A Developer’s Guide to Privacy and Private Information

Hey everyone,

This is a quick tutorial on how to employ useful methods to manage your online privacy and reduce the likelihood of manipulation and/or malicious behavior as a result of information leaks.

Note: This is not a guide to the fundamentals of online security (an excellent guide is here: A Noob's Guide to (Online) Security). This is specifically tailored to the ROBLOX Developer experience and does not take into account other platforms that are extraneous to the general Developer experience).

How Should I View Information?

With the exception of publicly visible information on the ROBLOX platform (username, UserId, bio content, etc.), it is important to understand that all other information is private to a degree. This includes information that is commonly considered public, such as Discord usernames or ids. Even this information is private, however, many developers freely publicize such information for benefits such as increased connectivity, networking, etc. Nevertheless, all information should be approached in this manner to both maximize security, your own safety, and increase general awareness.

I generally classify all private information not immediately accessible on the ROBLOX platform as either: public, semi-private, private, and critically private.

Levels of Information

  • Public information is private information that developers freely introduce or share to the public. Furthermore, developers are content if this information is shared amongst members of public or in circles that the developer does personally know about. The best examples of this are on DevForum threads. These often include: discord usernames, social media profiles such as Twitter, reddit usernames, timezone, etc.

  • Semi-private information is private information that developers do not freely introduce or share to the public, but may be commonly known within communities that the developer is active within. Furthermore, semi-private information should be information that a developer may be surprised if a random person knew this, but it would not really bother them. Examples of this include: academic level (ex: whether the developer is in middle school, a high school graduate, etc.), accounts on supplementary sites such as YouTube, Imgur, etc.

Note, the following categories can vary massively depending on the developer. Some developers are comfortable sharing all the information I will list as examples, while some are comfortable sharing none of it.

  • Private information is (obviously) private information that a developer chooses not to share. This varies tremendously depending on the individual developer. Some developers are comfortable sharing their first names and may even classify the information as public, while to others this is private information. Often times this information is more personal in nature and only shared with close circles if at all. Examples of this are difficult, as it depends for each person, but often include: first name, age, country (or region) of residence, etc.

  • Critically private information is a private information that can often lead to the identification of the person in real life or bears significant consequences if it were to be public. This is fairly self-explanatory and examples include: full name, school name, email, address, cellphone number, identifying hobbies/activities, etc. It goes without saying that anyone should be extremely careful and carefully think through revealing information of this nature. The propagation of information or origin of any information that eventually makes its way to other parties almost always comes from the developer - so be careful and considerate about what information you choose to share!

A quick note on IPs

An IP should not be considered critical information – this is just a piece of information attached to your network. Often locations gained through IP resolvers are general and inaccurate. Anyone with this information is likely looking for you to confirm that the information is correct from your reaction. An easy strategy is to simply deny any information they present you.

You live in Seattle!
No, I don’t
Well I checked your IP and it says you do!
Noob, it’s 2020 and you’re still resolving IPs – grow up, we all know that’s an ineffective and inaccurate piece of information!

Still, be careful what you are clicking and downloading!

Why is this important?

It’s important to understand to consider how private certain pieces of information are to each developer before a potential situation arises where information is inadvertently leaked. Some developers avoid this by being more public than private, and include private or critically private information (from the perspective of some developers) in public situations such as the DevForum.

Here's an Example Portfolio

Hi everyone!

My name is ExampleMan123 aka Dan, I’m a 20 year old computer science student at MIT.

I am a member of the robotics team and thus have a huge interest in programming anything related to ROBLOX physics system.

Please feel free to contact me at Example#0000 or Example@email.com

This is not an uncommon portfolio to see and it allows ExampleMan123 the security in being able to control the information that is available to the public by releasing it on his own terms. ExampleMan123 will never have to worry about a shady character approaching him with a message like:

Shady Message

“I know your name is Dan, you’re a student at MIT, your email is Example@email.com and if you don’t give me one million robux I’m going to leak it!”

ExampleMan123 can just say “Go away noob, that information is public!”

However, not everyone views private information in this way or is comfortable publicizing it and that’s okay too. This is why it is important to categorize private information before a shady character approaches you. Many developers will panic if a shady character approaches them with the above message if they haven’t properly categorized their private information.

A developer might react without thinking and only later think “wait a second – my name, academic institution, and email (at least to me) isn’t really a privacy lapse. I’m not that bothered by the fact that they knew that – oh no! Why did I pay them one million robux!!”

The reason a developer might react and give in to some pressure exerted by shady character is being they are suddenly and unexpectedly presented with the realization that someone they do not know or do not trust with their information has access to it. This generally prompts an emotional and/or sudden reaction that causes the developer to react as if all of the information presented is critically private.

So what should I do?

Categorize your information so that you can both be prepared if this situation happens and be able to neutrally and rationally assess how bad of an information leak this may be!

Why is this Important? x2

Every developer wants to hit it off big, launch a front-page game, have a studio with thousands of members in their Discord, become Twitter famous for their creations, etc. The more a developer rises from obscurity, the more people will interact with your information in some capacity. Many developers fail to realize this or expect that a situation where they must guard their information only occurs when they make it to the front-page.

Not true! Information should be guarded at all times, developers should always be aware of what information has been exposed to what groups of people, and how a developer values certain pieces of information. Shady characters exist in communities of any size and the worst thing you can do is fail to prepare for an encounter with one (although if you’re lucky that will never happen).

So take steps in advance! Reflect on your private information, assess what is public and what is not, and practice good information safety habits! There are plenty of great resources around, but ultimately it is your responsibility to be the best guard and manager of your own information.