And at least for me, frequency beats duration. I make more progress when I play consistently for even 10 minutes every day than when I play for 90 minutes on Sunday afternoon.

I saw your other comment, and that was your fault for not having access to your own e-mail account. Asking you to sign in with a verification code isn't blocking your ticket with "no recourse".

Not to mention, you can usually just go to the ticket office and they can look up your ticket if your app isn't working. Obviously they don't advertise this because they don't have enough people to handle if everybody did that. But they're not trying to lock you out from your own ticket.

Perhaps somewhere deep in the terms of service that approximately zero customers have ever read, it says "Use of this ticket is contingent upon having immediate access to the email address associated with your account." Regardless, it seems unreasonable for them to expect that every user will have connectivity. If that is a requirement, they should state it more clearly.

Websites and apps commonly require you to log in again when you haven't used them for some time period anyways.

These days, yes, having connectivity and being able to verify a code is just standard practice. It's just security.

That's the point, though - we shouldn't need always-on, 24/7-access to email for everything always and forever. You're just victim-blaming at this point.

>Sorry but you've made that up. That's not a thing.

I have a very fun and exciting story about being locked out of my Google Wallet account for that very thing while on vacation. My primary Google account is still banned from performing any monetary transactions as a result, 10+ years later.

And what I said is "not a thing" is TicketMaster preventing you from entering an event because you've changed location and that you "have no recourse". You definitely have recourse, there are a number of ways, just like it seems like that person did.

So funny, HN is usually pro-security and pro-2FA.

This conversation isn't circular, you're the one who seems to be missing that this is just standard practice, and for good reason. People try to pull all kinds of scams with tickets. Requiring you merely to log in with 2FA is not problematic.

Case in point: I traveled from St. Louis to Houston for a concert a few years ago. Before I left home to catch my flight, I installed the Ticketmaster app on a phone and verified that I could bring up the tickets. When I tried it again in my hotel an hour before the conference, it no longer worked because the fraud detection in their app was apparently confused as to why I was now in Houston.

Fixing this took 45 minutes on hold to get a support agent and a frantic call to my wife so she could check the disused email address I used to sign up for Ticketmaster 20 years earlier and get the verification code they sent.

There are a lot of reasons to dislike digital tickets, but this is one of them. I used to go to dozens of concerts every year. Now it's such a hassle that I don't bother unless it's small venue that doesn't play these games.

We attended a once-in-a-lifetime show last fall (a performer who is aging and likely won't tour again) a two hour drive away. I wouldn't install the Ticketmaster app and played an old man "character" with the box office to get them to print my tickets and hold them at will call. I played the "we are driving in from out of town" card, etc, and they accommodated me.

I tried that with a closer venue a couple of months ago and got told, in no uncertain terms, "no app no admittance". I knuckled-under and loaded the app on my wife's iPhone (which she insists on keeping because Stockholm syndrome, I assume). I feel bad that I gave in (because it makes me part of the problem). I really wanted to see the show and I wasn't willing to forego it on principle. (Kinda embarrassing, actually.)

Not to justify it, but we've been fighting this kind of crap for a long time with credit cards and their bonehead "anti-fraud" checks. I'm often on the phone with my credit card issuers every time I travel somewhere because their moronic systems think "different country = fraud" and lock me out until I call them and perform their pointless rituals for them over the phone. Even if you tell them in advance that you're traveling (which I object to because my vacation plans are none of their business), they still often get it wrong and flag you.

Don't do that. Create a new account with the email address you have access to.

Apps require you to sign in again all the time, and send a verification code to your e-mail to do so. Changing locations is, yes, a reason to require sign in.

Sorry, but that one's on you.

Because in the context of signing in, its role is that of a user ID.

Ticketmaster spams that address constantly. It's a valid email address, to be sure, but they've trained me over the years never to look at it. They certainly didn't do any multi-factor authentication when I bought the tickets, only when I was preparing to use them (despite having accessed them on that very device two days earlier).

This is the bane of my existence. I manually copy/paste/delete a half-dozen codes from my email/SMS every single day.

If I was ruler, I'd mandate every one of these switch to TOTP 2FA and outright ban email verification other than for password resets.

