You don't defend at the web, you defend in the courtroom and bank.
I assume it's too expensive or the ticket sellers don't actually care, they just want to think they care.
The alternative is selling the tickets to scalpers which doesn't seem ethically better or better at community building as compared to directly selling it to fans.
Even if you assign tickets to IDs scalpers will sell access to bots instead to capture the delta between market price and the price the ticket is being sold for.
Make the scalping bastards choke on it, and break FOMO all at once.
Or do what airlines do and you need to declare who is using the ticket. Maybe allow exchange for up to 50% of a party.
Then the scalpers can't win but there is still a DOS problem to solve.
Maybe a card auth -> reserve seats -> complete txn flow would help there. The card auth rate limits the amount of unbooked but temporary reserved tickets.
discussed in TFA
> Or do what airlines do and you need to declare who is using the ticket
ditto
I’m not convinced cards are a significant barrier. People already get tons of credit cards for the signup bonuses and perks, and you can get prepaid cards pretty easily. Temporary card numbers are a thing too. There are logistical challenges in getting a lot of cards in the buying pool but I don’t think they’re insurmountable.
This problem mostly exists in the Swift concerts that sell out in four minutes before the internet explodes with people complaining the website never loaded for them. I'm sure "might harm sales" really won't be a problem for those concerts.
Similarly a lack of privacy hurts everyone.
The question is basically "would you rather have an equally-shitty service for everyone in the name of egalitarianism or a good service for most?" This seems a really easy choice for me because I don't see egalitarianism/accessibility as a moral imperative.
If you wanna be even more strict: You could allow up to X companions, but they must not have signed up with their own account (so they don’t have an advantage for doing so). And they must provide their ID before the event as well and arrive as a single party.
First of all, this remains a hassle in most countries, since handling a national identity number (if such a number exists at all) is restricted by law. Even in some countries that do not legally restrict collection or storage of identity numbers (AFAIK the US does not restrict private sector usage of SSNs), there is rarely wide acceptance of providing your identity number for any purpose other than official government services and financial institutions. This means that in most cases, the event organizer has to resort to more traditional methods of KYC: Requesting some personal details (e.g. full name and birth date) and requiring to present an identity document that carries the details above. Verifying the identity document adds slows down entrance lines and increases the cost.
The other issue with this method is privacy. You're still not breaking the suggested BAP (Bots-resistance/Accessibility/Privacy) theorem suggested by the article. Additional personal information has to be collected and stored until the time of the event.
But I believe there is a way out of this. You can still create a limited resource that is more restricted than phone numbers or credit card numbers, and can be optionally verified at the venue cheaply. The only problem is that would require cooperation from the government (and a great deal of effort if you want to make it perfect). The government needs to already have an online digital KYC method that is bound to your digital ID or an online government account. Then the government can use that method to provide an anonymous federated login that provides a unique ID that cannot be traced back to any national identity number. This is essentially how Sign in with Apple works with "Hide My Email" selected: No personally identifying claims are included in the Open ID Connect ID Token and "sub" is unique (per Apple user + 3rd party service combination), but not traceable back to the the original Apple identity. Unique identities can also become ad-hoc per-event (instead of per ticket provider), which makes them completely private (ticket providers cannot track users across multiple events).
At described above, this service still only provides a limited resource akin to phone numbers. For events where the profit margin from ticket scalping exceeds $100, you could still get some scalpers who'd convince collaborators to identify in with their government account and buy tickets for the scalper for $20 per ticket. If you can get 5 tickets per ID, that's $100 of easy money for 5 minutes of work. You can add simple and fast verification at the venue by requiring the users to generate a QR code that is tied to their unique ID at the venue in order to enter. The QR code cannot be generated in advance and is based on a challenge QR that is presented at the venue. This requires collaborators would have to physically come to the venue or be available at the time the scalper's agents come to redeem the paper tickets at the venue. With a QR code generation and check directly at the gate, scalping is completely impossible (at the cost of longer lines and less entrance flexibility). With printed tickets the scalper needs to send agents to physically collect the tickets and communicate with the collaborators (who need to be available at the day of the event to generate the QR codes remotely) — which greatly inflates the cost of scalping.
Even when you get governments to cooperate with this approach, there are still some holes with this approach. The first issue is that eKYC needs to become popular enough to avoid a large loss in sales. The second issue is raising awareness with regards to privacy-preserving eKYC vs. regular eKYC. This two services look very similar (you log-in with your government account or ID to prove your identity), but the scope of the information shared couldn't be more different. Normalizing eKYC carries the risk of people becoming careless about divulging private information. Luckily, this could easily be solved by governments restricting private sector parties to which full eKYC is provided based on their callback domain names and registered credentials (like OAuth client ID and client secret).
The last problem is the probably the most complex one to tackle: how would you accommodate tourists? After all a lot of the venues sell a large share (or even the majority) of their tickets to tourists. I can think of two possible answers.
The first approach is to fall back to a manual passport-based KYC process for tourists. Tourist ticket buyers would have to enter their name and passport number in advance and the passports would be verified in person at the venue. This can be slightly sped up with automatic passport scanners if the venue has a high volume of visitors that warrants the costs. This approach seems to be where China is going: the resident ID card is used for entrance to many places and even for buying railway tickets, but tourists just use their passports. This works well when the percentage of tourists is low, but at a venue which expects a high number of tourists you'll run into all the issues I've described above.
The other option is probably more of a pipe dream, but it would be nice if countries could issue a temporary (and restricted) eKYC account to visitors when they complete their ETA. Even countries without ETA can still offer a pre-registration system just for obtaining an eKYC account in advance. This eKYC account can be used to purchase tickets in the destination country in advance, but it would only be activated for generating gate QR codes when physically entering the country with the matching passport. The main limitation of this approach is that you must first obtain an ETA before purchasing tickets, but you'd usually already have concrete travel plans by the time you're purchasing the tickets.
Just saying ...
If the profit per successful abuse event is $200, the author's suggestion of limits on credit card numbers or phone numbers won't work either. Those are only effective against scaled abuse up to something like $1 / event. Bank accounts would almost certainly be more robust, but that seems quite hard to implement outside of a handful of countries where the online auth ecosystem is built around banks.
With generic abuse background, but not knowing anything about the ticketing abuse ecosystem, is doing the sales on a first-come-first-serve basis an absolute necessity from a business perspective? There would be a lot more tools available if the problem was reframed from "decide instantly whether to sell this buyer a ticket" to "decide which 10k of these 100k intents of purchase received during the first 24h to sell the tickets to". And by more tools, I mean offline analysis and clustering, not just a lottery.
(You'd still want to combine that with strongly personalized tickets though. It'd be how you address for bots-as-a-service, not how you address buying tickets to resell.)
> Of course it also harms real buyers who want to go to a concert with a +1 but do not yet know who they will bring.
So, for example, everyone pays $0.01 on their credit card, or does a holding charge on their credit card, or registers their identity. All in a 5 minute (or 1 day!) window. And then after the window, tickets are randomly distributed amongst every card which so registered.
You could check multiple things - phone and card and Government ID if necessary (lowering the privacy).
This also feels fairer and less stressful - instead of a lottery based on your internet access, or ability to run lots of browsers at once.
This feels harder for scalpers to do to me, as they need more fake identities, but I'd be curious about the actual ratios when trying it. What goes wrong?
