Jump to content

Dubz

Members
  • Posts

    17
  • Joined

  • Last visited

Posts posted by Dubz

  1. On 10/28/2019 at 10:51 PM, Stif said:

    In the past xat used to have Authenticator and Account Locking. Now you can lock your account to your country, ISP or IP address. However, if you have a Gmail e-mail linked to your account, you can use Google Authenticator on it. Since you have to access it to login or to confirm a new access from mobile, it's pretty good.

    Region locking, although helpful, is not as reliable as 2FA. Someone in your area, or with your ISP, could still breach past this, and most users probably do not have a static IP address (it generally costs more for this feature). Some ISPs give you one without choice, but that's a small handful.

    As for Google Authenticator, unless you're talking about a TOTP code generator app, I'm not sure about that as I do not have mine linked to a gmail. If it's something with the "is this you trying to login" popup on your phone, then that works. If it's the TOTP generator, that's not what I mean, unfortunately.

  2. Hello,

     

    I would like to see some additional 2FA methods deployed on xat, if possible.

    • Security keys - Users would need to purchase/manage themselves, but easy to use. They can be shared across accounts easily, used on xat, xat forums, and even used on other sites/services, such as Google accounts. Multiple keys can be added to the same account. So in case you lose one, you should have a backup somewhere else. See: Yubico for an example (currently $20-$70 USD each).
    • Duo Security - This is charged on a "per user" fee, however you are able to create up to 10 users (for a small business) for free. It's not a simple solution to set up, but it can be done for free on everyone's end. Would require a lot more on xat's end, however (api key management internally, multiple API calls for initialization and validation, etc). It's a bit much to set up, but it's a lot easier to have a push notification to respond to rather than generating 2FA codes in apps, that may get lost. Sure, Duo is more on the user's end to manage, so possibly not a good solution, but it's an option. This is mostly just to add more "flexible" ideas to the list. I'm sure others have used or may find better alternatives to this.

     

    I'm sure there are others out there that can be used, some possibly even free or a very low cost to deploy/use. I personally feel security keys are a lot easier, safer, and secure to own and manage over 2FA codes. They're also not hard to implement from a dev's end, and support mobile devices as well as HTML5. They may cost some money to purchase, but I would rather pay a small cost for the device than deal with the hassle of 2FA or no security at all.

     

    I currently back up all my 2FA secrets in case I were to ever lose access to my phone or the apps that generate them. Rather than keeping backup codes and wondering if they're still active or used. It's not ideal at all, but that's the option I have with it.

     

    What does everyone else currently use? Any suggestions? Preferably something low cost for all parties involved (if any), and easy for users to setup/manage. Bonus points if it can be used outside of xat (like the security keys).

  3. 8 hours ago, ANGY said:

    Although the symbol in red I do not like it so much, maybe it should be another and in yellow color (swt)

    Yellow is more of an idle/away, whereas red is more of a "Do not disturb". Maybe away should've been the yellow one and this would be the red. Although you aren't telling someone to not disturb you by stating you're busy, it would be telling xat to not disturb you with sounds and whatnot.

  4. Users still hide in specific chats, they just don't use the promotion setup anymore. The price was cut in half from what it used to be, yet the number of chat that promote is not what it used to be. I remember a few years ago there would be 4-5 promoted chats every weekend night, and it was a competition for who could be the most popular. Now it's more of a crave for who has control over who. Bottom line, it seems users are just finding places to stay with others and don't care to visit the promoted chats as often. They're usually troll chats, inactive, too strict, too annoying, or the wrong language (because apparently their native language has too many promotions on it).

     

    I feel like people have lost reason to do anything apart from just talking to their friends and other users they associate with. Some see that it's fading in activity, so they migrate to other alternatives, such as Discord, kik, Snapchat, etc. and find it to be easier. 

     

    In all honesty, this really started to spike downhill after the data breach from zuhnny and user information getting leaked, as well as accounts getting taken. From a security perspective, it still needs work, and it's not easy to force people to be smart about it and care. Perhaps SSO integration would improve this perspective, so users can focus on securing their Google accounts rather than their xat accounts. It'd be a mix of how to achieve it, as some might not want to be forced into it, and others may want it just to be a second way to login rather than the only way.

