Slashdot Mirror

← Back to Stories (view on slashdot.org)

Concert Ticket Retailer AXS Collects Personally Identifiable Data Through Its App, Which is Mandatory To Download, and Sells It To 3rd Party Without Anonymizing (theoutline.com)

Posted by msmash on from the day-light-robbery dept.

AXS, a digital marketplace operated by Anschutz Entertainment Group (AEG), is the second largest presenter of live events in the world after Live Nation Entertainment (i.e. Ticketmaster). Paris Martineau of The Outline reports that the company forces customers to download a predatory app which goes on to snatch up a range of personally identifiable data and sells it to a range of companies, including Facebook and Google, without ever anonymizing or aggregating them. From the report: The company requires users to download an app to use any ticket for a concert, game, or show bought through AXS, and it doesn't come cheap. AXS uses a system called Flash Seats, which relies on a dynamically generated barcode system (read: screenshotting doesn't work) to fight off ticket scalping and reselling. [...] Here's a brief overview of all of the information that can be collected from just the mobile app alone, nearly all of which is shared with third parties without being anonymized or aggregated: first and last name, precise location (as determined by GPS, WiFi, and other means), how often the app is used, what content is viewed using the app, which ads are clicked, what purchases are made (and not made), a user's personal advertising identifier, IP address, operating system, device make and model, billing address, credit card number, security code, mailing address, phone number, and email address, among many others. [...] AXS also shares the personal data collected on its customers with event promoters and other clients, none of whom are bound even by this (extremely lax) privacy policy.

21 of 82 comments (clear)

  1. Credit card #? by b0s0z0ku · · Score: 5, Insightful

    Name, credit card #, CVN, and EXP? Can't wait till they're on the hook for a massive credit card fraud spree -- should be fun to watch them get sued into bankruptcy.

    1. Re:Credit card #? by b0s0z0ku · · Score: 3, Insightful

      Regardless, that's probably against the card companies' TOS. Can't wait for the firm to be hammered with lawsuits.

    2. Re:Credit card #? by originalGMC · · Score: 2

      Nobody is forcing them to download anyhting. If you don't want the app then don't pay rip-off fees to go see some talentless shit-heel sing and dance.

      It's this kind of shithead mentality that makes me proud to be an american.

    3. Re:Credit card #? by Luthair · · Score: 2

      Do they proactively disclose it upfront? Or do they bury this in the EULA?

      I've said this before on similar topics, we need laws around the reasonable expectations of the average user. The normal expectations of buying a concert ticket do not include being doxxed.

    4. Re:Credit card #? by CrimsonAvenger · · Score: 2

      Its surprising they don't run a fowl of credit card processing agreements.

      A CHICKEN??? Really?

      --

      "I do not agree with what you say, but I will defend to the death your right to say it"
    5. Re:Credit card #? by Khyber · · Score: 3, Interesting

      The credit card companies will absolutely do something. That this info is easily identified means it's not protected or encrypted, which runs afoul of a slew of PCI-DSS compliance rules. The credit companies will stop anything of this size from happening. They do not want the fraud hit.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    6. Re:Credit card #? by WolfWalker545 · · Score: 2

      In this post, we see someone that has never had to go through a PCI audit or training.

    7. Re:Credit card #? by DarkRookie · · Score: 2

      It did
      Where have you seen any kind of fitting punishment for Experian.
      Nothing but a couple of slaps on the wrist.
      Where is the $3.7 trillion fine they deserved.

      148000000 records times $25000 per record lost (since it was cause they didn't patch something. If it was something else, I would lower the fine amount.)

      --
      The millennial that doesn't like most of the stuff designed for millennials.
  2. WTF by darkain · · Score: 2

    Try reading the actual article. I couldn't muster the entire thing because the amount of asinine bullshit in it. It really reads as through the guy just read through the TOS for AXS app, and didn't understand half of it, and so made false conclusions based on piecing unrelated parts together.

    Can the app collect your credit card number? Of course, it is a commerce app for purchasing tickets.

    Can the app share information to Facebook? Of course, what app DOESNT have a "SHARE THAT I'M AT THIS CONCERT RIGHT NOW" feature.

    Are these two features directly linked? Of fucking course not. But both exist in the same TOS, therefor the article writer is making false conclusions based on their own idiotic click-baitery sensationalistic bullshit.