Another one I predict is that you can't buy digitally. For examples, the Lewes fireworks display you have to buy tickets in person in a bookshop in Lewes. Doesn't help if you make a digital ticketing system though!
And if your ID doesn't match the ticket, you don't get in.
It's successful in keeping tickets in the hands of families and fans instead of resale.
Why?
I also imagine that as an event promoter, being able to say some variation of "Another sold out show", or "Tickets sold out within seconds" creates pressure for buying early for all future events.
It also takes active planned work to implement these solutions. And if they have a monopoly, they have no incentive to do that work.
What matters is selling the ticket, getting a guest in the door is just expense.
Removes all the uncertainty and risk and puts it on the scalpers.
2. Are you sure the scalpers and the agency selling the original tickets are independent? Even if they are on paper, in many locations there is evidence of a local cartel.
3. The initial sales provide revenue up front to pay for the costs of the event, vendors, etc. This reduces the amount of cash reserves the seller needs, sometimes very dramatically.
4. Many scalped sales (used to be, not as much anymore) were cash transactions. This used to be used as a pretty significant tax dodge: Sell tickets for $50 face value to your affiliated scalper, pay tax on this sale, scalper sells tickets for $200 and does not pay tax on this secondary sale, or underreports the number of secondary tickets sold. Lots of shenanigans here to make your profitable scalping business look like it's making a small loss on paper.
5. Especially in the context of a local or regional cartel, each ticket sale represents the opportunity to move capital between entities. Physical tickets can be an effective vehicle for small-medium scale money laundering: Dirty money/entity buys the tickets, clean entity resells them.
Basically as soon as you drop the assumption that the ticket sellers and scalpers aren't related in some way, there are a lot more profitable reasons for the ticket sellers to "leave money on the table".
Then there is the slightly more insidious incentive: selling out quickly is in and of itself valuable for a performer: it makes them look popular and exclusive. That alone might just make it worth it altogether.
I have to disagree; performers are absolutely in the business of optimization. Bo Burnham was singing about metrification destroying art 10 years ago. Every standup comic is using social media as a sales funnel to figure out exactly which cities they have an audience in. Even if the performers themselves are not concerned with gaming these numbers, they almost always have someone working for them who does.
So I still don’t quite understand why the scalpers are the ones getting to eat the free lunch.
> selling out quickly is in and of itself valuable for a performer
This one seems like a more likely explanation, but the pattern with a lot of these ticket sales is that the demand is already there organically without scalpers entering the equation. I don’t really follow the space so I really don’t know, but I’d imagine the shows that get targeted the most are the performers who were going to be playing a sold out show regardless of the scalpers.
Eliminating uncertainty about whether a concert will sell out may be the primary reason.
Net ticket prices might be dictated by the performers and their agents, and the ticket agency might not have the ability to raise prices unilaterally, at least not by enough to stop scalpers.
There's another factor, or side-effect, that might be missed in explaining why an artist or their agent won't set prices higher, even when the artist has a history of having concerts sell out and tickets scalped: scalping is a symptom and sign of scarcity, and scarcity drives interest.
They probably want to set prices as high as possible while still having a high probability that tickets will sell out and make concertgoers panic-buy.
This also eliminates uncertainty about whether something will be filled. The uncertainty is only on the side of fans that someine will outbid them for a sold-out concert ticket, and they’ll then get the money back
Crypto removes middlemen
Then you just have auctions and tickets are not transferable. No middlemen. Simple and honest price discovery.
The “progressives” told me it would starve public schools of funds and students since private schools would admit only the best and brightest
So I said — don’t let the schools choose. Let the people choose. If the school is filled then you use a lottery for who can actually get in, M of N people. Simple.
Students would apply for the school and M of N applicants would be picked randomly.
It turns out the administrators running the lottery would run the randomization program until it gave them the student distribution they wanted (read: the best and brightest, and since it's the south... somehow whiter than expected).
School systems are also special because you don't really want to overprovision school seats, so if there at the end of the day are as many seats as there are pupils in the system as a whole, there can only be selection and never competition in the economic sense.
which is just such a lack of imagination for what we are capable of, both in terms of progress and irrationality.
Does the number of keys need to scale? If $1 buys a key for life, and signing can be easily automated why would it stop bots?
Now that tickets are all electronic and the ticket sellers operate secondary markets there is no "face value" anymore and pricing is dynamic. Not all tickets are released at once and many are offered at "platinum" prices at first.
All through the 60's, 70's, 80's, 90's and 00's concert tickets were around $40-$50 in 2025 dollars, now that is just the service charge. Just go on eBay and look at some ticket stubs then put the price / date into the CPI calculator.
It turns out that the bands couldn't beat the scalpers so they became the scalpers, charging outrageous prices with the assistance of the ticketing companies.
So stopping bots isn't as important as it was when CAPTCHAs were effective, since there is a lot less money on the table for professional scalpers to capture.
Being up at the rails at a Girl in Red concert set me back $60 at a 5k person venue. If you want to see supermassive artists for that kind of unit price you have to "buy bulk" and go to festivals.
All my friends that complain about the rising cost of concerts tickets don’t realize that they just see the same old bands year over year. These scrappy up and coming bands that they saw as a kid aren’t scrappy anymore. That’s why blink-182 can charge $700 for the pleasure and still sell out — because most of their fans are in their late 20s or 30s, have disposable income, and number in the millions.
Go to a $20 show for a band today and who knows, maybe they will charge you $700 in 20 years. Plus you can tell everyone that you saw them before it was cool. /s
Many bands don’t make it all of course, but I can still pay $7 cash for shows today at that shop and some of them are going to be able to charge $80 in a few years.
For example, there could be an API for e-mail providers to tell services that an address belongs to a human. The provider would need to implement methods to verify the user's humanity, so you wouldn't need to give every online service your personal info, only your humanity provider that vouches for you. Something like SSL certificate hierarchies could be used to ensure that smaller providers aren't vouching for bots, i.e. you have a root CA that signs their certificates, and if it's found that they don't actually do what they are supposed to do, the certificate isn't renewed. This added with some actual costs to get those certificates would give them an incentive not to lie.
I know some people complain about this not being "private," but let's be real. If you purchase anything from any online website, they have your home address, your phone number, your real name as printed on your credit card, and there is a non-zero chance that some moron stored your credit card number in plain text in a MySQL database. It's always going to be safer to trust PayPal than some random website with this information. Why not do the same with human identity?
Finally, if you can't sign up with any humanity provider for some reason, just make the process extremely annoying and limited. For example, if you have 100 tickets to sell, reserve 90 for people that can prove they are human and leave only 10 for potential bots, then implement a lengthy process for those users so that's not worth it for the bots. If 90% of the tickets are already purchased by people, it will be less profitable for scrapers already.
This “lengthy process” will be optimised by the bots, who have incentive to do so, so that it’s not worth it for the humans.
most of traffic is from mobile devices anyways. they have biometrics (e.g. Apple FaceID, fingerprint). they also have DeviceCheck (Apple Hardware + Apple servers) integrity checks of device/binary that is making requests. it is also free and private.
why using this technology is not part of conversation? seems like utmost strongest guarantees and perfect fit?
Are you claiming that owners of websites have to purchase laptops for their website visitors?
