Ticket tips and Tricks for 2025 festival

[bob323]

47 minutes ago, parsonjack said:

Seetickets won't give you a session unless you've been through Queue-It.....the system checks that.  Simple as.

 

I was wondering from a technical perspective how do they know you've been through Queue-it

 

I'm assuming Queue-it will not route all traffic through to seetickets (like a load balancer)

 

but as dotdash79 said it's likely some sort of token or (edit: shared) session cookie - this is possibly what people are using to get their place in the queue swapped

Edited November 7 by bob323

[pigital]

45 minutes ago, parsonjack said:

Seetickets won't give you a session unless you've been through Queue-It.....the system checks that.  Simple as.

So we think it'll check whether you've been through the queue or not? Or will it just accept people if they've passed the queue screen? (referring to the video shared above, you can do this also without Adblock to get the same results to be honest)

[SticklinchJoe]

As a technophobe, all this talk makes my head spin. I'm just going to get on the website and see what happens.

[fraybentos1]

1 hour ago, parsonjack said:

Seetickets won't give you a session unless you've been through Queue-It.....the system checks that.  Simple as.

What do you think about different browsers and incognito sessions etc? Will each one give you a different queue position do you think?

 

[Supernintendo Chalmers]

47 minutes ago, SticklinchJoe said:

As a technophobe, all this talk makes my head spin. I'm just going to get on the website and see what happens.

 

In all honesty, I think that's probably the best plan for everyone. It is what it is.

[parsonjack]

1 hour ago, bob323 said:

 

I was wondering from a technical perspective how do they know you've been through Queue-it

 

See simply need to check incoming packet source at their gateway, probably the load balancer, and if it's not come from Queue-It they'll drop it.

[parsonjack]

25 minutes ago, fraybentos1 said:

What do you think about different browsers and incognito sessions etc? Will each one give you a different queue position do you think?

 

Popular opinion is that different browsers give different Queue-id's, but that's something to be confirmed on Thursday.  It is likely though that Edge and Chrome will give you the same queue position as they share the same underlying architecture.

 

Same with Incognito tabs at present....

 

 

[Joey Peeps]

Incredibly pessimistic about all this. I suppose there's an argument that's it a fairer system, so long as it works as intended, and they might be wishing to shake up the audience a bit which I totally get. But the old way had at least the perception of some agency within it, that preparation and persistence could give you some sort of advantage, however minimal. I never win anything from raffles or lotteries so not holding out much hope but it will allow an opportunity to try another festival next year if the Gods are against me. 

Edited November 7 by Joey Peeps

[belfast]

Who knows. People seem dead-set on this mindset of people who arent really assed about going will get attending. However, if you really weren't fussed about going would you really spend the money required to attend? 

 

Also, if there are so many people that will acquire tickets this year who usually wouldn't, would that not mean a higher chance of getting resale tickets? 

 

I'm not sure I fully buy into this idea of people basically 'not deserving to go as much as I' type comments. Glastonbury is no ones festival nor does it owe anyone anything for attending year after year. There are thousands upon thousands would absolutely loved to have been to even one and given anything to do so (never-mind getting to go to every single Glastonbury by being more tech-savvy).

 

It does come across sometimes as a sense of entitlement.

Edited November 7 by belfast

[Nobody Interesting]

1 minute ago, belfast said:

Who knows. People seem dead-set on this mindset of people who arent really assed about going will get attending. However, if you really weren't fussed about going would you really spend the money required to attend? 

 

Also, if there are so many people that will acquire tickets this year who usually wouldn't, would that not mean a higher chance of getting resale tickets? 

I reckon lots more who will not pay balances cos they don't like the 'lineup' will get tickets this way so lots more tickets available in the random queue place resale.
I have friends who were dead set on going this year for their 60th birthdays, they failed in November sales and when help was offered for the resale they decided to skip it cos the 'lineup' was not great............... and they work in the music industry!

[stuie]

1 hour ago, pigital said:

So we think it'll check whether you've been through the queue or not? Or will it just accept people if they've passed the queue screen? (referring to the video shared above, you can do this also without Adblock to get the same results to be honest)

 

See will reject your session if you don't have a Queue-it token or session ID.   Blocking it won't work 100%

[Joey Peeps]

15 minutes ago, belfast said:

 

I'm not sure I fully buy into this idea of people basically 'not deserving to go as much as I' type comments. Glastonbury is no ones festival nor does it owe anyone anything for attending year after year. 

 

I may have missed it but haven't seen any of this? 

