Ticket tips and Tricks for 2025 festival

[The other Bellboy]

19 hours ago, Alvoram said:

10 minutes I think, but I've seen some people suggest they were backspacing for even longer than 10 minutes!!! So there's a chance that even that wasn't working properly.

You wouldn't want it much less than that though, due to the server issues, payment issues and how painfully slow the site can get in general, especially on a mobile device. I think when all said and done, after all of the blocked screens that I had to refresh through, and entering the data, then processing payment etc, I was a good 5 minutes just doing one. 

There was no way the backspacing and repeating only lasted 10 minutes in total, I had a lot of issues getting through the access denied screen and so by the time I had completed the purchase I must have been very close, if not out of the 10 minutes, then after getting the tickets I jumped around the room a bit to celebrate, grabbed a drink and then decided to go back to the phone and take some screen shots of each page. Went back, expecting to just get the page before so I could take a picture of that, but went to the reg numbers page. I cleared this manually then entered my spare reg number as a test, expecting it to kick me out but it didn't, so I went to the next page - no access denied this time, still expecting to get kicked out, but again all good, then got the payment screen and as this was my NZ reg number I went and got my NZ card. Now I was realising that this could actually work, so I decided to get a reg number for someone who would want to go, so I went to my emails, found the number, then went back again to try and change the reg, but got the all tickets have been allocated message, so I went forward again, entered the payment details and proceeded - all the time thinking that it would get stopped. The only message I got was that an order had already been placed by this email address and did I still want to continue, I did and that was it, all done. There's no way I did all of this in 10 minutes, none what so ever.

I only booked 2 tickets the first time and 1 the second (since cancelled with SEE), so my affect was small, and I never expected that it was going to be allowed. But from what I saw, if you got through early enough and without any issues, i believe you could have placed multiple orders easily

 

[hoopy67]

Been catching up on this thread.

 

Got a ticket this year and my views are the same last year (when I missed out):

 

The blame for the utilised loopholes lies with SeeTickets. It's a case of hating the game rather than the player. I doubt many people would reject a ticket bought for them which was obtained via an exploit.

[incident]

6 hours ago, Splodge said:

If I came out of the Sunday sale without a ticket I would be praying that (aside from fixing the obvious bugs such as the “rejected queue number” one) they didn’t touch a thing for the resale.

 

I disagree with this. From my perspective the system "as is" has gone too far in terms of being gameable and exploitable, to the extent that just on that basis alone I'm delighted I don't have to do it again come April. While I can and did take actions that contributed to success this time around, I think possibly in April and if not definitely for the next festival it'd be necessary to go much further just to get comparable results.

 

The basic problem is that they way they've set it up, from now on this sale is 100% an arms race - far more than it ever was or could have been before. If nothing changes then very quickly it's going to get to the point where it becomes unlikely to get tickets without to be blunt far more effort than it's worth - thousands of sessions, generated Queue IDs, it's all been covered in this thread over the past few days, generally much further across "the line" than I'm willing to go.

[jonnytee1]

13 hours ago, Ryan1984 said:

I did 11 consecutive Glastonburys from 2003 to 2015 (2006 and 2012 were fallow years, right?) and have no tech know-how/only ever bought two tickets in that time. Very lucky and privileged to do that many through sheer perseverance. I think maybe one of two were down to success in the resale.

I'll stick to my original point in that, that is extremely lucky but well done you! Happy for you 100%

 

I must also add that if anyone does get tickets for Glasto in any way  -  I would not begrudge them or call them names however disappointed  I was unlike some others on this thread who have been a bit close to the mark (not you)

 

Mind you on the other hand, i wouldn't gloat too much that i am going anyway  -  just live happily in my little bubble 

[NotAnInsider]

12 minutes ago, incident said:

The basic problem is that they way they've set it up, from now on this sale is 100% an arms race - far more than it ever was or could have been before. If nothing changes then very quickly it's going to get to the point where it becomes unlikely to get tickets without to be blunt far more effort than it's worth - thousands of sessions, generated Queue IDs, it's all been covered in this thread over the past few days, generally much further across "the line" than I'm willing to go.

Sums it up.

 

I wouldn't be surprised if the same WhatsApp groups that were taking payment for guaranteed tickets are operating again; there is clearly good money in it for them and by not cancelling last years tickets its become worth them investing in more methods to game the system.

 

All these exploits are detectable; Queueit stores a load of data about each queue_id - it's how they understand how it's working and where they can improve it. They can easily go back and see the devices that spun up a bunch of queue_ids and cancel those tickets.

 

They weren't tough enough last year and as a result it's quickly getting out of hand as a result. IF they don't act now where does it end? Does it even end? 

