Scalpers Work With Hackers to Liberate Ticketmaster's ‘Non-Transferable’ Tickets
Scalpers Work With Hackers to Liberate Ticketmaster's ‘Non-Transferable’ Tickets
Scalpers have reverse-engineered how Ticketmaster creates tickets, and are now generating and selling them on their own parallel infrastructure.
A lawsuit filed in California by concert giant AXS has revealed a legal and technological battle between ticket scalpers and platforms like Ticketmaster and AXS, in which scalpers have figured out how to extract “untransferable” tickets from their accounts by generating entry barcodes on parallel infrastructure that the scalpers control and which can then be sold and transferred to customers.
By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removing the anti-scalping restrictions put on the tickets by Ticketmaster and AXS.
So Ticketmaster and AXS are suing to maintain their monopoly on scalping?
This is one of those fights where you just hope everyone involved loses. Beyond losing, I’d prefer they all fall into a bottomless pit, but I’m not sure that’s attainable.
214I'd
buyscalp tickets to watch that.46Nah, I want Ticketmaster specifically to loose. Fuck them.
37Scalpers are a problem that transcend Ticketmaster. Heck, they transcend the world of event tickets. Scalpers are a pain in so many areas. Fuck them.
2
Let's hope for a long legal flight where Ticketmaster ends up getting broken up, but Ticketmaster drags the scalpers down with them in legal fees.
3
Jesus, is there any way both sides can lose? Because fuck ticket scalpers, but fuck Ticketmaster too.
144I mean Ticketmaster basically are scalpers
68Ticketmaster is worse than scalpers.
43
I'm going to go out on a limb and say that at this point Ticketmaster might be one of the most hated company in America.
100Eh....
Bank of America, Comcast, Wells Fargo, Amazon, Google...
Just to name a few.
Ticketmaster is in the top 25 for sure.
I miss old-school Consumerist and their annual Worst Company in America brackets.
68Most of those have more indirect disgust. They still have some redeeming qualities for their users.
Ticketmaster is almost universally understood to be nothing other than a petty middle man extracting fees for no reason other than they can.
55I used to work for Comcast and one time after they had won the "Worst Company in the World" contest two years in a row they sent out a company-wide email telling them to participate in the contest and vote for some other company. Everyone I knew there participated in the contest but we didn't follow the instructions exactly lol.
11Permanently Deleted
1
Yah. Pearl Jam spent years in limbo because they thought everyone would join the fight. But no big name artists ever did because no one wanted to rock the boat. During COVID ticketmaster / clear channel/liveNation/ iHeartRadio whatever have continued to consolidate. They own the tickets they own the resell websites they own most of the big venues they can demand merch sales at the venue. If you refuse they can remove you from playing their venues.
At this point it would take 10+ huge artists to final kill this beast. We are talking Taylor Swift / Beyonce big that actually have complete creative control. I don't even think most top artists have that. They would have to organize everything and they would probably lose union contracts for stage craft and audio, lights, transportation. Basically they would have to start their own ticket & touring companys that outdoor fields and sports areas? and would have to stick it out for years and convince a good majority to stop buying tickets from any place using Ticketmaster.
70The big artists don’t fight this because they make more money under the status quo, and Ticketmaster takes all the heat and they can play victim while raking in the cash.
43the Cure isn't exactly huge anymore but they did it. All it takes is the artist to have respect for their fans.
22To them it's a feature, not a bug.
7
Fuck ticketmaster. Fuck scalpers also. But ticketmaster are also scalpers so fuck them twice.
60Ticketmaster also own Stubhub and provides pre sale services to them before the gen pub gets to even see the tickets
Ticket master (live nation) shouldn't exist IMO
23
And there are technical details from the reverse-engineering of Ticketmaster’s ticket format here. tl;dr: it’s two of the TOTP authentication codes you use for 2-factor authentication rolled into a barcode, along with some additional data.
55This is equal parts informative and hilarious. Ticketmaster sucks.
28The conclusion says it best:
I think we can all agree: Fuck TicketMaster. I hope their sleazy product managers and business majors read this and throw a tantrum. I hope their devs read this and feel embarrassed. It’s rare that I feel genuine malice towards other developers, but to those who designed this system, I say: Shame.
Shame on you for abusing your talent to exclude the technologically-disadvantaged.
Shame on you for letting the marketing team dress this dark-pattern as a safety measure.
Shame on you for supporting a company with such cruel business practices.
Software developers are the wizards and shamans of the modern age. We ought to use our powers with the austerity and integrity such power implies. You’re using them to exclude people from entertainment events.
46
I absolutely fucking hate Ticketmaster's way of doing this, because they require access to your phone. And they won't let me use my normal VPN, or anything that blocks them from having location access. I would rather drive to the goddamn venues--what are about 90 minutes from my home--and buy tickets in person, than to deal with Ticketmaster or AXS "security" measures that attempt to circumvent my security.
49While you're forced to use ticketmaster you can still avoid installing their app via https://am.ticketmaster.com/
8When I go to that right now, from my desktop, I get:
"Your Session Has Been Suspended
Something about your browsing behavior or network made us think you were a bot.
What can I do to resolve this?
