glimesh.tv
glimesh.tv copied to clipboard
Glimesh
Expand list of OAuth 2.0 scopes to allow more fine grained access control for apps
From Discord:
Can I suggest adding scopes (mostly chat related) such that the following must all be authorized separately, per app and user combination:
- acting as the user on channels which are not their own
- connecting to chat (presence)
- sending a message
- deleting a message
- purging multiple messages of a user
- clearing all messages
- assigning roles (moderator, are there others a channel owner can set, yet?)
- timing out a user
- banning a user
- globally timing out a user (staff only, but still, who knows, they might behave like regular users and you might want it available)
- globally banning a user from chatting (same as above)
Anything else that modifies something or accesses something non-public, as soon as you think about making it available via the API or add a relevant new feature.
there is some things everyone should be aware before we start adding more scopes and that is all current existing applications would not be able to use these unless its also added to the SQL table of that application OR the entire oauth2 lib that is being used is ripped out and create our own implementation that does not have this limitation
taken from a discord reply from me.
I would add to your list a permission to read subscriber/subscribee info/events - it's nobody's business how much money a streamer makes. Since the sub profits are well known, it's just a simple calculation to know the exact amount as streamer makes.
I would also group them into simply:
- read chat
- write to chat
- moderate chat ...but still list the details in the approval dialog
there is some things everyone should be aware before we start adding more scopes and that is all current existing applications would not be able to use these unless its also added to the SQL table of that application OR the entire oauth2 lib that is being used is ripped out and create our own implementation that does not have this limitation
taken from a discord reply from me.
I would not automatically add the permissions, as that goes against the whole idea of restricting access to anything that has not explicitly been authorized. We can just send out an email to all 3rd party devs letting them know they will need to re-auth their users to make use of the newly restricted scopes. Dev's should not be automatically given access to scopes they don't necessarily use. We have not even launched yet, and even once we do, we'll still be in alpha - these changes should be expected as the API is further developed
I would add to your list a permission to read subscriber/subscribee info/events - it's nobody's business how much money a streamer makes.
Doing this is pointless. Subscribers have a role/badge in chat. By listening to chat, and/or alerts (even if API access is restricted for those, broadcasters usually have them in the video and that works too!) you can collect this information anyway. Having to do this is inconvenient for developers who wish to use this information for other purposes, so it should just be public and convenient to access (it is public anyway). Tell people that the information is public and leave it at that. Personally, the whole idea of hiding your income rubs me the wrong way, too. Doing so is only advantageous to those with high earnings. The same is true in the regular jobs market, where a select few get a far higher salary for the same work than a certain number of others, simply because they are more aggressive at negotiating their salary, while others won't, simply because they don't know for how much they could even ask or just don't, because they depend on their income too much to take the risk (employees are let go all the time, because there's cheaper labor to be found to increase that profit margin). As far as giving to a streamer goes, let's say you have a maximum of $10 to give that you planned to give some of the broadcasters you like, and you don't know how much each of the three streamers you like each made this and last month. You might either divide it equally, or give it all to the one you like the most. But if you did know that one of them made 10 grand, one 200 and the last one about 1 grand. Where would your money go that day? 😉 Of note: It would also go without saying though, that even if people can, most of them won't bother to look at this stuff at all.
I would also group them into simply:
- read chat
- write to chat
- moderate chat
I would disagree with you here, too. While you are right, that most apps which make use of one of these things usually would ask to make use of them all, doing this is a trivial and usually one-time effort on the part of a developer. It is good security practice to never ask for permissions you do not need, and a chat bot that only needs access to delete message wouldn't need to be able to timeout and ban users, for example.
oh hell no! my coworkers don't know how much I make at my "regular" job either! Imagine if a streamer started going around telling people "hey, streamer_xyz already makes $1000 a month, you should sub to me instead". Imagine how much that would piss you off if you were that larger career streamer doing it for a living trying to feed your family, and some casual streamer was telling people not to sub to you! You shouldn't be competing with your fellow streamers, you should be getting subs based on your own merits. If a viewer can only afford to sub to one streamer, it should go to the one they like best.
Or look at the other half of the equation: what if a streamer can easily see how much each viewer spent on subs that month. if they see a viewer already spent lots of money on other streamers, they may harass them to sub to them as well (or just get offended), which makes for a horrible user experience (more similar to an adult chatroom).
Realistically nobody is going to hang out in chat 24/7 and count your subs as they come in, and scraping the site I believe is against the TOS. If streamers had the option to disable the sub notifications in chat (like on mixer [maybe they prefer to use their own bot]) they may wish to do that as well, meaning you couldn't count and do the math. Both twitch and mixer also lock subscription/subscriber info behind a scope.
