
Ticketing App AXS Scrapes Everything It Can Get from Your Phone (2018) - mlthoughts2018
https://theoutline.com/post/5628/how-a-concert-ticket-steals-your-personal-data
======
liquidise
AXS has an incorrigible treatment of VPNs built into every step of their
checkout process. Some highlights:

\- expect 5-6 pages of captchas during the process. Each will require multiple
steps of attempts

\- page loads are articially delayed 30+ seconds per page

\- the payment form CATEGORICALLY REJECTS payments from known VPN ips claiming
the payment was rejected from your bank

I’ve learned these lessons the hard way using AXS as they have a vicegrip on
the Denver concert scene. While they used to be a refreshing alternative to
Ticketmaster their newfound approach to privacy is absurd. Instead you spend
minutes identifying sidewalks and street lights only to discover it was all a
ruse and your were literally incapable of purchasing tickets in the first
place. This is using a denver vpn to purchase tickets to small local shows.

Convenience indeed.

~~~
selckin
Well stopping bots from buying tickets and vpns so they can resell them at
insane prices is exactly why events need AXS type stuff, and then they abuse
that for their own anti-consumer actions

~~~
jlangenauer
I’ve never understood why tickets can’t have your name on them, with ID
checked at the venue. That’d stop scalping.

~~~
mlthoughts2018
There are a lot of corner cases. What if I want to give some of the tickets to
a friend who has to arrive late and meet me inside the venue? What if I want
to do legitimate reselling on a website like Stubhub (many events encourage
this even, like reselling sports tickets if you can’t make it, so that the
seat doesn’t go empty and the stadium can make money on concessions... this
happens all the time if you’re a season ticket holder for a particular team;
you just frequently can’t make it and need to resell).

Personally I wish tickets were just bearer bonds. If you have the paper ticket
in your hand, you get in, all else be damned.

Then to solve scalping or bots, try to invent solutions that offer tickets to
verified long-time fans / supporters first, then use a pre-registered (not
day-of) lottery system to allow general purchases.

------
minimaxir
Relevant context: the AXS app is required for this year's BlizzCon:
[https://blizzcon.com/en-us/news/22938865](https://blizzcon.com/en-
us/news/22938865)

Which is how the permissions issues resurfaced:
[https://www.reddit.com/r/wow/comments/bkd5ew/you_need_to_hav...](https://www.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/)

------
Animats
What happened to that Android mod which returned fake data to apps that wanted
too many permissions? Fake contacts list, fake location, fake stored data,
etc.

~~~
mox1
Still available, runs on top of this: [https://www.xda-developers.com/xposed-
framework-hub/](https://www.xda-developers.com/xposed-framework-hub/)

Edit: here is the Xposed module:
[https://github.com/M66B/XPrivacy](https://github.com/M66B/XPrivacy)

------
crankylinuxuser
If I'm required an app for a "ticket", they can go fuck themselves.

Maybe that sounds simplistic. But I don't care.

~~~
millstone
This is a failing of Apple (and Google? not sure what their motivations are
here). Smartphone apps need to be ephemeral, up and running in <5 seconds and
deleted as quickly. The heavyweight install/delete process means they're going
to be fighting against the web's tide.

~~~
acdha
> Smartphone apps need to be ephemeral, up and running in <5 seconds and
> deleted as quickly.

Since the latter two points have been true for years, I’m assuming this comes
down to what you have in mind by “ephemeral”? Something about whether it
leaves an App Store purchase record behind or can persist data using e.g.
iCloud?

------
maccam94
I thought I was going to read that this app asked for extra permissions to
scrape contacts/etc, but instead it mostly sounds like stuff that you'd give
to any app that you would purchase physical goods with (Amazon, etc). The
difference compared to buying on the Ticketmaster website is... the
advertising ID, I guess?

The real problem here is the privacy policy. I think we've been conditioned to
click through agreements and enter personal information for purchases because
normally we're dealing with reputable businesses. I think the only solution
here is legislation that prevents businesses from storing or disseminating
personal information unless it is necessary to provide the service requested.

------
rdiddly
_" You either agree to the terms of service, or you don’t use the product —
which, in this day and age, often isn’t a viable option."_

Gonna stop you there...

What day and age are we in where you _have to_ go to concerts?

I mean yes I agree it's an invasion of privacy. The thing is, you have to vote
with your feet!

~~~
colejohnson66
So because one doesn’t _need_ something, one can’t complain about it?

~~~
rdiddly
Complain all you want. Sometimes nowadays it even works, just through the
sheer power of a Twitter shitstorm. But complaining -- essentially asking
someone else to fix things -- that's one of the very first things a human baby
learns. And it only works if there's someone more powerful than you, on your
side, who protects and looks out for your interests. Good luck with that -
maybe you noticed who's in the White House (and whom he put in charge of the
FCC and the FTC and so on). And certainly the AXS/AEG people aren't on your
side: they're your adversaries! Complaining to them is like asking your no-
good abusive husband to please stop beating you, while you continue paying his
rent and getting beaten. You need to get out of there!

Besides, NOBODY is more powerful than you in this case! You're the one (you
and your fellow buyers) with all the money that AEG depends on! So when it
comes time to actually stop complaining and _do something_ about this kind of
crap, there are many things you can do, starting with the obvious: Absolutely
Stop Supporting Them Monetarily. Even better: organize a widespead boycott.
And then all the time and money you save by not going to concerts (or only
going to small cheap local ones where you can actually talk & hang out with
the artists), you can get yourself a guitar or a copy of Ableton Live or
whatnot, and start teaching yourself!

This article points out (or complains about, to use your phrase) a problem
that does exist, and needs to be pointed out/complained about. But then
instead of taking the next logical step ("everybody stop supporting these
assholes please"), it instead spreads hopelessness and despair by saying _"
They know they can get away with [this crap], so they do. And so they will,
until anyone with enough power to enact systematic change cares enough... to
actually do something about it."_ That's a clear appeal to the "someone more
powerful" that I mention above, and if they don't do anything, we're all just
totally helpless, right? Weak sauce.

