vidtmkvmk wrote:
| Was going to say it shouldn't be hard to run a wire
| around an entire stadium, but maybe some popup outdoor
| venues that might be complicated. Could use line of sight
| towers for fun.
| janalsncm wrote:
| Simplest answer is a private wifi network for the
| scanners.
| ssl-3 wrote:
| It's also the best answer.
|
| It's all off-the-shelf electronics and standard
| protocols. Venue provides some wifi with a
| "Ticketbastard" SSID (or whatever) at entry points, and
| the COTS-built barcode-validating devices use that. Easy-
| peasy.
|
| They might also provide other wireless networks for other
| purposes (definitely for vendors [$$$], but perhaps also
| for regular house staff, touring staff, and maybe even
| the guests who pay for it all!), but they'll all be under
| the venue's control and coordination: Other than the odd
| personal hotspot that wanders in, there's not necessarily
| any meaningful outside interference on 2.4/5GHz wifi
| bands in a big venue.
|
| It's pretty easy to make _short-range_ wifi work reliably
| in that kind of RF environment, such as the chokepoints
| where tickets are validated. (Modern apartment dwellers
| will have worse interference problems than that.)
| xav0989 wrote:
| There's actually a ton of interference in the 2.4 GHz
| space, especially at venues like outdoor festivals.
| However your solution does work. I work at a festival
| that provides a WiFi network and an Ethernet drop for the
| ticket scanners. We have to use multiple APs to cover the
| main entrance area, but it's feasible.
| ssl-3 wrote:
| I was thinking more along the lines of a stadium crowd
| than an outdoor festival, but yes: I agree. I've had
| miserable luck with 2.4GHz stuff in festival environments
| where people camp out for a few days. :)
|
| I don't pay very much attention to the ticket-scanning
| devices while I'm getting into a big show (which is
| generally a rather unpleasant experience on my side),
| but:
|
| Don't they allow usage of 5GHz bands? Unlike 2.4GHz, I've
| had tremendous success with 5GHz bands in all kinds of
| environments -- including outdoor festivals.
| dzhiurgis wrote:
| 900mhz networks like halow or even lorawan should do
|
| Even at huge venues i dont expect requests would be over
| 5 rps
| Arrath wrote:
| 5 RPS, per scanner, surely?
| somehnguy wrote:
| No way, scanning tickets is slow because it rarely works
| seamlessly. It's pretty standard to stand there for a few
| seconds moving your phone back and forth and/or rotating
| it. Or when one person has all the tickets for their
| party and has to scroll to the next one between scans.
|
| I think maybe 4-15 seconds between scans per scanner, at
| best.
| dzhiurgis wrote:
| Can you imagine 5 people moving thru scanner in 1 second?
|
| Even at 1 rps that's if we assume 1 meter distance that's
| 3.6 km/h or a normal walking pace. Do you ever see crowd
| at ticketing move at walking pace?
| Arrath wrote:
| Not at all, I was imagining over speccing the system.
|
| E.g. this weekend I went to a show at a 70,000 seat
| arena. Knowing from experience, there are 4 entrances.
| This time there were 10 people scanning tickets at the
| gates I entered. Friends reported the same at the one
| they came in.
|
| 5 RPS per scanner is obviously overkill, but if those 10
| at one gate were linked to a hub that could issue 5 RPS I
| would call that adequate, if barely.
|
| If all 4 gate areas were linked centrally to a system
| that could do 5 RPS, well, actually, that might explain
| the throughput I experienced getting through lol
| donalhunt wrote:
| You would hope... But they often run the scanners in
| offline mode (e.g. at temporary / seasonal events) so there
| can be lag in the backends being updated.
|
| Heard from a friend who got straight into two events in the
| same city recently - they presumed the show was at one
| outdoor venue but the scanners let them straight in at the
| first (wrong) venue. Went to the correct venue and got in
| there without any issue too (this suggests one or both
| venues were offline or using offline scanners).
| hunter2_ wrote:
| Hm. So I guess at a small venue that has 3 door people
| with offline scanners, you have a 2/3 chance of success
| if you're the second of two people sharing a barcode.
| Combined with the obvious 3/3 success being the first
| person, that averages out to 5/6 chance if both of you
| (oblivious to each other) schedule your arrival
| similarly.
| TylerE wrote:
| My experience from visiting many many of them is that
| 80-90% of small venues don't even bother with scanners.
| emeril wrote:
| not really offline but someone who works in industry here
| once detailed out that each scanner has it's own copy of
| a SQLite database that is being updated as fast as
| possible based on inserts of other scanners since any
| downtime is a big deal at these venues
|
| i.e., theoretically duplicate tickets would be identified
| but not instantly but still pretty quickly
| 93po wrote:
| It would be DRM if the barcode was copyrighted material,
| which it isn't.
| CephalopodMD wrote:
| This way you can sell and have the ticket completely off of
| ticketmaster. That is a vulnerability. It lets users do
| something they explicitly don't want to allow.
| lakerz16 wrote:
| Assuming that you can actually do that.
|
| If the seller re-opens the TM app and it generates a new
| token and invalidates the old one, then that's not the case.
| sitkack wrote:
| Vulnerability to LN business practices. Not a system
| vulnerability.
| guhcampos wrote:
| Piracy here just means you can use it to sell your ticket
| without using their platform, which is analogous to just
| sending someone the PDF or handing over the piece of paper as
| always.
|
| While this has the upside of breaking you free from TM's
| obnoxious practices, it also obviously opens up for scalpers
| and all.
| IncreasePosts wrote:
| Scalping is still possible without understanding the tech -
| you could just stream a video of the bar codes and sell the
| stream instead of selling the ticket.
| grishka wrote:
| Good luck getting enough signal to play a video stream in a
| large crowd.
| yonatan8070 wrote:
| You don't need to truly stream a video capture of the
| app, you can have a scanner on the server side decode the
| barcode in the web/virtualized Android app and then only
| stream a couple hundred bytes, having the client
| regenerate the barcode
| SpaghettiCthulu wrote:
| Sure, it's possible, but come on, it's not _practical_.
| bjclark wrote:
| Piracy here means that you can sell 50k tickets to the same
| seat with a real valid rotating barcode.
| rzr2000 wrote:
| The way this is already being exploited in the wild is that a
| scalper/scammer buys 1 ticket, then resells the same ticket
| multiple times. Multiple people believe they have a valid
| ticket, show up at the event, but only the 1st ticket works.
| The other people who try to use the ticket are turned away
| saying that their ticket has already been used.
| cbsmith wrote:
| > The way this is already being exploited in the wild is that
| a scalper/scammer buys 1 ticket, then resells the same ticket
| multiple times. Multiple people believe they have a valid
| ticket, show up at the event, but only the 1st ticket works.
| The other people who try to use the ticket are turned away
| saying that their ticket has already been used.
|
| That is one of _many_ ways this is already exploited in the
| wild.
| lakerz16 wrote:
| Do you have a source for this? What platform are they selling
| multiple copies of the ticket through, and what app are the
| buyers using that allows multiple buyers to receive and show
| the same animated barcode?
| csomar wrote:
| Are you sure you understood the article? The token is supposed
| to be a secret and the TOTP generation should happen remotely.
| This is not the case and this suggest a fundamental lack of
| security practices at the company.
| account42 wrote:
| Well it's more like the "security: they want is fundamentally
| is incompatible with support for ofline use in this case (as
| long as we have open computing platforms anyway).
| lakerz16 wrote:
| "Should happen remotely" - according to who? What is the
| security risk for the end-user?
|
| "this suggest a fundamental lack of security practices at the
| company" - that's a stretch of a conclusion to make. You're
| being as hyperbolic as the original post.
|
| What didn't I understand about the article? This still offers
| a slight increase in security over static barcodes, without
| introducing any new vulnerabilities.
| worik wrote:
| > This still offers a slight increase in security over
| static barcodes, without introducing any new
| vulnerabilities
|
| It offers nothing to the user, except taking away their
| rights, and making it all unreliable
| rbits wrote:
| > the TOTP generation should happen remotely.
|
| It says that it is available offline (if you've viewed it in
| the last 20 hours), so the TOTP generation can't happen
| remotely
| LorenPechtel wrote:
| Which would increase the problem he described--too many
| people trying to get in overloading the local bandwidth.
|
| It's enough to defeat screenshotting and the 20 hour bit
| would defeat large scale malicious use.
|
| Not good security but probably good enough, especially in
| stopping the resale of stolen tickets.
| withinboredom wrote:
| He was basically wondering if he could create two tickets each
| with different tokens. Tokens are valid for 20 hours but it
| probably doesn't invalidate the old token (e.g. a request for a
| new token makes it to the internet but due to congestion, the
| response never comes back to your phone before timing out) and
| this could trigger multiple tokens for the same ticket and are
| all valid.
| dncornholio wrote:
| Thank you for posting this. This article left me super
| unsatisfied too.
| justinclift wrote:
| https://archive.md/hrgE0 /
| http://web.archive.org/web/20240521005653/https://conduition...
| RicoElectrico wrote:
| What's the deal with PDF417? Why did they choose it over QR?
| ssl-3 wrote:
| Perhaps a better question is: Why not PDF417?
|
| What functional improvement would be had by using a 2D QR code?
| chocolatkey wrote:
| One possible reason I can think of is that phone camera apps
| will not proactively read PDF417 barcodes like they will QR
| codes, thus discouraging people from thinking they can scan
| and decode them.
| ssl-3 wrote:
| That's may be a good reason.
|
| My phone's default camera app can recognize QR and UPC (and
| certainly other things; but I have other tools that I
| usually use when actually-using barcodes so I'm not that
| familiar with this part of the camera app), but it doesn't
| seem willing to do anything with PDF417.
| RicoElectrico wrote:
| PDF417 has non-square pixels (or rather as it's called in
| barcode nomenclature "modules") which feels very janky - it
| was meant for linear scanners after all.
|
| Oh, and quoting Wikipedia:
|
| _In practice, a PDF417 symbol takes about four times the
| area of a DataMatrix or QR Code._
| ssl-3 wrote:
| Yes. They're clearly different things.
