Best ways to stop people leaking your game client side

I know of a pretty good and reliable website that offers DMCA takedowns called dmca.com. (I hope I don’t get reported for advertisement)
However, it costs like $200 annually, and I would not recommend for roblox games that don’t gain you much money.

Uh I mean, I am sure a game with 1K Players can make more then 4K USD per month.

(he isn’t saying roblox games don’t make much money, he’s referencing small games that don’t make much)

Most community games average around 20-50, and that is the high end. The most you’re looking for is like 5k robux a month. For projects like these, it’s just not worth going through all the hoops to take down a single game which hardly affects your own revenue.

I read about a Synapse X detector a while ago and that would be a simple deterrent against kids who buy it. Though nothing serious.

Still, if people grab my game nothing server side would be grabbed and they would be left with a useless game (maybe except for GUIs which are pretty simple).

Though most people who steal games don’t steal it for the scripts. They just take it for the models.

This is especially harmful for showcases, since they rely only on their models to generate joins. For these people, I think game leaking is a serious problem.

I think again, this is a case of not caring for it until it happens to you, since I never was really aware of it since I mostly code anyways. But it is pretty annoying to have people boasting about having your game.

It actually happened a while ago in a cafe where I develop. It wasn’t as bad, the people who stole it didn’t get many joins.

Main problem is them selling it to other people as models.
If they uploaded it themselves, you can just email roblox and they are pretty good at removing them. The big problem is if they start claiming it as their own work to sell to unwitting clients.

For this reason, I never buy prebuilt models.

If your game plan is executed properly, this really shouldn’t be an issue. There should be no additional steps to make it “more difficult” to steal. An individual can only steal what they can see (client side), even if they steal the game, if you’re game is a popular game, it should be quite obvious what is fake and what isn’t. You shouldn’t assets shouldn’t be stolen if it’s in-progress, usually assets are only available once the game is done and released. If an individual can steal your map and assets, then completely rewrite the game to the point where it outcompetes the game, I’d be worried what I’m doing (not to say that the person stealing the game is not at fault).

That being said, DMCA and Lawyers are probably the only things that can do anything. Just finish your game, show visual images or videos if you have to showcase it or to hype it up, and finally release it at the end. You should be expecting your game to do well, not poorly.

Yeah, I’ve outlined what you said in the original post. Most of the time, game stealing is not an issue, especially since they have very little way in accessing your server side scripts and assets. I suppose the main issue is for the people making showcases, since people stealing their models can then sell these models on to other people. Charging them money for someone else’s work.

Even though I agree that game leaking is a trivial issue, it doesn’t mean we as devs should not do anything to make it as hard for people as possible.

It’s impossible to stop people exploiting in your game, however, that doesn’t mean you should just not put in any antihack checks.

We shouldn’t have to do anything to prevent it. If I’m developing a game and expecting it to be front-page, I’m not going to bother trying to prevent people from stealing it upon release. I’m going to release it, get it to the front page and now stealing it will be pointless. Making a mess of your own game for the sake of it being more difficult to be stolen is not ideal especially if you’re trying to make a front-page game. If you look at professional development teams not only on Roblox, they keep their assets un-accessible until the game is released, they don’t take measures trying to make it difficult to steal.

Most games take time to build up the momentum to hit the front page. Many games never reach it due to them having niche audiences or if they are community games. And even front page games can have assets stolen and sold to unwitting clients who don’t know better.

Let’s say you have sensitive information in a module script you keep at rep storage. People will be able to take this if you don’t make sure that it’s mostly in the server side unless needed.

I for one believe in quality games, with little exposure, a good game would naturally hit front page. There are plenty of games that are front page from the spread of word. Now I’d have to say that while it’s true that those stealing assets and reselling are obviously up to no good, it’s partially that clients fault for not confirming where the asset came from.

As an example, today I was looking forward to purchase 6 models from an individual from a project that gave up, I went through the efforts to gather everyone on that development team to ensure that they are aware that assets are being sold, the original creator has given consent and nothing is free modeled or stolen. To those who are making larger deals should be signing contracts for potential court cases.

Sensitive information should not be exposed to the client? Can you give an example where sensitive information is exposed?

Again, this post isn’t about reasons why you need to hide assets from the client side to stop them taking it with exploits, but rather it’s about a discussion on ways that you can use to prevent asset theft, whatever the reason might be.

I for one believe in quality games, with little exposure, a good game would naturally hit front page. There are plenty of games that are front page from the spread of word. Now I’d have to say that while it’s true that those stealing assets and reselling are obviously up to no good, it’s partially that clients fault for not confirming where the asset came from.

Statistically, most games don’t reach the front page, no matter what their quality is. Some of the best games I know are from the nichest communities. Good quality, but too little exposure/ unappealing to the wider audience, example could be CoderQwerty’s Blood and Iron which targets a very small part of the roblox Napoleonic Community.