What? TicketMaster is the only app I use that does this. Probably because it's too hard for end-users to get rid of it. If some Telegram or some food delivery app or something tried to periodically re-prompt me to log in because I went outside my house or whatever, it would get uninstalled and replaced with something that didn't.

Maybe it's not about the money. Maybe he does not want the negative consequences that come along with having a smartphone. Maybe he has dexterity issues that make using a smartphone difficult. Maybe he doesn't want to install their invasive app. Maybe he finds that paper tickets are easier to manage. Maybe he recognizes that the vendor made this change to benefit themselves at the expense of the fans, as it allows them greater control of the resale market.

I own a smartphone but prefer paper tickets. Luckily I can (and do) still get them at my team's stadium, although I have to pick them up in person.

In 50 years, everyone's going to have an advertisement-injecting brain implant, and stores are going to require you to have one in order to purchase anything, and they'll lock you out of commerce as a filthy Luddite if you don't get one. And, 50 years from now, commenters on HN will defend those businesses because the implant is "modern" and supporting those ancient smartphones and credit cards is hard to do.

When I run into this (most recently at a hospital), I tell them "The court doesn't allow me to have a smart phone because I'm a hazard to national security.†"

When they argue (very rarely), I tell them "Take it up with judge Kelso in the 225th District Court. He's in the phone book." That's usually enough for them to break out the backup non-smartphone plan. In my experience, there's always another way, but they're just too lazy to do it.

† Absolutely a lie, but I really don't GAF.

I’ve been here and I’ll say I’d rather lose in logical argument, then win through lies. It’s so corrosive and people who know you either know this about you or will learn it. Turn back now while there’s still a chance.

I'd be inclined to take something like that as the customerspeak version of "fuck off" rather than the person being crazy

I happened to name Mitnick because of the "national security" example.

I noticed that you haven't given any reasoning as to why a receptionist working at a hospital would not consider "I'm banned from using smartphones by court order" reasonable, or why said receptionist would need to consider it common for it to be valid? Hospital receptionists deal with all kinds of edge cases all the time.

"I'm banned from using smartphones because I'm a hazard to national security" is not reasonable. it's crazy. like, who the hell asked? are you saying that if you manage to get your hands on an iPhone the state would be in danger? are you bragging? trying to impress me? i've never heard anyone say this before, it doesn't make sense. are you court ordered to say this? why wouldn't you say that you just don't have one?

that's a more likely thought process than "oh yes, just another mean, lean walking threat to the security of the state. i hear this all the time when asking someone if they want a text message confirmation of their appointment" as the short, wimpy looking man wearing khaki trousers you're serving continues to grin at you disconcertingly.

  > are you bragging? trying to impress me?

I noticed that in your simulated internal monologue you didn't actually mention not believing that it was true at any point. It's certainly far more plausible than your "i don't have a phone because aliens took it".

I also noticed that you still haven't given any rationale as to why said receptionist would need to consider it common for it to be valid. Maybe you forgot.

I think that in reality, your internal monologue is incorrect. I think your average hospital receptionist would effectively stop listening/caring after "I don't have a smartphone", and just get on with her work without thinking about it much at all, because she's too busy to bother with it and doesn't actually care very much at all why you don't have a smartphone. Hospital receptionists are busy people and they deal with all kinds of crazy shit.

It’s ok to think that the average reaction to someone pronouncing that they are a ‘hazard to national security’ in otherwise normal interactions wouldn’t be ‘well that person is crazy’. You don’t need to take it so personally.

I just hope you don’t go around saying awkward outlandish grandiose lies to strangers thinking their reaction is anything other than “well you’re crazy”.

Not sure why you made up a scenario involving a hospital receptionist, or why you chose to echo my point that they deal with all kinds of crazy shit.

I challenged your assertion that it was an 'outlandish and obvious lie' for one to state that they don't have a smartphone due to a court determining they're a threat to national security, and that 'He might as well say "i don't have a phone because aliens took it"'.

You chose to repeatedly fail, despite being prompted, to address even a single point I raised to counter your claims, instead shifting goalposts and making up invalid scenarios to try to prove some kind of point unrelated to your initial premise. It seems like you're the one taking things weirdly personally.

