When a user is not logged in to Roblox, they are presented with a 404 Page cannot be found or no longer exists. They should instead be at least re-directed to the game page, even if it cannot be launched until they login.
As for the provided AppsFlyer link, it’s formatted incorrectly in the top post. Using the link on iOS, correctly formatted from the documentation hub, even when Roblox is installed, the user is directed to the iOS App Store to download the game – even when already owned.
Finally, if the player does click the join link on a desktop device, and is taken to the game page, if they refresh the page they are given Bad Request as the URL is never re-written to match the game page URL.
With these issues, this is currently not fit for purpose, or fit for real world usage.
As an additional note, it is imperative that support for copy-to-clipboard functionality is added. It is completely ridiculous to expect users on mobile phone, who do not have a CTRL+C (not to mention large numbers of desktop users don’t even know about this shortcut), to copy these preposterously large URLs. It does not need to be complete, unrestricted copy-to-clipboard functionality, simply just support to copy these URLs from in-game, to allow functionality such as referral links, invites to your home in-game, etc.
Happy to see this feature nonetheless, provided it is worked on further & brought up to scratch.
I still don’t understand… There is no way I can get your IP using a roblox.com link, the only way is if I put the link itself in the start. What difference does this update make? I could already redirect you to roblox before.
Masking a link like on discord embeds on other platforms with bot is super easy, and 95% of people fall for it, you can also use bit.ly a lot of people use that.
And Once it is redirected with your personal data and the roblox app will start Automatically you do not physically have the time to notice, in short, who looks at the link before entering a game?
I still don’t understand… There is no way I can get your IP using a roblox.com link, the only way is if I put the link itself in the start. What difference does this update make? I could already redirect you to roblox before.
It is possible by re-directing you from an external site and building the malicious at the moment
This is because the formatted data of the placeId and launchData is removed.
On top of all this, I think these urls are too long to the point that as a Roblox player I wouldn’t click it because of all the long UrlEncoded characters attached to it.
I mean, yes but, this could already be done. There is no difference.
Normally I would send you a link like this (jailbreak link):
This link would make it so that the player still needs to press the play button.
Another type of link is a VIP server link, it would prompt to start the game.
And this link with launch data would start the game immediatly.
Now the thing is:
I could already make a redirect to Jailbreak and you wouldn’t notice
It is even more suspicious if the app starts immediately, normally it prompts to start or you need to manually click the play button.
The important thing here is that I already grabbed your IP with the redirect, and you would not notice in any of the links. This update makes no difference. If anything using this method would be more suspicious since normally the game is meant to launch manually.
Just tried and at least Chrome is able to handle non-URL-encoded LaunchData links, I’m assuming you are only suggesting this for compatibility reasons?
Stop being paranoid. This update poses no danger to anyone. It’s not possible to get anyone’s IP in a live game. Furthermore, you can already run the “malicious code” to steal the “personal data” without the URL parameter too. Some popular Discord - Roblox verification bots offer an API endpoint for getting all user IDs associated with a Roblox account, so you can link the “personal data” the game has gathered to a Discord account already. The outcome would essentially be the same as generating a special URL through a Discord bot, quoting your example.
What exactly is “going out of control”? This update is out for slightly more than a day, and yet you keep saying it’s already “out of control” or “not safe at all”. Have you conducted a research on the usage of the feature? Have you seen any scam attempts using this method already? You have failed to show any proof other than repeatedly saying you have supposedly reported it as a bug to Roblox, even though you have received no answer from them yet.
The Deeplink feature uses the Roblox Windows Beta app so you’ll have to log into that to be able to use it… sucks a lot as I don’t like the Windows App at all.
If someone managed to somehow get someone’s private information, why would they want Robux as a ransom? And what do deeplinks have to do with any of this? Leaked private information can be displayed inside Roblox games no matter if deeplinking is a thing or not.
You’re being overly paranoid. The things you’re concerned about were already possible before this feature was a thing.
the current design is very flexible. A creator can make use of this with any text editor (urlEncode extra). A tool could be written to do any cryptographic operations and the result could be url encoded. On the gameserver, the cryptographic processing can be processed/verified.
That sucks, I hate that Roblox is pushing everyone to the windows app which moves us away from many things that I actually liked about Roblox, the entire reason why I didn’t go to competitors even for a better exchange rate was because of the ease of use of having a website to browse stuff and not a app.