Try again from a different device or a different location
Ensure you have enabled JavaScript in your web browser
Remove any third party browser plugins that may be running"
This is because I run all my traffic through a VPN, and Ticketmaster isn't able to harvest information from me that it wants. It expects me to allow them full access to who I am and where I am, rather than just giving me what I'm paying for.
4
Permanently Deleted
6
Yes they're TOTP codes and Ticketmaster gives you the secret. You do in fact have the ticket.
In the blog post, Conduition explains that, essentially, these tickets work in the same way as two-factor authentication codes in authenticator apps. These are called “Time-based One-Time Passwords,” and can be generated offline (like a 2FA code). Ticketmaster basically shares a secret, unique token with the person who bought the ticket. This token allows the Ticketmaster app to generate a “new” ticket every 15 seconds based on the time of day. Once the device has this token, it is possible to generate the tickets no matter whether it's online or not. As Conduition found, if you’ve bought a ticket, this token can be extracted from within the Ticketmaster app (or, in some cases, from Ticketmaster’s desktop website), exported to a third-party platform, and tickets can then be generated on that third-party platform.
44Normally I LOATHE scalpers.
But for these guys I'm willing to make an exception.
31I make that exception for all, I don't like scalping but I dislike the attack on the ownership right to resell even more.
12Weird Situation to be in.. I kinda like breaking ticket masters bullshit, but also fuck scalpers. They are the reason you cant resell your tickets, cause they buy up huge blocks of tickets and exploit peoples intense desire to see a show by selling them for 2,4,8x or more for what they would have cost if the consumer could have bought them directly.
Also fuck ticket master too for exploiting their monopoly to turn 20 dollar tickets into 1000 dollar tickets
Its like watching two groups of awful people fight eachother, where the only good outcome is if they end up killing eachother.
7
Still, fuck the scalpers, they did this to get more. I'm fine with the hackers as this fucks over Ticketmaster but also the fans
6
The original reporting by 404media is excellent in that it covers the background context, links to the actual PDF of the lawsuit, and reaches out to an outside expert to verify information presented in the lawsuit and learned from their research. It's a worthwhile read, although it's behind a paywall; archive.ph may be effective though.
For folks that just want to see the lawsuit and its probably-dodgy claims, the most recent First Amended Complaint is available through RECAP here, along with most of the other legal documents in the case. As for how RECAP can store copies of these documents, see this FAQ and consider donating to their cause.
Basically, AXS complains about nine things, generally around: copyright infringement, DMCA violations (ie hacking/reverse engineering), trademark counterfeiting and infringement, various unfair competition statutes, civil conspiracy, and breach of contract (re: terms of service).
I find the civil conspiracy claim to be a bit weird, since it would require proof that the various other ticket websites actually made contact with each other and agreed to do the other eight things that AXS is complaining about. Why would those other websites -- who are mutual competitors -- do that? Of course, this is just the complaint, so it's whatever AXS wants to claim under "information and belief", aka it's what they think happened, not necessarily with proof yet.
27although it's behind a paywall
Pedantic to call it a “loginwall”/“emailwall”?
404’s reporting is so good, if anyone with that caliber of content made entering an email the standard I’d be okay with that. (I used an anonymous forwarding address, specific to them.) I think it’s worth the time setting up a forwarding address & setting filters as necessary to keep their emails out of your inbox if you can’t stand the thought, hope it helps their metrics.
12
After one of the researchers published their findings in February, brokers tried to hire the researcher to build ticket transfer services for them.
... so they could be silenced by an NDA.
16at this point in life I think I already saw all the bands I wanted in concert. I think I can afford to boycot these mfs and stick to local concerts that dont use that garbage company.
11Every year we have a local indie music festival run by our city. It's free, and bands have their albums available for sale there. That's where I go for live music, it's way better than those mega bands anyway.
10
They got some "fuck you got mine" mentality now?
8I don't buy anything on ticketmaster. I won't install their app.
I still see people I want to see. I just may have to travel to do so.
6So ticketmasters tickets were so unsecured that some hackers were able to break the scheme? Hmm, maybe they should have employed a professional then...
4generating entry barcodes on parallel infrastructure
I guess that reverse engineering itself isn't illegal, but creating tickets without the real ticket seller's authorization seems plain fraud IMHO.
4I won't count it as fruad unless they double sell it. It's only as far breaching the tos.
23
hackers help ticket resellers raise ticket prices for everyone
1Permanently Deleted
-1Monopolies are the opposite of choice.
9Artists don't have enough money in the bank to enact what would basically be a strike. If they stopped playing Ticketmaster venues, they'd basically stop playing actual venues entirely. They'd have to play tiny independent venues, where they'd end up losing money, because they physically can't sell enough tickets to cover the cost of time, travel, paying roadies, etc. Or, the ticket prices would be inaccessibly high.
The problem with live shows is directly attributable to the effective monopoly that Ticketmaster has, allowing them to fuck over artists and venues equally.
4The very few artists who do, and have the creative freedom to so do are probably the only ones who could get away with this. Convention Centers don't seem to have the same density of existing Ticketmaster relationships, and while they'd have to pay to bring in seating at some, I bet they could do it for something similar to Ticketmaster's middleman fees.
I'm not sure the difference between costs for concert venues and convention centers, but if it's anywhere near comparable, it could be feasible.
1