Ticketing & presale drops

Farming is a business.
Defenses have to change the economics.

Presale and ticket farming is not a hacking stunt. It is industrialized account creation so one operator captures a disproportionate share of scarce inventory and resells it. Defenses win when they raise the operator's cost per captured unit above the resale margin.

Most platforms defend stages 2 and 3: devices, bots, queues. lemma.id attacks stage 1: identity supply. That is the stage everything else is built on.

Add to your drop See the kill chain

The kill chain

Five stages. One cheap input.

A competent farming operation runs like a supply chain. Each stage has a cost. The defenses that work are the ones that move the bottleneck to the most expensive stage.

Stage Operator goal Common tradecraft
1 Identity supply Bulk email, SIM/eSIM farms, aged accounts, rented and synthetic identities
2 Presence / access Residential proxy pools, anti-detect browsers, device fingerprint spoofing
3 Automation Checkout bots, queue bypass, CAPTCHA-solving services
4 Verification defeat Verification-as-a-service, ID rental, deepfake attacks on liveness
5 Monetization Code resale, secondary-market tickets, transfer to buyers

Why defenses leak

They make one operator look like many cheap things

None of them force the operator to look like many expensive, unique humans. Farming lives in that gap.

Defense What it targets Why it leaks
Email / phone verification Stage 1 SIM farms and disposable-email services make identities near-free
CAPTCHA Stage 3 Human solving farms defeat it for fractions of a cent
Device fingerprinting Stage 2 Anti-detect browsers and residential proxies fragment one operator into thousands of "devices"
Waiting rooms / queues Stage 3 Slow the flood; do not reduce the number of distinct identities behind it
"Verified fan" code gating Stage 1 (weakly) Enrollment is cheap; a farmer registers many fans, harvests many codes, resells the codes

What lemma.id changes

Attack identity supply directly

Below is an honest map of what ships today. Residual limits are stated on purpose.

One document, one PPID

10,000 emails, SIMs, proxies, and browser profiles that trace to one government document collapse to one site-private PPID. To capture N allocations under a per-person cap, the operator needs N distinct identities that each pass full IDV, not N devices.

Per-human purchase caps

The stable PPID makes "one human = N tickets" enforceable. Your site keys a (site_id, ppid, drop_id) ledger off the verified PPID. lemma.id provides the trustworthy one-human handle; you run the counter.

Purchase-time proof stamps

Bind checkout to a verified PPID with a single-use nonce and offline-verifiable stamp. You get a tamper-evident record that this specific verified human performed this purchase, without a per-request call home.

Site-block and site-doubt

Block a PPID persistently, or challenge a suspect PPID with fresh IDV without banning. A farmer cannot shed the consequence by rotating devices or accounts.

Pairwise privacy

Each site gets its own PPID per user. Operators cannot correlate or launder identities across properties, and your servers never hold ID documents or biometrics.

Free local verification

Every return visit and every purchase-time check runs on your servers in about a millisecond. No per-check meter, no rate limit, no vendor callback on the hot path.

Worked example

A drop allows two tickets per person. A farmer registers 500 accounts with 500 emails and 500 proxy IPs. With isHuman required at signup, all 500 accounts that trace to the same verified document resolve to the same PPID. Your cap ledger sees one human, not 500. The operator's cheapest input (accounts and devices) has been converted into their most expensive input (verified humans).

Honest limits

What this does not solve by itself

Multi-document farming. lemma.id enforces one document that passes IDV equals one person. A well-capitalized operator can supply multiple genuine identities: rented IDs, purchased identity packages, or synthetic identities engineered to pass liveness. At that point the defense rests on the IDV provider's document authenticity and injection resistance, not lemma.id's layer alone. Event tickets ($100–$1,000/unit) sit in the band where this countermeasure is strongest.

Post-purchase transfer. A per-person purchase cap limits how much one verified human can buy. It does not stop them from reselling a freely transferable ticket to a real attendee. Closing that requires binding the ticket to the identity through to entry. That is a separate product decision with real privacy trade-offs.

Credential transfer. Today's model proves a human enrolled, not that the enrolled human is the one acting at a later moment. A verified human can hand their wallet to a buyer. Entry re-verification and device-binding improvements are on the roadmap; they are not shipping claims.

For IDV providers

lemma.id does not replace your verification rail. It multiplies its value by turning a one-shot check into a reusable, privacy-preserving, per-site, abuse-responsive one-human credential. The layer and the rail are complementary.

Talk to us about issuance

Make the next drop cost more than it's worth

Require isHuman at signup or checkout. Bind purchases to verified humans. Enforce per-person caps on a PPID you can actually trust.

View integration docs See the demo