> Not sure why you made up a scenario involving a hospital receptionist

from: "When I run into this (most recently at a hospital)"

> I challenged your assertion that it was an 'outlandish and obvious lie' for one to state that they don't have a smartphone due to a court determining they're a threat to national security

and we're back to "Is your point that because you can name one person who was banned from using a computer before the invention of the smart phone, a receptionist working at a hospital would therefore consider that a reasonable and common reason for someone to not possess a smart phone?"

i guess your long winded answer to that is "yes", and i guess we'll just leave this discussion at that because i don't believe there is much to add to that.

in the future, you could have just replied "yes" to that comment and saved us all some time. instead you derailed the discussion because you couldn't identify the outlandish part in the sentence "i'm banned from using a phone by court order because i'm a threat to national security", then continued to focus on what a specific receptionist might think rather than see that it's obviously a stand-in for someone else you're interacting with.

to summarise for you in clear language, because i think you perhaps you need to hear this:

- telling someone else that you are a threat to national security when you are, in fact, not a threat to national security is a strange, outlandish lie

- it is very obvious to people if you tell them strange, outlandish lies during a conversation

- the general reaction to you doing something abnormal like that during a otherwise normal situation is for the other person to consider you abnormal

- the colloquial, catch-all term for this is "crazy"

  > and we're back to "Is your point that because you can name one person who was banned from using a computer before the invention of the smart phone, a receptionist working at a hospital would therefore consider that a reasonable and common reason for someone to not possess a smart phone?"

It's always good to ensure you read what you're replying to, just so everyone is on the same page.

In the future, you could have just replied "ok so my comment was hyperbolic" to my initial post and saved us all some time. Instead you derailed the discussion by trying to shift goalposts and change the subject to something you thought you could "win", for some reason.

There's other things in your long-winded posts which I could respond to, but given that you've repeatedly failed to respond at all to points I've made, for example where I asked why you seem to think there's no middle ground between "common" and "outlandish lie", but why would I bother? It's not like you'd respond to any points showing how your logic is flawed. So I guess we'll just leave this discussion at that because i don't believe there is much to add to that.

To summarise this for you in clear language, since I think you perhaps need to hear this:

* There are multiple already-cited precedents for exactly the type of thing you're calling an "outlandish and obvious lie". If you'd like more examples, I'd suggest a search engine, where you'll find lots of them.

* It's possible for things to be uncommon edge-cases without being "outlandish" or "obvious lies"

* Hospital receptionists deal with these uncommon edge cases all the time, and are trained to do so. They also regularly deal with crazy people too, and are vanishingly unlikely to even bat an eye at the claim you're calling out. It's unlikely to be the craziest thing they've heard today. And it might even be true.

* There's no compelling, widely-accepted evidence of extraterrestrial visitations to earth, or of their interest in smartphones. Which makes the claim "i don't have a phone because aliens took it" orders of magnitude less likely to be true than the claim that one doesn't have a phone because a court decided that they are a threat to national security - something that, while uncommon, has definitely happened.

* Simply assuming that something is a lie because you haven't personally heard of it before is an excellent way to be incorrect.

* It's actually not a personal attack when someone points out that your logic is flawed and that you're lacking relevant information. And so you probably shouldn't take such things personally and get all upset because your obvious, incorrect hyperbole was called out for what it was.

Do the Dodgers have the right to exclude non-smartphone owners from participating in commerce with them? I suppose they have the legal right to, but we have a visceral reaction to it because it is morally questionable, and even smartphone owners can easily come up with examples where they'd be harmed by similar discrimination: The Dodgers also have the right to exclude non-smokers. They could say tomorrow that you can only buy a season ticket if you're a smoker, and I think that would be considered equally unacceptable to most of us.

It’s vague enough about what a disability is, that something like “my hand tremor and farsightedness preclude using a touchscreen, I request a reasonable accommodation” is a valid request. If they deny admission and accommodation to somebody incapable of using a smartphone, there is a whole army of lawyers that will gladly take the case on contingency.

As you note, the app is not inherent to seeing a game, or preventing resale. There’s no reason an id and confirmation number can’t be used to get him in.

Such abuse is an insult to everyone who needs it, everyone who engages with it in good faith, everyone who spends gobs of money to make events and services accessible to those with genuine need.