And are you claiming that Apple has worser privacy than Android? or ... holdon, there is nothing else (Huawei is out of the question, and MSFT/Symbian does not exist anymore)
this is crazy talk. what are you even saying?
Stop selling online.
Sell the tickets at a small number of locations near and including the venue, with cashiers empowered to deny suspicious transactions.
Could someone put together a small army of smurfs to buy up all the tickets in major cities? Sure. Could someone have someone on the inside sell them a block of tickets against policy? Sure. We can handle these cases on a locale by locale basis with a convenience trade off that seems appropriate to the place.
Don't let perfect be the enemy of the good, and even worse, don't let overwrought privacy-invading and non-accessible digital solutions (that create a playing field tilted towards bad actors equipped with AI tools) be the enemy of a dead simple analog real-world one that leverages our best reputation management system: ourselves.
People frequently travel to major cities for concerts, do you expect them to travel twice to purchase the tickets? Either you join a much wider network of sellers than that, or this would only satisfy people already living not too far from the venue.
Your solution doesn't do anything against scalpers, on the contrary it encourages scalping even more.
You can also just do like The Cure did and destroy the secondary market entirely: you can sell tickets through the platform and only for what you paid for them.
Then it's up for grabs.
There's no guarantee for the buyer that an out-of-band payment will get them the ticket (someone else can get it), and there's nothing that forces them to send an extra payment once they do get the ticket.
Most tickets these days are digital.
Tickets must not be sold for more than the original price. Ticketmaster etc are still happy to take part in the action: their resale system still charges a second set of ticket fees for a resale, though the sale price is limited to the purchase price.
If they would simply sell tickets for the prices people are willing to pay in the first place then they wouldn't need to invade privacy or any of this stuff. I've heard the arguments they use to justify why they don't and they're all hogwash.
(As far as this article as discussing. They also serve some use for reselling tickets when you meant to go but can't but this doesn't have any more downsides)
Not all artists lean into it of course, and it's usually not the actual artists anyway but labels, producers, etc.
In that same episode they covered how LiveNation owns both TicketMaster and many venues themselves, and leverage access to the venues for power in the ticketing market.
It may have been this one but I'm not 100%: https://www.npr.org/sections/money/2013/06/25/195641030/epis...
You can’t just make more Taylor Swift to meet demand. You can’t open more Taylor Swifts in different regions. Acts have a very low very rigid upper supply limit. So if you price up at that demand it puts it out of reach of almost everyone. And that’s a bad outcome for almost everyone.
(Edit: there's a reason for opera houses providing cheap standing room for enthusiasts – it keeps the art alive.)
I've heard the arguments they use to justify why they do and they're all hogwash.
What is wrong with market price?
The space at a concert is limited so some form filtering will have to happen, but if the only metric is market price that's a pretty sad society specially when we're talking about culture IMO
The way I see it, it is also highly likely that the person paying more is of average income and just convinced themselves to pay more because they are superfans
The point I'm making is that market value reduces the problem to just money which is being taunted as a magic solution, which might work in some cases but market value doesn't exist in a vacuum and it has side effects. As the topic being discussed is culture it introduces a lot of biases into society that I would find problematic.
Also, if we want to talk in pure capitalist terms, Ticketmaster is already a monopoly of sorts in the music buisiness, there's no "market value" if there's no pressure to lower prices, they can make the experience as bad as possible without repercussions other than people not going to concerts anymore which as a society would suck
twitter sells blue checks for $8/mo and it's full of bots
The industry doesn't WANT to solve this. I don't see why anyone believes or entertains the idea they are even trying.
Revert to the current anonymous ticket process for any lower popularity event for simplicity if required.
Situation 1: My co-workers could not get time off work, so I am asking my tennis buddies instead. I am transferring tickets to their names.
Situation 2: I am actually a scalper! I've got paid 10x times the price (via venmo), and I am transferring tickets to those random people.
How do you tell those 2 apart?
Scalpers can't transfer tickets in this system.
https://nos.nl/artikel/2568164-chaos-bij-ticketuitgifte-voor...
The problem there was not having enough security - it's like store giving out free popcorn, and someone comes and steals the whole cart. In the physical world, there would be someone standing next to the cart watching that people take reasonable amounts. In the digital world, nothing was done, so thieves stole a lot.
Not sure what the best solution was to be there... I like the idea of giving people few days to sign up, then randomly choosing who gets to go. Of course this has its own problems - for example you want to allow groups, but this can be abused. Identity verification helps with that, but this makes ticket checking much slower....
It's NL and the everyone has a personal id. There is a national service to validate that, too.
One week accepting of requests - a person can submit multiple id (incl. children). At the end of the period a random lottery with some bias to people registered in the city (in the end the event is paid by them)
The first ticket you buy costs the normal price. The second ticket costs twice the price. The third ticket is four times the price and so on.
Scalpers who buy many tickets at once will go bankrupt before they can buy all the available tickets.
- break up Ticketmaster, Live Nation and their European friends. Ban vertical integration. And for good measure (and to placate the public who is out for blood, and I mean that one in the literal sense - ask a random on the street about what they'd do to scalpers and TM, I'd bet good money on at least 50% going for one or another form of violence), place their execs behind bars for a decade.
- mandate that a ticket holder has the right to transfer a personalized ticket for free (plus, in the case of actual paper tickets, a reasonable small service charge for postal fees)
- in conjunction, ban the sale of tickets above face value, including any sort of deals, and place significant fines on violators of both ends. This completely eliminates the "second hand" scalper market. Of course, black markets will still crop up, but when both sides cannot be certain the opposing trade partner is a cop...
Unfortunately, this would also kill a lot of income for the big players - chiefly, the ticket sale platforms that currently make an insane amount of money on bogus charges for name changes on tickets as well as running their own resale markets where they can double or triple dip on fees (depending how often that specific ticket gets sold back for whatever reason). And that is why such a movement will probably never happen during our lifetime.
Concerts are pure luxury. I like going to concerts, but I don't see a reason why the government should intervene? Scalpers exist because artists underprice tickets on purpose.
Simple: because a government should take care about what its citizens want. And on top of that, the economy (aka artists and venues that really REALLY don't want to deal with TM but have no other choice) also wants it.
That's why anti-trust legislation was created. It just fell out of practice to actually use it.
Speak for yourself (pun intended).
Why not send them to the firing squad? Or torturing them?
Some people have sociopathic tendencies. If your problem is scrappers making money the solution could not be creating a bigger problem like sending people to jail for a decade.
Comming recently from visiting Ukraine I can't help thinking how insignificant those pet problems are, while real crimes like kids being killed go impune every day... If the price of something is too high, just don't go there. It is not the end of the world.
My problem is the profiteering, the concentration and subsequent abuse of power by the rich. It used to be the case that rich overlords who abused their power got deposed by their population, driven off with pitchforks if they were lucky, decapitated by guillotine if not. Personally I don't want a return to such grisly times, hence I call for at least punishing abusers by putting them behind bars.
> Comming recently from visiting Ukraine I can't help thinking how insignificant those pet problems are, while real crimes like kids being killed go impune every day...
Now Putin and his command chain, I don't think anyone but rabid tankies would have an issue with their lives being condemned in a repeat of the Nuremberg Trials.
Scalpers can't pay high bond amounts at scale combined with the risk of not having the bond returned.
Artists (bands) want to sell tickets to fans and people who appreciate them. And many (probably most) have very little money.
