New stripchat API, will give affiliates access to a models region/state ban list.

[cbhours]

The new stripchat API will give affiliates access to the list of geo bans a model has placed. Their objective in doing this is so that affiliate pages can use models geo ban information to code their site so that the model doesn't appear to visitors of that region. The problem here is that models generally ban their own region/state and this now gives people a way to access that information.

I do not believe that hiding a model from an affiliate site is worth revealing all models geo bans. There is surely a better way to go about this, for example perhaps affiliates can pass along the IP of the user and get a list of usernames that shouldnt display to them? or maybe simply geoblocking thumbnails since thats really the most important.

I am certain that CB either made this same mistake in the past or started to and changed their mind since blocked countries is an entry in their old XML api but its never populated so the information is never revealed.



What's YOUR opinion on the subject?

 

[KingMarti]

The new stripchat API will give affiliates access to the list of geo bans a model has placed. Their objective in doing this is so that affiliate pages can use models geo ban information to code their site so that the model doesn't appear to visitors of that region. The problem here is that models generally ban their own region/state and this now gives people a way to access that information.

I do not believe that hiding a model from an affiliate site is worth revealing all models geo bans. There is surely a better way to go about this, for example perhaps affiliates can pass along the IP of the user and get a list of usernames that shouldnt display to them? or maybe simply geoblocking thumbnails since thats really the most important.

I am certain that CB either made this same mistake in the past or started to and changed their mind since blocked countries is an entry in their old XML api but its never populated so the information is never revealed.



What's YOUR opinion on the subject?

Is this stripchat or stripcash?

I agree a models geo blocks shouldnt be given out. I havnt looked at it but I am assuming it would become trivial to build a search engine of "models in your area" using the geo block information, which would completely defeat the entire purpose of having a geo block set up in the first place.

 

[cbhours]

Is this stripchat or stripcash?

Well you have to create an account at stripcash to gain access to the API but of course all the information is for stripchat models.

I agree a models geo blocks shouldnt be given out. I havnt looked at it but I am assuming it would become trivial to build a search engine of "models in your area" using the geo block information, which would completely defeat the entire purpose of having a geo block set up in the first place.

Yikes i didn't even think about that, yes you are correct it would be very easy to make a site like that.

 

[KingMarti]

Well you have to create an account at stripcash to gain access to the API but of course all the information is for stripchat models.

Do they have something like the events api on cb? I never looked into the api's on stripcash. when I was making stuff for my room I was pulling data from the websocket but it broke with a site update...api would be so much more reliable

Yikes i didn't even think about that, yes you are correct it would be very easy to make a site like that.

That was the first thing that came to mind, with a little extra work you could easily turn it into a dox database.

@Charlie_SC Could you raise up the security issues with giving out the geo block data to the relevant team?

 

[cbhours]

Do they have something like the events api on cb? I never looked into the api's on stripcash. when I was making stuff for my room I was pulling data from the websocket but it broke with a site update...api would be so much more reliable

To my knowledge there is no events API.

 

[mika_kedi]

Does Stripchat even have any way to make affiliates respect geo blocks and use this data as presumably intended to protect models by implementing geo blocks on affiliate sites and not to make them more vulnerable? I doubt that but I also would like to see what @Charlie_SC has to say. I don't think most affiliates would add geo blocks just of goodness of their hearts since it's additional work and possibly lower income for them.

 

[cbhours]

Does Stripchat even have any way to make affiliates respect geo blocks and use this data as presumably intended to protect models by implementing geo blocks on affiliate sites and not to make them more vulnerable? I doubt that but I also would like to see what @Charlie_SC has to say. I don't think most affiliates would add geo blocks just of goodness of their hearts since it's additional work and possibly lower income for them.

All that would be required would be a user reporting the affiliate not respecting the geoblocks but from a model privacy perspective there are better ways to block visibility on an affiliate site than simply giving a list of every single blocked region/state to affiliates.

Not doing anything at all is far superior to giving people the ability to view everyones region/state blocks. I shouldnt be able to look at a list and say X model blocks florida. Theres definitely a better way to handle it.

