Now, one can absolutely argue about whether this form of rate limiting is the right approach, but to circumvent something that is clearly prohibited & charge money to do that is illegal.
This does not mean that I think the current system is perfect OR that there aren't other players who also have backdoors into the process; just that the action is not as egregious as 'BUREAUCRATS STIFILING INNOVATION'. There is more nuance needed here [1].
"According to the sources, the apps enabled users to book Tatkal tickets bypassing security checks on the IRCTC portal. His mobile applications were unauthorized and had features to bypasses Completely Automated Public Turing Test (CAPTCHA), a security measure that users must fill in while logging in to IRCTC. As per reports the apps also bypassed other security measures installed by the IRCTC." ... "However, railway officials clarified Yuvrajaa bypassed the railway system and made money illegally which is a crime. He wasn’t event an authorized agent registered with IRCTC to book tickets. RPF has registered a case under section 143 (2) of the Railways Act (penalty for unauthorised carrying on of the business of procuring and supplying of railway tickets).
Developing an unauthorised software bypassing e-ticketing system is an offence. Such applications defeated the purpose of having a first-come-first-serve system and benefit only a few who use the software."
This govt., like most Indian govts, has a stupidly archaic & top-down / low-trust / risk-averse / bean-counter approach to innovation and transparency (case in point, the Covid tracking app Arogya Setu's sordid development & transparency issues), but this specific incident isn't the right stick, IMO. :)
[1] https://www.the420.in/conman-or-genius-arrest-of-iit-kharagp...
Fair access is not provided by the official website. When one clicks "Book" and then suddenly get an Internal Server Error in network logs (while UI shows in-progress icon) or gets logged out - where is Fair Access? If Railways gave 10 Rs for each such failure, they will go bankrupt within 2 hours. First-come-first-serve does not mean fair access when they can't fix their technical problems.
And this guy charged money only after the cost of the servers was high. To give a context the alleged amount between 2016 and 2020 he earned in 4 years is in the range of 27k-30kUSD. That is as per Railways. It is likely to be inflated. Pretty sure he was running into losses.
However I doubt he is totally innocent. Most developers would know this app would be illegal. Or may be he is just too naive - hard to say that since he is an IITian. The railways will probably find out each ticket booked, heavily penalize each such booking, add huge interest to that till date and make the total amount sound like a huge scam. Adventures with Indian bureaucracy will cost him big unless he manages to heavily PR himself as a victim.
https://theprint.in/opinion/india-wants-innovation-but-arres...
Indian railways website is very slow and pathetic (so bad that there are lengthy discussion on HN about it. search for IRCTC).
Given the shortage of tickets thousands of people try to book tickets at 7am when the window to book a certain class of tickets call `Tatkal` opens. Thousands of people are trying to book the exact same tickets from say 7am and by 7:10 am all tickets get sold out.
Now, if you could prefill all the forms and just press submit you might be able to buy the tickets before others. Railways website specifically tries to not allow any kind of pre-filling. The app merely bypasses that restriction. (I have written scripts in past to do just that when I lived there).
Railways is a classic colonial government system and operates pretty much as if India is still a British colony. They have their own police force called RPF which arrested the boy under Railways act 1989 for “unauthorised business of procuring and supplying railway tickets” which the boy did not do at all. Not to mention, the railways form has a captcha so it was not even a programmatic submission. There are railways mafias in India who buy tickets by bribing railways staff and I suspect these people are responsible for getting this boy jailed as his solution helped more genuine passengers to book their tickets by undercutting the "agents".
It remains to be seen how the courts apply the standard here but it will probably take around 10-15 years for the courts to come to a verdict.
Personal Rant: When I was in India, I had the misfortune of relying on Indian railways to travel home from college. I was so pissed that I was determined to get out of India so I have to never deal with Indian railways. I had tried all possible ways to hack the booking system and had my own chrome extensions to fill up the forms.
I do appreciate that the developer was solving a genuine need, so kudos to him. But anyone from India could've seen the government's reaction coming a mile away.
My favourite part was the "maintenance" window the website would go through every night. Which was never really indicated on the website other than vague messages/errors - but everybody knew that's what it was.
The front end definitely can be much much better; but the issue is very simply there are not enough tickets to match the demand.
