No bug Devices - what is it?

Hi Ruud,
I am so sorry for spamming here. This is not urgent question at all.

I see two menu items: Devices and Device Confirm Page.
I've created Devices and see "No devices found" on the front-end. 
I could not find any mention in the documentation.
Can I ask what is this for? 
Just curious to understand how to use this functionality. 

Regards,
Eugene

Hi Eugene,

let me explain:
every customer has a download key with which he can configure the Joomla updater on their site to authorise this user for the download of the extension. So basically the download key is sent to your server and your server uses this download key to see who this downloader is and if he is authorized for the download of the new version.

This works great, but also has a potential risk (especially for you as extension developer): anybody who gets a hold on this download key can use it to download extensions (that this key gives access to) from your site.

Ever wondered how these 'black' sites get their extensions from your server? This is how they do it: the download key gets shared with them and they can download the extensions / updates etc.

I had a customer who had an external party log in to their site and do maintence: they copied all the download keys and sold then on these black sites: there is value in these keys...

So enter 'Device and Devices' in ochSubscriptions.
What this does is enable two factor authentication on these download keys: plain and simple.

When a customer adds a download key into their joomla site and execute an upgrade: the upgrade is stopped, a mail with an activation code is send to this customer for the device he used the key on. Clicking the activation link will activate the device and on a next upgrade attempt: the download will succeed as the device is authorized.
This renders the download key useless as it can only be used on the customer his devices (servers).

in the front-end (and back-end) the customer has an overview off all his devices: he can delete, enable, disable them or give them a meaningful description.

an other use case for this is that agencies now can share the key on client servers: so as long as the client has a contract with them they can use the download key to update their servers. as soon as the contract ends, the agency can remove the client's devices and the download key cannot be used by this client any more.

basic configuration for this feature is done in configuration tab Files.

here is a blog describing it for my customers:  onlinecommunityhub.nl/best-practice/new-...-extension-downloads

As always, these features are described in mails I send to all active and previous subscribers to my extensions. You must have missed it.

I will add this also to the documentation

Wow, thank you so much for such detailed explanation, Ruud! I will investigate this question more attentively and do tests.
Indeed, this is an actual functionality to prevent "black" sites get updates and pirate the software.

Thank you.

it is, unless the customer activates the black sites ip addresses...

but a better defense then this is IMO not possible without the trustworthy customer going crazy on the counter measures