They are able to scrape and save for a ticket. But not some bond deposit, arbitrary ticket fees, auction pricing, etc..
Won’t everyone just charge the ticket buyer the price of the bond? So this still only harms the fans that want to see the show. The scalpers just need to have more up front capital in your system.
If you return the ticket to the venue/band, you get your money back, get the bond back, and you're not a scalper.
Charging the ticket buyer the price of the bond doesn't only harm the fans that want to see the show. It also harms the band that won't have fans come see the show. It's an incentive for the band to buy back unused tickets. Bands currently don't do that.
Fans demanding ticket buy backs puts pressure on bands to put an end to scalping. It's fans who pay the entire cost of scalping now, not bands.
> If the customer is found to be a scalper don't return the bond.
This is how most suggestions for solving the problem fall down: how do you, with any reliability, or at least reliably avoiding false positives, detect a scalper?
This is easy to notice. You can't go around saying "I've got two front row" when the mere act of saying it gets you noticed. You can't post online you're selling tickets because it gets you noticed.
Only the venue/band sells. Only the venue/band buys back tickets, and they're required to buy them back at the price they were sold. Full refund of ticket price and bond.
If noticing scalpers is easy, the bond doesn't need to be silly high. Catch a scalper and you get 50% of their bond.
Openly selling is only part of the problem.
How do you distinguish between someone buying tickets as a gift and someone who sold them on in a manner you did not detect? What about group bookings, do you want the ticket seller to collect full ID of all the intended audience members? After that, what if the group of friends changes - who pays the admin fees?
Your idea isn't terrible, but it is far from perfect.
> If noticing scalpers is easy, the bond doesn't need to be silly high.
That is a huge if. Many scalpers are rather experienced and organised, while some will be very easy to spot I suspect a lot of them won't be, at least not without a bunch of false positives that will inconvenience genuine buyers.
What would it cost? The vendor runs software that sells tickets. The same software can buy tickets back, invalidate the ticket IDs, and issue new tickets with new IDs. This feature can be part of the software at no additional cost.
Not running a buy-back scheme possible costs more to customers because of today's scalpers.
> How do you distinguish between someone buying tickets as a gift and someone who sold them on in a manner you did not detect?
As the venue/band, you don't need to. Sell to anyone.
As the customer, when you're buying from a scalper you know you're buying at a higher price than the advertised price.
> what if the group of friends changes - who pays the admin fees?
I don't see what admin fees must exist for this. Software manages anything. Printing a new ticket is cheap.
> Many scalpers are rather experienced and organised.
So is law enforcement. Scalpers can't hide the fact that they're selling.
I guess what I'm getting at is that there is no cost to making a request over the internet. Why not? Why doesn't every http request have a corresponding price associated with it? You can access the resource if you pay. I imagine this would be a minuscule amount ($0.00001 or less per request). Then, instead of trying to solve for monetizing eyeballs or personal data, these problems are solved with economics.
> If a spammer needs to spend 0.0001 € in power to access the site only to gain a marginal profit of 0.00005 €, they are losing money with every site access. However, if a ticket scalper needs to spend 0.0001 € in power to buy a ticket that they will later sell at a 200 € profit, this will not stop them.
Also because users don't actually control the number of HTTP requests they make. Think of sites that load individual icons rather than sprite sheets. Think of sites that fire off 1,000 tracking calls per minute. So respectfully screw that.
Phone bills used to be really complicated with minutes and long distance and cross country. And consumers learned and adjusted their behaviors to reduce their bills.
Consumers are stupid but not that stupid.
* I buy a ticket for a friend (maybe as a present) but don't actually want to go to the concert
* I buy more than one ticket for a group of people (I'll be attending the concert)
* I buy a ticket but have to cancel at the last minute and want to give it to a friend
* I don't have an easily available government ID (maybe I never got a drivers license, maybe my drivers license expired, etc.)
* People attending the event aren't American. They will have their passports from other countries. How will you verify each passport is valid?
* The event draws of people from a majority of the 50 states in the USA, with each state having different government IDs (driver's license) with different versions of the IDs within each state. What are the logistics of validating the IDs presented?
In the base case of one ticket per individual that has a valid government ID that has their current address printed on the ID, what service are you using to validate this ID and to validate that the presenter of the ID is associated with the ID? What is the cost and how many transactions can it handle per second?
It doesn't, but that's fine, because it's the cost of preventing scalpers. Everyone just accepts that you can't buy a flight ticket as a present, for instance.
The article isn't clear (as I'm not familiar with Manchester Arena and the names of the rooms) but a man was allowed in with a bomb in a bag. Showing id (or not) wouldn't have been the problem.
(And incidentally, it's not required to show identification for flights within Europe's Schengen area.)
> I buy a ticket for a friend (maybe as a present) but don't actually want to go to the concert
You'd need to transfer the ticket to them electronically, which is possible on all the ticket selling sites that support these restrictions.
> I buy more than one ticket for a group of people (I'll be attending the concert)
One person can buy up to X tickets (often 6), so they can attend with 5 anonymous friends.
Or transfer one/more to them as above, so they don't have to arrive at the same time as you.
> I buy a ticket but have to cancel at the last minute and want to give it to a friend
Again, transfer through the website/app.
> I don't have an easily available government ID (maybe I never got a drivers license, maybe my drivers license expired, etc.)
> People attending the event aren't American. They will have their passports from other countries. How will you verify each passport is valid?
> The event draws of people from a majority of the 50 states in the USA, with each state having different government IDs (driver's license) with different versions of the IDs within each state. What are the logistics of validating the IDs presented?
European (as I'm here) identity cards and driving licences are reasonably unified in appearance. The staff will just do their best if Americans from 50 states turn up, and probably refer anything that seems suspicious to a manager for a more careful review.
To go into more detail, you're proposing training staff to recognize a valid ID, both from all 50 USA states and international passports, including any other official ID. This increases costs for consumers and vendors in addition to creating friction for entry. This also precludes people from attending that don't have ID or have trouble finding ID that isn't recognized by the venue.
I've seen some online vendors do ID validation but, from personal experience, I've found them to be invasive and have a high error rate.
All these methods have a high friction and might not really address the core issue of scalping.
Someone else proposed that these events are tantamount to international or domestic flights, where the expectation is that ID requirements are invasive and security is high. Maybe that's just the answer. If you want to see Taylor swift, have your passport ready, only purchase a ticket for yourself and go through high levels of security to gain entrance into the venue.
Yes, because a large crowded space with tens of thousands of people tends to - unfortunately - be a prime target for terrorism.
This way a platform also does not need to handle any sensitive data.
A ticket provider would have to allow reassigning tickets to other people through their platform - make it a "maximum 3 people for automatic approval".
just hope there's another airline serving your destination.
That also offends a lot of people who oppose the above reasoning.
Allocation of scarce resources is based on demand for them, expressed in monetary terms. "Deserving" has nothing to do with it. I may deserve a ticket, but not even want to go.
Phone numbers are very easy to get in large numbers. US-based SMS numbers that will pass verification for buying sneakers are ~$0.25 each.
Sell the tickets with regressive price based on time. Sales starts say 2 months before event, initial price is truly exorbitant, say one million dollars. Price decreases linearly down to zero (or true cost price). At any point, people can see current price and the seats left.