|
| Which of these aspects offers a functional improvement in
| this application?
|
| ("Feels janky" doesn't quite cut the mustard, I don't
| think.)
| liendolucas wrote:
| It's baffling that you have to carry a mobile phone to access a
| show. What if you run out of battery? Or if you accidentally
| break the screen just before entering the venue? The more the
| technology evolves the more we find horrible uses for it. People
| should fight back by refraining from purchasing tickets from
| them, I know is not easy for people to miss their favorite artist
| but until a monopoly is broken there is no other effective way to
| prevent them from doing what they want.
| chuckadams wrote:
| You can still print the ticket on paper. Tho nowadays that
| means a trip to a FedEx store for me, since I refuse to keep
| buying inkjets I only use a couple times a year.
| omega3 wrote:
| Laser printers have solved this - I don't expect to change
| the toner for a decade.
| lnxg33k1 wrote:
| I bought a laser printer, I think something around 19 years
| ago, and it broke before I could finish the toner
| jcranmer wrote:
| > I refuse to keep buying inkjets I only use a couple times a
| year.
|
| Laser printers are the solution, and Brother laser printers
| seem to remain the most highly-regarded.
| davkan wrote:
| Yup, I use my brother laser printer to print probably 20
| pages a year and it's been going strong for 5 years now on
| the cartridge that it came with when I bought it on eBay.
| bonestamp2 wrote:
| Yep, I've bought 3 laser printers over the past 30 years...
| 1 about every 10 years, and not because I needed to...
| because I wanted more features. I've passed the old models
| down to others and they're still running. Toner never dries
| out, heads don't need cleaning. I would never buy another
| inkjet. The only use I can see for inkjet is photo
| printing, and even then I'd rather get them done at CVS or
| walgreens unless it is a special size or printing material
| that they can't handle.
|
| A brother laser can often be had for $100 these days.
| xp84 wrote:
| Another printer lifehack: Goodwill (which has a 'computer'
| store near me, they send all the best tech stuff there)
| sells laser printers of all kinds for like $20-40 and that
| plus a $20 Amazon non-official cartridge will basically
| have you set for life for the occasional print job. Since
| they're heavy, the Goodwill route saves most of the cost
| compared to eBay, though I did get mine on eBay.
|
| I actually recommend HP but Brother is great too. My
| current HP is at least 10 years old, and it's the second
| I've owned. My first was a 2000 vintage which I used from
| 2005-2017. (Its rubber rollers eventually got dried out and
| I wasn't as skilled a refurbisher as I fancied myself)
| sambf wrote:
| You should consider thermal printers like the Brother PJ
| line. A bit expensive but so small you can put it in a
| drawer, and no cartridge or toner at all. Just thermal
| paper, which I run off the same pack since I bought the
| printer 3 years ago.
| 1_1xdev1 wrote:
| No, you actually can't for the tickets the article is talking
| about. This is increasingly common. It's insane
| ReliantGuyZ wrote:
| > Tho nowadays that means a trip to a FedEx store for me
|
| I've really appreciated my local library for allowing 20ish
| pages of printing per day, which has allowed me to limp
| through the no-printer lifestyle. Plus I usually grab a DVD
| movie while I'm there.
|
| Life's good in the mid-2000s.
| bonestamp2 wrote:
| For sure. Additional info... many libraries also let you
| stream movies through kanopy.com, and read/listen to
| e-books through the app Libby.
| 8n4vidtmkvmk wrote:
| Stop buying overpriced ink jets. I get knock off laser
| cartridges for cheap and they last a couple years each. I did
| have to push a few random buttons on my Brother to let me do
| it, but it works now
| philjohn wrote:
| I had to use something like this to get into The Killers gig
| last week at the O2 in London (fantastic gig btw, and Andy Bell
| from Erasure made a special guest appearance to sing A Little
| Respect which was the cherry on top, but I digress).
|
| The WiFi in the O2 was woeful, and even on "The best network"
| EE the app wasn't loading.
|
| Eventually after stepping aside and letting a load of people go
| in front of us I managed to get it to load, but it was a
| dreadful experience.
|
| Contrast that with seeing the Pet Shop Boys last month in
| Birmingham where the ticket was on my phone in Apple Wallet was
| night and day (and you could print the ticket if you didn't
| have an iPhone, or wanted a physical version).
| noahtallen wrote:
| I mean Ticketmaster's current best practice seems to be NFC
| tickets stored in a mobile wallet which do work offline
| sandworm101 wrote:
| What I find really interesting is that there are so many scams
| that that the rejection of tickets is common enough to go
| unnoticed. Someone testing out their new "F-ticketmaster" ticket
| generation tool is free to test it in the real world. If it
| doesn't work they will simply be turned away the door like so
| many others who have been scammed. Nobody would notice the test.
|
| But if each ticket is for a particular seat, would ticketmaster
| notice if too people came with tickets for the same seat? I bet
| not. I bet they just trust their ticketing system to be
| foolproof. If anything they might just reject the second ticket
| without any way to know which was authentic.
| LordShredda wrote:
| I can't buy a ticket in my country, because my phone number is
| foreign. Can I use this to have someone buy it for me and
| transfer it to me?
| TeeWEE wrote:
| One things this articles kind of misses: You need that unique
| token... Ok, you can get it in some way.. But ticketmaster should
| keep it private, then, even if you know the algorithm. You still
| cant do a lot without the token......
|
| So he reversed engineered it, but its still secure: You need the
| token.
| lisper wrote:
| > They can't have robust DRM on their tickets if those tickets
| can still be viewed offline.
|
| Of course they can. All they need is a secret key embedded
| somewhere that the app can access but you can't. It's just a
| happy circumstance that they used a simple protocol in which the
| key is easily extracted. But they could have used a proper PKI
| protocol instead, which would have made it much harder, if not
| impossible, to hack.
| wackget wrote:
| If the app can access it (offline, on your device), then what
| stops a developer from using tools to extract the token from
| the device, either from wherever it's stored in memory or using
| an interactive debugger to extract it as the app requests it?
| lisper wrote:
| Nothing stops a (sufficiently motivated) _developer_ from
| doing that. But it will stop a muggle.
| torcete wrote:
| A $COACH_COMPANY in the UK has recently announced that they are
| moving to only app-purchased tickets. Except tickets purchased
| directly from the driver, which is VERY expensive.
|
| Well, F.U. $COACH_COMPANY. I don't want to have to install your
| app for that, but I guess I won't have any other option if I need
| to get to the airport.
| grishka wrote:
| What is one supposed to do if they don't have a smartphone
| and/or an internationally accepted bank card?
| PaulHoule wrote:
| A system like that could work in an entirely disconnected mode
| where the "ticket" device has a cryptographic token whose
| signature can be checked at the door without either side having
| internet access. The weakness of that system is that you can't
| "revoke" or sell tickets. Such revocation would be possible
| though if either the ticket or the validator device is internet
| connected.
|
| I saw the New York Red Bulls play not long ago and had to use
| Ticketmaster's system for the first time. I travel with a tablet,
| not a smartphone, and I was expecting trouble. Turns out the only
| trouble I had was that they didn't want to let me in with a
| tablet but they did when I explained my ticket was on my tablet.
| It did require an internet connection but Red Bull Arena has
| great WiFi so that was no problem.
| hinkley wrote:
| There's a faire this week in Oregon that draws people in from 500
| miles away.
|
| I've been a couple times, and what I've learned that was still
| not common knowledge to faire vendors as recently as last year is
| that T-Mobile brings out a mobile cell tower to support the
| faire, and no other cellular network does.
|
| So if you're trying to accept electronic payments, the whole
| thing tends to fall over and you only get to sell to people who
| brought loads of cash and prioritized hitting your booth first.
| Only the vendors on T-Mobile are able to take purchases for a big
| part of the day, and a few other people who use the rare billing
| system that is fine queuing up Visa transactions until after the
| bulk of people leave. The line for the cash machine sucks up a
| substantial part of your time budget for the faire, meaning you
| probably miss out on some things altogether.
| acureau wrote:
| That's a pretty smart business move by T-Mobile, I didn't know
| mobile cell towers were a thing
| hinkley wrote:
| I've never been clear what the main purpose of these things
| is but they do seem to get deployed for trade shows and such.
| Maybe for natural disasters?
|
| Then there are microcells, which can be privately owned. I
| worked at a place that had one when I was in mobile. There
| was a period of time when one of the carriers would sell you
| one if you were having connectivity issues. It's possible for
| instance, living on a hill, to have a cell signal on your
| roof but not in the rest of the house and they can work as a
| repeater.
| ssl-3 wrote:
| I first heard of CoWs (cell towers on wheels) from
| Woodstock '99, when they tried to repeat the debacle of
| Woodstock '94. (AFAIK, the CoW did not work.)
|
| The idea of cellular networks is simple: Put the "source"
| of the bandwidth near where the people need it.
|
| The idea of CoWs is also simple: It's the same thing, but
| it's dynamic and flexible.
|
| ---
|
| There was a time in my life when I was using AT&T as an
| all-you-can-eat LTE provider through a third party as my
| home Internet access, because reasons (and hear you me, if
| DOCSIS had been an option then none of this would have
| happened).
|
| Armed with a hotspot device that had external antenna
| connectors, band selection, and a Yagi antenna, I found a
| cell tower that I thought to be about 14 miles away that
| had consistently good Internet bandwidth. It was a ton
| better than several other much-closer towers (some only 1
| or two miles away), presumably because it had better
| backhaul(s).
|
| I made quite a study of things to get that dialed in and
| working reliably. And it was reliable for months. But then:
| One day, the signal had turned to shit.
|
| So I did the right thing and I drove over to where I
| thought that tower was, 14 miles out, to have a peek. And
| the tower was right where I expected it to be.
|
| But there were men actively working on the tower (with
| ropes and stuff), and a CoW of much-smaller stature was
| parked there and providing (rather lesser) backup service.
|
| Which, you know: That explained that.
