Implementing Secure ‘Privacy First’ Personalised Music Festival Apps.

Most large-scale music festivals offer a dedicated app for their events that festival-goers can download onto their mobile devices. The app contains all the essential information users will need about a festival and enables organisers to push personalised content to every user. How can festival apps still provide personalisation but remain secure with high levels of privacy.

Festival-goers are increasingly aware and cautious about high levels of personalisation with fears over invasive digital tracking of app users' behaviour. It can be challenging for festival organises to build an app that provides high levels or personalised content but also reassures them that their data and behaviour will remain secure and private. The new technical requirement for building any festival app is that it embraces the ‘privacy first’ principle. This new approach requires the user's device to do personalisation tasks, not the festival servers. How can organisers ensure that their new app gives personalised content in a secure, ‘privacy first’ environment.

The Dedicated Festival App.
The festival app has evolved over the years from a simple digital event brochure to a sophisticated interactive tool that is essential for festival-goers to find their way round a festival site and get updates on performances, for example. The modern app provides huge volumes of content and relies on a connection to Wi-Fi networks for regular updates. Newer features can include push notifications about emergencies and artist updates based on a device's GPS location. An app also provides additional revenue streams for organisers with sponsored content frequently appearing throughout the app.

Personalisation.
The latest festival apps provide a high level of personalisation for users which allow them to link their payments from wristbands so they can track their spending and check balances. They can also select the artists they want to see and build personalised itineraries with artist updates on stages and schedules along with reminders. Organisers can also push content based on a device GPS location which may be related to food and beverage vendors nearby. Many users find this level of ultra personalisation useful but also raise concerns about how they are being monitored and what information is being held and whether it is being shared with third parties.

Why Privacy Matters.
Festival-goers are increasingly concerned about the feeling of surveillance when using a festival app because the back-end data manipulation is invisible. This lack of transparency is building potential trust issues for users of apps. By providing a clear indication to users of exactly what data an app is remembering and how this is being used can increase transparency. An additional feature becoming popular is providing the ability for app users to regularly wipe all locally stored data about them and their behaviour. Users are increasingly sceptical about GPS, so organisers should not insist on asking for devices to have their GPS enabled. These measures may alleviate the fear many users may have about their privacy when using a festival app.

The ‘Privacy First’ App Architecture.
Organisers embarking on building a new app should be adopting a ‘privacy first’ approach to the app architecture. This means putting personalisation features locally on an app rather than running algorithms on its own servers. Building a lightweight ‘on-device-AI' model can enable the app to access a users' music library and schedule performance itineraries accordingly. When festival-goers want to make their schedule available on multiple devices, they should have the ability to use end-to-end encryption (E2EE) where organisers do not hold decryption keys, for example. Organisers can use ‘zero-knowledge aggregation‘ to optimise artist flow on stages by using federated learning where the apps send a summary of interest without identifying any specific user's IDs for example.

Keeping Festival Apps Secure.
In line with keeping data on festival apps private and secure, designers of apps should be utilising the latest security protocols. Apps with a login can be open to phishing, so this needs to be replaced by passkeys (FIDO2) like biometric-backed unphishable hardware-bound keys. Many festivals require age verification, either for event entry or for the purchase of alcohol. Rather than relying on an uploaded image of a driving licence organisers should enable ‘zero-knowledge proof’ like a government backed digital wallet that confirms they are over 21 without sharing DOB data for example. Apps should consider moving away from QR Codes linked to email addresses and consider using tokenised NFT tickets which are stored in a secure element on a user device where the festival app only sees a ‘valid’ status.

For festival organisers planning their next event using a software management platform like Festival Pro gives them all the functionality they need manage every aspect of their event logistics. The guys who are responsible for this software have been in the front line of event management for many years and the features are built from that experience and are performance artists themselves. The Festival Pro platform is easy to use and has comprehensive features with specific modules for managing artists, contractors, venues/stages, vendors, volunteers, sponsors, guestlists, ticketing, site planning, cashless payments and contactless ordering.

Image by geralt via Pixabay

<< Back to articles