Roku Developer Program

Developers and content creators—a complete solution for growing an audience directly.
cancel
Showing results for 
Search instead for 
Did you mean: 
EnTerr
Level 8

Private's Insecurities*

What's wrong with this picture?


For me it seems very obvious - painfully obvious even - that it lacks attribution.
  • Who is the author/publisher?

  • Where is the short description of the app, when one needs it?

It seems to me as if this information was present before (was it?) and now it's not. Or maybe i am wrong but that mostly-empty dialog sure seems ripe to be filled with "Author" and "Description" fields. Which are available.

Roku knows who signed this app, right? Why are they not telling me?! As presented this is more of a "glory hole", where strictly anonymous sex^ is enforced

(*) i toyed with the idea of naming this "Saving Pvt. Channels" but the joke is getting complicated - plus i don't know for sure if someone is trying to get Mr.Channels killed.
(^) SEX is abbreviation for "Software EXchange", you know
0 Kudos
8 Replies
belltown
Level 7

Re: Privates Insecurities*

I don't remember seeing any other details included when adding a private channel. Presumably, you got there from a link on a web page, which should have whatever info you need about who developed the channel and what it does.
https://github.com/belltown/
0 Kudos
EnTerr
Level 8

Re: Privates Insecurities*

"belltown" wrote:
Presumably, you got there from a link on a web page, which should have whatever info you need about who developed the channel and what it does.

You can't presume. One may add channel from my.roku.com via access code "that i heard about on the Internets" - or be linked to add-URL page under false pretense. The least Roku can do is show who the author is.
0 Kudos
belltown
Level 7

Re: Private's Insecurities*

I agree that it would be nice if Roku could include author, description, screenshots, date created, etc., etc., for a private channel before a user actually adds the channel. That doesn't necessarily enhance security though, as a rogue hacker could sign up for a fake Roku developer account using a fake e-mail address, stolen credit number, etc., give himself a developer name like "NetflixOfficial" and publish a private channel looking like a Netflix channel that asks for the user's credit card number before proceeding. The user will see a Netflix logo and a developer name of "NetflixOfficial" when adding the channel.

The 'Add Channel' screen should probably come with a big flashing red message and disclaimer regarding the potential ramifications of installing a private channel -- as of right now, it doesn't even tell you that you are installing a private channel. As you said, there are many ways a user could get to the 'Add Channel' screen. I could see a situation where a user thinks they are installing a legitimate Roku channel but ends up with a nefarious private channel instead.
https://github.com/belltown/
0 Kudos
EnTerr
Level 8

Re: Private's Insecurities*

"belltown" wrote:
I agree that it would be nice if Roku could include author, description, screenshots, date created, etc., etc., for a private channel before a user actually adds the channel. That doesn't necessarily enhance security though, as a rogue hacker could ...

But it does "necessarily enhance security". It shows the developer name, which (presumably-enforced-unique) can be traced back by the Co to the originator.

In addition - by naming the creator, a "daylight" (a perceptible space) between RokuCo and the author is created. For example of the bad impression not having the author listed, see the pubic Mormon Channel and CNET - which make me think that Roku Inc is a branch of the Church of Jesus Christ of Latter-day Saints - and that CNET's always-glowing reviews of Roku players cannot be trusted Smiley Tongue

The "NetflixOfficial" doomsday-scenario you describe is already possible, one can already create scam apps - and i'll argue the lack of "daylight" between the author and the Co. at present is a concern. The idea of having a warning when installing non-public channel is good one - but i'd like to differ on the "big flashing red message" - instead something more tasteful should be used, akin to the "FDA disclaimers"* that OTC vitamins/supplements carry. Something short, non-threatening but clear; like "Caution advised: the description and contents of this private or test channel has not been reviewed nor validated by Roku Inc". In fact, maybe i can mock it up on the snapshot (or am i too lazy?) ...

(*) you know, "These statements have not been evaluated by the FDA. This product is not intended to treat or cure any disease"
0 Kudos
EnTerr
Level 8

Re: Private's Insecurities*

Ok, so here is a quick-and-dirty mockup of what add-by-access-code web dialog would make sense:


Based on Roku player's channel details/info screen, which recently suffered a devastating blow by fw 7:


(my apologies to the developer of "Speedtest" - there is nothing wrong with that particular app, used here just to illustrate Pvt. Channels's privates)
0 Kudos
Roku Employee
Roku Employee

Re: Private's Insecurities*

I passed this thread on to the web team, this is likely to be addressed in the near future.

- Joel
.
0 Kudos
EnTerr
Level 8

Re: Private's Insecurities*

"RokuJoel" wrote:
I passed this thread on to the web team, this is likely to be addressed in the near future.

0 Kudos
EnTerr
Level 8

Re: Private's Insecurities*

Roku* - any progress on this item?
I tried to add a channel from a twitter link and am still welcomed by the old screen, which doesn't even let me know who the developer is, nor see the description. It's creepy...
0 Kudos