Now every potential spectator is playing a game of chicken: the more you wait, the lower the price, but also lower are the chances that you’ll have a ticket. That would capture precisely the maximum amount of dollars that each person is willing to pay for it.
This idea sounds extremely greedy, because it is, so I can’t fathom that no one ever pitched this in a Ticketmaster board meeting.
My idea, however, was a bit less greedy. Once you sold the last ticket, that would be your actual (and fair) price-per-ticket for the concert, and everyone would be refunded the difference. You’ll never know how low it will go, so you shouldn’t overpay and hope it will lower later. I’m pretty sure Ticketmaster will skip this last part if they decide to implement this.
There are multiple issues with my idea, it’s elitist, promotes financial risks on cohorts poorly capable to bear them, etc etc, but it will definitely fix the scalpers problem. Pick your poison.
Everyone puts in their maximum price they're willing to pay, and the lowest price that fills the seats is what people pay.
The advantage to this model is that there is no financial risk to overpaying.
Of course with an open bid continuous auction there are problems with bid shading (manipulating the auction by posting prices mostly meant to influence other bidders), but it's overall economically very close to your idea.
I agree that reverse auctions would be a simple solution the current scalper problem. If demand outweighs supply, scalpers drive up the prices toward their economic equilibrium anyway, making ticket prices just as "unfair" to the poor, but with additional problems of trust...
If you want to fix that, you need to ask yourself "why are ticket prices artificially very low?" first. The answer probably isn't "artists/venues like leaving money on the table".
Also concerts are mainly for the artist to make money. Traditionally they're getting fucked by record labels, making very little on sales of media. Concerts is when you're actually getting paid. It thus being a somewhat less corporate process to decide ticket prices can mean that they just charge as much as they need and want, not as much as they can. Artists are generally considered to be a polar opposite to the "short-term-profit-maximizing" crowd.
Why do people create at all? It's certainly not the most effective route to maximum income. It's a form of connection. Performing is sharing the joy of music and creativity with a group of people who've formed a connection to you through your art.
Now while the industry certainly selects for people who do not think this way (i.e.: performers rather than artists), despite itself it's full of artists whose values are not aligned with whatever kind of homo econominicus maximal self interest, war of all against all that pervades here.
Source - I'm not a musician, but I am a writer and I've directed music videos for numerous artists over the years. The idea that they're all motivated by the same mechanics as faceless entities like ticket master is silly.
First thing to help would be to break up the venue monopoly that ticketmaster created.
> Artists want money as much as other people, specially the ones playing big venues.
This is exactly the kind of projection I'm referring to. What makes you believe that most humans want as much money as possible - to the exclusion of all other values? Again, difficult to quantify, but I'd suggest a majority of people would put pure wealth lower down on their priority list than health, family connection, social connection, travel, time to spend on interests etc. This goes double for people who've chosen professions rooted in their own creative expression. All else being equal we'll all choose wealth - but if the cost is exploitation, all else will not be equal for most people.
It seems clear that you're conflating the microscopic numbers of 'major label' artists playing to vast audiences - effectively as employees of 360 label / marketing companies like Live Nation with the supermajority of professional touring musicians.
I'm reminded of the chap I attended college with who sold a salacious story about one of our mutual friends to a tabloid. When we found out this was happening I had a another mutual friend approach him to intervene, but heard back that it was 'too much money to turn down'. Fifteen or so years later this guy is a multi-millionaire who just lost a civil suit (and is under criminal investigation) for fraud and sexual misconduct. Most people do not operate like this - empathy is dimensional.
Hardly anyone thinks that. But it's not controversial to believe most humans want enough money to not worry about affording the basics. The thing is, most art as a career doesn't even pay that by default.
> This is exactly the kind of projection I'm referring to. What makes you believe that most humans want as much money as possible
You'll notice the following sentences don't mean the same thing:
> As much as other people
> as much money as possible
This is probably true, but I'm guessing smaller artists are also at much lower risk of scalpers (at least my anecdata backs that up) so probably much less applicable to the problem at hand.
> Why do people create at all? It's certainly not the most effective route to maximum income. It's a form of connection. Performing is sharing the joy of music and creativity with a group of people who've formed a connection to you through your art.
It's worse. Creating seems to be an effective route to no income at all. Popular entertainment is a winners-take-all market; everyone who isn't one of the few popular artists or performers whose name alone brings in money, have to work hard to get anything at all from their work. The little I heard from various second-hand and third-hand reports from textbook authors, novelists, painters, musicians, etc. suggests that the royalties made from selling their output are laughably low. A big factor in that are the parties in between the artist and the buyers - publishers, labels. Those are some of the "faceless entities" you mention, and they're in a position of advantage over the artists, and they absolutely use it to capture all they can for themselves.
Because of that, to be able to dedicate yourself to your creativity, you have to either have a secondary stream of income (e.g. part-time artists with unrelated dayjob), give up most of control and autonomy (commission work, art-as-dayjob - think e.g. art for videogames), or seek any and all ways of indirectly monetizing your work further.
Focusing on that last part - for musicians, this is primarily live performances and merchandising (self-publishing is also easy today, but so is piracy). But per what I said above, most musicians are starved for money, and this - not greed - is forcing them to be less picky than they'd like. They can't afford to leave money on the table.
The paradox here is that most people - which includes the audience - think like you think, that artists are the opposite of corporate greed, that art is about humanity and not money, etc. Every artist knows that too, and that maintaining this reputation is critical to their income. Between two competing pressures, each artist has to find a point that's acceptable to them.
But this is where Ticketmaster comes in - they offer a way for artists to be more greedy without taking a reputational hit. Their Eternal War with Scalpers keeps the ticket prices up, while all the public outrage gets distributed between the Greedy Corporation and the Scalper Scoundrels.
Not all musicians engage in this on purpose, and for those who do, it's hard to prove. And of course it's just one slice through the complex relationship of artists, public, and countless commercial third parties in between them.
The fees on re-sellers are crazy, and they take fees from both seller and buyer.
Seller Side:
List price: $100
StubHub seller fee (15%): -$15
Seller receives: $85
Buyer Side:
Ticket price: $100
StubHub buyer fee (10-15%, let's use 12%): +$12
Buyer pays: $112
StubHub's Take:
From seller: $15
From buyer: $12
Total StubHub revenue: $27
So they're making an additional ~27% (on the "true" market price) in addition to the ~25% they charge in the primary market. So if the market price was $200, if they just charged that they would make $50. But instead they'll sell it for $100, make $25 on the primary and an additional $50 when sold in the secondary market.
They don't own StubHub but they have their own. In 2017 they opened up TicketExchange which allow the sale and validation of tickets on third-party websites, including StubHub, which they did to capture some of that amount. They get to play like the reasonable party here, the scalpers are taking the heat and they're getting a cut of that.
They do other things that's baffling like selling tickets a year ahead of time, which is kind of weird considering very few people, even big fans, would be really on top of buying tickets a year out. It's obviously designed for scalpers.
You can easily solve this by having the ticket tied to a name and requiring you to show ID, maybe allow others to dump back at face value, but that would likely be gamed as well but not as easily (you dump your tickets and let someone else pick them up at that exact moment). Or make them non-transferrable but that would greatly reduce the value to fans.
Ticketmaster reserves some seats during sale to be dynamic pricing, which they start higher than normal and then depending on demand and what they see on the secondary market they re-price those as the initial sale or presale is ongoing, just minutes after it starts.
