Clarification on code flagged for safety review

In fact, here’s the group. Official Group of Roblox - Roblox

I hope they disabled IsInGroup() on that group, though. If not, then that’s pretty exploitable.

Yeah, agreed. That, or hopefully it’s a collection of the public admin accounts and not the ones that are used to do moderation.

When you say if the code is your own, does that apply for using free models or .rblx files? What about internet tutorials?
I am also concerned that there is not anything mentioning accidentally getting a bad free model. Shouldn’t the person who uploaded the bad model be dealt with, not the victim that got it.

This update seems very concerning.

I’ve been programming for more than 7 years, and the majority of my projects including commission contain very sensitive data, API keys and HttpService in which that I think it’s important to monitor to ensure my own security on these games.

Few questions that I would like to clarify though;

• Does this script moderation when published and free under Developers Library?
• If not, then why should I trust you my code with your “specially-trained” team? If this code is not yet published or publicly shared, this means that code is my privacy and you’re intrusive to my privacy.
• If the moderation does apply on published and non-published codes, will it moderate a developer over age(s) old scripts that we may not be aware?
• Even if it were to be published and publicly shared, would sensitive data with clear explanation as part of the gameplay be moderated? An example from @wevetments response;

local StringForRoblox = "Hello, \n I saw you the other day entering your house. Your address is 2008, Blox Street, Robloxia. I'm going to ask you to send me Robux, if you don't do this within 24 hours, I will kidnap you and your family. Your timer starts now!"

Players.PlayerAdded:Connect(function(Client)
    if Client.Name == "Roblox" then
        Remote:Fire(Client, StringForRoblox)
    end
end)

These implementation is still restricting developers from creating their own games, even at the most basic level.

Where’s the thumbs down button? Ahh, transparency.

This feels very oppressive. I do not feel comfortable sharing tokens with individuals whom I’ve never met in my life.

Your poll might be misleading here. I personally don’t consent to people viewing my code outright, but I do consent given certain boundaries. So which option do I choose? The middle ground that I’m taking might not be represented well here.

From what I’ve saw, all the younger developers refer to the toolbox for scripts anyway, so God knows what purpose will this serve because I don’t see much people happy about it.

With this announcement comes my permanent departure from development on Roblox. It has been a great run, and I’ve had great fun developing some games that I never even thought would be possible on Roblox, such as the game pictured below.

image1151×767 1020 KB

However, when it comes to invasion of everyone’s privacy by having an automated system (that will likely be flawed and overly strict, considering how the chat filter works) pointlessly check every PRIVATE script that LITERALLY NO ONE BUT THE DEVELOPER SHOULD BE ABLE TO READ, and then passing them off to a “specially-trained team” for “manual review” that we just have to trust (when we can’t even trust asset moderation to approve game assets half of the time), I think that there’s a line that needs to be drawn. I simply cannot continue putting out games on Roblox when ideas like these are somehow approved and thought of as useful at all.

Roblox has already betrayed my trust and at this point I don’t even care if Roblox backtracks on this, as there’s no guarantee that it will not be the exact same story next week, next month or next year. It makes me feel like I am doing something wrong by developing on Roblox when oppressive anti-developer decisions such as this are actively being made.

This does feel like a violation of privacy, even if Roblox is within its rights to do so. There is little to no basis for moderating source code.

And if this “specially-trained” group of moderators could mess up so badly (taking down a game for a secondary chat filter) one has to wonder how well-trained they are.

im so close to quitting roblox rn

I look forward to a response on this.

Can’t wait for the free model republishers from 1 to 4 years ago to get banned because the model had a backdoor and they didn’t even knew what is a backdoor or that they had one.

I agree with everything you said completely. I had just recently started to put together an external API for a game. Due to this announcement, I have stopped working on that until I have a more secure solution to store keys and endpoints. I and many other developers are not comfortable having some Joe Blow that Roblox hires view our source code for no reason. If this moderation system only applied to public plugins and open sourced assets I would be okay with it, however it doesn’t seem like that is the case, especially when Roblox hasn’t replied to any of the feedback this announcement has received.

This announcement is disheartening and worrisome at the least. I hope Roblox will listen to developers this time and come to a better solution.