[gsp8181]

Here's how it's working

 

You go onto glastonbury.seetickets.com. You'll hit an Akamai CDN which is protected with Akamai Bot Manager

 

It will calculate an initial score for you based on your hostname, IP address, useragent, ISP, and how many people are going through that IP. So if you're going through something dodgy like a cloud datacentre or a commercial VPN you'll be a lot higher. If you're going through a mobile network AND are a mobile phone you'll probably be given more leeway.

 

If your score is too high you'll be instantly blocked, if you're in the mid zone you'll be 'flagged', and if it's low you'll be let on instantly.

 

If you're in the midpoint you can usually tell because the first time you log into the website you'll see a short delay before you get on while it 'fingerprints' your browser. Whereby it uses Javascript to gather all the information it can and can identify you with surprising accuracy, from stuff like, do you have any custom fonts, what plugins do you have in your browser, to the weirder stuff like drawing animations and analysing them to see if your graphics card has any minute differences. So they can track you if you've got firefox and chrome on the same machine.

 

Akamai will then set a load of cookies to link you to a session.

 

They'll then continuously run the fingerprinting script to watch for changes. So if you transfer any queue cookies to another browser they'll figure it out pretty fast when suddenly that browser starts giving completely different information. It will also look at stuff like your mouse pattern and you tabbing in and out to build a behavioural pattern

 

They analyse it all serverside with machine learning to compare what you're doing, to that of a typical user and bot.

 

They can also link you to activity on previous Akamai sites to work out if you're bot like or not.

 

If it thinks you're a bot it will flag you for a ban which doesn't happen instantly but typically in a minute or two.

 

If you clear the cookie it will just refingerprint you and then ban you again.

 

Queue-It is integrated into the Akamai suite and uses Akamai session handling.

 

If you're on something that meets a typical shared IP pattern such as a CGNAT like using a phone on mobile data or on a work computer they will give you a lower score and more leeway basically. If you're logging on from those AWS instances you spun up you'll be given a high score. Plus like you might have different drivers, fonts, setups, running different mobile os versions, bought different device models, languages etc. If you're doing something it considers weird like running Linux, or keeping the tab in the background you'll be given a higher score.

 

My friends got a screen reader and triggered it trying to register so I guess they've got it on a pretty high setting. I emailed them to tell them

 

Also interesting is that the SeeTickets side after the CDN is not changed at all and still has the 'youre on a holding page, refresh in 20 seconds' active which I saw triggered the other day.

 

So i'm guessing the queueit will block access to the website until you're at the front of the queue and then give you a 10 minute token to access it normally

 

If they don't properly clear the queueit session then you will be able to buy as many tickets as you like in those 10 minutes

 

A lot of it is similar to how those click here if you're a human boxes work, sometimes they let you straight on because you look like a typical user from a typical network and haven't done anything funny, sometimes they might ask you to solve a picture puzzle if you're on a shared network, and if you're on a VPN it will blast you with tons of pictures that it intentionally makes very grainy to try and trip you up

 

I do DevOps work and have seen some presentations from their competitor so figured out how this ones working

Edited November 7 by gsp8181
explanation

[belfast]

Just now, Joey Peeps said:

 

I may have missed it but haven't seen any of this? 

There are comments daily due to the ticket process change of people will get going that aren't as deserving of going & it isnt fair on those who attend yearly. 

 

 

[DeanoL]

22 hours ago, Alvoram said:

What this hopefully means, if I am reading it right, is that, those who were cheating the system, won't be snapping up most of the tickets this time. BUT traditionally organised groups, those with spreadsheets etc, could win big. If every person listed on a spreadsheet is trying, with helpers, then once their group is sorted, that's at least 5 people, still in the queue, to move onto another group on the spreadsheet, increasing their chances. Just as used to be the case. 

With (hopefully*) less tickets being obtained through questionable means, that leaves more tickets in the pot for organised groups to take from. 

Unless I'm reading this completely wrong, if this new system works as intended, it's great news for most of us here (Unless you were one of those who was host file editing / cheating the system another way.) 

*This all depends on them implementing Akamai's bot protection properly, and it being effective, obviously. 

Theoretically it seems slightly worse for large groups. As previously if someone got in and got tickets for one group, they could try and get in again. That's not going to be possible now as they'll be at the back of the queue. 

 

But yeah, if people with bot farms were getting lots of tickets then that might be reduced (but it's always an arms battle with this sort of thing) which increases everyone elses chances.

[gsp8181]

1 minute ago, DeanoL said:

But yeah, if people with bot farms were getting lots of tickets then that might be reduced (but it's always an arms battle with this sort of thing) which increases everyone elses chances.