     

     

    In the end, I feel the migration to HTML5 would definitely benefit everyone. Sure, it would take a lot of effort to accomplish, and it's only asking for more bots to arise (HTML botting would be easier than sockets in my opinion, and users could make themselves one), but it would be a step towards the demands of tech these days. We wouldn't have all the "flash is disabled" issues, and things would probably just work more smoothly. It may kill the use of mobile apps, but it would flow better in the long run on all platforms if it were done.

     

    In your opinion, would you sacrifice the flashy animations for an unknown period of time if xat migrated to HTML5? Flashy pawns and smileys don't make the chat, the users and messages do. I'd say keep flash active, but allow HTML5 to be an option while being developed. Users could keep their flashy animations if they desire, and the rest can join with the present and use HTML5 instead. Heck, even open development to others and let them work on it for the time being (assuming it's not a somewhat simple task now for developers).

    • Award 2
  5. Lets not forget as well that grey is taken for users you put on ignore, in addition to it looking rather bland. Perhaps yellow would be better, since it's not used by anything (apart from ruby). It's also one of xat's two main colors (yellow and blue), so I'm rather surprised it isn't used yet.

     

    As for the rocket, it's a neat idea but why do we need to make more animated effects? Aren't the *fx powers along with namewave and the others already slowing down flash enough when everyone in the chat is using them? Not everybody has a high end computer to use xat with all the animations.

  6. 2 minutes ago, Techy said:

    i like this idea but it needs to have a counter or else it ruins a group power.

    i would make it so theres a option in gcontrol to disable user powers that override group powers.

    That would just ruin this power then, and those chats with gsound would definitely abuse that as well.

     

    Perhaps allowing user's to disable it at specific chats would work, but otherwise it ultimately should be the client's decision, not the chat's. After all, there's other ways to block gsound in general. Disabling chat sounds (which I would rather not), redirecting the audio file requested back to the original, clients that some users are utilizing now, etc.

  7. Rename "Tab" to "PCs" and "Custom" to "Kisses" or something of the sort and it'd be good.

     

    An additional benefit would be being able to modify which PCs would send sound, such as friends vs everyone, or certain specific friends.

  8. Simple. It's what gcontrol does, but you set your own sounds and it overrides the group sound (even their gcontrol).

     

    Now we can finally put an end to the annoying gsounds some chats set it to. I don't need to hear a firetruck every time someone sends a message, or a machine gun firing when someone enters the chat. They get obnoxious and ruin chat experiences.

     

     

    For those who will complain that I can "just turn the sound off", no thank you. I do not want to turn it off, otherwise I wouldn't be complaining in the first place about the gsound power. If you want suggestions for new useful powers, there you go! If you don't like it, you do not have to buy it! ;)

  9. Seems actually useful. Perhaps it could work alongside (away) in some regard, whether it be a red clock (vs blue) or a blue DND sign. Regardless, I find it to be a good idea for everyone to have. It would make things easier than changing the status (who changes their status that often, come on now) and still get the point across quickly.

     

    One additional feature I'd enjoy is to toggle it on all chats you're in at once, or just the chat you're at. For instance, maybe I'd want to be busy in all chats except one, or only one specific chat.

  10. 6 minutes ago, Daniel said:

    If you take some time and think about some solid and kind of broad categories and move them into tabs, it will look a lot cleaner and avoid the concern of users getting lost. For example, splitting actual chat settings like blocking kisses, bumps and chat page settings such as CSS  (but obviously come up with better names).

     

    Some less broad categories, like Linkvalidator settings wouldn't, as far as I can see, cause any confusion.

    I've tried doing that already and place them in separate columns as it is now, then subcategorized them under the header blocks. I might just widen it all and split them into groups based on the columns now.

  11. 18 minutes ago, SlOom said:

     

    Maybe you can redo the page with some "tabs" (Example: http://i.imgur.com/qniDDVI.png) to make it more easy and more cleaner to use it.