|
| ---
|
| They additionally get used some for natural disasters if a
| tower fails, and also sometimes for other dynamic events
| like festivals and concerts and such. They're pretty useful
| when they work, in that a tiny sliver of bandwidth is
| superior to zero bandwidth. When properly-managed they can
| reduce contention on neighboring towers so that regular
| people doing their regular things are less-affected by
| whatever dynamic event is happening nearby.
| colmmacc wrote:
| It's one thing for customers phones' wifi issues to be a problem,
| but it's an even worse problem if the scanner itself needs
| reliable connectivity. That makes me wonder if there is some kind
| of delegated deterministic derivation step in the secrets too
| (which wouldn't be obvious in this kind of analysis), so that the
| handheld scanners can avoid an on-line dependency.
| Closi wrote:
| They needed reliable connectivity in the previous scenario
| (checking barcodes against a central db) - they just setup a
| local private wifi network for the handsets and all the venue
| devices.
|
| Otherwise I can't see how you would avoid replay attacks.
| colmmacc wrote:
| You can do time-based binding. Many TLS/Quic 0RTT take this
| approach; where the signature is only valid for a second or
| so. It's not as good as a real strike register, but probably
| ok for this kind of environment. Of course the barcodes would
| need to be more dynamic, but that's doable.
| dandigangi wrote:
| This was a fun read. I wonder if they reported it to a bug bounty
| program of theirs. Based on his writing how he feels about their
| business I'm going to guess no.
| ec109685 wrote:
| This isn't a vulnerability. It has to work this way if offline
| access is permitted.
| uniq7 wrote:
| > I paid three hundred US dollars for this high-tech experience.
|
| That's a good incentive for companies to keep up with the "high-
| tech experience".
| gspencley wrote:
| > Shame on you for abusing your talent to exclude the
| technologically-disadvantaged.
|
| Very minor nitpick: I don't like the term "technologically
| disadvantaged" here. While it is undoubtedly true that there are
| many people who are without smart phones due to economic reasons,
| or because their battery died or their phone was just stolen ...
| there are also lots of people, myself included, who would CHOOSE
| to forgo a smart phone when attending a concert / event.
|
| My wife and I live in a city with a Caesar's hotel and casino
| within walking distance. When there are shows and concerts we are
| interested in, we don't hesitate to buy tickets. When we go to
| such a show for a date night, we would like to leave our phones
| at home. Some of this might be due to our being middle aged, and
| so we're not glued to our phones 24/7, but it's also just a
| hassle to bring them through security, and to often have to put
| them in those lock bags because they don't want people recording
| etc.
|
| So to us, e-tickets are evil for no other reason than the fact
| that it assumes that we want to have a phone on us and to use it
| as a ticket. I will happily pay the fee for a physical ticket
| whenever available.
| RcouF1uZ4gsC wrote:
| > Software developers are the wizards and shamans of the modern
| age.
|
| No they are not. The big difference is that wizards and shamans
| closely guarded their secrets to keep their position secure,
| while software developers will happily give them away to as many
| people as possible.
|
| This means that software developers as such have close to zero
| leverage.
| ThouYS wrote:
| nice, more of this please. the constant abuse through everything
| digital has to be fought
| gwbas1c wrote:
| > If they had issued me normal, printable PDF tickets I could
| save offline to my phone
|
| Uhm, you can save the tickets to Google Wallet.
| hnuser435 wrote:
| This doesn't work on GrapheneOS.
| limaoscarjuliet wrote:
| I got tickets for a concert in UK, which could only be bought if
| you had UK Ticketmaster app. No, the international version of
| Ticketmaster app did not have these. Had to get me a blank
| Android phone, had to initialize it pretending I'm in UK via VPN,
| so I can see the UK Android Playstore (got my phone number
| blocked by Google in the process - "too many verifications from
| this number"). Then, it finally let me get the tickets and
| actually see the dreadful barcode in the app.
|
| This is horrible. Please stop.
| jofla_net wrote:
| I know the discussion has drifted into the larger realm of ethics
| and civic responsibility. But with respect to the original title,
| I always thought that it would be trivial to create a software
| 'tumbler' the logic of which was based on primitive examples,
| such as this. Edit: each user could have thier own initial state.
| https://en.wikipedia.org/wiki/Alternating_step_generator granted
| you'd need to ramp up the bits to make them less crackable. Then
| all you'd need is some translation to 2-d QR scancode graphics
| and a silly sliding bar and voila! Ticketmaster hegemony.
|
| But yes, its disgusting that i've needed a phone for events...
| grishka wrote:
| Impressive. I had no idea mobile- _only_ tickets are a thing. For
| me it 's always been the other way around because sometimes some
| events would insist on a printed ticket even if it comes as a PDF
| with a barcode. This sort of thing became annoying enough to me
| that I bought a printer.
|
| But then ticket resale online marketplaces aren't a thing around
| here either. When people resell event tickets, it's usually an
| entirely DIY affair.
| lifeisstillgood wrote:
| I am sure this is pointed out elsewhere, but ticketmasters
| business model is based on lying to the public so that the
| artists and venues don't have to.
|
| Taylor Swift is a nice-ish person and wants her fans to think
| they can buy tickets for her shows at about 25 bucks because
| that's a lot of money for a 12 year old and she does not want to
| alienate her fans.
|
| Her manager is an evil cackling bastard and wants to get as much
| as he can.
|
| He knows if he sells all the tickets for 25 bucks he will lose
| money in the tour and the people who resell the tickets for 2000
| will make 1975 dollars profit.
|
| So he does a deal with ticketmaster.
|
| They will sell 100 seats at 25 bucks, then announce "wow that
| sold out quickly" and then pretend that the other 5000 tickets
| they have are sold, and then resell them on secondary sites (ie
| ticket master is actually selling you orignal tickets through
| secondary markets).
|
| Then they give the cash to the evil manager who twirls his
| moustache.
|
| All the rest, the adding extra charges at end of sales process,
| the ridiculous rush to buy at a given moment in time instead of
| some auction or lottery, the whole thing of backhanders to
| venues, all that is secondary to enabling Taylor swift to take a
| huge cut without seeming like a evil moustache twirling money
| grabbing manager.
| IncreasePosts wrote:
| Can you provide a source for artists getting a cut of the
| greater-than-MSRP resale market?
| xhkkffbf wrote:
| Why shouldn't the artists get a cut of the greater-than-MSRP
| resale? Yeah, I realize that some pretend that the MSRP is
| the real price, but if anyone should get a cut of the jacked
| up fees, it should the people on the stage or producing the
| show.
| peddling-brink wrote:
| I don't think anyone is arguing otherwise. The frustration
| is the inaccurate pricing and other monopolistic behavior
| from TM et al.
| xp84 wrote:
| I mean, they should have that revenue, and a lot of us want
| them to just raise the prices for that reason. What's
| arguably kinda dishonest is when they have deals with
| Ticketmaster's scam of a resale scheme that result in them
| getting a large amount of the 'scalping margin' while also
| yelling about how they price their tickets SO low, and it's
| scalpers to blame for 'stealing the tickets from all you
| Real Fans!'
| ghayes wrote:
| There are a lot of journal articles about this, but here's a
| recent NPR story [0] and a Vox article from 2019 [1].
|
| [0] https://www.npr.org/transcripts/154299904
|
| [1] https://www.vox.com/the-goods/2019/7/22/20703858/live-
| nation...
| lifeisstillgood wrote:
| There was a trial in 2009 that had Katy Perry's contract with
| Ticketmaster released into the open - cannot find it at the
| moment but it was explicit about how many tickets would be
| available for her to sell etc
|
| This is all open and documented in the upcoming prosecution
| by US attorney - also cannot find atm
| financetechbro wrote:
| As much as I dislike Ticketmaster this is pure conspiracy
| unless you provide sources
| bonestamp2 wrote:
| I can't confirm what they said, but TicketMaster does have a
| "partner" reseller program for scalpers where they have tools
| to help scalpers list and manage resale tickets in bulk. They
| also have events where they help teach scalpers how to make
| more money, which is good for TicketMaster since it makes
| even more money on secondary sales. Ticket scalping used to
| be illegal, and now TicketMaster is helping facilitate it.
|
| Source: https://www.cbc.ca/news/business/ticketmaster-
| resellers-las-...
|
| Scalping aside, TicketMaster is taking massive fees each time
| the same ticket is sold. For example, I went to an event last
| year and the fee was $50 on each ticket, and these were
| reseller tickets so TicketMaster had already taken a fee on
| each of those tickets at least once already (perhaps more
| than once).
|
| TicketMaster also owns many venues or has exclusive deals
| with most large venues that prevent those venues from using
| any other ticket selling platform. The DOJ is currently
| investigating this monopoly. TicketMaster alleges it is not a
| monopoly since there are many smaller venues that they are
| not involved with.
| cbsmith wrote:
| > Scalping aside, TicketMaster is taking massive fees each
| time the same ticket is sold. For example, I went to an
| event last year and the fee was $50 on each ticket, and
| these were reseller tickets so TicketMaster had already
| taken a fee on each of those tickets at least once already
| (perhaps more than once).
|
| So your evidence is that you were charged a $50 fee on a
| separate transaction that didn't involve TicketMaster?
|
| This is not the compelling evidence that you think it is.
| chrisrhoden wrote:
| I think you can probably re-read and understand that
| their entire post is about the fact that Ticketmaster
| hosts, processes, and charges fees on resale tickets.
|
| I know that you already know this, based on your other
| posts on this thread.
|
| The technology referenced in the post above is, at least
| in part, to prevent you from reselling the ticket without
| involving TicketMaster. That may be justified as a way to
| prevent selling the same ticket more than once, but it's
| certainly the case that this is one of many possible
| approaches, and it's the one that most favors this
| business.
|
| It would probably be criminal for the company to act any
| other way, so I'm not claiming any evil doing here.
| cbsmith wrote:
| > I think you can probably re-read and understand that
| their entire post is about the fact that Ticketmaster
| hosts, processes, and charges fees on resale tickets.
|
| Yup. I misread the comment.
| bonestamp2 wrote:
| Actually, TicketMaster was involved in each transaction.