Also, promoters, artists and venues might get their own allotment of tickets to do with as they want, likely negotiated in contracts. Those seem to find their way onto secondary markets often as well.
> They do other things that's baffling like selling tickets a year ahead of time, which is kind of weird considering very few people, even big fans, would be really on top of buying tickets a year out. It's obviously designed for scalpers.
Yes, I've commented on this here before. In some cases it's because tours go on sale at the same time (to generate buzz), and the early events are relatively soon and the last events are quite far out. They also often do release chunks of ticket inventory at later stages. That said, I'm convinced that often brokers are used as a simple way to provide immediate cash and reduce risk. Why would a promoter want to sell out over months when they can sell out immediately and know that regardless of whether the brokers make money (they don't always) they have sold everything and can say the event is sold out and they have cash in hand now and not months from now.
I used to work in this industry and there's a lot of shady stuff that goes on, and it's not all on the broker/scalper side.
> You can easily solve this by having the ticket tied to a name and requiring you to show ID
That's been done for a long time and you can still get around it if the margin is good enough. You just have to either want to go to the event yourself or be willing to one ticket out of the maximum you can purchase as the cost of doing business. You can't really make every seat have a name initially because not everyone actually knows who they're going to invite for sure at time of purchase, so if you want to really make it effective you have to limit the number of tickets per transaction to 4 or less. Even then, people will be incentivized to buy the max and have people go with them to use the extra tickets at cost or more, it may not be brokers but the regular public will do it too.
The actual solution for this is fairly simple. It's supply and demand. Play more shows at a location and the ticket prices will drop. Kid Rock has done it for decades at this point. Artists don't like having to put the extra work in for less money (tickets will be cheaper) and don't want to take the risk that the demand won't be there if they book the venue early. That risk is pushed out to brokers.
You tie each ticket to the name of that specific attendee. The ticket buyer doesn't even have to get a ticket for himself. This is bullet proof, unless scalpers can convince their customers to make a fake ID to attend.
> not everyone actually knows who they're going to invite for sure at time of purchase
Then wait with your purchase until you have figured it out.
Long ago I worked for a company that did some novel work in the ticketing and contained reservation space. We didn’t do resale due to the nature of the product, but the fees we extracted were bonkers - the facilities operators basically paid a nominal amount to stand up the platform, and we derived all (and it was a lot of) revenue from the customer - often on a white label basis.
Long story short, Ticketmaster elbowed in and bought the company and the tech once we had traction. That pattern holds in many similar business models.
Very easy to counteract, the venue just releases those tickets back for sale in batch at an unspecified date and time.
Serious venues and artists do the same thing. It is to reward the early fans with the cheapest tickets and to get early cash flow. Nothing shady about it.
It is extremely convenient for artists, promoters and venues that ticketing sites will tack on a bunch of extra fees, take the blame for pushing up the price of tickets, then share out most of that extra cash to everyone else in the chain.
Scalpers are effectively providing financing for the rest of the industry - it's obviously preferable to get paid for the entire tour on the day it's announced, rather than having to bear the cashflow risks yourself. There is of course absolutely nothing stopping a promoter from reserving some proportion of tickets to be sold directly to secondary resellers at substantially above face value, or on an agreed profit-sharing basis.
it's only obvious to "private equity" type people.
There is energy in the concerts - and a lot of people go to live shows for that. Otherwise, one would listen to the recording / watch music videos instead - it is cheaper and the seats are nicer too.
If the seats are half-empty, or only full of people who are ready to pay exorbitant prices, that energy is reduced... people like concerts less, and eventually those concerts are not sold out anymore.
So giving up (or even worse, cooperating) to scalpers is like selling your business to private equity - you get some money, they get some money, and your customers/fans are f*d.
Any examples come to mind?
> it's only obvious to "private equity" type people.
I mean, who wouldn't look at their current expenses, look at their future cashflow, and be like hey, it would sure be nice to be paid today for work I'll do over the next year?
Venues need deposits (maybe), transportation needs deposits, set builders need materials, marketing needs budget, merchandise production needs to pay vendors, etc. Insurance needs to be purchased.
It all adds up to it'd be nice to have ticket sales money sooner rather than later.
This sounds just like taking out a loan. That money isn't really yours until you do the work. How different is the outcome here vs. taking out a loan for the same purpose, then? Is it cheaper?
> it's only obvious to "private equity" type people.
No, it's obvious. Anyone that has to choose between getting $100 right now or $100 trickled in over months would opt for it right now for many reasons (inflation, the ability it invest it, the ability to use if it needed for unexpected situation, etc).
Wanting events to be populated by people that are primed for an experience and part of that priming bing they don't feel like it was too expensive to go might be another thing the artist or venue wants to encourage.
You can combine these things and make specific trade offs, but that doesn't mean all other things being equal that it's not entirely obvious that you should prefer money now to later.
> So giving up (or even worse, cooperating) to scalpers is like selling your business to private equity - you get some money, they get some money, and your customers/fans are fd.
It depends, probably a whole lot more than you think. Sometimes fans like to know they can go to an event if they care enough. In a world without resale markets that would be entirely dependent on the artist deciding to play more shows, because once tickets are sold they're gone. Secondary markets provide liquidity.
Also, sometimes tickets are available for cheaper* on secondary markets than they were on the initial sale (and this was true even before Ticketmaster started changing prices as the sales went on). That's because brokers take on risk buy buying for an event when it's not entirely sure it will still have demand when it's the event date.
For example, I just went to Stubhub (because I'm not sure Ticketmaster's own exchange will allow you to list for less than sale price) and looked for events starting soon. I found a rock concert in Napa where the Orchestra tickets are cheaper on Stubhub ($94 for two) than on Ticketmaster ($115.40 for two). There are plenty of tickets still on Ticketmaster, and some brokers just want to but their losses.[1][2]
There are plenty of ways to look at reselling to make it seem horrible or to make it seem beneficial. It's neither, it's just a normal function of markets, and the more people try to prevent it the more weird problems we'll have. Want to fix ticket prices? Convince artists to take on risk by playing larger venues (which they might not sell out) or add dates (meanind some days might not sell out). Artists don't want to take on that risk, so we have resellers and higher ticket prices.
1: https://www.stubhub.com/zepparella-napa-tickets-5-31-2025/ev...
2: https://www.ticketmaster.com/zepparella-the-led-zeppelin-pow...
As usual, there are real life edge cases where folks don’t choose just on what makes the most sense financially. Many teachers work less than 52 weeks a year but choose to have their pay distributed over 52 weeks.
- Ticketmaster is known to add additional fees to tickets which are actually given in part or in whole to the artist or venue, allowing customers to blame Ticketmaster for high ticket prices so Artists can claim they wanted cheaper tickets that were only $25 (but are actually $40 when you get to the final check out). This has been covered by the major news outlets a few different times and discussed here, so shouldn't be hard to find information on.
- Ticketmaster runs their own secondary exchange now, which verified re-issuing of digital tickets out of their own back-end and guaranteed entry. Can't embrace it much more than that. They get a cut of the sale price on the secondary exchange like all the exchanges do.
- Ticketmaster also reserves a portion of their tickets for dynamic pricing and their price will adjust on the fly during the initial sale period based on demand and what they see them showing up on the resale market as (some tickets show up on the resale market almost immediately).
