Yuki v~

I thought that was the whole point, us helping to report bugs. Else you'd have no idea! Thanks for the great work. Floatplane is awesome. 

I've PM'd you so we can get this solved in a setting that ensures your privacy.

This is a known issue which was recently brought to light in a discussion over at: 
TLDR: Discord authentication checks for both a matching unique ID and username. Removing the extra username check for Discord will have all well again in the case where usernames change.

Thanks for your report – we'll have this sorted out as soon as possible!

Exactly: your "toor" Floatplane.com account was never linked to anything. I don't believe it was suggested anything had been linked to this account.
 
I'm afraid the contradiction lies with you. It was never claimed that the account wasn't created on Floatplane.com. The account was created on Floatplane.com but was linked with your forum account because you took action to do so. We have record of this. For obvious reasons, security policy does not permit sharing the raw data.
 
Again, it is impossible to link without it being requested. One must first push the [More sign-in options] > [Sign in with LTT Forum] button. This requests an auth token. Next, the received token is used to create an account provided that you fill in the form which I provided a screenshot of in my prior post.
 
There's no magic going on with the session. We don't automatically link from any source and there's nothing in the session that would trigger this. When you create an account normally (by the [Sign up] button), it does just that: creates an account. There is no functionality whatsoever to pull from LTT Forum data and magically merge forum accounts.

If you create an account by going through the [More sign-in options], then yes, you will be linked to the LTT Forum account in question. This is how things are meant to work. Our records indicate that this is what occurred.
 
There's no abuse here. Let's take a look at some example:

Suppose the user "Yuki" on this LTT Forum wanted to link with Floatplane.com. They can absolutely do this. However, there already exists a user named "Yuki" on Floatplane.com, and I can guarantee that the Floatplane.com user is a different person. So when our LTT Forum user "Yuki" goes to link, they'll have to supply a separate username in order to link up.

This isn't a case of abuse, just the fact that Floatplane.com is a totally separate website, powered by a separate database. As a side-effect, there's a bunch of fresh, available usernames. We don't prevent anyone registering with a name just because it's used on the LTT Forum. It's all first-come, first-served.
 
I'm sorry, but we really didn't. As I mentioned above (and some times prior), an account will only be created through link if specifically requested. It is absolutely impossible for an account to be linked without an auth token being requested by the user. It's as simple as that.
 
With many disposable mailboxes one can specifically request whatever name they desire. Many of these services do not prevent multiple people requesting the same mailbox and they make no attempt to authenticate before doing so. If one user decided to make a Floatplane.com account with such a temporary mailbox service and a malicious party became aware of this, it would be trivial for the malicious party to claim the email in question and simply request a password reset.

There is an astronomical difference in the level of security offered by such disposable services and your typical mail providers. Disposable mailboxes will just give up an account for free. In comparison, any normal provider with a shred of common sense will require one to at least go through some hoops to get your password reset.
 
Floatplane does not "hijack" any session data. In fact, Floatplane has no access to your LTT Forum session data at all. This is the entire reason why you are redirected to linustechtips.com when requesting a connected-account link (to fetch and return an OAuth token), and this is the only way we are able to retrieve (very little) information about your account.

I'm sorry things aren't working how you'd expect, but I assure you that there is no issue with regards to security here.

If there is something we can take action on to make things better for you, please do let us know. As things stand now, this appears to be just a little misunderstanding.
 

When you made your Floatplane.com account by connecting in your LTT Forum account, a separate set of credentials were created for the Floatplane.com account. These credentials are expected when updating certain user settings, as we don't have access to the Steam or LTT Forum databases to verify supplied passwords/usernames for those services.

If you would like to generate a new password for your Floatplane.com account, you can simply navigate to the login screen and tap the [Forgotten your password?] link. If you enter your current email in here and follow the link in our reset password message, you should be able to set a fresh password. With this newly set password, you should be able to authenticate properly on the settings page.

If you created your account via connection a while back, then you may not have been given the option to set a password for your account, but only a username instead. In which case a password reset as described above will be necessary.

Exactly: your "toor" Floatplane.com account was never linked to anything. I don't believe it was suggested anything had been linked to this account.
 
I'm afraid the contradiction lies with you. It was never claimed that the account wasn't created on Floatplane.com. The account was created on Floatplane.com but was linked with your forum account because you took action to do so. We have record of this. For obvious reasons, security policy does not permit sharing the raw data.
 
Again, it is impossible to link without it being requested. One must first push the [More sign-in options] > [Sign in with LTT Forum] button. This requests an auth token. Next, the received token is used to create an account provided that you fill in the form which I provided a screenshot of in my prior post.
 
There's no magic going on with the session. We don't automatically link from any source and there's nothing in the session that would trigger this. When you create an account normally (by the [Sign up] button), it does just that: creates an account. There is no functionality whatsoever to pull from LTT Forum data and magically merge forum accounts.

If you create an account by going through the [More sign-in options], then yes, you will be linked to the LTT Forum account in question. This is how things are meant to work. Our records indicate that this is what occurred.
 
There's no abuse here. Let's take a look at some example:

Suppose the user "Yuki" on this LTT Forum wanted to link with Floatplane.com. They can absolutely do this. However, there already exists a user named "Yuki" on Floatplane.com, and I can guarantee that the Floatplane.com user is a different person. So when our LTT Forum user "Yuki" goes to link, they'll have to supply a separate username in order to link up.

This isn't a case of abuse, just the fact that Floatplane.com is a totally separate website, powered by a separate database. As a side-effect, there's a bunch of fresh, available usernames. We don't prevent anyone registering with a name just because it's used on the LTT Forum. It's all first-come, first-served.
 
I'm sorry, but we really didn't. As I mentioned above (and some times prior), an account will only be created through link if specifically requested. It is absolutely impossible for an account to be linked without an auth token being requested by the user. It's as simple as that.
 
With many disposable mailboxes one can specifically request whatever name they desire. Many of these services do not prevent multiple people requesting the same mailbox and they make no attempt to authenticate before doing so. If one user decided to make a Floatplane.com account with such a temporary mailbox service and a malicious party became aware of this, it would be trivial for the malicious party to claim the email in question and simply request a password reset.

There is an astronomical difference in the level of security offered by such disposable services and your typical mail providers. Disposable mailboxes will just give up an account for free. In comparison, any normal provider with a shred of common sense will require one to at least go through some hoops to get your password reset.
 
Floatplane does not "hijack" any session data. In fact, Floatplane has no access to your LTT Forum session data at all. This is the entire reason why you are redirected to linustechtips.com when requesting a connected-account link (to fetch and return an OAuth token), and this is the only way we are able to retrieve (very little) information about your account.

I'm sorry things aren't working how you'd expect, but I assure you that there is no issue with regards to security here.

If there is something we can take action on to make things better for you, please do let us know. As things stand now, this appears to be just a little misunderstanding.
 

I know about Tech Deals, but they're not the channel I'm referring to. If you look at the screenshot, the creator's name is "Potet," it just shows the TechDeals banner for some reason. I checked the creator list again and it appears they removed it, maybe it's used internally to test stuff.

No problem, and thank you both for replying on a Sunday, Yes, i can watch videos just fine when using the signin through the forum option on floatplane, just wasn't sure why I couldn't log in directly on the floatplane site itself when the details are the same, atleast on my end anyway. It's only a couple of clicks so not a problem going forward, just wasn't sure if I set something up wrong or whatever, but it's no problem if it's intended like this, thanks again.