If you want a good look at the state of the art in this field, look at Ticketmaster.
Ticketmaster uses both recaptcha and a pre-filtering solution they supply based on their own heuristics, as well as a complex user activity tracking system to determine whether you're a bot or not based on the activity you present and traffic you pass, so even if you pass all CAPTCHAs, they still might tell you to pound sand if you try to reserve something.
In the last few weeks, for select sales, they've even required unique phone numbers which they will SMS a number to or call and relay a code to which you need to enter just to get a single place in line for a sale.
I'm not sure of any company more actively on the forefront of prevented automated access than Ticketmaster (which makes it kind of funny when everyone chimes in about how Ticketmaster doesn't do anything to prevent brokers from getting all the tickets).
The problem is that what Ticketmaster is up against is people running specialized software that's able to emulate a browser, which ties into services that are specifically designed to beat CAPTCHAs in an automated manner using mechanical turk type solutions, but at a very low cost.[1] I have reliable testimony that some people spin up the largest AWS instance for an hour or so as needed, run this software, use a proxying service, and make 8k connections to queue up for tickets on a sale. Each AWS machine is another 8k positions in the queue. Every new layer Ticketmaster throws into the verification process knocks these people out for a couple weeks, until the company providing the software (which I believe charges a small percentage for every ticket purchased, so they fix problems fast) works around it. The arms race metaphor is very apt.
That's just one of the companies trying to circumvent Ticketmaster's road blacks for brokers. There are others that try to automate their purchasing to varying degrees. I myself work for a broker that takes a very different approach, where we use (relatively) very minimal automation, and have a person in front of a browser for every purchase (and we don't have many people at all), and instead try to make select purchases based of complex analysis and lots of data. Even that's gotten much harder in the last few years as venues and promoters have learned to play with the allocations of tickets, and hold large chunks of the inventory back to be released later at higher cost. I don't really see anything wrong with that, it's a market response to supply and demand, but it is unfortunately hidden in a purposeful manner, which affects not only brokers but the the end consumer, as market information is purposefully obfuscated (which makes the markets less efficient).
I've written on this multiple times before, so if anyone finds this interesting, just do an HN search for my username and Ticketmaster together.
1: https://anti-captcha.com/ (Scroll down and read their animated infographic for what is possibly the most amazing graphical metaphor of this I can imagine at step 4. It's so disturbing it's funny).
Ticketmaster uses both recaptcha and a pre-filtering solution they supply based on their own heuristics, as well as a complex user activity tracking system to determine whether you're a bot or not based on the activity you present and traffic you pass, so even if you pass all CAPTCHAs, they still might tell you to pound sand if you try to reserve something.
In the last few weeks, for select sales, they've even required unique phone numbers which they will SMS a number to or call and relay a code to which you need to enter just to get a single place in line for a sale.
I'm not sure of any company more actively on the forefront of prevented automated access than Ticketmaster (which makes it kind of funny when everyone chimes in about how Ticketmaster doesn't do anything to prevent brokers from getting all the tickets).
The problem is that what Ticketmaster is up against is people running specialized software that's able to emulate a browser, which ties into services that are specifically designed to beat CAPTCHAs in an automated manner using mechanical turk type solutions, but at a very low cost.[1] I have reliable testimony that some people spin up the largest AWS instance for an hour or so as needed, run this software, use a proxying service, and make 8k connections to queue up for tickets on a sale. Each AWS machine is another 8k positions in the queue. Every new layer Ticketmaster throws into the verification process knocks these people out for a couple weeks, until the company providing the software (which I believe charges a small percentage for every ticket purchased, so they fix problems fast) works around it. The arms race metaphor is very apt.
That's just one of the companies trying to circumvent Ticketmaster's road blacks for brokers. There are others that try to automate their purchasing to varying degrees. I myself work for a broker that takes a very different approach, where we use (relatively) very minimal automation, and have a person in front of a browser for every purchase (and we don't have many people at all), and instead try to make select purchases based of complex analysis and lots of data. Even that's gotten much harder in the last few years as venues and promoters have learned to play with the allocations of tickets, and hold large chunks of the inventory back to be released later at higher cost. I don't really see anything wrong with that, it's a market response to supply and demand, but it is unfortunately hidden in a purposeful manner, which affects not only brokers but the the end consumer, as market information is purposefully obfuscated (which makes the markets less efficient).
I've written on this multiple times before, so if anyone finds this interesting, just do an HN search for my username and Ticketmaster together.
1: https://anti-captcha.com/ (Scroll down and read their animated infographic for what is possibly the most amazing graphical metaphor of this I can imagine at step 4. It's so disturbing it's funny).