Jump to content

suggestion for a history/historial of trade


Recommended Posts

  • Members

Whats up guys, i was thinking, what if we had a way of knowing what kind of transactions we have made?  ...

Hence this idea of proposal for a power that allows us users who constantly trade to see a history of the businesses we have made.

 

How would it work? 

 

Adding a link like the one shown in the image  and having the "History" or "Historial" power

http://prntscr.com/vu2h0g  

 

 

that allows us to access the transaction history that we have, as I know it is a bit complicated to be adjusting the database to these required data, it could be a history that is renewed every 72 hours, that is, so that all the history of 1 year transactions, every 72hrs the history will be renewed thus eliminating previous transactions.

All this in order to be able to keep track of the transactions that we have made and that on many occasions we can have problems when remembering and even more if we are users who trade many times in the same day.

Another application for this power would be to have evidence in case of scams or theft.

 

This would be my power suggestion, thank you very much everyone ^^.

 

Edited by Berserker
  • Like 3
Link to post
Share on other sites
  • Members
3 minutes ago, Bau said:


Hi Berserker

I'm not sure if it's the same idea, but here are some examples from the past.

 

 

Hi Bau ... From what I see they refer more than anything to the transfer history, what I propose is a history of all the operations you do, with a system that allows the information of your operations to be stored for 72 hours and after this time it is renewed information. 

  • Like 1
Link to post
Share on other sites
  • Contributors

I don’t know if is gonna be made 'cause the “history/logs” of our transactions is something internal that can be used to protect our account from phishings, since only you and our support can know what have been removed or added to your account, if anyone can have access to this option our security system is gonna be broke.(hmm)

  • Award 1
  • Like 3
Link to post
Share on other sites
  • Volunteers

This type of information about trades and purchases, if remembered, can be useful to verify someone as the owner of their account, as Page wrote.

 

If we implement this idea and xat (ticket) support decides to discredit this information going forward, because it's now available to users and phishers, it could make it more difficult to reliably verify users.

 

This means if users request an email change or a location update in the future, there could be less chance that xat support will be able to process their requests.

 

On the plus side, however, it would be useful for keeping track of your items, if you're wondering where your xats have gone.

  • Like 2
Link to post
Share on other sites
  • Members

I really think it deviated a bit from what the idea really would be.

In order not to get too dizzy, I meant that it would allow us to know what type of transaction we made, for example if we sold a nameglow, know to whom it was sold and for what amount, but in case a set of powers is sold, simply know how much money we receive from that user and why powers we receive it.


Now, the content and information that power shows us would be of a PERSONAL nature, I do not mean that it is public information because I think it is more than logical why and also because of what you mentioned.   

Link to post
Share on other sites
  • Volunteers

I personally don't think this is a bad idea, and I'm sure most xat users would wish to have this implemented on xat some day. Being able to see your past transactions sounds really good from a user's perspective. However, from a volunteer's perspective, the idea may not sound that good.

 

We (volunteers) use this type of information to verify people as the real owners of their accounts. This is a security question that is used very often for multiple reasons and multiple requests made by users, this helps us to verify if the user requesting help is the real owner of the account, and therefore process their request. If this type of information is available to all users, then we probably would need to stop using certain security questions which would make things harder for volunteers.

 

I only see this being implemented on xat if it includes restrictions. For example, if a user tries to access their account from a different location or changes their security settings in general, then they'd automatically lose access to their past transactions. Once a user has lost access to their past transactions, they'd need to open a ticket requesting help. Once volunteers have verified the user as the original owner, then they'd get access to their past transactions again.

 

That's my personal opinion on the suggestion.

  • Award 2
  • Like 2
Link to post
Share on other sites
  • Members
8 hours ago, Solange said:

I only see this being implemented on xat if it includes restrictions. For example, if a user tries to access their account from a different location or changes their security settings in general, then they'd automatically lose access to their past transactions. Once a user has lost access to their past transactions, they'd need to open a ticket requesting help. Once volunteers have verified the user as the original owner, then they'd get access to their past transactions again

 

I really think that that section you mention would give a good sense to the power, I think that by adding certain limitations we could obtain the ability to review our transactions without having the doubt of when we gave a certain amount of xats for something.