"From 29 tickets booked in a day in 2002, it has reached to 13 Lakh tickets a day as of now. It is reported that the IRCTC system is currently capable of booking 15K tickets a minute online and can handle 3 Lakh concurrent users to handle any surge in demand." [1] (13 lakhs is 1.3 million)
"Of the 15 million passengers who climb aboard one of 8,520 trains each day, about 550,000 have reserved accommodations. Their journeys can start in any part of India and end in any other part, with travel times as long as 48 hours and distances up to several thousand kilometres. The challenge is to provide a reservation system that can support such a huge number-regardless of whether it’s measured by kilometres, passenger numbers, routing complexity, or simply the sheer scale of country. " [2]
If anyone has better references on the frankly astounding technical accomplishment that the CRIS Passenger Reservation system, please share.
"Passenger Reservation System (PRS): A nationwide online passenger reservation and ticketing system, developed and maintained by CRIS, was developed in C and Fortran on a Digital OpenVMS operating system using RTR (Reliable Transaction Router) as middleware. Also known as CONCERT (Country-wide Network of Computerised Enhanced Reservation and Ticketing), it interconnects the four regional computing systems (in New Delhi, Mumbai, Kolkata and Chennai) into a national PRS grid. It allows a passenger anywhere to book train tickets from any station to any station. PRS handles reservations, changes, cancellations and refunds, reserving over 1.6 million seats and berths daily. Complex rules, validations and fare-computation techniques are interwoven in the application" [3]
[1] https://inc42.com/features/how-online-train-booking-ticket-p...
[2] http://www.egyankosh.ac.in/bitstream/123456789/25869/1/Unit-...
[3] https://en.wikipedia.org/wiki/Centre_for_Railway_Information...
It was a lame app that prefilled the form in Railway app and charged money for this feature. This must have triggered some TnC breach. Similar things exist as browser plugin/scripts, but they are free and stay under the radar.
coming on to the guy here, >Developing an unauthorised software bypassing e-ticketing system is an offence. Such applications defeated the purpose of having a first-come-first-serve system and benefit only a few who use the software
so why not have this functionality in the first party website in the first place?
>However, railway officials clarified Yuvrajaa bypassed the railway system and made money illegally which is a crime. He wasn’t event an authorized agent registered with IRCTC to book tickets.
did this guy take a users money, buy a ticket on his behalaf and get a commission from the railways? no. from the customer? no. all he did was make a fucking autohotkey for their website. he charged 20 rupees, thats USD $ 0.30 for hosting the service, paying for the upkeep. any of his non customers who were disadvantaged because of his service, well no shit. go and ask the government to fix their website and bring it in parity with this guy
look. this guy automated typing, refreshing, probably even bypassing captchas. on that note, why should this be "illegal" to do automation? just because they say in Tnc's? grow a pair. why should the government rate limit customers by shoving captchas?
i had the misfortune of buying a couple of tickets back in june 20 or july was it for some relatives. that was the most agonizing time of my life. random refreshes, logouts, not being able to do multiple logins, having an actual monthly limit on the number of tickets you can buy in a month, the payment failed 4 times. i had to borrow money twice because the payment was deducted but credit not given. refund was sanctioned after 15 days AFTER a deduction of Rs. 2500 i think USD $ 40.
if i had used this guys service, i would have been glad to pay him 10 times over because the service which should have been promised by the first party itself IRCTC was in 1990's.
>regulations.
such a bs word in india. why doesnt the railway make their website like a 2020 website which does automation, remembers your shit, allows instant payment and refund, this and that
This functionality being to work-around the intended first-come, first-serve allocation of these last minute tickets?
It sounds like the overall system isn’t in a healthy, modern state, but I don’t think the essential feature this guy’s tool provided is desired by the original website.
can you buy an airline ticket at the airport 2 minutes before boarding? yes. does the system accurately track unbooked seats with 100% accuracy? yes. can you "automate" airline ticket booking with an almost 1 click operation? yes. can the millions of airline websites and agents manage simultaneous ticket booking of a single seat so that at no time are two people charged for the same ticket? yes. can they reschedule, do web check in, assign seats, book meals, cancel tickets? yes. can they offer error free painless booking experience without plastering user with stupid captchas or otps? yes.
if yatra.com can do it, irtctc not doing it because they follow some arcane regulations about "security" and not doing things intuitively is why they are shit and the onus is on irctc to provide feature parity with airlines experience. dont blame someone on helping
do you understand having a waitlist in 2020 means you are doing something seriously wrong in your workflow
In any case, he clearly wasn't collecting ticket payments on behalf of the train company, so I don't see how they could accuse him of acting as an unauthorised agent
This is because there is a black market for railway tickets, where agents charge a high free for booking tickets online for many illetrate buyers, especially in rural areas.
Don't know how likely that is given the current US stance on immigration, but he clearly has the initiative, even if his app is not welcome.