| Let's revisit the first paragraph: "TicketMaster is
| taking massive fees each time the same ticket is sold."
|
| I'll lay it out in detail so it's more clear:
| TicketMaster sold the original ticket to the scalper.
| Then the scalper listed the ticket on TicketMaster's
| secondary market. Then I bought the ticket on
| TicketMaster's secondary market and TicketMaster
| collected a $50/ticket fee from me. TicketMaster also
| collected a fee on each ticket the first time
| TicketMaster sold those tickets to the scalper.
|
| TicketMaster also charges the scalper a fee to list the
| ticket, so TicketMaster actually made more than the
| $50/ticket fee that they collected from me.
|
| It's also possible that the ticket was sold on
| TicketMaster's secondary market several times before I
| bought it on TicketMaster's secondary market, which would
| allow TicketMaster to collect many fees on the same
| ticket.
| cbsmith wrote:
| Yes, I misunderstood what you wrote.
|
| There are plenty of scalpers who sell tickets outside of
| TicketMaster, despite their best efforts. Do you think
| the $50/ticket fee that you paid would have been lower if
| you'd done your transaction outside of TicketMaster's
| platform?
| bonestamp2 wrote:
| I have purchased secondary tickets outside of
| TicketMaster many times and the fee has always been
| lower. But, that's anecdotal of course... there's no
| reason why they couldn't be higher. But, let's leave the
| actual fee amount aside for a moment...
|
| I'm slightly less concerned with the actual amount of the
| fee and more concerned with the fact that ticket scalping
| has apparently become legal and that the original ticket
| seller is not only in on it, but getting even higher fees
| on the scalped tickets than the original tickets.
|
| It's disturbing that it's illegal to scalp a single
| ticket in person outside an event, but if someone does it
| online with hundreds of tickets then they're a "ticket
| broker" and that's legal (in California at least).
| cbsmith wrote:
| > It's disturbing that it's illegal to scalp a single
| ticket in person outside an event, but if someone does it
| online with hundreds of tickets then they're a "ticket
| broker" and that's legal (in California at least).
|
| Legal space around ticketing is... insane. The laws
| protecting "ticker brokers" are cloaked as consumer
| friendly regulations, and ironically TicketMaster
| actively lobbies against online "ticket brokers".
|
| > I have purchased secondary tickets outside of
| TicketMaster many times and the fee has always been
| lower. But, that's anecdotal of course... there's no
| reason why they couldn't be higher.
|
| In general, TM's share of resell is much smaller, and the
| resell market is heavily fee sensitive, as the brokers
| like to keep as much of the money as they can, so the
| fees tend to be set by the market (and they didn't go up
| when TM got in to the business).
| TOMDM wrote:
| Even if it's true it's a conspiracy
|
| > Conspiracy
|
| > a secret plan by a group to do something unlawful or
| harmful.
|
| It could be true but Ticketmaster is explainable by the
| purely mundane evil of a monopoly. I could be convinced but I
| too would want evidence.
| lmm wrote:
| LiveNation (who owns Ticketmaster) acknowledges that they do
| this with the artist's consent. https://archive.md/1JeG5
| Decker87 wrote:
| Taylor Swift's manager is a woman. And an artist like TS is
| going to know exactly how it works behind the scenes
| floatrock wrote:
| Hey now, it's 2024, anyone can twirl their evil mustache if
| they want to sport one. Just wash your hands afterwards.
| axus wrote:
| If Britney Spears's book is to be believed, the talent can be
| kept in the dark.
| telotortium wrote:
| Britney Spears ended up forced into a conservancy. Taylor
| Swift is much more savvy (gets songwriter credit on
| everything, successfully rereleased her early tracks to get
| better royalties from her back catalog, manages her fanbase
| really well in general). She definitely knows the game with
| Ticketmaster.
| patmorgan23 wrote:
| Britney Spears is not your typical situation. She was
| legally incompetent and in a conservatorship control by her
| dad until very recently.
| sethaurus wrote:
| The grandparent is implying that "Taylor Swift" and the "Evil
| Manager" are two sides of the same coin; they don't need to
| even be different people. The system lets a (big) artist
| extract value while keeping their public image clean. It's a
| shell game, and Ticketmaster plays the role of bad-guy-as-a-
| service.
|
| Of course, their insane monopoly means they also get to take
| advantage of smaller artists, venues etc. None of this is
| good.
| MarketingJason wrote:
| I'm not sure this is true. Most (~80%) large venues are owned
| and operated by Live Nation, who also owns Ticketmaster. They
| also have exclusivity agreements with hundreds of others.
|
| It's, in effect, a shell operating as a scalper and a customer
| service disruptor. This has very little to do with the artist
| beyond selecting venues.
| cbsmith wrote:
| It's about 60% of large venues. The 80% is Ticketmaster's
| share of the ticketing marketplace.
| behringer wrote:
| Sounds great. Won't be going to any ticketmaster events ever,
| and you shouldn't either.
| thechao wrote:
| I, too, love a good Tuvan throat death-metal band in the
| outer suburbs of Ulaanbaatar.
| bigiain wrote:
| I would _totally_ go to that show.
| benced wrote:
| I don't think this is accurate. Ticketmaster/LiveNation control
| most good/big venues so artists have to deal with them in some
| way. Artists generally don't want to charge market clearing
| prices to their fans (for niceness and PR reasons) but
| Ticketmaster is happy to be the bad guy and do that via
| exorbitant fees. I'm very in favor of breaking up Ticketmaster
| but we should be clear-eyed about what that will do: it will
| transfer money from either Ticketmaster to scalpers or transfer
| money from Ticketmaster to artists.
|
| Fundamentally, if there's someone out there willing to pay up
| to $x for a space-limited event, they will find someone to give
| that $x to. I'd rather that person be the artist.
| futevolei wrote:
| There was an article in the LATimes article a few years ago
| with the former ceo of Ticketmaster who explicitly confirmed
| the above. Ticketmaster does a deal with the band to charge
| as much as possible and take all the negative blowback or
| whatever about it and then gives them a kickback.
| mixmastamyk wrote:
| Fees split into thirds, (TM, performer, venue) is my
| recollection.
| mellow-lake-day wrote:
| Not sure why you are saying Taylor Swift's fans are 12 year
| olds because they aren't. The average age of a Taylor Swift fan
| is closer to 30.
|
| And because of Taylor Swift there is now a DOJ investigation of
| ticketmaster. Taylor Swift is not on the side of ticketmaster
| like you are conspiracizing.
| zer00eyz wrote:
| > Taylor Swift is a nice-ish person and ...
|
| Face value on tickets for her last tour started at 75.
|
| All that money went to Taylor. ALL OF IT.
|
| How do you pay for support staff, trucking how do you pay to
| move t-shrits from one venue to the next.
|
| This is where all those fees come in... It's not the manager
| grabbing the money (that bit is later), it's the promoter
| covering the cost of the tour. Paying for staff to haul and set
| up a stage at every venue, paying for band members, dancers,
| people to run lights...
|
| The Management (and the artist) will then "hold back" tickets.
| Most of the best seats are sold one of two ways. Fan club
| packages, where you pay 3000 bucks to meet the artist, get a
| photo and get a good seat. - OR - they go directly to the
| secondary market. This used to be scalpers (who "worked" for
| management) but now is secondary sales sites.
|
| There are still two more bits: Consessions. Most artist get a
| pretty hefty kick back after covering venue staffing. These
| contracts can be weird, but artists, managers and promoters
| LIKE Ticketmaster being a one stop shop. It lets them negotiate
| a single deal (and one that is better for the artist) for the
| whole tour. Then there is merch, this is a gold mine for the
| artst and management too. Again there is a staffing component
| but that is covered by the concessions (mostly).
|
| IN a lot of cases a venue will not sell out, and that is FINE.
| What happens is that the "fans" ran to the front of the line
| and paid too much for tickets, bought on the secondary market
| to get good seats. IN many cases there was so much money made
| at this stage that the monetary value of the rest of the
| tickets drops to zero....
|
| At that point no one wants an half empty venue... So it gets
| papered over. They give away tons of free tickets, they "leak"
| a late box office hold being released... but it's now a fire
| sale. The nose bleed seats are selling for 5-10 bucks (even in
| today's market). Because assess in seats sells beer, t-shirts,
| and a full venue makes it an "experience"
|
| This is the model that Bill Graham built and the vision of the
| industry he was going towards. TM is still, at its core, Bill
| Graham Presents.
|
| I used to work in the industry, it's a hot mess and every one
| is greedy.
| Zopieux wrote:
| Agreed, fuck Ticketmaster. Sincerely.
| AlexanderTheGr8 wrote:
| Nice reverse engineering! As a hacky way for the non-tech-savvy,
| couldn't you use a temp account to create ticketmaster account
| and then buy the ticket and then sell the temp account
| information to bypass their rules?
|
| This reverse-engineering also breaks if ticketmaster forces venue
| staff to only scan if the barcode is in the ticketmaster app.
| Unless you create a lookalike app to trick the staffers.
| jasomill wrote:
| Good luck forcing a check like this at a busy event venue.
|
| I once paid at Starbucks with the Apple Wallet barcode
| appearing in a photo of my phone displayed on the back of a
| DSLR. Plopped my not-remotely-iPhone-like Nikon D800 on the
| counter lens-down, LCD-up, barista scanned it without a second
| thought.
| xp84 wrote:
| I am not an expert, but I think one of their layers of
| protections (that is, to ensure that TM itself gets the
| greatest share of scalping money) is applying much greater
| scrutiny to freshly-created accounts when it comes to the in-
| demand events. I'm not sure how they effectively bootstrap new
| legit users of course, but I've been offered I think around
| $100 to sell my Ticketmaster account, which is old. (I can't
| recall how they found me, perhaps it was an ad just stating
| that they'd buy an account older than X years).
| hunter2_ wrote:
| > bootstrap new legit users
|
| Phone number? The friction/expense of a scalper getting a new
| one for every sale would seem sufficient. Although I guess
| the scalper could reclaim (via password reset or whatever)
| accounts after the show to some extent.