I don’t rule the world but if I did abusers of protective rules would be summarily executed. (Don’t vote for me. I’ve got a short but significant list of similar policies. Scammers those guys would have targets on their heads, kidnap for ransom criminals those guys too)

I’m actually not convinced that ADA “abuse” is a problem. I once had to do an urgent web redesign nbecause someone who was “abusing” the system with dozens of lawsuits. It’s actually dead easy to get out of an ADA lawsuit: you just provide a reasonable accommodation. In our case it forced the corporate decision makers to prioritize making the site accessible. We provided a temporary disability assistance hotline, and got the site compliant. The lawsuit was dropped, now EVERY disabled person is better served because one “abusive” litigant was trolling for settlements. It doesn’t really matter if the plaintiff actually had a disability that made it impossible to use the site, at the end of the day, it forced a change that needed to happen.

If this gentleman used the ADA inappropriately to get paper tickets, it would set up a process and precedent for other people who have disabilities that preclude smartphone use regardless of his own condition. Sounds like a win to me…

For sure. If that was true the answer would be "charge the non-app users a nominal fee to cover the cost".

Invasive tracking is the point, not the cost. It's anti-consumer.

>Invasive tracking is the point, not the cost. It's anti-consumer.

The last (and likely the last) time I went to an MLB game (not the Dodgers), perhaps six years ago or so, I was required to install a smartphone app when I purchased my tickets, keep that app on my smartphone for before and during the actual game. In the several months after buying a ticket and seeing the game, I received no less that 100 spam email messages (I was required to provide an email address as well) from the team's "partners."

What's more, not only was there no option for a paper ticket, if I left my seat during the game to get food/drink, I was required to have my smartphone and present my "ticket" via their app to security personnel when I returned to my seat. Every time.

As I said, even though I was (and am) a life-long fan, I will never go back to the stadium to see a game. It was far too invasive and inconvenient.

Edit: I'd add that I couldn't even block emails (which I routinely do at the server for other emails) from those "partners" because there were emails that were required to obtain my tickets. That isn't me not wanting to "learn" something, that's me not wanting to receive multiple spam emails every day from the same source.

The only downsides are that sometimes it doesn't work if their shitty form verification insists that the plus character isn't valid in an email address. In those cases I tend to set up an actual mail alias (yourcompany@mydomain.com), but that's an annoying extra step - pluis aliasing is simple, requires no configuration, and works everywhere. But this is pretty rare. And if you're using it to sign in to things, you'll want a password manager so that you can remember what plus alias you used for each site.

Don't misunderstand me - I'm not defending the behaviour you're posting about - it's reprehensible and I wouldn't have bought tickets at all under such a system. What I'm offering is a way to make it more manageable for people who don't want to go without things that you can only buy under these user-hostile models.

I don't use "plus aliases." I don't need to. I've owned my own domains for just about 30 years, so I just use <whoeveritis>@mydomain.com and then block any emails that start spamming or are just annoying.

Protip: Host your own emails so those greedy scumbags can't cut you off whenever they please, leaving you unable to access all the crap you authenticate through your "plus aliases"

Edit: N.B., I appreciate that you brought that up. Some folks may find that useful even if I don't. That said, I still say folks should host their own email if they have the resources (minimal) and inclination (less so).

Regular aliases are fine, but they're more difficult to set up. And don't work everywhere.

I do host my own email. But not everybody has the knowledge/inclination to do so. Which is fine if that's their choice. Plus aliases work for those people too.

That's not what I said at all[2]. In fact, I said[0]:

   I was required to install a smartphone app when I purchased my tickets, keep 
   that app on my smartphone for before and during the actual game. In the 
   several months after buying a ticket and seeing the game, I received no less 
   that 100 spam email messages (I was required to provide an email address as 
   well) from the team's "partners."

   IIRC, agreeing to receive marketing emails was one of the terms of installing 
   the app which was required to use the tickets.

[1] https://news.ycombinator.com/item?id=47678895

[2] And yes, I know you're being a trollish jackass, but I have a little time to kill this morning, so lucky you. That's all the feeding you're gonna get. Now back under your bridge!

  > I also said[1]: IIRC, agreeing to receive marketing emails was one of the terms of installing the app which was required to use the tickets.