As an example, today I was looking forward to purchase 6 models from an individual from a project that gave up, I went through the efforts to gather everyone on that development team to ensure that they are aware that assets are being sold, the original creator has given consent and nothing is free modeled or stolen. To those who are making larger deals should be signing contracts for potential court cases.

There is always a danger that the models sold might be stolen, it’s very hard to find out. Majority of cases, people buying models just don’t. Either due to ignorance or they just don’t have the time. Again, I’m talking about the majority of cases, with this post being just a few ways of limiting asset theft.

Examples of stuff you don’t want stolen include, but not exlusively: what remote events you have, so they could make exploits to fire them. The data kept in module scripts. Models that can be stolen and sold, stealing the entire map to sell to someone else, leaking your game and making it public just to spite you, taking your game and uploading it into a free model.

It doesn’t really matter what reason you have of wanting to keep your assets private, the point of this post is to give a few suggestions and ways to do so.

I understand the discussion topic, however I’m arguing that you shouldn’t use these methods that are un-natural (excluding point 4 and 5).

A quality of a game isn’t dependent on a singular person’s perspective, while you may find it good in quality, some people may be expecting more from it. A quality game isn’t just visual aspects of a game either, it’s how the game is designed and meant to be played. Now I’m not arguing it’s not a good game in general, but I’m arguing that it’s not a good game specifically on the platform. (I’ve tried the game once and it’s not really visually appealing either which loses the interest of a lot of players as soon as they join). To clarify, when I said quality game, I meant for the Roblox Platform.

These are exposed regardless (without stealing the place, they can be exposed in-game live), proper sanity checks on the server side would easily prevent this. I’m not sure what “data” refers to but if it’s somewhere the client can access, I’m assuming the client needs it.

I’m going to make my concluding statement since I have to go now. Your points 4 and 5 are natural processes in the game development industry and are used from day to day and these are good points. Points 1 and 3 to me sounds redundant, it’d be as bad as obfuscating your local scripts. Point 2 is more reasonable and should be done in practice if possible. I will not longer be replying, I’ll just watch from now since I’ve already flooded the thread.

Lol, thank you for your input regardless.

Now I look at it, I think the first few points I posted are in relation to sanity checks. But I still think it is needed to educate devs on the distinction between client side and server side.

None of your points are in “relation” to sanity checks.

Neither do they prevent exploiting, injection can still happen and so can interception.

The advice/education you should be giving is not how to prevent “leaking” but how to remove what’s been leaked (contacting support/staff, DMCA - as you have covered, and other outlets).

As someone who has had to deal with security in a game with high potential security risk these are the issues with your points:

1. You are effectively ruining User Experience at a loss. This does not prevent interception through an injector and neither does it hinder it effectively. Your “RunService:IsStudio()” suggestion does not work either as this would not run during a studio session and if someone were to inspect your game within the game itself it would do no good either. Naming does nothing either as you can simply search for contents; but, what I mentioned earlier would make this useless anyways.
2. This also damages User Experience. The less reliance on the server you can have for the client the better. This should never be done and most things if used on the client should be in a container that replicates to the client. The more reliance you have on the server means the more likely that users with higher latencies will be stuck waiting for the assets to load for them.
3. This is terrible for User Experience and here’s the situation in reality: If most exploiters won’t be able to steal the game because of the amount of instances, it’s not because they can’t download it but it’s because they can’t load it in the first place. If the exploiters can’t load the place than neither can your users. This is the best way to look at this point.
4. Exploiters don’t publish the games they steal and when they do they don’t do it to make their own game. Plenty of exploiters steal off popular games because they contain contents that are valuable and that can be repurposed for other instances. Triple A Games also do NOT do this at all. Their security is just as good as Roblox’s. Also what you mentioned about Triple A Games being Open Sourced is for the most part to my knowledge - completely FALSE. They are not Open Sourced and if they were people would be taking valuable technologies from them left and right.
5. This is by far the only valuable and reasonable listing here. You can submit a DMCA to an individual given that there is enough legal evidence that this infringes on some property. Now, I am not a lawyer so I cannot go further than what I am legally educated of - this applies to you as well. You can raise the option and its existence but do not go further as to act as if you are fully aware of the workings and meanings that define this.

All of these ideas besides the last one (which isn’t even related to the other four) are terrible for User Experience and don’t resemble good advice; they resemble brilliant ways to destroy your Game and the User Experience of it.

When I see posts like this I am only left to assume that most developers are not aware of the potential and functionality of software used by exploiters (those that produce not copy and paste) and what do to achieve certain goals.

I myself can only speak to a certain extent and can only go so far. However, here is something to note for the future. Don’t attempt to prevent people from leaking your games: It is futile. When you see something of yours stolen immediately contact Roblox Support or a Roblox Staff Member on the DevForums - they are your best bet at resolving the problem.