If it is built based on community needs such as xat's internal regulations, I think it would be a very good option for a power.

Link to post
Share on other sites
  • Game Makers
On 12/2/2020 at 5:32 PM, Crow said:

If we implement this idea and xat (ticket) support decides to discredit this information going forward, because it's now available to users and phishers, it could make it more difficult to reliably verify users.

 

 

If you are really worried about this, just send the transactions list by email like you can see on some sites where you ask your saved data ? So only the owner of the account can see it.

  • Like 1
Link to post
Share on other sites
  • Game Makers

Well, after seeing these arguments that it's necessary to "hide data" for security questions I will leave my input.

 

Have you heard about GDPR? Did you know that these laws apply to xat.com because it's in Europe?

 

After a simple search on Google about GDPR and user rights, the first topic that is always at top is: "Individuals have the right to access and receive a copy of their personal data, and other supplementary information". Remember that even big techs does it, such as Facebook, Google, Twitter, WhatsApp etc.

 

So this discussion is irrelevant, I believe this system should be added to new HTML5 pages, not as a "paid system" or simply on a whim, but because it's a "user right". Imagine if a user sends a ticket asking for their account information, would you volunteers be able to help him in the current situation?

 

I can also quote LGPD (Brazil’s version of the GDPR) which is one of the top countries that access xat.com according to Alexa, "Article 18 is another section of the LGPD that will look familiar to businesses that have dealt with GDPR compliance. It explains the nine fundamental rights that data subjects have, which include: [...] The right to access the data;"

 

Sources: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access & https://gdpr.eu/gdpr-vs-lgpd/?cn-reloaded=1

Edited by xLaming
  • Award 3
  • Thanks 1
  • Done! 1
  • Like 1
Link to post
Share on other sites
  • Members

I think that before going into issues of rights and legal issues, I think it is necessary to see from both sides, the system or initiative of what is the history of power, is that it allows us through a personal system, since the information We are only concerned about knowing what type of transactions we have made, and how much money has left our accounts and how much money has entered, in broad terms it is allowing us to have a reliable control of the amount of xats that we can have in our account.

 

We must bear in mind that xat also handles its own personal information, I am not saying that they allow us to see the transactions of other users, just to have control over our transactions. Now, to implement this power, as Solange mentions, it would be necessary to implement another verification system by which xat.com ensures that the account does belong to us, so it would be necessary to take several precautionary measures that allow us to have access. the. information. But I clarify again, the proxy is for personal use, at NO time did I mention that the proxy must have the ability to view transactions of other users.

Link to post
Share on other sites
  • Game Makers
12 minutes ago, Berserker said:

[..]

But basically is your right to have access over your data. As you said its your personal info.

 

It doesnt matter if its used in questions or not, theres a lot of other ways to indentify a scammer.

 

Even in banks you can download your data in one click. Why making it so complicated?

Link to post
Share on other sites
  • Members

Good idea, an alternative solution would be to track your trades with excel. Anyone with basic excel experience would be able to design a suitable spreadsheet for trading activity. If people are interested I'll see what I can do.

 

However, I do realise you'd run into some problems if you're trading 20+ individual powers at one given time, it would be tedious to input all that data yourself.

This kind of data tracking would probably be more efficient if we had the power you suggested!

 

Statistics can be added too to see which days are most profitable, total profit, average profit, ROI etc.

Link to post
Share on other sites
  • Contributors
16 hours ago, SLOom said:

 

If you are really worried about this, just send the transactions list by email like you can see on some sites where you ask your saved data ? So only the owner of the account can see it.

I like this idea; I'm curious to see what my trade history looks like since I'm terrible at keeping track of it myself. I think if requests like these were limited to once every year or once every six months or so it could be useful. Plus, having us submit a ticket or email for this information would help maintain the privacy, as Sloom mentioned. 