    1. Re:WTF by Registered+Coward+v2 · · Score: 2

      Try reading the actual article. I couldn't muster the entire thing because the amount of asinine bullshit in it. It really reads as through the guy just read through the TOS for AXS app, and didn't understand half of it, and so made false conclusions based on piecing unrelated parts together.

      I would agree. Going to the AXS website shows you can still do the email ticket to print at home, will call, or "Download the app and no more worries about losing a ticket or realizing you left the ticket at home the moment you arrived at the venue. " I'm guessing the writer assumed the app was the only way to get a ticket, didn't bother to check the AXS website, and then went off on the rant.

      --
      I'm a consultant - I convert gibberish into cash-flow.
  3. Re:stoopit by jetkust · · Score: 3, Informative

    Who the hell would download an app to buy a ticket?

    Someone who is told they must download an app to buy a ticket. But that isn't even what has happened here. They were told they have to download an app and create an account after already buying the ticket.

  4. 4 letters by Tomahawk · · Score: 3, Interesting

    GDPR

    It's because of stuff like this that the GDPR was put in place in the EU. The rest of the world really should follow suit.

    https://en.m.wikipedia.org/wik...

  5. Forced? by sinij · · Score: 2, Informative

    I recently went to a show, and while many people used apps to show bar codes, printed version that I presented worked just as well.

  6. Re:stoopit by whoever57 · · Score: 5, Informative

    They were told they have to download an app and create an account after already buying the ticket.

    Their terms of purchase make no mention of the app, so this looks like AXS is breaking their contracts.

    --
    The real "Libtards" are the Libertarians!
  7. Re:stoopit by originalGMC · · Score: 3, Informative

    most venues in seattle don't charge the ridiculous fees if you show up in person to box office hours. Also I've bought tickets from this company before and never downloaded the app. They did tell me I had to download the app though, which I ignored. The tickets were emailed to me like immediately.

  8. AEG = Philip Anschutz by Anonymous Coward · · Score: 2

    Wikipedia page is here. He's a Christian conservative, worth over $12B, and owns a multitude of businesses in a variety of different industries.

  9. Re:Regulate the SOBs by Alain+Williams · · Score: 3, Informative

    This is the sort of thing that the EU's GDPR is supposed to address. Hopefully it will provide a model for other jurisdictions, I think that California's Privacy Bill is along the same lines.

    The other thing that we badly need are devices that let us lie to apps; show them the profile that we want them to know. It should also be illegal for apps to refuse to work if they detect that they are being lied to.

  10. Re:stoopit by Anonymous Coward · · Score: 3, Interesting

    So what if (like my wife) you don't have a smart phone?

    I frequently ask the same question, since like your wife, I don't have a smart phone either.

    I can't tell you how often some helpful idiot of a cashier or whatever tries to direct me to their app .. sorry, no, don't have apps, don't want apps. What's that? You can't answer my question but you're sure the company app can help? Nope, sorry, I'm simply going somewhere else.

    Fucking apps. Everything is a goddamned app. And every fucking one of them primarily exists to scrape your personal information and sell it. At this point, I think it's safe to conclude that all apps are written by incompetent morons on behalf of greedy assholes, so why would I trust anybody's app?

    Sorry, no, I'm not playing that game.

    Let me know when we've reached peak app, and I can stop hearing about it.

  11. Re: I have to ask by sajavete · · Score: 3, Informative

    https://www.gdpreu.org/complia... Actually, the GDPR sets fines to as high as 2-4% of the violating company's annual revenue or €10-20B (whichever is higher :)), not just one transaction. Basically it means that: "if you mess with our people's rights, we will bury you in the smoking ruins of your HQ"

  12. And they probably know who you vote for. by Myself · · Score: 2

    Several years ago, we were talking about Gracenote's metadata, it came up that your musical tastes are a shockingly accurate predictor of your political leanings.

    So consider that this metadata just helped all those "partners" build an even more accurate profile of you.

  13. Re:Reselling tickets by Anonymous+Brave+Guy · · Score: 2

    There are some more legitimate grounds for trying to limit the resale market as well. Some high profile artists have been really cracking down on this in the UK recently, because it had reached the point where automated bots were just buying up all the tickets to gigs within moments of them becoming available and then the tickets were being sold on almost immediately but at much-inflated prices on the second hand market.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.