this post was submitted on 08 Jul 2024
230 points (99.6% liked)

News

23409 readers
2609 users here now

Welcome to the News community!

Rules:

1. Be civil


Attack the argument, not the person. No racism/sexism/bigotry. Good faith argumentation only. This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban. Do not respond to rule-breaking content; report it and move on.


2. All posts should contain a source (url) that is as reliable and unbiased as possible and must only contain one link.


Obvious right or left wing sources will be removed at the mods discretion. We have an actively updated blocklist, which you can see here: https://lemmy.world/post/2246130 if you feel like any website is missing, contact the mods. Supporting links can be added in comments or posted seperately but not to the post body.


3. No bots, spam or self-promotion.


Only approved bots, which follow the guidelines for bots set by the instance, are allowed.


4. Post titles should be the same as the article used as source.


Posts which titles don’t match the source won’t be removed, but the autoMod will notify you, and if your title misrepresents the original article, the post will be deleted. If the site changed their headline, the bot might still contact you, just ignore it, we won’t delete your post.


5. Only recent news is allowed.


Posts must be news from the most recent 30 days.


6. All posts must be news articles.


No opinion pieces, Listicles, editorials or celebrity gossip is allowed. All posts will be judged on a case-by-case basis.


7. No duplicate posts.


If a source you used was already posted by someone else, the autoMod will leave a message. Please remove your post if the autoMod is correct. If the post that matches your post is very old, we refer you to rule 5.


8. Misinformation is prohibited.


Misinformation / propaganda is strictly prohibited. Any comment or post containing or linking to misinformation will be removed. If you feel that your post has been removed in error, credible sources must be provided.


9. No link shorteners.


The auto mod will contact you if a link shortener is detected, please delete your post if they are right.


10. Don't copy entire article in your post body


For copyright reasons, you are not allowed to copy an entire article into your post body. This is an instance wide rule, that is strictly enforced in this community.

founded 1 year ago
MODERATORS
 

A lawsuit filed in California by concert giant AXS has revealed a legal and technological battle between ticket scalpers and platforms like Ticketmaster and AXS, in which scalpers have figured out how to extract “untransferable” tickets from their accounts by generating entry barcodes on parallel infrastructure that the scalpers control and which can then be sold and transferred to customers.

By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removing the anti-scalping restrictions put on the tickets by Ticketmaster and AXS.

In the lawsuit, AXS said brokers are delivering “counterfeit” tickets to “unsuspecting consumers,” and that they are “created, in whole or in part by one or more of the Defendants illicitly accessing and then mimicking, emulating, or copying tickets from the AXS Platform.” The lawsuit accuses these services of hacking and states that AXS does not know how they are doing it. But the tickets themselves are often not counterfeit at all, and in the vast majority of cases, they scan as genuine.

Two security researchers we spoke to reverse engineered how Ticketmaster generates ticket barcodes and showed how scalpers can generate genuine tickets for concerts themselves. The system that works for Ticketmaster is also likely to work for AXS tickets, which use similar “rotating barcodes” that change every few seconds. After one of the researchers published their findings in February, they were approached by brokers and were asked to build ticket transfer services for them.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 24 points 4 months ago (4 children)

Since the rotating codes work like TOTP, then the same risks exist as OTPs as long as the scalper has possession of the token for a ticket. Am I understanding this right that the scalper buys a legit ticket to extract the token, then it can be used any number of times to get in a venue? I thought their system should be able to identify a token/ticket has already been scanned after it's first used? That's why there are no re-entry rules at most venues.

Either way, if all ticket resales are restricted to be sold at original purchase price, this issue will resolve itself. But nooo, because TM and AXS also get a piece of the pie in the resale market.

[–] CountVon 22 points 4 months ago (1 children)

Am I understanding this right that the scalper buys a legit ticket to extract the token, then it can be used any number of times to get in a venue? I thought their system should be able to identify a token/ticket has already been scanned after it’s first used? That’s why there are no re-entry rules at most venues.

I don't think the intent of the scalpers is to allow ticket reuse. Like you say, there are likely additional checks at the gate when a bar code is scanned. If a rotating barcode is cloned, only the first person to scan is going to get in. Everyone else who tries to use a clone of that now-used barcode is going to get denied entry because the door staff's scanner is going to throw a "ticket already used" error of some kind. So while it's technically possible to clone one of these rotating barcodes, just like it's possible to have multiple authenticators producing the same OTPs, there's no point in doing so.

What the scalpers are after is a platform that allows them to resell tickets without giving TicketMaster a cut. TicketMaster allows their rotating-bardcode tickets to be transferred to a wallet app like Google Wallet. Wallet apps like Google Wallet have features to allow you to transfer tickets to another user's wallet, but the wallet specification also includes a flag for whether wallet-to-wallet transfers are allowed. TicketMaster sets that flag so you cannot give (or sell) your ticket to someone else using your own wallet, instead you have to go through something that TicketMaster controls. For transfers to friends and family, TicketMaster forces you to use their app. For reselling tickets, TicketMaster forces you to use their reselling site. TicketMaster's primary motive is obvious: they want to take a cut of ticket resales, and this is how they do that.

The whole thing is a legal fight between two utterly shitty groups, TicketMaster and scalpers. Here's hoping they somehow both lose.

[–] [email protected] 10 points 4 months ago (1 children)

The whole thing is a legal fight between two utterly shitty groups, TicketMaster and scalpers. Here's hoping they somehow both lose.

That was my take. On the one hand, fuck TicketMaster. But on the other hand, fuck scalpers. I wish venues would only allow a max of like 20 tickets being sold to any one entity. That way Ticket Master dies and scalpers are only able to make a little bit of money.

[–] [email protected] 6 points 4 months ago (1 children)

TM and Livenation own the venues as well IIRC.

[–] [email protected] 3 points 4 months ago

They do. Even if just contractorial, they own them.

load more comments (2 replies)