[hoopy67]

16 minutes ago, incident said:

 

I disagree with this. From my perspective the system "as is" has gone too far in terms of being gameable and exploitable, to the extent that just on that basis alone I'm delighted I don't have to do it again come April. While I can and did take actions that contributed to success this time around, I think possibly in April and if not definitely for the next festival it'd be necessary to go much further just to get comparable results.

 

The basic problem is that they way they've set it up, from now on this sale is 100% an arms race - far more than it ever was or could have been before. If nothing changes then very quickly it's going to get to the point where it becomes unlikely to get tickets without to be blunt far more effort than it's worth - thousands of sessions, generated Queue IDs, it's all been covered in this thread over the past few days, generally much further across "the line" than I'm willing to go.

 

On reddit, someone was hypothesising that SeeTickets didn't turn on out of the box features for Queue-IT and/or akamai. They theorised that turning on these features would have inhibited some of the exploits. Would you agree with that?

 

I ask you because you seem very knowledable! Think we also interacted last year with respect to your analysis on how the host file exploit worked (NB to all: Incident did not use this exploit)

[incident]

1 minute ago, hoopy67 said:

On reddit, someone was hypothesising that SeeTickets didn't turn on out of the box features for Queue-IT and/or akamai. They theorised that turning on these features would have inhibited some of the exploits. Would you agree with that?

 

I neither agree nor disagree, just because I don't know what those features are, or how effective they may be.

 

Until approximately a month ago, I was blissfully ignorant on the subject of Queue-It, having never encountered it before (at least not in a situation where it mattered), so I'm still playing catch-up.

Edited 5 hours ago by incident

[dmilne25]

45 minutes ago, incident said:

The basic problem is that they way they've set it up, from now on this sale is 100% an arms race - far more than it ever was or could have been before. If nothing changes then very quickly it's going to get to the point where it becomes unlikely to get tickets without to be blunt far more effort than it's worth - thousands of sessions, generated Queue IDs, it's all been covered in this thread over the past few days, generally much further across "the line" than I'm willing to go.

 

It was already an 'arms race' lol. Do you not think this was the case when you could have hundreds of sessions/browsers/devices spam refreshing to get tickets? If anything it's toned down a bit now since you get your place in queue and that's it.

 

Generated queue IDs I'll give you thats fair enough, but there have been comparably dodgy workarounds in the past.

[incident]

Just now, dmilne25 said:

It was already an 'arms race' lol. Do you not think this was the case when you could have hundreds of sessions/browsers/devices spam refreshing to get tickets? If anything it's toned down a bit now since you get your place in queue and that's it.

 

Generated queue IDs I'll give you thats fair enough, but there have been comparably dodgy workarounds in the past.

 

It was already an arms race, to an extent, of course. But that was somewhat limited by having to babysit the connections due to the system not being perfect. It didn't reach anywhere near the level it will be.

 

Sounds like you've not thought through what's possible with the new setup.

[rebus]

I think this year caused a lot of people to be more careful because of the new system.  It created fear that if you pushed boundaries then you were going to get recognised as a bot and not get through at all.  

 

What seemed to happen though was the anti bot stuff was very light and it was all about getting as many entries in the queue as possible without worrying too much about unique IPs etc.  Those that were careful had reduced chances.

 

Personally I think See bottled it with the bot detection and went light as the press for loads of people getting blocked would look worse and there would of been far more people complaining. 

[uscore]

it'll be quite good press in a way - the resales will show just how popular the festival has become. Over 19 billion people waiting in the ticket queue.

[rebus]

It probably comes down to a combination of

i) The issue with not wanting places like halls of residence to be at a disadvantage

ii) See tickets not making you log on like Ticketmaster do (having to logon would still create the issue of people having multiple accounts though)

[parsonjack]

16 minutes ago, rebus said:

It probably comes down to a combination of

i) The issue with not wanting places like halls of residence to be at a disadvantage

ii) See tickets not making you log on like Ticketmaster do (having to logon would still create the issue of people having multiple accounts though)

 

I think the festival are also acutely aware of the cost of deploying more measures to deter bots or other 'unfair' ticket buying strategies when every penny eats into the sums that they are able to donate to deserving charities.  Without increasing ticket costs to offset that of course.

[rebus]

9 minutes ago, parsonjack said:

 

I think the festival are also acutely aware of the cost of deploying more measures to deter bots or other 'unfair' ticket buying strategies when every penny eats into the sums that they are able to donate to deserving charities.  Without increasing ticket costs to offset that of course.

 

Apologies all for the offtopicness, but quick Q for parsonjack.

Is the George hotel decent enough for a Tuesday night pre festival stay?  Just booked in there and was just looking to stay somewhere in a small town that had somewhere for a very quiet of course drink and brekkie before driving in on weds morning.  