 

Techie people trying to script it will have their chances greatly reduced. The professional scalpers who have already defeated this system on ticketmaster will have it a lot easier than they did (and probably be guaranteed a ticket) as they will probably be able to fool the anti fingerprinting stuff.

[fraybentos1]

13 minutes ago, gsp8181 said:

Here's how it's working

 

You go onto glastonbury.seetickets.com. You'll hit an Akamai CDN which is protected with Akamai Bot Manager

 

It will calculate an initial score for you based on your hostname, IP address, useragent, ISP, and how many people are going through that IP. So if you're going through something dodgy like a cloud datacentre or a commercial VPN you'll be a lot higher. If you're going through a mobile network AND are a mobile phone you'll probably be given more leeway.

 

If your score is too high you'll be instantly blocked, if you're in the mid zone you'll be 'flagged', and if it's low you'll be let on instantly.

 

If you're in the midpoint you can usually tell because the first time you log into the website you'll see a short delay before you get on while it 'fingerprints' your browser. Whereby it uses Javascript to gather all the information it can and can identify you with surprising accuracy, from stuff like, do you have any custom fonts, what plugins do you have in your browser, to the weirder stuff like drawing animations and analysing them to see if your graphics card has any minute differences. So they can track you if you've got firefox and chrome on the same machine.

 

Akamai will then set a load of cookies to link you to a session.

 

They'll then continuously run the fingerprinting script to watch for changes. So if you transfer any queue cookies to another browser they'll figure it out pretty fast when suddenly that browser starts giving completely different information. It will also look at stuff like your mouse pattern and you tabbing in and out to build a behavioural pattern

 

They analyse it all serverside with machine learning to compare what you're doing, to that of a typical user and bot.

 

They can also link you to activity on previous Akamai sites to work out if you're bot like or not.

 

If it thinks you're a bot it will flag you for a ban which doesn't happen instantly but typically in a minute or two.

 

If you clear the cookie it will just refingerprint you and then ban you again.

 

Queue-It is integrated into the Akamai suite and uses Akamai session handling.

 

If you're on something that meets a typical shared IP pattern such as a CGNAT like using a phone on mobile data or on a work computer they will give you a lower score and more leeway basically. If you're logging on from those AWS instances you spun up you'll be given a high score. Plus like you might have different drivers, fonts, setups, running different mobile os versions, bought different device models, languages etc. If you're doing something it considers weird like running Linux, or keeping the tab in the background you'll be given a higher score.

 

My friends got a screen reader and triggered it trying to register so I guess they've got it on a pretty high setting. I emailed them to tell them

 

Also interesting is that the SeeTickets side after the CDN is not changed at all and still has the 'youre on a holding page, refresh in 20 seconds' active which I saw triggered the other day.

 

So i'm guessing the queueit will block access to the website until you're at the front of the queue and then give you a 10 minute token to access it normally

 

If they don't properly clear the queueit session then you will be able to buy as many tickets as you like in those 10 minutes

 

A lot of it is similar to how those click here if you're a human boxes work, sometimes they let you straight on because you look like a typical user from a typical network and haven't done anything funny, sometimes they might ask you to solve a picture puzzle if you're on a shared network, and if you're on a VPN it will blast you with tons of pictures that it intentionally makes very grainy to try and trip you up

 

I do DevOps work and have seen some presentations from their competitor so figured out how this ones working

Really interesting, thank you.

 

What would your advice be then? No different tabs or incognito windows etc? Just stick to one device per IP?

[Talcroft]

34 minutes ago, gsp8181 said:

Here's how it's working

 

You go onto glastonbury.seetickets.com. You'll hit an Akamai CDN which is protected with Akamai Bot Manager

 

It will calculate an initial score for you based on your hostname, IP address, useragent, ISP, and how many people are going through that IP. So if you're going through something dodgy like a cloud datacentre or a commercial VPN you'll be a lot higher. If you're going through a mobile network AND are a mobile phone you'll probably be given more leeway.

 

If your score is too high you'll be instantly blocked, if you're in the mid zone you'll be 'flagged', and if it's low you'll be let on instantly.

 

If you're in the midpoint you can usually tell because the first time you log into the website you'll see a short delay before you get on while it 'fingerprints' your browser. Whereby it uses Javascript to gather all the information it can and can identify you with surprising accuracy, from stuff like, do you have any custom fonts, what plugins do you have in your browser, to the weirder stuff like drawing animations and analysing them to see if your graphics card has any minute differences. So they can track you if you've got firefox and chrome on the same machine.