    That was one thought I had, I also thought about collapsible sections (ex. http://materializecss.com/collapsible.html). I might mix them together too, but my only concern is users getting lost trying to find a setting. That's why I just kept it on one view so you could use your browser's search to look for it quicker. Worst case scenario I make them all expandable so you can expand all of them then still use that.

  12. 1 hour ago, SlOom said:

    I think the settings page should be redo; it's a badly organized with all the fields etc (Example: http://i.imgur.com/jg63UVI.png).. but the extension itself is good at all especially the image viewer, linkvalidator bypass, the power release and block kisses/bump.

     

    We should have (even if it's not a related xat tool) something to save notes such as namecolor codes/pseudos etc...

    I highly agree, the setting page is a hot mess and needs an extreme redo. Unfortunately, design is not my forte when it comes to this sort of thing, so it might be a minute before that's actually done. As for the notes, it would be convenient to have something for this sort of thing. I'll add it to the list for an idea and when I find the best way to do it I'll look into adding it.

     

    8 minutes ago, Junior said:

    Please, this thread was made to showcase the extension so people can provide feedback about it.

    Any other kind of post will be hidden.

     

     

    Nice extension, @Dubz! Good job.

    Thanks for cleaning up the thread Junior, it was getting a bit out of hand. I appreciate the support for it as well!

    • Award 2
  13. I'm attempting to start this thread again, hopefully it won't be deleted for no reason though. I had one a long time ago but it was randomly removed and I never found out why.

     

    Anyways, for those of you who aren't currently aware of the browser extension I made for xat, it's a very interesting and (usually) convenient item to have for those of you who are on xat more constantly than others (and if you're on the forum, it probably includes you). I've created this (and published it) in Google Chrome and I'm looking to get it on a few other browsers as well (such as FireFox and Opera). If you aren't aware of what it does, it adds a lot of interesting and convenient changes to how you interact with xat.com. For instance, instant notifications when a chat is promoted in your language (or a specific chat in general), a way to remove different parts of a chat's designs (CSS, backgrounds, etc.) to make it easier to read, or disable flashy animations that may be bothersome. There's also a way to bypass the linkvalidator system xat hs implemented (for those of you who would consider yourself wise enough not to fall for phishing attacks). The list goes on to other smaller features, so check it out if you're interested.

     

    Link to public version on Chrome: https://chrome.google.com/webstore/detail/xat-tools/ogcdcefmgcofkjjckhpjnhopehbhjmef

     

     

    As for those of you who do know what it is already, and if you didn't you'll have a better knowing now, let's get into some discussion for it if you'd like. I've had requests for features over the course of its development, such as blocking bumps or kisses, and I'm pretty much running out of anything else I find useful to myself personally, or those who asked for them. I'd like to get some user feedback from those of you who are users, or are interested in it. I've put quite a bit of different options to tweak it out to your own liking (possibly more to come) so everyone can enjoy it fairly.

     

    If you have any (reasonable) requests for it that you'd like to see, post them below and if it's popular (or I get bored, which is somewhat common), I'll probably add it.

     

    I have added support for API calls to bot providers to make your lives easier with your bots, but so far only one (OceanProject) has agreed to and added their side of the support to it. As for the others, they've either not done their part to support it, declined to support it, or totally went MIA and their developers could not be found (cough*LP89*cough*).

     

     

    For those who are concerned about their own security using it, the extension does not transmit any of your personal information (names, emails, passwords, etc.) outside of itself or xat.com (if it ever did). Passwords are not saved anywhere, and the only data that is transmitted is your ID privately, which anyone can see on xat anyways. I have implemented an api key system for authentication outside of xat and inside the extension network. Whether or not it abides by the terms of service, I cannot fully guarantee without xat verifying themselves. It does not interfere with other users' (that don't use it) experiences and you must voluntarily use it, plus it does not modify xat to be unusable, just adds to it.

     

    Any private questions regarding it can be sent to me on here via PM, or find me roaming around on xat and talk to me there. Volunteers and admins may do the same as well obviously, especially if this thread isn't allowed for some reason.

     

     

    *Please note, this extension is created "as is" and is not created by xat staff or any of its volunteers. I am not responsible for any misuse of the extension. Links above, although may be considered trusted, may not be suitable for everyone. Install at your own will.

    • Award 2
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.