- Artists want to side with their fans, or at a minimum appear to side with them. That means releasing tickets for "cheap" or at least in a way they can claim they did. Some artists care, some pay lip service. Kid Rock actually seemed to care, as he would play Detroit for seven consecutive days or more to make sure his cheap tickets stayed cheap by providing enough supply that demand was never too high, at least for most seats. I'm sure he would rather not do such a grueling schedule though, which is why he's always been very active trying to get legislature passed targeting resellers.
To me, having worked in this industry in the past, it's always been very clear that the industry does embrace the secondary market, to a degree, while also using it as a convenient scapegoat. If the secondary markets were to be shut down tomorrow, everyone would find at least some aspect of that worse than the current status quo. Some might ultimately find is better, some worse, but it's not nearly as simple as secondary markets just being a problem (for example, they're not just rent-seeking, they're offloading risk and providing liquidity).
I disagree? Even if your conclusion is somehow true, it seems in no way obvious, and so far as I can the reasoning doesn't make sense. You've left out two crucial factors:
- The assumption that it's $100 now vs. $100 later just seems unfounded. What if it's $100 now vs. $110 later? The payer is can factor in the time value of money, inflation, etc. just like you do; why would they completely ignore that and blindly pay the same amount they would at two different points in time?
- We're not talking about free money, we're talking about payment in exchange for work. You're taking out a loan that comes with obligations. You're going to have to pay it back if for whatever reason you can't do the work. Generally, the earlier you take the loan, the more unpredictable and thus the larger that risk is. Of course details matter here but it's not at all obvious ASAP is the optimal policy. And I don't know about you, but I sure as heck don't enjoy being perpetually in debt to someone. I'm not saying it's bad if you're fine with it, I'm saying it doesn't seem remotely true that everyone is fine with it.
The actual situation is that it's $100 now or maybe $110 later or even $90 later, because you don't know what the market is going to do. That is the risk the resellers are taking on. The demand for the product is not static. At the time of sale, a lot of effort goes into making the artist appealing and interesting to audiences so they are more interested in buying a ticket.
> The payer is can factor in the time value of money, inflation, etc. just like you do; why would they completely ignore that and blindly pay the same amount they would at two different points in time?
Of course customers would prefer to pay at the last possible moment. With a static inventory that's released all at once (which isn't really how it's done most times now) they don't really have that luxury for popular events, resellers or not.
My point is that there's no guarantee the value of tickets. Depending on the event, they often reduce in cost. Selling a large amount early reduces risk exposure. These days there's a bit of everything going on, and usually there are certain amounts of inventory released initially, and more come in clumps over time, possibly at different prices depending on demand and what the secondary market looks like, as well as there being a subset of inventory from the very beginning that has dynamic pricing to respond quickly to market conditions and serve some of the need of the secondary market. As Ticketmaster started tun run their own secondary market they quickly utilized the data that gave them to change how they functioned on the primary market.
> We're not talking about free money, we're talking about payment in exchange for work. You're taking out a loan that comes with obligations. ... And I don't know about you, but I sure as heck don't enjoy being perpetually in debt to someone. I'm not saying it's bad if you're fine with it, I'm saying it doesn't seem remotely true that everyone is fine with it.
Importantly, there are many links in this chain, and people taking their cut along the way (although less than there used to be since Live Nation /Ticketmaster has serves the role of multiple parties in many cases). This is how the industry works at the large tour level. You contract for a lot of work over a long period, sometimes more than a year, and then proceed to execute on that plan. As someone that gets a normal paycheck, I admit it's not that appealing to me either, but let's not fool ourselves into thinking it's strange. All sorts of small businesses work on this idea, and when you're doing fixed cost work, you would rather have the money up front, as it allows for more options. Any tradesperson that does large projects has to deal with this to a lesser degree. General contractors, electricians, etc. It's a normal part of contract based work. Most people are forced into what the industry has settled on as acceptable practices and can't dictate difference, so for the vast majority "if you're fine with it" is a foregone conclusion because if you're not you've probably found some other way to make a living.
One music festival issues ID-linked tickets using a lottery 8 months in advance. If only the richest people attended, it would actually destroy the festival. And no, they can't hold it more than once each year so that prices drop.
Nobody wants to fix the scalpers problem because, to the Ticketmaster monopoly, scalpers aren't a problem. The Ticketmaster monopoly values known, consistent, derisked revenue over possible lottery ticket windfalls with the possibility of complete wipeout. Scalpers do exactly that.
Scalpers are only a problem to fans. And scalpers are only a problem online because they can wipe out the entire ticket base. The "solution" is to introduce offline friction to the problem--anything which requires a person to show up and buy only a limited number of tickets. Unfortunately, that introduces a lot of uncertainty into the system instead of guaranteed cash flow and the business side finds that to be anathema.
However, the real solution is to bust up the Ticketmaster monopoly. If each of the individual actors (ticket sales, venue owner, performers) have to operate independently and have to de-risk at each point, scalpers become an enemy to be neutralized.
I also have a completely unjustified suspicion that scalping is hiding a lot of money laundering so lots of people have vested interest in it continuing.
If you want to remove scalpers, just make sure tickets are non-transferrable and run an auction for price discovery.
I built it on the blockchain years ago.
Consequently, even if there are "technical" solutions to scalpers, the socio-political aspects prevent the solution from being deployed.
Talk about decentralisation and anti-deplatforming makes no sense here. Concerts are a physical thing happening in the real world, organized by selected "centralized" entities. Venues can refuse to host an artist. Artist can "rug pull" by refusing to host. Imaginary tokens can't do anything about that, and we already have laws, contracts, and currencies that have been dealing with that for as long as these things existed.
If I spend $nnn on a ticket, there's some reassurance that if I get sick/called into a work or family emergency I can throw the ticket on Craigslist or some officially-sanctioned double-dipping scheme and at least get some of my expenditure back.
How much cheaper does it have to be to compensate for greater risk?
https://community.intercoin.app/t/intercoin-applications-auc...
also:
https://community.intercoin.app/t/applications-of-intercoin-...
The bots and scrapers aren’t black hat, Ticketmaster makes some nominal effort to “stop them”, but somehow those pesky hackers manage to figure out how to make Ticketmaster more money. Ticketmaster is adept at making the purchase experience high friction and difficult, so those bots must be really clever. (Lol)
Ticketmaster should be destroyed!
Bonus: buy ticket from scalpers after price settled, you will get a determined price, no more guessing and find inner peace.
The problem for scalpers is that if they buy too many tickets, the final price may become too high to be attractive for real buyers.
Yes, but no.
Somehow it is unethical for person/organization/etc putting on an event to make more money on tickets in hot demand.
...but ethical for opportunistic arbitrageurs to make that money.
This suggests a highly misguided notion of ethics.
Behavior is a big missing link. Many CAPTCHA services (including Google reCAPTCHA v3) claim to use behavioral analyses, but you can disprove this using Operator to fill out a form and see reCAPTCHA and other bot detection systems flag it as a human.
At Roundtable, we rely on first-order behavioral markers (keystroke, mouse, scroll, click) etc. When first-order are sufficiently spoofed, analyze higher-level cognitive traits (e.g. incongruent effect in Stroop)
We had some people use voice software to fill in survey responses. This flagged computer-generated assistance.
