Ability to identify device a user is playing with by unique ID

As a developer, I want to be able to recognize the specific device a user is playing with for analytics and moderation purposes among other use cases (see below for full list). This feature would allow me to see when a user joins the game on a device that was previously used by other user(s).

How would this work?

When a player joins using a new device, the Roblox engine would generate a random string that would be used in place of the Device ID, a UUID.

Safety of Users

Of course, I see user safety as being quite important; but if the IDs are anonymized, then it would be incredibly difficult to reverse engineer and exploit. A random identifier should not allow for geolocation of the user or otherwise reveal personal details of the user.

What use does this have?

It could be useful for…

  • Data Sharing
    Steam has a unique feature where you can share games tousers with the same computer. You could do somethingsimilar with purchases on the developer’s side.
    E.g. User A, playing on Device 01 purchases a backpack.User B, who is User A’s brother and also playing on Device01 would also get access to the backpack, despite not havingaccess to User A’s account. This could stop lots of cases ofaccount sharing among shared computer users.
  • Statistics
    With this system, you could be able to see what % of usersplay on the same devices, this could be helpful in rooting outaccounts that are trying to mess with a game’s analyticaldata.
  • Moderation
    I’m aware Roblox has it’s own moderation system, however,many games (such as Roleplay Games) have rules and banusers for breaching these rules, and these offences are notagainst Roblox’s Community Rules.
    Several times users have abused alternative accounts to trollrepeatedly at a game. If a large game banned devices if thatdevice had like 3 or more bans given to that device ID, Ibelieve that a large portion of trollers, exploiters, etc. woulddisappear from large games; this is good as many usersmay have a bad taste in their mouth about Roblox because ofthese users who ruin the experience for others.
  • Age Limits
    Many community games have account age requirements tostop ban circumvention; these are against the Roblox rulesbut users still implement them because there is no better wayto stop people from joining on new accounts. I believe that asystem like proposed here could reduce the number of timesage limits are used, which provides a better experience for new users.
20 Likes

As someone who created and runs a popular game full of cheaters left and right, it is currently impossible to reliably restrict access to a player who has broken an in-game rule. As of right now, the best we can do is ban a UserId, which absolutely does not prevent them from simply making another account and playing on there, albeit with a fresh start, which does deter some people, but many just continue playing on another account under the radar.

The property could simply be a read-only Player.UUID, and would be generated server-side using a highly confidential algorithm based off a combination of the player’s IP and MAC addresses. This feature would be of tremendous help to game developers who work to keep their game safe and fair, by drastically cutting down on many bad players looking to evade a ban.

This may have potential security flaws that I’m not realising, but from my point of view the idea seems pretty rock solid in terms of security of privacy, at least as long as the algorithm is kept top secret.

4 Likes

I think a UUID generated from Hardware IDs and MAC addresses would be sufficient for a feature like this.

I think Roblox should also implement some sort of Hardware Detection themselves, so that even if an exploiter makes a new account, they’d be smacked with their device being unable to play Roblox, regardless of what they replace inside.

Call of Duty: Modern Warfare 2019 has a similar system put in place now after cheaters in Warzone got severe, and the way they have it, is even if you buy a new component, you’re instantly-banned on whatever new account you make - HWID spoofers can’t bypass their poison ban either.

2 Likes

Roblox already uses HWIDs and MAC addresses internally for helping to identify people abusing multiple accounts, it’s how exploiter banwaves can identify people’s real accounts.

1 Like

So they already do this, but it’s not as soon as you’re caught, you’re done for.

It’s only during banwaves. Gotcha.

1 Like

Since I got a message asking if I ever found a solution to this, the feature request has been solved by BanAsync.

Just leave ExcludeAltAccounts to its default of false (note that on the Creator Hub interface the Apply ban to all known alt accounts field is unticked by default, so the opposite of the engine API)

I know from experience that this measure is effective, much more than anything a developer could implement.

The other elements of this feature request, like sharing (similar to Steam) and statistics, weren’t very relevant at the time and still aren’t today.