That is the problem. Because the issue is so hard to prevent, a blanket and flat-out security measure for all users is required or else Roblox may end up being in a situation similar to YouTube, and we don’t want that.
YouTube massively overreacted to what was basically a slap on the wrist.
That as well as the quote above are huge reasons these moderation systems exist, and I definitely agree that moderation systems should exist, but the method that was chosen I personally feel is just completely ridiculous, unreliable, unfair, and plain abusable. For this last point I want to emphasize, many people have shown above how plugins could be used to insert inappropriate content into any game they choose and probably get it flagged and deleted.
Example:
Normal plugin is hijacked or abused, and heavily obfuscated/hidden code is inserted to inject random, and extremely inappropriate content within scripts that gets hidden. This prevents the players from having any explanation as to what happened, thus drawing attention towards the developer rather than some kind of targeted attack, and the methods for doing something like this are much different than backdoors since the code technically doesn’t even have to run. Slap some scripts in CSGDictionaryService using a glitch, stick em in hidden services, embed them deep within developer code, or just about anything else and you’re sure to get them flagged and probably get their game deleted.
5 Likes
Models and plugins are able to be taken if you choose to make them free. Also, a developer would not put API keys in a model/plugin.
With server-side scripts, no user can see that unless they have edit access. So yeah, I don’t think Roblox staff should be able to either. Nothing on the server would be seen by anyone else unless it’s sent TO that client, in which case it would join the domain of being public and warrant being reviewed.
Considering the options and methods, it probably won’t be too difficult to prevent this type of issue. I think the simplest measure to prevent things like this from happening is by scanning all entities after all publishes (but still allow them to be utilized), and whenever you are to insert an item from another user, it will contain client-sided scanning in studio. And if the client-sided scanning notices anything unfamiliar or derogatory, it will then warn the client that the script contains derogatory information, prevent the client from reading the script temporarily until it’s whitelisted from Roblox’s security. If Roblox does not allow it, the inserted script turns red and warns the player that the script is not permitted to run and must be deleted. (For asset models, but can be simplified for plugins)
While this sounds optimistic it is easily removable (and if for some reason not removable it is easily spoofable.)
Also I honestly don’t suggest doing this. While it would be nice to have auto-moderation flag a copy of your game this also puts your own game at risk for moderation!
I wish y’all would have announced this change before I bought my tickets to RDC…
This is a huge privacy concern when it comes to API keys for external services.
12 Likes
I really don’t like this and i dont even script that often, this is something you’d have to address on the roblox develop page for people to be aware since quite a bit of people will get the ban hammer over something they scripted like 4 years ago just because this just got put into place all of the sudden? Just not fair man.
Adding onto this this since i was about to go to sleep when i replied to this in teh first place, this platform is already filtered/censored enough for lil tiny winy kids despite most of the platform being teens the way it is, you can’t even say specific phrases EVEN without safechat and now we gotta walk on egg shells on scripts too? tone down on the censorship roblox; JEEEZUS.
4 Likes
Does this apply to code if I put my full name on the top? This is just one of my watermarking habits, I put my name, current date, and what the script is about, on code that isn’t even going to be seen by another human being. Can we be punished for this? I mean, we aren’t really intending for other users to see it and identify us by it. I’m not looking forward to going into all my games and removing this watermark from the top of my code just because of this rule change. Thanks!
2 Likes
I’ll be honest, I’m pretty sure in very VERY old games I may have used some inappropriate language set as my variables, knowing full well that NO ONE was going to read them except for me.
Quite frankly, I don’t feel like checking all ONE-HUNDRED of my games to see what kind of variables I used for each amounting script. This update is INSANE! If something from the past ends up getting me moderated, I’ll be quite furious.
And on top of this, I’m almost certain that I’m not the only developer who has done this. Many others were foolish kids learning how to code at some point and messed around with a variable or two. I just feel like this is an unacceptable and unreasonable step to take. For one, why would you need to moderate someones code if no one but the person coding it is going to see it?
As far as I know, this was NEVER implemented in the ToS and this is a pretty big thing to add just now.
If my code is my own, I should have the right to define my variables how I want to define my variables. Even if I decide to use some slander, (which I don’t for the sake of simplicity in my code) it was my choice to do so. What is the harm in it? If it’s displayed in the game, then moderate it; there’s a report button for that.
You tell us this, but you do not include any information as to why this is so. Yea, things broadcast to the audience should DEFINITELY get moderated, but in this case, it isn’t being shown to the general public.
Sorry if this came off angry, but I’m sure many other developers share my frustration.
EDITS: Not to mention the comments!!! I leave derogatory comments for myself WAY to often (Yea I probably should’nt, but I’m the only one who reads them anyways!)
Adding onto what I said above:
Turns out that ROBLOX is allowed to change the ToS at their own free will, without prior notice Which aggravates me even more.
11 Likes
To build on this,
What if I stored all of my source code elsewhere and had an endpoint & passcode in my script that fetched the source code? Would a moderator be able to go as far as to use those credentials to access the actual source code to review it or would that be against their rules (if they have any)? If they could, that seems like a serious breach of our security.
3 Likes
Since Roblox does things like this, alot of developers can just quit developing. Roblox just makes it worse. That would be very hard now, if someone wants to script without being moderated. Why Moderators should see our private scripts? Things are just getting worse.
Like seriously, this can’t be true to developers among our platform. Is Roblox trying to force developers to quit or just to make some “basic” rules? This update must be cancelled, so every developer can make their scripts simple and easy without being moderated. If this update isn’t cancelled, this will make more developers to quit developing. Hopefully, Roblox fixes this.
Thanks!
8 Likes
Is this just for public games, or private as well?
Both, as far as we know. It’s pretty bad.
not good, I have so many things to go through now…
Some of the best code in the world has comments with swear words in them.
ex. The fast inverse square root function
Warning: viewer discretion advised.
11 Likes
Oh good gravy. This is just terrible. Terrible indeed. I guess I will have to go through the long process of linking a different script editor to Roblox…
2 Likes
I kind of wanna have a nice anonymous poll here:
- I have cursed on the comment section/variable section of coding atleast once
- I never use profanity in my programming
- I may have used profanity in one of my older games, but I don’t know which ones.
0 voters
4 Likes
nope nothing will be moderated if not published to website
I mean like if a games private will it be moderated, even though it’s been saved or (published?)