Oh noes! They might cancel your subscription to their shitty app that you have explicitly stated you don't want! Maybe they'll call the police! I mean, you have your tickets and have been to the game already and have said that you don't plan on going to another one, and there's no way they could detect that you'd blocked their mail, so the net effect on you for violating their T&C is vanishingly unlikely to ever be anything other than zero, but sure, whatever, keep receiving that ridiculous volume of spam because you theoretically agreed to it, I guess?

IIRC, agreeing to receive marketing emails was one of the terms of installing the app which was required to use the tickets.

No matter. I just corralled that spam in a folder and ignored them (which is how I knew how many -- >100 -- I received) for the couple of months I had the app installed.

Once I attended the game, I uninstalled the app and told my mail server to reject any emails (with a permanent/"User Unknown" rejection error) to that email address and deleted the folder.

I probably should have filed suit against MLB for coercive licensing of their app. Which would likely be finishing up around now, seven or so years and tens (if not hundreds) of thousands of dollars in lawyer fees later, so the court can tell me that I have no legal recourse.

But I didn't. Mostly, I'm sure, because I don't have your keen legal mind. Why don't you try that and let me know how it works out for you. The actuarials say I should live another fifteen or twenty years, so I can wait. Do tell.

Unsubscribing from marketing e-mails does actually work. It's vastly simpler than trying to filter, reject, etc. And this way you still get the actual important emails. Like when an event gets cancelled, or other important information.

You don't need to get all snarky. Just consider this a learning opportunity.

Then why is 'I don't wanna' sufficient justification to force non-critical services to support your preferences forever?

- people should have more rights and protections than corporations

- people should be able to have a normal, full life in society without being constantly surveilled and manipulated

- people should be given reasonable accommodations to live in said society

No policy or law shall be enacted that directly or indirectly requires a use of a computing device where any other alternative at all is possible. Where offering other alternatives presents a cost, that cost (and only that cost, with no markup) may be passed on to the consumer.

I could see someone arguing you need a specially trained staff member or supervisor to verify your ID for anti-scalping, which they don't need to do for other e-tickets. Say only one person uses this option all season, they could be asked to pay for an entire employee's salary/benefits.

It's a bit hyperbolic, but supporting non-standard workflows is organizationally expensive with many non-quantifable costs.

They can argue that all they like, but they'll stop pretty quickly when I ask why they can't just print out the same barcode as the smartphone user would use, and have the same person scan that using the same equipment so that they can enjoy the same anti-scalping protections (i.e if that barcode has already been scanned, you don't let them in).

And there is precedent on the pricing. For example, FAA is not allowed to charge any more for any service than it costs to deliver said service, which is why if i lose my pilot's license, a replacement is $3.

One cause for the cost-recovery rule was the case Asiana Airlines v. FAA: The court ruled that the FAA’s enabling statute required fees to be "directly related" to the agency's actual costs. They held that the FAA couldn't look at the value of the service to the airline; they could only look at the receipts for what it cost the FAA to "flip the switches and manage the radar".

Ok, so assuming he doesn’t want to spend $500+ for a mobile phone, he’s looking at an Android. Then, when he logs into a Google account, Google hoovers up his location, his associated credit card (if he has one, what if he does not and does not want one?), and countless other personal metadata at the very least that will likely never go away. Even if he does suddenly go from no smartphone to being a savvy personal steward of his digital privacy, you can bet that Google is scrambling to capture as much as possible, at all times, about its users’ personal lives and data.

  - If he doesn’t want a Google account, /just/ create a new one
  - If he doesn’t have a credit card, /just/ use a family member’s
  - If he has Parkinson’s and can’t use touch input, /just/ have a friend do it
  - etc.

Also will you need a $xx/month cell phone subscription plan? With a credit check and everything?

I have a friend who is legally blind. He has the font size turned up several notches on his phone so he can just about see it with a huge magnifier on his remaining eye. A majority of the apps on his phone are absolutely not designed for increased font size and are a nightmare to navigate.

In my country right now there's a lot of hand-wringing about the impact of social media and smartphones on teenagers' mental health and education. We've got schools banning phones, and the government wanting to introduce age checks for social media. Infinite doomscrolling in your pocket, endless brainrot short-form videos, it's not healthy and we need to get smartphones out of the hands of the young.

So there are good reasons people might choose not to get a smartphone.