 

[mika_kedi]

All that would be required would be a user reporting the affiliate not respecting the geoblocks

That would require:
a)change of rules for affiliates I presume. From what I understood you did not mention there is any info about them actually being required to use geo blocks, just that they are being given this data so they can;
b) people checking and reporting affiliates, which would be ridiculous from Stripchat to expect from us.

Not doing anything at all is far superior to giving people the ability to view everyones region/state blocks. I shouldnt be able to look at a list and say X model blocks florida. Theres definitely a better way to handle it.

I agree. That's why I asked the question, to find out from Charlie if they see any realistic ways to protect the models if they decide to go through with it.

 

[ElGato]

The new stripchat API will give affiliates access to the list of geo bans a model has placed. Their objective in doing this is so that affiliate pages can use models geo ban information to code their site so that the model doesn't appear to visitors of that region. The problem here is that models generally ban their own region/state and this now gives people a way to access that information.

I do not believe that hiding a model from an affiliate site is worth revealing all models geo bans. There is surely a better way to go about this, for example perhaps affiliates can pass along the IP of the user and get a list of usernames that shouldnt display to them? or maybe simply geoblocking thumbnails since thats really the most important.

So the new API would require site owners to add additional provided code so their sites would respect geo-blocking but will still work without the code and not honor geo-block?
Good luck getting the site code implemented wide-scale without some kind of requirements.
Is it header code? I've worked with 3rd party integrations pulling data that had crawlers that continually checked for their code in my headers. No code - functionality got turned off.
Or like you said, pass the user IP back.
There has to be a better way than just a full data dump of models and their geo-blocked areas.

I agree a models geo blocks shouldnt be given out. I havnt looked at it but I am assuming it would become trivial to build a search engine of "models in your area" using the geo block information, which would completely defeat the entire purpose of having a geo block set up in the first place.

This would be tooo easy if that's how the API is now

 

[cbhours]

Is it header code?

It requires a header code to include a key for your particular site which means they can disable an affiliates access to the API if they want to.

 

[KingMarti]

It requires a header code to include a key for your particular site which means they can disable an affiliates access to the API if they want to.

I assume thats how it is now, you have to provide the api key to access the api? So they will still know where the requests are coming from either way.

A thought: is the key they want in the header providing them the ip of the user so the api will only return data not blocked for that area meaning the blocked info is never given out?

 

[cbhours]

I assume thats how it is now, you have to provide the api key to access the api? So they will still know where the requests are coming from either way.

A thought: is the key they want in the header providing them the ip of the user so the api will only return data not blocked for that area meaning the blocked info is never given out?

Doesn't have to be in the header. It could work like ur mentioning where it returns the info after receiving the IP address showing only the models that should be visible.

Personally I'd prefer the other way around to return a list of models that shouldn't be displayed since the data would be significantly smaller. I know your idea is a little more secure in the sense that it doesn't give the blocked names but of course a simple comparison of the lists would reveal the difference in names anyway.

Your idea is how CB is doing it in their v2 API but they force a limit of returned names to make the data size smaller. It's a good idea if the affiliate is going to use pagination in the same order as the CB user list.

Edit: sorry forgot to answer your question about how it is now, no key required you just need the URL for it.

 

[KingMarti]

Edit: sorry forgot to answer your question about how it is now, no key required you just need the URL for it.

That seems crazy, I cant remember the last time I used an api that didnt require an api key. I assume its public info it's giving out but still seems strange not needing an api key, strange in the trying to use windows 98 after using windows 10, not really bad, just strange

 

[Natural9]

What stripchat needs is an option like CB has to not appear on affiliate sites at all.

 

[cbhours]

What stripchat needs is an option like CB has to not appear on affiliate sites at all.

...they have that but it's worded oddly like "use my content for promos" or something like that.

....not really a good solution, what's that you say? The state you're in has been revealed to the public? Oh ok well turn off affiliate sites and hope everyone forgets.