While I recognize Roblox has no ill intentions with this policy, I think we need more clarification as to why it’s needed. As brought up above by other people, there are huge security issues associated with the existence of this feature.

Imagine if someone working at Roblox unrelated to the development of Roblox’s web backend or engine could snoop around and view all of the private database keys. There is some understandable discomfort associated with that.

I guess one thing people here haven’t considered up until this point is that Roblox has backend access to all our places/code and their contents, albeit under intense scrutiny, but its there nonetheless.

Like @crazyman32 suggested, I think there should be some sort of secret storage API so that Roblox’s snooping tools deliberately clear them out before allowing them to be analyzed by humans.

If it’s my code, in my private game, I should be able to write whatever I want in my code.

When it comes to places that are accessible by others, there are still issues as said before.

• I shouldn’t have to be scared to define variables under names that may be flagged even though they have everything to do with my game and nothing to do with someone’s personal information.
• What about the privacy of things like API keys?
• How can developers be expected to just trust this “specially-trained team” when we know nothing about them, and have consistently seen issues with moderation on other content in the past?

Based on Section 13 of the Roblox Community Rules, “Offsite website links, services, and additional 3rd party content are not permitted on Roblox with the following exceptions: YouTube, Twitter, Twitch.”

If developer code is subject to these restrictions, then any game using an external analytics service or web server is technically in violation of the Community Rules. In other words, many of the top games on the platform can immediately have their proprietary code sent for review and have potentially sensitive API keys and other data leaked. Will this happen? Probably not. Nevertheless, the possibility of moderation abuse is very high and this policy, in general, is rather alarming.

I’m sorry, but no. I think this is probably about as invasive as you can get. If I’m writing server-sided code in a non-team-create game then I fully expect to be the only one reading said code.

The increasingly ridiculous moderation on this platform is giving me an intense desire to move on to other things. Maybe I’ll try my hand at Unity or the Unreal Engine.

Looks like I’ve gotta censor myself in my own closed-source code.

I 100% agree with @Maximum_ADHD and @Crazyman32 both. and a bunch of others.
But when it comes to my code, I don’t want to have to worry about moderation while writing. I already have enough to worry about when it comes to making sure my code works with my other modules and whatnot. – not that big of a deal, but would be quite annoying.

My biggest concern (which from what I’ve read is a lot of others concerns too) is security; Clone mentioned Roblox has access to all of our data anyways, I imagine that is slimmed down to those with high power within Roblox Cooperation(At least, I’d like to think so).

But when @Roblox trusts their developers so little that they have to add something like an automatic code checking system that could lead to flagging and causing a team within Roblox to check out our entire code system. To make sure we aren’t using discriminatory language or personally-identifiable info? Seriously? It’s not like I’m going to post my code on youtube and be like “Look what Roblox allows me to type in their studio!”

Hell, this may not even have to do with trust; Don’t get me wrong. Take safety precautions, and especially with all of the super shady developers which Roblox does have.

Possibly, if it’s really that much of a concern, may I recommend emailing the said developer and requesting access to their code or something of that sort. I don’t feel it’s right for something like this to be a thing honestly. I am the only one that ever sees my code (Outside of maybe teamcreate). In my opinion this should not be an issue. But obviously it is.

Don’t get me wrong, I don’t write anything discriminatory towards anyone or anything; but still, the Roblox chat filters things such as Butt… so, If I write the word Butt in my code will it be flagged?
but I have big plans for games here on Roblox, and If I get a banned or even a warning because I use something like

local Birthday = {Day = “5”, Month = “September”, Year = “1998”}

I honestly may take my programming elsewhere. I love Roblox, I have since I was 10 years old. Been here 11 years now. Roblox is the biggest impact I have had on my life and I’d hate to leave over something like this. It would be on me, right; But I don’t want to feel worried that I may get banned about something as little as things (again) within my code that only I can see.

I’ve said what I said. Agree, disagree; Whatever. I feel this is wrong.

Edit:
Just think about it; What if someone within the “specially-trained team” decides to take advantage of this situation, make a fake account, take said code and upload it to a game to profit off of. This is easily a possibility. Plus not only that, Our code could easily be sold or posted which again is a HUGE security risk. What happens if our code is out? It would be MUCH easier for those who write exploits to actually make exploits for said game. As they stated…

What if one of their mistakes were hiring a rat?