| drowntoge wrote:
| > If you take a closer look at your ticket, you may notice that
| it has a gliding movement, making it in a sense, alive. That
| movement is our ticket technology actively working to safeguard
| you every second.
|
| This part made me want to throw up, preferably a couple of
| buckets full, right onto the heads of the marketing team who came
| up with it.
|
| Kudos to the author of the article. Great work and a great read
| to go with it.
| xp84 wrote:
| Those little blue bars are some hard workers. They don't even
| sleep! Just moving back and forth all day, protecting me. <3
| GuB-42 wrote:
| Does anyone knows how Ticketmaster works, really?
|
| I have been to Ticketmaster events that use reasonably priced,
| printable tickets, you could even buy a printed ticket with cash.
| In fact, even though there are so many Ticketmaster events, they
| are not all working the same way. And Ticketmaster doesn't have
| the monopoly on shitty practices, the article gives a good
| example in the beginning.
|
| What I suspect is that Ticketmaster is nothing more than a
| service provider. The venue/event organizer/... looks at the
| Ticketmaster catalogue and pick the product they want. There are
| "evil" products in that catalogue, and they are probably the ones
| with the best returns, but I am sure people have a choice.
|
| I'd even go as far as calling Ticketmaster "Evil as a Service".
| So people can say "fuck Ticketmaster" instead of saying "fuck
| Taylor Swift". I would be very surprised if artists (and their
| agents) at the level of Taylor Swift didn't have a say regarding
| ticket sale practices, even with Ticketmaster.
|
| Of course, the monopolistic practices of Ticketmaster are a
| problem, people are most likely paying more than they should
| because of it, but all the crap with apps, resale platforms,
| etc... I am pretty sure the event organizers, maybe the artists
| themselves are as much to blame.
| orangecat wrote:
| _I 'd even go as far as calling Ticketmaster "Evil as a
| Service"._
|
| Correct, except rather than "evil" it's "market-clearing
| pricing". Of course many people see no distinction there.
| bonestamp2 wrote:
| > but I am sure people have a choice
|
| Often, they do not. The DOJ is currently suing TicketMaster
| because they have exclusive agreements with nearly all of the
| large venues and that prevents those venues from using other
| ticket providers. To be fair to TicketMaster, they argue they
| are not a monopoly because there are many smaller venues that
| they are not exclusive with.
|
| But, TicketMaster even requires that artists use TicketMaster's
| promotional agency if they want access to these large venues.
|
| And more evil stuff! Details here...
|
| https://www.justice.gov/opa/pr/justice-department-sues-live-...
| GuB-42 wrote:
| I wasn't talking about having the choice of using another
| agency, Ticketmaster is predatory and this is a problem.
|
| I was talking about using Ticketmaster (for the lack of other
| choice) but using one of the more consumer friendly services
| Ticketmaster appear to provide. I am sure Ticketmaster won't
| mind, they get their share anyways.
|
| What I wanted to say is that Ticketmaster may be responsible
| for your ticket costing $70 and not $60, but for all the
| other bullshit, they just do what is asked of them (by the
| artists, venue, event organizers, etc... maybe even the fans
| themselves). Or at least, that's how I think it is.
| cbsmith wrote:
| > Does anyone knows how Ticketmaster works, really?
|
| For the most part, no. I'm actually shocked by how much
| understanding you are demonstrating in this post. I did not
| expect to find that on Hacker News.
| moritonal wrote:
| I belive I heard that Ticketmaster let the venue set one of the
| arbitrary fees and then hide it amongst the rest. So I would
| agree that the rest of what you said sounds likely.
| sirsinsalot wrote:
| You're missing that Ticketmaster (Live Nation) control and own
| a substantial portion of the venues, the catering, logistics,
| tour buses, security and so on.
|
| The venue "choosing" the Ticketmaster product is owned by Live
| Nation.
| mixmastamyk wrote:
| Tours have some choices, yes. See the Cure tour last year. But
| no, paper tickets and non-auction prices (for front section)
| have been phased out quickly.
|
| Some tiny stragglers perhaps. Went to a tiny venue recently but
| was goldenvoice.
| LeonM wrote:
| Let's face it, the real problem with ticket sales is scalping. OP
| may not like Ticketmaster, and doesn't want to install the app,
| but the majority of fans don't have a problem with that. The real
| problem for most fans are the scalpers who push prices out of
| their budget.
|
| Of course we all like to dream up all sorts of technical crypto
| solutions to this, preferably decentralized to remove evil
| Ticketmaster from the equation. But I don't think the ticket
| scalping problem is a technical problem per se. I believe it is
| because tickets are currently sold under the wrong terms, which
| encourages scalping.
|
| A possible solution could be to make tickets non-transferable,
| but always refundable. So only you (the buyer of the ticket) can
| use it, but you can't resell it. But if you decide not to go, you
| should be able to refund the ticket to the ticket office for full
| price. The ticket can then be sold again to someone else, for the
| same price.
|
| Now, of course this is a naive idea. There are many practical and
| technical challenges to it, not to mention the politics of the
| entertainment industry. I'm not too familiar with the event
| industry, so I'm not sure if this would even align all the
| incentives, but it would benefit the fans and the performers who
| care about their fans.
| mlyle wrote:
| The problem is scalping.
|
| Unfortunately, this "solution" is Ticketmaster cementing their
| control of the ticket marketplace and spying on their users.
| jmholla wrote:
| And (and I think you were implying this), Ticketmaster giving
| themselves complete control over the still existing scalping
| market which they use to boost their own profits without any
| benefits over the standard scalping market (arguably also
| including further downsides).
| mixmastamyk wrote:
| Yup, they finally outscalped the scalpers. What a windfall
| the covid push to ban cash and digitize tickets was for
| them.
| bonestamp2 wrote:
| Yes, non-transferable tickets would fix the scalping part of
| it. I'm guessing the face value would go up a lot in that case,
| and that's fine... at least it's an honest market then and
| ticketmaster cannot pass the blame on to the scalpers.
| dsego wrote:
| > The real problem for most fans are the scalpers who push
| prices out of their budget.
|
| Isn't that the market sorting itself out? What do you want,
| planned economy? How is fixing the price on a ticket different
| than the soviet union stamping prices directly onto
| manufactured items. I meant this to be sarcastic, but it's only
| half so, since I find the comparison appropriate, you know free
| market and all.
| hunter2_ wrote:
| > tickets are currently sold under the wrong terms, which
| encourages scalping
|
| The incentive to scalp arises from the likelihood that a ticket
| will be worth more in the future (buy low, sell high) and that
| future worth is established by scarcity (sold out shows). To
| help eliminate this likelihood, the original price (face value)
| needs to decrease over time, ideally in such a way that the
| final original ticket sale occurs right when doors open,
| because the sooner that occurs, the bigger the opportunity for
| scalping. "Dutch auction" [0] is one implementation of this
| concept, though it's typically to find the most money a single
| buyer will pay, whereas in this case we have thousands of
| buyers. Perhaps the rate at which the price declines could be
| dynamically adjusted to aim for N% sold when N% of the on-sale
| timeline has elapsed, for any N.
|
| The problem is convincing promoters/etc. that this would be as
| profitable for them as the status quo. But it might be!
|
| [0] https://en.wikipedia.org/wiki/Dutch_auction
| eightysixfour wrote:
| This is terrible - right now the random 17 year old middle-
| class kid at least has a small chance of getting a somewhat
| reasonably priced ticket to a popular show. In your model,
| they have zero chance.
|
| Auction models are good for price discovery but this isn't a
| price discovery problem, it is a supply problem. Believe it
| or not, artists don't always want to maximize revenue from a
| ticket, they want fans from lower income brackets to be able
| to attend as well.
| hunter2_ wrote:
| Suppose, for simplicity, that you've got 2 types of people:
| price-sensitive (your 17yo) and price-insensitive (let's
| call them rich). In reality it's a gradient, complicated by
| emotional aspects, but I think just 2 cohorts is sufficient
| for this explanation.
|
| If face value is constant over time (i.e., the current
| model), scalpers can buy at any time that original tickets
| remain available. If they predict huge scalping margins,
| they'll buy up tickets ASAP, competing with the 17yo buying
| ASAP. And scalpers are more likely to have bots/scripts to
| help get in the moment tickets go on sale, putting them at
| an advantage over the 17yo. The 17yo probably ends up
| finding that the show has sold out to scalpers, so now
| tickets are too expensive. If the scalpers overbought,
| they'll eventually let the tickets go at reasonable prices
| (maybe even below face value) as the event nears, so maybe
| the 17yo has a chance that way, and many seats will be
| empty. If the scalpers underbought, great.
|
| If face value decreases over time (i.e., my proposed model)
| from the original seller, then you've sort of got the exact
| same thing going on in terms of the rich buying early and
| the 17yo buying late, except the 17yo has one less
| middleman to contend with. Less chaos. Authoritative
| information about how many seats are yet to be filled. Bots
| that simply react to slow price changes like a human could,
| instead of bots that rush the release of tickets faster
| than humans.
|
| In either model, the rich get their way and the 17yo gets
| whatever is left. But when well-controlled, this gap can be
| filled through need-based programs, student programs, etc.
| -- Broadway has some examples. These programs can be
| layered on top of, as they are orthogonal to, eliminating
| the incentive to use bad bots for scalping.
|
| I don't have all the answers, but as someone who has been a
| musician for 30 years, programmer for 24, FoH audio
| engineer for 21, stock trader for 15, booked several shows,
| and buys tickets to shows every month or two, this is
| something I truly think could benefit the ticket-buying
| experience without excessive downside. The prices don't
| need to be astronomical (i.e., for the richest of the rich)
| when they first go on sale. They just need to be set, and
| reset continuously over time, so as to have N% be sold
| equal to N% of sale window elapsed, with the window ending
| at doors; sales would be almost exclusively to genuine
| show-goers because scalpers would almost exclusively be
| bag-holders.