 

Akamai will then set a load of cookies to link you to a session.

 

They'll then continuously run the fingerprinting script to watch for changes. So if you transfer any queue cookies to another browser they'll figure it out pretty fast when suddenly that browser starts giving completely different information. It will also look at stuff like your mouse pattern and you tabbing in and out to build a behavioural pattern

 

They analyse it all serverside with machine learning to compare what you're doing, to that of a typical user and bot.

 

They can also link you to activity on previous Akamai sites to work out if you're bot like or not.

 

If it thinks you're a bot it will flag you for a ban which doesn't happen instantly but typically in a minute or two.

 

If you clear the cookie it will just refingerprint you and then ban you again.

 

Queue-It is integrated into the Akamai suite and uses Akamai session handling.

 

If you're on something that meets a typical shared IP pattern such as a CGNAT like using a phone on mobile data or on a work computer they will give you a lower score and more leeway basically. If you're logging on from those AWS instances you spun up you'll be given a high score. Plus like you might have different drivers, fonts, setups, running different mobile os versions, bought different device models, languages etc. If you're doing something it considers weird like running Linux, or keeping the tab in the background you'll be given a higher score.

 

My friends got a screen reader and triggered it trying to register so I guess they've got it on a pretty high setting. I emailed them to tell them

 

Also interesting is that the SeeTickets side after the CDN is not changed at all and still has the 'youre on a holding page, refresh in 20 seconds' active which I saw triggered the other day.

 

So i'm guessing the queueit will block access to the website until you're at the front of the queue and then give you a 10 minute token to access it normally

 

If they don't properly clear the queueit session then you will be able to buy as many tickets as you like in those 10 minutes

 

A lot of it is similar to how those click here if you're a human boxes work, sometimes they let you straight on because you look like a typical user from a typical network and haven't done anything funny, sometimes they might ask you to solve a picture puzzle if you're on a shared network, and if you're on a VPN it will blast you with tons of pictures that it intentionally makes very grainy to try and trip you up

 

I do DevOps work and have seen some presentations from their competitor so figured out how this ones working

This is fascinating. So am I possibly better on my mum's pathetic simple machine compared to software engineer husband's "all sorts of weird stuff downloaded" laptop - so I get a low risk fingerprint? 

[bob323]

49 minutes ago, gsp8181 said:

Here's how it's working

 

You go onto glastonbury.seetickets.com. You'll hit an Akamai CDN which is protected with Akamai Bot Manager

 

It will calculate an initial score for you based on your hostname, IP address, useragent, ISP, and how many people are going through that IP. So if you're going through something dodgy like a cloud datacentre or a commercial VPN you'll be a lot higher. If you're going through a mobile network AND are a mobile phone you'll probably be given more leeway.

 

If your score is too high you'll be instantly blocked, if you're in the mid zone you'll be 'flagged', and if it's low you'll be let on instantly.

 

If you're in the midpoint you can usually tell because the first time you log into the website you'll see a short delay before you get on while it 'fingerprints' your browser. Whereby it uses Javascript to gather all the information it can and can identify you with surprising accuracy, from stuff like, do you have any custom fonts, what plugins do you have in your browser, to the weirder stuff like drawing animations and analysing them to see if your graphics card has any minute differences. So they can track you if you've got firefox and chrome on the same machine.

 

Akamai will then set a load of cookies to link you to a session.

 

They'll then continuously run the fingerprinting script to watch for changes. So if you transfer any queue cookies to another browser they'll figure it out pretty fast when suddenly that browser starts giving completely different information. It will also look at stuff like your mouse pattern and you tabbing in and out to build a behavioural pattern

 

They analyse it all serverside with machine learning to compare what you're doing, to that of a typical user and bot.

 

They can also link you to activity on previous Akamai sites to work out if you're bot like or not.

 

If it thinks you're a bot it will flag you for a ban which doesn't happen instantly but typically in a minute or two.

 

If you clear the cookie it will just refingerprint you and then ban you again.

 

Queue-It is integrated into the Akamai suite and uses Akamai session handling.

 

If you're on something that meets a typical shared IP pattern such as a CGNAT like using a phone on mobile data or on a work computer they will give you a lower score and more leeway basically. If you're logging on from those AWS instances you spun up you'll be given a high score. Plus like you might have different drivers, fonts, setups, running different mobile os versions, bought different device models, languages etc. If you're doing something it considers weird like running Linux, or keeping the tab in the background you'll be given a higher score.