 

[Natural9]

...they have that but it's worded oddly like "use my content for promos" or something like that.

....not really a good solution, what's that you say? The state you're in has been revealed to the public? Oh ok well turn off affiliate sites and hope everyone forgets.

Maybe I am misunderstanding how this API works. Can they get this information even if you have selected not to appear in "promos"?

I com0letely understand no one should have access to you location. Too many nutjobs in this world.

 

[cbhours]

Maybe I am misunderstanding how this API works. Can they get this information even if you have selected not to appear in "promos"?

I com0letely understand no one should have access to you location. Too many nutjobs in this world.

No you are correct if they disable appear in promos the information is not accessible

 

[Charlie_SC]

Thanks for tagging me in this thread guys.

Firstly, I'm gonna be honest with you.. this question is a bit out of my area of responsibility and expertise.
You're discussing a lot of technicalities that are better suited for the StripCash team, but I'll still try to give you as much information as I can.

We take our models' privacy concerns and our affiliates' technical needs very seriously.
Importantly, models can opt out of any advertising-related API functionality directly from their Stripchat account settings, giving them immediate control over their privacy.

Given the technical limitations of IP forwarding, we've designed a simplified API access system.
This approach is currently limited to a select group of partners we monitor closely to ensure compliance with our geo-blocking rules.

We expect our affiliates to respect the geo-block settings established by models.
Our monitoring of affiliate compliance is rigorous, and we do not hesitate to take action against those who violate our policies.
This way, we do not tease users with "unavailable" models, and the models get the most traffic while maintaining their privacy.

We are fully committed to enhancing our privacy safeguards and are actively exploring more robust solutions and our team is always engaging with the community to gather feedback for improvements.

 

[cbhours]

We take our models' privacy concerns and our affiliates' technical needs very seriously.

But unfortunately the tech team has made an error here and they are not taking model privacy seriously and that is why i started this thread.

Given the technical limitations of IP forwarding, we've designed a simplified API access system.

While IP forwarding to get the block information is slightly more limiting it is the superior choice in this scenario

This approach is currently limited to a select group of partners we monitor closely to ensure compliance with our geo-blocking rules.

We expect our affiliates to respect the geo-block settings established by models.
Our monitoring of affiliate compliance is rigorous, and we do not hesitate to take action against those who violate our policies.

The problem is not if affiliates are geo blocking models the problem is you are revealing every models geo blocks to affiliates.....and technically speaking if the affiliate choses to pull the information with javascript (which lets face it is very likely) anyone with a little tech knowledge can extract the information necessary to also pull the information without even being an affiliate.

We are fully committed to enhancing our privacy safeguards and are actively exploring more robust solutions and our team is always engaging with the community to gather feedback for improvements.

I would like to recommend that blocked states/regions/countries be removed from the new API until a better solution is found...... You could even do like...an option for them to opt-in to on the region block section:

Would you like your geo blocks to be revealed to affiliates so they block the same locations?

Yes                        No (Default)

 

[cbhours]

Given the technical limitations of IP forwarding, we've designed a simplified API access system.

wait a minute...how are they expecting affiliates to get region information to apply the geo blocks too? we are going to need to use IP anyway.





To try to give another example of why this isn't a great idea to reveal geo information:

Theres a model online right now, lets call this model Rebecca. Rebecca is colombian, shes blocking colombia and new york. No one is going to block new york without a good reason so we can assume shes got family living in new york. I might be wrong, there might be another explanation....but is it really anyones business to know?

 

[KingMarti]

Theres a model online right now, lets call this model Rebecca. Rebecca is colombian, shes blocking colombia and new york. No one is going to block new york without a good reason so we can assume shes got family living in new york. I might be wrong, there might be another explanation....but is it really anyones business to know?

And then to take things to the next level of why this is a bad idea. We know what the model looks like because shes on cam, and know that she has something to do with Colombia and new york, that is information that can be cross referenced along with reverse image searching to gain the models real identity.

This is why even giving a hint of where the model is located is a bad idea. Location is a pretty big data point when it comes to tracking people down.