| lmm wrote:
| > Let's face it, the real problem with ticket sales is
| scalping. OP may not like Ticketmaster, and doesn't want to
| install the app, but the majority of fans don't have a problem
| with that. The real problem for most fans are the scalpers who
| push prices out of their budget.
|
| No, the problem is artists wanting to falsely advertise low
| prices, and using gimmicks like first-come-first-served ticket
| sales and "scalpers" (usually fake, sometimes hired by the
| artists themselves) to do it, and the "fans" buying into this
| whole false narrative. If artists would honestly sell, and fans
| would honestly buy, at the actual prices, then the whole kabuki
| play of "evil scalpers" could be avoided.
| VMG wrote:
| but how would the artist continue to pretend to be close to
| The People?
| xg15 wrote:
| > _This ticket is digital. Saving data offline is the same as
| copying it to your hard drive. If data can be copied, it can be
| transmitted. If it can be transmitted, it can be shared. If it
| can be shared, it can be sold._
|
| Is this still true in the age of locked-down bootloaders, secure
| enclaves, TPMs etc?
| nedt wrote:
| That data might be part of a backup to your Mac. Maybe it's
| even just a sqlite file.
| GuB-42 wrote:
| > My phone has no internet connection...
|
| Who thought it was a good idea to require an internet connection
| at an event. For anything, not just ticketing. It is as if the
| people who designed these apps never went to a large event.
|
| No internet is the rule, not the exception. Sometimes, you can't
| even send a SMS. Apps designed for use in events should always
| work offline, and if internet use is justified, take into account
| latencies in minutes and use bandwith sparingly. Failing to do
| that will make the experience terrible for everyone, as bandwidth
| will be saturated by thousands of phones trying to do something
| with that damn app.
|
| At least Ticketmaster does it somewhat right here. The app is
| supposed to refresh the ticket 20 hours before the event, to
| account for the fact that the internet may be unavailable at the
| gate.
| scottfits wrote:
| Very cool post, but as someone who has been on the other side of
| the situation, I do have sympathy for what they are trying to
| accomplish.
|
| I bought a ticket that someone had double sold, and by the time I
| got to the door, they turned me away and said the ticket had
| already been used. So their system has good intentions, they just
| need to make it work offline.
| tacker2000 wrote:
| Would be interesting to see the same done for the UEFA ticket
| app. They use QR codes that are activated/visible only when the
| user in on site, detected via Bluetooth. They claim that
| secondary use is then not possible.
| zachmu wrote:
| People always cite exclusivity deals / monopoly power when it
| comes to Ticketmaster's dominance, but I also recall reading
| post-mortems about several failed competitors that indicate the
| problem Ticketmaster solves (massive spikey demand with strict
| guarantees on the seats selected) is quite technically
| challenging. I know, it doesn't seem like it would be that hard
| to solve, you're probably already thinking how you would do it.
| But you can't ignore that many others have tried and failed.
| tamimio wrote:
| Great post. While I'm all for messing up greedy companies, this
| is a clear example of why JavaScript should never be used for
| security. Executing the code locally, plus the ability to read
| the source code, fundamentally goes against securing your
| application. It doesn't mean that not having those will make the
| application more secure, though.
| deamanto wrote:
| I'd also like to highlight another bad practice by Ticketmaster.
|
| When you purchase a ticket from them and resell it on their
| marketplace, once someone purchases it, they(Ticketmaster) hold
| your funds and only give you the money ~7-14 business days after
| the event is over. They say this is to verify the validity of the
| ticket.
|
| On the buyer side, you purchase the ticket from the marketplace
| and it gets added to your account immediately. (I think) You get
| the barcode some time ~1 week before the actual event begins.
|
| The confusion for me? Ticketmaster owned the ticket and all logic
| relating to the validity of it. The logic to validate this
| shouldn't be complex at all. They OWN the ticket. They KNOW it's
| legitimate because it never left their database. Yet they double
| dip and hold both buyer and seller funds. Events can be close to
| a year in the future but the seller won't see that until after
| that event ends.
| tesrx wrote:
| Excellent point. I wonder if Ticketmaster profits by making
| interest off of holding those funds?
| mixmastamyk wrote:
| Wonder no more--yes.
| ipsum2 wrote:
| Do you work at ticketmaster? Otherwise, how do you confirm
| this?
| mixmastamyk wrote:
| Every big corp holds money longer than necessary to
| maximize interest. It's free money. We know TM. "Why
| _wouldn't_ TM do it" is what you should be asking proof
| for.
| tsukurimashou wrote:
| exactly this
| passwordoops wrote:
| Rule of thumb when it comes to monopolies: always err on
| the side of rentierism. In fact, it should be incumbent
| on their defenders to prove (insert greedy activity) is
| _not_ practiced by said corporation
| seanhunter wrote:
| Ticketkmaster earns interest on cash they hold[1]
|
| This is cash that ticketmaster is holding
|
| Therefore they will be earning interest on this.
|
| [1] see interest incom on their latest 10-K
| https://investors.livenationentertainment.com/sec-
| filings/an...
| fallingknife wrote:
| 1. ticket master holds the money for 14 days before
| paying the customer
|
| 2. there are a lot of customers
|
| 3. therefore ticket master holds lots of customer cash in
| transit (this is called the "float")
|
| 4. cash earns 5% interest so this year they will earn
| about 5% * avg float
| bonestamp2 wrote:
| There's another good point in here. Why do they hold the ticket
| until just before the event? I bought tickets to a concert for
| my wife's favorite band. Then, my wife's work scheduled an
| event for that same week and she had to leave town. So, what I
| really wanted was a refund so someone else could buy the
| tickets. They don't do that of course. So, then I wanted to
| sell the tickets for face value... but ticketmaster didn't
| "deliver" the tickets to my account until the day before the
| event!
|
| I watched for a month leading up to the event as the ticket
| prices plummeted while the scalpers were desperate to get at
| least something for their tickets before my ticket was even
| delivered to me.
|
| As soon as they take my money, they should update the database
| to show that the ticket is mine. If I want to sell it, I should
| be able to do that immediately too.
|
| But, from what I've read, that instant resale ability only
| belongs to their "partners" who resell a lot of tickets, and
| you need access to their "TradeDesk" tool to do it:
| https://tradedesk.ticketmaster.com
| Ocha wrote:
| Just vote with your pocket and don't buy tickets from them. I
| do that - yes I don't get to go to major concerts but there
| are still so much more that is not on ticket master. I found
| a lot of new entertainment and was happy to pay $4 fee
| instead of whatever TM charges nowadays.
| Loughla wrote:
| That's the secret.
|
| If nobody used them, they would go away.
| mattmaroon wrote:
| Our options shouldn't be see no concerts from successful
| musicians or pay monopoly pricing. This is something
| government should solve.
| shiroiushi wrote:
| Expecting the US government to properly handle monopolies
| and anti-trust issues is a fool's errand. It's like
| saying the US government should solve the issue of gun
| proliferation in the US: it's simply not going to, in our
| lifetimes.
| mattmaroon wrote:
| I don't think that's accurate. They've successfully
| handled plenty of anti trust issues in the past and very
| recently got on this one.
| sofixa wrote:
| When was the last time they did it?
| ricket wrote:
| I googled "us government anti trust wins" and found a few
| articles that point out some recent ones, e.g. Adobe and
| Figma in December 2023, and an Apple lawsuit in March
| 2024.
| dml2135 wrote:
| Biden's FTC and Justice Department are in the process of
| suing Apple, Facebook, and Google for antitrust
| violations. And Ticketmaster.
| skywhopper wrote:
| On the contrary, the US government is probably a lot
| easier to influence than an entrenched monopoly.
| mattmaroon wrote:
| It probably would require less money.
| nulbyte wrote:
| You're right, of course, those shouldn't be our options.
| But that's just how it is. If you aren't willing to stop
| playing, the game will never end.
| mattmaroon wrote:
| Again, not true, that's a false dichotomy. Political
| pressure is an alternative. The justice department is
| already suing. Clearly it can be done.
|
| You writing your congressperson is more likely (albeit,
| still not at all likely) to make a difference than you
| not going to your annual concert.
| Dylan16807 wrote:
| That's why they've done so much to force performers to
| use them.
| spicybbq wrote:
| While this is literally true, solutions in the form of
| "if everyone would just X" are not solutions at all.
| wrsh07 wrote:
| That's not really possible, because they contractually
| require venues and performing artists to only perform at
| their venues
|
| This kind of gross exclusionary contract should be
| illegal (it's kinda the same BS that Google does with
| Android OEMs - contractually force them to [1]), but for
| some reason antitrust avoided acting on the matter
| (including allowing acquisitions in the space) for quite
| some time
|
| [1] > Predicating the availability of any of Google's
| apps, including the Google Play Store, on OEMs not taking
| advantage of the open source nature of Android on devices
| that will not include Google apps seems much more
| problematic than Google insisting its apps be distributed
| in a bundle. The latter is Google's prerogative; the
| former is dictating OEM actions just because Google can.
| https://stratechery.com/2018/the-european-commission-
| versus-...
| NickC25 wrote:
| That might have been true in decades past.
|
| They now, having merged with LiveNation, have effective
| ownership of all major and semi-major venues around the
| country. They also aren't just doing concerts, they're
| doing sporting events and other live entertainment as
| well.
|
| They aren't going anywhere. They are just too big, and
| too ingrained.
| NoahKAndrews wrote:
| See Tickets seems to be on the rise recently, which I've
| been glad for
| trustno2 wrote:
| They have an effective monopoly.
| sirsinsalot wrote:
| Not just on tickets, but on venues, catering, security,
| logistics. It's pretty bad.
| account42 wrote:
| ... for a completely optional form of entertainment.
|
| At the very least you have the choice not to go to any
| concerts until there are better options. You can also
| make that clear to your favorite bands.
| skywhopper wrote:
| lol, people and bands have been complaining about it for
| 30 years and it's only gotten worse. Yes, you could skip
| concerts for the rest of your life, I suppose, to make a
| point. But it's not going to fix anything.
