Clarification on code flagged for safety review

In addition to my previous post,

I am quoting this because the scripts developers write are not visible to players. So even if we write a bad word in it, it should be completely fine because the player (the client) doesn’t see it, neither does it get sent to the client to open and read the script on their own.

I also agree to what @BraxbroRoblox said about us not knowing who the moderators are.

This system is completely useless.

2 Likes

True, but I think a lot of scripts can actually do bad, while making sure to be undiagnosable. For example, a script could run RunService:IsStudio() to check if the moderator is in studio, or not, and if he is, don’t run. That’s just an example, though. The script could also check if the user is a moderator, his account age, check if he’s on the devforum(not sure about that one). The moderator could, of course, make a new account and check the scripts, but I think that would be pretty time consuming(they have audio, decals, thumbnails,etc.) to moderate as well. With so many scripts on the toolbox already, and other stuff to do, I think it would still be pretty time consuming. Correct me if I’m wrong though, as always.

The moderator doesn’t need to be in Studio. They surely use the Player too, or some branch of Studio that doesn’t trigger “IsStudio()”.

The moderators’ accounts are not known. We can’t name check them.

Checking account age would hurt new players. Checking actual age only gets u13 or 13+.

1 Like

True, I only said that as an easy example to understand though. I understand that they can use the Player, or a branch of Studio. I think my major point was that the moderators already had so much stuff to do aside from scripts(and there’s already so many scripts on the toolbox that are unmoderated), it will take a ton of time to moderate. I think ROBLOX only has about 400 moderators right now, which makes that even worse(I think). Correct me if I’m wrong.

I’m pretty sure all ROBLOX moderators are on the same ROBLOX group. I’m not sure, though.

1 Like

Then that’s just dumb.

They shouldn’t make it possible for developers to check for moderators easily.

With a fifteen second google search I found the admin group ID. I could in five minutes make a moderator checker, maybe less.

In fact, here’s the group. Official Group of Roblox - Roblox

I hope they disabled IsInGroup() on that group, though. If not, then that’s pretty exploitable.

1 Like

Yeah, agreed. That, or hopefully it’s a collection of the public admin accounts and not the ones that are used to do moderation.

When you say if the code is your own, does that apply for using free models or .rblx files? What about internet tutorials?
I am also concerned that there is not anything mentioning accidentally getting a bad free model. Shouldn’t the person who uploaded the bad model be dealt with, not the victim that got it.

2 Likes

This update seems very concerning.

I’ve been programming for more than 7 years, and the majority of my projects including commission contain very sensitive data, API keys and HttpService in which that I think it’s important to monitor to ensure my own security on these games.

Few questions that I would like to clarify though;

  • Does this script moderation when published and free under Developers Library?
  • If not, then why should I trust you my code with your “specially-trained” team? If this code is not yet published or publicly shared, this means that code is my privacy and you’re intrusive to my privacy.
  • If the moderation does apply on published and non-published codes, will it moderate a developer over age(s) old scripts that we may not be aware?
  • Even if it were to be published and publicly shared, would sensitive data with clear explanation as part of the gameplay be moderated? An example from @wevetments response;
local StringForRoblox = "Hello, \n I saw you the other day entering your house. Your address is 2008, Blox Street, Robloxia. I'm going to ask you to send me Robux, if you don't do this within 24 hours, I will kidnap you and your family. Your timer starts now!"

Players.PlayerAdded:Connect(function(Client)
    if Client.Name == "Roblox" then
        Remote:Fire(Client, StringForRoblox)
    end
end)

These implementation is still restricting developers from creating their own games, even at the most basic level.

11 Likes

Where’s the thumbs down button? Ahh, transparency.

20 Likes

This feels very oppressive. I do not feel comfortable sharing tokens with individuals whom I’ve never met in my life.

14 Likes

Your poll might be misleading here. I personally don’t consent to people viewing my code outright, but I do consent given certain boundaries. So which option do I choose? The middle ground that I’m taking might not be represented well here.

2 Likes

From what I’ve saw, all the younger developers refer to the toolbox for scripts anyway, so God knows what purpose will this serve because I don’t see much people happy about it.

2 Likes

With this announcement comes my permanent departure from development on Roblox. It has been a great run, and I’ve had great fun developing some games that I never even thought would be possible on Roblox, such as the game pictured below.

However, when it comes to invasion of everyone’s privacy by having an automated system (that will likely be flawed and overly strict, considering how the chat filter works) pointlessly check every PRIVATE script that LITERALLY NO ONE BUT THE DEVELOPER SHOULD BE ABLE TO READ, and then passing them off to a “specially-trained team” for “manual review” that we just have to trust (when we can’t even trust asset moderation to approve game assets half of the time), I think that there’s a line that needs to be drawn. I simply cannot continue putting out games on Roblox when ideas like these are somehow approved and thought of as useful at all.

Roblox has already betrayed my trust and at this point I don’t even care if Roblox backtracks on this, as there’s no guarantee that it will not be the exact same story next week, next month or next year. It makes me feel like I am doing something wrong by developing on Roblox when oppressive anti-developer decisions such as this are actively being made.

70 Likes

This does feel like a violation of privacy, even if Roblox is within its rights to do so. There is little to no basis for moderating source code.

And if this “specially-trained” group of moderators could mess up so badly (taking down a game for a secondary chat filter) one has to wonder how well-trained they are.

32 Likes

im so close to quitting roblox rn

21 Likes

I look forward to a response on this. :slightly_smiling_face::+1:

3 Likes

Can’t wait for the free model republishers from 1 to 4 years ago to get banned because the model had a backdoor and they didn’t even knew what is a backdoor or that they had one.

14 Likes

I agree with everything you said completely. I had just recently started to put together an external API for a game. Due to this announcement, I have stopped working on that until I have a more secure solution to store keys and endpoints. I and many other developers are not comfortable having some Joe Blow that Roblox hires view our source code for no reason. If this moderation system only applied to public plugins and open sourced assets I would be okay with it, however it doesn’t seem like that is the case, especially when Roblox hasn’t replied to any of the feedback this announcement has received.

This announcement is disheartening and worrisome at the least. I hope Roblox will listen to developers this time and come to a better solution.

13 Likes

While I recognize Roblox has no ill intentions with this policy, I think we need more clarification as to why it’s needed. As brought up above by other people, there are huge security issues associated with the existence of this feature.

Imagine if someone working at Roblox unrelated to the development of Roblox’s web backend or engine could snoop around and view all of the private database keys. There is some understandable discomfort associated with that.

I guess one thing people here haven’t considered up until this point is that Roblox has backend access to all our places/code and their contents, albeit under intense scrutiny, but its there nonetheless.

Like @crazyman32 suggested, I think there should be some sort of secret storage API so that Roblox’s snooping tools deliberately clear them out before allowing them to be analyzed by humans.

60 Likes