Link to post
Share on other sites
  • Wiki Editors

The solution is simple, European citizens bombard xat with subject access requests under GDPR that they are required by law to respond to (must respond within 30 days of receipt) until they’re forced to make this information freely available to all users. 
 

xat does not have the right to withhold this information from you, and any other information (even aggregate data) regarding you from you. xat should provide an option to download all the data stored about your account (trade/transfer logs, purchase history (xats and power store), reports linked to your ID, promotions, bids, etc, etc) or be faced with the challenge of providing these reports manually. 
 

Being from a GDPR country, I shall submit a request and get back to you all in 30 days!

 

Update: ticket is in xadmin (I shall class this as receipt of the request. 30 days and counting.)

Edited by Daniel
  • Award 2
Link to post
Share on other sites
  • Advanced Members
14 hours ago, Daniel said:

The solution is simple, European citizens bombard xat with subject access requests under GDPR that they are required by law to respond to (must respond within 30 days of receipt) until they’re forced to make this information freely available to all users. 
 

xat does not have the right to withhold this information from you, and any other information (even aggregate data) regarding you from you. xat should provide an option to download all the data stored about your account (trade/transfer logs, purchase history (xats and power store), reports linked to your ID, promotions, bids, etc, etc) or be faced with the challenge of providing these reports manually. 
 

Being from a GDPR country, I shall submit a request and get back to you all in 30 days!

 

Update: ticket is in xadmin (I shall class this as receipt of the request. 30 days and counting.)

 

When I was a volunteer I never supported making this information available so I understand the other side of it -- with the current system, I have genuinely no idea how they would handle lost access tickets if the info was available. Sometimes trade history or similar information was really all we had to go by. But if providing this information is legally required, then I think they need to change their policies and find new ways to verify account ownership, even if that's a difficult task. The law is the law. 

 

The volunteers and admins are smart people and I'm sure if they really put their brains together, they could find a way to overhaul the system. I also know the current volunteer team is passionate enough to take on such a project, so it really comes down to whether the admins care enough. Perhaps research into how bigger companies handle such issues would be a starting point? 

 

If they're willing to tackle this issue, it might be a good opportunity to overhaul the entire customer support system while they're at it. In fact, starting at the beginning and re-engineering the entire process might make it easier to tackle individual issues like this one and save everyone a lot of headaches moving forward, customers and volunteers alike. 

Edited by Steven
  • Award 1
Link to post
Share on other sites
  • Volunteers

I haven't commented so far because I don't realistically see a change made in this in the upcoming days, although I agree the current system may seem a bit blurry.

 

On a user perspective, you are just willing to access your own data, which is more than fair. On xat side, if an individual requests for their data, they cannot confirm whether the individual asking is actually the content owner.

What this means is that xat also has the right to ask you for a personal ID (passport, national ID card, ...) before handing you out your data. This is also part of GDPR and the 30 days count does not begin before you have been verified:

Quote

You need to be satisfied that you know the identity of the requester (or the person the request is made on behalf of). If you are unsure, you can ask for information to verify an individual’s identity. The timescale for responding to a SAR does not begin until you have received the requested information. However, you should request ID documents promptly.

 

The idea is that unless xat is completely certain you own the content you are asking for, xat will not send it away. Although you may see this as an awful restriction, this completely prevent your personal data to be given to handful scammers that can spoof your login information. In most cases, we don't require an ID and the user replying to a sufficient bunch of security questions is enough. However, I don't see how one could skip these questions before being given access to their personal data.

 

Anyway, this is a bit off the OP, on which I suggest the following. Users should see their trade history of the past 7 days if and only if they are logged into their account and their account is locked (IP protection). This prevent scammers to use this type of data to recover your account. The 7 days limit also allows volunteers to ask for trades processed prior to the 7 days threshold. Also believe me, xat login on IP protection is safer than sending the data through email (if the account is compromised, the email likely is, but the login protection remains).

  • Award 3
Link to post
Share on other sites
  • Wiki Editors
3 hours ago, Steven said:

When I was a volunteer I never supported making this information available so I understand the other side of it -- with the current system, I have genuinely no idea how they would handle lost access tickets if the info was available. Sometimes trade history or similar information was really all we had to go by. 