| account42 wrote:
| Complaining yes, but how many people are actually putting
| their foot down? As for bands, they may actually be
| profiting from this scheme where ticketmaster ensures
| higher prices while taking the blame. If they really
| cared enough they could chose not to deal with
| Ticketmaster. Sure, that would limit their choices in
| venues which could mean lower potential for profit.
| Probably not going to be a real issue for the the more
| popular groups.
|
| And yes, if there are no concerts with acceptable terms
| (and that's really a hypothetical if) then don't go to
| any for the rest of your life. You make it sound like
| this is some kind of required part of the human
| experience when it is just one of many possible ways to
| spend your time. Even if you are really into music,
| concerts are just one way to experience it - and when it
| comes to audio quality, a fairly crappy one.
| Spivak wrote:
| It's possible you can put your foot down, lots of venues
| will sell you paper tickets at the box office. It's
| inconvenient but they also don't charge TM fees sooo.
| It's what I do since they open the box office during any
| of their events. Just get tickets for the next few shows
| right there.
|
| > Even if you are really into music, concerts are just
| one way to experience it - and when it comes to audio
| quality, a fairly crappy one.
|
| This fundamentally misunderstands why people go to see
| live music and honestly maybe what people enjoy about
| music entirely.
| TylerE wrote:
| The bands are absolutely profiting.
|
| Ticketmaster is basically "customer punching bag ad a
| service".
| mattmaroon wrote:
| The bands at the top are absolutely not profiting,
| they're losing money over it. Instead of a healthy
| ecosystem of promoters willing to pay them market rates,
| they're dealing with a monopsony that depresses earnings.
| They HAVE to go through TicketMaster venues, because TM
| has locked up 85% of large ones, which means they have to
| accept whatever fee the promoter (LiveNation, same
| company) is willing to pay them. That's part of why AEG
| sued them, they are a giant international promoter who is
| effectively boxed out of the American market by TMs
| stranglehold on venues and vertical integration.
|
| Venue owners are profiting. LN/TM can pay them a lot for
| exclusive rights thanks to their monopoly-inflated
| profits.
| TylerE wrote:
| The bands get more than a small cut of the various fees,
| and especially the upcharge things like Platinum tickets.
| mattmaroon wrote:
| No they don't, that's not how the money works in
| concerts. The bands get paid a flat fee by the promoter.
| You can Google this if you don't believe me but I know
| from working with concert promoters.
|
| Why would Ticketmaster/live nation pay them at all? They
| don't have to, the bands don't have any other places to
| play and they make most of their income from live shows.
| TylerE wrote:
| Platinum Tickets are priced by the artists who get the
| bulk of the revenue.
| JansjoFromIkea wrote:
| Just to back this up, Robert Smith references Platinum
| Tickets here https://www.bbc.com/news/entertainment-
| arts-64975160
|
| Choice quote: "It is a greedy scam and all artists have
| the choice not to participate. If no artists
| participated, it would cease to exist."
| mattmaroon wrote:
| It doesn't say it goes to the artists. It says artists
| can choose not to participate. It says most of the fees
| go to the venue, which is true, that's how they get
| exclusivity.
|
| Perhaps they give artists a little to encourage
| participation in some ancillary revenue, I don't know.
| I've mostly worked non-TM venues. But I'm sure the
| promoter gets most of that too and it's not a lot of the
| overall ticket sales.
|
| I can tell you for sure, everyone but the venues feels
| they would get more without the monopsony. There is not a
| functioning market for concert promotion once you get to
| the 10,000+ seat level, and TM is actually even buying up
| the ones below that too.
|
| Your only end run around it is the festival circuit since
| a lot of them are out in a field rather than a venue, but
| guess who is buying those up now also...
| mattmaroon wrote:
| Also note how they say ticket master passes on fees to
| the promoter. That's a clever way of phrasing because it
| makes it look like they're not greedy, but the promoter
| is almost always LiveNation, which is the same company.
| mattmaroon wrote:
| I am fairly sure that's not true, and also that platinum
| tickets are a small percent of tickets.
|
| Do you have a source for that statement? The article
| about it linked below does not back up either assertion.
| I'm pretty sure they're dynamically priced by a TM algo,
| and I'd bet little of it goes to the artists.
| dml2135 wrote:
| On large venues for big name artists.
|
| Granted, I live in NYC, which probably has one of the
| most vibrant local music scenes in the country. But it's
| not like nowhere else has local bands that play at small
| venues.
|
| It feels like a lot of the people that complain about
| ticketmaster's monopoly have never branched out from
| Billboard chart artists.
| to11mtm wrote:
| It's weird?
|
| Even the most 'hole in the wall' places around here have
| deals with LN/TM, short of a bar-band or niche-local
| joint.
|
| One of the more 'fun' ways that LN/TM did shenanigans at
| the past I observed: Metal shows at smaller places in the
| Detroit area like Harpo's (famous place but known for the
| sketch area) or Token Lounge (literally a bar with a
| dance floor and stage, pretty fun tho) you'd have one of
| the local small/startup bands selling tickets, often
| -below- cost at the box office.
|
| Why? If they sold enough tickets, they got to play as an
| opener. Yes some scammers would try to fake this, but I
| never saw anyone actually get 'taken'. And yes I'd buy
| them if I didn't already have them to help the locals
| out.
|
| That said, the concerts at those smaller venues, despite
| being TM/LN, were in the 20-30 dollar range after fees.
| Not 'top billboard' type stuff _per se_ but Children of
| Bodom, Lacuna Coil, and other 'popular but niche' bands
| in the 2005-2007 timeframe.
| bonestamp2 wrote:
| I did that for several years. I don't really consider it
| voting though because nobody is counting the votes -- they
| still sell out of tickets with higher profits each year.
| EGreg wrote:
| I've never dealt much with TicketMaster, despite them being a
| monopoly. So my questions here may just be out of naivete:
|
| 1) Why would TicketMaster pay event organizers ahead of time,
| if the event might be shit and attendees may demand their
| money back? Rather than having to deal with a lot of
| chargebacks and making it their own problem with the banks,
| they might prefer to make sure the event goes off without a
| hitch and refund people while they still can. Rather than
| subsidizing the refunds they make the event organizer have to
| get (and pay for) financing instead, backed by their payout.
| They might also offer such financing.
|
| 2) I get that they hold event organizers hostage by making
| contracts with the venues for years, that might be an
| antitrust issue but it's separate from 1.
|
| 3) Why would TicketMaster make scalping easy? Middlemen would
| just buy up all the tickets and then pump and dump the price,
| much like early crypto investors in a meme token or altcoin
| do. So they don't "deliver" the ticket to you until just
| before the event, exactly for that reason.
|
| With ChatGPT it's now easier than ever to impersonate
| thousands of people at scale, with credit cards and
| everything. But I will admit, showing up to an event at least
| once confirms there is a human behind the account. But a
| first-timer buyer? Shouldn't be able to resell, no.
| mhuffman wrote:
| #1 and #3 are related. They make scalping easy so they get
| all of their money immediately and can pay event organizers
| ahead of time. I personally think scalping should be
| straight-up illegal but business schools loove it and
| consider it an excellent example of helping with liquidity
| in a system and finding the true "willingness to pay" price
| of something.
| EGreg wrote:
| willingness to get ripped off LOL
|
| I built a blockchain-based solution.
|
| It features a price discovery mechanism: you auction off
| M tickets to M people, the price goes up every time after
| M people buy and the oldest buyer is booted when the
| others buy, but can buy back in again. Buyers can set a
| "reserve price" to automatically bid up to that price.
|
| No scalping, because tickets aren't transferrable.
|
| Similarly, you can disallow transfering of bearer token X
| but let the user sell it back to the central market maker
| and someone else buys it. Enforcing commissions on sales.
|
| Blockchain makes all this work, decentralized.
| amarant wrote:
| Tbf, this does sound like a fairly efficient anti-scalper
| strategy, so I guess there's at least some upside to this
| mess.
| bonestamp2 wrote:
| I guess it depends on your definition of scalper. It
| prevents mom and pop from reselling their unwanted tickets.
| If they stopped there and prevented all reselling I'd be
| fine with that even though I'd lose out on some money in
| this one case.
|
| But then they literally built a whole platform (link in my
| last comment) for actual scalpers to resell tickets in
| bulk. So, they're not trying to prevent scalping, they're
| just ensuring that only their "partners" can scalp.
| cypherpunks01 wrote:
| It's simply 0% financing for their business. No more complex
| than that.
| patates wrote:
| Maybe to stop people selling the ticket and still going to the
| event with a pre-printed one? Solving that would also be easy
| if they have a central verification system (just invalidate the
| ticket and issue a new one) but not if it is all p2p.
|
| (disclaimer: I'm a complete outsider, last time I bought
| anything from Ticketmaster was a really long time ago).
| Phemist wrote:
| They would need to solve that anyway in case 2 or more
| friends attempt to get in on the same ticket.
|
| Not at all difficult - simply share screen a third device and
| display the rotating QR-code through e.g. zoom on individual
| phones. For additional trickery, try to split the group into
| joining multiple ticket scanning lines and timing the scan of
| the ticket to be as close as possible to eachother.
| krger wrote:
| >When you purchase a ticket from them and resell it on their
| marketplace, once someone purchases it, they(Ticketmaster) hold
| your funds and only give you the money ~7-14 business days
| after the event is over. They say this is to verify the
| validity of the ticket.
|
| I imagine it's more about discouraging scalping, regardless of
| what they may say about it.
| garaetjjte wrote:
| Possibly it's fraud prevention, in case payment for the
| original ticket was fraudulent and chargeback occurs after the
| ticket is resold on marketplace?
| LorenPechtel wrote:
| That does sound like a very reasonable thing to do. Otherwise
| you have a threat vector of steal card, buy ticket, sell
| ticket, pocket the cash, card owner disputes, now
| Ticketmaster has paid a stolen identity who took the money
| and ran.
|
| Anything that can be used to monetize stolen cards will tend
| to be used for the purpose even if it's inefficient.
| elcomet wrote:
| Because you could just print the ticket, then sell it, and
| still enter the show with it ?
| mmmlinux wrote:
| This is literally what the rolling codes prevent.
