Following our beta, we’re launching Device Blocking via the Ban API, which allows you to restrict disruptive users at the device level. This feature is available to everyone today.
Based on your feedback, we know account bans alone aren’t always enough to stop persistent bad actors from returning on burner accounts. By using device-based identifiers, you can implement a powerful friction for ban evasion and keep your games safe.
How It Works
We’ve updated the BanAsync engine call to include a new field ApplyDeviceBlock. When executing a ban, you can now toggle device blocking on by setting the field to be true.
When you ban a user who is currently connected to your experience with the field set to true, you’ll also block the device associated with that user from rejoining the experience. This serves as a deterrent preventing bad actors from immediately rejoining an experience on a new account from the same device.
Known Limitations
While you’re free to use the Device Blocking feature as you see fit—provided it abides by the Roblox Terms of Use and Community Standards—please note the following constraints:
24-hour limit: This measure is currently set for a 24-hour period while we evaluate how creators use the feature. We may extend how long the device ban lasts in the future.
Device limits: This currently only blocks players using desktop (Windows and MacOS) devices. It does not apply to mobile or console devices.
Account isolation: This action does not propagate the ban to the blocked account.
Unban behavior: Unbanning a user via the Unban API immediately overrides any active device block associated with that user’s device, allowing them to rejoin the experience.
Check out the full API documentation on the Creator Hub for detailed syntax and technical specifications.
However, I don’t exactly see a difference between a device ban and just banning suspected alternate accounts, as I believe alt accounts were already detected through the device itself.
I think clarification is needed about the actual difference here, as it could clear up some misconceptions regarding the alt account detection that we’ve been used to since the Ban API was originally released.
There are a few key problems I can think of immediately after reading this. Users who share device, such as having siblings or being at a computer cafe, will be hit hard by this. In addition, if a bad actor really wanted to join the game, they could always swap devices, use virtual machines, emulators, or other methods. Despite the downsides, it’s not all bad in my opinion. This will make it harder for bad actors to evade bans. With all this said, this should not ban accounts with history, like playing games and owning items, just because an account on the same device got banned. An alternate account would have little to no history.
This is a very good feature and I hope that the device blocking capability has built-in measures to make it hard to bypass, similar to a lot of top competitive games outside of ROBLOX.
A lot of cheaters/rule breakers use “HWID spoofers” or other various software to modify their device and work around these bans.
As long as this new device blocking capability is resilient these types of software, then it will give a lot of peace of mind to developers knowing that a device ban is “truly” a device ban and can’t simply be worked around by clicking a button to spoof something.
this is a great change, but making sure that the device bans apply to mobile devices as well is most important, because most bots in games are running in buildings with thousands of phones at once, and making sure that devices are banned could really make an impact in the bot problem on roblox
overall, good change roblox
My game desperately needs this feature as our moderators are completely overwhelmed by reports and players inundated with bad actors, and the limitations of player needing to be in game, and on desktop, and a 24 hour limit makes this completely unusable for us. Every piece of that makes it useless. How much effort is put into lifting these?
Will this be coming out to the Open Cloud API? It may already be, but I don’t see anything documented about it in the Bans documentation.
It also seems like BanHistoryPages doesn’t show if the current ban has device blocking applied, which can be a little annoying - same with the Open Cloud API not sharing if it does.
The Creator Hub ban panel also does not have a way to enable device blocking via users. This means if I want to ban a user with this, I now have to do it in game and run some code.
My main question is, if someone were to use this and they are on a device that is not currently supported, are they still banned in the same manner that precedes this update? Or does it not ban them at all, aka, “fail”.
Also, FYI, to those who share devices with others, don’t share it with someone who will probably get banned cause they don’t know how to behave
Very nice update! I’ve been waiting for a feature like this to be finally added to the platform.
Although, what would happen if a user that gets banned has an account in that device thats linked to somebody else and they don’t use at all? I’m assuming that this unrelated account would also be banned from the experience on that device, but would they be able to play on their main device or they get banned overall?
I use BanAsync to keep cheaters out of my game. When my servers detect a without a doubt exploiter, they are instantly main + alt banned from playing my game. Despite including alts in my BanAsync calls, it never seems to stop any of the alt/bot farm accounts that rejoin servers and keep cheating.
It’s a common story exploiters tell us themselves, that all they do to bypass a BanAsync ban is just log into an alt from some farm of them. The only stories we ever see of alt-included bans actually having an impact is when users verify that their siblings accounts were indeed cheating, and now they’re banned as an alt.
When will this be increased or ideally removed? because I don’t know how I’d ever gauge if this is effective in my game or not if it only has a 24 hour window. We’ve managed to catch a lot of tragic ban cases all without making a serious dent in real cheater issues with BanAsync.
It sucks that its taken years this system to get any improvements, and as a developer it’s frustrating having to keep waiting for something we’ve been needing for a while, to live up to its promise as a critical civility tool for our games and communities.
I think this will be a great addition to our Ban API implementation for the anticheat system of our games. If a device is compromised with exploits, banning the device is a good approach.
The 24hr limit is indeed not suitable for us at this time though.
In my experience, users with siblings and the such already suffer from the “Ban alternate accounts” option (or whatever it’s called) in the ban menu.
In all reasonable measures, it is not possible for Roblox to determine the difference between a sibling and an alternate account. If you are banned because your sibling messed with a server you play, that’s on your sibling.
Is the same method already used by the alt ban toggle when banning users via the Bans dashboard on the game page? Either way, this is some good news for creators for once.
Unban behavior: Unbanning a user via the Unban API immediately overrides any active device block associated with that user’s device, allowing them to rejoin the experience.
After banning and unbanning my main account, I’m now locked out of my game. There’s still some sort of ban applied, even though there isn’t.
thanks for this