I don't know where you are from, but where I come from, asking someone how much money they make is considered a VERY rude question ( I would literally slap someone for asking, and it's not that I make a lot ). Going behind their back and looking would be even worse, and posting exact figures publicly would be absurd! If you have the sub count you can easily multiply by $2.50. If they are fine sharing it then great, but the decision NEEDS to be up to the streamer.
I would add to your list a permission to read subscriber/subscribee info/events - it's nobody's business how much money a streamer makes.
Though I suspect this issue will largely boil down to subjective personal philosophies, I'd like to throw in my own 2 cents here.
As an open company that strives for transparency across the board from source code to finances, concealing these details might run contrary to those commitments, or at least appear that way. It may also introduce some challenges in managing what financial information is "private" vs what is public.
I don't know where you are from, but where I come from, asking someone how much money they make is considered a VERY rude question [...]
To expand on @dori4n's point, there are a number of good reasons that the taboo of discussing salaries/income might be doing more harm than good for most folks besides the companies trying to squeeze as much value out employees as possible. Transparent pay information can often help to close big pay gaps. I recognize that the situation here is a little bit unique from traditional salaried employees, but the merits are worth considering nonetheless.
With respect to concerns about harassment due to financial information being made available, I believe that harassment for any reason is against ToS and should be handled by our GCT friends. My intuition is that toxic folks are going to harass people regardless of if there's financial information to use as ammunition or not.
Though I suspect this issue will largely boil down to subjective personal philosophies, I'd like to throw in my own 2 cents here.
As an open company that strives for transparency across the board from source code to finances, concealing these details might run contrary to those commitments, or at least appear that way. It may also introduce some challenges in managing what financial information is "private" vs what is public.
The way I see it, this is where transparency meets user privacy. Glimesh strives to respect both of these values equally. I get that the company would love to be able to say that they can tell you where every penny of income comes from and where every penny of it is spent. Just because the company is willing to do it, but I think it is a step too far to require streamers to do the same - putting it behind a scope is essentially asking permission. I would argue that it is sufficient to break it down income by region, categories, average per channel, most per channel, least per channel, amount per day/week/month/year/etc. I can't see a case where people would demand to know how much a particular streamer makes...but this is veering off topic
To bring this back to the original topic, my argument was that it should not be made publicly available without the permission of the channel owner, through the API. We are talking about an API scope here, not company policies. I don't disagree that glimesh should be able to publish aggregate data freely, or even pseudo-anonymized data (where a channel name is tied to an identifier, where the link between the 2 is not public, but it can be tracked month-to-month for example)
I don't know where you are from, but where I come from, asking someone how much money they make is considered a VERY rude question [...]
To expand on @dori4n's point, there are a number of good reasons that the taboo of discussing salaries/income might be doing more harm than good for most folks besides the companies trying to squeeze as much value out employees as possible. Transparent pay information can often help to close big pay gaps. I recognize that the situation here is a little bit unique from traditional salaried employees, but the merits are worth considering nonetheless.
there is no pay gap here - everybody makes exactly the same per sub (and the amount is well known), it's a matter of how many subs you can get. We are not talking about giving a larger percentage to bigger streamers or anything like that. What you make is essentially based on how hard you work for it, and the quality of your work (entertainment value etc).
With respect to concerns about harassment due to financial information being made available, I believe that harassment for any reason is against ToS and should be handled by our GCT friends. My intuition is that toxic folks are going to harass people regardless of if there's financial information to use as ammunition or not.
I didn't mean it to the extent of literal harassment, just people being able to pressure viewers like that (not badgering. maybe they only ask it once in a way that comes off as being cheeky, but it makes the viewer feel guilty) - you might as well slap a sticker on their forehead that says "big spender". At that point all viewers are not equal, because streamers who are just after money can target them more easily (eg. maybe they pay more attention to them than other viewers)
The way I see it, this is where transparency meets user privacy. Glimesh strives to respect both of these values equally. I get that the company would love to be able to say that they can tell you where every penny of income comes from and where every penny of it is spent. Just because the company is willing to do it, but I think it is a step too far to require streamers to do the same
I'm in complete agreement with this, the company being an open company doesn't mean users aren't entitled to their own privacy.
Avoiding the topic of "open salaries", I think my only major counterargument to adding a scope is that you can already calculate exactly how many subscribers a streamer has just by listening for chat events. Or logging unique chatters with a sub badge. However you do lose that value after the first month, because right now we don't have any way of showing off that your subscription recurred successfully.