| babypuncher wrote:
| I really, really, really hope Ticketmaster gets broken up.
| Their shittiness seemingly knows no bounds.
| farceSpherule wrote:
| People here have no clue how much it costs to pay for a tour.
|
| Up to $1M per week.
| jamisonbryant wrote:
| > "Screenshots won't get you in"
|
| I'd say this highly depends on the fastidiousness of the ticket
| taker and the rules of the venue. I purchased Major League
| Baseball tix recently through my employer which uses a 3rd-party
| seller site that has restrictions like this (a moving graphic
| behind the barcode with the admonishment not to take a screenshot
| because it won't work).
|
| I was unable to attend the event that night so I sent my wife a
| screenshot of the ticket. Two tickets, in fact. They were taken
| with zero issue.
| bogota wrote:
| Shitty companies doing shitty things. I think this is the
| expectation in 2024.
| ashu1461 wrote:
| I wonder why did they implement this gimmick while having access
| to all the resources in the world. Or maybe they thought that
| this is smart.
| zharknado wrote:
| > Based on this, it might be reasonable to assume the rawToken is
| only valid for a 20 hour period
|
| Bet your bottom dollar it's good for 24h and they added 4h of
| buffer in their API guidance to handle admissions after the start
| of the show "for free."
|
| Not that this really gets you anything, just made me chuckle.
| Drygord wrote:
| Reverse engineering? More like "reading plain English"!
|
| For a billion dollar corp that is some atrociously poor security
| jenny2244 wrote:
| Great innovation and good job. So many great companies started
| with reverse engineering to become what they are today.
| https://cautiousmez.blogspot.com/2024/07/ai-superpowers-chin...
| jenny2244 wrote:
| Nice job
| nmeofthestate wrote:
| "besides the fact that I don't want to install their spyware on
| my phone."
|
| There's no other mention of spyware in the article - does anyone
| know what this is referring to?
| kornakar wrote:
| I think it's just usually any 3rd party app is to be considered
| spyware nowadays.
| nmeofthestate wrote:
| OK - just general tin-foil hattery.
| prmoustache wrote:
| The solution to scalping is simply to not buy tickets from
| scalpers. Never did, never will.
|
| How hard is that really?
| radsquirrel wrote:
| I worked a summer job in a Ticketmaster box office ten years ago
| and had access to the whole of their UK customer database in
| order to print off ticket collections. I'd type in a customer's
| post code and up came all of the data Ticketmaster held on
| them... including their password in plaintext.
| poet123432 wrote:
| I had to create an account just to reply to this; as much as TM
| has it's faults this is just false, it does not store passwords
| in any reversible way or at least hasn't for more than 2 years
| and all evidence removed.
|
| Source: I am an engineer within TM that has worked on
| integration between various booking products in the UK market.
| dehugger wrote:
| Well there is an 8 year delta between your timeline and the
| OPs... so I don't see any contradictions here.
| radsquirrel wrote:
| Glad to hear their security has improved since then! This was
| the 2014 Commonwealth Games and I had only recently learned
| about password hashing so I was particularly shocked that
| they were exposing passwords to thin clients used by front
| line employees.
| dml2135 wrote:
| As an engineer within Ticketmaster, I'd be curious to hear
| your take on the conclusion of the article.
|
| > I think we can all agree: Fuck TicketMaster. I hope their
| sleazy product managers and business majors read this and
| throw a tantrum. I hope their devs read this and feel
| embarrassed. It's rare that I feel genuine malice towards
| other developers, but to those who designed this system, I
| say: Shame.
|
| > Shame on you for abusing your talent to exclude the
| technologically-disadvantaged.
|
| > Shame on you for letting the marketing team dress this
| dark-pattern as a safety measure.
|
| > Shame on you for supporting a company with such cruel
| business practices.
|
| > Software developers are the wizards and shamans of the
| modern age. We ought to use our powers with the austerity and
| integrity such power implies. You're using them to exclude
| people from entertainment events.
|
| > Have fun refactoring your ticket verification system.
| y-c-o-m-b wrote:
| As a dev working in big tech, I'm sure they do feel
| embarrassed, and I'm sure there is jack shit they can do
| about it. Is that how you feel?
|
| I don't know how many times I've reasonably pointed out why
| our product is extremely user-unfriendly - backed by
| evidence from user feedback and endless reddit complaints -
| but I still get shot down, badly. "Disagree and commit"
| they say, which is just short for "do what we tell you and
| shut the fuck up". If you bring up issues too many times,
| you end being treated like an agitator and they make your
| life hell. This has remained true for the many different
| industries I've worked in over the last 17+ years. Software
| developers are effectively powerless in many organizations.
| CobrastanJorji wrote:
| Everybody has their own personal lines in the sand. People
| need to work for a living because we're not in a magical,
| post-need society. Every company has its flaws. Each
| company has some subjective amount of flaws/sins/evil, and
| everybody makes their own decision about what they're
| willing to do for money.
|
| Helping a company use some sleazy dark patterns to make
| some extra money off of Taylor Swift tickets is honestly
| pretty mild on the scale of evil software engineering jobs,
| so I imagine their answer is "I built a system to sell
| entertainment, now my kids get to go to private school, and
| I sleep great at night."
|
| Ticketmaster sucks, but it's not like he's working for
| Palantir, Lockheed Martin, or TikTok.
| thih9 wrote:
| > TicketMaster markets their SafeTix technology as a cure-all for
| scammers and scalpers
|
| Scammers - yes; but how scalpers? Does this mean there is no way
| to resell or give the ticket to another person?
|
| Edit: The answer was couple of sentences later; looks like yes,
| unless via an official marketplace. I like this even less than
| scalpers.
|
| "SafeTix makes it harder for people to resell tickets outside of
| TicketMaster's closed, high-margin ticket-resale marketplace,
| where they make a boatload of money by buying low and selling
| high to customers with no alternative."
| BigBalli wrote:
| Great post, bummer this will probably mean we can no longer use
| this as soon as the implement something stronger.
| totaldude87 wrote:
| This is Gold - but also Ticketmaster is a evil monopoly
|
| Disclaimer: This isn't from a real SafeTix barcode. I don't want
| TicketMaster to be able to identify and harass me.
|
| Bullshit, TicketMaster. It's a CSS animation. Get over yourself.
|
| I think we can all agree: Fuck TicketMaster
| mechanicalpulse wrote:
| Great read, though I am compelled to comment on this ad-hoc
| date/time conversion: $ date=$(python3 -c
| 'import datetime;
| print(datetime.datetime.fromtimestamp(1707074879).isoformat())')
|
| Consider reaching for `date` from GNU coreutils instead:
| $ date -Is -d @1707074879
|
| Fewer keystrokes, faster execution, and the output includes the
| TZ offset.
| karttu wrote:
| Great article indeed, but that python line triggered me too.
|
| It's a good reminder though. We are all smart individuals with
| wealth of knowledge, but we never know everything.
| SoftTalker wrote:
| I don't understand how they're allowed to get aorund the first
| sale doctrine?
|
| Once I buy a ticket, it's my property. I should be able to sell
| it, by any means I want, to any person I want, at any price we
| agree upon.
| valleyer wrote:
| Just addressing the how: the first sale doctrine applies to
| copies of copyrighted works, not to tickets.
| SoftTalker wrote:
| OK, but the "first sale" doctrine really just says that
| copyrighted works are like any other item that is bought and
| sold?
|
| So I haven't read their fine print lately---is Ticketmaster
| is not selling you a ticket, but a non-transferrable license
| to attend the event?
| worik wrote:
| And they do not have to sell you bulk tickets that makes
| scalping a viable business
|
| They want to monopolise scalping
| loloquwowndueo wrote:
| Mirror this before it gets a DMCA takedown or something.
| highcountess wrote:
| I get the loathing for Ticketmaster and all, but can we just also
| acknowledge that the only reason they can do what they do because
| the various entities they collaborate with participate in the
| monopolistic cartel scheme?
|
| Can we also please acknowledge that if people stop going to the
| things Ticketmaster sells tickets to, they will stop these
| practices? No one is forcing people to participate in these
| things; I don't.
|
| Lastly, it even calls itself Tomicketmaster. And you didn't
| realize you are a Ticketslave? It is right there, in the name!
| Right in front of your eyes!
|
| It always amazes me what they can get away with and people just
| behave like buffalo on the Serengeti, stampeding through the
| crock infested river ... "those crocks are the worst! Ok, Karl,
| we are up next"
|
| Instead of chiding your TicketMASTER devs and alpha slave MBAs,
| maybe stop being a TicketSLAVE altogether. Has that dawned on any
| buffalo?
|
| Fun fact, to drive the point home. Guess how the predators of the
| Serengeti are treated when they want to go to an event. You think
| they deal with Ticketslavery even though the Ticketslaves is how
| the cabal makes its money?
| nj5rq wrote:
| > If you take a closer look at your ticket, you may notice that
| it has a > gliding movement, making it in a sense, alive.
|
| I feel like I am in a Disney movie.
| Gelob wrote:
| you can add them to your apple/google wallet and boom internet
| doesn't matter, but he ignores that.
| projektfu wrote:
| It's a little bizarre to me that they are annoyed at being
| dependent on the signal but want to avoid Google Wallet because
| ... privacy? What privacy do they have so far? I can understand
| keeping your credit cards off of it, because Google is obviously
| getting a list of all your purchases. But there's nothing really
| private about having a ticket to a concert through Ticketmaster.
| They "take your privacy seriously" and sell your information to
| commercial partners and send you offers of things they think
| you're interested in.
| MisterTea wrote:
| Reading this reminded me when last year I found a few old venue
| printed ticket stubs to concerts I went to the in the late 90's
| and 00's. I almost threw them out when I realized they weren't
| really taking up space and could be maybe put into a collage or
| photo/scrap book. I just suppose I find it laughibly absurd that
| something as mundane as a ticket stub was replaced by an energy
| wasting Rube Goldberg contraption that doesn't do anything for
| the person who wants to go to the concert.
___________________________________________________________________
(page generated 2024-07-11 23:02 UTC)