gpt-trainer.com already has this. They also have a lot more features, and their team is a lot more responsive. I highly recommend checking them out.
ki β’ 11 months ago
That doesn't work correct for me.
If I insert my correct domain or a wrong domain (within the bot settings), in both cases it reacts the same way. It displays the message, that the Firefox can't open the embedded page and ADDiTIONAL it displays a button "open page in a new tab". If I press this button a new tab is opened, with the chatbot conversation window. Conversation is now possible.
So there are 2 problems. 1 it reacts the same way for a valid domain and a nonsense domain. 2 in both caes it opens a new tab whre I can interact.
Dhananjoy Biswas β’ 2 years ago
thank you everyone, it's live now! https://discord.com/channels/1051448243185262643/1053597141983047731/1151408166794440765
Dhananjoy Biswas β’ 2 years ago
Relevant comment from discord from @DigitalArt, which I think is very convincing as to why we should prfioritize this,
> I think there is the mistaken belief that these chatbots are only being used for customer service and sales, which is not at all the case.
> > "I don't believe domain restriction is actually very important from a security / practical point of view, because, it's very unlikely that someone else would benefit from your chatbot, because it's trained on your data and not relevant to others, and you can restrict it to talk about outside of your company." @dhananjoy
> I want to use them for teaching and facilitating experiential learning on various topics and make them very useful as tools in general. This will make them very desirable and prone to others "borrowing" them for their own sites. This is also why I want the ability for end-users to be able to input their own API keys so they can use them as much as they want without it running up my own tab with OpenAI.
Dhananjoy Biswas β’ 2 years ago
Hey @bharat, in this case too, isn't user restriction is the bottleneck here compared to domain restriction? Trying to understand how domain restriction alone can solve this, or not having domain restriction can worsen this.
I do agree that in this case, there must be a way for a "protected" kind of access - and from your message it feels like we should prioritize implementing some form of user/access-based restriction even before domain restriction?
bharat β’ 2 years ago
Being able to secure where a chatbot can appear/work from and who can access it or not is very critical to many of my use cases.
Some chatbots will be paid public use chatbots so in just that use case non-paying users should not be able to access it.
Another use case is where years of research personal development research has been refined into concise information and exercises which when used as a data source where the user message has a specific prompt applied to it creates a specific introduction and exercise for the user. Such a chatbot has to be restricted to a domain, ideally a URL, and somehow also to a purchased login.
Another use case is for a company who has years of internal research and processes which can provide specific solutions to some members of staff. So again, domain and user restrictions are required, as well ensuring it's only usable within the company.
I could probably write and also think of other user cases but in brief, domain, URL, login, and payment access restrictions should be implemented.
P. M. β’ 2 years ago
I agree with Lance on this. There are many chatbots I am training that go way beyond sales and customer service uses that I continue to keep behind a password-protected page only because I don't want them copied onto other sites. This security issue is keeping me from monetizing the chatbots via ads on the page where they could otherwise be freely used with the lower-cost AI models, including GPT-3.5.
I also want to provide an option for people to pay a low monthly fee to use certain chatbots, but to be able to input their own API keys so they pay for their own usage; and so if they want to drive up their OpenAI tab using the superior GPT-4 model, that would be their choice.
I think re:Tune staff are doing a fine job in many ways, and so I hope everyone keeps that in mind and takes a moment now and then to acknowledge their efforts and to encourage more than criticize.
Lance May β’ 2 years ago
DJ, your assumption there seems to be that the content of a bot would be open, public knowledge or superficial domain knowledge for your business. This eliminates a significant amount of the potential in these bots. For instance, what if I wanted a bot that would act as a chat game, accessible only to paying customers? What about an internal corporate knowledge bot with trade secret embeddings that should only be accessible internally, but gets leaked? If all I'm ever going to use this for is Bob's Lawn Care knowing what service area and prices looked like, great, but other than that, this limitation is stifling. I'm certainly not telling you how to run your business, but I also doubt that you are interested in blocking large amounts of use cases for your product.
channinglemar β’ 2 years ago
@Jeff G I agree. I think it is the unlimited everything. They are shipping fast but handoffs and other features many tools have are on the roadmap. A little weird.
Dhananjoy Biswas β’ 2 years ago
I wanted to share why we haven't prioritized this yet over other improvements that we are working on.
I don't believe domain restriction is actually very important from a security / practical point of view, because, it's very unlikely that someone else would benefit from your chatbot, because it's trained on your data and not relevant to others, and you can restrict it to talk about outside of your company.
That said, I know the internet is full of weird creatures, and yes, I do entertain the possibility that some bad actor or hacker might use your chatbot to simply abuse it, without being benefitted from it. However, even in that case, implementing domain restriction is not going to save - because domain restriction can only prevent someone else embedding in their website. It can not prevent someone (ab)using your chatbot with a script or from code.
For that you need rate limiting, which we have under your Chat > Limit section so you can limit the number of threads and messages, and we will gradually add even more advanced ways to rate limit like by IP address, token usage or cost.
That is why, instead of starting with domain restriction and offering you guys a false sense of security, we started with implementing some form of limits first that you can configure to protect yourself from unwanted usage, and working on implementing more ways to control usage and cost.
ipokorni β’ 2 years ago
This is top priority!
Lance May β’ 2 years ago
I agree that a whitelisting of domains is necessary for many aspects of retune's use. While it might not make sense that someone would want to hijack a customer service chat bot from an underwater basket weaving agency, if it were a kb bot on a popular software, an entertainment bot that was fed celeb data, a general purpose bot that's meant to be a perk to a site's patrons, or even a jailbroken bot from UBW, Inc., I could see a lot of appeal. If this is not already implemented, I have to agree that this should be a security-centric top priority. Otherwise, as soon as you get a customer with a successful implementation, you'll either lose that customer, get a big knock on Trustpilot, or at the very least, lose a lot of cred in this space.
Jeff G β’ 2 years ago
Donβt comprehend how people give 5 stars to a platform that lacks basic features
waleedasad00 β’ 2 years ago
I cant imagine that its not already there. Currently, anybody can copy our code and use on their website and we lose money
jeff β’ 2 years ago
100 % agree with @dwayne!!
alfa2net bea β’ 2 years ago
should read specific Domains (plural) as i.e. Vimeo has with their videos
alfa2net bea β’ 2 years ago
imagine your chat being embed on an abused site with thousand asking anything and you just losing $$$
Wrisha Ghosh β’ 2 years ago
@dwayne it will not be on by default, you will be able to configure it
dwayne simeon β’ 2 years ago
This doesn't make sense as it will prevent the ability to sell chatbots to others