Personally I'm in favor of a scope for subscriptions, as there's no direct downside, and it's simply a user consent away from getting access to the data you want. If the streamer gives consent, we could even share the size of the subscription, fees, etc.
Imagine if a streamer started going around telling people "hey, streamer_xyz already makes $1000 a month, you should sub to me instead". Imagine how much that would piss you off if you were that larger career streamer doing it for a living trying to feed your family, and some casual streamer was telling people not to sub to you!
If a viewer can only afford to sub to one streamer, it should go to the one they like best.
I understand it fully, and yet, I still disagree with you. 😉
Realistically nobody is going to hang out in chat 24/7 and count your subs as they come in
Me and a few others have been doing this on Beam/Mixer (hell, I even had access to query them through the REST API as I felt like it), and I'm still doing it elsewhere. I've not made it public, because I was asked not to, but I've also tracked things like use of emoticons, words, URLs (by domain and path), stickers and the time people spent in certain channel chats (including activity that was malicious, how often CatBot got them, what things moderators liked to delete, purge, timeout or ban for, and joins/leaves indicated network connectivity issues).
scraping the site I believe is against the TOS
Except where authorized. Meaning, if I need to do it to perform a certain allowed task (here connecting to chat/pubsub to receive messages and alerts for display), and then go on to also use it to perform one you frown upon, that's gonna be tough luck.
If streamers had the option to disable the sub notifications in chat (like on mixer [...]
Those alerts were delivered through Constellation (the HypeBot message in chat you could disable, yes) and anyone could receive those for any channel no problem. You could also infer subscription status from user role updates in chat (there was a role added/removed event, not getting one for a subscribed user after 30 days meant they resubscribed). But even if couldn't, I haven't seen a single channel which didn't have alerts in the video stream, where simple OCR wouldn't have gotten me the information (I even had that implemented with tesseract scanning the RTMP/HLS feed. Luckily I never had to, I would've missed the offline alerts and be more aggressive about polling the REST API for updates.
I don't know where you are from, but where I come from, asking someone how much money they make is considered a VERY rude question
Oh, people and their inferiority complex are the same everywhere, even in my parts. The only people who are open about this kind of thing are either incredibly affluent (and it's considered tacky here, but not as much elsewhere) or those who have nothing and don't care.
Going behind their back and looking would be even worse, and posting exact figures publicly would be absurd! If you have the sub count you can easily multiply by $2.50. If they are fine sharing it then great, but the decision NEEDS to be up to the streamer.
But it's public anyway, and not difficult to obtain the information, either, so why even bother to make it difficult in the first place? If everyone knows, I don't see the problem. On the other hand, pretending the information is secret, when in fact, through the mere behavior of streamers wanting to have alerts for this type of thing (it's proven to encourage people to subscribe for the alert alone and that doing so improves both subscription count and retention) it is public and people then get all upset on you, because they didn't understand that this was the case.
I would argue that it is sufficient to break it down income by region, categories, average per channel, most per channel, least per channel, amount per day/week/month/year/etc.
That is an excellent idea. I should add that later. 😗
I think my only major counterargument to adding a scope is that you can already calculate exactly how many subscribers a streamer has just by listening for chat events. Or logging unique chatters with a sub badge.
Essentially this, yes. And I'd prefer that to be easy and that everyone knows, rather than it being difficult, being done in secret, and people getting upset over it when they find out.
However you do lose that value after the first month, because right now we don't have any way of showing off that your subscription recurred successfully.
What happens if a subscription expires? Do users somehow remain subscribers? If they don't, I can infer that if they do, their subscription must have recurred.
Personally I'm in favor of a scope for subscriptions
I am in favor of a scope for subscriptions only, if that is for subscriptions of a user to a channel, and users have the option to hide their subscriber status entirely. That is, no alert, no chat badge, no nothing, except for their money going from their account to Glimesh and half of that being paid out to the channel owner. That scope would then allow a user to access the list of channels they've subscribed to.
If you want a scope protecting subscriptions a channel has received, you could possibly do that also, but then that channel may not have any alerts, subscriber badges and everything else that gives away that users have a channel subscription (user roles, emoticons, you name it). Basically, it would be a protected subscribers scope, and channel owners would need to toggle a setting on their channel that disables the public subscriber list and all other artifacts that give these things away with it. I do not believe any broadcaster would want to do this, but I could get behind such a system.
Otherwise the data should be public and everyone should know that it is.