 

1 hour ago, Sydno said:

This prevent scammers to use this type of data to recover your account. The 7 days limit also allows volunteers to ask for trades processed prior to the 7 days threshold.

 

There seems to be a fundamental misunderstanding of how this would work from volunteers every time this conversation is had. How can phishers access information only available to users when logged in?
 

You would not be able to access this information unless you already had access to the account. There is no way this information can be used to fulfil lost access/locked out requests if they do not have access to the account.  Questions in departments focused on recovering accounts can still use this information. 

 

Questions for departments where the user already has access to the account are irrelevant, because if someone had already gained access to the account, there’s absolutely no need to update the location or change the email of the account. They can freely transfer xats or powers after the 7/14 day hold from locked out or lost access. 

 

Could a volunteer please tell me why someone would care about knowing trade/transfer information when they have already successfully phished an account and sold the xats?

Edited by Daniel
  • Award 2
Link to post
Share on other sites
  • Wiki Editors
55 minutes ago, Daniel said:

There seems to be a fundamental misunderstanding of how this would work from volunteers every time this conversation is had. How can phishers access information only available to users when logged in?

...

You would not be able to access this information unless you already had access to the account. There is no way this information can be used to fulfil lost access/locked out requests if they do not have access to the account.  Questions in departments focused on recovering accounts can still use this information. 

...

Could a volunteer please tell me why someone would care about knowing trade/transfer information when they have already successfully phished an account and sold the xats?

 

I see your point, but there are (to be fair, pretty unlikely) situations that it could still be "useful" to said phisher. For example, say if a phisher was able to remotely access an account but a high reserve limit prevented them from getting everything. They could download the data in hopes of unlocking the account at a later date on their IP or VPN. Again not a very likely situation but it's important to pay attention to the way things can be exploited.

 

I believe having logs readily available (immediate) gives it more of a chance to be exploited. Logs, of course, aren't the only way to verify an account but they play an important role in some cases. Having to put in a request for the logs (any user; paid or not), could make it so they can't immediately copy it before the owner catches on.

 

If the logs were in, say, 30-day increments, volunteers could just ask for any trade/transfer information from beyond the last 30 days of the ticket request.

 

I don't think it's bad idea to be able to access them - we just have to see it from both sides of the coin.

  • Award 4
  • Angry 1
Link to post
Share on other sites
  • Volunteers
1 hour ago, Daniel said:

Could a volunteer please tell me why someone would care about knowing trade/transfer information when they have already successfully phished an account and sold the xats?

You are saying it yourself, if the xats are already gone, it's pointless but there's a gap between logging into an account (or even knowing the password/email) and stealing the xats.

 

Temporary hold, reserve, permanent hold, etc...

 

You don't suspect it but we receive regular requests to remove these blocks from accounts with a phishy behaviour. We don't want that data to misguide us into unblocking phishers.

  • Award 1
Link to post
Share on other sites
  • Advanced Members
3 hours ago, Daniel said:

There seems to be a fundamental misunderstanding of how this would work from volunteers every time this conversation is had. How can phishers access information only available to users when logged in?

 

You make trade logs available but still use their contents to verify account ownership, and scammers WILL come up with social engineering tactics to trick users into giving up their logs and then using said logs to steal accounts. It would probably only be a few days after the changes were made before it started happening.

 

Yes, such tricks could technically be possible now, but uninformed users are far less likely to accidentally share detailed and sufficiently thorough trade history by memory than they are to share logs that are offered directly by xat and feel more official. 

 

You could put a safeguard in place that if logs are requested, their contents cannot be used to prove ownership in tickets, but that would cause so many headaches for users who don't know that when they request the logs, and for the volunteers dealing with those users. Plus, there shouldn't be a risk associated with accessing this information if it is made readily available.

 

I still firmly believe that if you make this information available, you have to find new ways to handle tickets (and I am in favour of that). 

Edited by Steven
Link to post
Share on other sites
  • Advanced Members

From a legal standpoint, xat only has to relinquish these records once asked for in writing and upon verification that you are you. ID, passport, etc.

