Well I’ll give you an example, imagine masking a link and then redirecting it to Roblox, This for example can take the ip and other personal data and then these can be sent to the roblox game and shared with the rest of the players, This with a web knowledge base can be done easily
In addition, the link automatically starts the roblox app, You may not even notice it
Are you still sure the system is secure?
Remember a Bot / Code can build the url at the moment before redirecting you again to roblox.
This system is not safe at all, and those who create games to steal or have players banned from roblox as has already happened in the past will take advantage of it.
It also doesn’t seem to be available in the non-beta Roblox player (it always directs to the beta player), this gives an inconsistent behaviour to those without access to the beta app normally.
This is kind of cool.
I would use these to give people special perks by letting them use this link but we should be able to make a Expiry Date like Other API Keys.
This is a really cool update, though I will say that this benefits social games more than it does other games. Not really a flaw of the feature itself per say, it’s just how it is.
You’re being paranoid and attempting to discredit this update for reasons outside of Roblox’s control.
Bad actors would still be able to get your IP and fingerprint regardless of whether this feature exists or not, and bad actors would still be able to display this information in games regardless of this feature existing or not.
There is little to no point in bad actors trying to spread this information on Roblox anyways, when that is very hard to do in the first place without receiving moderation action.
Send the data to the client by either making it replicate through an object in the game hierarchy, or just use a RemoteEvent or RemoteFunction.
Yes, you have to get it first, but you can also use HttpService to save it in a DataStore.
Literally NO bad actor is going to use Roblox as a way to share someone’s personal information on a large-scale. Being paranoid about this is stupid.
Nothing in Roblox can get a player’s IP. The only way to get someone’s IP to put in a Roblox game is to get it from somewhere outside of Roblox’s control.
There is no reason to worry about this. This does not enable bad actors to do anything new in regards to sharing personal information. Most people probably even wouldn’t think of using Roblox in the first place to share personal info, when there are way, way, more effective places for that.
It’s bad to think that there isn’t going to be a single person that abuses the system, if I said a few months ago that someone would abuse an api to terminate players that joined a game, a lot of people would probably laugh, but look where we are.
While I do agree that we shouldn’t stop this feature, we should also look at the possible flaws of it.
The statement of “Nothing in the Roblox API directly available to players can get the player’s IP” is true. Being able to use an feature in combination with something external to retrieve the IP does not contradict this. That’s like saying a service encourages password stealing because the messaging system can be used for soliciting passwords from users.
And I never said there isn’t going to be anyone who abuses the system. The recent issue in regards to the chat does not have any bearing on this, and even if it did, your point about people laughing may hold true for some, but those of us which knew about it beforehand already expected it to be abused.
Judge the feature based on its own merits, not pointless fearmongering. If the feature itself can directly enable security issues, than it should be criticized for that, not for something out of its control.
I don’t really understand why this is a Roblox issue.
If someone makes an IP logger and sends it to a player, what would they gain by redirecting them to a Roblox game? Wouldn’t it be easier for them to simply store the IP externally?
Well now it’s easier to get the player into a game by masking a link, and then threaten him by showing his IP in the game roblox, Saying that if he doesn’t pay a ransom in robux, his ip or other personal data will be shared.
I have done some tests, with an external site and I can guarantee that this is possible, I have already reported the problem to Bug Report Team.
In short, roblox cannot also become an exchange platform for threats to personal data
Also roblox cannot detect this either, because if there is no correct join link with the ip, it cannot be checked.
I don’t see how this would be reliable for things like analytics/statistics/promotions since botting/spamming the link with crafted parameters can be done by anybody on purpose to fake the results.
They can already do that, and you wouldn’t notice it either way the only difference is that it would prompt you to join the game. And also something like: mylink.coooo/game?=... is already suspicious. The only way you can make a redirect is by putting the link in the first place. That link can’t be malicious if it is a roblox link itself.