 

My friends got a screen reader and triggered it trying to register so I guess they've got it on a pretty high setting. I emailed them to tell them

 

Also interesting is that the SeeTickets side after the CDN is not changed at all and still has the 'youre on a holding page, refresh in 20 seconds' active which I saw triggered the other day.

 

So i'm guessing the queueit will block access to the website until you're at the front of the queue and then give you a 10 minute token to access it normally

 

If they don't properly clear the queueit session then you will be able to buy as many tickets as you like in those 10 minutes

 

A lot of it is similar to how those click here if you're a human boxes work, sometimes they let you straight on because you look like a typical user from a typical network and haven't done anything funny, sometimes they might ask you to solve a picture puzzle if you're on a shared network, and if you're on a VPN it will blast you with tons of pictures that it intentionally makes very grainy to try and trip you up

 

I do DevOps work and have seen some presentations from their competitor so figured out how this ones working

 

thanks... that sounds likely

 

So the best way to increase your chances are multiple machines

 

do you know if the fingerprinting tech can spot Firefox containers (I suspect so)

[gsp8181]

34 minutes ago, fraybentos1 said:

Really interesting, thank you.

 

What would your advice be then? No different tabs or incognito windows etc? Just stick to one device per IP?

 

The system that they have moved to should be more tolerant of more than one device on an IP address because ultimately many ISPs now have CGNAT and mobile internet has had it since forever. Essentially, one IP can be a ton of devices, plus uni students and people at work have the same issue. More than one device should be OK (but taking the mick might not be), different tabs will be instantly picked up, incognito is detectable and will affect your bot score.

[gsp8181]

24 minutes ago, Talcroft said:

This is fascinating. So am I possibly better on my mum's pathetic simple machine compared to software engineer husband's "all sorts of weird stuff downloaded" laptop - so I get a low risk fingerprint? 

 

It depends on how much hes poked around websites. But I can see a lot of posts where people say 'I got tickets on this banged up ipad when I was trying on my brand new PC all morning'

 

Another thing that I forgot to mention is that Queue-It can be set up not as random as it claims. Some people can have priority

 

Quote

Queue-it benefited from EdgeWorkers in other ways. It can easily and accurately determine when someone should be directed to its waiting room. It can also execute complex logic at the edge, such as to determine whether someone is an everyday visitor or a VIP.

 

so who knows if all the bots are silently dumped at the back of the queue

 

I personally will not be opening the glastonbury website until pretty soon before the sale to minimise my digital fingerprint on that website (i.e. the filters might not be set up correctly and might block people a la oasis if you've had the page open all day and it's got used to you doing nothing and then you suddenly move around like a mad man, but it's paranoia)

[gsp8181]

14 minutes ago, bob323 said:

do you know if the fingerprinting tech can spot Firefox containers (I suspect so)

 

Yeah you can fingerprint the environment in pretty complex ways. Try opening https://coveryourtracks.eff.org in another container. The "Hash of canvas fingerprint" should be the same along with all the other data. So they can figure out it's you on the same connection.

[Justcalledtosay]

1 hour ago, belfast said:

 

 

I'm not sure I fully buy into this idea of people basically 'not deserving to go as much as I' type comments. Glastonbury is no ones festival nor does it owe anyone anything for attending year after year. There are thousands upon thousands would absolutely loved to have been to even one and given anything to do so (never-mind getting to go to every single Glastonbury by being more tech-savvy).

 

It does come across sometimes as a sense of entitlement.

It reeks of entitlement.

[TheFullShaboo]

16 minutes ago, gsp8181 said:

 

The system that they have moved to should be more tolerant of more than one device on an IP address because ultimately many ISPs now have CGNAT and mobile internet has had it since forever. Essentially, one IP can be a ton of devices, plus uni students and people at work have the same issue. More than one device should be OK (but taking the mick might not be), different tabs will be instantly picked up, incognito is detectable and will affect your bot score.

 

Lets say i have 3 devices on same wifi, but on one device i'm making a lot of 'bot activity' - multiple browsers, tabs, incognito ect - would the block be imposed on the specific device? The IP address? All 3 devices?

 

Apologies if this is a daft question, i know very little about the technical details involved but can assure you i'm desperate for a ticket 😄

[parsonjack]

1 hour ago, gsp8181 said:

They analyse it all serverside with machine learning to compare what you're doing, to that of a typical user and bot

 

Unfortunately when it comes to 'typical users' what you're describing is probably accurate for most people trying for a ticket these days.

 

G2025 is going to be full of Nanna's isn't it?