Instead of complete logs, maybe a compromise could be reached.  Categories.  You could request a day log as example for the past 30 or 60 days.  xat transfer log for a certain time.

Epic powers for a certain time period, etc.  Divulging full information will make it difficult for a lot of users to recover accounts.  We already saw the issues presented when xat had its servers compromised 

that left hundreds if not thousands of users unable to retrieve accounts due to lack of email updates and disposable emails.  xat also saw how many emails were actually created by other users for them, as well, during this time.  I am just pointing out the email bit because not everyone's email is as secure as we would like to think.

Link to post
Share on other sites
  • Advanced Members
On 12/5/2020 at 3:00 AM, Daniel said:

The solution is simple, European citizens bombard xat with subject access requests under GDPR that they are required by law to respond to (must respond within 30 days of receipt) until they’re forced to make this information freely available to all users. 

Wrong. This is not the solution at all. This can be deemed as a reason as to why the subject request can be delayed. You are directly causing disruption to prompt a response. My issue here is the use of the word "bombard" by the way. I think everyone has an absolute right to know what information is being stored about them. Everyone who can, should request information using GDPR.

 

"the request is malicious in intent and is being used to harass an organisation with no real purpose other than to cause disruption." as stated by the ICO. I acknowledge your point but encouraging this kind of action ultimately means admins can play 4d chess and delay your request by a further two months.

 

7 hours ago, Christina said:

From a legal standpoint, xat only has to relinquish these records once asked for in writing and upon verification that you are you. ID, passport, etc.

This is where things get difficult, considering the information that is being discussed here is both protected by the GDPR and also the Data Protection Act 1998, they can only hand over information that they know is to the account owner. They realistically have no proof you are the owner of the account, purely because of issues within the registration page. Legal loophole to ensure that they do not have to give information out, as they have no proof of name which can be accurately and promptly checked via the use of a passport. 

 

The real issue here, and I'm not entirely sure how this works is that we leave the EU on the 31st December 2020. @Daniel placed his request in 5th December, the 30 day period actually comes after the day in which we leave all governance of the GDPR from an EU law standpoint, however the UK GDPR is apparently coming into play sometime soon, but there is very little details relating to it. The real issue here is, if they do not comply, which I do not think they will, what you can actually do after it. I'd like to think they can totally ignore your request, then reply on lets say the 2nd saying its too late (but this could be wrong and probably is).

 

I'd also just like to say in relation to your request @Danielplease ensure it was formatted correctly, in terms of a GDPR request as that is another ground in which they can deny your request. 

 

I have further put in a GDPR request via email instead of ticket. 

 

Edit : I have further put in a GDPR request for a deleted account of mine (this can increase the time required to respond as I've made two seperate requests) purely to see which information is still stored from deleted accounts.

 

For anyone interested in submitting a GDPR request please use the following document below as a guide to submitting such request (change the relevant parts for the data you wish to recieve):

Spoiler

 

xat.COM LIMITED
C/O Sheppards 22 The Square, The Millfields, Plymouth, PL1 3JX

 

[Your name and full postal address]

 

[Your email address]

 

[The date]

 

Dear Sir or Madam

 

Subject access request

 

[Include your full name and other relevant details to help identify you (Include your xat username and xat ID here)].

 

Please supply the personal data you hold about me, which I am entitled to receive under data protection law, held in:

 

my personnel file;
Trade logs (from earliest date on record to 30th November 2019)
xat purchases (from the store page) (between 2013 and 2017) held in account number xxxxx.]
If you need any more information, please let me know as soon as possible.

 

I request this data to be made known to me via email. (Please note here you can expressly state you want it in writing and not in an email, meaning they will have to post it to you if you'd rather that)

 

It may be helpful for you to know that data protection law requires you to respond to a request for personal data within one calendar month.

 

If you do not normally deal with these requests, please pass this letter to your data protection officer or relevant staff member.

If you need advice on dealing with this request, the Information Commissioner’s Office can assist you. Its website is ico.org.uk, or it can be contacted on 0303 123 1113.

 

Yours faithfully

[Name here]

 

 

Edited by Karl
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.