Generally speaking, it'll be more than a single click event (e.g. see https://x.com/_magrawal/status/1925985289568211168)
'Behavioral' is loosely defined, but it seems like the behavioral tells of Operator are quite simple
The internet used to be complicated requiring institutional knowledge about where to go and how to make things work, then it became simple, now it's back to becoming complicated requiring institutional knowledge about how to make things work.
This can be illustrated with Bitcoin mining. It uses SHA-256 hashing, and at first, mining was done on CPUs. But it turns out you can implement SHA-256 on GPUs, and it’s waaaay more power-efficient/fast; and so CPU mining rapidly became unviable. Then came FPGAs maybe (can’t remember if this was really a separate stage, or rapidly passed) and ultimately ASICs, all making it faster and more power-efficient.
The best Bitcoin mining rigs are more than four million times as power-efficient as any web browser in my powerful four-year-old laptop.
So that’s Bitcoin. Now how about these online bot prevention things, which must rely on only being able to use CPUs, doing proof-of-work?
They use SHA-256. Yes, the algorithm that Bitcoin has rendered useless for proving work on a CPU. Anubis and ALTCHA say they use SHA-256, and a glance at Friendly Captcha’s worker source includes familiar magic numbers.
So you know what comes next: if these things become valuable enough targets, people offload the solving to GPUs and ASICs. And once you have a power level difference factor of a few thousand or million, you can’t fix it by adjusting problem difficulty. No, current proof of work schemes are bad rate limiting, and they’ll need to rethink everything completely if they become popular.
I just don’t get why they didn’t at least start with something like Argon2d, which would at least stave off the evil day. Did they learn nothing from cryptocurrency? SHA-256 is almost the worst choice imaginable for a proof of work scheme, because of how much effort has already gone into undermining it.
I genuinely believe these bot prevention things would be approximately as effective, at least for now (and their choice of SHA-256 shows this is all they care about) if their script replaced the proof of work with a simple busy loop of similar duration, told the server it had done so, and the server trusted it. In their present form, I imagine someone who knows what they’re doing with hooking stuff in a headless browser, and writing code for a GPU or an ASIC, could effectively bypass any one of these services in less than a day, reducing the cost by a factor of thousands or millions.
Buying large concert tickets in China has required the buyer's personal ID since several years ago, and the personal ID associated with the ticket cannot be changed after the order is placed. At the entrance of those concerts they do verification based on ticket, ID card and facial recognition. There are still many scalpers who offers tickets even after they're "sold out", though. What they do is to let buyers lie they forgot their ID cards so that there's a higher possibility of entering with the ID card provided by scalpers (which they used to buy tickets). And by the way, the scalper don't have to provide their own ID card - personal information leakage is so common here.
2. Tickets are verified at entrance via time-sensitive QR code displayed in the app.
3. You can "resell"/transfer a ticket to another account (say, friend) via app for a small nominal fee with the cost of ticket refunded to you, but only if you provide ID (of any sort, which can be more or less reliably confirmed).
4. Ticket can be printed to obtain non-time-sensitive QR code, but only if you provide ID.
> This requires the creation of extensive centralized profiles about the people visiting your site.
Very nice wording to avoid/workaround GDPR/EDPS attention. So, they compare "me" to a "behaviour". Notice the words.. not "my behaviour" to "ProfileType_004 behaviour". Because that would be "profiling" and GDPR don't like profiling! So..
On the second quote, again, they compare something vague to "centralized profiles" (what I wrote as "ProfileType_004" above (or whatever they are called in each vendor). Again, the ether is compared/matched to a profile, so.. they profile us :)
ufff...
It's when we try to interact with random people that we get problems. Doing that will become less and less possible the more AI grows. We will have a future where trust is very important.
Individuals must register an account with government issued ID and the same level of KYC security as to open a bank account. This must be done a certain time in advance before the tickets for an event open.
You can only buy tickets for yourself or other already registered users whose username (or similar) you know - and only as long as you are buying a ticket for yourself too.
Some kind of exchange mechanism were a buyer can return a ticket to the pool and if someone else buys it, they get slightly less back than they paid in the first place, effectively allowing them to "resell" a ticket but at a slight loss (even if the platform takes a cut). Please don't use blockchain for this.
Maybe you can go full Chinese train tickets on this: you buy a ticket on an account backed by your government ID, and then your ID is what opens the platform gate for you. Your ID is your ticket.
This is pretty standard now in bot-heavy spaces like ticketing or sneaker drops. CAPTCHA often just ends up being a protocol to collect signals, and if those aren’t tightly bound to the browser/runtime, they get spoofed.
Also not surprised PoW isn’t holding up. Someone reverse engineered the PerimeterX PoW and converted it to CUDA to accelerate solving: https://github.com/re-jevi/PerimiterXCudaSolver/blob/main/po... At some point, it’s hard to make PoW slow enough for bots without also killing UX for humans on low-end devices.
It's incredibly easy to remove scalpers:
Sell each ticket with a name attached, ask for ID at the door.
That's it. Whatever hacker argument against this you are thinking up right in this moment, it is just wrong.
"What if I don't know who I'm going to ask to go with me?" - Then buy your ticket once you've figured that out.
As for tickets that are so popular that servers can't handle the demand: Make a lottery and give people one day to sign up for the lottery.
Scalpers have helped me out several times when I didn’t hear about an event until the last minute, so I don’t always think of them as an enemy to eliminate.
Patio11 has a piece on how, often, the optimum amount of fraud is not 0. Scalpers aren’t exactly that but informs the discussion.
Your name is on your bus card also, and your airline ticket, but I don't hear anybody complaining about loss of privacy for that.
Employee training on validation? They look at the ID and see if the name matches the name on the ticket. Anybody can do that without any training.
> Scalpers have helped me out several times when I didn’t hear about an event until the last minute, so I don’t always think of them as an enemy to eliminate.
They helped you by screwing over other people. You do not have higher value than any other person. Besides, organizers can save expensive last-minute tickets without needing scalpers.
I understand TM has a lot of power, but they do have to keep the average consumer on board.
> reason why scalpers can operate is because the artists and venues deliberately allow for it.
The problem isn't solved for a number of parties, from your own words. Despite working in the area, it doesn't feel like you've thought about it deeply. Or, maybe because you work in the area—cue Upton Sinclair quote.
In worst case, you've bought tickets and the person you invited can't come: You sell the ticket back to the venue for a refund.
This attitude reminds me of what happens al the time at hotel front desk: They're fully booked for a certain date and some people call and e-mail, asking the hotel to cancel other guests reservations to give them a room. Sorry, not going to happen. First come, first served.
And as I said in another comment, artists and venues can price and release their tickets in such a way that people who are willing to pay much more can get some last-minute tickets.
rendx•1mo ago
For a ticket platform like pretix that can be run self-hosted alongside the main site, this should give you enough signals to discriminate between normal users and bots, unless they are specifically targeting that site, or am I mistaken? Even just pure web server access logs may be sufficient on smaller sites so this might work even without JS?
jsnell•1mo ago
Doing any kind of access pattern analysis leaves you with the problem of handling false positives, and your proposal doesn't help with the accessibility problems.
IP addresses aren't a panacea here -- this is a high margin business where the attackers can switch to high cost / high quality proxies.
> unless they are specifically targeting that site
In this case the attackers would very specifically be targeting specific sites (ones selling tickets to events with more demand than supply).