[parsonjack]

11 minutes ago, rebus said:

 

Apologies all for the offtopicness, but quick Q for parsonjack.

Is the George hotel decent enough for a Tuesday night pre festival stay?  Just booked in there and was just looking to stay somewhere in a small town that had somewhere for a very quiet of course drink and brekkie before driving in on weds morning.  

 

Hi...yes the George is a decent choice, and you'll probably find others staying there pre-Fest.  The bar/restaurant there has recently been fully refurbished and has a good choice of grub and Wadworth's ales etc.  The other good pub choice is The Three Swans up King St just opposite the George.  Don't bother with The Blue Boar by the bridge though 😬

 

If you need any more info just shout.

[Physical_graffiti]

1 hour ago, NotAnInsider said:

 

They weren't tough enough last year and as a result it's quickly getting out of hand as a result. IF they don't act now where does it end? Does it even end? 

 

what's the evidence for them not being tough enough last year? How is it getting out of hand? I'd be surprised if 1% of the attendees were there via a hack, and same with this year. I've never spoken to anyone in real life or at the festival who's even aware of nefarious ways of getting tickets, obviously this is my anecdotal feedback, but it's essentially a tiny fraction of people - here and reddit are where it's discussed but this isn't representative of the real world. If you read these places you'd be forgiven for thinking everyone was at it. The effect of any of this is hugely exaggerated - like has been discussed, See can see the IP addresses, if it was a major issue ruining their ticket sales they'd do something about it. 

 

28 minutes ago, parsonjack said:

 

I think the festival are also acutely aware of the cost of deploying more measures to deter bots or other 'unfair' ticket buying strategies when every penny eats into the sums that they are able to donate to deserving charities.  Without increasing ticket costs to offset that of course.

Yeah totally this. Everyone there is a punter who is desperate to be there, regardless of how they bought tickets. If an inconsequential amount of those have 'cheated' as they have the IT knowledge to do so - is that really that morally bad if their group of 6 mates are at the festival instead of another random group of 6 who would've got in in their place. You'd imagine the cost to rectify (that would be diverted away from charity) just isn't considered worth it in the interests of a notion of 'fairness' on ticket day.

 

I say this as someone who has never 'cheated' (I do NOT have the IT knowledge) 😁

[Clareno7]

16 hours ago, Skip997 said:

Or has built up loads of useful contacts over the decades and worked hard to maintain them and has worked hard on site thus ensuring they’re invited back 

I like this. We do a significant amount of volunteering to cover ourselves, should we need to and this year, we're so grateful for our tickets (yet again!) that we've commited to volunteering at the festival. We won't be taking up anyone else's place as we won't eat into their allocation. 

[incident]

1 minute ago, Physical_graffiti said:

what's the evidence for them not being tough enough last year? How is it getting out of hand? I'd be surprised if 1% of the attendees were there via a hack, and same with this year.

 

I agree that the number of tickets that went via the hosts hack will be vastly overestimated by many.

 

But even I wouldn't go as low as 1%. I'd guess at somewhere about 5% maybe. Much more than that and the systems being exploited would have shown signs of struggling under the load.

 

And it must be stressed, that hole was fixed shortly after the November 2023 sale so was no longer an issue in this years resale onwards. If they hadn't fixed it - it probably would have still been available to bypass the new queue.

 

This year? Depends a lot on what you call a hack - but if we draw "the line" at people running all the devices they can muster with a handful of browser on each being ok (ie something anyone could do), and buggering about with containers, cloud infrastructure, generated queue IDs, outright bots not ok - then I reckon it was probably around 5% again, maybe a shade over. Yes, still a fairly small minority but my concern and expectation is that if nothing changes that percentage will increase significantly each sale from now on given how many different routes to exploit the system there now are, with and some of them ridiculously easy for someone with the right skills/resources.

 

They really need to make a change. Either tighten up the queue dramatically, revert back, or try something else. They can't keep it as is.

[assorted]

1 hour ago, incident said:

They really need to make a change. Either tighten up the queue dramatically, revert back, or try something else. They can't keep it as is.

 

I’ve seen a rumor saying they will be changing it to a ballot in 2027, and this is just for this year only. 

 

Similarly, there were rumors in all 3 places (Reddit, this thread here, Discord) that there would be barely any bot/mutiple-session detection in the sales. I can vouch for this because I was in all 3 places reading them. It’s just other people weirdly ignored them and kept arguing otherwise. 

