"Auto Open DCC Window" Preferences Should Be Disabled By Default

[Havvy]

These settings are enabled by default, allowing other people to force open popups onto your computer that take frontal focus from whatever you are doing. Given multiple requests in a row, this can lead to a denial of service of using the computer since the popups come up again when you close them when another request is made, and if an attacker is spamming you with DCC requests.....

In any case, just having the DCC request pop up over whatever you were doing is an annoying default even without the DoS. Sure, it's easy to turn off once you know about it, but that means looking for settings to disable, which is not something most people do.

[TingPing]

I think having a dialog popup is extremely useful for any new user, a simple message saying "Nick has offered 'file'" is very unhelpful.

One thing that should certainly happen is flood detection should work, glancing at the code it should detect CTCP flood but in brief testing it did not.

The other thing that can be done is if a gui dialog is autoopened for the first time we can have an extra prompt with the option "Never open this again". Would that satisfy you?

[Havvy]

If the word file was a link that opened the dialogue, I think it'd be helpful enough. Would probably have to also cause the tab to highlight like a private message though.

Does the CTCP flooding detect if it is happening by multiple bots all at about the same time? That's what was happening specifically in my case earlier, though I can imagine it would be possible to do the same with a single account.

I wouldn't make an extra prompt for asking "never open this again", but have it be an option somewhere on the dialog. Whether it is only shown the first time or every time doesn't matter too much.

If you were only trying to satisfy me, I'd argue that you should remove all DCC features, since I want an IRC client, not a file sharing client. Though honestly, I don't think most IRC users know what DCC is, and those who do are generally smart enough to look for a way of enabling it. I can almost guarantee you that the DCC dialog causes more confusion than it solves being auto-enabled by default, notwithstanding the security issue.

Likewise it might help to rename "Network" to "DCC" in your preference categories, as from what I can tell, all the settings in there are related to DCC. Should I file another issue for that?

[TingPing]

Does the CTCP flooding detect if it is happening by multiple bots all at about the same time?

No it goes off of nicks, but there is flood detection for private messages that will stop opening new tabs if too many are opening too fast from different nicks, the same logic may work for dcc dialogs.

I'd argue that you should remove all DCC features

I am also not a fan of DCC but obviously that can't be done.

Likewise it might help to rename "Network" to "DCC" in your preference categories, as from what I can tell, all the settings in there are related to DCC.

Proxies are not for DCC only, but some things from Network setup could belong in File transfers.

[7Two1]

I think having a dialog popup is extremely useful for any new user, a simple message saying "Nick has offered 'file'" is very unhelpful.

Agreed +1

Maybe add a checkbox "Thanks, if i want to see this dialog again, i will enable it in the settings [x]"