You cannot stop the client from leaking the existing material. Game design prevents most of the stolen content. If you really had to secure that information, the client has to see the content. Memory dumps is one simple step of stealing games. This however is not immediately unnoticed and is very easy to tell if the game was stolen. DMCA takedowns should resolve the case.

or just dont bother and dmca everyone that’s using your assets and game for profit

I believe that in order to be good at defending your game against exploiters, you need to have good knowledge on how the exploits work also.

The majority of the exploits devs are currently dealing with in roblox are injector based, and the actual client stealing is done from the client side. Ie, all the stuff the game puts inside the local client.

Therefore, from my experience, by only putting the bare minimum (stuff which the client is ACTUALLY running at the time) into the client, you reduce the amount of stuff stolen. As exploiters cannot steal anything (at least to my knowledge) in the server. With this prerequisite in mind, I’ll evaluate your points.

1. You are effectively ruining User Experience at a loss. This does not prevent interception through an injector and neither does it hinder it effectively. Your “RunService:IsStudio()” suggestion does not work either as this would not run during a studio session and if someone were to inspect your game within the game itself it would do no good either. Naming does nothing either as you can simply search for contents; but, what I mentioned earlier would make this useless anyways.

You’re not affecting user experience at all by having a script which checks the owner of the game. Since, if the owner is the right owner, then the script does nothing, meaning the user is not affected at all. “RunService:IsStudio()” is just a way for the script to make sure it doesn’t act up when bug testing during studio sessions, making it an extra hurdle for hackers to go past. This is similar to renaming.
Now I understand that good scripters will be able to find these immediately if they were to look for it, it still filters out a chunk of potential hackers. Again, this is a suggestion for how to REDUCE exploiting, not to completely prevent it.

2. This also damages User Experience. The less reliance on the server you can have for the client the better. This should never be done and most things if used on the client should be in a container that replicates to the client. The more reliance you have on the server means the more likely that users with higher latencies will be stuck waiting for the assets to load for them.

Again, you miss the point of the post, that you ONLY spawn the models in when the players need them. Not that you keep spawning things in and out to lag the game. I am not saying you should completely ignore client side and have all coding done on the global. I am simply saying to not keep everything inside the client at all times, especially the things which the client does not need. I am suggesting to only put the bare minimum. For example, if a player is in a game, they don’t need to have access to a model 5000 studs away, so that model could be safely stored in serverstorage, replicated into rep storage when needed, and then cloned to client when the player gets close. This actually REDUCES lag as you reduce parts being rendered, though I have also acknowledged it could cause lag spikes as the player gets close.

3. This is terrible for User Experience and here’s the situation in reality: If most exploiters won’t be able to steal the game because of the amount of instances, it’s not because they can’t download it but it’s because they can’t load it in the first place. If the exploiters can’t load the place than neither can your users. This is the best way to look at this point.

I did acknowledge in the original post the implications of lag, but it is a balancing act. I did also say that the instances would be loaded in after the player joins via scripts on the client. If they were put inside the replicated storage, they would not affect the playing of the game much, as they aren’t being rendered anyways. However, the moment that the game is about to be stolen, they would all cause the exploiter to lag trying to download it, increasing the filesize they need to download.

4. Exploiters don’t publish the games they steal and when they do they don’t do it to make their own game. Plenty of exploiters steal off popular games because they contain contents that are valuable and that can be repurposed for other instances. Triple A Games also do NOT do this at all. Their security is just as good as Roblox’s. Also what you mentioned about Triple A Games being Open Sourced is for the most part to my knowledge - completely FALSE. They are not Open Sourced and if they were people would be taking valuable technologies from them left and right.

Again, this has been acknowledge in other points. The majority of devs facing this problem is exploiters stealing their models/ scripts, and selling it off as their own. If you’re untrusting of companies having open sourced projects, just take a scroll at Unreal where you could literally take any code and edit it as your own.

5. This is by far the only valuable and reasonable listing here. You can submit a DMCA to an individual given that there is enough legal evidence that this infringes on some property. Now, I am not a lawyer so I cannot go further than what I am legally educated of - this applies to you as well. You can raise the option and its existence but do not go further as to act as if you are fully aware of the workings and meanings that define this.

I am assuming you’ve never filed a DMCA. DMCAs cause so much hassle, and they cost money that many developers simply don’t have or unwilling to afford. As well as this, the legal repercussions cause so much strife too. I acknowledge that Roblox does a great job at answering emails and taking these down. And that is why this last point is put last, because it is a last ditch if the exploiter did publish your full game. If they are just selling models, roblox can’t do anything.

Overall, I thank you for your reply, but such things aren’t as easy sometimes. DMCA’s are often advised by lawyers to only be used as a worst case scenario, due to the hassle they cause. Going against exploiters is very useful, and not useless. Just because there will always be that one person who can hack your game, it doesn’t mean you should do absolutely nothing to protect your game from hackers.

Similarly, just because exploiters can leak your game, it doesn’t mean you should make it easier for them to do so. Of course I am against protecting your game at your user’s expensive. However it is important to take an objective view to balance out the pros and cons of each method, and doing what suits your game.