Then exactly the same government also proposed people wouldn't be allowed to work without a 'Digital ID Card' - making smartphones (and google/apple accounts) mandatory.

The fact that the website is doing this is a bigger problem than the browser not preventing it. If someone breaks into a house, it's the burglar who is prosecuted, not the company that made the door.

If you scanned LinkedIn's private network, you'd be criminally charged. Why are they allowed to scan yours with impunity? And why is this being normalized?

The best solution is a layered defense: laws that prohibit this behavior by the website and browsers that protect you against bad actors who ignore the law.

First, I think it’s a major issue that Chrome is allowing websites to check for installed extensions.

With that said, scanning LinkedIn’s private network is not analogous to what is going on here. As problematic as it is, they’re getting information isolated to the browser itself and are not crossing the boundary to the rest of the OS much less the rest of the internal network.

Problematic for privacy? Yes. Should be locked down? Yes. But also surprisingly similar to other APIs that provide information like screen resolution, installed fonts, etc. Calling those APIs is not illegal. I’m curious to know what the technical legal ramifications are of calling these extension APIs.

Sure, you can poke around in the settings and find one that you believe opts you out, but in lieu of clear and explicit instructions from GitHub, you'll have no way to find out. Only the possibility of finding out later that you guessed wrong.

developers don't control what platforms an enterprise would use. Vendors don't dictate the platform either - vendors sell to a customer, and so it makes sense that the customer dictates the platform.

when migration to different platform happens, it's because there's something disruptive that enterprises need to move to, or a new class of enterprise without existing/legacy baggage sees competitive advantage in moving. This happened to IBM when their mainframes no longer offered competitive advantage over the newly minted PC platforms.

If/when windows become lackluster in terms of a required feature, or did not keep up with a needed feature that an alternative platform provides, then the switch will happen fast. What that feature might be i dont know - if i knew, i'd be making it.

They might not control it directly, but they absolutely influence it. Linux was on the losing end of this for many years, as common end-user enterprise software was native and only available for Windows (or in the case of Microsoft Office, nominally available for Mac OS but with fewer features and lots more bugs). That was Microsoft's moat and it started leaking when web applications became ubiquitous. That leak later accelerated when those web applications had to work on mobile operating systems (namely iOS and Android) that Microsoft did not own and could not control.

> Vendors don't dictate the platform either - vendors sell to a customer, > and so it makes sense that the customer dictates the platform.

There are plenty of counterexamples here. I used to have two legacy SGI machines in my cubicle at work precisely because a vendor dictated the platform to that Very Big Enterprise company many years earlier.

Similarly, many people buy Macs solely to run Logic Pro or Final Cut Pro, because the vendor (Apple) dictated the platform by discontinuing the Windows versions. Apple doesn't have the market share Microsoft has, but unlike Microsoft, they can maintain strong control because of their breadth (OS and hardware for desktop, tablet, and phone, plus high-end creative software) and because a lot of their customers are all-in on Apple's ecosystem.

there is very little difference except one is manual input and one is automated input. so, i am not quite sure i am understanding your objection to one and not the other. either your are ok with your information being recorded, or you arent -- the "how it is entered into the recording system" part seems immaterial to me.

I don't trust them to store it securely nor to avoid the temptation to use that information for other purposes. The only countermeasure is to prevent them from having that information in the first place.

i dont trust them to store it securely either. my objection is to being okay with your information being placed into a database when that information is manually input, but not okay with it being scanned in. if you arent okay with one method, i dont understand why you would be okay with the other.

we are in agreement that the fact that some random company has to store my information at all is sucky.

Furthermore, the driver's license number is a primary key that could used to join records created by the scan with records in other datasets, potentially giving the company much more information about the customer than they ever realized or agreed to provide.

I don't want my identity stolen after I bought some cough syrupe because some dirt-bag third party ID management company that was contracted by a pharmacy didn't do their job.

they arent scanning as in photocopying. they are scanning the barcode to get the name/address information

the 3rd party (pharmacy, in this case) gets and keeps the information in both scenarios.

>dirt-bag third party ID management company

this isnt online age-verification stuff. the pharmacy itself is typically the one storing the information, and querying it against a government database.

And even this assumes that the government can and will protect the data from the various bad actors who want it, something they have absolutely failed to do on multiple occasions.