 

Following what you’re saying, the resale should be interesting in terms of needed escalation… my guess is the coach sale, you wanted at least 25 sessions for 1 to get in - by the general you needed 50 sessions to aim for in hopes for one to get in. Resale?!?!?!? (While  still having one or two devices on a different IP being “honest” in case they drop the hammer and spend on defense.)

[incident]

5 minutes ago, assorted said:

I’ve seen a rumor saying they will be changing it to a ballot in 2027, and this is just for this year only.

 

In all honesty, I'd be shocked if the festival had a firm plan for 2027 yet. Would expect that kind of conversation to happen one they post-mortem the 2025 event - especially with the luxury of a fallow year during which they can take their time and consider things properly (and will still have >20 full time staff to call upon).

[incident]

9 minutes ago, assorted said:

my guess is the coach sale, you wanted at least 25 sessions for 1 to get in - by the general you needed 50 sessions to aim for in hopes for one to get in.

 

And yeah, those numbers broadly align with my thinking.

[Splodge]

1 hour ago, incident said:

 

They really need to make a change. Either tighten up the queue dramatically, revert back, or try something else. They can't keep it as is.

Not having a go, just curious. Would you be happy to have your chances of tickets lessened by any of these changes. Or do you not think they would lessen your chances?

There’s likely a middle ground where they patch the obvious exploits, introduce stricter queueit/akamai settings and prevent repeat purchases on one queue id, but even then it’s really likely to work against you in future sales. It could spin out of control as it stands, but it could just as easily overcorrect the other way.

 

It would be a fairer system, but is that honestly what we really want. I may well just be morally bankrupt, but I imagine there’s a large chunk of people in this forum that just want the best chance at a ticket.

[dougal1]

4 hours ago, The other Bellboy said:

There was no way the backspacing and repeating only lasted 10 minutes in total, I had a lot of issues getting through the access denied screen and so by the time I had completed the purchase I must have been very close, if not out of the 10 minutes, then after getting the tickets I jumped around the room a bit to celebrate, grabbed a drink and then decided to go back to the phone and take some screen shots of each page. Went back, expecting to just get the page before so I could take a picture of that, but went to the reg numbers page. I cleared this manually then entered my spare reg number as a test, expecting it to kick me out but it didn't, so I went to the next page - no access denied this time, still expecting to get kicked out, but again all good, then got the payment screen and as this was my NZ reg number I went and got my NZ card. Now I was realising that this could actually work, so I decided to get a reg number for someone who would want to go, so I went to my emails, found the number, then went back again to try and change the reg, but got the all tickets have been allocated message, so I went forward again, entered the payment details and proceeded - all the time thinking that it would get stopped. The only message I got was that an order had already been placed by this email address and did I still want to continue, I did and that was it, all done. There's no way I did all of this in 10 minutes, none what so ever.

I only booked 2 tickets the first time and 1 the second (since cancelled with SEE), so my affect was small, and I never expected that it was going to be allowed. But from what I saw, if you got through early enough and without any issues, i believe you could have placed multiple orders easily

 

When you say your second order 'since cancelled by See' what do you mean? They're contacting people and cancelling orders placed via the backspace method? 

[Physical_graffiti]

1 hour ago, incident said:

 

They really need to make a change. Either tighten up the queue dramatically, revert back, or try something else. They can't keep it as is.

 

If I were Glastonbury though, I'd be like, well why do we need to change? Tiny fraction 'cheated', but none went to touts, all went to people who want to attend. Sold all tickets. 'Smoother' sale than last year. Less money on IT security = more money for charity. If they ever got the data to say the majority of tickets were going via hackers fair enough, but it's probably a case of they'll cross that bridge when they come to it, likely never.

 

(For the record I was much more a fan of the refresh system, and they can easily close down the 'hacks' pertinent to that.)

[incident]

5 minutes ago, Splodge said:

Not having a go, just curious. Would you be happy to have your chances of tickets lessened by any of these changes. Or do you not think they would lessen your chances?

 

I mean, I'm in the slightly luxurious situation in that I expect / intend 2025 to be my last one anyway*, so I can happily not worry about it. But I'd be confident enough in my own skills, and access to resource, that if needed I could navigate any obstacle bar maybe a "pure" ballot (which even aside from that is a genuinely awful idea)

 

* after starting in 2004, and not missing any since, it's time - would likely have taken 2025 off and come back for a final one in 2026 except that the fallow year came earlier than expected.

 

10 minutes ago, Splodge said:

There’s likely a middle ground where they patch the obvious exploits, introduce stricter queueit/akamai settings and prevent repeat purchases on one queue id, but even then it’s really likely to work against you in future sales. It could spin out of control as it stands, but it could just as easily overcorrect the other way.

 

Personally I think those specific changes would be likely to work in my favour. Though of course there are other changes they could make that wouldn't.